Maintain Strong Internal Controls in the Wake of COVID-19
The COVID-19 outbreak is disrupting supply chains and affecting production and sales across a range of industries. The extent of the impact on an organization’s operational and financial performance will depend on certain developments, including the duration and spread of the outbreak, impact on customers, employees and vendors, and governmental, regulatory and private sector responses. Businesses are approaching the safety of their personnel and customers in a variety of ways, but the large majority have a significantly reduced physical presence in their offices.
Internal controls may also be subject to substantial strain. With fewer finance and accounting professional onsite, maintenance of a proper and strong internal control environment becomes even more challenging. Properly functioning internal controls are intended to either prevent or timely detect fraud or financial statement errors. A thriving control environment requires careful planning, implementation and oversight. The following recommendations may improve internal controls in the wake of COVID-19.
Process Re-Engineering
Businesses will likely need to alter their implemented processes to adapt to the remote nature of business. There may have been things that were previously done in person or that used paper copies. Don’t bypass controls just because it seems difficult in a remote world. Re-engineer processes where necessary and possible.
Process Flow and Automation Technology
For companies that have been considering upgrading their systems and moving from a manual environment to a more automated one, now may be the time to do so. One illustration relates to the accounts payable process: if a process involves passing around paperwork for review and approval, invest in the AP module for the financial system that allows for automated workflows and virtual approvals. Similar processes can be added for bank and other reconciliations.
Maintain Frequent Contact with Team and Preserve Business Rhythms
Teams are likely working remote and may have additional stresses introduced due to the current environment. While team members are out of sight, they should not be out of mind. Preserve or increase the business rhythms that were in place before COVID-19. If daily or weekly manager meetings or activities were occurring onsite, those should still occur in a remote fashion. The same level of management oversight should be maintained or potentially heightened (perhaps monthly procedures are now conducted semi-monthly).
Implement Secure and Reliable Remote Technology
Ensure remote technology that can handle bandwidth of all employees needing virtual private network (VPN) access. This will reduce the risk of employees storing and transmitting confidential information outside the corporate environment.
Reinforce IT Security Policies
Remind and alert employees to be vigilant during this time. They should continue to follow IT security policies and be aware of phishing and similar hacking attempts. Data security inherently becomes more important when an increased amount of the work is done remotely. These policies extend beyond company IT assets to employees’ personal devices. If policies and safeguards related to company emails or other information on personal devices have been overlooked, they should be examined immediately.
Reimagining a company’s internal control environment is a tall order, but during these challenging times it may be necessary to protect the company’s assets and for financial reports to remain accurate.
While the current COVID-19 environment is very challenging, some companies are instituting positive changes that may actually yield a stronger, more efficient and modern approach to internal controls.