During the COVID-19 pandemic, The IIA is focusing much of its efforts on providing practitioners information they need to not just survive, but to thrive in this crisis. Our consistent message to members, and indeed anyone associated with our important profession, is bringing internal audit’s value to bear in helping organizations to navigate this crisis.
COVID-19 Impact on Internal Audit, the latest CAE Quick Poll by the Audit Executive Center, provides evidence that many are doing just that. Based on responses from more than 400 North American chief audit executives (CAEs) and directors in a survey conducted April 9–13, the poll found that internal audit functions were actively involved in their organizations’ response to COVID-19. That included taking on special assignments, such as cost-saving identification projects, expense tracking, and risk mitigation.
All this is playing out against a backdrop of significant disruption, as social distancing and other measures designed to curtail the pandemic have taken a toll on personnel, productivity, and profits. Indeed, more than a quarter (28%) of survey respondents reported moderate to extreme concern about their organizations’ long-term financial viability. The impact was significantly higher for industries that are directly affected by the pandemic — 51% of respondents involved in health care and social assistance responded similarly.
When it comes to the impact of COVID-19 on internal audit’s resources, the survey results were mixed. On the one hand, a majority of respondents reported that staffing and budgets had not been severely impacted by the pandemic and its attendant financial/economic drain. Sixty-one percent reported budgets had so far stayed the same or increased. Staffing saw lesser impacts, with 74% reporting it had been unaffected. However, 40% of respondents in consumer-facing organizations, such as retail, food, and travel, said they were facing cuts in staffing.
Overall, the quick poll paints a positive picture about internal audit’s role in response to this crisis. I believe that shows stakeholders are welcoming the input from internal audit and are looking for new ways to leverage the skills and insights it offers.
The quick poll results also provide an in-depth look at how internal audit functions are modifying audit plans to identify and mitigate pandemic-related risks. From the report:
“Overall, internal audit leaders are demonstrating flexibility and agility in response to the dynamic risk environment caused by COVID-19. Three-quarters of internal audit functions have updated their audit plans. Two-thirds are identifying emerging risks, and over half have already updated their risk assessment.”
These are positive and encouraging statistics that demonstrate what I have referred to as “auditing at the speed of risk.” As with data on staffing and budgets, the report provides industry breakdowns for modifications to audit plans, as well.
The survey also looked in detail at the kind of work internal audit functions are doing during the pandemic. Results show many internal audit functions are operating nimbly, with the flexibility needed for an “all-hands-on-deck” approach. From the report:
“Over half of respondents have discontinued or reduced scope for some audit engagements and nearly half have canceled some audit engagements. Where internal audit leaders are demonstrating agility is noted in the fact that nearly 4 in 10 respondents have added new engagements due to COVID-19 and 4 in 10 have redirected staff to put aside their normal audit work to assist their organizations in this time of crisis by doing non-audit work.”
The final piece of the report shows how organizations are responding to specific risk areas during the pandemic. As might be expected, nearly half (48%) increased efforts around business continuity planning. Also, more than 4 in 10 reported added focus on cybersecurity, enterprise risk management, fraud, and cost control/reduction.
Here, data breakdowns by industry provide even richer insights. For example, the biggest changes in audit plans for respondents from consumer, manufacturing, and health care and social assistance focused on cost control/reduction. In contrast, respondents from public administration saw greater focus on cybersecurity and IT risks.
I encourage my readers to look for the survey report on our COVID-19 Resource Exchange page under the tab “Additional Resources Powered by AEC.” As with the first AEC Quick Poll, though responses are limited to North America, I believe the findings provide important insights for CAEs anywhere in the world.
As always, I look forward to your comments.