Right now, the economy is taking a hit from coronavirus and companies are having their processes upended with hastily designed work from home programs. In this environment it's easy to overlook the importance of security, audit, and compliance amid all of the changes. It's also critical to carefully consider segregation of duties amid the chaos.
Control Considerations for a Work From Home (WFH) Remote Workforce
No one wants to deal with financial statement manipulation, employee fraud, or significant errors in the best of times. In boom times, a company may be better able to absorb the blow of fraud or employee theft. As the economy turns, that gets a lot harder.
With the economy slipping into at least a temporary recession, companies need to be focused on preserving existing resources. In down times, pressure increases significantly to manipulate financials statements. Some organizations will feel pressure to maintain earnings and revenue to bolster their stock price. Other companies may choose to hide poor operational performance under the excuse of coronavirus. This happens by recognizing expenses now for dubious transactions long hidden in the balance sheet.
At the individual level, rationalization for fraud changes a little. In good times, an employee may rationalize that the company is doing well, and the employee deserves their fair share. As the economy turns, the thought process undergoes a shift to the employee as a victim of circumstances. The employee is hurting, and the company has lots of money. They won’t miss a little, so the fraud is seemingly victimless.
For previously office-centric companies, the chaotic shift to working from home may also open opportunities for fraud that were not present before. Processes that relied on physical documents and signatures may breakdown, and permissions may not be fully considered through this process.
Should I Really Be Concerned?
Over-provisioning of security is a real threat as security personnel deal with setting up and securing remote access for a large number of users. Finally, in the best of times managing emergency access is difficult, in times like these, it will be even more common to see that after emergency access has been granted to just “get work done”, it will never be revoked.
The fiduciary responsibility to protect an organization does not stop because of a downturn or a crisis. Instead the responsibility increases. Don’t let current events cause your organization to lose sight of the importance of security, audit, and compliance measures.
At Fastpath, we make tools to help companies manage their security, audit, and compliance needs including reviewing access, segregation of duties, user provisioning, and emergency access and we understand the importance of security in good times and bad.