1. Adjusting to the new normal
- Given the extended working from home arrangements, it is difficult to determine whether the Bank continues to operate its Business Continuity Plan (BCP)or is just operating under a ‘new normal’. This has an implication for any relaxation of internal control requirements during the activation period of the BCP.
- Difficult to achieve a full return to the office before the summer taking into consideration constraints (health issues, personnel issues, social distancing issues but also infrastructure constraints in the banks)
- Opportunity to learn/extend new audit digital methodologies:-more data analytics review-new communication/exchange with auditees (test and learn experience)-more agility-easier to perform audits centrally (perhaps travel is not needed)
- Some Banks undertaking “Quick audits” during this period: quick check with data analytics for example to provide immediate suggestions, with quick results and simplified report but very useful in “emergency situations”.
- Need for a new performance system
- Need for a new management of staff
Need to invest in “digital” as Banks further focus on digitalization of services following the pandemic
2.New emerging risks areas in the audit plan
Audit plan adjusted to:
- Quick responses on key risks
- IT security, VPN, infrastructure, Payments Holidays, Non-Performing loans (higher volume expected), liquidity
3.Interactions with ECB/Supervisors
- Impact of Covid-19 on internal audit plan , risk assessment, control environment
- Secondments to 1st and 2d line and consideration of the impact on independence of internal auditors
- Pressure on risk management functions
- Follow up of ECB findings – considering the ECB’s own ‘operational-easing’ and six month extensions in this period
- Increased regular interactions with the Board/Audit-Risk Committee during the crisis
- Some Internal Audit Functions recognizing that full completion of the 2020 plan may be a challenge, given some operational inefficiencies during the lockdown.