COVID -19 Quick Check For Fraud

To accommodate remote work requirements organizations continued to make changes to technology infrastructure. For the information technology team, remote work is common but there are many other departments this may be the first time. Over a few weeks, many organizations continued to make emergency changes to ensure the business continues without interruption. As a result, organizations are exposed to cybersecurity vulnerabilities and you will find a lot of information on how to manage cyber threats. The other most important area that needs attention is “Fraud” and many small to medium organizations are not ready or have not considered fraud risk.

In today’s blog, we have shared information about fraud basics and quick tips. The fraud schemes such as internal and external defraud companies, and other techniques such as the Ponzi scheme, identity theft, skimming, etc. defraud individuals.

Internal Fraud – Committed by employees, manager, officers, or owners of the company

External Fraud – Committed by customers, vendors, and other parties

Internal frauds are illegal acts of employees against the company and examples include:

• Trading – Unauthorized trading, misappropriation of assets, insider trading
• Corporate Finance – Misuse of sensitive information, loan fraud, transaction not reported
• Other Examples – Theft of cash, not charring friends/families, supplying receipts for refunds, destruction of assets, forgery, impersonation, bribery, corruption, etc.

External fraud covers a broad range of schemes by customers, vendors, and other parties. The threat of security breaches, stealing intellectual property, tax fraud, hacking, bankruptcy fraud, and loan fraud.

According to 2018 Association of Certified Fraud Examiners (ACFE), common occupational fraud schemes in various industries are as follows:

Industry	Schemes (2018 ACFE Survey Report)
Banking/ Financial Services	Corruption, Cash on hand, Cash larceny, Check and payment tampering, Noncash, Billing
Manufacturing	Corruption, Billing, Noncash, Expense Reimbursement, Cash on hand
Government/Public Administration	Corruption, Billing, Noncash
Health care	Corruption, Billing, Noncash, Expense Reimbursement
Retail	Noncash, Corruption, Billing, Expense reimbursement
Education	Corruption, Billing, Cash larceny, Cash on hand, Noncash
Technology	Corruption, Billing, Noncash, Expense reimbursement, Financial statement fraud

Per 2018 ACFE report, the common asset misappropriation sub-schemes with greatest risk are:

Non cash, Billing, Cash and Payment Tampering, Cash Larceny, Skimming, Payroll, Expense Reimbursement, Cash on hand, Register Disbursement

Corruption represents one of the most significant fraud risks for organizations in many industries and regions. Common corruption schemes:

• Conflict of interest – Personal or economic interest in a transaction
• Bribery – Commercial Bribery and Official Bribery
• Kickbacks – Commercial or business advantage
• Illegal Gratuities – Reward to an employee after the decision has been made
• Economic Extortion – Demand for money or other consideration using actual or threatened force or fear

Other common types of fraud include but are not limited to:

• Invoice manipulation through collusion
• Billing for services not rendered and collecting the cash
• Seizing checks payable to vendors
• Adding fictitious employees and collecting the paychecks (impersonation)
• Not removing terminated employees from payroll and collecting the paychecks
• Paying for personal expenses with business cash
• Recording fictitious transactions on the books to cover up a theft
• Falsifying timesheets for a higher amount of pay
• Pilfering stamps
• Stealing (e.g., cash, petty cash, supplies, equipment, tools, data, records, etc.)
• Forgery (not just check forgery, e.g. forging department head signatures on purchase orders)
• Pocketing payments on customers’ accounts,
• Issuing receipts on self-designed receipt books
• Not depositing all cash receipts

How do you?

COVID 19 Quick Checklist                                                                                            R- Review

AC – Additional Checks or Testing

#	Questions	R	AC
	Incident Management
	Ensure that adequate support staff is available to address the questions from remote workers and resolve the issues in time
	Check the incident backlogs and review if high- risk issues are addressed on high priority
	Check if the employees are notified and aware of the security incident procedures
	Emergency Changes
	Without having a strong emergency change management process in place, the review of emergency changes is a high priority
	Lack of categorization and risk rating for emergency changes means a review of a larger sample of changes.
	Risk Review
	Perform the sample check of change management risk assessment forms for the changes implemented during the last eight weeks
	Review emergency risk assessment forms where assessment is performed after the implementation of emergency changes.
	Ensure risk are defined and rated as per risk register in change risk assessment forms
	In the absence of Risk Register ensure that risks are defined, categorized, and rated properly
	Ensure that controls mentioned in the risk assessment forms are valid controls including compensating controls
	Ensure forms are valid and some of them may need periodic review
	Firewall Changes
	Review firewall change approvals
	Review firewall change logs and change approvals for selected
	Review all firewall changes related to third party requirements
	Physical Security
	Check with the facilities department that physical security checks are in place for any employees reaching office and proper approval is in place before allowing anyone to enter the premises.
	Cybersecurity Checks
	Check the most recent laptop imaging standards and review procedures for secured connections
	Check the recent reports for application antivirus, DLP, and software patch updates
	Question if the number of laptops without the latest patches and updates is above the threshold
	Check the privileged access granted to third parties to access the production data, sensitive data, privacy data, and applications remotely
	Verify if the logs are maintained and reviewed for privileged access especially changes to applications in a production environment
	Check if screen lock settings are functioning as intended
	Check the cyber threat reports during the last eight weeks and review how the high-risk threats are addressed and check if timely actions were taken
	Review remote access approvals for sensitive data
	Business Continuity/Disaster Recovery
	Review incident tickets created for backup issues within the last eight weeks
	Check for major issues and how it is addressed
	Check for the latest backup details and no issues reported
	Data Security
	Check with the encryption team if they have reported any issues and any incident ticket is pending resolution
	Check if the new laptops have proper encryption controls in place
	Physical Security
	Check with the facilities department that physical security checks are in place for any employees reaching office and proper approval is in place before allowing any one to enter the premises
	Compliance
	Conduct inquiry and perform a high-level review of high-risk compliance controls
	Review any major issues reported impacting compliance
	Customer Complaints
	Check the customer complaint tickets and volume of the tickets during the last eight weeks compared to earlier
	Check for repetitive and major high-risk issues and resolutions in place or pending status
	Training
	Check if the training such as phishing, ransomware, malware, etc. is conducted at least once during the last eight weeks. Ensure employees are aware of what needs to be protected.
	Ensure employees are aware that hardware is not shared while working from remotely
	Fraud Checks
	Especially important for certain clients. Checks from the fraud perspective are important and ensure processes and controls operating as intended