Internal Audit for Non-Going Concern (NGC) entities? Well, you may as well have it, if you’ve invested in it!
Indeed, internal audit is forward looking, it is futuristic, because it is improvement and evolution centric by concept and design. And NGC entities are businesses that are fading away. They don’t need improvement interventions; so, what is it that internal audit could do for these?
Nothing! And it’s technically correct, a typically business risk universe aligned internal auditing doesn’t have anything to offer through its interventions in Governance, Risk Management and Controls (GRC). An NGC’s risk universe is shrinking, since the external operating environment changes cease to have an impact on a business facing closure.
Such a business is largely constrained to look inwards for a smooth sail till its time and that’s exactly where the downside risks are expected to rise; both in terms of known risks continuing to evolve or even morph into something not previously imagined and discovery of new downside risks.
First let’s take some time to understand what essentially a Non-Going Concern business is. The term might be alien to several internal auditors, especially those not from an accounting background. The term represents businesses that have no intention to or simply cannot continue operating in the normal course for the foreseeable future owing to any external or internal reason.
It comes from the International Financial Reporting Standards Conceptual (IFRS) Framework and International Accounting Standard (IAS) 1 and pertains to entities who have subscribed to IFRS for preparing and reporting their financial statements. Another term attached to it is Material Uncertainty which means that though the entity intends to continue yet there are significant indicators that it might not be able to do so.
Put simply, the business that’s on the brink of going out of business is our subject here. So, again when it’s going out of business, how could and why should internal audit mean anything to it? So, let’s get into this part now but let’s first address the ‘WHY’ by asking ‘WHY NOT?’
We know the internal audit is about GRC. Agreed that the Governance part might not need any internal audit interventions anymore but what about Risk Management and Controls? Agreed, process reviews and improvements are no longer suited to such entities. However, certain operational, compliance and reporting risks will continue to exist with enhanced probabilities and impacts and newer ones will surface as well. Similarly, controls will need to be not just in place, but matched to the evolving risk profile.
So, in an NGC, that’s where the action is and that’s why internal audit should continue to have its boots on the ground. The Boards and Owners are well advised to consider hiring internal audit services for this period if they don’t have one already since external auditors cannot provide this service and reconsider their plans to make internal audit one of the first casualties of winding down since the third line of defense cannot be vacated.
Let’s now focus on ‘HOW’ internal audit could still add value in this situation. There’re several engagements under the NGC scenario in which internal audit intervention could not just be beneficial but also quintessential. An inexhaustive and a basic listing is given in the table below.
Areas | Risks | Possible Review Engagements |
Expenses (Assurance) |
Not commensurate with the cessation of operations | Analytical Review of expenses followed by substantive verification where indicated |
Ordering (Assurance) |
Not limited to bare minimum office supplies, legal and other obligations / essentials only | Regular review of purchase orders being raised to check for compliance with executive directives |
Working Capital Management & its Cost (Advisory & Assurance) |
Threats to liquidity and balancing costs with gains | Review of the working capital management strategy for alignment with cessation of operations and its compliance |
Stocks and Stores (Assurance) |
Inaccurate Net Realizable Value, Damage, Insecure custody, Insecure and delayed disposal | Triggering and reviewing NRV Testing, review of the current adequacy of the physical security protocols around stocks and stores, frequent physical inventory, substantive review of issuances and recommending timely disposals |
Non-Current Assets (Assurance) |
Insecure custody, Insecure Disposal, Impairment / incorrect valuation | Triggering and reviewing impairment testing, review of the current physical security protocols around fixed assets, frequent inventory of moveable assets, regular review of records, substantive review of transfers and disposals |
Security Operations (Advisory & Assurance) |
Pilferages, Industrial Action, Threats to property and life, Insecure records | Review of the adequacy of security protocols in the NGC scenario and recommendations thereon especially pertaining to revised threat and vulnerability assessments |
Expense Optimization (Advisory) |
Opportunities for optimization not being identified and utilized | Identification of areas where better alternates are available for cost optimization, especially where technological interventions could be used |
Commitments, Liabilities (Assurance) |
Non-disclosure / off balance sheet commitments, liabilities, liabilities arising out of pre-mature terminations, defaults | Review of all contracts’ clauses to identify previously unknown liabilities and liabilities set to arise owing to pre-mature terminations, defaults, breach of warranties, etc. for provisioning |
Obligations (Compliance) |
Applicable regulatory, statutory, industrial compliance requirements not being fulfilled | Review of the obligations calendar or having it developed and review of communications to those responsible for the tasks given. Review of reporting |
Payments Processing (Assurance) |
Payments not being duly authorized and approved, not being duly verified | Regular substantive review of payments made for each period against approved commitments, authorizations and verification protocols |
Certainly not just the areas, but the risks and requirements for type and number of engagements will vary for each NGC. This could be taken as a bare minimum guideline. The engagements in an NGC scenario are likely to be chiefly assurance based as the entity is not looking for improvements that are to yield results in the future.
Winding up is usually a long-drawn process for entities of all sizes and stretches further in accordance with the complexity of applicable regulations, financials and the overall size of business. It’s also a painful process because of the human costs involved in terms of retrenchments and lay-offs, though Internal Audit has your back there too!
If you are careful enough and would want to plan for the doomsday in advance, invest in Business Process Re-engineering (BPR) to be right sized with tech enabled business processes all along. Ensuring a BPR exercise achieves its objectives could be the single greatest offering from Internal Audit!
Thus, an NGC’s investment in internal audit is going to be one of the most viable ones. Entrust them with your concerns and be ASSURED.