The COVID-19 pandemic has changed life as we know it over the last several months, and businesses have been forced to adapt to the ‘new normal’, which in many cases, means having an entirely remote workforce for the first time ever.
As your business adapts to this new way of working, it’s important to reassess your internal controls and their efficacy under current conditions. Internal controls that were effective in the office environment may no longer make sense, and the remote work environment may pose new risks that require entirely new control processes to be put in place.
Below are our top tips for establishing effective internal controls in the remote workplace:
Risk assessment.
As a first step, your internal controls team should schedule some time to do a thorough review of your internal controls processes. Discuss the systems and processes in place and evaluate how they fit with the current model of work; look for weak spots and new areas of risk; and brainstorm possible ‘what if’ scenarios. In addition to any preventive controls you already have in place, you may also want to consider adding detective controls, to identify any errors or fraud after they have occurred. This can help you identify and correct any weak spots as your business adapts to new processes. You should also include your IT professional(s) in this discussion, as developing security processes to mitigate technology risks will be more important now than ever before.
Commit to going digital.
There is no better time than now to implement paperless processes throughout all areas of your business. If you haven’t already implemented digital billing, electronic signatures, and paperless accounts payable, this can not only simplify your internal controls processes, but also save time and costs in the long run.
Maintain segregation of duties.
With many or all employees out of the office, employee responsibilities have likely shifted a bit. It may be tempting to skip steps in your internal control process or assign too many steps in the process to one person to keep things going “for now”. However, it is important to continue to mitigate the risk of fraud by maintaining proper segregation of duties in your internal controls processes, especially in regard to financial reporting.
Detailed documentation.
While it is always important to keep detailed records of transactional activity, now more than ever it is imperative to document your entire internal controls process, including what has changed, who is responsible for what, and any transactional activity, including invoices and payments made, throughout each month.
The COVID-19 pandemic will likely leave a lasting impact on the way we do business. Businesses that were previously hesitant about a remote workforce have adapted and thrived in the ‘new normal’, and even after workplace restrictions are lifted, employees who have experienced the work-life benefits of working from may wish to continue to do so. Taking the time now to ensure that your internal control processes are stronger and more resilient in the remote work environment will serve your business well beyond the end of the pandemic.
If you have questions about your internal controls or how to modify them, leave a comment below, or feel free to contact me directly, I’m happy to help! For more COVID-19 related updates, alerts and impacts, visit our COVID-19 Resource Center.