The new norm
Although it is still unclear how the world will emerge from the significant challenges that COVID-19 has presented, hopefully more resilient, there are some basic questions that require immediate action and re-calibration from Internal Audit leaders. There are new questions as to how internal audit should focus in light of the COVID-19 impact on the organization:
- How relevant is the current audit plan and what parts of it require recalibration?
- How does Internal Audit keep pace with the speed of changes occurring in the business, including changes in the control environment?
- How does the department pivot to help the organization address new business risks?
- How does an internal audit team better use technology and data to gain insight?
It appears that we are at an intersection, and there is a viable response to these questions. That response presents itself through Internal Audit taking a more data-driven approach that monitors and takes action quickly to help the organization navigate the risks created due to COVID-19. This can be achieved through a simplified continuous risk assessment (CRA) through use of technology to monitor risks created due to COVID-19 through an internal audit lens. We believe this is a transformational moment for Internal Audit departments. The KPMG Internal Audit team has extensive experience structuring and executing a useful dashboard to enhance the role of internal audit in the organization’s overall response.
The current opportunities to use a simplified CRA approach to address risks created by COVID-19 is not dependent on whether you have performed a data-driven risk assessment similar to CRA in the past. Such an assessment would focus on what is not working as well as what is working in our new reality.