The impacts of the COVID-19 pandemic have created hardships for consumers and businesses across the globe. The worldwide economy experienced significant losses in nearly all sectors and impacted virtually every household. Numerous businesses shut down, or were forced to temporarily close due to government requirements issued as part of state-of-emergency declarations; layoffs and furloughs occurred; and U.S. unemployment reached 14.8%, the highest since the Great Depression. As companies struggled to stay afloat, the labor force participation rate declined 60.2%, and 22.1 million jobs were lost in the United States. Although the federal government passed significant legislation to assist businesses and consumers during the pandemic such as the Economic Impact Stimulus Payments for individuals, Paycheck Protection Program loans and Employee Retention Tax Credits for businesses, along with several others, businesses still were challenged to maintain full operations, consumers strained to pay monthly bills, and household debt rose to $14.3 trillion during the first three months of the pandemic.
While businesses worked with limited production schedules and minimal staffing, they were often so focused on trying to keep their doors open during the pandemic that they lost sight of the possibility that opportunities were being created for fraud to occur within their businesses. While largely unintentional, whether caused by limited staffing or other personal economic pressures, both larger corporations and small businesses were vulnerable. The effectiveness of internal controls was negatively impacted for many businesses given the fact that owners and boards of directors may not have considered the potential consequences of the lack of segregation of duties due to reduced workforces, loss of operational and functional routines and other pandemic-related pressures.
As one of the key elements of an effective internal controls program, the most effective way to ensure that segregation of duties is strong is to assign discrete individuals with the responsibilities of authorization, recording, and custody (“ARC”) over the financial reporting process. If any individual in a business has more than one of the following responsibilities, there is greater segregation of duties risk for that company that could leave them susceptible to fraud.
- Authorization to purchase inventory or supplies via a company credit card or company assets.
- Recording of general ledger entries into an accounting information system.
- Custody of physical assets such as cash, inventory, and/or fixed assets.
In the event that segregation of duties is not feasible, there are certain other processes or controls, such as preventive and detective internal controls that can help mitigate the risk of fraud.
In order to lower the risk of fraud, a business must understand what factors may influence an employee to conduct fraudulent transactions or commit a fraudulent scheme at their place of employment. In the 1970s, criminologist Donald R. Cressey published a framework known as the “Fraud Triangle” that outlines three conditions that lead to higher instance of fraud in the workplace. These factors are motivation or pressure, opportunity, and rationalization. Business owners should strive to always keep this triangle on their radar to help with the mitigation of fraud, especially in a post-pandemic environment.
The pandemic created a sense of uncertainty and fear within many individuals in the workplace, not knowing if or when they may lose their jobs due to budget cuts or cash constraints faced by their employer, which created the perfect fraud triangle for many employees. As individuals and families struggled to make ends meet and cope with rising inflationary costs, it created motivation or pressure for employees to concoct “creative” ways to make money and avoid further financial hardships such as debt, home foreclosure, or cash flow constraints. The opportunity was created as businesses began to shut down certain divisions or operations, or reduce operations to a limited capacity in some business sectors. With fewer individuals on the payroll, businesses tended to trust and rely on fewer individuals to complete tasks and assume roles and responsibilities of former coworkers under less supervision. Employees may have tried to rationalize the fraud and/or theft, given that they were struggling financially and thinking that because the business was still operating, they could most likely replenish their theft/fraud amounts in the coming years without harming the business owners.
This underscores why preventive and detective controls are essential in mitigating the risk of fraud in the workplace. Preventive controls discourage fraud from occurring, such as segregation of duties, physical asset controls, performing three-way matches for purchase orders, invoices, and receiving reports, signatures and authorizations assigned to someone independent of the receipt and disbursement processes, treasury management services, and rotation of key personnel. Detective controls will assist a company in identifying fraud after it has occurred. Some examples of detective controls are reconciliations of bank accounts prepared and reviewed by separate individuals, physical inventory counts, fixed asset ledger reconciliations and annual counts, review and approval of non-standard journal entries, internal controls surrounding credit cards, review of payroll reports and weekly variances, and reviewing new vendors added within an accounting information system. Last, red flags often relate to an employee’s actions in the workplace that could indicate greater fraud risk. Some common items to consider that may indicate that an employee could be committing fraud are:
- Does the employee take vacation regularly? If the employee rarely takes a vacation, is there a reason behind it?
- Does the employee share responsibilities with another employee, or are they the only individual that is assigned a specific job function or responsibility?
- Do documents often go missing or misplaced?
- Are there duplicated invoices or excess purchases to certain vendors?
- Can the employee add, edit, and delete vendors without anyone else receiving a notification or approval?
- Are there shortages in inventory or increases in the inventory shrink/loss account?
- Is an employee living beyond their financial means based on current compensation?
All of the above considerations can assist businesses in identifying segregation of duties risks and identify areas in the business that may be susceptible to fraud. Although clients may engage a public accounting firm to perform an independent audit, an auditor’s objective is to obtain reasonable assurance about whether the financial statements are free from material misstatement, whether due to fraud or error, and obtain an understanding of internal controls, but not for the purpose of expressing an opinion on the effectiveness of internal controls. It is not an auditor’s responsibility to detect fraud during a financial statement audit; however, accounting firms can assist companies and provide ideas on how to implement proper internal controls.
Overall, companies that exemplify a proper tone at the top and design, implement, and maintain strong internal controls are usually those that are more successful in mitigating potentially fraudulent activity by employees. Public accounting firms are viewed as an effective way for business owners to gain comfort that their internal controls and segregation of duties are properly designed and working effectively.