How remote working is impacting the control environment

It is very likely that internal controls may change when employees start working remotely. Businesses that were already operating in a digital environment, may not experience such a great change in risk assessment and internal control processes as an organization that relies heavily on manual processes. It is important to evaluate the processes implemented quickly during the early days of the pandemic to see if changes are required to prevent and detect fraud and error. Companies should consider its current controls and ask the question “what could go wrong” in its various functions within the business.

Impact on the risk assessment process

As workers are decentralised from “the office”, different risks and opportunities may emerge that should be considered in the risk assessment process. Whilst the benefits of remote working may actually have a positive impact on productivity and efficiency due to less office distractions, less stress, higher staff morale and lower operational costs and even impacting the environment positively due to a reduced carbon footprint, hidden risks may emerge that would require strengthened controls. These would include risks around distracted employees, employees that are unable to perform their functions remotely and the risks of malicious attacks from unauthorised users.

The first step in determining on what controls may need adjustment is to determine the additional risks that the entity is facing and designing controls to address these effectively. In this process it is important to:

Clearly define and document the risks, adjusted processes and internal controls
Identify any changes to roles and responsibilities needed to maintain internal controls
Communicate the modified processes and any role changes to all relevant parties
Keep accurate documentation as evidence that internal controls are performing as they should.

Impact on communication

A remote working environment will inevitably cause certain communication challenges. Those quick office discussions are no longer happening, and communication must now be deliberately scheduled. Therefore, having regularly scheduled video conference meetings can boost morale and keep productivity high while also emphasizing the need to perform the controls necessary for financial accounting purposes. It will also be useful to schedule one-on-one meetings to check in with employees and to ensure their work needs are being met.

Impact on the internal control environment

The following areas of the internal control environment should be carefully considered:

1) Segregation of Duties

Maintaining segregation of duties is very important and should be constantly assessed. Ask yourself the question: Is there still separation or has one person become responsible for multiple duties out of convenience?

It may be necessary to request employees to perform duties they have not previously performed. In reassigning duties, segregation of duties should be maintained between custody, record-keeping, reconciliation and authorisation.

2) IT Security

IT security is probably the most relevant area to consider. Areas that need careful consideration are:

Access and authorisation controls, including password controls
Servers – secured through a VPN to prevent malicious attacks
Physical and electronic access to servers and server rooms
Security, access, and retention of data in clouds
Auto-lock of computers in a period of inactivity
Use of digital signatures to prevent unauthorised changes, time stamps
Cloud-based accounting tools to maintain audit trails
Access and review of individual logins and alerts when any changes are made.

3) Review and Monitoring

It is likely that the preparation and review process may take longer than under normal circumstances. The implications of possible lack in communication, performance and the impact on service delivery should be considered.

The internal control environment must be constantly monitored to identify gaps, which must be addressed proactively. Audit and access logs can be effective tools for monitoring unusual activity and should be reviewed regularly.

Prepared by: Inge Theron
Email: inge@nexia-sabt.co.za

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Facts & figures

3000+

450+

10

752

128

Latest tweets

Contact