Reprioritizing Risks

The impacts of the COVID-19 pandemic are unprecedented. Given the major disruptions the pandemic has caused, many organizations are now in the process of planning their way out of the crisis and resuming activities in their “new normal”.

In the midst of it all, many business owners are questioning whether business risks identified before the pandemic have been adequately identified and analyzed. Moreover, new risks have since emerged and the volatility and importance of other risks have increased significantly. All these elements have an impact on the internal audit functions, particularly on the relevance of the audit plan and the ability to adapt to changes.

The agile audit plan is a recommended solution for internal audit functions that want to increase their impact on the organization and demonstrate greater relevance in their subsequent interventions. With the emergence of new risks and/or the escalation of existing risks that went under the radar previously, the internal audit function, in order to remain relevant, must adapt its audit plan and seize this opportunity to reprioritize certain risks and mandates. The Head of Internal Audit has a great opportunity here to assume leadership in this regard.

Given the speed with which risks and changes materialize, we believe that an agile audit plan will be the new normal in internal audit.

An important prerequisite for implementing the concept of an agile audit plan is to first establish a strategic plan for the internal audit function. Such a plan is the backbone for the preparation of an audit plan that will be beneficial for the organization. The alignment of the internal audit function’s strategic plan with the audit plan is essential. Without a documented strategic vision, the audit plan loses its relevance.

Another of the cornerstones of an agile audit plan is to be constantly on the look out for internal and external changes, both current and future, that have or may have an organizational impact (this is what we call business intelligence!). Finally, another key element is the robustness of the function’s audit universe. If this universe is well constructed, circumscribed and broken down into relevant auditable elements reflecting the organizational reality, it will be easier to select mandates based on the new information obtained.

The continual updating of the audit plan requires the involvement of all members of the internal audit function and a strong willingness to change the status quo and remain relevant.

Specifically, the key steps in the transition to an agile audit plan are as follows:

Agile Internal Audit plan: initial audit plan, continuous business intelligence, identification of new risks, reprioritization of risks on a periodic basis, identification of new mandates, new plan

The concept of having an agile audit plan will become an essential part of the internal audit function, but it is not an end in and of itself. Indeed, in addition to the internal audit plan, there are a number of other aspects which need to be addressed to ensure that the internal audit functions can seize opportunities to do better, more effectively and with continued relevance. One of the opportunities in the near future is to take the concept of agility one step further! Internal audit functions will also be called upon to reflect on agility concepts in the execution of engagements (from planning to report delivery) and to introduce positive elements of agility into work processes.

How can Richter help?

  • Diagnostic of the internal audit function;
  • Preparation of the strategic plan and the internal audit plan;
  • Benchmarking exercises;
  • Input toward best practices and trends;
  • Analysis of the impacts of the pandemic crisis on your strategic plan and your internal audit plan;
  • Risk assessment methodologies;
  • Training, working sessions and workshop facilitation;
  • Transition from the traditional audit plan to an agile audit plan;
  • Transition to agile work methods and mandate implementation.