Target These 5 Areas if COVID-19 Wasn’t on Your Audit Radar

If you hadn't planned for a pandemic, you're not alone. Natural disasters or fraud or cybersecurity, sure, but a global outbreak? Nope. Just a few weeks ago, it sounded like fiction, yet here we are.

It's impossible to predict when these kinds of events will occur, and the speed of onset is dizzying.

Over the past few days, I've talked with chief audit executives, and they're focusing on these five areas. Use them to steer your organization in the right direction in the coming months. 

1. Workforce protection

This one's obvious, but critical. Without a thriving workforce, your organization is stuck. Ensure your people are safe and secure by taking the following actions:

• Permit remote internal audit work whenever possible. 
• Stay engaged with regulators and public health officials, and ensure you're reporting out anything that's required.
• Ensure IT infrastructure needs are tested, so employees can continue working remotely.
• Participate in any new policies from management—whatever plans they have, weigh in, assess, and test them.
• Don't forget to be human. People are worried about kids, vulnerable family members, and the economy on the whole. Compassion goes a long way.

2. Customer engagement

If your inbox is anything like mine, you've gotten emails from the CEOs of just about every company you've ever interacted with. While arguably tedious, as a risk professional, I really appreciate the transparency. These companies are doing the right thing by their customers.

Here, I mean "customer" in a dual sense—both the people your company does business with and the internal business partners typically served by internal audit.

For external customers, be transparent about the inner workings of the company, what you're doing to protect them, and why they should feel at ease with you. For internal customers, keep an open dialogue about risk assessments, next steps, and audit scenarios.

3. Supply chain protection

Other companies, including your suppliers, are feeling the pinch of COVID-19 just as much as you are. It's up to you to create transparency both up and down the value stream—with vendors you use and with companies that use you as a vendor. This goes hand in hand with customer engagement as well.

Some things to communicate with vendors or clients:

• If or when payment timeline may be impacted
• Additional lead time to expect on work
• When you can expect items or work can be sourced
• Geographic details on items sourced from coronavirus-hit areas (parts or ingredients from Italy, for instance)
• Shipping logistics and transportation (freight shipping via train or boat versus planes)
• Employee travel (Are offices closed? Will they work from home?)

4. Financial stress testing

The whole economy just got hit with a monster double-whammy: rising expenses from a shuttered marketplace and decreasing revenue from companies and people uncertain about the economy.

While you can't predict the future, you can plan for the myriad outcomes that could come. Now's the time to focus on stress testing—map out different scenarios to anticipate what could happen.

Some areas to consider in your stress testing:

• Length of time your industry, location, or business could be shut down
• If target revenue numbers aren't achieved
• The impact of financial statements and working capital
• Meeting cashflow and hitting payroll
• Paying back lenders (what if they try to collect on debt covenants faster than usual?)
• The credit rating of your business
• How a material impact to financials would be communicated to the Street

5. Nerve center integration

Audit shops are already fast-paced environments, and the labyrinthine evolution of COVID-related risks can result in misaligned priorities and miscommunication. That's where a "nerve center" could be helpful.

As a central spot for vital, up-to-the-minute information financial teams need, it contains all the pivotal information needed to address the situation.

When creating your nerve center, consider including these things:

• A single spot where all audit, risk, and controls documents related to COVID, from initial risk assessment, to building an audit program, to reporting
• A repository of different resources—questions, facts, data, and news that's relevant to your company
• Any action plans that management is working on, and updates thereof

When the dust settles, think of the long term

Addressing the short-term issues is vital in the immediacy, but don't forget the long term. The world will emerge from this, and a long-term approach will be helpful.

While we can't possibly prevent a pandemic from happening again, installing a centralized internal audit management solution today can better improve your company's resiliency tomorrow, from sales forces to supply chains to internal audit.

Working from home? Find out our internal audit manager's six golden rules for running a remote internal audit.