There is no question that the COVID-19 pandemic has changed the business landscape. One thing that hasn’t changed, however, is your annual audit requirement. Some of the most significant challenges faced by both the auditee and the auditor in this “new normal” environment include changes to inventory observations and internal controls, accessibility to audit documentation, and potential noncompliance with laws and regulations. Here’s how we will successfully navigate those challenges.
As employees continue to work remotely, the entity’s control environment has been altered, leading to a change in both processes and controls. Management should document the new processes put in place as a result of the changing work environment, and auditors should gain an understanding of the new controls implemented to ensure they are properly designed and operating effectively. This is especially important for larger entities that may be more decentralized, which could lead to a significant number of new processes and controls to identify throughout various departments.
Additionally, many of the new controls identified may be electronic, which presents an increased risk of cybersecurity attacks from unauthorized access from outsiders. As a result, an entity’s information technology department should develop and continually evaluate new controls to be put in place to deter such risk. Communication is key to identify any unusual or suspicious activity and for this information to be relayed entity wide.
Protect yourself from the next cybersecurity incident.
As much of fieldwork is no longer being conducted onsite, audit documentation that was previously accessible onsite will be transferred via electronic means. This includes sending documentation by secured email, uploading to a portal, or other shared platforms between the auditor and auditee such as Microsoft Teams. Security is key. Using a secure platform ensures access is limited to select employees and helps keep sensitive information out of the wrong hands.
But it is not just the transfer of documentation that has taken an electronic turn—interviews and inquiries with management have shifted remotely as well. Zoom or Microsoft Teams and conference or video calls have become commonplace and can be an effective form of communication. The screensharing tools within these platforms can help assist the audit process. For example, while auditors were previously able to observe a control or report being run from a client system, this is now being conducted remotely through a shared screen format.
Potential Noncompliance with Laws and Regulations
Organizations have seen a significant effect on operations, leading to decreased revenues from COVID-19. As a result, these entities have applied for and received funding through many federal sources. The remote workforce, coupled with the fact that guidance on how to properly expend federal funds is constantly changing, creates a heightened risk that these funds could be mismanaged. This could lead to potential noncompliance. Additionally, there is increased susceptibility to fraud if proper controls and monitoring are not in place. Lastly, as larger entities also pass these funds through to other entities, monitoring tools need to be intact to oversee that subrecipients are also expending these funds in an appropriate manner.
We’ve broken down subrecipient monitoring into three primary components.
As much of the CARES Act funding is federal dollars, funds received by nonprofits, governments, and even some business entities will be subject to single audit, in which both controls and compliance will be evaluated. For funding that is not subject to single audit, entities are still required to implement controls and track these funds appropriately to support their proper and allowed use of this funding, particularly given the complexity of the pandemic-relief regulations.
If inventory is a significant balance in your financial statements, an inventory observation still needs to be completed in order to receive an unmodified audit opinion. If an inventory observation cannot be completed, there could be a scope limitation on the completion of the audit, resulting in an opinion modification.
The good news is that the use of video or other virtual technology may be acceptable in completing a remote inventory observation. This comes in lieu of an onsite visit, with some parameters of course, and won’t be an effective means to perform a count for certain types of inventory.
Here are a few things your auditors will need to do to complete a remote inventory observation:
You can delay your inventory observation if you do not anticipate a significant delay from year-end to when auditors are able to come onsite for inventory observation. However, there are certain additional procedures that need to be completed to roll-back the observed inventory balances from the observation counts to the year-end balance. Your auditor will then test the roll-back transactions. While this sounds simple, the nature of your inventory and the volume of purchases and sales that occur subsequent to year-end, coupled with the length of time between your year-end and the onsite inventory observation, could make these procedures extensive.
We can help you sort through what can be done now and what can be delayed.
Communication is Key
Shifting to a remote audit environment has made clear the importance of communication—not only between the auditor and auditee, but also among the entity and audit teams themselves. With constant communication occurring, proper controls can be identified and implemented, audit documentation can be provided in a timely manner for an efficient audit process, and there is less susceptibility to noncompliance and fraud surrounding new funding sources as a result of COVID-19.
Take a deeper dive into this Insight’s subject matter.Audit & Assurance