Remote working poses compliance challenges

The need to manage a largely remote workforce in the wake of the COVID-19 pandemic is the most fundamental change in the responsibilities faced by CFOs and financial decision-makers in the past 10 years.

This is because it has become far more difficult for CFOs to ensure compliance across a decentralised network and a scattered workforce.

Not surprisingly, therefore, the rapid move to remote working necessitated by the lockdown has resulted in a shift of financial decision-makers’ priorities from their pre-COVID focus on managing new data, technologies and stakeholder expectations, to “maximising their technology investments by enabling teams to work remotely while retaining accountability, transparency and productivity”.

This was also evident in recently published research on local CFOs and financial decision-makers conducted by World Wide Worx on behalf of Sage in South Africa.

The research, the first Sage region to survey CFOs and other senior financial decision-makers about the impact of COVID-19 on their business operations, found that more than a quarter (27%) of the 311 respondents had assumed responsibility for, or were involved in some way, with the management of remote workers since the lockdown began.

Although the role of CFOs has expanded beyond the management of the organisation’s financial records, as well as reporting and compliance over the past few years, the survey revealed the coronavirus pandemic had added a new level of complexity to financial leaders’ challenges.

In its white paper: CFO 3.0 – Digital Transformation Beyond Financial Management, which is based on the research, Sage notes that managing remote workers “is the most fundamental change in their (CFO’s) job responsibilities… (having) overtaken business strategy which, until recently, was considered the most significant shift”.

The lockdown has shown that remote working involves a host of complexities around security, compliance and governance. Security and compliance are both concerned with the need to secure sensitive data: compliance is largely legal and regulatory, while security drivers generally relate to business risk.

So, although cyber security traditionally has been the responsibility of the CIO, CFOs – given their compliance obligations – also have a role to play in this regard.

This is particularly important in light of an upsurge in cyber security attacks in the past few months that have been linked to the shift to remote working. In a survey of cyber security professionals conducted by a global security solutions provider in April, 63% reported having experienced COVID-19 related attacks; and 94% said they were more concerned about their security following the outbreak of the pandemic.

These concerns are not going to go away, as a hybrid working model is set to become a permanent feature of the workplace environment.

Similar trends are reflected in other research, as reflected below:

• Early in the pandemic, for example, a Gartner survey of 317 American CFOs and finance leaders revealed that nearly three-quarters intended to move at least some of their employees to remote work permanently post the current pandemic.
• A second Gartner survey conducted just a few days later found almost two-thirds of the responding organisations were operating with the majority (60%) of their employees working from home. In addition, 41% of workers were planning to continue working remotely more often in the future.
• In June, a PWC survey found that 54% of respondents were planning to make remote work a permanent option for those whose roles allowed for it; 49% were trying to improve the remote work experience for their employees; and only 26% were concerned about losing productivity due to remote work, down from 63% in a survey three months before.
• And in July, Google and its parent company Alphabet announced it would allow employees to continue working from home until at least June 2021, joining other companies such as Twitter and Facebook that will continue with remote working for the foreseeable future.

All of this will place CFOs under enormous pressure to ensure ongoing compliance, but these five steps could help reduce the risks involved:

1. Review the policies and procedures designed to maintain privacy and confidentiality to ensure their applicability for working remotely for extended periods of time.
2. Establish ways to continue to operate existing digital controls (such as recording of telephone conversations) to still meet regulatory obligations from remote locations.
3. Work with the CIO to enable the fast-track adoption of new tools and technologies (such as video conferencing software) to improve remote working capabilities and capacity.
4. Ensure employees understand the risks associated with, and therefore don’t use, unauthorised virtual meeting rooms or collaboration tools that pose risks to confidentiality and privacy.
5. Remind employees that even at home, data privacy and security are important – and vulnerable. They should find private spaces for conducting calls and not leave confidential information on unlocked PCs or in physical formats.