The Covid-19 pandemic has resulted in unparalleled business disruption on a global scale, transforming workplaces and challenging operations. This has forced businesses to adapt their ways of working and re-imagine their risk landscape as they increase resilience. There has been a rapid shift to remote working, recovery, and rebuilding of supply-chains, re-evaluation of customers and suppliers, cost containment, liquidity constraints, and increasing regulatory requirements, amongst other challenges.
Risk and assurance leaders within the risk management, internal audit, and compliance functions, amongst others, should be repurposing and repositioning their activities to support the business in anticipating and responding to these challenges and risks arising during the crisis, restoring operations in a controlled manner, and positioning the business for the ‘new reality’.
The Covid-19 Business Response Framework developed by Procursus and Turricula will help your company’s assurance activities transition to the new reality in a structured and focused manner, moving from crisis reaction to actively achieving success. The framework provides a roadmap that enables stakeholders in these key leadership roles to Act swiftly and pragmatically in response to the crisis, stabilise and Restore business operations, and position your business to Flourish in the post-pandemic new reality.
Act with Urgency
Risk management, compliance and assurance professionals must ensure that they understand the impact the Covid-19 crisis has had on the business as well as on the governance and control environment. They should be directly involved in the establishment of an effective response and recovery plan.
As businesses return to scale, risk, compliance, and assurance leaders must Act urgently to assess the impact on particularly the following challenges triggered by the crisis:
– Regulatory compliance and Covid-19 regulations
– Finances and liquidity
– Critical processes, personnel, functions, products, and services
– Legal and contractual liabilities (including negligence)
– Diverse multi-stakeholder environment (employees, customers, suppliers, industry bodies, and authorities)
A repurposed and repositioned internal audit function can help business leaders to identify and respond to existing and emerging vulnerabilities and to provide ongoing risk advisory support by refocusing the audit plan.
Internal controls should be re-evaluated, revised, and reinforced in alignment with the new ways of working and the associated risks arising, and the risk assessment, and business continuity management and recovery plan critically reviewed and updated.
Restore Business Operations
As businesses Restore their operations and adapt to the ‘new reality’, policies and communication standards should be reviewed and updated to reflect the new way of working to ensure engagement, productivity and collaboration, and to safeguard company assets. Cybersecurity and the security of data and information risks will be elevated with a distributed workforce. A strengthened and transparent control environment is required to mitigate risks arising from remote working. Risk leaders must perform regular scenario and contingency planning related to ongoing cost, revenue, and liquidity risks to keep pace with the rapidly evolving risk environment. Risk assessments should be reviewed, third party impact analysis performed, and the governance and internal control frameworks re-evaluated.
For the internal audit activity to respond effectively to the changing environment and provide the breadth and depth of assurance required, it needs to become more agile, leverage automation and digital innovation, and strengthen its analytical and business knowledge, serving as a trusted partner to the business.
Position to Flourish
As organisations prepare to Flourish in the ‘new reality’, with a refreshed strategy and business model, the assurance activities will need to adapt and align their scope and focus with the strategic initiatives and objectives of the business.
Business and Risk leaders should also refresh the following business response criteria to incorporate lessons learnt from the crisis:
– Business continuity management plans
– Crisis management plans
– Risk intelligence mechanisms
– Risk management and risk assessments
– Long term plans with key stakeholders
By leveraging digital innovation, and existing technology and data analytics platforms internal audit can continue to enhance its effectiveness and agility
The governance and internal control framework should be optimized against the updated risk assessment, operating model and the ‘new reality’. Going forward risk management, internal audit and compliance must work together to provide forward-looking, reliable and proactive combined assurance, to deliver a single version of the truth to senior management and the Board.
The Covid-19 Business Response Framework guides your organisation in repurposing and realigning your assurance activities to anticipate and respond (Act) with urgency to existing and emerging threats during this time of crisis, support the stabilization and restoration (Restore) of your business operations and become agile and strategic partners as you position your business to Flourish in the ‘new reality’