As controllers, finance directors, and treasurers, you have a fiscal responsibility to the public to establish and maintain effective internal controls to prevent and detect fraud. During the past 18 months, we sure have seen a shift in the physical office setting. With more staff working remotely these days, internal controls that once worked effectively may need to be evaluated.
When we are in a physical office setting, it is easier to have physical security measures than when employees work from home. In addition to dealing with staff reductions, many staff are taking on additional responsibilities due to this remote work environment. These changes may create some additional control gaps that increase the risk of fraud or misstatement.
We first must consider the ever-changing control environment. Some of these changes are planned, like software updates or new services that your organization offers. However, as many of you have experienced, some are not planned, such as employee departures and hybrid or remote work schedules. As employees depart, consideration should be given as to who will assume their responsibilities, and is the organization still maintaining an appropriate level of segregation of duties?
Three important areas to consider in the increased remote work environment are the tone at the top, risk assessment, and accounting system controls.
- Tone at the top – Having a unified approach with the council/board and management is critical for effective internal controls. A key part of this process is communication. With the remote work environment comes communication challenges. Those quick discussions between staff and management by the copier or water cooler aren’t happening when working remotely. Communication now needs to be deliberate and often comes in weekly emails, one-on-one videos, or even department conference calls.
- Risk assessment – With the evolving environment we are in, whether changes were planned or unplanned, it is important to evaluate your internal controls. This risk assessment will ensure your internal controls are designed to remain effective. A few areas to consider are segregation of duties, authorization and approval, and reconciliation and review.
- Accounting system controls – Review the user access lists for each specific account area, such as cash receipts, payroll, journal entries, accounts payable, and bank reconciliations. Verify that only the necessary staff have access to each of the key transaction cycles. It is essential to have secure access controls to keep unauthorized users out.
Now is an excellent time to review your entity’s controls to prevent wrongdoing, no matter where your professionals work. Consider the ways your entity is exposed to potential fraud and learn about the benefits of an internal controls study.