The challenges to business and society created by the biggest health crisis in a century have been manifold. Each day brings a new twist in how the COVID-19 pandemic impacts our safety, interactions, business, politics, and security.
Yet, this relentless scourge may offer one significant benefit: It has sharpened our focus on governance and accountability by requiring organizations to take a long, hard look at how they operate, whether they be large or small, complex or simple. This examination — a bit of organizational soul searching, if you will — helps identify waste, hone in on core missions, accelerate adoption of new technologies, and most importantly, better understand how we govern ourselves.
With this in mind, The IIA and the International Federation of Accountants (IFAC) teamed up to produce an important tool for audit committees as the world navigates through these transformational times. Six Recommendations for Audit Committees Operating in the “New Normal”provides important insights and direction to board members for adapting to a post-COVID world.
Joined by my counterpart at IFAC, CEO Kevin Dancey, our joint message to audit committees is clear and vital. From the report:
Audit committees must be vigilant, agile, disciplined, and engaged. That will allow them a timely and coherent understanding of the continuously evolving operating environment and exhibit confidence in their reporting, disclosures, and conformance with regulatory, legislative, and ethical expectations.
The six recommendations are designed to optimize the audit committee’s role in governance, oversight, and long-term value creation. As the report point outs, these expectations are not new, but the manner and urgency in which we achieve these goals will take on added importance for the foreseeable future.
The report provides audit committee recommendations in six key areas of responsibility: staying informed, communicating and collaborating, leveraging available expertise, promoting continuous improvement, thinking holistically, and embracing technology.
From an internal audit perspective, heads of audit should be looking at these recommendations and thinking about how they can help their audit committee improve in each area. Every one relies on establishing and nurturing a collaborative, open, and honest relationship with the audit committee.
Staying Informed Audit committees must have a clear-eyed view and understanding of risk areas, and internal audit should support this by providing timely risk assessments. In a post-COVID world, those assessments will be more frequent and possibly continuous.
Communicating and Collaborating Audit committees have a wide and growing set of oversight responsibilities, so alignment with priorities of the governing body is critical. Internal audit’s enterprisewide perspective can help audit committees remain aligned with the priorities of the governing body and help them stay informed on issues requiring attention.
Leveraging Available Expertise Keeping fully informed about senior management’s responses to risks, new and old, is a fundamental and challenging task for audit committees. Internal audit is one of several areas of expertise upon which the audit committee relies to manage that oversight. Internal audit must provide independent and objective assurance and advice not just on how well the C-suite is managing existing risks, but also provide insight and foresight on management’s ability to anticipate and manage future risks.
Promoting Continuous Improvement Effective risk management must account for changing circumstances and evolving risks. Nurturing a mindset that looks to continually improve risk response in ways that encourage innovation and value creation will become the “new normal” for successful organizations. Internal audit should provide audit committees with assurance, advice, and insights that supports a mindset of continuous improvement.
Thinking Holistically The COVID-19 crisis is pushing organizations to evolve their thinking and improve planning, operations, and reporting. This makes the work of internal audit particularly important, as it must provide audit committees with a comprehensive view of risk management and overall governance. That increasingly includes issues involving sustainability, culture, technology, ethics, and value creation and preservation.
Embracing Technology The pandemic has forced a revolution in remote working that is likely to remain part of the post-COVID world. At all levels, organizations will have to adapt processes to account for distance and isolation, and they will have to rely on technology to get it done. This is particularly true for the work of internal audit. Providing assurance on old processes from a distance as well as evaluating new remote processes will be one of the profession’s biggest challenge after COVID. Effective use of technology will be critical. Internal audit stakeholders at all levels will demand — and absolutely deserve — no reduction in our services.
While these six recommendations are focused on the audit committee, they can and should be applied across all levels of the organization. They encourage collaboration and discourage silo mentalities.
It is ironic that, even as the current crisis pushed us into a limited and isolated physical world, it also expanded our perceptions of effective risk management. It has affirmed that communication, collaboration, technology, and continuous improvement strengthen our organizations. It has shown how commitment to sound governance creates long-term, sustainable value.
As always, I look forward to your comments.