The threat of a global recession, the covid-19 pandemic, supply chain disruptions, geopolitical instability… The world is experiencing unprecedented successive crises, affecting political, economic and social systems.
Historically, these periods of uncertainty have led to increased risks of fraud and misconduct even in the best-run companies and financial institutions. This article aims to explore the risks of fraud that can arise during or following crises, and the strong measures that can be implemented to ensure the sustainability of business operations.
What is at stake for businesses?
Crises such as market crashes and epidemics are inevitable. These periods of uncertainty disrupt the normal operations of organisations in different ways depending on the business sector. Many changes are then made to address their immediate impacts. This may involve changes to the working environment and the introduction of new regulations, among other things.
A common feature of these stressful times is that poor management can bring a business to a standstill. One reason for this, observers say, is that the risk of fraudulent activities and errors increases when companies go through these periods of uncertainty because of the many changes that are brought about in a short period of time. On the other hand, a period of crisis can be a lever for growth for companies that adopt a good fraud prevention and defence strategy.
How crisis and fraud are linked
Researchers and practitioners often use the “fraud triangle” to predict the conditions that lead to a high risk of fraud. This triangle defines three factors that, in combination, would lead individuals to commit fraud.
- Motive: when there is a perception that some form of pressure exists, for example, the pressure to meet financial targets;
- Opportunity: the existence of weaknesses in certain internal structural factors, such as internal controls or audit procedures;
- Justification: the presence of opportunities to commit fraud along with motivation can serve as a means of rationalising fraud as not inconsistent with existing values for individuals.
Knowing these three factors helps to identify fraud-prone environments.
The types of fraud encountered by organisations are diverse. They range from cybercrime, to asset misappropriation to financial fraud. Their perpetrators can be external actors (hackers, customers, organised crime, competitors…) or internal fraudsters or the result of collusion between these two sources.
The three lines of defence
The Institute of Internal Auditors (IIA) proposes a model for the implementation of risk management and control activities. It is based on three lines of defence that define the roles of each stakeholder.
The first line is made up of operational management. Directly involved in the identification, assessment, treatment and control of risks, operational managers are responsible for ensuring that the organisation is in compliance with applicable standards and procedures, and for identifying and reporting weaknesses and unusual activities.
The second line of defence includes various positions such as the risk manager and the quality controller. Somewhat detached from operational management, they may be involved in the design or implementation of risk management activities as well as the proper functioning of the first line of defence.
The final line of defence is internal audit. It provides independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively. The IIA believes that this model should exist in some form in every organisation.
Furthermore, the effectiveness of these three lines of defence depends on the leadership of the governance bodies as well as the leadership of the top management of organisations. External auditors, regulators and others also have an important role to play in defining rules and requirements to strengthen existing internal control systems or to determine the effectiveness of the business’ internal lines of defence.
How to deal with fraud risk?
Uncertainty drives companies to reform. For fraudsters, it is an opportunity to exploit any loopholes that may be growing or breaches of the three lines of defence that have been revealed through internal audits. Businesses as well as stakeholders need to step up their efforts to combat fraud and other wrongdoing in these situations.
Here are six steps to consider:
According to the International Federation of Accountants (IFAC), maintaining trust in times of crisis is a fast track way to recovery from the crisis. Thus, it is first and foremost the responsibility of top management, i.e. senior management and board directors, to set the “tone at the top” and make it clear that there is zero tolerance for fraudulent activity. Similarly, they need to create a climate of trust to encourage employees to report mistakes or wrongdoing.
In addition, trust in times of crisis is strengthened when top management is rigorous in preserving the quality and integrity of decisions made and the transparency of business.
Audit committees play an essential role in governance and oversight in times of crisis. They must therefore be all the more vigilant, agile, independent, disciplined and committed to send the right signal. The same is true for accountants who must demonstrate their strong sense of professional ethics.
Communicate and stay up-to-date
Businesses need to maintain a high state of alert to detect fraud or manipulation of accounting information. This can be done by establishing strong communication channels between management and key external stakeholders, including auditors, regulators, consultants and major shareholders. In this way, misunderstandings and uninformed decisions are avoided.
In addition to providing the necessary audit evidence, additional internal control assessments, outside of audit reports, can be carried out to inform external auditors, regulatory bodies such as financial services and investors about the financial condition of the organisation.
In the face of difficult situations, additional efforts should be made to provide reliable, up-to-date and high quality information. Estimates on which scenario analysis will be based and future performance guides are among the tools to be used. They will improve stakeholders’ understanding, support the credibility of reporting entities and reduce doubts in the aftermath of a crisis.
Strengthen your defences
The three lines of defence are not enough to ensure good risk management in an organisation; a holistic approach is also needed. Activities should be coordinated around the lines of defence through collaboration and teamwork, led by top management.
Strengthening whistleblowing policies also promotes good governance and deters fraud, especially when normal controls and operating procedures are disrupted. In addition, IFAC recommends that internal controls are adapted to the organisation’s new ways of operating.
Adopt a tech-driven approach
Embracing technology is more relevant today. Data solutions can help to better meet the needs of accountants and their clients and ensure the smooth running of businesses. However, as Big Data is also the source of new fraud risks, any data-driven transition must be accompanied by a robust data strategy as well as improved digital tools and skills.
Even if managers believe in the ethics of their employees and collaborators, they need to be more vigilant, even sceptical, in assessing the risks of fraud because of the convergence of motive – opportunity – justification. It is then necessary to instil a culture of scepticism within the organisation and to have in place the essential tools to discourage and detect fraud.
Every period of uncertainty disrupts the operations of businesses. For fraudsters, it is an opportunity to exploit defensive loopholes. Good planning, active engagement of stakeholders – from board members and CEOs, to IT teams and external parties – and building trust, are all important considerations in addressing fraud risk and building resilience.
IFAC. “Maintaining Trust & Confidence During a Crisis.”
Center For Audit Quality. “Managing Fraud Risk, Culture, and Skepticism During COVID-19.” The Center For Audit Quality, 2020,