Internal auditors discuss WFH challenges including data security and the mental health of employees.
Internal auditors are trying to keep on top of myriad risks brought about by millions of employees at thousands of companies working from home as a result of the pandemic. At a recent NeuGroup meeting, two of the risks discussed demonstrated the wide spectrum of issues companies face, ranging from the somewhat mundane (printers) to the very personal (mental health).
Risky printers. One member said her company is updating its policy to prohibit certain intellectual property and other highly proprietary documents to be printed at home, in an unsecure environment where such information could fall into the wrong hands. She noted that IT has tools to monitor when employees try to print such documents outside the office.
- “You can ask for exceptions, but they have to be approved,” she said. “So I think most people just aren’t printing.”
- “Good point,” exclaimed one peer, recalling that the spouse of a work colleague in the Bay Area works for a competing technology firm, “And they’re probably both printing stuff off at home.”
Break out the shredders. A member said his company had recently done an insider-threat audit that touched on the printer risk; and a confidentiality-focused audit a year ago found important documents left on printers in top executives’ offices. It highlighted the need to train staff to use shredders and other prevention controls that secure access to data—important for remote printing as well.
- He said office settings tend to be highly secure in terms of access, but remote work continuing for an extended period would almost certainly increase such risks.
- Another member noted the savings companies accrue from employees working remotely could fund an annual stipend enabling remote workers to purchase a shredder or otherwise secure their home offices.
Psychological and physical stress. The shift to remote work has resulted in many employees spending long hours in ergonomically problematic work environments. From an audit perspective, physical safety tends to be covered by crisis-management audits, one member said, noting that the new piece is the mental impact.
- “We’re productive [in remote settings], but we’re pushing ourselves to the point where it may not be sustainable long term and we will start to see effects,” she said. “I haven’t started the audit yet, but I’ve heard it’s an elevated risk that management is anticipating.”
- The member said her company has made a nutritionist and physical trainer available to all employees, and sends emails two or three time a week encouraging employees to live healthier.
- “I’ve heard rumors of an on-payroll psychologist, but I haven’t seen that rolled out yet,” she said.
- Injuries sustained from working at home are now considered legally the same as those in the office, the member said, so it’s critical “to ensure employees are working the right hours, taking breaks, and have the right equipment and seating arrangement.”