Internal Audit has been a value addition function for any organization, still Internal Audit is not untouched by the effects (current and after-effects) of COVID-19.
We all have seen the catastrophic impact of this pandemic across the globe, forcing world economies coming on hold. To revive the economic activities, it will be primary objective of the Policy Makers and Implementers to focus first on starting the operations and re-start the business cycle.
Impact
Effects of this pandemic on Internal Audit function has been inconsistent and vary industry to industry. While in some industries, it has been completely kept on hold considering various factors, cost saving and staffing being the major ones, while in others, it has undergone major change due to shift in the business risks.
As per publication “COVID-19 and Internal Audit” released by The Institute of Internal Auditors jointly with Internal Audit Foundation and Auditboard, around 45% of the corporate respondents have agreed to updating their risk assessment due to this pandemic.
This pandemic has forced everyone to rethink and reassess the business risks and strategies.
Most of the internal audit projects were either in the pipeline stage or in work-in progress stage when this pandemic hit most the countries.
In the initial phase of the global lockdown, it was a challenge for the auditors and auditees to adopt to the WFH culture due to various factors, data security being the major one.
Many of the projects have been scrapped or cut short the scope due to sudden change in business risks. Many corporates have put their Internal Audit staff to other Operational Tasks or have turned to re-strategize the staffing strategy of the company. Many big internal audit consulting companies have predicted downfall in their internal audit revenue projections.
What to Do Now!
Internal Audit function has always been an agile function wherein it is expected from internal auditors to be acquaint with latest risks, business practices and technologies. Thus, in this pandemic also, Internal Auditors are expected to be agile in identifying business risks and controls for their clients.
Internal Auditors may play a role of a consultant in conducting Risk Assessment of the business. Assessing the risks are the primary responsibility of Management, however, Internal Auditors based on their industry experience should help management in identifying critical business continuity risks and factors to be taken immediately to normalize the business operations at the earliest.
Risk prioritization will help in focusing Management to identify and prioritize business operations to be focused upon. Critical business operations should not be just started without ensuring necessary internal controls.
Further, just starting business operations will also be not sufficient as no one knows the future course of action this pandemic will bring. Thus, it is imperative that business owners and board should have a long term vision on the business continuity risks and internal controls required to ensure smooth and controlled operations.
There are few Critical Risk Areas (most of them are Fraud Risk Areas) which should not be ignored at the time of commencing business operations post lockdown, even though COVID-19 spread has not stopped. Each Business Operation should be based on well informed decision and ensuring necessary controls implemented against these following risks:
Succession planning risks – Department Heads and Key Management Persons
IT and Cyber Risks
Human Resource Management – Staffing Strategies and Planning
Working Capital Management
Supply Chain Disruptions
Employee Health & Safety – Complying with the Laws of Land w.r.t. safe and hygiene practices at work places to contain COVID-19 spread
Statutory Compliances – Complying with Laws of Land w.r.t. all mandatory compliances to avoid any compliance defaults
Training & Development
Management should focus on the immediate shift in their action plans for making strategies against above mentioned business risks, most of them are business continuity risks.
Companies Chief Risk Officer or Risk Consultants should play a vital role in identifying the risks relevant to the industry and making strategies to mitigate those risks in short term as well as long term.
Implementation of the desired practices along with redesigning the control documentation on immediate basis will again be a challenge for the management.
Enterprise Risk Management
Enterprise Risk Management Framework is a Risk Management Process common in Multinational Companies and Big Corporate Houses. However, COVID-19 pandemic has forced to think even the Small and Medium Enterprises to think about their business risks. It is time for SME as well to be Risk Averse and Strategize their business operations based on ERM Framework.
Conclusion
COVID-19 pandemic has forced to rethink the business strategies and risks, thus Risk Professionals and Internal Auditors should focus on the new risks and act immediately to help management in taking informed decisions. New risks call for new ways and approach for conducting Audits, thus, Internal Auditors should look for new technologies and device strategies to conduct Internal Audits in the most effective and cost efficient manner.
Disclaimer: Content presented in this article is based on personal views of the author and should not be construed as professional advice.
Author: Apoorv Mathur | +91-8741083098 | apoorv@ampindia.in
コメント