The International Internal Audit Awareness Month in May is an opportunity to celebrate internal audit accomplishments and remind the value that internal audit brings to businesses. Due to its impact on companies and jobs, COVID-19 placed greater demands on internal auditors at all levels. Kevin Maurymoothoo, Head of Internal Audit at IBL Ltd, answers our questions about the role of internal auditors and their challenges during the pandemic.

On the occasion of International Internal Audit Awareness Month, can you explain what is the added value of internal audit for a company like IBL Ltd?

Internal auditors provide assurance and advice regarding risks, opportunities and keys to success to help the Board, Management and other stakeholders. Since its establishment in 2018 at IBL, the internal audit function is given the right place within the governance structure. We aim to deliver the right service based on the risks which the organisations face. In one line: we are here to make IBL stronger.

Why is an awareness month important for your profession?

The Institute of Internal Auditors (IIA), established in 1941, is a trustworthy, global, guidance-setting body providing internal auditors with authoritative guidance through the International Professional Practices Framework. IIA Mauritius was created in 2009. The Awareness Month is an international event to advocate for the profession towards stakeholders at large: organisational leaders, Boards and other team members. The way people see internal auditors need to be demystified.

How did you manage your team remotely during the lockdown?

Prior to the lockdown, we had established internal audit protocols with regards to working remotely and had organised our work accordingly. Transparency and communication bring the right mix to gauge the achievement of our objectives. By default, Technology and security are important aspects that we have considered. Microsoft Outlook, Office 365, Sharepoint, Teams, Skype are channels to make it happen. We have been able to run opening and exit meetings or assist report extraction. Loads of kudos to my team. Senior Management and team members of the auditee organisations should also be praised for having extended the right support to our team. Nevertheless, some aspects will have to be reconfirmed on the first day we are back to the office.

The Human Capital team helped with training materials that my team benefited from. Other professional bodies and universities provided insightful webinars on COVID-19 impact, post-lockdown approach, risk management or impact on financial reporting. We also seek specific expert advice to acquire knowledge on new items popping up on the agenda. For instance, we organised an explanatory session to e-commerce activities where the emphasis was to understand the technology and control aspects of such platforms.

And of course, well-being of the team members is the priority during this time.

Has the COVID-19 had an impact on your tasks?

The process of auditing encompasses different steps. So, we first had to revise the different steps and proceed differently to enable the auditees and auditors to adapt smoothly to the situation. The follow-up exercise is an important part of the process which was possible with cloud technology.

As part of the post-lockdown relaunch programme, there will be some budget constraints. We will have to cope with this aspect and find an effective and efficient process in order not to impede the established governance model.

There are some good opportunities and areas to focus on.

This sanitary crisis seems to have increased the cyber risk vulnerability of companies. How IBL’s internal auditors remain vigilant regarding these risks both during and after the lockdown?

Over and above technology and infrastructure, there is the people aspect. IBL has embarked on an awareness programme that aims to identify user profiles with higher risk tendencies. Working from home with a home connection does not entail the same security as if you were working from IBL Corporate Centre. We need to understand the type of risks to find the right solution like document security / hierarchisation, multi-factor authentication, backup policies and so on.

There is also a rise in the use of cloud services and e-commerce activities. Having a sound IT governance structure is important but with technological advances, a well-written policy will not suffice. The team overviewing cloud-based services and e-commerce activities also have to be vigilant.

Indeed, with the increased cyber risk vulnerabilities the response provided to incidents is critical. It is therefore crucial that we step up our efforts to mitigate risks like phishing, smishing, fraudulent e-commerce / e-payments transactions, fraudulent fidelity programme activities for example.

Is the work of an internal auditor going to change in the post-pandemic world?

COVID-19 has had an impact on our way of living and our economy. Internal auditors need to adapt to the new normal. New items have taken priority on others and the focus will change too. Professional bodies like the Institute of Internal Auditors have devoted special resources to its members to focus on new agenda items. It will surely include treasury management, supply chain, agile sprint, business continuity drills, back to work readiness, credit risks, assets misappropriation, financial statement fraud and commercial fraud. Analytics and robotics can also be game changers. Other possibilities are open to auditors while maintaining the right level of independence and objectivity. Internal auditors must be inquisitive and informed, and use acquired business acumen and risk-centric approach to provide long term thinking and speak truth to power.