Internal Audit in Post COVID Era
Ammar Kotwal, Senior Auditor
10 January, 2021
Internal Audit (IA) is an independent management function, which involves a value addition by suggesting improvement methods and strengthening the overall governance mechanism of the entity, including the entity’s strategic risk management, internal control system & processes.
Internal Auditing demands professionals to acquire an in-depth understanding of the business culture, systems, and processes, in order to provide organization with an assurance that internal controls in place are effective/ adequate to mitigate the risks.
The Internal auditor should do a risk assessment of an organization and identify critical audit areas. The audit process should be organized in such a way that more time is devoted to high-risk areas and issues, while less time is devoted to low-risk areas.
Risk prevents an organization from achieving its objectives. Risk can cause financial disadvantage, or it can result in damage, loss of value, and /or loss of an opportunity to enhance the enterprise operations or activities. Risk is the product of the likelihood of occurrence of an event and the impact of such occurrence to an enterprise. Risk may be broadly classified into Strategic, Operational, and Financial.
Strategic Risks:- are associated with the long-term objectives of the enterprise
Operational Risks:- are associated with the on-going, day-to-day operations of the enterprise.
Financial Risks:- are related specifically to the processes, techniques, and instruments utilized to manage the finances of the enterprise, as well as Enterprise Risk Management processes involved in sustaining effective financial relationships with customers and third parties.
Impact of COVID -19 on Internal Audit
In the recent past, due to COVID-19 many companies had to limit or suspend business operations and permit employees to work from home. These measures have significantly disrupted the activities of industries such as tourism, hospitality, transportation, retail, entertainment, manufacturing and the financial sector.
The significant risk which have popped up for companies includes impairment of assets due to financial losses, inventory valuation lower than cost, disruption in supply chain management, delay in recovery of receivables, changes in risk assessment, and the impact on its ‘going-concern’. Other important risk includes liquidity, Working capital, employee health and well-being, and employee return to work.
The impact of COVID-19 should be identified at an early stage of the preparation of the Audit plan with the help of appropriate risk assessment procedures that are actively communicated to relevant stakeholders, including the management, to assess and identify situations that require immediate actions and enable auditors to plan the audit.
While Making Audit plans the auditor should consider :
- Availability of client staff to provide necessary explanation and supporting evidence Via online video calling
- Ability of audit teams to visit client sites to conduct audit work.
- Ability to confirm reliability/authenticity of scanned documents provided to enable remote auditing
- Ability to obtain sufficient appropriate audit evidence if physical stock counts are attended remotely
- Auditors may need to identify and reassess the risks associated with company operation as a whole as the information on which the initial risk assessment was based may have changed. Due to COVID -19, the operations of few companies may have been materially impacted.
COVID -19 and remote working requires companies and organizations to take immediate decisions and actions to ensure business continuity, strengthen finances through the recovery of receivables and protect staff by restricting travel.
Ways to respond to COVID -19
Video conferencing technology with software like Zoom, Microsoft teams, Webex, Skype, Goto meeting, etc. has been particularly helpful to enable internal audit functions in a remote working environment. Internal audit functions have used the technology to hold virtual meetings in place of face-to-face meetings, carry out inventory walk-throughs or walk-throughs of specific processes with process owners. Data analytics has also been an effective tool, enabling internal audit functions to focus on high-risk areas by analyzing data for anomalies, patterns, and trends.
Audit plans can be modified/prioritized from a traditional basis to one that focuses on the current year only and including an audit function where risk is very high and which can be easily done remotely. Audit plans can be prioritized based on :
- Areas/functions which can be kept on halt, or postponed because they are no longer relevant
- Functions which can be done remotely
- Areas to be added due to new risk because of change in operations due to COVID-19.
- Audit areas which should be covered mandatorily as per regulatory requirement
Internal Auditors should focus more on crisis management and business continuity and later review the effectiveness of the same. They should make use of RPA and AI & data analytics in identifying the outliers, exceptions, and in obtaining other meaningful results. Internal Auditors should obtain offsite access to the client system in order to gather the data independently without the help of any client staff.
The pandemic has opened up many new practices that work effectively and it is highly recommended that the internal audit functions adopt these as the ‘new normal’.
Get in touch
Whatever your question our team will point you in the right directionStart the conversation