As Fraud Activity Surges Through the Pandemic, Organizations Forced to Adapt or Die

Paul Leavoy December 8, 2020

The most fascinating aspects of the global pandemic we’re all experiencing are not the surface effects: the daily active case count, the deaths resulting from COVID-19, or any of the other tragic daily reminders of the severity and extent of the virus. However unfortunate these impacts may be, the interesting figures are found in the second-order effects—in the many ways the virus affects all the other areas of human activity.

One such area is in the realm of fraud. The Association of Certified Fraud Examiners (ACFE) recently released a report showing that fraud has been on the rise since the onset of the COVID-19 pandemic, and that fraud professionals expect it to increase over the next year. The report, which surveyed thousands of ACFE members, showed that 77% of respondents said they had seen an increase in the overall level of fraud, with a third calling the increase significant. Over 90% of respondents indicated that they expected to see an increase in fraud over the following 12 months, with half anticipating a significant increase.

When asked about specific risks, respondents pointed to the usual suspects of fraud activity: cyberfraud, unemployment fraud, and payment fraud, to name a few.

We can only speculate on the specific causes, but fraud tends to happen when vulnerabilities present opportunities for gain to those sufficiently motivated to take advantage of weaknesses. In this global pandemic, myriad vulnerabilities have been presented to organizations struggling to shift to a digital, remote environment. And motivations have been driven by economic hardship resulting from budget cutbacks, salary and hiring freezes, and layoffs, widely reported across many industries. The perfect storm of a pandemic presents fertile opportunities and motivations for fraud.

Old habits dying hard

Beyond the world of fraud, we’re seeing longstanding organizational vulnerabilities reveal themselves in maddening new ways.

Do you remember the time TransAlta lost $24 million due to a copy-paste error in Excel? Or when Barclays Capital spent millions on worthless contracts as a result of an Excel formatting error? Or when behemoth JP Morgan met a $6 billion trading loss due to human error and—you guessed it—Excel.

The list of vulnerabilities presented by Microsoft’s ubiquitous spreadsheet software goes on and on and on, but here’s the thing: it’s tempting to think of these examples, which occurred between 2003 and 2012, as yesterday’s news; as bygone weaknesses from a foolish age of overreliance on mass market software among Fortune 500 companies. But they’re not. They’re still happening, and vulnerabilities are presented by Excel every day among the world’s biggest players, no matter the size, no matter the revenue, no matter the industry.

A recent example from Public Health England (PHE) stands out as a poignant reminder that data security vulnerabilities lurk in even some of the most trusted public institutions. In compiling logs prepared by firms paid analyzing swab tests to determine case counts, PHE developers used the archaic XLS format, which limits Excel data to 65,000 rows. The result? Nearly 16,000 unreported coronavirus cases, overlooked as the result of IT error and a reliance on our old friend Excel.

Now to the uncomfortable question: is your organization relying on Excel to process sensitive corporate and financial data?

If the answer is yes, don’t fret—you’re in good company, for use of the tool is still widespread. And recent examples like PHE’s data loss and the resultant impacts to public health and security may help bolster the case to get over Excel and move to streamlined, secure audit and corporate accounting software designed to avoid the embarrassing consequences of poor data integrity.

At least this is what the ACFE report hints at. Nearly 40% of respondents indicated they expected budget increases for anti-fraud programs. While travel budgets for anti-fraud activities are unsurprisingly expected to sink, 44% of respondents’ organizations are expected to boost spending on anti-fraud technology. Such technology would likely include trusted data analytics solutions that circumvent Excel’s sweeping vulnerabilities by protecting data integrity, among other benefits I outlined in an earlier blog.

Adapt to eliminate vulnerabilities and demonstrate value

As in all our personal lives, COVID-19 has resulted in a reshaping of priorities and adaptation for businesses and organizations in all corners of the world. We saw this right from the start, when organizations were already responding and adapting. As the Institute of Internal Auditors (IIA) revealed in its report on the initial impacts of the virus, risk became more central to the conversation, with 6 in 10 respondents reporting updated audit plans that identified emerging risks and reviewed risk assessments. Auditors, who occupy what is traditionally viewed as a cost centre, have also been spurred to better articulate their purpose and value for an organizations’ vitality—qualities they’re challenged to showcase even at the best of economic times, and more so in the midst of a pandemic.

One obvious way for internal auditors to bolster risk capabilities and demonstrate value to their organization and clients is to abandon Excel in favour of a solution built to manage audits and overcome fraud, and now is a great time to make the case.

How is your organization adapting to the pandemic? How has it changed your plans for 2021? Let us know by participating in our 2021 State of Internal Audit survey. In last year’s report, we shared data from the responses of hundreds of audit professionals around the globe and we’ll be comparing 2020 plans against the realities of coronavirus in next year’s report.

Paul Leavoy is a writer, analyst, and former journalist who has covered enterprise management technology for over a decade. Currently, he researches and writes on data analytics and internal audit technology for CaseWare IDEA, an audit data analysis solution. Contact Paul directly or follow @CasewareIDEA to learn more.