Coronavirus-related impacts on internal control

KPMG discusses how components of the COSO Framework are likely to be impacted as a result of the COVID-19 outbreak and what entities and auditors should look out for.

Applicability

• All companies that apply the COSO Framework or similar

Relevant dates

• Effective immediately

Key impacts

The COVID-19 outbreak has impacted worldwide commerce, sparing no industries, leaving entities to identify new risks, prepare a response plan, implement new controls or augment existing controls, and monitor the effectiveness of internal control over financial reporting (ICFR) – all while employees are working remotely.

The necessity of implementing changes to respond to new risks occurring at unprecedented speeds puts pressure on entities to maintain effective ICFR. The following are key impacts on the components of the COSO Framework:

• The board of directors and management will need to consider the overall impact of changes in business operations to the control environment.
• Risk assessment should be revisited in light of the changes in the external environment.
• New or augmented control activities may need to be designed and implemented to address new or elevated risks.
• Materiality assessments may change, affecting overall risk assessment decisions and considerations relevant to the precision of control activities.
• Relevance and reliability of information used to support the operation of controls should be reevaluated, especially for new or augmented controls.
• Internal and external communications should be tailored to meet the demands of the current landscape.
• Internal control must be effectively monitored to determine whether controls are operating as designed, because a remote work environment presents a new set of challenges.

Report contents

• Background
• Key impacts
• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring activities