This article first appeared on radicalcompliance.com June 21, 2021
The Association of Certified Fraud Examiners is holding its 2021 conference this week (virtually), and to that end the ACFE also just published its latest survey on anti-fraud budgets, resources, and challenges.
Suffice to say, anti-fraud and internal audit teams have had a busy year. More than half of all survey respondents said they’ve found more fraud than usual since the start of the Covid-19 pandemic. An even larger number expect fraud to keep rising through 2021, with spikes in cyber-related fraud and identity theft leading the way.
Those findings aren’t quite news; the ACFE has been churning out quarterly updates on fraud statistics since the pandemic began, and those reports found that fraud risk is rising in all sorts of ways. The better question to ask now, more than one year into the pandemic, is whether anti-fraud teams are finding sustainable new approaches to taming that risk.
Before we get to the revamped anti-fraud programs, let’s take a quick tour of the actual risks. Figure 1, below, shows what the picture looks like for the coming 12 months, according to more than 1,500 respondents to the ACFE survey:
Those numbers could be worse — and in fact, they were worse last summer, when 48 percent of respondents expected a significant increase in fraud. Today only 21 percent of respondents say that, largely driven by people moving into the “no change” category.
So perhaps after so much disruption over the last 15 months, corporations’ overall fraud risk picture is finally stabilizing. That said, the types of fraud that people expect to see more in the coming year is also telling. See Figure 2, below.
Leading the way are cyber fraud, social engineering (like, business email exploits or phishing attacks), and identity theft. That should be no surprise, considering the huge shift to remote work that corporations have embraced since the pandemic arrived. That disruption to business operations was fertilizer in the soil of cyber-related frauds, and they’ve been sprouting like weeds ever since.
The obvious implications for anti-fraud teams are (1) how you’ve changed your fraud risk assessment to encompass that new reality; and (2) how you’re then responding to those heightened risks with new access controls, fraud analytics, documentation requirements, or investigative procedures.
Where Anti-Fraud Teams Struggle
The ACFE report touches on those two points as well, with data that show just how vexing anti-fraud programs — or internal control and corporate compliance programs, for that matter — can be right now.
The biggest influences on fraud risk over the last 12 months, respondents said, were shifts in business operations (cited by 37 percent) followed by shifts in consumer behavior (cited by 35 percent). Those numbers make sense, given how pervasively the pandemic changed the world.
Except, respondents also cited those exact same factors as the biggest influences on fraud risk for the coming 12 months, too: shifts in business operations and in consumer behavior, both cited by 27 percent of respondents.
That also makes sense, because vaccination programs are finally starting to tame the threat of Covid-19 and people are going back to work and back to normal life — but our economic activity of 2021-22 will still look quite different from the activity of 2019. So anti-fraud teams need to keep re-inventing the fraud risk assessment amid a rapidly changing business climate. Yuck.
You can see that tension in yet another chart, mapping out the current challenges for anti-fraud programs. The top seven are in Figure 3, below.
Yes, “changes to investigative process” tops the list — but I would put that one aside as a technical challenge, more driven by questions of how you conduct an investigation virtually.
The other six are deeper, more strategic challenges about how to develop an effective fraud program in todays’ complex world. You can solve them with highly skilled talent and shrewd use of technology, but finding and implementing either of those things is not easy. Chief audit executives and other anti-fraud leaders have their managerial work cut out for them.
The ultimate question here is how you, the anti-fraud program leader, can build the business case for whatever strategic plan you want to implement. That plan might encompass new technologies for fraud monitoring and detection; or new policies, procedures, and internal controls to prevent fraud.
You need to make that case to the CEO and the board, however, with so much uncertainty about the next few years. I’d be eager to hear thoughts from you about how you’re getting that done; email me at mkelly@radicalcompliance.com.