As a consequence of COVID-19, many businesses and organisations are finding that remote working has become the preferred working alternative for many employees, even in a world no longer dominated by the pandemic.
Regardless of the type of working environment, whether that be office, remote or hybrid, maintaining strong and effective accounting internal controls is crucial.
Thus, it is important to look at the processes that could be designed to maintain accounting internal controls in a remote working environment.
Here, we discuss areas of internal controls that are most likely to be affected by the remote working environment and provide suggestions for addressing these.
Segregation of duties
The key point in the segregation of duties for functions like payroll, cash receipts and procurements is that the duties of authorisation, execution, record keeping and reconciliation should be shared. Lack of segregation of duties in these processes increases the risk of fraud or error. In a remote working environment, segregation of duties may become difficult and challenging. Here are some tips to mitigate the risk of an insufficient level of segregation of duties in a remote working environment:
- Task employees who may not have been previously involved in the process to take on new roles
- Use service providers for processes (i.e. payroll)
- Use web-based solutions for cash receipts and payments
Authorisation and approval
In a remote working environment, the process for authorisation and approval will become virtual. Using electronic or digital signatures which require an employee to enter credentials prior to signing, enhances the integrity of the authorisation/approval. Here, we briefly explain the concepts of electronic and digital signatures.
- Electronic signature (e-signature): An electronic or e-signature is a legal way to get consent or approval on electronic documents or forms. It consists of a simple association of electronic data, such as a log in using a username and password or scanning a hand-signed paper document and sending it by email.
- Digital signature: Digital signature, also called ‘cryptographic signature’, is like an electronic ‘fingerprint’ that can add integrity to an electronic signature. As a coded message, the digital signature securely associates the signer with a document in a recorded transaction. Digital signature also helps the parties on either side of a digital signature to detect whether there are any alterations or changes in the electronically signed document.
Another consideration for authorisation and approval is the timely review of bank statements by an authorized person (i.e. CFO, Treasurer, CEO or a board member). This review helps to identify any unusual transactions from the bank accounts. Also, granting online access to monitor bank activity will act as an additional control layer over bank accounts.
Maintaining IT Security in a remote working environment requires proper maintenance and management of file servers and back-ups. Here are some tips to keep IT security for remote working:
- Evaluate current policies and controls in place over users’ access to the software needed for remote working
- Only use virtual private network (VPN) to access company servers
- Routine change of passwords (i.e. every 90 days)
- Setting auto-lock after a certain period of activity to protect the computer from unauthorised access when unattended.
Addressing these areas of internal controls and regular review of processes can help organisations to minimise risk exposure, regardless of working environment. In addition, keeping an open line of communication to convey the organisational values and fostering a sense of mutual trust is critical for the connectedness of employees and their commitment to the business. Sending the message about ethical behaviour as a core organisational value to employees through regular communication will set the foundation to maintain internal controls that will help the organisation in future, regardless of what that might resemble.