Internal Audit Challenges, during Covid-19 crisis
It is a great opportunity for Internal Audit role and function to be stronger and professional, to really add value to managements by protecting and improving our organizations by being healthy businesses with new controls and risks frameworks, but in the same time flexible and effective. Dorida STAMBOLLA *Head of Internal AuditRAIFFEISEN BANK ALBANIA The coronavirus pandemic is causing not only a public health crisis but bringing with it a great economic and financial shock with enormous challenges. Gross domestic product (GDP) is expected to significantly impact the worldwide economies. The magnitude of the contraction in each country will depend on how successful that country is, in limiting contagion and preventing second or further waves of this virus/es, the duration of the measures implemented to limit social contact to home-office continuity and the effectiveness of the actions taken to support the economy.The remaining uncertainty on the severity of the crisis, the length of recession and the speed of recovery will make it difficult to assess the potential impact of the crisis on the banking sector. Nevertheless, the focus will now be on the re-opening of the economies, businesses, and banks (with new present risks of health and safety, compliance, legal, security, technology, operations, and fraud etc.)Working in the office or in a remote environment does no longer differentiate, as the meeting point with our customers/colleagues/auditees, is the online platform, as the new way of working and providing advice & recommendations to make better processes with efficient controls.In contrast with other previous crises (2008/2009), banks entered the health crisis with strong capital and liquidity and managed the pressure on operational capacities, by activating their business contingency plans. Nevertheless, it’s obvious that crisis is expected to affect asset quality and, consequently, profitability of banks going forward by growing non-performing loan (NPL) volumes.Steps to transition toward “a new normal”, guided by health principles and economic considerations will be from now on, the focus of bank’s managements. The path from post-lockdown to “business as usual”, via lessons learned, will lead to new ideas and opportunities. The same applies to the Internal Audit role. Hence, it’s important how to mitigate risks on a new designed control environment, educate stakeholders on changes of processes, procedures, platforms, being more pro-active, involved, and trusted advisor to our managements. The 3-lines of defense will need to further improve cross-functional communication and collaboration, since risks and controls have now changed and adapted to the new situation. Based on our experience, internal audit did not have to move to the 1st or/and 2nd line of defense, that would jeopardize its independence.Now it is time to transform and digitalize our Internal Audit function. We all work distantly and remotely, but we should stay connected, since tools and technology are widely available, move forward by understanding changes within organizations, reviewing and adapting our risk assessments and plans, be agile by prioritizing our audits and our own processes, use data analyses on our daily work (robotic analyses, business intelligence), explore new skills of our employees and identify talents on our teams, use launched on-line trainings, transform our technology, help our organization and clients through all these new challenges.With the “new normal” – distant/remote auditing, we need to ensure, if there are audits that have fixed deadlines set by regulators, for which we need to keep going on, as long as no additional information on postponements/new final deadlines from regulators, are communicated. There might be audits in areas which are crucial and very busy on business and operations activities, for which postponements and reshuffling of the audit plan might be the best solution. Therefore, new risk assessments need to be used. Based on experience, a solution can be audits, applied in a different mode, such as: reduced and focused scope, reshuffling timelines, etc. Yet, this is dependent from the organizational structure, audit division, as well as the auditees’ units. Therefore, we need a case-by-case approach and prioritize, by being more flexible, in contrast with our traditional approach and plan. Now we could utilize the use of “remote audits”, not only during preparation and drafting phases, but also on the “on-site period” with online interviews and verification, audit documentation checks and samples, etc. Working in the office, or in a remote environment does no longer differentiate, as the meeting point with our customers/colleagues/auditees, is the online platform, as the new way of working and providing advice & recommendations to make better processes with efficient controls.May is the International (global) month of awareness about the profession of the Internal Audit within the Organization. As such, several events are organized worldwide, accordingly. We are a considerable community of internal auditors, also here in Albania, both in the private and public sector. On-line meetings, webinars, sharing experiences etc., have been organized by AAB, AIIA, universities etc., with the main aim to stay connected, adequately manage such situation and promote Internal Audit profession.According to the Definition of Internal Auditing in the IIA's International Professional Practices Framework (IPPF), … “internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”.These are extraordinary times which requires extraordinary leadership and professionalism. It is a great opportunity for Internal Audit role and function to be stronger and professional, to really add value to managements by protecting and improving our organizations by being healthy businesses with new controls and risks frameworks, but in the same time flexible and effective.As Socrates says... “the only thing I know is that I know nothing… and that your controls are abominable” or Voltaire says… “if Internal Audit do not exist, it would be necessary to invent it”! * Chairwoman of Internal Audit Committee on the Albanian Association of Banks (AAB).Board member to the Institute of Internal Auditors profession in Albania (AIIA).