Managing Fraud Risk in a Remote EnvironmentPublished:
Covid has brought about a significant shift in the workplace. Many companies switched to fully remote work during the pandemic and while some have returned to the office full time, many employees are still fully remote or working a mix of in-office and remote. As we have already seen, this dramatic shift towards a more hybrid workforce has impacted all aspects of business. It has also opened the door to additional and unique fraud risks.
These additional fraud risks are tied directly to the fraud triangle. For fraud to occur, there must be opportunity, rationalization, and pressure. Some employees identify a greater “opportunity” for fraud with a remote work environment. There is less direct supervision, making it easier for fraud to be committed and covered up. Employees may also find it easier to rationalize fraud, telling themselves they worked hard during the pandemic, so they deserve more.
The good news is these risks can be mitigated. First off, tone at the top and workplace culture is key, especially for remote workforces. It is also still very important to provide fraud training for employees and continue to offer resources (including remote resources) and hotlines for reporting potential fraud.
When it comes to payroll fraud, it is easier to add ghost employees or falsify and overreport hours worked. Without seeing employees in an office, it is harder to determine hours worked or even know which employees are legitimate. This can be countered by still requiring some in-person activities and meetings or virtual check-ins to confirm and be able to connect names to faces of employees. There is also a variety of time tracking software available that can be used to track when employees are online and active. Just like for a fully in-person office, all new employees and any changes to payroll should have an approval process that goes through more than one person.
Another employee issue that can arise in a remote environment is moonlighting or working a second job. An employee could lie about hours worked for both companies, taking in full time pay for both and potentially violating moonlighting policies if they are in place. The methods already mentioned above for tracking hours will help catch this and it is important you have clear policies about moonlighting in your company.
It can be easier for data theft to occur in remote environments, sometimes even by accident. For example, if an employee is working at a coffee shop, someone could gather confidential information by just reading over their shoulder or grab the software password noted down on the computer’s sticky note. Even a work laptop using an unsecure network from a home office is easier for a hacker to get into than if it was on a secure network. When an employee is fully remote and has 100 emails to go through every day, it’s easier to accidentally open phishing email, clicking an unsafe link. Employees may accidentally even issue a check to a vendor per an email they receive from their manager without realizing the sender’s email is not from within the organization.
It is important that organizations have clear policies in place for taking computers home and working remotely. These policies should include secure passwords (not left on a sticky note somewhere) that are changed often, locking the computer when not in use, and using a VPN to access work software. Employees should receive training on avoiding phishing emails and what to look for. In addition, adding a stamp to emails that come from outside the organization makes them easier to identify.
Electronic versions of support documents like bank statements, invoices, and check images are easy to edit with PDF tools. In contrast, paper source documents in unsealed envelopes coming directly from their sources have less risk of being edited and can be compared to the scanned version saved for support. If using fully digital source documents, compare PDF bank statements and supporting documents to online banking directly, and make sure more than one person has access to online banking and reviews the bank reconciliation. Make sure at least two people receive vendor bill emails as a way to confirm the attachment has not been modified after receipt.
Segregation of duties and timely ledger reconciliations are still very important in remote work environments. To help avoid fraud, make sure your policies for reconciliations and approvals still work in a remote environment, and that there is a clear record, tracing, and approval process in place.
It is important to remember that while the growing remote work environment has created new fraud risks and made monitoring of risks more complex, it has also created many new opportunities and flexibility that companies previously didn’t have. We are available to assist if you need a fraud check up on your remote work policies and procedures, or guidance on drafting and updating remote work guidelines and best practices.