internal controls web

Internal Controls and the Impact of the Remote Workforce

In a recent conversation, MFA Risk Advisory Partner Lisa Whittemore reflected on the risk management-related implications of the COVID-19 pandemic, including the inherent risk posed by the increase in remote working conditions. Although the grimmest days of the pandemic appear to be behind us, virtual workforces may be here to stay – and with that, increased control concerns.

The ‘Work from Home’ Impact

Many businesses have announced they will continue to permit employees to work remotely after COVID, and in this supremely digital age – when corporate networks, security policies and control procedures are being noticeably tested – it’s become imperative for businesses to prioritize internal controls.

The reality is, even when employees aren’t working from a corporate office, a business’ controls require significant oversight, particularly the controls over financial reporting and sensitive business information. Home security networks can pose significant risks and could easily become unsecure or overloaded with multiple family members potentially streaming, downloading, sharing and communicating across them at the same time.

In light of these changing conditions, companies need to fully comprehend how business processes and financial management have been impacted or restricted and design “remote control” policies to dictate procedures, especially if they anticipate virtual workforces to endure in the future.

Three Steps to Prioritize Internal Controls in a Virtual Environment

1. Assess. Understand the full scope of how COVID has impacted your existing internal control processes and procedures and determine whether changes are expected to be temporary or permanent.

  • Have any new technologies been incorporated into your control framework? For example, is your business using new collaboration software or tools to streamline/enable the oversight process while employees are working virtually?
  • How is your auditor performing inventory observations? Are you live streaming virtual walk-throughs or have you reintroduced in-person observations?
  • How is the financial review process being handled? Are digital signatures accepted for signoff of checks, financial statements, etc.?

2. Isolate. Ensure proper segregation of duties to optimize the success of your internal controls over financial reporting.

  • Have employees taken on additional responsibilities or oversight of new functions due to workforce reductions, operational restructuring or other COVID impacts? If so, how were they trained on proper procedures?
  • Are employees working flexible or alternative work schedules, and if so, how has this impacted oversight procedures?
  • If there’s an expectation that some employees may return to the office, but others will remain remote, how do you plan to modify procedures to ensure independence?

3. Monitor. Given the fluidity expected in the coming months as economies reopen and perhaps some employees return to work, risk management and monitoring will become increasingly important.

  • When and how will access controls be modified when the office reopens?
  • Which controls that were added or modified in light of the pandemic will remain in place? For example, will inventory observations by your auditors remain virtual to streamline the process and free busy schedules from increased travel?
  • Have all new or modified controls been documented, tested and disclosed? Given the speed at which many may have been implemented at the start of COVID, now is a good time to review any disclosure gaps and ensure all proper parties have been notified.

The list above only scratches the surface of what businesses will need to account for as they continue to adapt to changing work conditions due to COVID. If you’d like to discuss the right time to perform an internal controls audit of your corporate security and business practices, please don’t hesitate to reach out.

Contact Us

Lisa Whittemore

Lisa Whittemore

CFE, CRMA, MBA
Partner

Connect with Lisa

Related posts
SPACs

SEC Issues Statements on Special Purpose Acquisition Companies (SPACs)

Last week, the SEC issued two statements regarding issues related to special purpose acquisition companies…

Read More
QA Risk Management

Q&A: Risk Management in the Time of COVID

Lisa Whittemore, Partner in MFA's Risk Advisory Practice, addresses the impacts of COVID-19 on businesses…

Read More