March 31, 2020
Economists' opinions are divided about how quickly the U.S. economy will bounce back from the coronavirus crisis, USA Today reports. Some economists say it may take several months for consumers to feel comfortable booking travel or venture out to restaurants and other public places, possibly extending into 2021. It is likely to hit small businesses particularly hard. Other economists say the loan provisions of the $2.2 trillion stimulus package will enable businesses to retain their staffs, while the unemployment benefits and stimulus checks will put money in those workers' pockets. Internal audit should ensure management is aware of going-concern risks over the next few months, as well as pay attention to the potential impact that employee layoffs and furloughs may have on the organization's ability to grow should the economy improve.
Last week's coronavirus relief package gives large public banks a temporary delay in adopting the Financial Accounting Standard Board's ASU 2016-13 and current expected credit loss (CECL) methods until Dec. 31 or when the coronavirus pandemic ends, whichever comes first. According to a Compliance Week article, the accounting challenge for companies choosing to report CECL in the first quarter despite reporting relief will be "how to reasonably reflect the potential effects of the coronavirus in estimates of current expected credit losses." Internal audit should continue to play a role in the ongoing assessment of internal controls, risk management, and governance systems and processes, while being aware of the potential rise in risks of material misstatement.
McKinsey & Co. reports that chief information security officers are addressing cyber risks on two fronts during the coronavirus pandemic. They are securing work-at-home arrangements "at scale" by promoting resilience, making sure required controls — such as critical system patching and multifactor authentication — are in place, and communicating to employees about the crisis and its risks. On the second front, they are helping the organization support high levels of consumer-facing network traffic by ensuring it has sufficient network capacity and has integrated security activities into network availability processes. Internal audit can review whether these processes are in place and operating effectively.
Concerns over workers' safety at "can't-close" retailers is growing during the coronavirus pandemic, causing walkouts and strikes at places such as Instacart and Amazon's Whole Foods delivery services (New York Times). Workers are protesting what they see as "inadequate safety measures and insufficient pay" for the risks they are taking to keep shelves stocked and orders filled. Harvard Business Review research about "good jobs companies" provides best practices from companies such as Costco, Mercadona, and more, that can be adopted to keep employees and customers safe. As a strategic partner, internal audit can use these guidelines to provide service to a critical area during this time.
In just three weeks, small and mid-sized business (SMB) owners have gone from expecting a banner year in 2020 before the pandemic began to most saying this year will be much worse, according to research from PYMTS.com. More than 80% say their revenues have declined during this time, while one-fourth doubt their business will survive the coronavirus crisis. Already, 5% of surveyed businesses have closed. Only 37% of SMBs surveyed are confident they will survive. Internal auditors in SMB companies should make management aware of going concern risks — particularly liquidity — and advise them of their options. In the U.S., many of these companies are eligible for small business loans as part of the recently passed stimulus package.
March 30, 2020
The historic $2 trillion coronavirus rescue package signed into law last week includes creation of a new inspector general's office to oversee disbursal of more than $400 billion earmarked for emergency loans to corporations, cities, and states. The Washington Post reports the accountability measure already is creating a potential clash between Congress and the White House. President Trump wants to limit some oversight provision "by asserting presidential authority over a new inspector general's office," according to the Post article. In a statement released shortly after the signing, the president signaled his displeasure over a provision that requires the new Special Inspector General for Pandemic Recovery to notify Congress if the administration withholds information requested by investigators.
Companies operating in the European Union (EU) are facing compliance challenges as regulators in EU countries respond to the disruption caused by the COVID-19 pandemic. The relaxation of rules and the uncertainty caused by the pandemic's disruption create opportunities for fraud and corruption. In addition, companies should not look at the relaxation as a signal to ignore rules and regulations. Internal auditors can play key roles in working with a company's compliance officers to identify, mitigate, and control such risks.
Asset managers are analyzing companies' responses to the COVID-19 pandemic and using the findings in environmental, social, and governance (ESG) research, according to a report in Agenda's sister publication FundFire (paywall). The managers are looking at how the companies are treating their employees, including compensation and benefits provided to employees during closures, as well as employee safety measures. Internal audit can provide guidance to management in developing compensation and benefit packages that address the disruption faced by companies in the pandemic.
On March 26th, the Environmental Protection Agency announced that it will indefinitely cease enforcement of many of its own environmental regulations due to the COVID-19 outbreak. According to an article in Business Insider, although the agency expects business facilities to comply with regulations "where reasonably predictable," there will not be penalties for noncompliance with monitoring and reporting obligations. The policy only applies to civil violations, says the EPA, and "does not provide leniency for intentional criminal violations of law." In an environment where organizations will be expected to hold themselves more accountable, internal audit's ability to provide objective, independent assurance against EHS-related risks such as pollution will prove critical.
Social distancing has pushed organizations already invested in digital transformation to digitize their operations and services at an even faster rate. According to an article (paywall) in the Harvard Business Review, companies that have been slow to digitize may be left behind. Meanwhile, sectors that can't fully digitize — transportation, hospitality, traditional retail — are facing many more economic and social issues, such as layoffs and employee health concerns. The current crisis sharply underscores the need for organizations to evaluate digital transformation as a risk.