Rethinking the audit committee; 9 areas for consideration

Article by BDO

The impact of the coronavirus pandemic on the UK and global economies has been severe and has led to significant changes in demand across all economic sectors. The speed and strength of UK and global economic recovery has depended in large part on the success of public health measures and economic policies.

All businesses have been affected in some way, and like the last recession, it has been proven yet again that companies that have been proactive are more able to gain a lasting competitive advantage.

12 months down the line and it continues to be crucial for Audit Committees to be seeking assurance over their organisation’s operational plans for the short, medium and long term. If they have not done so already, Audit Committees need to rethink the questions to ask their organisations and define what information they need.

Audit Committees will need to request different information over time. Many organisations will follow a staged process to manage a crisis. Our own BDO Rethink Model is based on React; Resilience; and Realise. Currently, most Audit Committees will be seeking assurance over the Resilience and Realise stages, which means they will not only desire comfort over the key decisions and activities that management have been carrying out to safeguard the organisation and keeping it running, they will need assurance over longer term plans.

There will be complex and serious risks and challenges that organisations will need to manage successfully in order to succeed in the “New Reality”.

Key Risks

9 key areas for consideration

We have highlighted nine key areas that Audit Committees should be questioning and seeking assurance over. We look at:

1. Cyber Security - cyber criminals have been quick to exploit opportunities to make fraudulent gains. COVID-19 is no different and ‘phishing’ campaigns were soon up and running hoping to trick unsuspecting employees. There are a number of actions which can help improve organisations’ cyber incidents, even if unsuccessful

2. Financial Fraud - because of social distancing and the increased levels of remote working the usual controls, policies, systems and processes have often take second place. Fraudsters only need one instance of a control failure to succeed. Now is the time to revisit your fraud risk assessments in the light of the emergency measure being introduced by the government and ensure business continuity plans take into account the rapidly emerging fraud risks

3. Regulatory Compliance - whilst some regulators may have relaxed reporting requirements and deadlines, they have not changed the expectation of good governance. Organisations are still expected to obey the rules, behave ethically, and implement robust control and compliance mechanisms

4. Data Privacy - as a result of the pandemic, data privacy has been catapulted back into the limelight. Organisations have been forced to process personal information in different ways than they would have done so previously

5. Performance and Reporting - monitoring, measuring and reporting on the financial and operational health of the organisation has been crucial during the crisis

6. Scenario Planning - it is vital to have a clear plan for a number of potential scenarios to assist in decision making and to ensure sufficient cash headroom

7. Focus of Internal Audit -  some Internal Audit functions have moved to ‘dynamic’ audit planning in the short term, whereby plans are reassessed quarterly or every six months to reflect the rapidly changing risk environment

8. Supply Chain and Contract Management - the inter-connectedness across the value chain has highlighted the fragility of the supply chain and limitations of existing models. It has also demonstrated how supplier shortfalls are closely linked to the promises organisations have made on the customers/client side

9. Managing Change – the focus to date has been primarily based on reacting to the challenge confronting all of us and there has clearly been a great ‘crisis’ response from

To read the full publication, you can download it here.


This high-level report uses ‘Rethink’, BDO’s global framework, which has been designed around the following ‘stages’ to encourage a broader review of original business models and commercial assumptions that can be used to manage business priorities, address issues and leverage thinking:


  1. React - ensure that measures are taken to secure business survival in the short term
  2. Resilience - safeguarding vital elements of a company where necessary throughout the prevailing business environment
  3. Realise - future benefits of sensible business decisions taken calmly and pragmatically


If you would like to discuss any of the issues raised in this article or if BDO can support your business please get in touch.


Tim Foster

Head of Risk and Advisory Services

Back to Articles