Uncovering Procurement Excellence

A definitive to solve your procurement issues

Re-Assessment Of Risk Post Covid- Must For CFOs And Auditors

blog dateMay 08, 2020 | 9 min read | views 8339

The COVID-19 outbreak incident surfaced in Dec 2019 and the condition has continued to evolve throughout after April 30th, 2020. The lockdown has eased in certain parts of the country based on the zone ratings. However, the overall risk remains high.

Finance & accounting along with internal auditing will have to undergo a sea of changes to keep up with this pandemic. This publication covers key areas to be considered during and after the pandemic by CFOs and Internal Audit professionals.

1. Pandemic risk not covered as part of Enterprise Risk Assessment

Your Company is not the only one who has not covered the pandemic as part of the Enterprise Risk Assessment. However, you must need to response faster now. Below are the key actionable strategies for such a scenario:

  • Customer engagement should be the priority. Clear and factual communication should be established with customers on a regular basis. Inputs/queries from the customers should be responded to in time with clear facts.
  • Workforce protection will ensure that employees are taken care of. Clear and precise communication should be maintained with all employees on dos and don'ts during this time while explaining what the company is doing to take good care of them. Further, every employee's needs, health and safety, and fears should be addressed in a consistent manner.
  • Supply chain should be stabilized by connecting with the existing suppliers while identifying alternate sources/suppliers and minimizing the lead time for supplies.
  • Stress testing of financials will be important to understand how long the company can survive and what can be done to improve the situation. Different scenarios with a mix of revenue, receivables-collections, Govt. rules/ guidelines, credit period, fixed cost, variable cost and commitments need to be considered.
  • A single source of truth from the company is going to be a major binding factor. The employees, the customers, the suppliers, and other parties are going to rely on it and assess the company's situation during these trying times.

2. SOX/ IFC/ ICFR program adjustments

  • Reassess scoping based on the Q4 2019-20 no. and consider the impact of COVID-19 on estimates.
  • Business Continuity coverage of financials and relevant data should be assessed.
  • Delegation of authority (DOA) should be re-assessed and steps should be taken to flatten it.
  • Reduced staff availability should be factored into the planning.
  • Outsourced service provider (OSP) SOC reports are to be reviewed thoroughly. Pass on key concerns on COVID-19 with OSPs.
  • Reassess controls as to whether they can be performed from different geographies.
  • Remove single-person dependency.
  • Recording control activities (like covering meetings, and reviews) with the right individuals as audit evidence. This should be done after considering the company?s policies and the law of the land.
  • Move from paper-based entry to digital entry and digital approval (date, name of the reviewer and time). If required implement some automation tools for your business process with Procurement to Pay software, Project Management Tools, Compliance Management Tools, Vendor Management Software and others.
  • SOD conflicts may arise due to business needs but audit trail should be present. Good cloud ERP will be handy in these conditions.
  • Management override checks should be monitored frequently.

3. Contract compliance, modification and termination

  • Review whether a tracking mechanism for contract compliance is in place and operating effectively. There are many compliance management software in the market and you can take the advance of the same to manage your contract compliance.
  • Reassess contract clauses for relief during this time (like termination rights, disaster recovery and business continuity, notice, force majeure, insurance).
  • Analyze contracts which can be modified to meet:
  • Revised business plan,
  • Govt. guidelines (like delay in rent collection, salary deductions and employee termination).

4. Business continuity and disaster recovery

  • Tone at the top covering communication with customers, employees, supply chain vendors, local communities and law enforcement authorities.
  • Business plan will need revision considering reduced staff, business trends and flattening of DOA.
  • Reassess customer/business trends cutting down on production; re-forecast your capacity and resource requirements.
  • Manuals/SOP to be updated with relevant BCPDR steps and the same should be easily accessible. Many Cloud ERP software has inbuilt function of managing SOPs at user role level.
  • Use space on the local drives/shared drive/cloud to store daily work of all employees. Project Management software can be very useful in these moments.

5. IT security and automation opportunities

  • User access control - request and use of such controls to be monitored. Your ERP must have option to monitor and approval process to change any user role and track those changes.
  • Constant communication for cyber awareness, threat detection, practical examples and responses to promote proactive identification of malicious activity.
  • Security of Company data while using hand-held devices should be assessed.
  • Data security and integrity during transit.
  • Adequacy of licenses and third party applications should be done periodically.
  • Assessment and action on automation opportunities.
  • Financial transformation processes should be activated and tested now.

6. HR management

  • Remote working will require clear guidelines and reliable technology. Cloud Software has become an item is necessity now.
  • Flexible working hours should be incorporated in day-to-day work.
  • Absenteeism/productivity will need a new definition and new set of rules.
  • Contract employees are going to be a new norm among companies who need a specific skill set only for a particular period during the year.
  • Employee goals, manpower-budget and hiring policies will need revision. Candidates with an aptitude to work remotely will be preferred.
  • Communicate effectively and often with employees.

7. Adjustment to internal audit plan

  • Internal audit plan to be revised wherein new items which are now relevant w.r.t. COVID 19 will be scoped in and items not relevant now will be scoped out/ frequency will be adjusted.
  • Plan the audit calendar with fewer employees.
  • Use of technology, data analytics and electronic work paper has to be incorporated.
  • Develop steps which reduce interactions/inputs from Business personnel.
  • Consider adopting an agile internal audit plan wherein a short term plan is developed for key risk areas with tight schedules. This will help the company match their pace with the fast changing risk environment.

8. Compliance management

  • Tracking of changes to Finance Act 2020 and other relevant acts (like indirect tax, local laws, relief provided by Govt., SEC) should be done on a real time basis.
  • Tracking compliance with all laws and regulations and non-compliance should be highlighted.
  • Tracking correspondence with Govt./regulatory officials and fixing responsibility.
  • Ensuring timely action.
  • Compliance Management Tools will be a savior in this time.

9. Supply chain management

  • Identifying alternate source/suppliers with lead time for supplies.
  • Arrange for requisite Govt./local admin permissions for supplies/resources.
  • Review the current stock/capacity and lead time to assess the ability to meet the revised business plan.
  • Identify potential disruptions in the supply chain and ways to address it.
  • Ensure compliance with relevant laws of the land (like OFAC, Govt. guidelines) when dealing with overseas/new vendors.

10. Treasury management

  • Revisit working capital requirements considering revised cash flow projections and new set of assumptions.
  • Constant co-ordination will be required with all departments to identify priority and non-priority payments.
  • Identifying, assessing and acting on the Govt. stimulus/credit support and its long term implications.
  • Reassess all short term investments in light of the current economic scenario.
  • Evaluate various financial positions taken (like hedge, put option).

11. Effective and timely book closure

  • Book closure checklist should be detailed with names of doer, reviewer and timelines. The same should be updated on a real time basis to capture all changes.
  • The doer and the reviewershould have access to data and systems/applications.
  • A Platform should be developedwhich provides access to the reviewer of the data prepared by the doer, proposed entries, reconciliation and supporting documentation. The entry be pushed to the ERP/accounting software once the same is approved.
  • Approval documentation should be saved for control testing.

12. Post lockdown suggestions

  • Develop a business plan with a conservative approach towards customer's expectations and future economic scenario. At the same time, explore new markets and products.
  • Take a hard look at all the contracts which made the company bleed during the pandemic and devise ways to safeguard company's interest in the future.
  • Revising the operating model to adjust to new safety expectations from the client, employees and vendors.
  • Revisit the supply chain and move operations from offshore locations.

a. To near the production site, or

b. At the production site.

  • Invest in technology which can ensure.

a. Reduction in human-to-human interaction,

b. Remote working,

c. Data security, and

d. Data encryption facility during transit.

  • Re-assess long term capital commitments.
  • Revise resource management with a fresh look at contract work force across all levels.
  • Reduce manual work to the maximum extent possible and move from a person/individual driven to a process driven working environment.

If you are not sure how to proceed in the current circumstances, you can reach out to the author Mr. Ravi at Ravi.k@tya.co.in for free guidance and consultations.

TYASuite is giving various performance improvement and remote management software for FREE. You can avail any of the software and improve efficiency and manage risks while fighting the COVID-19. Procurement to Pay Software, Compliance Management Software and Project Management Software has been in high demand since Covid-19 outbreak. What best is that you can go live in 7 days with our Plug and Pay ERP.


Ravi Kant

Ravi is a Chartered Accountant and a B.Com (Hons.) with over 14 years (~8 years with Big4) of experience. Expert in the field of risk management, forensics, financial management, data analytics and statutory audits, COSO and SOX implementation and testing and IND AS and IFRS.
blog comment New Comment
blog comments Comments