Reasons to Stay on Track with SOX/Internal Audit Controls During COVID-19

by Marc Blythe and Sal Sarabosing

Imagine being the captain of a vessel navigating uncharted waters,
when you’re suddenly hit with an unexpected storm.
 
Would your first instinct be
to throw equipment overboard to trim weight?
 
Or would you maintain
the navigational assets and structural integrity
while weathering the storm?

Reasons to Stay on Track with SOX/Internal Audit Controls During COVID-19

Similar to the uncharted waters and waves of uncertainty, the COVID-19 pandemic of 2020 has forced corporations around the world to operate differently. As the impact of COVID-19 continues to disrupt business, there are many reasons why companies may overlook their compliance efforts with Sarbanes-Oxley 404 (SOX) and internal controls. Among them are focusing on employee/customer safety, working remotely, and anticipating a global recession. Many companies are experiencing significantly reduced revenue or have been forced to temporarily close their doors. This has contributed to disruptions in maintaining a strong controls framework.

Despite the change in circumstances, companies are no less obligated to fulfill SOX and internal control requirements. In a recent publication, the Public Company Accounting Oversight Board (PCAOB) has stressed the importance of the obligation to “comply with PCAOB standards and rules, and other applicable regulatory and professional requirements.”[1]

Companies are asking, “Why should we maintain a strong controls discipline when we have so many other priorities to focus on right now?”

Blythe Global has identified three key reasons to stay on track with compliance requirements:

  1. Contend with an evolving risk landscape

  2. Maintain and safeguard assets/access control

  3. Avoid mishandling of compliance requirements

  1. Contend with an evolving risk landscape

    Changes to control ownership In recent months there have been layoffs and furloughs, causing control ownership to change. Accounting teams are shrinking and often the personnel previously responsible for control activities have shifted. New employees are taking on different roles, sometimes with inadequate or limited experience.

    If your organization has prepared to meet the necessary rigors of SOX, process documentation will require adjustments that reflect changes to the current environment. If not, you will need to update documents and stay aware of potential business process changes. Now is a good time to document for the current state.

    Focus has shifted from controls to impairment analysis The focus of many public companies has shifted from internal controls to impairment analysis. For companies with an established internal audit function, regular reviews are essential to determine if controls have remained sufficient for current needs.

    When the business environment returns to a new “normal,” many companies will find that their controls have loosened, and they have not been keeping up with business process and technology controls. A primary concern is that weakened SOX programs potentially will not satisfy external audit assessments. This can result in auditors communicating adverse deficiencies, leading to reportable circumstances.

    We will all get back to business at some point. If your company is ill-prepared, you will be in a compromised position where poorly executed controls create reporting and corporate risks. The reputational damage is irreversible.

  2. Maintain and Safeguard Assets/Access Control

    Remote Access to Key Data Many companies have cloud-based application solutions. With access decisions being softened, an accounting manager, controller, and CFO could potentially have all the same access to information. If you have a proper compliance program in place, you are periodically reviewing who has elevated access to sensitive information and where segregation of duties conflicts may exist.

    If you do not have a compliance program in place, access management can be problematic. Too many people can make too many changes. Your system is vulnerable to misstatements or intentional errors because you are not aware of the access that individuals have within the organization. This can be mitigated by proper compliance and risk discipline. Segregation of duties is key.

  3. Avoid Mishandling of Compliance Requirements

    The current environment of uncertainty has resulted in changes to business and risk profiles. Some companies are hiring lower level, less experienced, or offshore resources to handle their compliance requirements. If you work with someone who can’t add value to the process, your business will be unable to take advantage of opportunities to accelerate through the economic recovery.

    Now is not the time to relax internal controls, this is the time to make sure they are comprehensively addressed.

Notes

1. PCAOB Spotlight – COVID-19. Reminders for Audits Nearing Completion. Available at: https://pcaobus.org/Documents/COVID-19-Spotlight.pdf

Case Study: Client Experience

Blythe Global Advisors was engaged by a large national retail store chain to assist with developing internal controls. When COVID-19 hit, it became necessary to shut down half of their stores, furlough many employees, and reduce costs (e.g., compensation). The remaining employees began to work from home and many were asked to take on increased job responsibilities.

This situation created segregation of duties and visibility of information conflicts. For example, when cost reduction steps were taken, who was best suited to handle that responsibility? It’s important to ensure that the right person has the right level of visibility. BGA was there to guide the retailer through this challenging time, navigate sensitive areas, and maintain the same level of compliance.

After year-end was completed, the client communicated that they were very pleased and felt a high level of confidence in BGA. They were able to turn their focus to strategy development and forecast a game plan on how to ramp up operations when they can open their doors again.

BGA Can Help

Blythe Global Advisors has a proven track record of helping companies of all sizes implement the full range of internal audit services. Regardless of whether you need to develop your first internal audit processes, or improve current competency, we can help you implement the right infrastructure to lessen risks, comply with current regulations, and save money.

With heightened levels of anxiety and infrastructure strains, maintaining a healthy internal control environment has become more of a challenge. However, it is during these times that strong governance becomes a necessity. The control environment and structure serve as command central, critical for maintaining safety while identifying an optimal path. Being proactive is critical and focused effort now will yield dividends and save future costs when executed swiftly. We will help keep your ship sailing steadily and safely, while the captain steers the ship in the right direction.

Contact us for a complimentary list of emerging risk areas in today’s environment.

To discuss this important topic further or if you’re looking for general accounting advice, contact:

To learn more about Blythe Global Advisors, our solutions and BlytheTeam®, visit the Blythe Global Web site or call us at the location below that’s nearest you.

Irvine (HQ) 949-757-4180 Los Angeles 213-228-5002 San Diego 619-391-7385