New Normal Means New Priorities for Chief Audit Executives

This is the second in a series of forward-thinking pieces DHG is sharing with our clients to help them prepare for the new normal.

With disruption comes opportunity, and we are focused on helping our clients seize these opportunities while responding to the events of the day.

Although the ink on 2020 audit plans is just beginning to dry, audit committee chairs will be changing priorities as organizations move to what we can refer to as the new normal. There are three areas in which most chief audit executives (CAEs) will be asked to focus: business continuity, supply chain resilience and fraud risk. 

Almost every organization has activated their business continuity plans, and senior leaders and boards are closely monitoring the results. In the near term, there will be plenty of anecdotal feedback on what worked, what did not, who was prepared and who was not. When we cross the bridge to the other side, learning organizations will want more than anecdotal evidence of how things worked and more importantly, what can be done to make things work better in the future.

Audit is well suited to provide an independent evaluation of an organization’s business continuity response, identify gaps and make recommendations to improve the plan going forward. Key questions audit committee chairs should be asking include:

  • What worked well?
  • What did not work as expected? Why?
  • With the benefit of hindsight, what was missing from our plan?

To be sure, each crisis is unique, but it is clear that leaders brought the lessons learned from 9/11 to bear in mind during the current situation. Today’s leaders will also bring the lessons learned in 2020 to future crises. What lessons have you learned?

Now is the time to evaluate the resilience of supply chains. For many businesses, COVID-19 was a supply chain issue before it became a business continuity issue. As China began to respond to COVID-19 locally, the disruption was felt across the world. Trade tensions between the U.S. and China have led to similar, although less significant, shocks to supply chains over the past couple of years. 

Audit has long considered third-party risk management with an eye toward vendor vetting and onboarding. Now it is important for audit to consider concentration of suppliers, geographic diversity throughout the supply chain and risks associated with tariffs. By identifying and quantifying risks to the supply chain, audit can provide practical advice to management on building a more resilient supply chain that is ready for the next shock.

Fraud is the perennial favorite of risk prognosticators – fraud occurs in good times and bad, making it an easy pick. Of course, pressure to commit fraud increases in times of financial distress, and there is clearly plenty of distress to go around with some sectors like travel and hospitality feeling the effects more than others. Fraud risk should be key in any audit plan or enterprise risk assessment. Advances in data analytics allow organizations to assess the areas of risk better than ever before, so CAEs should consider utilizing whole-ledger analytics, expense report analytics and other data analytic and artificial intelligence tools to identify and measure fraud risk and respond accordingly. 

Some day COVID-19 will be history, but the lessons learned can having lasting impact. CAEs and their teams can play an important role in formalizing and adopting these lessons. DHG stands ready to share the lessons we have learned and help our clients seize the opportunities that will present themselves in the new normal.

Related Knowledge Share