Internal Controls in a Coronavirus world

The global coronavirus pandemic has, for many businesses, seen one of the most rapid evolutions of business processes in recent history. This gives rise to an important question - have risk management and internal control systems developed at the same pace? Audit and Forensic Accounting experts from GMcG Chartered Accountants examine the key considerations.

GMcG's Nigel Moore & Duncan McGregor

As an increasing number of local businesses are being forced to adapt to comply with new regulations, or to simply survive in a challenging economic and operating environment, an examination of risk management controls and processes should find itself close to the top the boardroom agenda.

The UK Corporate Governance Code places an obligation on directors to ‘carry out a robust assessment of the company’s emerging and principal risks’ and it is critical that company directors understand their duties in this area. Very often such matters are far down the list of a busy company director’s priorities, with customer demands, managing staff, monitoring cash flow and operational issues very much at the forefront of the mind.

Has your business satisfied itself that risk management and internal control systems are sufficient to ensure you meet your obligations?  A health check on your internal control environment has never been more critical than now.

Perhaps your risks and controls are well-documented, but unless they have been reviewed within the past few months, they are most likely outdated or incomplete. In the first instance, the existing control effectiveness must be reviewed. It is essential that this is done objectively with particular focus on any control breaches or ‘near misses’.

It is then important to consider all the changes that have taken place in your business processes since those previously identified risks and controls were established. An updated risk assessment will take account of all these factors and will often highlight a number of control gaps.  

Added to this are the new and emerging risks that have arisen due to the pandemic, which will undoubtedly impact on the risk landscape faced by businesses. In many cases there will have been a large shift in business processes to operate in the ‘new normal’ whilst for others, changes may be more limited.

Risks are emerging as a result of increased remote and home working, with the associated increased use of remote Information Communication Technology (ICT) systems. For some businesses, new home working arrangements may impact on segregation of duties and require a review of monitoring and review processes. Other considerations include increased risks related to the physical safety and security of employees, customers and suppliers, as well as an increased risk of fraud arising from the implementation of government support schemes and other measures.

In addition, if the business’s control environment is reliant on the physical presence of employees or physical control systems at its usual business premises, the effectiveness of these controls is likely to be compromised by an increase in off-site working.

It is crucial that control deficiencies or gaps in the control environment are identified and steps are taken to address such deficiencies. This may require the design and implementation of additional controls or amendments to the operation of existing controls to sufficiently manage risk. Careful attention should be paid to the effective implementation of any changes as they will be critical to the success of your risk management and internal control system.  Implementation may be more challenging in the current climate as a result of changes to normal business processes.

It is clear that the rapid change in business processes as a result of the coronavirus pandemic, as well as the challenges faced in responding quickly to new and emerging risks, has presented a real opportunity to those wishing to exploit any resulting deficiencies in your control environment. Reducing the time taken to identify any deficiencies in, and to implement any changes to, your control environment is key to reducing the opportunities that others have to exploit such weaknesses.

The dedicated team at GMcG Chartered Accountants has extensive experience working with businesses across a wide range of industry sectors and can provide a robust, objective and cost-effective review of your control environment. Their leading edge expertise and combined skills in Audit and Forensic Investigations can identify areas that require urgent attention to reduce the risk of fraud, ensure compliance and, most importantly, safeguard the assets and earnings of the business.

Nigel Moore, Audit & Business Advisory Services

Duncan McGregor, Forensic Accounting & Investigation

Internal Controls in a Coronavirus world