As organisations are navigating a new reality – confronting interruptions and disruptions – it is more vital than ever that organisations ensure good risk mitigation practices remain in place to manage rapidly evolving risks and minimise impacts.

The recent events that have unfolded as a result of the COVID-19 pandemic are an important reminder that neither internal audit (IA) plans nor the ways of accomplishing these plans are static. Redefining the IA plan to reprioritise audits based on evolving organisational risks, ongoing regulatory requirements and the practicalities in executing each audit can help support management in addressing the most crucial risks while also reinforcing the IA team’s relevance and purpose.

Adding value during times of crisis

The COVID-19 pandemic presents an opportunity for organisations to embrace new ways of working and the technological enhancements that will continue to enable them even after a return to business as usual. For internal auditors, the pandemic also presents an opportunity to reaffirm the importance of the function by actively and flexibly responding to evolving risks in a changing environment.

We have identified the Essential 8 internal audits we consider as the most relevant for organisations to consider in the current environment.

To learn more about how you can harness internal audit to improve your business in a shifting COVID-19 environment, click here and we will respond as quickly as we can.

Essential 8

  • Essential 8

    Business continuity management – Real-time review

    • Unique opportunity to identify real-time lessons learned from the pandemic as stakeholders have enacted the Plans recently so issues/insights/lessons learnt are top of mind.

    • A good time to refresh key risks and dependencies including suppliers and vendors.

    • Important to remember that additional disruptions are possible during the pandemic.

  • Essential 8

    Cyber security

    • The rise in scam and phishing activities where attackers use COVID-19 as bait to impersonate authorities and brands (misleading employees and customers into giving up confidential information).

    • Higher demands on remote access technologies creates pressure on security that may result in external frauds, especially when employees use unsecure personal devices to perform official duties.

    • Challenging to enforce, detect and respond to security issues in a remote working environment.

    • Rapid changes in systems and access levels place greater emphasis on strict controls around remote security management.

    Read more

  • Essential 8

    Payroll compliance

    • A hot topic before the pandemic outbreak and may be even more difficult to assess and manage in the current environment.

    • In addition, many organisations are making large volumes of changes and agreeing to non-standard working arrangements during the pandemic.

    • Added difficultly to oversee/control dispersed workforce.

    • Increased pressure may also result in internal frauds.

    Read more

  • Essential 8

    Procure to pay

    • A key risk for organisations pre-COVID-19 with the process of facilitating significant expenditure. With remote work practice key controls such as segregation can be difficult at this time. It is more important than ever to have strong oversight including both preventative and reactive controls in place to mitigate the risk of human error or fraudulent transactions.

    • Emergency procurement and payments in response to the pandemic expose the organisation to internal and external fraud where limited controls exist.

    • Mismanagement of contract variations occurring as organisations re-negotiate terms of businesses (including variation approvals and reporting).

  • Essential 8

    Remote working

    • The need to move the majority of the workforce to operate remotely has occurred rapidly. As outlined above, increased cyber risks are associated with this, however, there is also a significant risk to your organisation’s number one asset – your people.

    • It is more important than ever for Management and Boards to have oversight and understanding of how the organisation is mitigating the key risk of the remote workforce which includes (but not limited to):

    • Poor workspaces impacting productivity or potential WHS issues.

    • Isolation/lack of human interaction impacting mental wellbeing.

    • Disengaged team members resulting in decreased productivity/loss of key talent.

    • Systems and hardware failure/outages impacting ability to operate as BAU.

    • Lack of oversight of teams increases the risk of fraudulent activities.

  • Essential 8

    Modern slavery

    • Another hot topic before the pandemic outbreak which may have increased risks in the current environment. COVID-19 should not take away the importance of this matter.

    • Many organisations will be required to report on their modern slavery program as soon as 31 December 2020.

    • Increased job insecurity in the pandemic environment can result in the vulnerable population being taken advantage of and coerced into forced labour and related practices.

  • Essential 8

    Program management

    • Perceived benefits of a business case may have changed in light of COVID-19 impacts, as well as the viability of effective project execution.

    • Organisations may look to revise expenditures and focus on projects with lower cash outlays or stronger potential for near term returns. 

  • Essential 8

    Vendor/Outsourcing management

    • Operational and revenue impacts from potential disruptions to key suppliers and vendors require ongoing monitoring.

    • Business case and risk profiles for suppliers may have shifted due to changing business priorities.

5 Guiding Principles to our Internal Audit COVID-19 service approach

As Grant Thornton is implementing our continuity processes to respond to the pandemic, we understand the issues our clients are facing during this challenging time and have developed flexible and robust arrangements for working together with you to ensure that our internal audits and broader business risk services are delivered whilst taking into account the difficulties businesses are facing.

Related content

Cyber security health check

Read more

Cyber security health check

Anti-Money Laundering and Counter-Terrorism Financing

Read more

Anti-Money Laundering and Counter-Terrorism Financing

Business risk

Read more

Business risk