COVID -19 Quick Check For Fraud
To accommodate remote work requirements organizations continued to make changes to technology infrastructure. For the information technology team, remote work is common but there are many other departments this may be the first time. Over a few weeks, many organizations continued to make emergency changes to ensure the business continues without interruption. As a result, organizations are exposed to cybersecurity vulnerabilities and you will find a lot of information on how to manage cyber threats. The other most important area that needs attention is "Fraud" and many small to medium organizations are not ready or have not considered fraud risk.
In today's blog, we have shared information about fraud basics and quick tips. The fraud schemes such as internal and external defraud companies, and other techniques such as the Ponzi scheme, identity theft, skimming, etc. defraud individuals.
What is internal fraud vs external fraud?
| Fraud Type | Definition |
| Internal Fraud | Committed by employees, manager, officers, or owners of the company |
| External Fraud | Committed by customers, vendors, and other parties |
What are common examples of internal fraud?
Internal frauds are illegal acts of employees against the company and examples include:
- Trading - Unauthorized trading, misappropriation of assets, insider trading
- Corporate Finance - Misuse of sensitive information, loan fraud, transaction not reported
- Other Examples - Theft of cash, not charring friends/families, supplying receipts for refunds, destruction of assets, forgery, impersonation, bribery, corruption, etc.
What does the ACFE survey show across industries?
External fraud covers a broad range of schemes by customers, vendors, and other parties. The threat of security breaches, stealing intellectual property, tax fraud, hacking, bankruptcy fraud, and loan fraud.
According to 2018 Association of Certified Fraud Examiners (ACFE), common occupational fraud schemes in various industries are as follows:
| Industry | Schemes (2018 ACFE Survey Report) |
| Banking/ Financial Services | Corruption, Cash on hand, Cash larceny, Check and payment tampering, Noncash, Billing |
| Manufacturing | Corruption, Billing, Noncash, Expense Reimbursement, Cash on hand |
| Government/Public Administration | Corruption, Billing, Noncash |
| Health care | Corruption, Billing, Noncash, Expense Reimbursement |
| Retail | Noncash, Corruption, Billing, Expense reimbursement |
| Education | Corruption, Billing, Cash larceny, Cash on hand, Noncash |
| Technology | Corruption, Billing, Noncash, Expense reimbursement, Financial statement fraud |
Per 2018 ACFE report, the common asset misappropriation sub-schemes with greatest risk are:
Non cash, Billing, Cash and Payment Tampering, Cash Larceny, Skimming, Payroll, Expense Reimbursement, Cash on hand, Register Disbursement
What are common corruption schemes?
Corruption represents one of the most significant fraud risks for organizations in many industries and regions. Common corruption schemes:
- Conflict of interest - Personal or economic interest in a transaction
- Bribery - Commercial Bribery and Official Bribery
- Kickbacks - Commercial or business advantage
- Illegal Gratuities - Reward to an employee after the decision has been made
- Economic Extortion - Demand for money or other consideration using actual or threatened force or fear
What other common types of fraud should be checked?
Other common types of fraud include but are not limited to:
- Invoice manipulation through collusion
- Billing for services not rendered and collecting the cash
- Seizing checks payable to vendors
- Adding fictitious employees and collecting the paychecks (impersonation)
- Not removing terminated employees from payroll and collecting the paychecks
- Paying for personal expenses with business cash
- Recording fictitious transactions on the books to cover up a theft
- Falsifying timesheets for a higher amount of pay
- Pilfering stamps
- Stealing (e.g., cash, petty cash, supplies, equipment, tools, data, records, etc.)
- Forgery (not just check forgery, e.g. forging department head signatures on purchase orders)
- Pocketing payments on customers' accounts,
- Issuing receipts on self-designed receipt books
- Not depositing all cash receipts
How do you run the COVID 19 quick checklist for fraud?
COVID 19 Quick Checklist
R- Review
AC - Additional Checks or Testing
| # | Questions | R | AC |
| Incident Management | |||
| Ensure that adequate support staff is available to address the questions from remote workers and resolve the issues in time | |||
| Check the incident backlogs and review if high- risk issues are addressed on high priority | |||
| Check if the employees are notified and aware of the security incident procedures | |||
| Emergency Changes | |||
| Without having a strong emergency change management process in place, the review of emergency changes is a high priority | |||
| Lack of categorization and risk rating for emergency changes means a review of a larger sample of changes. | |||
| Risk Review | |||
| Perform the sample check of change management risk assessment forms for the changes implemented during the last eight weeks | |||
| Review emergency risk assessment forms where assessment is performed after the implementation of emergency changes. | |||
| Ensure risk are defined and rated as per risk register in change risk assessment forms | |||
| In the absence of Risk Register ensure that risks are defined, categorized, and rated properly | |||
| Ensure that controls mentioned in the risk assessment forms are valid controls including compensating controls | |||
| Ensure forms are valid and some of them may need periodic review | |||
| Firewall Changes | |||
| Review firewall change approvals | |||
| Review firewall change logs and change approvals for selected | |||
| Review all firewall changes related to third party requirements | |||
| Physical Security | |||
| Check with the facilities department that physical security checks are in place for any employees reaching office and proper approval is in place before allowing anyone to enter the premises. | |||
| Cybersecurity Checks | |||
| Check the most recent laptop imaging standards and review procedures for secured connections | |||
| Check the recent reports for application antivirus, DLP, and software patch updates | |||
| Question if the number of laptops without the latest patches and updates is above the threshold | |||
| Check the privileged access granted to third parties to access the production data, sensitive data, privacy data, and applications remotely | |||
| Verify if the logs are maintained and reviewed for privileged access especially changes to applications in a production environment | |||
| Check if screen lock settings are functioning as intended | |||
| Check the cyber threat reports during the last eight weeks and review how the high-risk threats are addressed and check if timely actions were taken | |||
| Review remote access approvals for sensitive data | |||
| Business Continuity/Disaster Recovery | |||
| Review incident tickets created for backup issues within the last eight weeks | |||
| Check for major issues and how it is addressed | |||
| Check for the latest backup details and no issues reported | |||
| Data Security | |||
| Check with the encryption team if they have reported any issues and any incident ticket is pending resolution | |||
| Check if the new laptops have proper encryption controls in place | |||
| Physical Security | |||
| Check with the facilities department that physical security checks are in place for any employees reaching office and proper approval is in place before allowing any one to enter the premises | |||
| Compliance | |||
| Conduct inquiry and perform a high-level review of high-risk compliance controls | |||
| Review any major issues reported impacting compliance | |||
| Customer Complaints | |||
| Check the customer complaint tickets and volume of the tickets during the last eight weeks compared to earlier | |||
| Check for repetitive and major high-risk issues and resolutions in place or pending status | |||
| Training | |||
| Check if the training such as phishing, ransomware, malware, etc. is conducted at least once during the last eight weeks. Ensure employees are aware of what needs to be protected. | |||
| Ensure employees are aware that hardware is not shared while working from remotely | |||
| Fraud Checks | |||
| Especially important for certain clients. Checks from the fraud perspective are important and ensure processes and controls operating as intended |
Related Resources
Related Posts
COVID-19 & Fraud
A practical fraud guide covering detection techniques, internal and external fraud types, ACFE patterns, and response actions.
Read More
COVID-19 Risks & Audits
Map COVID-era risk hotspots and prioritize focused audits to validate control performance during rapid operational change.
Read More
Scammers Exploiting COVID-19 Fears, Stimulus Checks, Fake Cures
Understand common COVID scam and phishing tactics and use practical checks to reduce fraud exposure across teams.
Read More
GRC Insights That Matter
Exclusive updates on governance, risk, compliance, privacy, and audits — straight from industry experts.