COVID-19 is changing everything, from the process to the environment but this uncertain time is also giving you enough time to review your built-in or internal control. The Audit session for the Financial Year 2019-2020 is not too far and it is the time when the team with financial responsibilities need to provide comfort and assure their Audit Committees, Statutory Auditors and Boards that their company has Internal control systems placed and operating effectively.
The Internal Audit team, Control Owners, Finance teams, and Management need to analyse the scope of the search results of Internal controls over financial reporting (ICoFR), it is a management responsibility programme to analyse the impact and to control the environment and evidence and with it assures the adequacy in the completely new circumstances.
Here we present a long list of questions that can be considered by the Finance Teams to analyse the year-end positions:
‘Segregation of Duties’ resulting from workflow changes during COVID:
Companies are forced to adopt working from the home initiative and the impact of remote working on approval procedures and documentation:
- Did you adhere to the Standard or regular financial close checklist on March 31, 2020, and were all work procedures according to the document?
- Does the approval procedure take remote working capabilities into account?
- Remote working can bring a workaround procedure and access control. Does your work control get affected by them? Have you reviewed the solidity of the access rights of the team and potential struggles that may occur due to the emergency?
- Does your ‘delegation of authority’ manual have the capacity to consider the fact of absence of key resources?
- Have you gone through your IT General Control post-shutdown for Coronavirus?
Revenue Recognition at a time of Supply Chain Disruption:
- Are the Orders of Open Sales are still valid and can be applied? Are your customers promoting any force majeure clauses in their agreement?
- Have you analysed whether your incomes were stable during the period of displacement or not?
- Have you estimated the revenue before leaving the port and did you “dispatch”? does your revenue recognition still get activated in the case of “Bill and Hold” transactions?
- If the revenue booking is based on the “percentage of completion”, have you reviewed the estimates to know the progress?
Inventory
- In the current situation when there is a huge stress on the Supply chain, Have you analysed the procedures which are concerned with the movement of inventory and its estimated value?
- When the Supply chain is disrupted, Have you assessed the value of the ‘in-transit’ inventory?
- Have the uncertainties been covered under relevant, sufficient and timely Insurance?
- Do the inventory verification procedures feature internal controls over more verification processes?
- Is your roll-back process for verification measurements sufficiently strong?
- are the lock-down costs considered “absorbed” or does it leave or fall on P&L as an unusual (abnormal) cost?
- Have you reevaluated any serious contracts and what effect they can have on valuations?
Property, Plant and Equipment:
- Does your physical verification process change for PP&E?
- Do your ICoFR measurements or program take care of the evaluation of triggers for asset impairment testing?
Receivables
- Has your ICoFR program analysed all the major customer credit risks?
- Is there any additional or extra factors you want to add in your customer credit control procedure to maintain their performance and efficiency during these unfavourable situations?
- Is there any requirement to redo your customer credit assessment, because there can no longer be any beneficial element in the past 12 months ’ history?
Read Also : ICAI is going to set up Centre for Audit Quality in Jaipur
- Does your Treasury control consider the evaluation of the triggers of any “at-risk” debt covenant?
- How does your program factor in the Treasury risk around your current credit line?
- Have you analysed and found any triggering activities or events for any performance guarantees or Force Majeure clauses that are trying to get in?
Employment Benefits:
- Do your risk programs find out and make changes in the actuarial beliefs and disclosures?
- Have you appropriately insured your employees towards the government norms, guidelines and Criteria?
- Have you analysed the requirements for Keyman Risk Insurance?
Third-Party due diligence:
- In case some of the tasks or activities have been outsourced then do you have proper information about the capability of the contractor or service provider to operate the control that matters for your business? Have you asked the contractor about SSAE-18 SOC1 or SOC2 reports? If not, then what measurement you are going to apply to test the effectiveness of controls so you can rely on them?
Fraud Risks:
- Does your control program evaluate the changes in areas where you rely on ‘physical’ or ‘manual’ control?
- Have you evaluated the need for management overrides where being present in the physical was not possible?
The ‘FinYes’ Perspective:
Internal controls over financial reporting (ICoFR) is something like a management responsibility and when everything is trying to move toward normalization, it is the best time when each ‘level of defence’ within the management need to take some brave and important steps to ensure timely compliance.
Control Owners | Internal Audit | Management |
# Update the Risk and Control Matrices (RCM] due to changes in workflows and approvals.# Go beyond your ‘key controls’. Assess all your controls in the changedEnvironment.# Relook at the SOD triggers to evaluate new Fraud Risks. # Relook at the impact on IT and General Controls and enhance their robustness. | # Test afresh and identify vulnerabilities in your processes and controls.# Plan to leverage analytics tools to test and confirm the strength of your controls.# Agree with the management around the protocols and sufficiency of the self-assessment and testing mechanisms. | # Scope out the criteria and discuss with your Board if they feel comfortable in relying on your controls programme for them to sign off on the Director’s Responsibility Statement. # Agree with your Board and Statutory Auditors on the overall completeness and effectiveness of the ICOFR program as you head into statutory audits for FY 2019-20. |