To be fair when I worked from home for a company that had a VPN I almost never logged into it either, simply because I rarely needed to.
I assume they have other things they can check, if they are a developer are they committing code and writing on the issue tracker? If they are in customer service are they answering the phone and replying to emails?
At some companies the only way to get email is to log in through VPN. It seems like such a strange concept, but I know for a fact that this still exists today.
Every network service offered by a company -- mailserver, Samba, proprietary web applications for internal use, whatever -- needs to be locked down pretty hard if it directly faces the Internet. It takes time and engineering talent to make sure everything's configured securely. If you don't believe this, take a look at the length and complexity of the top Google result for the terms mailserver howto [1].
Servers still should be secured if they're accessible on the VPN, but limiting access to employees vastly reduces the likelihood that an insecurely configured server will be hacked. (Compared to an identically configured server with an unfiltered Internet connection, that is.) Not having servers connected directly to the Internet also provides another level of protection against zero-day exploits. And if something does happen, the VPN's login credentials can point you in the direction of who's responsible [2].
[2] Bad guys can still get on your VPN if they compromise someone's credentials with malware. To mitigate this, many companies that use VPN's either require client machines to run regular virus scans and keep their OS up-to-date, and/or only issue login credentials for company-issued machines.
I assume they have other things they can check, if they are a developer are they committing code and writing on the issue tracker? If they are in customer service are they answering the phone and replying to emails?