This is the archive of CPA Now blogs posted on the PICPA website through April 30, 2025. Want more recent blogs?

Read current blogs

By Allison Greenfield, CPA, and Jeffrey T. Willoughby, CPA, CFF, CFE

Among the many changes brought on with the new normal of COVID-19 is the increased exposure to fraud. From companies closing their offices and working remotely, to more reliance on electronic data, opportunities for fraudsters have increased.

About one-third of the workforce is operating from home due to COVID-19, and it happened very quickly.¹ Nearly everyone was in the office one day, and the next day they were figuring out how to work remotely with little to no time for preparation.

A major cybersecurity issue of remote work is the vulnerability of home networks and personal devices. Many people are using their personal computers for work – devices that have been used primarily for personal reasons and which may not have the same level of security to which most businesses are accustomed. This increases exposure to potential fraud. In addition to personal device security, an equal, or possibly larger, concern should be network security. A basic challenge for everyone working with personal computers is to be on the same/similar operating system with the same versions of Excel, Word, and other electronic files. With documents being sent electronically over many different networks, documents and information can be intercepted and altered or corrupted. Altering information is always a concern with respect to acts of fraud, but an increased reliance on electronic information could increase the level of concern. Poor network security coupled with use of personal devices with less security provide an increased opportunity to alter or access confidential information, either of which would have negative consequences.

The U.S. Department of Justice’s Fraud Alert has examples, including work-from-home scams and efforts to divert payments using fake emails that appear to come from a trusted source.²

On March 20, 2020, the FBI issued a public service announcement noting the rise in fraud schemes related to COVID-19.³ Many of the issues include scammers trying to steal personal information. Phishing emails, for example, could lure a person to click on a corrupt link or trick a person into providing personal information. By clicking on these links or answering what appear to be legitimate emails, people give scammers access to their less secure personal computer, which now may have company information as a result of working remotely.

Many companies’ internal control systems – such as segregation of duties, monitoring, and reperformance – are based upon people working in close proximity. With people working remotely, how does one perform the same level of monitoring and control procedures? Regarding third parties, how do you know the people sending you information or making inquiries are the same people you received information from in the past? These issues make it even more important that your firm have an active cybersecurity policy and periodic training because the monitoring of controls may have changed.

With more decentralized operations, internal controls become more important. Everyone must pay more attention to the electronic markers on documents, monitor the time stamps on Word and Excel documents, and generally pay more attention to the dates and times noted for alterations or updates to electronic files. Electronic time stamps can help determine the authenticity of records and flag potentially fraudulent information.

With high unemployment due to the COVID-19 pandemic, additional opportunities for fraud may arise from layoffs. If companies have had to lay off employees because of a decline in business, some controls previously put in place may not be monitored as well as they should be. Organizations operating with less than a full staff may need to reassign duties or reallocate resources to ensure controls in place are being monitored and that they are still effective. Failing to continue to monitor the controls in place, or adapt if controls are no longer effective, will place your organization at additional risks for fraud.

We may not like to think about it, but another area where employers are vulnerable is in keeping a remote workforce accountable. Are employees working the same amount of time they would be if they were in the office? Or are they shaving hours off the workweek to accommodate personal situations? The data may not be in as of now, but it’s certainly an area that employers should think about.

Communication is key for employees and employers to both remain accountable while working remotely. Discuss new schedules to make sure everyone knows what is expected and accepted, and follow up with everyone to ensure compliance. If there is miscommunication, there could be a decrease in morale, resulting in some employees wanting to convince management they are working the same number of hours as they had previously, when in reality, they are not. One way to address this would be to have meetings that are less formally structured to make everyone feel connected and accountable. Fraud is a false statement made by someone with the intention to deceive for personal gain. Employees that falsify their time records are committing fraud.

Now that we are living a new normal, we need to be vigilant and remain aware of increased risks and possibilities for fraudulent activity, both from outside and inside an organization.

¹ www.npr.org/2020/05/08/852527736/covid-19-forces-more-people-to-work-from-home-hows-it-going
² www.justice.gov/coronavirus/combattingfraud
³ www.ic3.gov/media/2020/200320.aspx

Allison Greenfield, CPA, is an associate at Forensic Resolutions Inc. located in Philadelphia and Westmont, N.J. She can be reached at agreenfield@forensicresolutions.com.

Jeffrey T. Willoughby, CPA, CFF, CFE, is a director with Forensic Resolutions Inc. He can be reached at jwilloughby@forensicresolutions.com.

Sign up for weekly professional and technical updates in PICPA's blogs, podcasts, and discussion board topics by completing this form.