Internal Control Opportunities in the New Normal

03 August 2020

Governance risk and compliance

Following the easing of lockdown and measures put in place to encourage the restarting of the economy, it is important that we take the time to consider what benefits and efficiencies we have gained through working in a largely remote environment and how we can build these into a ‘new normal’ going forwards.

This is to maximise not only the effectiveness of working practices but also to provide for the welfare of our staff and the way that they choose to live their lives going forward. We have therefore provided some thoughts below on some of the considerations that should be given when adapting your control arrangements in the new world.

Bring everyone together

It is tempting for decisions on how to operate in the “new normal” to be taken at the top or through small decision-making groups. Taking a more inclusive approach to this across the workforce not only engenders a feeling of togetherness but also maximises the likelihood that you will be able to capture more of those marginal efficiency gains that people have developed in a remote environment and be able bring these into the new normal working conditions.

Understand the risks

Knowing not only the risk environment which you operate in but also the organisations appetite to risk will help to enable the right people to make good decisions at the right time. Ensuring your systems of risk management are effective and up to date will therefore help you in understanding the risks you face in the post-pandemic world but also, given your appetite to risk, how you may choose to respond to these.

Complexity is not your friend

There is sometimes a view that by making a process lengthier and more complex that you reduce the likelihood of material error as so many checks are in place to make the chances of this remote. In reality this is rarely the case, and it is often simple processes, with appropriate safeguards built in, that work the best as they can be easily understood by all and therefore not only reduce the time taken to process but also the opportunity for someone getting it wrong first time.

The threat of fraud will always be there

Unfortunately, there will always be those who want to exploit people and organisations for their own gain, so it is vital that appropriate safeguards are built into your control environment to minimise the risk of fraud and theft. For your IT systems this means ensuring that there are safeguards over access to systems, password controls are enforced, and patches are updated as often as required. There can be great efficiencies gained through moving to electronic processes for areas such as invoice authorisation, but it is important that safeguards are developed to reduce the risk of fraud.

Test, test, test

The importance of testing has been highlighted for different reasons in recent months, but it is important as part of any changes to control processes that these are tested on a small scale prior to going live to ensure any flaws in the process are identified and rectified before the processes become business as usual.

Support through governance structures

Establishing good governance arrangements at all levels within your organisation will help support the decision making and help to ensure that the right decisions are made by the right people at the right time.

Seek assurance

At first, second- and third-line levels it is important that Boards, via their audit or risk committees, are assured that key internal controls are operating effectively to support the organisation in meeting its objectives. Therefore, it should be identified how such assurance will be provided and received, and whether independent assurance needs to be sought over key internal control processes.

Find out more

Our Governance, Risk and Compliance team has significant experience in working with all types of organisations in designing and implementing changes to control environments, risk management and governance processes and would be delighted to support you in developing and embedding your control environment in a post-pandemic environment.

Please contact Chris Rising for more information about how our services can help you.