Navigating the risk and control challenges presented by COVID-19

We surveyed more than 100 US audit committee members to better understand how COVID-19 is impacting their committee oversight and operations. Key findings from the survey, recently published in Challenges presented by COVID-19, that are highlighted here may be helpful in focusing audit committee conversations with auditors and management in the months ahead.

There is an increased emphasis on disclosures. The uncertain trajectory of COVID-19 on the economy—coupled with the extensive use of forward-looking information in financial statements and U.S. Securities and Exchange Commission filings—has made disclosures regarding COVID-19’s current and potential effects a top area of focus. Not surprisingly, 79 percent of audit committee members surveyed said disclosures regarding the current and potential effects of COVID-19, including risk factors, management discussion and analysis, liquidity, financial statements, and known trends and uncertainties have been the subject of substantial discussion. Other issues include preparation of forward-looking cashflow estimates (48 percent), and impairment of nonfinancial assets including goodwill and other intangible assets (43 percent).

Companies are reassessing, enhancing, or establishing new internal controls. With many companies transitioning rapidly to remote work early this year, and with some now preparing to reopen, the most commonly cited disruptions prompting a closer look at internal controls include return-to-work plans (73 percent), information technology system access and authentication to enable a remote workforce (69 percent), and cybersecurity (56 percent).

Internal auditors are adjusting their audit plans and activities. More than half of audit committee members surveyed (58 percent) reported that the company’s internal audit (IA) function has shifted its focus to identifying emerging risks posed by COVID-19, while 56 percent said IA is reviewing management’s assessment of those risks, 40 percent said IA is assessing incremental fraud risks posed by COVID-19, and 39 percent said IA is assessing return-to-work plans.

Environmental, social, and governance (ESG) issues will get significantly more attention from the board. In response to COVID-19 and recent protests against systemic racism, survey respondents cited as areas for greater board focus employee/workforce health, safety, and well-being (85 percent); diversity within the company, including the boardroom (56 percent); supply-chain resilience, including health, safety, and well-being (53 percent); and corporate reputation among stakeholders (39 percent).

COVID-19 has prompted many audit committees to reassess the scope of their agendas and risk-oversight responsibilities. Beyond financial reporting and related control risks, most audit committees cited substantial oversight responsibilities for a range of other risks related to COVID-19, including financial risks (83 percent), legal and regulatory compliance (70 percent), cybersecurity (62 percent), and data privacy (42 percent). Most survey respondents also reported that the remote work environment necessitated by COVID-19 has had little impact on the efficiency and effectiveness of their interactions with management and with internal and external auditors. While this finding bodes well for the financial reporting process, audit committees will need to stay vigilant as companies navigate the uncertainties ahead.