INTERNAL CONTROLS
Internal Controls in a Remote World Natalie Rooney As remote work takes hold at CPA firms and organizations, getting a grip on internal controls is essential for overcoming the security risks of an at-home workforce. Before COVID-19, working from home full time was the exception rather than the rule. According to a June 2020 survey by IBM Security and Morning Consult, 83 percent of respondents said that prior to the pandemic they worked from home either rarely or not at all. In face-to-face, pre-pandemic office settings, employers and IT teams managed, implemented, and monitored security measures and protocols from a central location. Now those systems are upended. âManaging internal controls in an office setting is one thing. Managing internal controls when everyone is working from their kitchen tables is another thing altogether,â says Bob Dohrer, CPA, CGMA, chief auditor for the AICPA. As pandemic concerns remain high, many workplaces plan to continue remote work into 2021 and beyond, and organizations may find themselves playing catch-up as they try to manage potential security risks in a world where in-person oversight is impossible and traditional controls are ineffective. The pandemic has exacerbated the usual risks, with remote work, furloughs, and layoffs all creating new weaknesses. âSuddenly there may be fewer people available to process financial transactions, and that creates pressure,â Dohrer says. âCombine all of this with issues surrounding the segregation of duties, and teams that arenât interacting in a live setting, and problems can develop quickly. Controls designed for the office just donât work as well in a virtual environment. We have a new level of consideration that has to take place.â
If you havenât revisited your internal controls lately, now is the time, says Jenny Deloy, CPA, MBA, Marcum LLPâs Chicago office managing partner and Illinois region partner in charge of assurance services. âChange, anxiety, and uncertainty are creating an environment where fraud proliferates, and fraudsters are out there with new scams to convince people to do things they wouldnât normally do,â she explains. As a result, companies need to be very aware of the steps they can take to avoid the opportunity for fraud, advises Elizabeth Sloan, CPA, managing director in Grant Thorntonâs Chicago audit methodology and standards group: âSince weâre not all physically together, we need to think about the basics. What changes have occurred to the control environment because of remote work? We need to be sure weâre thinking about the right things and not becoming complacent.â Hereâs how to ensure your internal controls remain relevant in a remote environment.
"If you havenât revisited your internal controls lately, now is the time." Graphics: Š iStock/akindo
20
The Washington CPA Fall 2020
www.wscpa.org
