In the new reality arising from COVID-19, business leaders are facing their most difficult challenges in generations and seeking a way forward amid uncertainty. The environment of constant change has shifted the focus areas that need attention from executives, accelerated their decision-making timeframes and changed the risk landscape. Inevitably this also has implications for internal audit, its role and function within the organization.

We have consolidated key insights from discussions with Internal Audit (IA) leaders and Audit Committee (AC) members in recent months and further developed our proposed approach to help support internal audit departments as they navigate the changing risk landscape of their organizations, so that they can have a meaningful impact now and in the future. 

Internal audit’s role in times of business uncertainty

IA’s mission remains to enhance and protect organizational value. However, in times of business uncertainty, this mission is put under extreme pressure and it’s important to clearly define the role and value of IA under these circumstances.

IA can be of great value to an organization by leaning in on the following:

  • Helping business leaders rapidly identify new and emerging risks to assess the level of exposure
  • Participating in steering committees to provide guidance to management on how the control environment may be impacted by decision-making
  • Identifying challenging areas of the business, performing real-time reviews in those areas – including advisory and real-time assurance - and providing innovative recommendations to resolve challenges


IA planning should also be reviewed in light of the new context: the COVID-19 outbreak has shaken up operations across the business, processes have been adjusted, new risks have entered the organization’s risk landscape and changes in the internal control environment have taken place.
It’s important that these insights are clearly reflected in the IA plan.

An illustration of possible IA plan shifts is given below.

possible IA plan

Go forward lessons on audit planning

Now more than ever agility must be embraced and a shift in the risk landscape of an organization necessitates a shift in the audit plan. Internal Audit must ask following questions:

  • What impact does COVID-19 have on the organization’s risk landscape and how can I realign work to the risks that matter most in this new reality?

    The KPMG Risk Assessment Framework will help you identify, assess, document, and manage the fallout from the global impact of COVID-19. The framework contains five primary building blocks —business impact, operations, technology, corporate strategy & finance, and governance & compliance. The underlying elements of these building blocks may vary depending on the industry, which enables an application to all organizations.
    The goal of the analysis is to provide a transparent view on the current risk landscape and to enable the Internal Audit Function to adopt a focused lens on the current critical areas of the organization and to adapt its IA plan accordingly.
  • How can I make my audit planning more agile and flexible so that I can adjust to the changing context?

    Now it is more than ever important for internal audit to be agile. Planning needs to be updated based on periodic or continued assessments and communication with stakeholders. Workplans also need to be executed with clear goals, priorities, and resource planning.
    Read our article “Enhancing value from internal audit”, describing Dynamic auditing which embraces agile auditing.
  • How can I execute my audit plan remotely by making good use of technology tools?

    It is important to set up the remote audit process and related tools as thoroughly as possible, and with long term success in mind - thinking not only in terms of weeks or months, but also years. It might be worthwhile to invest in new technology to better support this process.

Connect with us