As more companies are making a flexible approach to the working week more permanent, new opportunities to circumvent fraud controls continue to be identified. Unfortunately, fraudsters are often able to exploit new opportunities to commit crime far more quickly than most companies can identify and mitigate control weaknesses.
Typically, most fraud controls tend to be focused on the traditional model of an employee working from an office. For example, the requirement for employees to take a mandatory period of leave each year and totally detach from the office environment is a classic and effective fraud control. Despite this, how many companies have considered if that control will still be effective when employees are not in the office in any event?
Other areas that also can give cause for concern include
- Increased cyber risks in less controlled home IT environments,
- Fewer physical checks or audits and less direct managerial oversight,
- Effectiveness of whistleblowing mechanisms - have the expected numbers of reports materialised or dropped since employees have been working from home?
As more flexible models of working are increasingly being introduced, it would make sense for companies to revisit the fraud controls they have in place to determine if they are still fit for purpose or if they need to be revised to better reflect the current environment. It would also be sensible to look at investigation and response policies - for example, how would a company investigator get access to evidence of a fraud that my have been committed from the home of an employee?
One thing is for sure, if companies don't consider if their fraud controls are still fit for purpose, you can predict with certainty that fraudsters will have already be figuring out how they can exploit the new working environment they find themselves in.
A year of working from home and juggling childcare when schools were closed and other responsibilities mounted, has prompted many businesses to look again at the traditional working week.