About
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Careers
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Contact
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Services Industries Knowledge Center People

About Our Services

We offer tailored solutions — whether private company or owner; public or private fund, adviser or fund service provider; or Fortune 1000 enterprise. Learn how we can help you.

Learn More

Assurance Services

Employee Benefit Plan Audits Internal Controls Investment Company Audits Private Company Audits SOC Readiness & Compliance

Tax Services

Federal Tax Planning & Compliance High Net Worth & Wealth Transfer International Filings & Structuring Investment Company Tax State & Local Tax Tax Credits & Incentives Transaction Tax Planning

Advisory Services

Business Valuations Data & Insights Digital Finance Solutions IT Strategy & Implementation M&A Advisory Outsourced Accounting Solutions Risk Assurance & Advisory Transaction Services Turnaround & Restructuring

Our Industry Expertise

Our industry experience means you can find professionals who speak your language and bring earned insights to the table. Learn how we can help you.

Learn More

Key Industries

Digital Assets Investment Companies Manufacturing Private Companies Private Equity Real Estate & Construction Technology & Life Science
VIEW THE COMPLETE LIST

Knowledge Center

Our team wants to help your team stay up to date. Browse our thought leadership, events and news for insights and a point of view on business-critical topics.

Learn More

Insights

Browse valuable articles and publications our experts have written to help you and your organization answer key questions — and consider new ones.

Read Our Insights

Events

Join us in person and online for events that address timely topics and key business considerations.

Explore Our Events

News

Find out what is happening at Cohen & Company, from industry recognitions and growth updates, to where we are contributing to important media stories.

Read Our News
People
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Back to Insights

The 2 Questions (and More) Your Company Should Be Asking About Internal Controls and Fraud During COVID-19

by Steve Guarini

July 23, 2020 Investment Company Audits, Private Company Audits, SOC Readiness & Compliance

The remote work environment many of us find ourselves in due to COVID-19 is a radical change for many organizations. There’s productivity, morale, human resource issues and a host of other considerations to be mindful of and proactively manage as a business leader.

One of those key considerations that should be at the forefront for every management team is the heightened risk of fraud. Computer hackers see a significant opportunity to take advantage of the current remote situation, finding new ways to infiltrate company systems. Is your organization doing everything it can to protect against fraud? Start by answering the following two questions.

As a result of going remote:

  1. What new or increased fraud risks exist? Did you create an entirely new process or expand on something you were already doing, such as expanding remote access to your network, and did you maintain proper protocols?
  2. What can go wrong? Perform a fraud risk assessment, evaluating incentives, opportunity and rationalization. Are you doing everything you can to mitigate these risks?

While organizations of all shapes and sizes should be performing some level of fraud risk assessment regularly, if you are not, now is the time to start. If you are, it’s time to reevaluate.

3 Key Areas for Any Internal Control Model

There are a few things that will be the most impactful when creating and enforcing internal controls throughout your organization:

  1. Tone at the top. Is the message coming from ownership or top management , reminding personnel of proper business practices and the additional need for quality and high standards? Is the message coming frequently enough, particularly now when we aren’t seeing each other face to face?
  2. Communication and information activities. Do people have the information they need to maintain quality, while insuring business information and assets remain secure? Do they have appropriate and frequent cyber awareness training?
  3. Monitoring activities. These become even more vital in our current environment. Review, at least monthly, who has access to your system and who is actively accessing it. Check your permissions. Who is allowed to access what? Going remote may mean some have permissions they no longer need, and shouldn’t have. For example, make sure the proper authorizations are set up for credit cards and expense report reviews, and wires and ACH payments. Also consider intrusion detection systems (IDS) and intrusion prevention systems (IPS) as additional forms of protection. Your own IT department or a third-party can give you more information on these important systems.

Read “Real-life Testing of Your Business Continuity Plan During the COVID-19 Pandemic”

Review Significant Transaction Classes and Needed Changes to Processes and Controls

Consider if certain procedures have changed in key areas, such as processing cash receipts, how you are issuing credit memos, and how cash is being posted and disbursed. Below are important procedural areas to evaluate and consider whether or not changes are necessary:

Revenue and Cash Receipts

  • Mail vs. lockbox vs. credit card vs. ACH/wire transfers
  • Issuing credit memos
  • Posting receipts to the AR aging and management review

Accounts Payable and Cash Disbursements

  • Creating new vendors
  • Credit card usage and management review
  • Expense reports and management review
  • Authorization over disbursements (checks and wire approvals)
  • Increased ACH usage

Bank Reconciliations

  • Timely preparation and management review

Inventory

  • Cycle count process
  • Physical security

Payroll

  • Adding new hires
  • Termination process
  • Time logs and approvals
  • Wage changes and approvals
  • Payroll report review and approval

Financial Reporting

  • Journal entry approval
  • Timely financial close process and approval
  • Upper level management review over key metrics

Reevaluate Your Technology Controls

Using a predominately remote workforce also makes it a critical time to take a second look at your information technology controls, particularly the following areas:

  • Does your accounting software provide sufficient functionality to appropriately segregate duties?
  • Do any accounting software end users have the ability to modify the overall functionality that could significantly impact financials?
  • Are the accounting software’s password parameters and lockout policies appropriately configured?
  • Are spreadsheets located in shared drives appropriately secured?
  • Are backups being periodically performed, actively monitored for completion and appropriately restricted to authorized personnel?
  • Are employees educated regarding cybersecurity risks?  Should your company implement a cybersecurity training program?
  • Is system access appropriately restricted and regularly monitored and reviewed?


Remote life has its rewards and challenges, and it’s highly likely that working remotely will become more of a mainstay even after the pandemic is over. Evaluate your company’s internal controls not only during the COVID-19 crisis, but also on an ongoing basis to protect yourself now and in the future.

Contact Steve Guarini at sguarini@cohencpa.com or a member of your service team to discuss this topic further.

Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.

About the Authors

Steve Guarini, CPA

Partner, Assurance
sguarini@cohencpa.com
586.541.7736

Sign Up for Our Emails & Events

Receive insights from our specialists in a variety of areas and timely information on upcoming events directly to your inbox as they go live in our online Knowledge Center.

Subscribe Today
Subscribe to our newsletter
About Contact Submit RFP Privacy Policy
LinkedIn Twitter Facebook
© 2023 Cohen & Company