Employees have a duty of good faith and fidelity to employers. They should behave ethically and act with honesty and integrity.
Given the current global outbreak of the Coronavirus, all organisations, both government and non-government, are turning to remote work as a solution to keep their businesses running and maintain essential services. In some cases employees are using their own digital devices, in other cases employers are providing resources that employees take home to use. Economic instability, the psychological effects of uncertainty and the opportunity that working from home creates is a perfect storm that has increased the risk of employees engaging in misconduct. Some forms of misconduct, such as failure to adhere to network access or computer security protocols may further expose businesses beyond just employee conduct issues.
Criminologist Donald Cressey first presented the theory of a fraud triangle – consisting of pressure, opportunity and rationalisation.
This fraud triangle theory is supported during the current COVID-19 crisis. Uncertainty creates pressures for organisations to cut costs. Pressures faced by employees during times of uncertainty create fear and concern about financial stress arising from uncertainty around employment, or perhaps another household member becoming unemployed. The stretching of resources and pressures felt by employees lead to increased opportunity for fraud, corruption or workplace misconduct. With more employees working from home, and less visibility around what they are doing, and with managers having less time to be vigilant due to being distracted by the crisis and other management responsibilities, the opportunity presents for low, or in some cases, no productivity. Individuals may rationalise that the financial pressures they face, which are a result of the actions of others, justify the means and needs to supplement their income.
Fraud could be outright theft by stealing funds from the employer due to internal control weaknesses within the business processes. Misconduct could be an employee spending work time on personal activities, misusing work computers or phone, overstating the amount of hours worked, or unexplained or undetected absences.
Businesses and government departments need to remember that uncharacteristic behaviours may occur in even the most senior and most trusted employees. People who are afraid, have financial pressure on their household because of other job losses, or feel a disconnectedness or distrust of their workplace may contemplate and/or engage in serious misconduct and even criminal behaviour. This risk increases where operational environments have not have been set up for working from home.
Examples of employee misconduct while working remotely may include but are not limited to:
Leave creep or time theft, where staff don’t take leave entitlements because they can hold themselves out to be working
Being under the influence of alcohol or other drugs
Sexual harassment, sexual misconduct or misuse of property for pornography or other inappropriate content during work time and while using business resources. This may include, in the absence of direct supervision, the sending of inappropriate messages or images to colleagues
Presenteeism – in this case being the absence of productive work while working from home
Online bullying or insulting behaviour, including aggressive, abusive, threatening or derogatory language towards other employees
The acceptance of inappropriate gifts, benefits or hospitality – because of the ease with which employees can escape detection
Engaging in inappropriate secondary or other employment
Inappropriate release, theft and/or misuse of confidential information –such as an employee providing confidential information to another with the sole purpose of gaining an advantage or benefit
Inappropriate use of resources, such as using work resources for personal use
Theft or fraud, transfer of funds, petty cash or account skimming, invoice redirection or the use of dummy invoicing
Corrupt conduct and maladministration within government departments.
The lack of visible supervision, surveillance and remoteness of work will mean that some employees or contractors will have the time, freedom and motivation to see what they can get away with. These behaviours may then escalate as boundaries are pushed and conduct is not detected or managed. With it comes serious risks to the business, its intellectual property, potential financial loss or financial disadvantage, and even the welfare of its staff.
Working remotely can also present security risks including an IT departments’ inability to ensure network cybersecurity or the complete monitoring of staff. An employee’s lack of commitment to digital security practices and the potential of remote employees adopting riskier IT behaviour may also nurture misconduct or present exposure from external malware or cyber attack.
While it is important that an organisation trusts their employees to do the right thing and to act professionally and with integrity when working remotely, good governance is essential in managing risk. This means identifying the potential for an incident to occur and taking steps to reduce the likelihood or severity of its occurrence. All employment situations do not carry the same risks; nor do all employees. Recognising and acknowledging the risks in employment situations is the first step towards effective risk management. Being aware of the increased risks created by remote working environments and working from home is critical in prevention and detection of related misconduct.
Risk management guidance for employers with employees working remotely includes:
Steps to foster employee interpersonal connectedness and provide support. This might include regular online meetings and social gatherings such as video conferencing morning teas or lunch time online social events
A dedicated working from home / working remotely policy and procedure that all employees must adhere to, with particular emphasis on appropriate cyber security
Communication rules for email and digital video conferencing as a primary interaction
Training and education for employees working remotely
Ensuring businesses have cyber insurance and employment practices liability insurance that covers remote working
Consider having a cyber security assessment undertaken that will advise businesses of any critical exposure risks and how to address them
Ensuring policy on intellectual property, confidential and personal information is revised to contemplate remote work environments and up to date with current legislative requirements
Explore offerings with ICT providers to ensure you have the latest network security and monitoring programs in place, making it more difficult for employees to engage in misconduct
Remember that any changes to digital surveillance may require a workplace surveillance policy or updates to it for that information to have maximum utility
Revision or introduction of employee requirements to account for time and work, with management monitoring of work output and quality
Monetary policy regarding invoicing, two factor authentication or reconfirmation for client payments, or multiple management signoff on expenses
Continuous disclosure and communication regarding questionable conduct, employee concerns or identified areas of exposure
Workplace investigation and quick action in relation to issues or concerns as they arise.
Organisations need to be risk adverse and have sufficient rules and standards in place, so employees know what is required of them while working remotely. Organisations also need to ensure they have sufficient IT measures set-up not only to mitigate and reduce the risk of employee misconduct but to reduce the risk of confidential information being accessed or lost.
Jackie Gallo is an expert legal recruiter, her expertise is of particular utility in assessing requirements in recruitment and selection processes by government departments, universities and in other regulated environments, and can also make recommendations regarding compliance. She is invaluable in assisting Senior Consultants during investigations and provides assistance in witness co-ordination and interviewing.
Matthew Dacey is an experienced workplace investigator with extensive experience and training in undertaking and case managing workplace investigations, conducting child protection audits, managing risk and delivering code of conduct presentations, as well as advising senior executives on industrial, ethical and professional standards issues.
Further information and assistance managing these matters is available by contacting WEIR Consulting (National).