Top 7 Key Risks to Consider by Internal Audit during COVID-19

The Novel Coronavirus has been declared a global pandemic by the World Health Organisation (WHO). The coronavirus cases have reached above 2 million, with more than 140,000 deaths globally as of today, i.e., April 18. Governments all around the world have imposed lockdowns and social distancing measures that are drastically affecting not only small businesses but global economies. If the situation continues, the world will face a financial crisis worse than that of 2008.

In order to prepare for the adverse impact of the virus, internal audits can help companies with risk management strategies. A practical and sound risk-based internal audit plan is one of the critical components of a strategic business plan. In order to have a comprehensive strategic assessment during the crisis, companies should understand the underlying risk drivers as well as their potential impacts on the business.

7 Key Areas that Internal Audit Should Consider During COVID-19 Crisis

Traditional Internal Auditing (IA) functions focus primarily on compliance and control systems. However, modern IA understands the company’s risks and identifies emerging risks to add value to the business. Here are some of the key emerging risks that IA should address during the global coronavirus pandemic.

Digitalization and IoT

There is growing pressure on the efficiency of operations that are driving organizations towards digitization and automation. Some of the key benefits of digitation are increased level of transparency with less human intervention, and decentralization of decision making through machine learning. This reduces the chances of human error and white-collared crime.

Internal Audit can assess whether business plans for digital transformation are up-to-date, and appropriate governance and control frameworks over the digital system are being implemented. You can also consult auditing firms to outline any risks and opportunities for the automation process and provide assurance.

Cloud Computing

Cloud computing refers to service where data is stored online and can be accessed remotely. Some of the benefits of cloud computing are its scalability, increased mobility of information, and business continuity in case of any emergency or a crisis like the current global pandemic. However, without proper security measures, cloud computing may increase exposure to operational and financial risks.

Internal Audit can be helpful by performing an independent assessment of a third-party cloud service to identify any possible risks and contractual compliance. They can also assist the organization in creating an ideal cloud computing framework with a crisis management strategy in place.


In today’s digital world of connectivity, cybersecurity is the focal point for organizations. It should be your company’s top priority, especially at a time when the coronavirus crisis provides a perfect opportunity for hackers to breach data security. Von der Leyen, president of the European Commission, says, “These people follow us online and exploit our concerns about the coronavirus. Our fear becomes their business opportunity.”

Internal Audit can perform a cybersecurity risk assessment regarding best industry practice and provide recommendations for improvement. Once the risk assessment is done, you can implement cybersecurity models such as enhanced security breach detection, data encryption methods, and multi-layered defense.

Business Continuity and Crisis Response

The majority of the organizations have disaster recovery plans and business continuity strategies that have been put to the test during the coronavirus outbreak. Companies with outdated crisis responses are forced to shut down due to poor planning. Internal Audit can assist the company with an up-to-date disaster recovery plan by reviewing the entire crisis management system.

As the business environment is continually evolving, similarly nature of the crisis is also changing. Before the coronavirus outbreak, no company had planned for a crisis of this magnitude. Businesses don’t know how to operate with state regulations of social distancing and quarantines. Therefore, an internal Audit can help the company by assessing its readiness for a crisis and also stop a financial crisis from happening due to the increased volatility of the global economy.

Data Analytics

In recent years, the use of data analytics has changed the way companies assess information and monitor risks, thus providing a higher level of assurance. Companies can benefit from this, especially during crisis and some of the benefits are:

  • Real-time, continuous data monitoring
  • The increased overall efficiency of audits
  • A more in-depth analysis of risk areas
  • Early detection of potential fraud and financial error.

Auditors can assist in the automated data transformation and extraction process throughout the firm. They can also develop a data-analytics run audit designed to analyze the root cause of a problem and take action to mitigate risks efficiently.

Treasury Management

The role of treasury management at any organization is to develop sophisticated payment systems due to the increased prevalence of fraud, especially during a crisis as the current pandemic. Internal Audit should aid the company by introducing new payment technology such as Blockchain or Instant Payments to help the organization remain competitive.

Internal Audit should do an independent review of the company’s financial risk management structure and focus on transparency, so certain parties don’t take advantage of the crisis. During the coronavirus crisis, there are greater volatility in foreign exchange (FX) rates, which means your company should use dynamic hedging strategies to stay on top of the industry.

Compliance Management System (CMS) and the Organization’s Culture and Ethics

When it comes to managing an organization’s risks and ethics, there are a lot of things to consider, like the effectiveness of anti-bribery and corruption compliance, emerging compliance risks when it comes to business acquisitions and third-parties, and misconduct due to poor corporate culture.

At times like these, the internal Audit should conduct a gap analysis of regulatory practices of anti-corruption to strive for ISO certification. Evaluate whether current performance measures are effective in preventing and detecting fraud and corruption in the company. You can also use data analytics or best accounting firms in Dubai to identify bribery and corruption risks in your firm.

Get Planning and Outsource

Now is the time to take action and start implementing your risk management strategies to stay afloat. You can also outsource auditing partners and accounting firms that can act as a sparring partner for all issues related to the crisis and support internal audit functions.

Micro assessment is overwhelming at times, so make sure to get assistance from the best auditing firms to exploit the full potential of your internal Audit.

More recommended:

Which areas does every VAT Consultancy cover?

Things to consider before choosing an audit firm

The VAT on real estate supply in the UAE

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s