As COVID-19 rages on, companies continue to go digital. Riskonnect CEO Jim Wetekamp offers guidance on how to conduct successful audits in a remote work environment.
As the COVID-19 pandemic magnifies existing threats and constantly creates new risks for organizations to assess, business leaders are seeking added assurance that appropriate oversight, capabilities and controls are in place – and they are looking to internal audit for help.
With remote work and travel restrictions limiting mobility in many parts of the world, audit leaders are in turn finding immense value in the benefits of going digital: mainly speed, broader stakeholder involvement and robust and centralized reporting. Many risk and compliance teams are finding remote audits to be, in many ways, easier and even more effective than being on-site.
Conducting due diligence digitally, however, comes with a learning curve. Here are four tips to get the most value out of your program, whether your organization has already fully embraced digital audits or you are just getting started on your journey.
1. Continually Reassess Priorities
Evaluate quarterly – or as frequently as conditions dictate – how the pandemic is impacting your internal audit plan. Do you need to focus more on checking internal safety protocols, given the need for PPE and social distancing? With employees working from home indefinitely, are cybersecurity and network redundancy up to snuff?
Audits must account for the way you’re doing business today. And as the pandemic evolves, each month, week and even day could look drastically different. Continually review and adjust your annual audit plan according to business conditions, management requests and industry/market dynamics. Align your team and key stakeholders on the critical and urgent risks right now and focus your attention on auditing the areas and procedures that will protect the business the most.
2. Invest in Tools That Foster Connectedness and Collaboration
Audit is a team-based and relationship-driven function. It’s naturally harder to collaborate and connect with colleagues and process owners when working remotely. Videoconferencing – with screen-sharing, recorded meetings, whiteboard capabilities and more – can remove distance barriers and enable auditors to review procedures or documents together, in real time, just as they would in person.
These tools also help auditors pick up on helpful visual cues typically observed on-site during live interviews. And speaking “face-to-face” helps auditors build rapport and trust with auditees, which is a very important part of the process.
3. Ensure Your Team and Auditees Are Set up for Success
A successful remote audit requires quite a bit of prep work and expectation setting. Obtaining testing data and required documentation can be even more difficult than usual when folks aren’t working in the same building. It’s much harder to chase people down for the information you need when you can’t simply walk over to someone’s desk and ask.
Start off by providing guidance on how to effectively work remotely. Make sure all auditees and stakeholders are aligned on the virtual audit process, including turnaround timelines, what’s expected of them and what they need to share before and after meetings. Let auditees know in advance what your priorities are as part of the audit, the specific documentation they will need to provide and what will be covered during the meeting to allow them ample time to prepare.
4. Say Goodbye to Manual Processes and Spreadsheets
Many teams today plan, capture and track audit activity using spreadsheets saved on various internal network drives. This approach was questionable pre-COVID, and it’s downright ineffective for audits conducted virtually. Audit teams need a centralized way to ensure compliance, gauge progress, evaluate results against past audit scores and hold people accountable for their actions.
Investing in the right technology enables audit and assurance teams to apply a consistent audit methodology, reduce the chance of missing issues and improve the organization’s responses to the constantly evolving pandemic risk landscape. A cloud-based automated system creates a repository of all audit-related information and easily shares it with all involved parties so no one has to chase down needed information. Audit and assurance professionals can be confident they’re basing decisions off the most up-to-date data (rather than outdated emails and files) and can assign colleagues tasks and reminders so nothing falls through the cracks. With advanced analytics and instant visual depictions of data, these tools also eliminate tedious manual reporting, accelerate the audit cycle and free up time for teams to focus on improving audit strategies.
Just as permanent remote work will be an option for many employees post-COVID, virtual audits are likely here to stay. Whether an audit is virtual or on-site, leveraging tools in the right ways can advance the visibility of the audit function among senior leaders. By being able to evaluate the effectiveness of governance, risk and compliance practices faster and more accurately, internal audit can solidify its position as a strategic partner in achieving the organization’s overall risk management and business goals.
