If your company is more worried about fraud than in the pre-pandemic world, you’re not alone. Seventy-nine percent of the organizations recently surveyed by the Association of Certified Fraud Examiners reported an increase in fraud since the onset of the coronavirus, with 38% acknowledging a significant event. Ninety percent of the organizations anticipated fraud would increase in the next 12 months.
Fortunately, businesses and nonprofits can do a lot to batten down the hatches, even if their teams are still working remotely. For insight, Crain’s Content Studio spoke with James O’Brien, a certified public accountant and a partner in forensics, litigation and valuation services at Grassi Advisors & Accountants. O’Brien concentrates his practice on providing expert-witness services, litigation consulting and forensic investigations.
Crain’s: What are the red flags a business should look for to identify fraudulent activities?
O’BRIEN: Most cases of business fraud are perpetrated by employees—the same people you are relying on to monitor the accuracy and integrity of your financials and operations.
Warning signs that fraud has already occurred include the underperformance of revenues and profits, the absence of supporting accounting or financial documentation, and unexpected changes in financial or operational activity. Employees who are suddenly living beyond their means or getting particularly close to vendors are also red flags.
It is imperative to have strong internal controls in place to identify signs of fraud before it happens or as soon as it occurs. A clear whistleblower policy and a confidential hotline for employees to report suspicious behavior are other best practices.
Crain’s: Are there any specific industries or types of businesses in the New York City area that are more susceptible to fraud? Did Covid-19 change the mix of businesses that are most vulnerable?
O’BRIEN: While no business is immune to fraud, we tend to see higher vulnerabilities in certain industries and business types. Construction contractors, nonprofits and small family-owned businesses are a few examples, commonly due in part to insufficient investment in technology and internal control procedures that make fraudulent activity more difficult to commit or sustain.
The Covid-19 crisis extended this risk to a far greater number of companies. Entire remote workforces were suddenly operating outside the normal internal control environment. Many companies found they did not have adequate controls and policies in place to reduce the risks associated with remote-network access, unsupervised employees and, in some cases, increased levels of justification and motivation to commit fraud because of the pandemic’s economic impact on employees and their families.
Crain’s: How does a forensic investigation help business owners mitigate the risk of fraud?
O’BRIEN: A forensic investigation would normally occur after fraud is already suspected. The immediate priorities of the forensic accountant are to confirm if fraudulent activity has occurred, identify the perpetrator and determine how he or she was able to carry it out.
Once the root cause of the fraud is identified and stopped, a natural byproduct of the investigation is the opportunity to mitigate the recurrence of fraud by reevaluating and strengthening the internal controls that allowed it in the first place.
Strengthening internal controls is the single best way to minimize exposure to inappropriate activity and get the most value out of the forensic investigation.
Crain’s: What role does technology play in uncovering inappropriate or unauthorized activity?
O’BRIEN: Data analytics plays a critical role in the forensic investigation. Technology and software not only help us locate where the fraud initiated, but they also are used to quantify the full amount of damage caused by the inappropriate activity.
This data will be essential for substantiating insurance claims, litigation, remediation plans and other decisions and processes that will follow in the wake of inappropriate activity.
Crain’s: When fraud is suspected, what should a business do first?
O’BRIEN: When warning signs are uncovered or accusations of fraud are made, the first step is to collect and secure all accounting and financial documentation right away. These files will be crucial evidence to prove or disprove fraudulent activity, recover your losses and plan preventative measures to avoid a recurrence.
This step should be immediately followed by contacting a forensic accountant to conduct an independent investigation. Your attorney may need to be contacted as well, depending on the severity of the incident and subsequent actions to be taken. Management should consult the company’s insurance policy to understand the coverage that is in place in the event of fraud or theft.
Crain’s: How do you recommend a business manage public disclosure when it has experienced fraud?
O’BRIEN: Nonpublic companies are not obligated to disclose incidents of fraud to the public. When fraud is detected, investigated and resolved at no harm to the customer, public disclosure is typically not necessary.
Disclosure of inappropriate activity is a corporate decision that can be used as a deterrent to prevent future exposure if employees understand the risk of prosecution. On the other hand, the negative press from disclosure of the inappropriate activity is one reason companies decide not to disclose.
A public company would likely disclose an adjustment to its financials for fraudulent activity during its normal reporting process if the event is material. In these instances, the forensic accountant can work directly with the public company’s auditor on the disclosure to ensure compliance with all regulatory requirements.
This article was originally published in the May 24, 2021 issue of Crain’s New York Business.