Internal Controls and the Impact of the Remote Workforce
In a recent conversation, MFA Risk Advisory Partner Lisa Whittemore reflected on the risk management-related implications of the COVID-19 pandemic, including the inherent risk posed by the increase in remote working conditions. Although the grimmest days of the pandemic appear to be behind us, virtual workforces may be here to stay – and with that, increased control concerns.
The ‘Work from Home’ Impact
Many businesses have announced they will continue to permit employees to work remotely after COVID, and in this supremely digital age – when corporate networks, security policies and control procedures are being noticeably tested – it’s become imperative for businesses to prioritize internal controls.
The reality is, even when employees aren’t working from a corporate office, a business’ controls require significant oversight, particularly the controls over financial reporting and sensitive business information. Home security networks can pose significant risks and could easily become unsecure or overloaded with multiple family members potentially streaming, downloading, sharing and communicating across them at the same time.
In light of these changing conditions, companies need to fully comprehend how business processes and financial management have been impacted or restricted and design “remote control” policies to dictate procedures, especially if they anticipate virtual workforces to endure in the future.
Three Steps to Prioritize Internal Controls in a Virtual Environment
1. Assess. Understand the full scope of how COVID has impacted your existing internal control processes and procedures and determine whether changes are expected to be temporary or permanent.
- Have any new technologies been incorporated into your control framework? For example, is your business using new collaboration software or tools to streamline/enable the oversight process while employees are working virtually?
- How is your auditor performing inventory observations? Are you live streaming virtual walk-throughs or have you reintroduced in-person observations?
- How is the financial review process being handled? Are digital signatures accepted for signoff of checks, financial statements, etc.?
2. Isolate. Ensure proper segregation of duties to optimize the success of your internal controls over financial reporting.
- Have employees taken on additional responsibilities or oversight of new functions due to workforce reductions, operational restructuring or other COVID impacts? If so, how were they trained on proper procedures?
- Are employees working flexible or alternative work schedules, and if so, how has this impacted oversight procedures?
- If there’s an expectation that some employees may return to the office, but others will remain remote, how do you plan to modify procedures to ensure independence?
3. Monitor. Given the fluidity expected in the coming months as economies reopen and perhaps some employees return to work, risk management and monitoring will become increasingly important.
- When and how will access controls be modified when the office reopens?
- Which controls that were added or modified in light of the pandemic will remain in place? For example, will inventory observations by your auditors remain virtual to streamline the process and free busy schedules from increased travel?
- Have all new or modified controls been documented, tested and disclosed? Given the speed at which many may have been implemented at the start of COVID, now is a good time to review any disclosure gaps and ensure all proper parties have been notified.
The list above only scratches the surface of what businesses will need to account for as they continue to adapt to changing work conditions due to COVID. If you’d like to discuss the right time to perform an internal controls audit of your corporate security and business practices, please don’t hesitate to reach out.
Material discussed in this communication is meant to provide general information and should not be acted on without obtaining professional advice tailored to you or your company’s individual and specific needs. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used by any person or entity, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. This information is for general guidance only and is not a substitute for professional advice.
The information contained herein should not be construed as personalized investment advice. Investment in securities involves the risk of loss, and past performance is no guarantee of future results. There is no guarantee that the views and opinions expressed in this document will come to pass. Historical performance results for investment indexes and/or categories generally do not reflect the deduction of transaction and/or custodial charges or the deduction of an investment-management fee, the incurrence of which would have the effect of decreasing historical performance results. There can be no assurances that your portfolio will match or outperform any particular benchmark.
Information presented is believed to be factual and up-to-date; however, MFA makes no guarantee as to accuracy, completeness, suitability, or validity of any information within this communication and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages from its display or use. Any forward-looking statements are believed to be reasonable; however, MFA gives no assurance that such expectations will prove to be correct.