Crisis Management- A structure to dealing with crisis during audits.

This week we take a look at how the profession successfully approaches crisis situations to result in a positive outcome.

Crisis management by Internal Auditors

Crisis management provides the structure, leadership, decision-making, and communications to support the organization in managing a crisis situation. It encompasses business continuity, disaster recovery, cyber incident response, and financial market crisis response planning and execution.

Most major organizations have basic business continuity plans and disaster recovery plans in place, particularly for IT, supply chains, and facilities.

Usually, Internal Audit will, on a rotational basis, review those plans, provide assurance on related compliance, and conduct post-event reviews. However, the focus on continuity management has widened to include any event that could irreparably damage finances, operations, cyber capabilities, reputation, or other essential assets.

A crisis management plan provides a framework and contingency plans for senior executives should the need arise.

Responsibility for crisis management sits with senior leaders, which means that Internal Audit is the logical and perhaps only source of assurance and advice.

Consider: An organization needs a crisis management program encompassing governance, processes and risks. Governance organizes program ownership and the roles and responsibilities of security, legal, IT, Internal Audit, and other functions. Processes are needed to address crisis response, decision-making, recovery, communications, and contingency plans. Risks must be identified to enable scenario planning and response capability development through training and simulations. Aim to provide assurance and advice in each of those areas, and to anticipate events and promulgate best practices.

Consider whether leaders can answer the questions:

• What are you prepared for?
• How prepared are you?

Ensure that simulations are regularly conducted and used to develop and test overall plans as well as playbooks for specific events.

Go beyond regulatory guidance and checklists and audit not just the existence of plans, but their likely effectiveness.

Also, consider industry-specific issues and evolving regulations, such as the EU’s GDPR reporting requirements for breaches.

Internal Audit may need to up-skill or tap external sources to add value in this area, but doing so can save the entire enterprise.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95