Table of contents:
The proper functioning of Internal Auditing can provide new value to organizations during the COVID-19 pandemic. The COVID-19 pandemic has brought about changes in the functions of internal auditing for businesses and organizations. With a few adjustments, internal auditing can enhance the efficiency of processes, reduce risks in the new working environment, and, at the same time, deliver a new level of value to organizations.
The impact of COVID-19 varies for each organization. Internal auditing needs to consider the following issues to support businesses and meet the needs of stakeholders.
Assessing risks to prevent or reconsider priority issues is crucial for internal auditing functions.
Internal auditing functions need to review their audit plans and activities to determine how risks have changed in the context of the pandemic and find the best way to allocate resources to better support the business. In many cases, auditors should focus on measures to improve processes for the business to operate continuously and without disruption due to the pandemic, which is more important than strict compliance activities. Internal auditing should work with business leaders to understand the impact of COVID-19 and the management plans to adjust business operations more effectively.
We believe that internal auditing needs to advise businesses on management plans and identify risks for careful consideration to make informed decisions. As leadership implements new processes, systems, and activities to address development needs during the pandemic, internal auditing should provide guidance on potential gaps or overlooked vulnerabilities.
Using remote working methods
In today's business environment, particularly in the context of supply chain economics, many businesses have departments located in different geographical locations, even in different countries. This poses a challenge for internal auditing as they cannot work directly when countries are restricting movement between regions.
Collecting evidence and reviewing documents remotely through platforms like Microsoft Teams, Webex, or Zoom can solve this problem instead of physically going to the location to conduct audits. In cases where some tasks require on-site work and cannot be done remotely, auditors can plan for such activities when travel restrictions are relaxed at certain times.
The key is for internal auditing to collaborate with the businesses and organizations being audited to understand schedules, communication methods, and regular connections with stakeholders to discuss work and progress. Internal auditing should allocate additional time for unforeseen delays and contingencies while working remotely.
This approach provides flexibility, fosters collaboration, and facilitates a rapid audit execution process. It's a time to think "outside the box" and find innovative internal audit methods to maintain efficiency and productivity in internal audits while ensuring safety in the context of the pandemic.
Data security while using remote working methods
Along with the development of remote work methods, data security has become increasingly crucial and should be a top consideration. Cybersecurity is of particular importance, and investment in security solutions, regular compliance checks, monitoring adherence to security regulations, and promptly addressing security vulnerabilities are essential. Enhancing financial capacity and risk management, especially risk management, is also vital.
For example, in the case of an internal audit for large publicly traded companies that use less secure information exchange platforms during remote work, the leakage of sensitive documents can have a significant impact on the company. In this scenario, even if internal auditors have signed independent commitments or followed security principles, the information leakage is partly the responsibility of the internal audit team.
Internal auditors can also collaborate with IT staff to find appropriate information security solutions and select platforms with high security standards to mitigate the risk of data leakage.
New risks emerging during the pandemic need to be acknowledged
Alongside traditional risks, new risks are emerging from the evolving work environment during the pandemic. Internal auditors need to have a profound awareness of these risks and work with businesses to understand the effectiveness of the company's risk management measures. The following risks are examples that internal auditors should consider regarding potential threats in the new work environment:
Business continuity plans not ensuring uninterrupted operations and disruptions during "social distancing" phases.
Information technology (IT) and cybersecurity threats.
Health and safety of human resources.
Fraud risks arising as remote control measures are newly implemented and refined.
Data security.
Operations and supply chains.
Strategy and brand.
Liquidity and finances.
As the COVID-19 pandemic continues to evolve unpredictably, with flexible and adaptive approaches, internal auditing can play a crucial role in organizations and have the opportunity to deliver breakthrough value to support businesses and management.