The Queensland Audit Office has issued a reminder to Public Service Departments to maintain vigilance when monitoring their internal controls as more staff work from home during the COVID-19 outbreak.
In a statement, the Audit Office said most entities had made changes to their internal controls to adapt to new work arrangements of staff.
“With any change in working arrangements comes an increased risk of controls failing, particularly manual controls, and where controls previously operated with a high level of management oversight within an office environment,” the Office said.
“We encourage all entities to remain vigilant with their monitoring of internal controls during this time.”
It said the key areas entities needed to consider included the capacity of information technology systems and resources, with additional remote access to systems being required across an entity.
“All staff must ensure that system access controls continue to be followed, or where these cannot be fully implemented, additional monitoring of access and approvals is performed,” the Office said.
“Evidence of controls operating may not be as easy to obtain or store for some entities when staff work remotely,” it said.
“Adherence to organisational policies and legislation is still needed.”
The Office said some staff might take on additional or changed responsibilities to help facilitate business-as-usual operations during the pandemic.
“Processes to help staff get up to speed with the new responsibilities are important so that any key controls they are now responsible for are not missed or incorrectly performed,” the Office said.
“Risks around staff having more access to areas of the business may also increase the risk of fraud or error,” it said.
“This means supervision of staff in changed and existing roles is increasingly important.”
In addition, it said external parties might see an increased opportunity to infiltrate systems while staff were working remotely.
“Entities should monitor closely the use of new or changed systems to facilitate working remotely, to reduce the risk of external attacks,” the Office said.
The full text of the Office’s advice can be accessed at this PS News link.
