23 June 2020
Managing risk at any time, let alone in a pandemic, is a story about hindsight. After a risk event occurs the recriminations start. The question often asked is, “What could I have done better to prevent this from happening?”
When everything is going well complacency often sets in, resulting in the proactive and effective management of risk taking a back seat. The Global Financial Crisis (GFC) in 2007-08 brought to the surface many examples of complacency that had a ripple effect for many years after, e.g. the Madoff Ponzi scheme. Warren Buffet’s statement that “…you only find out who is swimming naked when the tide goes out”, is as relevant today as it was during the GFC.
The COVID-19 pandemic has already had a widespread and devastating cost in terms of human and economic loss. Recovering from this will likely take many years with much commentary suggesting our lives have changed forever.
The fallout of the GFC in terms of corporate failure and the discovery of much of the malfeasance that had been going on for years, only came to the surface many months after the initial shock waves began to recede. There is no reason to suggest that this current global crisis will be any different.
Why focus on risk now?
It is probably an understatement to say that the COVID-19 pandemic has created significant economic and consequently, personal uncertainty. On a personal level, many have become unemployed or had salaries reduced. Depending on one’s circumstances, this may also create financial hardship and pressure due to difficulty paying the mortgage and other financial commitments.
The elements of the fraud triangle aptly describe the drivers of risk in the current environment and the reasons why businesses should remain vigilant.
What are some of the current business risks?
Some of the risk areas to be considered and addressed in the current environment, include:
Despite the ability to communicate and collaborate online, many of us still working from home may feel a sense of isolation and the loss of daily structure that going into the office everyday provides. This can develop into health and wellbeing issues that directly impact productivity.
Where staff cutbacks have occurred, role substitution, i.e. where remaining staff are allocated tasks that they may not be qualified to undertake, can create service delivery and control challenges that may lead to additional pressures and associated health issues.
Individual financial stress speaks for itself and when it does occur, can lead to fraudulent behaviour such as the falsification of time recording, especially under working from home arrangements where supervision is limited.
It would be interesting to know how much business interruption has occurred in the current environment due to lack of depth in the supply base caused by inadequate business continuity planning (BCP).
Where this has occurred, has there been a flurry of procurement activity to shore up supply that is outside of policy and procedure? Hastily entering supply contracts without the appropriate level of due diligence on a supplier can cause significant issues in the future.
Aside from supply chain risks, there are a significant number of financial risks that can manifest in a business during difficult times. For most, the pandemic has caused declines in revenue. Even where debt levels have been low, the decline in revenues has led to austerity measures such as staff redundancies, salary reductions and a reduced capacity for business and individuals to obtain finance. Where financial KPIs are not being met, pressure increases to take measures one may not ordinarily take.
Fortunately, the government’s intervention has postponed some of the pain, but for how long? Looking forward, one must ask how far ahead and how expansive should the assessment of business risk be?
The pandemic has certainly tested the capacity of business technology infrastructure. The change from an office operating environment to a primarily work from home model has increased online risks. Cyber threats in the form of increased hacking and social engineering and fraudulent schemes such as business email compromise have increase significantly.
When employees have moved to the work from home model en masse, what measures including communication of clear guidelines about use of technology were given? In the current environment, maintaining regular contact with staff about current threats and measures has never been more important.
Likewise, has training and awareness of policy and procedure for your remote workforce been adequately maintained, e.g. remote network log on protocols and procedures to protect confidential information from prying eyes.
Fraud and corruption
Many of the risk areas already discussed have an influence on the potential for fraud and corruption to occur.
The responses to the pandemic have created an environment where the elements of the fraud triangle (shown above) are likely present in many business environments.
Risks that may not have been perceived as significant prior to the pandemic, e.g. collusion or corruption in procurement, may now be very significant risks. So, given the drastic operating changes due to the pandemic what measures have been taken to determine the significant fraud and corruption risks? If an assessment of current fraud and corruption risk has not occurred, it is likely your risk exposure has increased.
S.J. Watson in “Before I Go to Sleep” wrote, “It's so difficult, isn't it? To see what's going on when you're in the absolute middle of something? It's only with hindsight we can see things for what they are.”
Not too many of us saw this pandemic coming and certainly not the extent of the measures implemented around the world to curb its spread. If pandemic was not on a business’ risk register or considered in business continuity planning prior to the onset of the current pandemic, we can now bet with some certainty that it will be in the future.
Taking the time to consider how the risk environment has changed due to COVID-19 will enable focused mitigating actions to be taken. It may well be the difference between business survival or demise or at the very least, the difference between a rapid or slow and painful return to normality.
How PKF Integrity can help
PKF Integrity can help your business navigate these uncertain times by providing the independent insights needed to identify and mitigate your current business risks.