We have all seen the news on the payments firm, WireCard, and the missing 2 billion USD, an arrest warrant and auditors signing off on accounts that they shouldn’t have!

Whilst not all specifics have come to light yet, it has become clear that the auditor was fed false information and basic checks were not done to verify the existence of cash reserves in what appeared to be fraudulent bank statements.

This is a clear example of why companies shouldn’t conflate compliance with an effective system of internal control. Economic downturns like we are seeing in the wake of COVID create increased opportunity for fraud, but also often expose frauds disguised in earlier periods.

You can have your controls assessed as effective and still be at risk of major fraud. Compliance cannot be the myopic focus.

It is a timely reminder that risk management is the objective, and compliance is just one outcome. We should automate controls where possible and automate the monitoring of control effectiveness and of risk indicators themselves. This makes “massaging the numbers” much harder to perform and sustain.

In our own work, we are seeing the benefit of advanced data science approaches, such as Machine Learning, shining even greater light on performance and risk. As the algorithms get smarter, it is becoming clear that we need “Business Scientists” maybe even more than “Data Scientists”.

Our article this week delves into greater detail into the lessons from the WireCard fraud scandal and reminds us there are others, yet undiscovered, that COVID may have brought to the surface. You can read it here.