Addressing heightened cybercrime and financial statement fraud risks: Our perspective

The pandemic has enabled organisations to change the way they operate and redesign their operating model. With this, organisations need to be agile and refresh their fraud prevention plans to align with the new normal. In this context, IDs can play a significant role in pushing the agenda in board meetings, to control cybercrime and keep an eye out for possible fraud incidents.

Drive the agenda to control and monitor cybercrimes

Organisations can achieve a resilient remote working culture by enabling the following actions:

• Re-evaluate data protection policies and controls to secure the ecosystem
• Re-assess technology and infrastructure solutions from a security, capacity, availability, and resilience perspective
• Implement solutions that help monitor frauds/ cyber security threats and log events to ensure secure and resilient operations
• Plan, analyse, prepare, and deploy crisis management response mechanisms to mitigate the impact of any business continuity threat
• Re-evaluate the risks arising from third-party ecosystems in the remote working scenario for all employees
• Establish comprehensive policies and procedures to define guidelines for effective working and governance, adapted to the new normal
• Ensure that company conducts periodic awareness drive to sensitise the employees on the risks and precautions to be taken
• Continuously measure crisis response effectiveness on an ongoing basis with regular and rigorous training, testing, and communication

Tips to watch out for cybercrime incidences:

• Understand trends of cyberattacks/ breaches/ attempts in industry and implication thereof on the company’s risk profile
• Ensure periodic review of the critical organisational data which is vulnerable to such attacks
• Identify instances of lack of right-fit of technologies and skilled resources in view of the emerging trends
• Understand the fraud trends emerging from third-party eco-systems

Drive the agenda over financial reporting process

While the primary responsibility of financial statement preparation and reporting remains with the management of the organizations, IDs need to be vigilant for control over financial reporting and fraud schemes. Some best practices include:

• Ensuring that the organization has a robust system of anti-fraud controls over financial reporting and has implemented a continuous monitoring mechanism to identify red flags on a near real-time basis
• Ensuring that the board gets qualitative information (accurate and comprehensive reports) well in advance to review and obtain confidence on the accuracy, completeness, and quality of the information presented
• Ensuring that all material/ extraordinary transactions are brought to the notice of the board and have appropriate business justification substantiated with satisfactory information/documents
• Confirm that the related party transactions/ extraordinary items are justified, in the organization’s interest and supported with independent subject matter expert’s opinions, wherever required
• Apply heightened skepticism and ask challenging questions and record consent or dissent as appropriate
• Consider all whistle-blower complaints/tips diligently and ensure that they are addressed/investigated adequately

Tips to watch out for financial statement frauds:

• Reported financial numbers not in line with the industry and past performance trend
• Complex disclosure notes in the financial statements
• Frequent or ad-hoc changes to the accounting principles adopted for financial statement preparation
• Frequent auditor qualifications or reservations in the audited financial statements
• High employee retrenchment in the finance department or frequent changes to external auditors
• Lack of/inadequate controls over financial reporting