Article written by JACQUELINE LEMAY DE DEMERS BEAULNE – in the Canadian News Quarterly, a newsletter published by the Canadian member firms of Moore North America. This article, on pandemics and corporate vulnerabilities, is part of our mission to become the partner of choice for your success by keeping you up to date.
For over a year, companies and individuals have been facing an exceptional situation, which has required them to react in an equally exceptional way. During the pandemic, companies in particular were faced with new challenges, which led to significant operational and strategic changes. To meet these challenges, the implementation of appropriate organizational control mechanisms is essential. Has your company done this?
Some companies have had to downsize, turn to new activities and change their processes, policies and working methods. As a result, many of the monitoring activities that are essential to smooth operations have been abandoned, exposing companies to new threats or exacerbating their vulnerabilities.
So why should your company consider pandemic-related vulnerabilities?
Teleworking
Right from the start of the pandemic, containment measures forced many organizations to rapidly introduce teleworking. However, the latter did not necessarily have the structure, equipment and organizational control mechanisms required to support a widespread teleworking system. For example, companies whose employees use their own devices to work and some cloud-based software are exposed to risks including loss of control over business and professional information, and cyber-attacks perpetrated by phishing emails and malware.
- Organizations need policies governing IT use and teleworking to define what is and isn’t allowed.
- For example, these policies should specify that employees may only use devices provided by the organization when teleworking, and only in accordance with established rules, in order to avoid the risks associated with personal devices. These risks include failure to install security updates, use of weak passwords and loss of control over sensitive business and professional information. Click here to find out more.
- Organizations should regularly back up their data and ensure that copies of these backups are stored in a safe place.
- In addition to developing policies, it is essential to train employees, especially on the risks associated with using their personal devices (phones, tablets, etc.) and the minimum security measures that should be put in place, such as creating strong passphrases and passwords. It’s also vital to teach employees to analyze the data they receive before clicking on any links in an e-mail or opening attachments. Finally, companies need to make it clear to employees the importance of using only secure networks.
Accelerated business recovery
When the new workplace cleaning and disinfection requirements were announced, organizations had to turn to new suppliers of cleaning services, maintenance and personal protective equipment. These new constraints, coupled with the desire to speed up business recovery, can lead companies to quickly call on new suppliers without carrying out the usual procurement checks. Neglecting these controls makes organizations more vulnerable to certain types of fraud, such as asking for excessive prices or supplying poor-quality products for the same price. Have you carefully selected your suppliers? Some may even provide misleading or unapproved products or services. Be very careful!
At the very least, organizations should check whether new suppliers are listed in public supplier databases, review any current lawsuits in which they may be involved, talk to known customers of the supplier to find out about the quality of its services, production, delivery capabilities, etc., and so on.
Redundancies
Several organizations had to lay off employees during the pandemic due to the drop in business. They should not forget that these employees may be facing financial difficulties. This situation can encourage or aggravate attempts at fraud, such as embezzlement or the acceptance of bribes. Some employees have also seen their workloads increase, and have been assigned new tasks for which they do not necessarily possess the skills or knowledge to perform them properly.
- To reduce the stress experienced by employees, organizations can demonstrate openness and understanding, organize virtual meetings to break social isolation, approve overtime, be flexible about working hours, etc.
- Companies should review their control policies to ensure that employees are only assigned to tasks they are fit to perform. They must also check whether certain controls have been eliminated or are not being applied because employees have not been trained.
- As an organization, it’s your responsibility to ensure that a lack of resources, time or other factors don’t force employees to ignore or speed up certain administrative processes, such as contract approval.
Don’t forget
In addition to numerous redundancies, new measures concerning teleworking, task allocation and supervision of employees and activities have created vulnerabilities within organizations that should not be taken lightly. Don’t jeopardize your efforts to maintain your business or get it back up and running quickly by neglecting the management of new threats and vulnerabilities.
Ready to develop robust organizational control mechanisms? This article will help you get started.
We’re here to help you proactively detect fraud indicators by reviewing transactions from previous periods. In addition, we can help you design and implement an anti-fraud program, review your business processes and update your vulnerability assessment.
Have you set up your organizational control processes properly? This article may complement your reading.
We can help you proactively detect fraud signals by reviewing past transactions. We can also help you design and implement an anti-fraud program, review your administrative processes and update your vulnerability file.
For more information, contact us today.