Enterprise & Market Resilience during COVID-19 - Learnings from a Virtual Forum for Business Leaders in the Middle East (Session-1)

enterprise resilience webinar series
Enterprise & Market Resilience during COVID-19 - Learnings from a Virtual Forum for Business Leaders in the Middle East (Session-1)

This is the first of the Middle East forums by Protiviti on Enterprise & Market Resilience during COVID-19. These are “collaborative forums” as we at Protiviti believe there is tremendous value to be gained in learning from each other in these unprecedented times. Listening to new and unexpected perspectives from industry leaders can help test our thinking, provide confidence in our own plans and increase our resilience. The unique set of challenges brought by the current and future effects of COVID 19 requires a complete refresh on how we perceive and mitigate risks.

The first session of the Middle East forum was on the impact of COVID-19 on Internal Audit profession, its evolving roles and changing responsibilities. Roles perceived in the past as exceptional are expected to become the norm, including a shift from independence being a shield, to independence being a state of mind. More than 350 Internal Audit, Risk & Compliance professionals joined our first Webinar on Tuesday 21 April 2020. Held under the Chatham House rules, that facilitated, secure sessions and enabled participants to ask questions during the discussion.

Key Takeaways

  • Flexibility and agility are the key words for Internal Audit teams during these unprecedented times.
  • Post COVID-19, things are going to be different. Digitization, Automation, Investment in IT platforms and ERP is going to be a necessity.
  • Internal Auditors and Risk professionals should partner with management teams in these times and use this as an opportunity to build a relationship for the future.
  • Relationship management is key considering the remote working environment. Being empathetic to others in this time will go a long way and enable being better auditors as well.

    Audit Committee and Board perspective

    Our first panelist, a Board & Audit Committee member across many organizations shared his perspective that the audit plan has to be flexible for 2020, since what was planned earlier is not that relevant. The centerpiece of what we are seeing today is risk and the “risk velocity” is hitting us at a very high speed, which will have to be factored going forward.

    Connectivity, sustainability, cyber security, dealing with employees and associated risks of working from home are the new priorities for 2020.

    Boards are becoming more demanding and management teams need to be transparent and conduct stress test for best and worst case scenarios, considering things may move closer to normal in three months and in worst case where normalcy may not return until Q1 2021.

    Strategic role of Internal Audit in crisis management and business continuity plans

    One of the areas where Internal Audit can use its expertise is to be involved in documentation of this crisis and the actions being taken, which can culminate in the form of a crisis management manual. This can serve as a reference for any future crisis for the organization.

    CAE of a large telecommunications company on his part said companies are testing their crisis management and business continuity plans to full capacity in this crisis and Internal Audit can help by shifting its approach to offering advisory services. It is the need of the hour that Internal Audit teams are more agile and closer to management and focus on areas of high risk and become part of the crisis management teams of the companies they serve.

    Impact of an extended lockdown on Audit Teams

    Head of Internal Audit of a leading Insurance Company in the UK shared his experience on how businesses across have started operating in a crisis mode since the COVID crisis started and Internal Audit teams had to look at making auditing from home effective.

    As the world enters the next phase of COVID-19, Internal Audit teams are looking at how their resources need to be deployed. Independence of Internal Audit is being practiced in spirit, where team members are being put on tactical secondments to other teams where they can make an impact. Assignments have been varied, wherein they can add significant value and also bring back learnings when they rejoin the Internal Audit team.

    Technology and people engagement in a virtual community

    Due to the advancement in technology, the ability to work from home has made the crisis manageable to cope with in this era. Meeting dynamics have changed and at the same time people are much more time conscious and trying to focus on what they are doing to maximize efficiency and give back to the business. From a team perspective and one of the risks to consider is mental well-being of their people.

    CAE of a large telecommunications company added that people have extended themselves beyond working hours since they are working from home, showing their engagement, capability and dedication to the work, which is a big test of for our business continuity.

    Key Skills needed for Internal Auditors post COVID world

    • Internal auditors need to have the capability to think outside the box and think about the extreme scenarios and start analyzing risks
    • Internal Auditors need to have more IT and cyber security competence and data analytics skills

    Risk Management and Contingency plans need a revisit

    COVID-19 is a wakeup call. There is a need for more alignment and interaction between internal audit and risk management. Existing ERM programs across many organizations is two dimensional and academic, lacking a dynamic flavor. Risk management methodology should be challenged from covering middle of the road scenarios to covering extreme scenarios by Audit Committees and Boards.

    Contingency planning for unexpected events, developing critical scenarios and including what could be the impact on the business and its continuity will become the norm.

    Thinking Ahead

    Probability of frauds will increase, so extra control measures needs to be in place. This needs a refocus on implementing Continuous Audits and using Data Analytics to provide deeper and wider assurance to the enhanced risk as a result of fraud and weakening/ overriding of internal controls.

    Reassess the type of audits to be carried out in the later part of 2020 with areas that focus on key controls. Consider different tiers of assurance that the team can provide going forward from a deeper assurance to a lighter assurance with speedier reporting.

    This is probably the best opportunity for Internal Auditors to build a real partnership with management by acting as a trusted advisor, bringing their experience to the table and demonstrating agility in being able to change.

    Click here to access all series