Adapt Internal Controls for the Changing Environment

The remote workforce presents a myriad of opportunities for fraudsters

We live in a rapidly changing world with new and unforeseen hurdles. The workplace dynamic is evolving, business processes are being altered, and roles and responsibilities are shifting—all while we try to serve constituents, stakeholders, customers, and clients. As businesses and local governments try to figure out the changing landscape, one challenge that will remain and become even more troublesome is the risk of fraud. Fraudsters never let a good crisis go to waste and with many of our processes, interactions, and oversight models changing, new and perhaps unforeseen opportunities for fraud arise daily.

Changes in the work environment, from increased remote access to ERP systems and vendor payments and paychecks being processed from workers’ homes to the likelihood of decreased collaboration and potentially reduced oversight, present a myriad of increased opportunities for fraudsters. The new dynamic of multi-tasking between demanding home responsibilities and work requirements while teleworking creates an elastic workplace that places unique strains on internal controls.

While it’s business as usual for fraudsters, it’s not business as usual for companies and local governments that are adjusting their business models, realigning constituent services, and managing employees remotely.

Take a new look at internal controls

Internal controls must be effectively implemented through policies and procedures. A policy identifies what is expected, like pre-approvals of expenditures exceeding a dollar threshold. A procedure identifies specific steps that must be taken to ensure policy compliance, with a good policy clearly explaining each person’s role in the control environment. If procedures are openly defined, management and staff more likely understand their individual roles in the processes.

Take a look at your processes today in the new work environment. For instance, adjust your accounting manual to accommodate remote work, job sharing, and other workplace changes. Make sure revisions don’t create process gaps that could allow an unwitting employee error to go undetected or create an opportunity for fraudulent conduct. As processes change, the need to adopt new controls is critical. It is essential controls keep up with changes in processes.

As the Association of Certified Fraud Examiners (ACFE) tells us, the three elements usually present when fraud is committed are 1) pressure, 2) opportunity, and 3) rationalization. Make sure new processes continue to reduce the opportunity fraudsters see to commit and get away with fraudulent activity.

Monitor controls and educate staff

We have learned that effective internal controls are monitored over time and adjusted accordingly to account for change. Our new challenges require even more attention and responsiveness so we can effectively mitigate fraud risk. As fraudsters see new opportunities, we must be diligent and assess the effect of rapid changes on our control environment.

A key element of effective internal controls is educating employees on their individual roles in the control environment. As most organizations have shifted to remote work, some of these roles may have changed. Take this occasion to stay in close contact with employees involved in the business processes and re-train them in this new reality.

Additionally, remember to monitor your internal controls over time. Test controls to see if they are working effectively. This diligence will help you navigate the changing landscape, notify your employees and other stakeholders that effective oversight continues to mitigate fraud risk, and reduce the opportunities fraudsters see to commit and get away with fraudulent conduct.

Please contact Sikich’s fraud prevention experts if you have any questions.


This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author