There is currently a huge volume of content available regarding the impact on organisations of the COVID-19 pandemic and it can be difficult to cut through the noise. The purpose of this article is to provide high level guidance to Audit and Risk Committee (ARC) members on matters to consider in the current environment.
This guidance is linked to the objectives of the ARC and the impact of COVID-19 on the objectives. It will also assist in addressing these considerations by providing references to some helpful resources.
A standard ARC terms of reference includes the following points, which are explained in further detail below:
For most organisations, key changes in risks and mitigation include:
Financial reports are prepared based on assumptions, estimates and measurements at the time of preparation. Measurement is often based on fair value and in uncertain economic times, the values attributed to revenue, expenses, assets and liabilities may vary significantly.
For example, in an economic downturn, it is likely that expected credit loss from collecting receivables will increase and the carrying value of receivables will decrease. Similarly, the fair value attributed to certain financial and non-financial assets may vary, triggering the need for revaluations outside of the normal cycle.
Click here to access Crowe’s ‘Financial reporting guidance under COVID-19’.
Suggested action: ARCs should expect to see an issues paper that includes an assessment of the impact of COVID-19 on financial reporting.
ARCs usually engage with external auditors during the planning, interim and final stages of audits. As outlined above, the COVID-19 environment presents significant financial reporting issues to an organisation. This in turn impacts on the auditors’ assessed risks of material misstatement within financial statements and the availability of evidence to support assumptions and measurement. All of these factors may impact on the timing of the delivery of the audit.
The strategic internal audit plan is generally aligned to key risks of an organisation and reviewed by the ARC. In a COVID-19 environment, the internal audit plan may need to be adapted to take into consideration factors such as:
Possible areas for internal refocus include:
Suggested action: The ARC should review and understand the proposed strategic internal plan including its scope, resourcing and timing.
In the current economic climate, organisations have made significant changes to work practices, IT systems and internal controls. Historically, during periods of disruption, the opportunity, rationale and motivation for fraud increases. Areas of potential vulnerability are:
Cyber criminals view disruption as the perfect storm for increased attempts to hack into an organisation’s IT network and/or extort funds through phishing emails, amongst other schemes.
Further, this environment increases risks associated with data security and privacy including:
Click here to access the NSW ICAC guidance ‘Managing corrupt conduct during the COVID-19 outbreak’
Click here to access ‘COVID-19 pandemic exposing businesses to heightened fraud risk’
Suggested action: ARCs should seek assurance on:
Culture reflects the moral values and ethical norms governing how people should behave and interact with each other. It is often argued that high performing organisations have a strong and well-defined culture and hold their people accountable to defined trademark behaviours and conduct.
However, operating in a new, unprecedented environment, whether remote or not, significantly changes how interactions occur and the ability to hold each other to account in relation to trademark behaviours.
To maintain a strong culture, organisations may need to:
Suggested action: ARCs should review steps taken by organisations to assess culture, ethics and support in the COVID-19 environment.
If you or anyone in your committee have further questions, please reach out to your adviser for more information.