The challenges posed by the coronavirus (COVID-19) continue to grow and evolve with each passing day. Organizations require timely information and a sophisticated approach to manage the pandemic’s impacts on employee health and productivity, fiscal implications, supply chain disruptions, cybersecurity vulnerabilities, the health of local and global markets, and more.

We are seeing internal audit efforts being pushed off or delayed by many organizations. Many internal audit departments are struggling with the decision to either continue with scheduled internal audits, or change their plans and audit areas that may be easier to manage remotely. Some are even considering if they should cancel the audit all together and not bother the organization at all. We believe that internal audit has an important role to play in supporting organizational efforts and will help management navigate the many challenges they are facing. 

As most companies transition to having a remote workforce, there are many controls that might change in the process. Internal audit needs to review these controls to ensure they are working efficiently and effectively.

Controls to be reviewed and/or tested include:

  • Cash disbursements: Are there two levels of approval for all disbursements? Is there proper supporting documentation for all disbursements? Do you still have proper segregation of duties?
  • Cash receipts: Are cash receipts still being deposited timely? Is someone monitoring customer situations and payments to ensure bad debts do not increase greatly? Do you still have proper segregation of duties?
  • Monthly reconciliations: Are all monthly reconciliations still being completed timely and properly?
  • Vendors: Who and how is the organization updating mission critical vendors and understanding how COVID-19 has impacted them? If they go away or are substantially impacted how does that impact your organization?

Internal auditors also need to determine where fraud risk has increased and perform testing in those areas. The current situation might increase the risk of fraud because there may be more opportunities to commit fraud due to controls not being adequate and employees feeling increased financial pressure due to significant other losing their job. Additionally, cybersecurity threats and frauds have increased due to more people working remotely and relying more heavily on electronic communications instead of face-to-face or phone conversations.

Internal auditors should also provide assistance and value to management in other areas:

  • Review loan applications for accuracy
  • Relative to compliance with stimulus loans, the internal audit team should assess any new controls needed to track the administration of loan proceeds to ensure compliance and possible forgiveness under the payroll protection loan program. The internal audit team should also have visibility and input on the development of any new controls to help with compliance.
  • Review of cash forecasts and budgets

Lastly internal audit departments need to ensure they have the proper processes, procedures and protocols in place to perform “remote audits.” Internal audit departments should communicate thoroughly with the Audit Committee to see how COVID-19 is being addressed by the organization  in order to accurately update risk assessments and document changes.

We know many of these things are hard to do remotely, especially if you are facing dramatic staffing changes. Dean Dorton’s internal audit team can provide short-term assistance as well as long-term planning guidance as you prepare for things to get back up and running. It is vital that you have a plan before acting, in order to stay compliant but also make it easier on yourself for analyzing and reporting in the long run. Please do not hesitate to reach out with any questions.

For more information on how the Coronavirus is impacting businesses across multiple industries, visit our COVID-19 resource page:

COVID-19 Resources