Best practices for managing internal controls post-COVID

The COVID-19 pandemic has shaken up the entire business world whilst impacting almost any industry, organisation and operational function. Internal audit (IA) and controls are not an exception. In this quick guide, we review some of the best practices and considerations for IA teams to adapt to the new normal.

Best practices for managing internal controls - Banner

Introduction


The COVID-19 pandemic has shaken up the entire business world whilst impacting almost any industry, organisation and operational function. Internal audit (IA) and controls are not an exception. With remote working becoming the norm, organisations are facing an increasing number of operational risks and challenges, which has put some greater pressure on IA teams to:

  • quickly adapt to the new working environment,

  • ensure compliance during the transitional, recovery phase, and

  • provide some direction for the future.

Below are some of the best practices and considerations for IA to respond to the new normal.


3 risk factors for organisations post-COVID


Before we look at some of the best practices for IA in the post-COVID environment, we’ll briefly outline the 3 key risk factors driving those considerations.


Regulatory compliance


Due to the COVID-19 pandemic, many regulatory authorities have altered various laws and regulations in aim to strengthen the economy and facilitate businesses’ recovery. This creates an extra burden for internal auditors who need to constantly keep up to date with any key regulatory changes and ensure the organisation remains compliant at all times.


Fraud


Whilst remote working facilitated business continuity during the pandemic, it also created some new opportunities for fraudsters to exploit any weaknesses in operational controls (e.g., no clear visibility of control breaches, reduced inventory or data control, no clear control managing responsibilities and accountability). KPMG has identified some of the most common control-related frauds:

  • Misconduct by employees for personal financial gain

  • Manipulation of financial results to comply with covenants

  • Bypassing transaction controls, or forging of the necessary approvals

  • Non-execution of approved transactions for personal or professional gain

  • Processing of fraudulent claims for personal gain, or to benefit a known party


 

Stay on top of the latest governance, regtech and innovation trends and insights!

Subscribe to our monthly newsletter >

 

Performance and reporting


Remote working further increased the need for greater management oversight as key responsibilities like monitoring, measuring and reporting on the financial and operational health of the organisation can be easily overlooked.


This brought some more pressure on the IA function, which has the responsibility to ensure the accuracy, completeness and adequacy of reporting in key areas like; Revenue, Liquidity, Cash-flow, Procurement and transactions, Inventory, etc.


Best practices and tips for managing internal controls post-COVID


To tackle the above mentioned risks and build a strong and resistant internal control environment post-COVID, KPMG recommends IA to consider implementing any, if not all, of the below critical areas:

  • Adopting a digital sales process and onboarding

  • Managing liquidity risk (incl. cash flow forecasting and working capital)

  • Ensuring business continuity (remote working setups and policies, digital communications, etc.)

  • Increasing governance over remote working and mitigate the risk of cyber fraud and breaches

  • Navigating vulnerable customers and facilitating the sales and customer services processes remotely

  • Ensuring the effectiveness of financial controls in the new remote environment

Looking at the internal function, in particular, KPMG has also proposed the following 7-step approach for internal auditors to adapt and continue to provide valuable insights and assurance to their organisations in the post-COVID world:

  1. Define and prioritise the critical controls required to reduce fraud, compliance, and performance and reporting risks

  2. Identify who has responsibility for monitoring new critical controls arising from the “new normal” (e.g., work-from-home arrangement)

  3. Assess the impact of changes on internal controls and revisit organisational structure, if required

  4. Identify and leverage on lessons learnt from the crisis to further improve the internal control system

  5. Enhance auditors’ capabilities and fill any knowledge gaps

  6. Identify and evaluate the emerging risks in the aftermath

  7. Adopt additional technology to increase security and efficiency, and automate business processes

Working in internal audit? How have you adapted your processes and organisation post-COVID? Share your experience in the comments below.


 

How to manage internal controls - Whitepaper Banner

 

Still using paper-based checklists or excel spreadsheets to manage your internal risks and controls?


ControlNet helps you automate the process, and create an efficient, accountable and secure operational environment.



0 comments