What type of reviews should your teams be performing during and post-COVID-19?
COVID-19 has created new realities and unprecedented challenges. It has also impacted your stakeholders and control environment and how audits and reviews are performed. The rapid pace of change accelerated the need for the following:
- new solutions to your customer’s problems (adapt to changing consumer behaviors),
- changes to the ways your staff perform their jobs (manage health and safety concerns), and
- modifications to your strategic goals and objectives (manage increased uncertainties and adapt to a rapidly changing business environment).
Performing audits and reviews that does not directly impact the accomplishment of your strategic goals and objectives adds limited value. To create, capture, and sustain value, simplicity, flexibility, and agility is critical to the nature of audits and reviews performed. This is the ideal way for an independent internal audit function to support management solve problems they see as necessary at the current moment, and vital to the long-term survival of your business.
How do you get there?
“Out of intense complexities, intense simplicities emerge.” Winston Churchill
Complexity is the enemy from within that must be avoided. Begin by adopting a simple framework that provides an enterprise perspective on your resources, processes, technologies, and corporate culture. These components impact the accomplishment of your strategic goals and improve performance across your value chains.
Next, agree on your internal audit’s role in the value chain. This requires understanding the organizations…
- strategic direction and alignment (align with changing customer expectations during and post-COVID-19),
- risk management and monitoring,
- operational efficiencies,
- quality and compliance,
- financial management and governance, and
- responsiveness: to help management create, capture, and sustain value while adapting to the changing business environment.
Ultimately, priorities vary between organizations. The six components of the internal audit value chain (IAVC) should be continuously evaluated during and post-COVID-19 to help management create value, capture value, and sustain value in the context of your organization’s strategic goals.
To help your management teams focus limited resources planning and executing audits and reviews that matter, confirm your organization has processes in place to achieve the following:
(a) Prevent misalignments between enterprise strategy and the business unit and departmental priorities.
(b) Identify, prioritize, and mitigate risks impacting the accomplishments of your strategic goals. This should include emerging risks and the rapid pace of evolving risks such as the COVID-19 pandemic.
(c) Assist management in capturing and sustaining value by pursuing efficiencies. This should include initiatives to embrace new technologies to support your clients and employees during and post-COVID-19.
(d) Validate that quality and compliance are baked into the culture of the organization. The fastest way to frustrate valuable clients in difficult times is to provide products and services they need below their quality expectations.
(e) Continuously add value by improving your financial management and governance and monitor progress.
(f) Creating value is not enough. Assist your teams in capturing and sustaining value by being responsive to internal and external factors timely.
Evaluate your current capabilities by performing a high-level assessment to accomplish the following:
- A “current state” risk-assessment. The output will provide your organization with an updated risk profile and scorecard that can be used to make decisions towards enhancing your strategic risk-management capabilities.
- Provide insights identifying new and emerging risks impacting the accomplishments of your strategic goals and objectives during and post-COVID-19.
- Management can use the output from the risk assessments to evaluate, prioritize, and develop plans to mitigate critical risks—and perform audits and reviews that matter.
Perform a Comprehensive Strategic Risk Assessment
We define strategic risk assessment as a set of policies, procedures, processes, systems, and resources that provide oversight on how an organization identifies and mitigates risks adapting to its changing business environment.
Benefits of performing a strategic risk assessment include:
- It provides a simple, flexible, and agile framework that can be customized and used throughout your organization to identify, prioritize, and mitigate current and emerging risks impacting the accomplishment of strategic goals.
- A guide to implementing an integrated approach to risk-taking, risk oversight, and risk assurance functions eliminating redundancies in work performed.
- Enable timely and accurate reporting to the Board and Committee’s, Executives, and Stakeholders.
In difficult times, management must often re-visit your business fundamentals and the strategy to make timely changes to ensure the organization continues to add-value, capture, and sustain value. The disruptions from COVID-19, accelerated the need for sound business practices and decisions that are centered around the mission—solving problems customers see as valuable and increasing their willingness to pay for your products and services. Our next post will elaborate on steps you can take to re-visit your fundamentals, especially in difficult times.
Jonathan Ngah, CISA, CIA, CFE, CGFM, is a principal at Synergy Integration Advisors, a professional services firm providing internal audit outsourcing and internal audit co-sourcing services to government institutions, private-sector, and not-for-profit organizations in the US and the Asia Pacific (APAC) regions.