It’s Budget Season – Re-Evaluating the Audit Plan Post-COVID
As we head into September, chief audit executives (CAEs) are gearing up to design their audit plans for 2022. Pre-COVID, this was already a stressful time as CAEs had to determine which audits were required to be completed and who would ge the work done. In simpler times, it was a matter of resource allocation of staff and dollars, and trying to align skill sets with audit risk within the organization. But now, the task is even more daunting. Remote work programs and time compression in 2021 pushed certain audits scheduled for completion into the future. When considering rotation plans, these delays must be added to an already busy year. Additionally, furloughs, layoffs and staff attrition have resulted in less bodies to complete that elevated work level. In a nutshell, CAEs are finding out that they are short on three vital resources – time, people, and dollars.
So as CAEs begin to prepare their audit plans and budgets for 2022, here are a few tips to help clear the hurdles before you.
RE-EVALUTE RISK PROFILE: If you are still creating your audit plan and budgets based on a pre-COVID risk profile, you may not be addressing the risks impacting the organization. Since COVID, different types of risk including fraud risk, IT risk (specifically the risk associated with data protection and cybersecurity), compliance risk, and the risk of poor design and operating effectiveness of controls in a remote environment have all elevated. Performing a new risk assessment from top to bottom to evaluate those risks may cause a significant shift in where you spend your time in 2022. Additionally, you will want to interview the Board, audit committee, and senior management to see if there are new risks on their radar which should be incorporated into your plan.
STAFFING OPTIONS: Across the board, staffing is an issue many CAEs are dealing with as they look forward to 2022. One of the growing trends we are seeing is an increase in staff augmentation or co-sourcing of audits in the 2022 audit plan. Co-sourcing or outsourcing of internal audit work can be an effective and cost-saving option for a CAE or audit committee to consider.There are three areas where this can be effective:
- Lack of properly trained or experienced staff – Finding internal audit resources right now can be a struggle. As an example, a recent search for an Internal Audit senior took over nine months to find a suitable candidate. Instead of searching, hiring, and training a resource that still may not meet your needs, using a third-party resource to augment your team can be a way to increase efficiency and decrease overhead and cost during the year. Auditors in firms like Citrin Cooperman have a wealth of experience across many organizations to pull from those who are already trained, well-versed in audit and risk methodologies, and typically available on demand.
- Cost reduction –OftenwhenaCAE thinks of staff augmentation, they think about a higher cost model than that of having an in-house internal audit resource. While that may be the case on a spot project, if staff augmentation is considered and implemented effectively, companies typically see cost reduction year over year given reductions in time required for the following:
- Staff acquisition costs
- Training (and re-training)
- Turnover and lack of productivity
- Overhead costs
- Meeting demand during the compression period – Most audit plans fall apart when the lack of resources during key periods of compression cause audits to slip or fall off completely. Projects come up during the year and resources are spread thin, and given Murphy’s Law, it always seems to happen when things are at their busiest. Understanding where those times fall and properly augmenting your staffing model in advance can lead to the successful achievement of your plan. It can often be a better strategy than hiring another resource who may not be fully utilized during the year or properly trained to meet the requirements of audits that are assigned to them.
DON’T BE AFRAID TO REVISE THE PLAN: Auditors are designed to identify and question change, but when it comes to your audit plan, change is necessary to address the rising risks associated with your company’s operations. Certain audits not performed in prior years may be grossly overdue, while other audits may be low-risk and can either be shifted out on the schedule, modified in approach, or removed completely. If there was ever a time to realign your risk and audit plan, it is now.
If you’d like to discuss how Citrin Cooperman’s team can help your internal audit group, or if you need assistance in the re-evaluation of your audit plan, contact Michael Camacho at mcamacho@citrincooperman.com or Samantha Kerwin at skerwin@citrincooperman.com today.
Related Insights
All InsightsOur specialists are here to help.
Get in touch with a specialist in your industry today.