Our world has changed in 2020 and it is now apparent that many of these changes will carry forward into 2021 and even beyond. Internal auditors are more vital than ever in helping organizations meet the shared challenges faced by businesses and industries in all sectors of the economy. Internal auditors and other risk professionals are standing by with the tools needed for success in this new environment.
Chief among the changes experienced by businesses in 2020 was the shift to a remote working environment. This widespread change came on suddenly, catching most organizations off guard as workers were sent home to work with little preparation or consideration of the impact to the risk and control environment. Many businesses are still in the process of catching up on the implementation of a remote working environment. It is becoming a more permanent institution rather than just a temporary emergency solution. This adaptation will require continuous monitoring and planning in terms of the altered cybersecurity and technology risks posed by the remote environment. Managers are challenged to find new ways to keep their employees energized and engaged absent a collaborative physical space and daily face-to-face interaction with colleagues.
In order to combat these challenges and even learn to thrive in this new environment, businesses must develop and implement strategic and comprehensive initiatives. They need to proactively target each area of risk with focus on the emergent risks of the past year. New policies concerning acceptable practices in the remote working environment should be drafted and instituted to alleviate risks inherent to this platform. Vigilance is essential in combatting increased opportunities for fraud and other malfeasance by employees operating in a virtual world where they may feel there is a lack of oversight and accountability. Existing control frameworks should be revisited, and new controls added to address gaps that exist in the new normal. This is especially true when many companies are simply trying to stay afloat in an age of budgetary constraints, reduced staff levels and the more immediate concerns of day-to-day survival.
Threats from outside the organization have been heightened in the past year. It is important to give equal attention in overhauling the control structure for external threats. One of the greatest external threats is that of social engineering attacks against the more vulnerable remote workforce by opportunistic cyber-predators. They have quickly taken advantage of security gaps in remote environments. Leadership can address some of these threats by investing in robust security awareness training programs that educate employees. Knowing the signs of social engineering and the necessity to always be on guard in resisting these attacks is the key defense. Business Continuity and Disaster Recovery plans should also be kept up-to-date with key figures in the organization knowing their roles and responsibilities should a threat event arise. Other threats, due to the current normal, include supply chain disruption and civil unrest. Stay on top of the threat environment, review security training and your continuity plan frequently, and adapt as needed to address emerging threats.
The vast array of changes brought by 2020 to our world will leave a lasting impact on the way we do business. For managers who are alert and ready to act, the burden of these changes can be controlled and mitigated in creating risk responses that zero in on key areas of concern. Internal Audit departments will be called upon to minimize these risks and help businesses to move forward in the ever-changing risk landscape.
For more information on McKonly & Asbury’s Internal Audit and Management Consulting Services, or for questions regarding this article, please contact Brian Johnson, Senior Consultant at firstname.lastname@example.org.
About the Author
Brian joined McKonly & Asbury in 2019 and is currently a Supervisor with the firm. He is a member of the firm’s Audit and Assurance Segment, serving clients as an internal auditor, on SOX engagements, and in the firm’s System and Organization Controls (SOC) practice.