Do you know what your Internal Audit peer group is focusing in 2021?
THIS WEEK WE TAKE A LOOK AT HOW INTERNAL AUDIT HAS BEEN CHANGING AS A RESULT OF WORKING IN A COVID-19 WORLD.
What makes internal audit unique is its strength and experience in managing uncertainty. Uncovering and tackling risk is what internal audit teams were born to do. Surfacing issues to help organizations survive and thrive is all in a day’s work. Organizations around the world are struggling to minimize business disruption from COVID-19 while navigating new realities with lot of this responsibility falls on internal audit.
But right now as leaders and boards grapple to identify direct and indirect COVID-19 related risks and adjust to a new normal, internal audit’s assessment and assurance roles have become so much more invaluable. Here are four ways that internal audit can bring even more value to the organization.
1. Decision-making capacity based on accurate data
According to a recent COVID-19 Quick Poll by The IIA’s Audit Executive Center®, 78% of chief audit executives and internal audit directors said their initial strategic responses were focused on assessing short-term impact. Other short-term strategies included:
- Providing COVID-19 updates to the board (72%)
- Revising the business continuity plan (66%)
- Evaluating third-party relationships (59%).
- Internal auditors are key to providing the data-driven short-term risk perspectives that support confident decision-making during this uncertain time. This is obviously very important to both the leadership team and the entire organization, as it helps everyone stay focused on meeting objectives and mitigating risks. Internal auditors must look ahead to future risk, as well as mitigate the present dangers.”
2. Organization’s future state need to be kept in mind
COVID-19 brings countless risks (e.g., health and safety of customers and employees, disrupted supply chains, cost reductions, new processes, revenue loss) that need immediate attention, but internal audit also needs to look at emerging or evolving risks that will impact the organization’s future state.
As a result of government initiatives to support organizations through this pandemic, audit teams in some sectors (e.g., government departments and financial services) are even experiencing increased workloads, requiring them to undertake real-time assurance work to effectively tackle emerging risks. “Even as organizations are in the first stages of determining the potential impacts of the coronavirus on their operations, an ancillary risk is emerging—social engineering amid crisis. Cybercriminals are taking advantage of the growing concern over the deadly virus.”
Recent data from Barracuda Networks indicated a 600% increase in phishing e-mails. How will these emerging risks (from phishing emails designed to look like they’re from WHO to fake stimulus check emails) affect your organization in the long run? What internal controls do you currently have in place? Are they sufficient in light of moving to remote workforces and emerging cyber threats? A breach right now could derail the organization in the future. What do you need to do now and who do you need to work with to protect your organization?
Internal auditors must look to future risk, as well as mitigate present dangers. Looking ahead includes impacts on 2020/21 internal audit plans, changes in internal audit methodology, and maybe even reducing overall internal audit activity to deliver value to a downsized organization.
3. Adoption of an agile audit plan
COVID-19 is causing organizations to adjust business operations and plans rapidly, presenting new ongoing challenges. One of those challenges may be to conduct auditing entirely remotely. The traditional audit plan might not work in this situation, so it might be time to investigate an agile approach, really understand how your organization operates, and ensure that you’re achieving the business acumen element of the IIA Competency Framework.
Instead of the rigid, single-phase planning of a traditional audit, agile auditing centers around fluid, iterative planning on an ongoing basis. There’s a core focus on collaboration and communication between the audit team and stakeholders throughout the entire experience. While audit quality is always a key consideration, the priority is on speed and efficiency over delivering a perfectly polished project at the end. This “try fast, fail fast” design accounts for the unexpected in case the team needs to suddenly shift gears. And while everyone has a different role, the team is trusted to be self-organizing and cross-functional. Agile can be an ideal audit approach while COVID-19 risks and priorities shift quickly, and remote audit teams use technology to stay better connected.
4. Using technology for keeping track on audits
Some audit projects must go on, even when face-to-face interaction isn’t possible. Thankfully, technology can give auditors a serious advantage here, because it lets you:
Conduct audit interviews and meetings through secure video conferencing.
Get live video feeds of client inventory locations. COVID-19 has made inventory testing one of the biggest challenges for auditors; moving to live video feeds may be inevitable unless you can put off an inventory count. Using recorded video is not recommended; how can you prove authenticity and objectivity?
And, dedicated audit management software like AuditBond further facilitates these new ways of working when everybody is remote, through features like:
A single, united platform to increase collaboration and communication
Workflows that keep remote workers informed on all stages of the audit.
A library of documentation, templates, and workflows at everybody’s fingertips
A complete audit trail, to track everything and ensure your audit work remains defensible to regulators and external auditors.
Of course, there are always upsides and downsides to all technology. On the upside, you’ll save on travel costs; have more in-depth documentation, paper trails, and reporting; and gain added benefits like data analytics and robotic process automation.
But you won’t be able read auditees’ body language or build rapport quite as easily as being in person. It’s all a matter of adjustment and settling into a “new normal.”
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us on Germany- 0049 30217 82920 or Switzerland 0041 4350 830 59
779 total views, 1 today