Internal Control Opportunities in the ‘New Normal’

Following the governments signalling the easing of lockdown and announcing measures to encourage the restarting of the economy, it is important that as we do this that we take the time to consider what benefits and efficiencies we have gained through working in a largely remote environment and how we can build these into a ‘new normal’ going forwards.

This is to maximise not only the effectiveness of working practices but also to provide for the welfare of our staff and the way that they choose to live their lives going forward.

We have therefore provided some thoughts below on some of the considerations that should be given when adapting your control arrangements in the new world:

Bring Everyone Together

It is tempting for decisions on how to operate in the “new normal” to be taken at the top or through small decision-making groups. Taking a more inclusive approach to this across the workforce not only engenders a feeling of togetherness but also maximises the likelihood that you will be able to capture more of those marginal efficiency gains that people have developed in a remote environment and be able bring these into the new normal working conditions.

Understand the risks

Knowing not only the risk environment which you operate in but also the organisations appetite to risk will help to enable the right people to make good decisions at the right time.

Ensuring your systems of risk management are effective and up to date will therefore help you in understanding the risks you face in the post-pandemic world but also, given your appetite to risk, how you may choose to respond to these.

Complexity is not your friend

There is sometimes a view that by making a process lengthier and more complex that you reduce the likelihood of material error as so many checks are in place to make the chances of this remote.

In reality this is rarely the case, and it is often simple processes, with appropriate safeguards built in, that work the best as they can be easily understood by all and therefore not only reduce the time taken to process but also the opportunity for someone getting it wrong first time.

The threat of fraud will always be there

Unfortunately, there will always be those who want to exploit people and organisations for their own gain, so it is vital that appropriate safeguards are built into your control environment to minimise the risk of fraud and theft.

For your IT systems this means ensuring that there are safeguards over access to systems, password controls are enforced, and patches are updated as often as required.

There can be great efficiencies gained through moving to electronic processes for areas such as invoice authorisation, but it is important that safeguards are developed to reduce the risk of fraud.

Test, test, test

The importance of testing has been highlighted for different reasons in recent months, but it is  important as part of any changes to control processes that these are tested on a small scale prior to going live to ensure any flaws in the process are identified and rectified before the processes become business as usual.

Support through governance structures

Establishing good governance arrangements at all levels within your organisation will help support thedecision making and help to ensure that the right decisions are made by the right people at the right time.

Seek assurance At first, second- and third-line levels it is important that Boards, via their audit or risk committees, are assured that key internal controls are operating effectively to support the organisation in meeting its objectives.

Therefore, it should be identified how such assurance will be provided and received, and whether independent assurance needs to be sought over key internal control processes.

This article was originally written by our colleagues at MHA MacIntyre Hudson