I have been working from home for years and my employer is not watching our screen. However about a decade ago we received a company wide email from an admin reminding everyone that they can see DNS requests when we're connected to the VPN.
Sounds like he's remoting into the computer in the office from another computer at home (pretty common in IT since you probably have admin tools perfectly configured on that computer and specifically configured for its network config) but with Windows Remote Access it lets the person physically at the computer see everything by default. But i would really hope that someone in IT would be painfully aware of why you shouldn't do sensitive personal browsing on a work computer or a work network