Vice-President, Products and Services
Canadian Audit and Accountability Foundation. www.caaf-fcar.ca
The COVID-19 crisis is triggering unprecedented and trying times for our society. From substantial risks of overloading the health care system to catastrophic economic hardships, the reverberations of this crisis will be felt for years to come in all spheres of activity. Auditors are also affected and must take stock of how they will manage through this challenging time. We consulted material from various professional audit associations and talked with a number of senior audit professionals across Canada to find out how auditors can deal with COVID-19.
COVID-19 presents auditors with some challenges but also some opportunities. This list is in no way intended to be an exhaustive list of all the issues auditors are confronted with in this time of crisis.
Keep the health of auditors top of mind.
Human resources are audit offices’ best asset. Like for other organizations, the safety of their staff is paramount, and audit offices have acted accordingly. They have rapidly implemented work-at-home solutions with an emphasis on protecting and preserving their employees’ health. As the crisis is persisting, and employees are working remotely and implementing social distancing measures, audit organizations will also have to continue to be aware not only of their employees’ physical well-being, but also of their mental health. Employee assistance programs and proactive efforts to connect with team members to boost their morale are also essential to maintain the workforce and ensure continuity of operations.
Be flexible with auditees.
Transparent and effective communication with auditees is always a priority for auditors. In the time of COVID-19, this is truer than ever. If auditors are wrapping up their audit and validating audit findings, this can probably be done remotely. But if they are starting an audit, it may be more problematic. They may have to moderate their requests for documents and data or allow more time for auditees to respond, especially if auditees are at the frontline of fighting COVID-19. Also, conducting interviews remotely is always a possibility but will be understandably more difficult. In some instances, asking the auditees to complete a questionnaire instead of being interviewed may be less intrusive and more palatable for them. In any event, expect that audit activities will take a backseat and even, in some instances, that auditees will request that auditors stay away for a while. In a time of crisis, flexibility is the order of the day.
Know that technology is the auditors’ ally, with some caveats.
For many workers, technology has been providential in helping to deal with the COVID-19 crisis. Emails, shared drives, team management applications, cloud technologies, and video conferences are allowing auditors to continue to work with auditees and co-workers. However, as the online presence of auditors intensifies, they have to remain vigilant. This increased use of technology will be accompanied by increased technological risks. From the overload of the telecommunication systems to cybersecurity concerns, auditors’ technological capacities will be more vulnerable. Ensuring that communications with auditees and between team members meet confidentiality and security requirements, for instance, could be a challenge. Also, there is an emerging risk of increased social engineering incidents. Phishing attacks masquerading as guidance about the virus are multiplying and can impact both auditors and auditees. It’s essential that you be aware of these risks and have effective communications with your IT services.
Because many entities’ activities and events are cancelled or delayed, it is only natural that the completion of audits will also be compromised. Many audit organizations have already factored this in and are recalibrating their audit plans. Depending on the flexibility of the audit mandate, the legal requirements, the constraints on resources, and access to auditees, auditors will have to be flexible and adjust. As stated above, wrapping up audits may be easier than starting new ones until things settle down. Also, as the crisis lingers, keeping audit teams busy may prove problematic. Some offices may consider assigning staff to begin performing groundwork for upcoming audits, conduct or undertake training (online of course), or form new methodology working groups.
Mitigate the risk to audit quality.
Auditors, being always mindful of audit standards, must crank up their apprehensions about their capacity to collect sufficient and appropriate evidence. This is where the above concerns about technology, auditee relations, and delays come together. Auditors must take a good hard look at what they are capable of doing in these circumstances. One opportunity that delays open up is the possibility of enhancing the quality of the audit by doing more in-depth analysis of the evidence already collected. This could be done by leveraging quantitative data analytics techniques or conducting qualitative analyses that would be too time-consuming in normal times. It is also possible that you will need to re-scope your audit to cover a more restricted span of activities. Professional judgment, as always, will have to be used.
Seize the opportunity to improve your understanding of the audited entities.
Good auditors must constantly aim to increase their knowledge of the organizations they are auditing. Times of crisis have a way of revealing hidden weaknesses and organizational fault lines. This is not to say that auditors must take advantage of audited organizations’ temporary vulnerability by playing a game of “bayonetting the wounded on the battlefield.” But you should remain alert about areas of improvement that may become more apparent when auditees are under stress. In particular, you can learn a lot by observing how risk management, the implementation of business continuity plans and disaster recovery activities, and IT operations and cybersecurity measures play out during this crisis. This may provide ideas for future audit topics.
* Articulo publicado originalmente en: https://www.caaf-fcar.ca/en/performance-audit/research-and-methodology/audit-tips/en/performance-audit/audit-tips/3594-audit-tips-10
About the author:
Yves Genest was appointed as Vice-President, Products and services, effective May 15, 2017, Mr. Genest is responsible for leading the organization’s performance audit and parliamentary oversight products and services, including training, professional development, community outreach, research, and methodology development.
Mr. Genest is an experienced audit professional, having worked in a variety of organizations and offices over the past thirty years. Prior to joining the Canadian Audit and Accountability Foundation, he served as Chief Audit and Evaluation Executive at Shared Services Canada, where he led the establishment of the audit and evaluation function in the newly created department. There, he implemented cutting-edge methodology for systems under development audits, provided leadership on horizontal initiatives involving IT security and disaster recovery with chief audit executives in numerous partner departments, and led on innovation within his unit in the field of audit automation.
Prior to joining Shared Services Canada, Mr. Genest served as Director General, Audit Directorate, at the Public Service Commission of Canada, where he led the establishment of a new audit function, quality management framework, and risk-based audit strategic planning process for the PSC.
Mr. Genest also has extensive experience in the legislative audit community, having worked at the Office of the Auditor General of Canada for over fifteen years, first as a Senior Auditor, then Director of Results Measurement, and finally as Principal, Practice Development. In this latter position, he was tasked to ensure that OAG professional standards, policies and guidance for performance audits met the needs of the Office.
Mr. Genest holds Masters degrees in Public Administration and Political Science.