Do closed offices open up your organization to risk?

Lisa Hartkopf
By

Lisa Hartkopf

EY Americas Advisory Internal Audit Leader

Strategic leader in transforming internal audit and controls. Generates energy and passion that can be leveraged in authentic ways to enable others to recognize their talent and potential. Mother.

5 minute read 8 Sep 2020
Related topics Risk Consulting
Upvote

Show resources

The remote working environment presents new risk management challenges while also providing opportunities to capitalize on upside risks.

In brief

  • Working from home has impacted the emerging risk landscape, forcing companies to rethink their risk management strategies.
  • Organizations may need to evolve processes and controls to account for new technology, financial reporting issues, potential fraud and workforce challenges.
  • Upside risks present transformational opportunities to grow consumer bases, increase market share, and manage and derive value from new assets and talent.

For many companies, working remotely within a digital environment happened almost overnight at the onset of the pandemic. Agile operations and teaming came together on the fly as companies responded to the ever-expanding crisis, often overwhelming calendars and demanding new ways of working.

But certain organizations were better able to adapt than others. Transformational companies that implement technology at speed, innovate at scale, and put humans at the center of their strategy and decision-making were in a better position to weather the initial stages of the crisis than those that were slow to adapt to change.

To find out how the internal audit profession is responding to the challenges and pressures presented by this phase of the pandemic, we conducted a global survey of more than 370 chief audit executives or equivalents. When asked what had been the most significant lesson learned by their internal audit function throughout the COVID-19 disruption, 42% said that they could audit almost anything remotely. While this indicates that internal audit functions have been able to thrive in the work-from-home environment, there are also emerging and heightened risks that organizations should consider as they face a prolonged period of remote working. 

According to a June 2020 EY-conducted global survey of more than 370 chief audit executives or equivalents

42%

said that they could audit almost anything remotely.

Emerging work-from-home risks

Organizations that have a significant number of employees working from home are facing a variety of new and heightened risks.

Technology

On the technology side, internal audit will need to evaluate the increased use of new and existing collaboration tools by employees in the remote working environment. For example, remote access tools and resources may have been quickly deployed without proper testing, and misconfigured applications could allow company information to be exposed.

The rapid implementation of new technology could also introduce new data privacy risks. Sensitive or regulated data accessed by employees or vendors outside of the office may not be protected appropriately based on leading practices or regulations.

As changes are made to enable a productive and safe remote workforce, the solutions deployed may not meet the organization’s cybersecurity and privacy-related compliance requirements. The widespread use of video conferencing, cloud-enabled collaboration and other online tools may require organizations to re-evaluate their cybersecurity program. 

According to a June 2020 EY-conducted global survey of more than 370 chief audit executives or equivalents

30%

of CAEs added a cybersecurity audit to their internal audit plan to cover emerging risks related to the COVID-19 pandemic.

Financial

The remote working environment has made it more difficult for organizations to execute financial processes and controls. For example, financial records (including non-electronic) and systems may not be available, accessible or stable. Team members may be unavailable, and insights once gained through casual conversation in the office are no longer occurring in the same manner. Even departments that are able to successfully perform their processes in the remote environment may find that attention to detail diminishes as remote working becomes the new normal.

Additionally, the current business environment may present new opportunities, rationalization and incentives for employees to commit fraud. Staff reductions, mass remote working and management distraction increase opportunities for unethical behavior as financial controls fail or are bypassed. Employee burnout, fear of job loss and poor tone at the top provide a rationale for employees to commit fraud in an unstable business environment. And pressure to achieve performance metric targets, to meet investor or analyst expectations, or to gain additional financial security in the economic downturn increases incentives to commit fraud.

According to a June 2020 EY-conducted global survey of more than 370 chief audit executives or equivalents

28%

of internal audit functions have added fraud-related audits to their audit plan.

People

With employees being so drastically affected by the pandemic in their personal and professional lives, it is critical that organizations give adequate focus to their workforce.

The work-from-home environment may require organizations to rethink their performance management processes. Existing measures and metrics, such as time and attendance protocols, may need to be reassessed. Performance reviews and compensation decisions will also need to account for how to best monitor the contributions of a remote workforce, and everyday processes, such as onboarding, training and development, will need to account for a new way of working.

According to a June 2020 EY-conducted global survey of more than 370 chief audit executives or equivalents

76%

of CAEs listed employee health and well being as a top emerging or escalating risk in their business.

On a personal level, employees may be unable to strike an appropriate work-life balance, resulting in negative emotional and psychological effects and decreased productivity and performance. And once employees begin to return to offices, those who continue to work from home may become increasingly isolated from those in the workplace, resulting in teaming challenges, stagnated relationship building, a reduced feeling of belonging, less diversity in perspective and decreased innovation.

Opportunities to transform

While these new and emerging risks deserve serious consideration, organizations may also benefit from considering emerging upside risks that offer benefits to the business and opportunities to transform. By capitalizing on these risks, companies have the potential to grow consumer bases; increase market share; and acquire, manage and derive value from new assets and talent. Consider the following benefits that may be realized by practically addressing emerging risks:

  • Foster a culture of knowledge sharing and better communication across the business through enterprise-wide collaboration tools
  • Drive control rationalization opportunities to meet the need to operate controls in a remote environment
  • Focus on employee health, culture, inclusiveness and productivity to increase overall employee satisfaction and better attract and retain new talent
  • Use the remote work environment to drive process improvements and more efficient procedures that remain through the return to physical work
  • Leverage data and digital technologies to drive efficiency and insights
  • Reimagine how internal audit interacts with the business to generate positive impact on the internal control environment, bring insights and focus on forward-looking risk management without being tied to on-site audits.

How EY can help

Internal audit

Organizations are increasingly relying on Internal Audit (IA) to provide them with insights into diverse and emerging risks

Read more

Summary

The remote working environment presents new risk management challenges while also providing opportunities for organizations to capitalize on upside risks. Organizations may need to evolve processes and controls to account for rapidly deployed technology, financial reporting challenges, potential fraud and workforce challenges.

About this article

Lisa Hartkopf
By

Lisa Hartkopf

EY Americas Advisory Internal Audit Leader

Strategic leader in transforming internal audit and controls. Generates energy and passion that can be leveraged in authentic ways to enable others to recognize their talent and potential. Mother.

Related topics Risk Consulting
Link copied
Upvote