While internal auditors across the globe assess the impact of an uncertain economic scenario in the wake of the pandemic COVID19, innovation, enhanced usage of technology and a transition to the remote review of source documents and examination with assessment of audit evidence coupled with interaction through e-meetings, is the need of the hour.
This thought leadership paper, that contains the views of our Partner, Tarun Kher, outlines the above along with best practices.
The Financial Reporting Council (‘FRC’), has issued a directive requiring disclosure of risks and other reporting consequences arising from the COVID-19 pandemic and published a directive for the auditors as well. Audit engagements should continue to be executed in accordance with the pertinent auditing standards, according to the guidance.
With the above guidance in consideration, the key approach for internal auditors in the times of COVID-19 is as follows:
1.) Review business continuity planning (‘BCP’) measures implemented by the client
This includes client preparedness review of key BCP processes and control documentation to assess organization’s risk exposure against pandemic situations like COVID-19. Such process documentation should be tested for its design and operating effectiveness by the internal auditors as part of BCP review to assess continuity in performance/delivery of the ‘as is’ processes.
The key processes and controls documentation must be archived on centralised workspaces on cloud servers, shared network drives secured through virtual private network (‘VPN’) access, or local intranet, for ease of access by the internal audit teams, even if they are working from home.
2.) Independent assessment of the going concern assumption
Detailed review of the entity’s risk registers and risk control matrices (‘RCM’s) along with the entity-level controls in light of the changing business scenario would entail an independent assessment of the going concern assumption of the client by the internal auditors. Collaboration with key stakeholders to understand any new and/or emerging risks being faced by the business, and to assess how best the management assurance function should assist in preparing the mitigation plan with external professional help as required that would enhance the value proposition for the client in these challenging times.
Internal auditors could also potentially assist in ascertaining the real-time impact assessment of management estimates on the financial statements particularly in high-risk industries (such as transportation and logistics, airlines and hospitality) where the assessment of going concerned may change abruptly amidst COVID-19.
3.) Effective monitoring of the progressive developments in the client’s business
Pro-active measures demonstrating enhanced assessment of the client’s business prospects with specific focus on key events/ strategic developments progressively taking place each passing day including movement in CXO positions; erosion in output/ productivity vis-à-vis annual targets; loss of revenues and consequent impact of economic slowdown; study about changes in the industry specific to the client’s sector are certain key aspects which require comprehensive monitoring on part of the internal auditors.
4.) Obtain source documentation and audit evidence remotely through file transfer protocol (‘FTP’) server or cloud login
In these unprecedented times where travel restrictions have been imposed globally amidst countrywide lockdowns; in-person client meetings and access to client premises is completely prohibited as part of the safety and containment measures. The planned audit approach may need to change and alternative procedures are developed for obtaining audit evidence through FTP servers and login access to client cloud platforms enabling internal auditors to remotely have electronic access to source.
5.) Plan for enhancing staff efficiency and productivity
Immobility of staff in view of the current scenario availability may impact segregation of duties, review type controls or complex process delivery. Internal auditors must review the ‘Delegation of Authority’ (‘DOA’) matrix and recommend suitable amendments at short notice. As part of the mitigation plan to deal with the current situation, internal auditors must focus on measures augmenting key staff performance activities into the cloud server, supported by permissions-based controls, to enhance process standardization and reduce the risk of staff downtime. Alternatively monitoring controls should be strengthened whilst it may be necessary to remove certain segregation of duties rules in place. The endeavour should be to keep the staff motivated whilst working in remote environments by arranging weekly catch-ups, daily stand-ups, virtual coffee sessions, regular town-halls, sharing success stories, contingency plans, etc.
6.) Regular client engagement protocols
While internal auditors may be accustomed to working remotely, working from home as COVID-19 spreads may be a new experience. The auditors should consider adopting an effective internal audit progress management approach starting from the planning stage to the report finalization stage through weekly engagement status updates being shared with the clients on official e-mails.
The internal auditors should embrace e-meeting technologies to deliver work and engage in regular and effective communication with their clients. Short-term prioritisation in terms of the engagement scope and deliverables coupled with periodic customization to the audit plan to mirror the changing pace of risk and assurance needs is the need of the current times. The internal auditors must adopt a limitation of scope approach wherever needed and possible.
7.) Make the best of available surplus time
With potential inability to perform an audit on-site due to lockdown situation, optimum utilization of available surplus time to update technical knowledge should be undertaken through online conferences or webinars that offer continuing professional education credits for ICAI members. The internal auditors should try to reduce overlapping of work by collaborating with external auditors e.g. to perform testing of internal control over financial reporting and optimize their time and effort estimates after seeking due consent from the client.
United we stand | We are in this together
Clients and their audit committees understand that it is imperative for the internal auditors to invest sufficient time in execution of their agreed upon procedures in accordance with the internal audit standards, including re-assessing work done to reflect changed circumstances. Collaborative support from the client is thus imperative in making this new approach to internal auditing an overwhelming success in.
Disclaimer:The information contained in this thought leadership paper is not intended to address the circumstances of any particular individual or entity. The document has been prepared with the help of various sources believed to be reliable, but no representation or warranty is made to its accuracy, completeness, or correctness. The facts stated in this document are based on data currently available and can change when this data gets updated.
The opinions expressed are of the author and PEAKLIFEtakes no ownership of the views.