Internal Control in a Remote Environment

Due to the COVID-19 outbreak, many companies have started to work remotely, which has caused significant changes in their internal controls.  These changes may continue into the future, as companies discover the advantages of cloud-based accounting and more employees working remotely.  Due to these significant changes, companies need to reevaluate their processes and procedures to identify potential weaknesses where fraud could occur.  Typically, good internal controls include segregation of duties, such that one person initiates a transaction, another person approves the transaction, and the final person processes the transaction.  The internal controls may change when certain employees work remotely, therefore, companies need to address “what could go wrong” in various financial functions.  Companies should assemble leadership, who play a role in monitoring, and anyone involved in the accounting process to help adapt to a remote environment.  Duties may need to be reassigned among the accounting staff.  As changes are made, they should be documented and will be reviewed during a financial statement audit.

The major areas companies should evaluate include internal controls over expenditures, revenue, payroll, and other significant areas that may be applicable, such as inventory.  A company should not have one person performing the bank reconciliations, recording journal entries, processing checks, and depositing cash. This can be a challenge for companies with a small staff. Check writing and credit card usage are susceptible to fraud.  As check writing can be difficult in a remote environment, some companies have begun to utilize an electronic-signature feature with restricted access.  Additionally, companies should evaluate the sources of their revenue streams.  How is money received?  There should be more than one person involved when opening mail which contains cash receipts or other forms of payment.  Finally, payroll controls should be evaluated so that employees cannot change their wages or access payroll checks.  Whether working at the office or remotely, segregation of duties is an important concept in internal controls that should be implemented with careful thought from the leadership to the staff level.

As many companies continue to work remotely, internal controls need to be properly implemented and security of information needs to be maintained.  Companies should utilize their IT consultant or software provider to maximize the capabilities of their accounting system. Many accounting systems now have expenditure approvals incorporated in the workflow, such that clerical staff would input the data and the department head would approve the transaction.  This can be performed remotely. Many online billing platforms and payroll providers can be customized to have multiple levels of review and approval that can help maintain segregation of duties.  The most sophisticated cloud-based accounting tools can help prevent fraud and embezzlement by maintaining audit trails, logs of individual logins, and sending alerts when changes are made.  Equipping employees with landline ethernet connections would protect against their Wi-Fi network becoming compromised.  Finally, in a remote work environment, servers should be secured through a VPN to prevent malicious attacks.  Even with this hardware and software properly designed and implemented, communication is key in any internal control environment. Having regularly scheduled video conference meetings can boost morale and keep productivity high while also emphasizing the need to perform the controls necessary for financial accounting purposes.

Please contact us if you have questions or would like to discuss your internal controls.