COVID-19 and the increased risk of fraud

By Cassandra Michie, Partner - Fraud Risk and Controls, PwC Australia

With the rapid advancement of technology, dramatic economic shifts, and the likelihood of an extended recovery effort off the back of the COVID-19 pandemic, fraud and corruption attacks have changed over the last decade. During economic downturns and crises, trends show that fraud typically peaks

The Association of Certified Fraud Examiners (ACFE) recently conducted a global survey, Fraud in the wake of COVID-19, which found that as of November 2020, 79% of respondents say they have seen an increase in the overall level of fraud as a result of the pandemic, which was expected to grow during 2021 to 90%. PwC’s biennial Global Economic Crime and Fraud Survey 2020 (GECS) shows that 35% of Australian entities report having experienced fraud in the previous 24 months (compared to 47% globally), a measure which we also expect to rise over the next two years. 

The ACFE global survey also found that while COVID-19 has had a major impact on the rate of fraud, due in part to disrupted controls and supply chains, the response to fraud has also become more difficult. Investigation efforts are now harder with physical restrictions placed on staff, an inability to travel, difficulties conducting remote interviews and a lack of access to evidence. 

Despite the challenges there appears to be a divergence between the benefit of investment in controlling fraud and the appetite to invest in combating fraud.

The cost of fraud in Australia is in the billions ranging from identity fraud, fraud against the government, cyber fraud, misappropriation, misstatement and online fraud. PwC’s Global Economic Crime Survey estimated that 35% of Australian organisations experienced fraud in the last 12 months. 

PwC’s global 2020 GECS found that companies who invested in fraud prevention incurred lower costs when a fraud incident was experienced including:

  • 42% reduction in fraud response costs 
  • 17% reduction in costs to remediate fraud incidents 
  • 16% less in fines or penalties as a result of fraud

The below ‘fraud triangle’ model highlights three factors that are typically present when fraud occurs, which are: a rationalisation of the behaviour, an internal or external pressure to commit fraud, and the opportunity to execute it. The pandemic affected all three of these elements which has increased fraud risks for Australian organisations for the foreseeable future.  

Fraud Triangle: Rationale, Pressure/Incentive and Opportunity

Rationale: The current global pandemic may lead employees to rationalise fraudulent behaviours that would have been inhibited previously, with altered risks such as:

  • The disruption to the personal lives and ways of working with more employees working remotely, leading to increased stress, less opportunity to check-in and potentially a feeling of entitlement
  • Increased economic uncertainty and civil unrest equally create the potential for justifying misconduct. 

Pressure/Incentive: With the economic impact of the pandemic and threats of lockdowns from future outbreaks, pressures to commit fraud aren’t going anywhere, including: 

  • Increased financial pressure amidst business closures and reduced working hours
  • Pressure on businesses to report strong financial results, to comply with loan covenants, or to fast track solutions to combat disrupted operations

Opportunity: With so much disruption to the ways of working, such as broken supply chains, altered operating models and limited access to resources, the opportunity for fraud to occur has increased dramatically in the current environment, with increased risks in areas such as:

  • Fraud controls (both preventative and detective) may no longer be fit for purpose or operating effectively with new processes untested
  • Decreased contact and supervision may decrease transparency and thus increase the opportunity to conceal fraud
  • Altered supply chains could increase the risk of engaging unvetted third parties with ulterior motives
  • Disruption to processes due to remote working will potentially lead to a breakdown or circumvention of controls.

During the COVID-19 pandemic businesses and individuals are experiencing a range of threats. Below are the common threats that continue to be experienced. 

Internal threats include:

Purchasing and payables:

  • Lower monitoring over vendor masterfile changes
  • Insufficient control over purchase order approval
  • Less frequent monitoring over physical inventory delivery and counts and increased opportunities for the theft of goods 
  • Overcharges for supply of materials including extra charges for items like freight
  • Inadequate resources to conduct appropriate monitoring over sourcing activities and transaction approval

Cash Management:

  • Misappropriation of cash due to ineffective controls over disbursements and reconciliations
  • Under this heading we include cash/gift cards where we have seen an significant uptick in risk with high volume of uncontrolled use of cards

Supply Chain:

  • Increased opportunities for collusion or side arrangements 
  • Illegal payments or bribes 
  • Trading with inappropriate suppliers due to insufficient or ineffective third-party screening
  • use of unauthorised sub contractors
  • Charges which do not align to contract terms such as calculation of labour rates, overhead rates etc
  • Failure to pass on subsidies such as job keeper for cost plus contracts

Payroll and employee expenses:

  • Falsified time, attendance and leave records with limited monitoring
  • Falsified employee expenses due to reduced managerial oversight
  • Inadequate resources for payroll review and reconciliation

Sales and receivables:

  • Missing records for sales made directly with customers
  • Sales cut-off issues or recording of fictitious sales transactions due to increased pressure to meet KPIs.
  • Bribes from customers in exchange for priority of supply, or kickbacks to customers in order to boost sales
  • Trading with inappropriate customers due to insufficient or ineffective third party screening

Mouth-end activities:

  • Fraudulent journals to inflate profits being posted without detection due to inadequate review and approval procedures
  • Failure or delay to adequately record expenses and provisions.

The external threats to businesses and the general public include:

  • Cyber Fraud: Increased number of phishing and targeted emails attacks from imposter companies to request personal, login, financial information or the transfer of funds.
  • Identity theft: Individuals pretending to be government organisation representatives (e.g. MyGov, ATO, etc) offering assistance or other false services in order to access personal information or divert government payments
  • Unemployment and Payment Fraud: Individual or organisational abuse of unemployment benefits (e.g. Jobkeeper) or other government payments offered to support the economy in the wake of the pandemic
  • Proliferation of Grey Markets: Diversion of goods, services or commodities through alternative channels unauthorized by the original manufacturer

For over 2 decades the Australian Standard 8001 Fraud and Corruption Control (AS 8001) has been used to benchmark and is PwC’s primary source of governance when advising Australian organisations on how to manage the risks of fraud and corruption. On 11 June 2021 the AS 8001-2021 was refreshed with new guidance to help clients proactively manage fraud and corruption. The 2021 version of the AS 8001 broadly follows a similar structure as the former (2008) version, but now includes an:

  • Increased number of ‘minimum requirements’ and more in-depth guidance on key controls, as well as new content relating to the management of ‘new’ age fraud and corruption risks.
  • Reorganisation of AS 8001’s structure to move key requirements (e.g. risk assessments and awareness programs) to the ‘Foundations’ pillar, with the aim of improving governance arrangements for fraud and corruption risks 
  • Vastly expanded guidance on roles and responsibilities, including clarity on fraud control accountabilities for governing bodies (e.g. the board), top & line management, business unit leaders and specialist fraud and corruption control resources 
  • Expansion of guidance on proactive controls for fraud prevention, such as enhanced controls for identifying undeclared conflicts of interest, vetting of third parties and business associates and live testing mechanisms
  • New requirements relating to alternative fraud detection channels for detecting fraud, such as exit interviews and complaint management systems, and the introduction of the US concept of rewarding whistleblowers
  • Increased guidance on viable approaches for detective analytics (e.g. real-time, near-time and retrospective), with expanded consideration for linking fraud detection activities with early warning signs and risks specific your organisation
  • Inclusion of new requirements in the response to suspected fraud and corruption, such as the development of immediate response procedures to capture digital evidence or the application of ‘disruption’ techniques to prohibit fraud when investigations prove unsuccessful (e.g. increased vigilance over transactions, shipments or other activity)

For further information on how these changes and issues may affect your business, contact Cassandra Michie.

Contact us

Cassandra Michie

Partner, PwC Australia

Tel: +61 2 8266 2774