Chief Audit Executives (CAEs) continuously assess how to deliver on their objectives and maintain the trust of shareholders and stakeholders. This includes considering signals of change with risks faced by their organizations and, in turn, changing the focus of the Internal Audit plan. Our complementary series, On the CAE’s agenda, provides a full view on top risks.
Signals of change
For businesses across industries, the rapid shift to a largely mobile work environment has created new risks for how work is performed and managed. It is clear some level of remote work will continue for most organizations. Despite initial concerns about productivity in a “Work from Anywhere” environment, a Harvard Business Review study found employee productivity increased by 4.4 percent.1 In a separate KPMG study, 70 percent of American employees reported they felt more productive working from home.2 Reasons for this significant increase in productivity include eliminating commute time and other work-related travel obligations.
Other considerations supporting the remote working model include reduced real estate costs and increased options during the hiring and recruiting processes. This allows companies to hire outside of their region, even on a global scale, while removing the need for work visas for employees living outside the United States. For the fastest-growing companies, ability to access talent anywhere is more important than having teams in one place.3
- Information technology infrastructure risk has transitioned from a responsibility of just the organization to being shared with its employees. It is harder to monitor data security with employees working from anywhere. Organizations are relying on employees to use secure Wi-Fi servers when working outside the corporate office.4
- With employees working from various locations, traditional in-office training is likely not taking place. Remote new hire training and continuing education for existing employees should remain a priority of management.
- The move to working anywhere may impact how business processes are being performed and reviewed, resulting in necessary updates to key controls.
- Companies need to consider where employees are from. If employees are working in different cities or states than the corporate office, companies could be liable to pay millions of dollars in unexpected taxes.5
Questions to ask/actions to take
- Has your company updated your remote work policy in the last 12 months? With more employees working from home, are you confident that every employee understands the security protocols in place to safeguard company data?4
- What are your organization’s plans for continued remote working? Some key areas to consider include providing the necessary equipment to employees to enable them to work from home effectively, altering your approach to new hire training and continued education for existing staff through e-learning, and encouraging connectivity among remote teams.
- How have critical processes changed, both operational and financial, and related control points due to the move to work anywhere, and has documentation been updated accordingly?
- Do you have a process in place to determine the physical locations of where employees are working? Are employees aware that they need to report changes in working location to payroll?
1. Our Work-from-Anywhere Future | Harvard Business Review
2. Work Anywhere | KPMG
3. The Future of Offices when Workers have a Choice | New York Times
4. 5 Tips for Data Protection With a Growing Shift to Work From Home | Forbes
5. Telecommuting Boom Puts Employers at Risk for Millions in Taxes | Bloomberg Tax