Internal Audit after Pandemic – Change in approach, technique and expectation from Internal audit
As conglomerates make substantial demands on internal auditors to help them deal with the several issues that arise as a result of the COVID-19 crisis, internal auditors must keep up. They may also get dragged into additional roles that may test their independence. Internal audit should recognize this exclusive prospect to participate in crisis management committees. If possible, try to help management in eliminate replications and bottlenecks in new developments.
Working closer to the combat zone does not mean forfeiting internal audit principles. Upholding independence in terms of accountability and reporting, preserving an objective mindset — these essential elements can be preserved while still adding maximum value.
Due to pandemics like Covid-19 it would be difficult to perform all audit process. Selection of correct audit area in such a situation becomes very important, new audit areas like crisis management; pandemic planning, Business continuity planning and disaster recovery, Information technology and cyber threats, Digital competency Matrix, Health and safety, strategy and branding, Treasury Management including liquidity and Finance etc can be suggested and performed keeping in view the impacts due to pandemics like Covid-19 hence Redesigning Internal Audit Plan becomes very important in such a situation. The above suggestions may provide valuable guidance as to what your peers are considering at this time. For e.g. As we know all the countries in the world are at differing stages in the Covid-19 cycle, consequently different risks are needed to be considered across a global. This is a unique challenge for global supply chains that may remain interrupted and sporadically disrupted for numerous months to come. It is important for internal auditor to take this risk into account as it is complex and potentially high-risk area, hence considering the same while audit when you know you can only have partially access to the supply chain.
Most of the organisations have dropped 12-month audit plans for some kind of rolling audit programme, and hence a frequent and continuing discussion of risk stands critical. It is not that all the risks have altered and not all past issues can be simply forgotten just because there is crisis, but it is the time to ensure critical and significant controls remain effective.
In changing circumstances too much reliance is on management representation. It became more important now that concerned process owners to take more responsibility for their risk and controls, internal audit can help management in tighten the controls where the risk is high and then hand it off to them before moving on to the next division. It is essential that devolving of decision making should be done by those who are closest point to the action and best informed to make a lead decision. In times of crisis, when decisions often need to be made promptly and swiftly, this concept is vital and can be applied to risk and audit management. Auditors need to assess whether any speciﬁc representations may be required to be obtained from the management in relation to management’s assessment of impact from the ongoing outbreak of COVID-19 on the ﬁnancial statements for the year ending as well as for the reasonably foreseeable future.
Needs and expectation of various stakeholders has changed due to Pandemic.
Customers: Now customer expect that internal auditor should recognize and identify high risk–high priority issues and analyzing the most demanding issues that need to be addressed first. For e.g., supply chain certainty and substitutes, customer grievances etc.
Owners & Shareholders – They will expect internal auditor should extend their hand in helping management for e.g., forward planning support, formulating revised policies or procedures to suit the changed environment, ensuring adequacy of cash wealth, debtor and creditor management, likely financial forecasts, critical compliance obligations and staff safety etc. Internal audits give them the assurance that business working in a regular and robust manner post lock-down to battle the impact caused due to pandemic. Fraudulent activity will be closely monitored and thoroughly investigated in order to prevent its reoccurring.
Society / Community: Internal auditor not only adequately do the reporting of environmental non compliance, unethical behavior, non-compliance with legal requirement but also accurately scrutinize the various expenditure on CSR, Community engagement, health and safety measures etc.
Neighbors and Local community – Internal auditor to the extent possible detect Frauds and things adversely affecting the society. Timely highlight and report such matters.
The Institute of Chartered accountant of India (ICAI) – Reporting adherence to ICAI in accordance with SIA’s, Guidelines & Norms. Internal auditor should ensure that there should be proper compliance of time to time advisory issued by ICAI.
The impact of COVID-19 could be very signiﬁcant and could put pressures on management to meet performance targets. This raises the risk of the likelihood of fraud in the Financial Statement (FS), requires the auditor to exercise a much higher degree of skepticism and carry out extended audit procedures to eliminate the possibility of fraud or material error in the FS. Auditors must be particularly mindful of the heightened risk of fraud.
Internal audit technology needs to be updated with change in working style of the organisation due to pandemic. The enhanced implementation of technological and digital tools may require better internal audit file management, road-map systems, data analysis and artificial intelligence. Internal auditor should take this prospect to establish improved auditing activities, thus enabling internal audit to automate the scrutinizing of key risks and the operation of key controls, securing time to focus on complex areas of risk. This an opportunity to improve audit efficacy by building stronger internal audit teams. If situation demands auditing can be done remotely, the location of auditors should not be relevant and audit teams can be developed to ensure the most appropriate auditors are allocated to each audit, regardless of where they are located. It is important for internal audit team to keep these points in mind while auditing in changed environment:
1. While finalizing the audit plan it important to include those areas which remained truly essential considering current situation and accordingly make a judgement to retain, cancel, defer or adjust the audit areas.
2. Try to make maximum use of technology and data analytics for prompt review of relevant data i.e. using the elevated data analytic skills within the audit team and if access to corporate data is given try to provide new business information relevant to management.
3. Develop close teamwork with other assurance functions in the subsequent line of security to eradicate needless duplication of activity and to share knowledge of key business processes, critical risks and control efficacy.
4. Modifying audit reports to make them crisper, with improved root cause analysis and sharper clarification of the consequences to drive rapid, efficient and sustainable corrective action by management.
5. Networking with regulators, external auditors and others to comprehend their demand for information.
6. They can make use of data analytics to better understand their client base in terms of customer trends and behaviors. It is important to collating large sets of data and analyzing them to extract useful information from a broad test base.
7. Using digital platforms like video calls/ voice calls etc. fro live interaction with process owners becomes important in absence of concerned person due to illness/quarantine/ working from home/isolation. In case of remote location, audit can be performed through digital platform which help in effective two-way communication.
While working remotely internal auditor may face additional challenges in terms of obtaining assistance, data and information for performing audits. Auditees may have conflicting priorities, and other obligations. It is now become more important than ever that internal audit team while working with the business and auditees to comprehend schedules, there favored techniques of communication, and consistently connecting with various stakeholders to review progress and discuss challenges. Internal audit team should factor in ancillary time for delays considering current changing environment.
It is important to maintain the mental health of the audit team during this pandemic situation hence it is important to highlight this risk. There will be negative impact on team due to fear of job loss, working alone, and an unclear future without the support of a team around them. The short and long-term repercussions of this are not yet clear but the unanimity is that it needs to be observed and programmes need to be in place to provide full support where required and possible. The pandemic helps in elimination of commuting, office bureaucracy and needless team meetings has seen work output surge. However, it is also possible that positive cultural changes may taking place within teams as we are very well aware that this online shift is predicted to remain with us now. The internal audit team need to maintain their high standards and professional delivery even under extreme pressure. The audit teams should avoid going into their shells, instead realize they can grow through this. A crisis often extends the chance for rapid personal improvement and growth opportunities.
Now a day’s data Privacy in remote work location becomes very important. Internal auditors should analysis organizational confidentiality obligations and requirements to completely understand the requirements of their organization and how those obligations may be affected by the remote work location. Data analytics helps in detecting problems and setting out a projection of their potential impact. Therefore, when used appropriately and driven by skilled data analysts, those data sets are highly valuable in serving an organisation make well-versed decisions in the running of the business. Internal auditors can also join forces with information technology personnel to monitor traffic and flow of data across their grid to identify connections or broadcasts across topographical boundaries. With the speedy decentralization of various businesses across the world as stay-at-home orders may continue, groups that are subject to data confidentiality requirements need to ensure that changes to their internal processes do not result in any kind of noncompliance.
The COVID-19 pandemic has uncovered businesses to immense and unanticipated changes. However, in response to the fast-evolving situation some changes were made voluntarily, and others were enforced by various government and other disciplinary authorities resulting into change in policy decisions of the organisation. Though every business faces its own distinctive set of confronts, internal auditor needs to understand the changing condition, their organization’s new approach of working, the new risk topography and accordingly deploy the audit team in response. The COVID-19 anxiety is something that will not evaporate quickly and current era of cyber-security breaches has never been more critical than now.
The pandemic has provided a chance to internal auditor to exhibit their distinctive skills. It is essential for internal auditors to keep themselves technologically up to date and keep Looking for a new and specific data analytics role and data science. It is the time to deliberate outside the box and see how internal audit can be as efficient and fruitful as possible with audits, assessments or reviews, and remain productive and safe at the same time. It is important for the internal auditor to prove that they are vital part of the organisation and be open and honest in their communication as it is critical to ensure that all parties will maintain trust and confidence that everyone is doing all they can to move the organisation forward.