In considering today’s global issues PwC’s ADAPT framework highlights Disruption as the pervasive nature of technology and its impact on individuals, society and the climate. The pandemic has accelerated this digital transformation to facilitate mass remote working, e-commerce and online communication.
This has created opportunities for fraudsters, quick to take advantage of the proliferation of such technology and new working practices into their scams and fraud schemes. Online methods such as phishing and smishing (text messages) have proliferated and the fraudsters have kept pace with the pandemic topics of the day be they PPE, government support schemes or vaccines.
Company directors recognise the necessity to invest in cyber security, in our latest CEO survey 91% of UK CEOs are concerned about cyber security vulnerabilities. From a counter fraud perspective this will serve to counter the threat caused by the methods such as the exponential increase in ransomware attacks.
Wider fraud threats, however, less measurable than ransomware attacks, are similarly enabled by digitisation and exacerbated by the pandemic. Consider defrauding government support schemes, the manipulation of external payments, internal threats or accounting misstatements. Combatting their increase requires a broader response and it is in this wider context that it is surprising to note, according to our 2020 Global Fraud and Economic Crime Survey, barely half of organisations are dedicating resources to fraud risk assessment, governance, and third party management. Fraud risk management is not always getting the attention it deserves.
In contrast, enhancing effective fraud risk management is a core principle of the recent recommendations from the Department of Business, Energy and Industrial Strategy (BEIS) for corporate governance and audit reform in the UK, in response to the CMA, Brydon and Kingman reports. The proposed recommendations, which are subject to a consultation period that ends on 8 July 2021, include:
These recommendations, among others, will increase the emphasis on director responsibility to ensure that appropriate and effective procedures are in place to manage the risks of fraud.
In responding to the breadth of fraud threats companies now face and the BEIS recommendations we can expect, in the future, directors may face more stringent penalties, and possibly regulatory action, if they fail to take adequate steps to prevent fraud in their organisation.
Organisations are vulnerable to many types of fraud, from within and outside the business. The financial and reputational impact can be severe – our Global Fraud and Economic Survey reported that $42bn of losses due to fraud had been reported between 2018 and 2020.
The best defence to this growing threat is strong and proactive risk management.
Our survey found that companies with a dedicated fraud programme spend up to 42% less on fraud response and 17% less on remediation than their peers. There is a direct correlation between investment in fraud prevention upfront, and reduced cost when a fraud strikes.
PwC’s Fraud Risk Management framework is designed to help you assess and strengthen your organisation’s risk management programme and fraud defences.
Based on the COSO principles, which are designed to help organisations understand the key elements needed for an effective control environment, our fraud risk management framework helps our clients improve the processes and controls they have in place to prevent and detect fraud.
The framework has five components:
Corporate governance failures are behind many high profile corporate frauds. Protected organisations have a strong governance and reporting structure, with clearly defined roles and responsibilities around fraud risk.
Fraud risk assessment
A comprehensive risk assessment is fundamental to capturing key fraud risks, assessing the impact they have on the organisation, and key controls in place to prevent and detect instances of fraud.
Well designed and operationally efficient controls that protect an organisation from internal and external fraud.
The processes and systems that actively look for fraud in key risk areas, enabled by innovative technology.
The organisation’s ability to rapidly and effectively investigate fraud and trace assets, individuals and networked relationships.
The impact of the pandemic has led to our clients reviewing their fraud risk maturity in light of new threats and also with the understanding that robust fraud management will save revenue leakage. Here are the eight areas where we have been the most engaged?
In order to manage your organisation’s exposure to fraud risk, you need to understand your current state of defences and where you ideally need to be. We can give you clarity on the current maturity of your fraud risk management programme, benchmarked against a standardised framework, and help you prepare a detailed roadmap for improvements.
We can help you review your fraud risk governance policies and processes, including an assessment of the roles and responsibilities around fraud risk, a review of information flows, reporting lines and the ‘tone at the top’, and identify any gaps that need addressing.
Quality information, particularly data that could trigger changes to your risk profile, is the foundation of fraud risk management. PwC’s Corporate Intelligence team can help limit your exposure to potential fraud and protect your business integrity and reputation. We offer enhanced due diligence of high risk business partners, profiling of suspected fraudsters, asset tracing, and continuous monitoring of electronic data relating to individuals and companies using our RADAR early warning technology.
We can support you and provide market insight as you update your fraud risk assessment, as well as ensuring that any fraud controls and detection processes are fit for purpose and reduce key fraud risks to acceptable levels.
Digital solutions are increasingly important in the monitoring of large datasets to identify transactions which may indicate fraud. Our AI-powered tools include Procurement Protect, which identifies signs of fraud, error and non-compliance in procurement data, and Anomaly Detection, which aids the identification of evidence of fraud in large data sets.
Off-the-shelf digital fraud detection solutions may not address every risk you face. If you need to address a specific risk or set of circumstances, we can work with you to build, test and implement a customised solution tailored to your exact requirements.
We can support a review of your organisation's Investigation function, including assessing the processes used to collect, preserve and store data, the quality of reporting, and stakeholder management. We will identify any improvements that could be gained through technology or process alterations, and create a roadmap to reflect your organisation’s budget and resources.
We can provide training for your staff on a range of topics, including recent trends in fraud risk, and crisis events. Our Investigate training platform provides an interactive, engaging experience for users as they learn and test their skills.