Internal controls: COVID-19 considerations for auditors

High quality corporate reporting that includes disclosures of timely, reliable, insightful information is critical in the current environment. Auditors act as part of a financial reporting ecosystem that includes management, those charged with governance (TCWG e.g. boards, audit committees), regulators, standard setters, investors and other stakeholders. The purpose of the financial reporting ecosystem is to produce corporate reporting that is complete, accurate, and transparent. The foundation for the financial information is a sound internal control environment maintained by management and overseen by TCWG. One of the roles of the auditor is to understand an audited company’s internal controls as part of determining the nature and extent of procedures to perform in order to evaluate whether the company’s financial statements are fairly presented.

Considerations for companies

A company’s management and TCWG should consider the broad implications of COVID-19 on the company’ internal control environment, including management’s ability to complete its financial reporting process and prepare financial statements on a timely basis. The downloadable report provides examples of impacted areas and key questions for companies to consider.

In addition to the increased complexities created by the current environment on developing estimates and making going concern judgments, there may be increased pressures and opportunities to commit fraud. While the risk of fraud is typically not a new risk, COVID-19 has caused significant operational and financial disruption, resulting in increased pressures on businesses, their employees and their stakeholders. Weakened internal control environments where key control owners are working remotely or have been fired or furloughed, combined with situations where companies, their supply chain and customers may be distressed and struggling financially create opportunities for fraud – whether that is through manipulation of financial results, misrepresentation of facts or misappropriation of assets.

In accordance with most accounting and auditing frameworks, the primary responsibility for the prevention and detection of fraud rests with both management and TCWG1 of the company. Companies typically have a process in place, monitored by TCWG, to identify and assess risks and ensure there are controls in place that prevent and detect misstatements. Management and TCWG should assess the heightened risk of fraud presented by the COVID-19 environment and ensure their control environment is able to mitigate such risks, including re-evaluating their fraud risk assessments in response to the current environment and throughout the year as circumstances change.