3 Tips to Pivot to a Remote-Ready Control Environment
Truth be told, I'm not that excited about returning to the office. Safety aside, I get so much done when I'm working at home. I'm lethargic about moving back to the "old normal" of office work, commuting, and the like. Chances are, your SOX and internal controls team feels the same.
2020 is an enormously monumental year for remote work. Right now, people, processes, and systems are either working from home—or aren't working at all. And, signs point toward this new normal of remote work sticking around for a while.
Yesterday, you put out the immediate fires of business continuity. Today, you must assess your control environment to ensure controls can be executed by (perhaps permanently) remote teams.
Here are three quick opportunities to pivot your control environment to be remote-ready.
1. Add control owners
When your whole team is remote, you can't just walk over to a coworker and escalate a pending control execution. We're all juggling responsibilities as parents, caretakers, teachers—and we're not always 100% available when needed.
So, it might not make sense to have only one individual own a control execution.
Consider supplementing assigned control owners by adding others who can perform the control. Yes, they must have all the right boxes checked—the authority within the organization, the appropriate segregation and knowledge of the subject area—but broadening ownership extinguishes the dependency risk inherent to a single control owner.
2. Use video conferencing to your advantage
Your kids are on Zoom calls. Late-night talk show hosts are on Zoom calls. Chances are, video conferencing will come in handy for you, too.
Before, you were likely using memos or meeting minutes to evidence the execution of entity-level and governance controls performed by committee. Today, these tactics are somewhere between "unlikely" and "impossible."
Leverage the new normal of video conferencing, and record these committee meetings that serve as entity-level/governance controls as they are performed. These recordings can then serve as the evidence needed for SOX testing and audit purposes.
Of course, there are some ground rules your company needs to lay out—who makes the recordings, who can access them, that sort of thing—but handled correctly, video conferencing can be a handy supplement to testing.
3. Accelerate your digitalization
Q1 2020 may have been the first time your company closed the books virtually. From leaders I've spoken to, companies that transitioned smoothly through this new scenario attributed the success primarily to digitized, cloud-enabled close processes.
While digitization can be a long-haul process involving system and process migrations, it's completely necessary to make your controls remote-ready. The best time to do it? Now.
Journal entry reviews are a glaring example of digitalization improving work. For instance, if you perform and evidence reviews on hard copy, a wet signature approach is challenging when you're remote.
With the right technology, journal entry reviews can be handled via digital signature—the reviewer can append their digital signature on the soft copy journal entry prior to posting to the general ledger. Then, you get the audit trail—name, date, and time—for the SOX and audit reviews downstream.
Bonus: More tips and videos
Looking for even more info on remote work and adapting your current processes? Check out our Handbook for the New Normal of Accounting, Finance, and Risk.
Inside, you'll find:
- Videos from risk and compliance experts with answers to the questions on your mind
- Articles about staying agile to evolving risk environments
- Downloadable templates for building a strong, nimble risk program
About the Author
David Thande, Director of Product Marketing at Workiva, has over 15 years of experience in SOX compliance and internal audit. Prior to Workiva, David served as a senior manager with Synchrony Financial, in addition to holding various SOX compliance and risk management roles at a General Electric. David started his audit career with PwC and is a Certified Internal Auditor.