Internal Controls Must be Adapted to a Remote Work Environment
Who’s Opening the Mail?
Strong internal controls that keep an entity financially secure during normal times are essential, but during a crisis like COVID-19, business owners and those charged with governance must reconfigure those controls to ensure that receivables, expenses, and cash are properly and securely accounted for.
For businesses, nonprofits, and government offices that closed completely or even partially over the past several months, the normal controls over financial transactions were inevitably disrupted as employees figured out how to do their jobs from home.
In entities that are still heavily paper-based – such as those using paper receipt books to record revenues – having a dispersed finance staff working remotely presents a significant challenge to normal internal controls.
Who tracks revenues, and how? Who is opening the mail and handling checks at the office? Is it the same person who did it before COVID-19 or someone new? If it’s someone new, does that person know the steps that are in place to account for the payment and deposit it?
In other words, is the revenue going where it needs to go and is it being properly reported?
Dangers – Financial Disorganization and Fraud
The dangers are twofold in an environment of lax financial controls – disorganized financial reporting and fraud.
Consider the impact of disorganized financial reporting. With some internal controls being delayed or nonexistent, bank reconciliations, important payments, orders for goods, sales tax deposits or other major functions may be overlooked. You don’t want to get six months down the road and find that something fell through the cracks that was vitally important.
Additionally, as the COVID-19 crisis has continued, many deadlines have been extended. Federal and state governments have pushed out tax deadlines, banks have extended loan payment deadlines, and, in some cases, regulatory agencies have extended reporting deadlines. Who is keeping track of these changes for your company? Who is ensuring that payments, regulatory filings, and deposits are made on time if the deadlines that are programmed into your accounting software – or entered on a calendar – have been changed?
Fraud can’t be overlooked as a possibility when we assume – mistakenly – that our normal on-premises financial controls translate over to the remote work environment.
No one wants to think that their employees may steal from the company, but it happens, and the COVID-19 pandemic has set the perfect scene for what we call the “fraud triangle” – three factors that often lead to internal fraud:
Incentive – While your employees have retained their jobs and are getting paychecks, perhaps spouses or other members of their households are out of work and money is tight.
Opportunity – When internal controls suddenly become less constricting, an act that was once unthinkable may become a possibility.
Rationalization – “I’ll pay the company back when this COVID thing is over.”
Strong controls – including oversight by more than one senior manager and by your company’s board of directors, if you have one – is critical right now. The same monthly and quarterly reporting that you have done in the past should be produced while employees are working remotely.
Strengthen Controls in a Remote Environment
Companies that are questioning their internal controls in the remote work environment can take several steps to protect themselves:
- Communicate with auditors early and often and ask for their suggestions on strengthening your controls. Don’t wait until audit season. They would prefer to help you now rather than find problems during the audit.
- Document any changes in procedures and policies you have made so you can “reverse engineer,” if necessary, to explain something during the audit.
- Check your company’s bank accounts online daily, or at least several times a week, since segregation of duties is harder to establish in a remote work environment.
- Sit down and think about your organization and where weaknesses may lie. What are the areas in revenue, financial closing cycles and payroll cycles where something could go wrong? How could an invoice get paid without proper approval in the remote work environment? Consider solutions and implement them.
- Evaluate all your cycles and test each stage. If losses occurred at any stage, how could they be caught early to minimize damage to the organization?
- Talk to your IT provider about data security in the remote work environment. If employees are using their personal computers to connect to your entity’s server and financial data, make sure they are using a VPN in order to keep your data secure. In addition, make sure they understand that no one else – such as spouses and children – should have access to their computers.
- Look into software applications that can make remote work more secure and user friendly. A cloud-based accounting system could enable your finance staff to fully manage your finances remotely. Adobe Sign could enable you to get secure signatures on documents. Microsoft Teams or Zoom could help your employees hold regular – even daily – meetings to stay on track and feel connected. Feeling isolated or disconnected can contribute to a breakdown in teamwork, in controls and even in loyalty. With today’s technology, there is no reason to let that happen.
Contact your Adams Brown advisor for a discussion about your entity’s internal controls during the COVID-19 crisis.