Working remote can lead to increased performance, productivity, and business continuity while helping employees achieve a better work-life balance. However, it’s important to establish and manage internal controls for tasks completed outside the office—otherwise these tasks can lead to higher risk and data loss.
The ten tips below constitute a good starting place for organizations seeking to develop internal controls that account for work-from-home (WFH) employees.
1. Electronic Signatures
With more employees working from home, it can be challenging to share paper copies of documents and obtain signatures in a timely manner. Using an e-signature shortens turnaround times for acquiring signatures and eliminates the need to reintroduce paper into the workflow.
Many e-signature programs offer enhanced security with automatic independent verification. They also prevent documents from being saved on untrusted servers and being exposed to tampering and fraud risks.
Ultimately, e-signatures reduce paper, printing costs, and the amount of time it takes to sign and collect documents—making the process convenient for organizations with WFH employees.
2. Electronic Payments
Electronic payments are convenient often allowing transactions to be completed by entering a few data points. In addition to convenience, there are two key benefits:
- Elimination of paper waste as well as the cost of postage and envelopes
- Availability and flexibility of different payment options such as automated clearing house (ACH) and wire transfer
3. Electronic Approvals
Approval processes and procedures account for most of the common delays within organizations. These delays can frustrate standard processes and cause unwanted effects such as unauthorized spending. In some cases, they can even bring the entire process to a halt.
Paper requests are prone to loss, and out-of-office approvers can significantly delay the process. Electronic approvals, on the other hand, provide a faster response and more visibility regarding the status of a request. These electronic approvals can be made via email and should be retained as support for transaction approval.
4. Lockbox Considerations
A lockbox collection system allows employees to process donations quickly by speeding up payment processing times and improving the management of donor collections. With traditional donation processing, an employee must match a payment to a bill or donor receipt, log the donation into the system, and take the payment to the bank before it can be deposited.
With a lockbox system, payments are sent directly to a predetermined financial institution. Employees then post the checks based on reports received from the bank.
Beyond streamlining a cumbersome process, a financial institution processing collections on behalf of the organization supports audit controls and improves the accuracy of data management.
5. Positive Pay
Positive Pay is a check-fraud detection service that enables organizations to take control of their payment processing. With the ability to monitor checks processed for payment and match them against accounts, organizations gain the opportunity to reject unauthorized payments before incurring loss.
Additional benefits include the following:
- Automation of bank reconciliations
- Simplified accounts payable process
- Improved audit controls
- Reduced risk related to disbursements
- Streamlined process of check storage and retrieval
6. Video Calls
Conferencing technology with a built-in video function can help maintain a stronger sense of collaboration and camaraderie between donors and WFH employees. A lot of information is shared though nonverbal communication; limiting conversations to voice or text can lead to less effective conversations.
Video-conferencing tools can help WFH employees engage and collaborate effectively and efficiently with each other—ultimately contributing to more cohesive teams and relationships.
7. Data Protection and Access Control
Data is one of the most valuable items for any organization. Because of its value, there will always be people trying to access it.
Potential threats include:
- Corporate espionage
- Disgruntled employees
- Human error
Fortunately, it’s relatively easy to reduce potential exposure. Encryption and authentication—as well as carefully restricting data access—can provide a first line of defense against threats.
A beneficial starting point for organizations is to ensure their data is encrypted at all times. If properly encrypted, even compromised data will be inaccessible to attackers. It’s also helpful to use monitoring tools to expose suspicious activity and unauthorized attempts to access data and flag them.
It’s also important to make sure sensitive data is protected and can be accessed only by authorized employees who have a legitimate reason to access it. If sensitive data must be sent across less-trusted networks, make sure it’s encrypted and use authentication to verify the person accessing the data. Creating audit logs that can be scanned for suspicious behavior is also a useful tool for protecting data.
Restricting data access to what’s required to perform each task is essential to prevent a sensitive data breach.
8. Data Retention
Data retention provides information that supports management’s decision-making process. It’s also generally required by legal-retention requirements.
A data-retention policy helps establish a uniform rule across an organization about how long information needs to be retained. The length of time for keeping records varies greatly depending on the record type.
A record-retention policy helps an organization determine which records to retain and also serves as a guide for when certain records can be destroyed deliberately due to physical or electronic space constraints.
A good record-retention policy can also reduce legal risk and discovery costs—as well as future recovery efforts associated with legitimate lawsuits.
Storing data in a cloud is often more cost effective than using local software. It also allows for the systems to be accessed from anywhere on any device.
However, cloud storage systems come with potential security risks that must be considered such as:
- Data privacy
- Lack of control
- Shared services
- Lack of backup services
- Data leakage
9. Workflow Automation
Workflow automation helps reduce time spent on repetitive processes by streamlining easy tasks. In doing so, not only is the risk of human error reduced, but productivity is increased. Less time is spent performing repetitive tasks such as routing documents to appropriate personnel for review and approval or sending routine customer emails.
10. Processes and Controls Changes
Offices and in-person gatherings are restricted in most of the United States as a result of the COVID-19 pandemic, which has caused changes in processes and internal controls. Periods of uncertainty typically require more judgment, increased overrides, and changes to management controls—this can unintentionally create circumstances conducive to fraud.
While relief may be available and provide flexibility in reporting timelines, management remains accountable and responsible for providing donors, regulators, and other stakeholders with relevant and timely information about operational and financial performance. Consequently, internal controls remain critical to instilling confidence in reliable financial reporting and disclosures.
It’s imperative organizations document the following:
- Changes in timelines
- New responsibilities
- Plan for increased levels of remote testing
- Other significant changes necessary to navigate the current landscape
Specific considerations around cybersecurity as well as general accounting and financial reporting requirements are also required.
For more details, please see a Cybersecurity Checklist for Remote Work.
We’re Here to Help
For more information about how to maintain controls while your employees are working from home, contact your Moss Adams professional.
Note on COVID-19
During this unparalleled time, we’re closely monitoring the COVID-19 situation as it evolves so we can provide up-to-date guidance and support to help you combat uncertainty. For regulatory updates, strategies to help cope with subsequent risk, and possible steps to bolster your workforce and organization, please see the following resources: