COVID-19 is a game changer. Companies have been operating for most of this year in the public-health emergency caused by the coronavirus pandemic, so audits for fiscal years ending in 2020 will challenge outside auditors and in-house accountants in new ways. CPAs Bob Dohrer and Carl Mayes advise auditors to focus on four dangers that make material misstatements in financials more likely than before the pandemic: the risk of employee fraud; the failure of internal controls; the risk of unintentional noncompliance; and the inaccuracy of auditing accounting estimates.
Auditors need to puzzle out employee fraud. Operating in a pandemic increases the risk of fraud, so auditors should be hypervigilant, authors Dohrer and Mayes warn. Employees may be feeling pressure to keep the company viable or to compensate for the lost income of a furloughed or laid-off spouse. Internal-control failures may give them the chance to falsify financials or embezzle in order to relieve those pressures, and they may feel a tendency to justify fraud that benefits their company or family. Another risk is the heightened danger that internal controls on financial reporting—which turned virtual when office work became remote—could fail. The auditor must assess how clients designed and implemented their pre-pandemic controls and, if different, their controls established after the pandemic began. This assessment will impact the remainder of the audit. Auditors discovering substantial flaws and material weaknesses in controls must inform the company managers responsible for governance. A third danger to the financials arises from the numerous small businesses’ applications for US economic-stimulus programs. The risk of unintentional noncompliance with program rules is high because the rules are complicated, applications may be prepared hastily, and accounting departments are unprecedentedly working off-site. Finally, auditing accounting estimates of revenue recognition (especially in nonpublic companies), allowances for doubtful accounts, and goodwill or other intangible assets may be inaccurate. Auditors might have to employ valuation experts instead of looking at historical results or other customary benchmarks.
In-house accountants have a lot on the ball. Blessed with an organization-wide vantage point, in-house accountants are uniquely situated to evaluate how well companies cope with the pandemic, observe CPAs Mark Martinelli, Alfred Friedman, and Joel Lanz. They are tasked with advising on not only financial but also business and management concerns, and advising both managers and the board of directors’ audit committee. (To promote independence, the chief audit executive ought to be a direct report to the audit committee.) Cybersecurity, a constant and escalating danger even before the pandemic, should be a priority. Both British and American cybersecurity regulators have warned about attacks on companies—pharmaceuticals, healthcare organizations, medical researchers—that are responding to the pandemic. The attackers’ goal is to steal personal data in huge quantities, intellectual property, and intelligence. Internal auditors should assess the plans for averting this danger.
Audit committees rely on jacks-of-all-trades. Frequently described as the audit committee’s eyes and ears, internal auditors must be credible, dependable, and able to form solid relationships, remind authors Martinelli, Friedman, and Lanz. During the pandemic, audit committees have been relying on the internal auditors to endorse and augment management’s status reports on the efficacy of plans for handling risk; on compliance with regulators’ demands made more difficult by COVID-19; on identification of temporarily halted control actions and eventual resumption of those actions; and on enhanced supervision of vendors and other outside service providers. Internal auditors are consequently spending more time studying external evaluations and vendors’ reports. One finding is that some vendors are struggling to remain resilient enough to withstand the pandemic’s strain.
New risks could rattle companies. The internal auditors assess the company’s risks and report their findings to the audit committee and other corporate stakeholders at least yearly. At the start of the pandemic, some internal auditors used their proficiency in risk management to assist in solving urgent problems such as delivering services, keeping companies running, and applying for financial relief under the Paycheck Protection Program. Now that companies are turning from addressing crises to revising long-term operational standards, the authors suggest, internal auditors must assess and report the risks peculiar to running a business in the new normal of the pandemic. These vary among industries but could include credit, cyberspace, marketplace, liquidity, governance, and supply-chain risks. Internal auditors are employing all available tools and data—whether generated internally or externally—to look for risk exposure in real time.
To read the full article in Dimensions Vol. 2020, No. 5, click here.
Abstracted from: 4 Key COVID-19 Audit Risks For 2020 Year Ends
By: Bob Dohrer and Carl Mayes
Association of International Certified Professional Accountants, Durham, NC
Journal of Accountancy, August 2020
Abstracted from: The Impact of COVID-19 On Internal Audit
By: Mark Martinelli, Alfred Friedman, and Joel Lanz
Synchrony Financial, Stamford CT (MM); Sterling National Bank, Montebello NY (AF); Joel Lanz, CPA, PC, Jericho NY (JL)
The CPA Journal, June 2020
Reach out to jump start a partnership that will bring speed, security, accuracy and efficiency to all of your complex content and communication requirements.