Business Management , Cybersecurity , Cybersecurity
Business Risk Assessment and the New Normal

1) Re-evaluate where your risks are.
If your firm has an existing risk assessment, spend time analyzing it and evaluate where things have changed since the beginning of 2020. For example, do you now have employees working from home on a regular basis? There are many things to consider in this situation, such as,
• Does a remote work policy exist to clearly outline the expectations of the employee and employer?
o Are employees using wireless access at home?
o Is wireless access secure?
o Does management verify wireless is secure at employee’s house?
• Are employees following cybersecurity best practices?
• Are mobile devices secure?
• Does your business liability insurance cover remote employees properly?
Sit down and think through all the operational and financial changes that 2020 brought to your business. If something is new or different, there are likely risks that need to be addressed and mitigated.
2) Segregation of duties
Segregation of duties is one of the best controls a business can use to detect and prevent fraud. If your business had to quickly pivot to a virtual environment, evaluate new processes and make sure dual control still exists in your systems. Management may have been given more discretion in the past year to make quick decisions and get through the crises, but that situation should not continue indefinitely. As a rule, the authorization of transactions, recording of transactions, and custody of assets should be separated to prevent fraudulent activity.
3) Safeguarding of assets
The first question to ask is, where are my assets? The pandemic may have changed this significantly. For example, assets that used to be at a central office or warehouse may now be at employee homes, vendor locations, or online (don’t forget the data your company has is a valuable off-balance sheet asset). Evaluate asset tracking tools, security systems, and cybersecurity for any holes that may exist in the security of your assets.
4) Vendor management
The transition to remote work and virtual communication likely brought new vendors into the orbit of your business. While these vendors may have helped through challenging times, it is now important to evaluate risks that vendors may pose to your business. For example,
• Is the vendor financially stable to provide continued service?
• How much access do they have to your data?
• Are their internal controls adequate to protect your business processes?
• Do they have SOC1 internal control audits and does your business review them for weaknesses?
As we’ve seen with the recent SolarWinds hack, vendor vulnerabilities can cause problems for your business, so proper due diligence is vital to your success.
If you have concerns about internal control, cybersecurity, or business continuity, please contact your Whitlock Advisor.

View Similar Blogs
Other blogs about cybersecurity and your business
How to Minimize Tax Liability: Practical Strategies for Individuals and Businesses
When it comes to financial planning, one of the most effective ways to protect your income and assets is by understanding how to minimize your tax liability. Whether you’re a business owner or an...Congress Passes Landmark Tax Legislation: What the New Bill Means for You
On July 3, 2025, Congress passed the most sweeping tax legislation since 2017. Known unofficially as the One Big Beautiful Bill Act, this new reconciliation bill permanently extends key elements of...Our Cost Accounting Services and How They Lead to Actionable Profit Strategies
Do you understand how costs affect your business strategy? The Whitlock Co. leverages our cost accounting expertise to help you analyze expenses. We give you the data you need to make...