Following the COVID-19 outbreak, things have changed drastically, and the working environment of organizations and their ways to work has evolved. Internal auditors are no different and will follow the same route.
The internal auditor must focus on things that are important for the organization during these unprecedented times. Therefore, the internal auditor shall collaborate with the departmental heads, managers, senior management, and key stakeholders to understand new risks and their impact on the organization.
Auditors have to pick which audits are important including mandatory/regulatory audits.
Assessment of risks is a continuous process, and internal auditors shall be vigilant of new risks while performing the audit. It might be possible that during the planning stage, certain risks are unknown to the auditor, while during the actual fieldwork, new risks emerge, and the auditor needs to include those risks in his audit for further testing.
This will help the internal auditor to re-assess his audit plan, which best suits the organization. It is better to replace the existing audit plan with a new one that better addresses new risks and supports the organization-wide objectives.
During these difficult times, the auditor should keep the audit committee, and management informed about the difficulties being faced by them. If required, reduce the scope of work, limited to emerging risks that are more critical than those that are assessed a while ago.
The auditor should always focus on quality over quantity and reduce the number of audits.
The use of virtual meetings, webinars, digital documentation, etc. has helped everyone in performing business as usual activities. The rise of collaborative tools has spiked, and popular software companies offer affordable and reliable solutions to embrace the new ways of communication.
Therefore, the internal auditor should consider the following:
Internal auditors possess in-depth knowledge about the business processes and the holistic view of the organization. During the pandemic, the internal audit resources can be re-purposed to provide support to essential business functions and processes. This may include:
However, the internal auditor should keep his independence at utmost importance, and the auditor shall refrain from designing and implementing any process and control.
It is the Chief Audit Executive's responsibility or a similar position in the department to gel the team as one unit. Following are a few things which can be done:
During the remote working, the internal auditors shall keep their corporate presence within the organization by having virtual meetings with the key stakeholders, helping them to built trust.
Internal auditors shall prioritize their work and focus on those areas where they can help the organization. Instead, interact with the stakeholders more frequently and provide simple and easy to implement advisory solutions.
Internal auditors are required to develop a substantive approach and be pragmatic in gathering audit evidence and consider alternative ways to collect the information. The likelihood of management override of internal controls is high. Still, the auditor has to see the rationale behind such overrides and validate whether the management is fully aware of such overrides.
The overrides taken by the employees may be in the best interest of the organization. Are you sure? Validate it.
During the pandemic, organizations are forced to terminate their employees or reduce the financial benefits. The disgruntled employees may pose a severe threat, and the probability of fraud and misappropriation has increased. Therefore, the auditors need to be vigilant in the early identification of such risks and suggest recommendations.
As the uncertainty prevails, but slowly, things will come back to normal. Internal auditors should take this as an opportunity to learn new skills, especially their communication skills, and adopt those techniques and practices they were performing during the pandemic.
It is expected that organizations and employees will still prefer working remotely, and auditors have to adopt a flexible and pragmatic approach in performing their internal audits. Nevertheless, the auditor should work with the management and focus on new & emerging risks that the organization faces.