Thursday, December 31, 2009 | Last Updated Friday, February 12, 2010 15:01 Pacific/Honolulu

TechKnote #0801001

To Telecommute Or Not To Telecommute?

by Donny C. Shimamoto, CPA.CITP
Donny is the founder and the leader of ITK's consulting practice. Donny’s diversity of experience in financial & systems risk management, program management, technical architecture and application development, systems management, business process improvement & engineering, organizational development (including structure and alignment), and knowledge management (including change management and role & competency management) provides the basis for ITK's unique methodologies and project approach. In 2001, he founded IntrapriseTechKnowlogies LLC—dedicated to enabling small and medium-sized organizations to leverage enterprise technology and knowledge management strategies.

1 Introduction

Tired of sitting in traffic? Is parking a daily problem? The Bus driving you batty? All the mass transit media hype got your mind messed-up? Well telecommuting may be the answer you’ve been waiting for…or is it?

Mobile and Remote Computing hit the #9 spot in the AICPA’s 2008 Top Technology Initiatives survey, and one aspect of that initiative is enabling work to be done outside of the brick-and-mortar office environment. Here are some points to consider in determining whether a telecommuting program is right for your company.

1.1 Start with a Business Case

As with any business initiative, there should a reasonable business case made for starting a new program or investing in new technology. Some of the reasons that companies start telecommuting programs include:

Quality of Life – Primarily for IT staff who have to perform systems maintenance outside of standard business hours—this enabled the staff to not have to stay at the office or be at the office late at night.

Health Issues/ADA Requirements – Health issues or other physical disabilities that do not enable staff to come to the office. Telecommuting allows these staff to be accommodated (which may sometimes be required by law) and continue to contribute to a company that they’ve been with for a while.

Business Continuity – This may be for IT staff to access the network and systems to troubleshoot and address problems remotely—enabling them to respond faster to after-hours and weekend problems. Additionally it can be used to properly shutdown or backup systems quickly without having to travel to the office.

Staff Recruitment and Retention – Having a telecommuting program may give your company an edge up on the competition in terms of recruiting and retaining staff that want a more flexible work schedule and the ability to work from home.

Once you have the business case for why your organization wants to allow telecommuting, it should then determine who is eligible to telecommute.

1.2 Establish the Boundaries

Telecommuting should be treated as a privilege and many organizations have requirements that employees must meet to qualify and retain the right to telecommute.

Legal Requirement – ADA compliance or health issues may require that an employer accommodate a telecommuting situation for a given worker.

Job Requirement – Larger organizations tended to only allow telecommuting when the nature of the work required that a person be able to work remotely. Additionally some positions may perform a majority of their work at a customer/client’s site so remote access enables them to still use the company’s data and applications.

Job Efficiency – Some positions by nature (e.g. outside sales) can be made more efficient by providing remote access to data and applications when the person is outside of the office.
There are also some reasons to not allow someone to telecommute.Supervision – This can either be where the person needs to be supervised and cannot be adequately monitored remotely, or where a person is supervising others and in working remotely they cannot adequately supervise their subordinates.

Privacy/Confidentiality – If the security of data is covered by any confidentiality or privacy laws/regulations cannot be guaranteed (or risk of exposure not mitigated to a reasonable level) any work related to that data may need to be done in-office and remote access to that data denied.

Having your boundaries clearly established provides a good governance framework for making decision on when to allow and not allow someone to telecommute. It may also help you to identify situations when the data that a person has access to while outside of the office may need to be limited.

1.3 Manage the Risks

Telecommuting introduces some additional business risks and technology risks that an organization must address before even beginning a pilot program.

Establish Policies for Remote Access – Most forms of telecommuting allow a remote worker to access the corporate network and servers when not in the office. Because this is a “tunnel” into the corporate network and a possible access path for viruses or hackers, care should be taken to establish clear and comprehensive policies governing both the people and technical aspects of remote access. This should include penalties for violations of these policies.

Manage the Devices – The device being used for remote access may be a PDA (e.g. BlackBerry or smart phone), laptop, or even a user’s home computer. When devices are used outside of the office, they are often at greater risk for theft. The devices themselves should be “locked down” or at a minimum password protected to prevent unauthorized access. Many organizations only allow remote access on company-owned devices or personal devices that have been certified by the company’s IT department to meet company security policies.

Protect Your Data – Even data not subject to privacy laws/regulations may contain trade secrets or company competitive/confidential information. Data stored on remote devices should be encrypted whenever possible. Some devices can also be configured to automatically delete all data when a user fails to enter a given password correctly within a set number of times.

Train Your Users – As with any security measure, user awareness and knowledge is your best defense. Many companies require that that users go through a training program that helps them understand the policies and technology associated before being granted remote access.

Ensuring that your company is protected will help to ensure that telecommuting remains a company asset, not an exploitable weakness.

2 The CFO’s Call to Action

There are compliance and business risks associated with instituting a telecommuting program. CFOs should ensure that proper governance structures (business case, policies and procedures, technology controls, etc.) are in place to mitigate risks and manage the telecommuting program. Successfully deploying a telecommuting program requires addressing both technology issues and people issues, and when executed well, can provide a competitive advantage in terms of both employee productivity and retention.

3 Additional Resources

3.1 AICPA Guidance

Additional guidance is available for AICPA IT Section Members in the Mobile and Remote Computing Content Suite, including:

A glossary of mobile and remote computing terms.

A decisions-maker’s guide to remote access, discussing technologies available, technology selection criteria, and HR and IT policy considerations.

A Webinar and Podcast on mobile and remote computing.

Practice aids, including sample IT policies and a case study for implementing remote access at a CPA firm.

3.2 Hawaii Telecommuting Interest Group

IntrapriseTechKnowlogies is also starting a Hawaii Telecommuting Interest Group to identify and share best practices, examine governing standards and sample policies, and have vendors showcase their products and solutions. If you or someone in your organization is interested in joining this group please contact Donny Shimamoto via e-mail at donny@intraprisetechknowlogies.com or (808) 735-8324.

IntrapriseTechKnowlogies LLC

Technology and knowledge for synergizing your intraprise