Limited functionality available
Why is QA important?
The remit, scope and approach of audit functions is under increased pressure, with internal and external stakeholders looking to Internal Audit to play a vital role in providing robust, timely and valuable assurance over the response of controls and governance to the volatile risk environment brought about by COVID-19. As a result, the importance of a high quality Internal Audit function has never been higher.
In addition, in much the same way that Internal Audit teams are providing assurance over how businesses have adapted their control environment as a result of COVID-19, Audit Committees and stakeholders want assurance that the Internal Audit control environment has evolved appropriately, with audit quality being maintained. In response, IA functions are refreshing their approach to QA.
Going beyond assessing audit quality and promoting a culture of continuous improvement, QA should be used as a tool for providing timely insights into the impacts of remote audit working, identifying real-time improvement opportunities, and sharing best practice to support teams as they settle into new ways of working.
As noted in our previous blog [Re-thinking Internal Audit’s remit post COVID-19], the impacts of the global pandemic have provided new opportunities for IA functions to add more value around assurance, improve the advice they provide and increase their anticipation of risk. With functions responding with new audit approaches and the increased provision of real time, “advisory” or “in-flight” opinions, the inherent risk within Internal Audit delivery models has increased. As a result, there is a significant need for real-time assurance around the quality and impact of these new ways of working, making sure that they are driving the value and impact of Internal Audit forward, while providing the right assurance at the right time to all stakeholders.
Internal Audit are also experiencing the same challenges as other parts of the business, with prolonged periods of remote working and the function having to respond quickly to the dynamic and uncertain risk landscape that their business is operating within.
Whilst many IA functions are used to working remotely, the current prolonged period of remote working has restricted the ‘organic’ and informal face-to-face office interactions. As a result, sharing experiences, best practice and business insights between team members requires more discipline. The virtual office environment also introduces the potential for staff to suffer from isolated working and ‘home working fatigue’ which negatively impact on Internal Audit’s culture and quality. In this environment, QA offers a valuable avenue for communication and education. It provides a mechanism for identifying and sharing best practice and insights across the entire IA team, as well as addressing areas of audit need and audit quality.
The impacts of COVID-19 are continuing to evolve at pace, exposing organisations to new, complex and rapidly evolving business risks. As such, Internal Audit must continue to respond and focus on the key risks, whilst delivering assurance in a way that is sympathetic to the operational challenges faced by management. This is where QA can be of real value; providing real-time assurance over Internal Audit’s response, objectively concluding on the quality of the audit scope, approach and conclusions.
What should QA be doing in response?
Now more than ever QA programmes need to go beyond retrospective file reviews of methodology compliance and should cover all aspects of the Internal Audit cycle. They should also be responsive and tailored to the emerging risks associated with Internal Audit delivery in a global pandemic.
As a result, QA programmes should consider including:
Covering these elements allows QA to become a more effective tool in facilitating positive change; keeping Internal Audit teams focussed on what matters, identifying real-time learning and development opportunities, and supporting the continuous the improvement of Internal Audit. This will help ensure Internal Audit departments remain fit for purpose in the current environment, as well as ‘fit for the future’ as businesses work through the impacts of the global pandemic.
Matt Cox is a leader in Deloitte's insurance internal audit and controls advisory team in the UK. Matt has 17 years of experience working with internal audit functions at insurers and other financial service organisations and has performed senior internal audit roles at a number of large insurers.
Marc has over 14 years’ experience leading internal audit, assurance, SOX and regulatory compliance engagements in both industry and professional practice. Marc is part of our financial services internal audit leadership team and leads our team in Scotland, providing co-sourced, outsourced and External Quality Assessment services to financial services organisations. Marc also leads the our Internal Audit Quality Assurance team, providing independent Quality Assurance support to a number of financial services internal audit teams across the UK.