Fraud prevention in a Hybrid Working Environment
Covid-19 has resulted in a radical change to most working environments. Due to the pandemic the gradual evolution to how we work, which had been happening, was fast-tracked and many of us found ourselves working remotely overnight. Now as we learn to live in this new reality many businesses are recognising that a hybrid working environment may be the way forward in order to facilitate safe working and some form of social interaction.
However we need to consider the risks associated with this form of working and prepare to prevent or reduce them. The recent negative impacts on our Health Service and global business due to Cyber-attack have occupied many hours of IT technicians, cyber security consultants and media coverage but have we considered the broader lessons to be learnt? It was suggested by some media outlets that the cyber attack began when a single worker struggling to access a non-functioning computer clicked a link to get support. If this worker had been in the office would they instead have asked the person next to them and avoided
This is not about finger pointing but is about acknowledging that our new working environment has new challenges and risks. In business being a pessimist and preparing for the worst is just good prudent contingency planning.
Fraud Awareness = Fraud Prevention
Irish business research undertaken by Mazars in Ireland shows that businesses are experiencing financial loss due to occupational fraud and abuse. Of those senior business leaders surveyed, approximately 50% had experienced such losses over the past two years. The average financial loss was between €10,000 and €20,000 but 12% of respondents suffered losses greater then €500,000.
The research shows that the principal causes of this financial loss relate to theft of cash and goods but businesses also experienced losses due to expense fraud, payroll, invoice fraud and conflict of interest issues. The good news is that 33% of the fraud was detected via internal audits with 25% detected via whistle-blowing/speak up channels. But what can be done to prepare for and therefore prevent fraud happening in the first place?
The importance of good internal controls cannot be overlooked. An internal audit or alerts by whistle-blowers are invaluable for detecting fraud and the information which these two channels provide a business can then inform the improvement of their internal controls. But with hybrid working are these controls as effective?
The elements of the Fraud Triangle are still relevant:
- Perpetrators of fraud need an incentive or pressure to engage in misconduct;
- There must be an opportunity to commit fraud and;
- Perpetrators are able to rationalize or justify their actions
The impact of Hybrid Working on Fraud Prevention
- We need to consider how our control environment is impacted by hybrid working:
- Are we still affectively communicating a strong ethics culture and attitude?
- Is the physical distance of co-workers resulting in a less effective whistleblowing culture?
- Are reporting lines, levels of authority and responsibility clear in all areas?
- Can staff easily access support should they have queries?
- Are staff aware of policy statements and codes of conduct and how they translate into the home office environment?
- Has moving into remote working removed a level of security?
- Are codes, access rights, passwords, as secure in the home office?
- Can risk control procedures such as segregation of duties be maintained?
- Is there a lower level of physical controls of assets and documents and is this an acceptable risk?
- Are staff accessing a secure link when remotely accessing the office or an open network?
- Is staff training in identifying and avoiding Cybercrime carried out regularly?
Asking these questions is the first step in fraud awareness and fraud prevention in our new working environment. An internal audit of your existing systems and how they have been impacted by the changes to remote or hybrid working can contribute to preventing fraud and creating a more secure environment in which to do business.
Maureen Kelly is a Senior Manager with Mazars