Internal auditors have a vital role to play in guiding companies away from the pandemic and towards a sustainable future
The COVID-19 pandemic has had a disruptive and devastating effect on people, businesses, and economies worldwide. At the corporate level, the severity of the impact has forced management to double down on their efforts to plan for future scenarios, and has led internal auditors to conduct a three-sixty-degree risk assessment of the current control environment within organizations. Now, more than ever, they need to review business continuity plans and quickly evolve the controls to suit existing conditions. However, working closer to frontline management does not mean sacrificing internal audit principles. Maintaining objectivity and independence in terms of accountability and reporting can be preserved, while still adding maximum value to the organization.
The risk culture of any organization stems from leadership, yet excessive internal controls are often considered a ‘whip’ by middle management. Here, the role of the internal auditor is crucial to managing the balance between leadership expectations and middle management’s discordant approach. The question is, how can this balance be achieved?
First, internal auditors must provide value in a practical way and help the organization move from crisis management to issue management, and then from short-term risk management to long-term risk management. They need to work closely with first- and second-line colleagues and ask them the simple but vital question: ‘how can we help?’
Amid the pandemic, the corporate world has observed how the internal audit function has changed from conducting post-mortem analysis to providing a more collaborative outlook to key stakeholders and re-inventing existing management controls. At EFS, the internal audit function has also assumed certain management responsibilities. It has transitioned away from conducting typical audit reviews and moved towards more of an advisory role, helping organizations to overcome current operational challenges.
To this end, the internal audit function has helped to reduce overtime costs and has engaged in business-critical activities such as productivity analysis of key functions, introducing robust cybersecurity policies, and standardizing processes by bringing more automated controls across the group. Furthermore, monthly internal audit plans are revised according to the management’s needs, new dimensions are being added, and functional audits are being reprioritized. Coordinated efforts are also being initiated with allied companies to gain remote access to meet audit timelines.
Additionally, we have curtailed certain controls to expedite the processes required to meet our customers’ needs and to optimize operational service delivery. Crucially, the related policies are being modified and adhered to by the respective departments to support and deliver the revised strategy wherever required.
However, the tasks do not end there. In light of the pandemic, many company boards are asking internal auditors to take on a wide range of new responsibilities. Such responsibilities include monitoring compliance with COVID-19 rules, supporting management in re-visiting workforce insurance coverage, focusing on policy compliance relating to business continuity, and contributing to the creation of a comprehensive preparedness plan for the next suspected wave.
Apart from the above, organizations must address other key risks that revolve around data. Broadly speaking, cybersecurity risks have increased due to third-party infrastructure and the existence of multiple data centers, where applications and databases reside. Success in mitigating the risks depends on an organization’s ability to effectively modify and implement its internal controls in a variety of contexts.
Despite a plethora of challenges, the recent pandemic has given internal auditors a unique opportunity to increase their participation in crisis management committees, eliminate duplicate and bottleneck processes, and focus more on data analytics, while being agile in finding ways to work remotely. What’s more, continuous monitoring tools, including management meetings, organizational task forces, and compliance with economic, social, and governance requirements, have increased internal audit’s ability to contribute to updating company enterprise risk assessments.
The COVID-19 crisis has also provided a platform for internal audit to display its unique skills and perspectives, highlighting its value to organizations. Given the critical role they play, companies are accepting internal auditors as one of the champions of crisis management. Now, in order to remain valuable contributors, internal auditors need to stay technically up to date and must maintain a thirst for learning, as seen in the high participation rates in webinars, online training, surveys, and discussion forums.
Looking ahead, internal audit must remain proactive and prepared while being pragmatic as the current business situation changes. If it succeeds in these tasks, internal audit stands to become the ultimate tool for business resilience, helping organizations achieve their objective of creating a sustainable future.
Authored by Ms. Sarika Singh – General Manager of Internal Controls and Risk, EFS Group
Source: Forbes Middle East