Those in charge of company finances should revisit their financial controls, because the pandemic has created a perfect storm in which mistakes and abuses can go unnoticed, forensic accountants say — even in organizations with strong management.
Finance and accounting teams are especially vulnerable, as the move to remote work coincides with growing pressure on executives to ensure the survival of their organizations, said Simon Platt, chairman of global advisory firm StoneTurn.
"When you have lots of money from all of the stimulus programs combined with the pressure of trying to survive, you'll see a very enhanced level of corporate fraud and accounting-related issues, whether it's misrepresenting financials, back-dating contracts or adjustment of numbers," Platt told Transport Dive sister publication CFO Dive.
"When you have lots of money from all of the stimulus programs combined with the pressure of trying to survive, you'll see a very enhanced level of corporate fraud and accounting-related issues."
Chairman of Global Advisory, StoneTurn
Individuals and companies getting slapped with charges for fraudulently applying for funds under the Paycheck Protection Program (PPP) have been making the news.
"The Securities and Exchange Commission has really been focusing on enforcement actions, and that's probably going to be in its sights going forward two years," said Platt.
Companies receiving assistance will be at the top of the list, he added. "The government has talked about auditing every application for forgiveness over $2 million."
Remote work vulnerabilities
Updating an organization's risk profile should be a priority, because it's unlikely it was created with today's conditions in mind.
"Most risk assessments obviously were not focused on something like a pandemic, but they're also not as focused from a compliance standpoint on financial controls and weaknesses, thinking those are left to the audit by external audit teams," said Stephen Martin, a StoneTurn partner.
"It's not as if the CFO can walk the hall and say, 'What's going on with this receivable, or that payable, or this payroll?' Your control processes have fundamentally shifted."
Chairman of Global Advisory, StoneTurn
The variability in systems finance team members are using have been heightened, because of the move to remote work. And at the same time, finance leaders don't have the visibility that proximity to staff gives them.
"Many folks who are integral to the control structure are no longer working together or on an established, informal communication system in which groups of people who work together are sitting together," said Platt. "Now, in many cases, these folk are dispersed. They're working from kitchen tables, on computers that don't have the same safeguards. It's not as if the CFO can walk the hall and say, 'What's going on with this receivable, or that payable, or this payroll?' Your control processes have fundamentally shifted."
Risk of workarounds
Vulnerabilities exist even when technology has extensive safeguards built in, whether server-based or cloud-based, because the threat is likely to come from outside normal processes.
"The ability of people and systems to identify non-routine or unusual transactions is probably diminished because everything is unusual right now," said Platt. "Even before the pandemic hit, there was a rash of fake emails that purportedly come from the CFO to somebody on staff saying, 'Do me a favor and shoot me a $500 gift card for an emergency at a conference' that bypasses all the systems. So, when you have that disbursement, the guard is down and the possibility of bad actors taking advantage of people working alone is probably heightened."
"You should be looking for unusual payments to third parties or new vendors, potentially ones in which there's a difference between who's doing the work and where the payment is sent," Martin said.
Another risk is budgetary. With companies in survival mode, funding for compliance makes a tempting target for cuts. Those cuts, combined with restrictions on travel, which affects the ability of audit teams to go on-site and do their work, risk diminishing compliance resources when they're needed the most.
"Companies need to be very cognizant of the restrictions on budgets and what that does to both tests and monitoring internal controls," said Martin. "That's something compliance officers aren't always great at. Probably the No. 1 struggle they have with the compliance program is ongoing monitoring."
"Probably the No. 1 struggle [compliance officers] have with the compliance program is ongoing monitoring."
Operations in countries outside the United States should be alert to bribery and corruption, because the pressures the pandemic has caused here are being felt elsewhere, too.
"One of the big things right now is interaction with government officials," said Martin. "The chances of bribery or corruption happening around the world certainly increases right now, given the pressure people feel economically to deliver the result. Government officials may feel more emboldened given the lack of oversight right now or distraction and focus on things like bribery."