Globally, the COVID-19 crisis is causing huge financial implications for many organizations, as well as exposing them to a variety of other emerging risks related to virtual operations, cybersecurity, and changes in relationships with customers and suppliers that put pressure on operations and service delivery. This new environment creates a heightened risk of fraud and improper financial reporting, as new opportunities and pressures can arise for both internal employees and external parties.
During the current crisis and its aftermath, the public interest obligation and professional judgement of professional accountants will be under greater scrutiny. This will particularly be the case for those who are board directors or in management roles given they have ultimate responsibility for the prevention and detection of fraud in an organization.
But in the coming weeks, months and years, it will also be critical for other professional accountants working across roles, including in finance functions, internal audit and external audit, to be more alert than ever to the risk of fraud and manipulation of accounting and reporting. The following are some key considerations in relation to reporting and fraud risk for professional accountants.
Tone at the top needs to be clear
As in the best of times, what is said and acted upon at the top of the organization sets the tone for behaviour throughout the organization. Employees are the first line of defense. Boards and management need to send a clear message to employees that the organization will be judged on how it handles the current crisis, and therefore its values and ethics are paramount. This extends to their reporting and accounting as well as to their concern for the interests of their stakeholders and how their reputation is perceived.
An effective ethics and compliance programme is underpinned by a positive culture, strong values and transparency. In a recent blog post on COVID-19, the National Association of Corporate Directors point out that while boards are responsible overall for overseeing the tone at the top, audit committees also play a key role: “Their challenge is to discern whether the tone that management communicates to the committee is really the tone that permeates the entire company. This is particularly important now that work is being done virtually – employees may feel isolated and disconnected, and messages can be misunderstood. Feedback from past employee sentiment surveys is unlikely to be indicative of the current environment.”
Maintaining an effective control environment
Changes in working practices and remote working may impact the internal controls that are the foundation to the reliability of the financial reporting process and the credibility of reporting and disclosures. The control implications and challenges of any changes will vary by organization and may depend to an extent on whether controls were predominantly manual or automated before the crisis.
Boards and their audit committees, and management need to assess and continue to monitor a changed control environment, including key controls such as segregation of duties or systems access that may be weakened in a virtual work environment or due to workforce displacement.
A re-assessment of fraud and reporting risk focused on material areas
Guidance from Deloitte, Forensic Focus on COVID-19 Financial Statement Fraud, outlines examples of financial statement fraud risks that organizations should be conscious of, such as overstatement of revenue, understatement of allowances and reserves, manipulation of valuations and impairments, capitalization of expenses, and margin manipulation.
In response to these financial statement fraud risks, the audit committee, which usually has delegated responsibility for oversight of an organization’s financial reporting process, needs to consider a number of key issues, for example:
- The nature of adjustments, including why the adjustments might be viewed as immaterial.
- Uncorrected misstatements, i.e. waived accounting adjustments.
- Accounting policies, practices, and estimates – are they defensible? Have any changed in light of the crisis, and if so, why and are the changes justified?
- The use of alternative performance measures (non-IFRS or non-GAAP) such as earnings before interest, taxes, depreciation, and amortization and whether these might mislead.
- Whether internal audit priorities have been, or should be redirected in response to COVID-19 related fraud and reporting risks. (A poll by the Institute of Internal Auditors on the impact of COVID-19 on internal audit found that three quarters of internal audit functions have updated their audit plans and over half have updated their risk assessment.)
- How to ensure the operational soundness of the organization’s whistleblowing systems, which may become more critical than ever. Following up on suspicions of fraud or inappropriate practices will be critical, and using them as learning opportunities to enhance processes and procedures.
- Any other key areas of fraud risk e.g. bank transfer fraud.
It is incumbent on all professional accountants to ensure they are alert to how their training and responsibilities will be needed as companies deal with and emerge from COVID-19.
The full version of this article originally appeared on the IFAC Global Knowledge Gateway.