9 ways to refresh your organization’s fraud controls now

privacy cybersecurity computer

During 2022, CohnReznick’s fraud risk management professionals experienced a significant increase in requests for assistance related to fraud. Many of these frauds may have begun during the pandemic, but went undetected for a significant period of time due to the sudden shift to remote workforces. 

As we analyze the “What went wrong?” at these organizations, we often see several themes related to the erosion of long-standing basic control protocols, in areas such as segregation of duties, oversight over reconciliation processes, follow-up on budget to actual variances, and vendor onboarding. This erosion, combined with an increase in “passive approval processes” (made without an adequate level of support or skepticism) and a decrease in audit activities, has created a perfect environment for fraud to go undetected for a sustained period. 

It is also worth noting that companies are being further challenged by the difficulty in finding qualified professionals to fill key positions that could help improve their weakened control environments. 

While none of these are new issues, their increased presence, and their relationship to fraudulent activity, is symptomatic of the new workplace paradigm that has rapidly evolved. 

There’s no time like the present to reflect on your organization’s control environment and take action to reduce the risk of fraudulent activity. Here are nine ways to get started. 

1. Refresh your risk assessment activities. Many organizations perform a risk assessment once a year. But effective risk management requires an ongoing process of assessment, monitoring, and adjusting. 

2. Identify, evaluate, and strengthen any interim controls that were established during the pandemic. Many of these controls (and processes) were created quickly and not designed to be permanent. 

3. Review your system access controls. Pay careful attention to system access that was granted during the pandemic, and adjust rights and terminate access as appropriate. 

4. Identify third-party/vendor relationships that were established and onboarded during the pandemic for appropriateness in today’s environment. Third-party relationships established during a crisis may not have received the same level of scrutiny or due diligence. Circle back now for a closer look: What were they hired to do? Did they do it? Do we still need them?

5. Identify segregation of duty issues. Many organizations are still struggling to fill key positions. Evaluate the impact that these vacancies are having on establishing adequate SOD, and create interim review processes to mitigate risks until roles are filled. 

6. Look at what you are approving. Be aware that your control environment has changed. We should always employ a healthy degree of skepticism during any approval process and not hesitate to ask for more information as needed to get comfortable. 

7. Establish an internal audit presence within your organization. Provide risk and control-based training to your employees that includes information related to audit activities. The knowledge that your organization routinely performs audits is a strong fraud deterrent for employees, vendors, and third parties. 

8. Review any system implementations that were performed during the pandemic. We have seen an increase in failed and/or problematic implementations over the past year. A post-implementation review may identify process and control issues that need to be remediated. 

9. Evaluate person by person the need for company-issued credit cards. Establish an independent process for reviewing the appropriateness of all credit card holders, expenditures, and payments. 

Contact our team for more insights or for tips on getting started today. 


George Gallinger, Principal, Risk Advisory


Subject matter expertise

  • George Gallinger

    CIA, CFE, Principal, Risk Advisory, Global Consulting Solutions

  • Close


    Let’s start a conversation about your company’s strategic goals and vision for the future.

    Please fill all required fields*

    Please verify your information and check to see if all require fields have been filled in.

    Please select job function
    Please select job level
    Please select country
    Please select state
    Please select industry
    Please select topic
blurred crowd of people

Building the Organization of the Future

This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its partners, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.