Business Risk Assessment and the New Normal

It has been over a year since the COVID-19 pandemic became real in many of our lives. This past year has seen many businesses forced to make quick and short-term decisions for survival such as staffing levels, safety protocols, remote work arrangements, and navigation of government aid. As we have all adjusted to the “new normal”, now is an opportunity to pivot back to forward looking decision making. For many businesses, the pandemic has brought new risks to light that need to be evaluated.

1)  Re-evaluate where your risks are.

If your firm has an existing risk assessment, spend time analyzing it and evaluate where things have changed since the beginning of 2020. For example, do you now have employees working from home on a regular basis? There are many things to consider in this situation, such as,

•  Does a remote work policy exist to clearly outline the expectations of the employee and employer?

o   Are employees using wireless access at home?

o   Is wireless access secure?

o   Does management verify wireless is secure at employee’s house?

•  Are employees following cybersecurity best practices?

•  Are mobile devices secure?

•  Does your business liability insurance cover remote employees properly?

Sit down and think through all the operational and financial changes that 2020 brought to your business. If something is new or different, there are likely risks that need to be addressed and mitigated.

2)  Segregation of duties

Segregation of duties is one of the best controls a business can use to detect and prevent fraud. If your business had to quickly pivot to a virtual environment, evaluate new processes and make sure dual control still exists in your systems. Management may have been given more discretion in the past year to make quick decisions and get through the crises, but that situation should not continue indefinitely. As a rule, the authorization of transactions, recording of transactions, and custody of assets should be separated to prevent fraudulent activity.

3)  Safeguarding of assets

The first question to ask is, where are my assets? The pandemic may have changed this significantly. For example, assets that used to be at a central office or warehouse may now be at employee homes, vendor locations, or online (don’t forget the data your company has is a valuable off-balance sheet asset). Evaluate asset tracking tools, security systems, and cybersecurity for any holes that may exist in the security of your assets.

4)  Vendor management

The transition to remote work and virtual communication likely brought new vendors into the orbit of your business. While these vendors may have helped through challenging times, it is now important to evaluate risks that vendors may pose to your business. For example,

•  Is the vendor financially stable to provide continued service?

•  How much access do they have to your data?

•  Are their internal controls adequate to protect your business processes?

•  Do they have SOC1 internal control audits and does your business review them for weaknesses?

As we’ve seen with the recent SolarWinds hack, vendor vulnerabilities can cause problems for your business, so proper due diligence is vital to your success.

If you have concerns about internal control, cybersecurity, or business continuity, please contact your Whitlock Advisor.