I attended this webinar from my office, formulated the coverage plan on my commute and wrote this article from my home office. This is the current remote or hybrid reality for many in the professional realm in this post-COVID-19 world. Mason Wilder, the Research Manager at the Association of Certified Fraud Examiners (ACFE), sat down with Steve Dawson, CFE, CPA, President of DFG Forensic Accounting Services, and James Rumph, CFE, CIA, CPA, Senior Director of Enterprise Anti-Fraud Nationwide, for a virtual webinar hosted by the ACFE and The Institute of Internal Auditors (The IIA). The virtual audience was comprised of more than 50% hybrid employees and almost 40% fully remote, which embodies a very real culture shift in the post-pandemic professional workforce. While many of the audience members cited employee time theft as one of the biggest risks an organization faces with remote work, Rumph cited a recent study that showed the average remote worker actually put in an average of four additional work hours each week, along with experiencing a greater work/life balance. So, with clear risks and clearer benefits, how do organizations strike the right balance on the tightrope?
Risks of a Remote Work Force
As previously stated, the primary risk the audience mentioned in this webinar centered on employee time theft; they also mentioned overemployment, where a remote employee is putting hours in toward two full-time positions simultaneously. Business Email Compromise (BEC), the costliest type of cyberfraud, increased dramatically during the pandemic because the ability to monitor decreased, and the ways it’s committed evolved as well. Duties couldn’t be segregated and there were more important things to think about — such as how to maintain business function during a global pandemic — than maintaining internal controls, which quickly fell to the wayside. Rumph described cyberfraud as an “arms race,” with the sophistication of fraud continually increasing and a constant struggle for investigators to stay ahead of the curve.
Another risk that organizations are facing in the post-pandemic professional realm is the high level of turnover and the risks that come along with that. Organizations are losing years of institutional knowledge and the protection and control that affords, as well as bringing in new employees facing training in a hybrid or remote environment. As Dawson mentioned, the workload within the organization has effectively doubled because everything — training, monitoring, leading a team, etc. — all must be done both in the traditional way and in the new remote way. Fraud didn’t stop with the pandemic; instead, it created a whole new generation of fraudsters working in an environment where the fraud fighters are also navigating a new normal.
Overcoming the Risks
Dawson stated that one of the greatest things an organization can do to overcome the risk of a remote workforce in the fraud world is to focus on training. “We’ve got to get back to the human side … training, training, training … here’s what can happen, and here’s how to overcome it,” Dawson said. Even as technology to prevent fraud increases, so does technology to commit fraud, so the human element is still essential. Because everything happened so fast in the transition to a remote workforce, the time must be taken now to reevaluate internal control processes, codes of ethics, acceptable use policies and personnel in general. There’s no going back to “the way it was,” so we must all learn to navigate in this new reality.
Dawson also mentioned a higher level of the “me” mentality in today’s workforce, and organizations need to focus on reengaging the culture element. When anti-fraud programs are working, they protect everyone. Both speakers discussed the risks of over-monitoring and finding the right balance between respecting privacy and maintaining anti-fraud controls within organizations. Reincorporating pre-COVID-19 policies that worked — segregation of duties, mandatory vacations, etc. — and finding the right balance in remote monitoring is essential. As Dawson previously stated, this is double the work due to the multiple environments requiring monitoring, but this is the new reality. One way every organization can start is by increasing the perception of detection. This is likely the number one internal fraud control, and probably the first one to go in the rush to a remote workforce.
While the risks and benefits of a remote workforce are many and valid, the fact remains that its associated increased fraud risk is the new reality through which we are all navigating. Collaboration and maintaining the human element within an organization can go a long way toward reducing fraud, and striking a balance between reasonableness and protection can go a long way toward improving monitoring and the perception of detection. Above all, Rumph and Dawson agreed that a focus on reconnection between the organization and its workforce is desperately needed to move forward successfully.
This webinar was originally broadcasted on March 15, 2023.