Internal Controls in the Wake of COVID-19

The COVID-19 outbreak is disrupting supply chains and affecting production and sales across a range of industries. The extent of the impact on an organization’s operational and financial performance will depend on certain developments, including the duration and spread of the outbreak, impact on customers, employees and vendors, and governmental, regulatory and private sector responses. Businesses are approaching the safety of their personnel and customers in a variety of ways, but the large majority have a significantly reduced physical presence in their offices.

Internal controls may also be subject to substantial strain. With fewer finance and accounting professional onsite, maintenance of a proper and strong internal control environment becomes even more challenging. Properly functioning internal controls are intended to either prevent or timely detect fraud or financial statement errors. A thriving control environment requires careful planning, implementation, and oversight.

Recommendations that May Improve Internal Controls in the Wake of COVID-19:
  • Process Re-engineering: Businesses will likely need to alter their implemented processes to adapt to the remote nature of business. There may have been things that were previously done in person or that utilized paper copies. Don’t bypass controls just because it seems difficult in a remote world. Re- engineer processes where necessary and possible.
  • Process Flow & Automation Technology: For companies that have been considering upgrading their systems and moving from a manual environment to a more automated one, now may be the time to do so. One illustration relates to the accounts payable process - if your process involves passing around paperwork for review and approval, invest in the AP module for your financial system that allows for automated workflows and virtual approvals. Similar processes can be added for bank and other reconciliations.
  • Maintain Frequent Contact with Team and Preserve Business Rhythms: Your teams are likely working remote and may have additional stresses introduced due to the current environment. While team members are out of sight, they should not be out of mind. Preserve or increase the business rhythms that were in place before COVID-19. If daily or weekly manager meetings / activities were occurring on-site, those should still occur in a remote fashion. The same level of management oversight should be maintained or potentially heightened (perhaps monthly procedures are now conducted semi-monthly).
  • Implement Secure and Reliable Remote Technology: Ensure your remote technology can handle bandwidth of all employees needing virtual private network (VPN) access. This will reduce the risk of employees storing and transmitting confidential information outside of your corporate environment.
  • Reinforce IT Security Policies: Remind and alert employees to be vigilant during this time. They should continue to follow IT Security Policies and be aware of phishing and similar hacking attempts. Data security inherently becomes more important when an increased amount of the work is done remotely. These policies extend beyond company IT assets to employees’ personal devices. If policies and safeguards related to company emails or other information on personal devices have been overlooked, they should be examined immediately.

Reimagining your internal control environment is a tall order, but during these challenging times it may be necessary to protect your company’s assets and for your financial reports to remain accurate.

While the current COVID-19 environment is very challenging, we are finding some companies are instituting positive changes that may actually yield a stronger, more efficient, and modern approach to internal controls. For more answers on internal controls in a remote and environment and various cybersecurity threats, please contact a member of the DHG team.

For more information, contact

About DHG Construction

DHG Construction works extensively with general contractors, specialty contractors, heavy/highway contractors, developers and owners, architects and engineers. We understand the complex tax and accounting requirements of firms with substantial investments in people and equipment.

About DHG IT Advisory

DHG IT Advisory works with companies to manage technology risk while maintaining data integrity, protecting privacy and complying with regulations. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs that drive your business.


Aprille Bell
Managing Partner, Construction & Real Estate

Daniel Miles
Senior Manager, DHG Construction


© Dixon Hughes Goodman LLP. All rights reserved.
DHG is registered in the U.S. Patent and Trademark Office to Dixon Hughes Goodman LLP.