In an effort to #Flattenthecurve of the coronavirus pandemic, many workplaces are going 100% remote. Every business should ensure that changes in workplace environments do not disrupt an organization’s internal controls. Here are five ways to keep internal control processes functioning in a newly remote workplace environment:
- Consider performing an updated risk assessment for your organization. Your control environment may be changing with the implementation of remote workplaces, and your organization may be facing new risks that did not exist before. It may be more difficult to monitor and analyze financial information, review and approve transactions, and keep information systems up to date. Plan a meeting for your team to do a thorough review of internal control processes. Ask questions like, “What are the weak spots?,” “What could go wrong?,” and “What if a team member is unable to work for a period of time?” Consider including members of governance in this discussion, since they also play a key role in monitoring the organization’s financial information.
- Have a discussion with the people managing your information technology. These individuals may be employees or external consultants. Ask about any risks they see that should be addressed, as well as any best practices. If it hasn’t already been done, make sure that access to servers is secured through a VPN to prevent malicious attacks. As an additional precaution, your organization should also ensure that “two-factor authentication” is implemented as an additional level of security for VPN access.
- Continue to cultivate a “culture with controls” through regularly scheduled phone calls or video chats. Communication is key in any internal control environment. These additional conversations will aid in monitoring your organizations internal controls, and it also helps to keep employee morale and vigilance high.
- Seek opportunities for controls to evolve, to ensure that they aren’t circumvented. Do not discard a control because of a remote-work environment, but develop ways to leverage technology to enhance the control. Are there virtual review and approval capabilities in your financial software that can be utilized? Can electronic signatures and approvals be used where “hard” signatures were used before?
- Strive to maintain segregation of duties. Segregation of duties is often a challenge for smaller, less complex organizations. It is even more challenging in a remote work environment. Use technology and communication to ensure that segregation of duties is still happening, and that controls will not be overridden. Applications like Slack and Microsoft Teams allow for enhanced collaboration on documents, and many online billing platforms and payroll providers can be arranged for multiple levels of review and approval that can help your organization maintain strong segregation of duties.
Even the best controls have limitations, but every business should do its best to make sure that effective control environments persevere in the midst of the changes we are facing. By taking these challenges seriously, we can look forward to having organizations with controls that are stronger and more resilient than they were before.
To learn more about best practices for your nonprofit in areas such as internal controls, data privacy and compliance, cyber security readiness, tax law changes, and more, contact Will Donahue at 301.231.6200 to discuss your organization and how Aronson can help.