Changes to working practices in response to COVID-19 introduce a range of new or enhanced risk areas, and the potential to disrupt the existing system of internal controls is high. It has heightened the need for Internal Audit functions to be agile to better enable continuity of service through remote working. This minimizes the adverse impact and maximizes the value of internal audit activity for management and the Board.
All businesses have been affected to varying degrees. Many have faced challenges around working capital, workforce management and supply chain. Internal audit functions will need to navigate those challenges carefully to ensure that they are focusing on what is going to be of most value to the organization.
Most organizations design the internal audit program on key areas of risks and the system of internal controls under a Business as Usual (BAU) scenario. But in the situation we’re in, there’s a need to be more agile to support the business. It also raises the larger question around how Internal Audit operates in the BAU environment. Is the way we approach internal audit still valid or have we embraced the Internal Audit function to help reshape our businesses going forward in this Business Unusual times?
Key risk areas
Cash and funding resilience. One of the top risks faced by organizations involves cash and funding resilience. Cash and liquidity have been top of mind of every CEO and CFO. Short, medium and long-term funding requirements can be impacted. It is important to re-prioritize spending and financial obligations, as well as considering opportunities to accelerate cash collections/generation to counter revenue shortfalls and rising customer credit risk. The skills of Internal Audit professionals can support the business’ continuity in this area.
Process and control mapping of business critical functions. Consider the impact of changes to management roles and structures on delegations of authority, changes to system access and change controls to enable flexible working arrangements leading to potentially incompatible combinations of access rights, and unavailability or changed operation of physical controls (e.g hard copy signatures as part of review and approval control, loss of direct management oversight).
Remote worker readiness assessment. Assess the clarity of policies and procedures and effectiveness of communications relating to employee well-being and safe working arrangements, from an employee perspective. Review the implementation of remote worker and mobility in your Business Continuity Plan.
Fraud. Consider where lapses of key fraud controls and management attention can bring more problems in the operations. What core processes have been impacted, where is the potential for fraud and what are the indicators to look for? As our staff are forced to work from home and change their normal routine, this may uncover long running fraud practices. Urgent investigation and remediation will be required.
What the business unusual requires from organizations
As the COVID-19 pandemic continues to evolve in a world where trust is increasingly important, organizations should further build credibility through their brand, products and services, improve their corporate resilience, and enhance their relationships with customers, employees, and stakeholders. To achieve those goals, organizations must be confident in their controls, data, reporting, and information.
Whether or not you are accelerating digital and technology impact to help drive innovation, improving decision-making and customer experience, and creating business models, the need to build and strengthen trust and confidence over governance, risk management and control cannot take a backseat.
How we can help
Our strength is in the ability to deploy multi-competency teams to deliver a range of services who can also work alongside your Internal Audit teams. We can bring together expertise in technology, tax, finance, regulatory compliance and business processes to understand further the implications of COVID-19 across the organization.
Our sourcing solutions for internal audit can not only help improve your organization’s internal financial, business and IT controls, but also turn your Internal Audit function into a strategic asset. Our flexible operating model involves dynamic teams who are trained to conduct virtual internal audits for you using our technology tools. The value chain optimizes mechanical and routine audit procedures by gathering data remotely to increase the coverage of the review, maintain the same level of comfort, and reach desired cost reduction versus traditional approaches.
Benefits include more flexible scheduling considerations, less travel costs and time, and reduced risk to health and safety among auditors and auditees.
Related content
Follow us
Contact us
