Skip to content

An Inside Look at COVID-19’s Impact on Internal Audit at Retail Broker-Dealers

Published
Sep 1, 2020
By
Nina Kelleher
Jack Paladino
Topics
Share

The impact of COVID-19 on the financial services sector has varied. Organizations with revenue streams dependent on interest rates, advisor growth or overall market viability are experiencing turbulence, while others are thriving through a volatile market.  Like the organizations they protect, chief audit executives (CAEs) were faced with an onslaught of challenges requiring short-term, agile responses during the pandemic.  CAEs are now beginning to assess the lessons learned to determine how their long-term strategy will be affected as they begin to navigate a path forward. 

EisnerAmper had the opportunity to gain insight from Tibyasa Matovu, CAE of Cetera Financial Group (“Cetera”), one of the largest independent retail broker-dealers in the U.S., regarding how the pandemic affected the internal audit plan and caused the department to provide short-term solutions.  The following topics were emphasized:

  • Reassessments of risk and the internal audit plan, including reprioritizing planned audits;
  • Maintaining internal controls; and
  • Transitioning to a remote auditing environment.

Reassessments of the Internal Audit Plan

EISNERAMPER:

Has Cetera’s internal audit department reassessed the internal audit plan, or audit scopes, based on the impact of COVID-19?

MATOVU:

From March to June 2020, our team reassessed the internal audit plan three times.  Initially, to allot time for business units to adjust their processes and controls to the new, virtual environment; then, the focus shifted to security, including that of Cetera’s offshore team, network access and personally identifiable information (PII) protections.  We wanted to ensure that the firm’s infrastructure was properly equipped to address the potential risks presented by the remote workforce environment and that the previously (strictly enforced) procedures and controls were being treated with the same standard of care and were not being circumvented.  To address this concern, a review over privacy considerations was built into the internal audit plan.

Maintaining Internal Controls

EISNERAMPER:

How has the internal audit department worked with key stakeholders within the organization to stress the importance of maintaining strong internal controls during the COVID-19 stay-at-home order?

MATOVU:

Our team recognized the need for perspective over the reinforcement of controls.  The objective was to maintain a level of internal controls without restricting essential business operations  To assist, I stressed the importance of management review controls (MRCs) through positioning internal audit as a partner working with the business; offering guidance to the firm’s operations and accounting teams with methods to translate manual controls to remote execution.

Transitioning the internal audit process remotely

EISNERAMPER:

How do you feel the internal audit department was positioned to shift to working in a remote environment?

MATOVU:

The internal audit execution was largely unaffected by working from home as audits previously had a remote component.  Although not ideal, our team has been able to complete walkthroughs and testing remotely by leveraging tools such as video conferencing and a recently implemented firm-wide enterprise, governance, risk and compliance (eGRC) platform.  However, there are delays with follow-up requests and socialization of findings.

Longer-term Impact of COVID-19 on Internal Audit

The Institute of Internal Auditors (IIA) published results of a survey conducted with internal audit leaders in an effort to analyze the long-term impacts of COVID-19 that CAEs are expecting to navigate.  The survey highlights a variety of key areas of consideration including:

  • Risk assessment frequency;
  • Internal audit plan update frequency;
  • Audit committee communication;
  • Internal audit travel budget; and
  • Internal audit competency needs
    • Communication
    • Cybersecurity
    • Innovation and change.

While the survey was distributed across industries, from a broker-dealer perspective, communication, cybersecurity, and innovation and change lead the way.  This is aligned with the themes that Mr. Matovu conveyed.

The conversation concluded with discussions relating to long-term areas of focus regarding internal audit communications and an extended work-from-home period.  It was indicated that communications and meetings with the Audit Committee chair have increased and are paramount, as well as an open dialogue with Cetera’s CFO.  As the company continues to adapt, so will the internal audit plan. 

EISNERAMPER:

Are there any other factors to consider regarding COVID-19’s impact on internal audit activity?

MATOVU:

 There are a few things for internal audit practitioners to consider.  First, it is important to understand that internal audit is not revenue-generating and the primary objective of the firm is focused on financial viability and commitment towards our advisors.  Internal audit is tasked with providing process assurance, guidance and independent review of all our key decisions (assumptions of risks associated with remote workforce, etc.) and maintaining the fiduciary responsibilities to the shareholders (if any), CEO, chairman of the board, and the firm as a whole.  The internal audit value proposition arises from analyzing aspects of the organization from an independent perspective, to ensure assurance while enabling growth.  The second thing is to never lose sight of the bigger picture.  We previously discussed the importance of maintaining advisor relationships for our firm’s business operations.  Strictly enforcing internal controls during the global pandemic might be short-sighted, rather the focus should be on enabling sustainable growth and recovery.  As always, it is important to have constant communication with the executive leadership team and the audit committee chairperson to fully appreciate their concerns for the firm and ensure alignment with audit objectives.  Regardless of the number of audits the internal department is able to produce within a year, the goal is to provide independent assurance, enable growth, and ensure close alignment with the CEO, audit committee and members of senior management.

PRTS Intelligence Newsletter - Q3 2020

What's on Your Mind?

a woman in a black dress

Nina Kelleher

View Profile
a man in a suit smiling

Jack Paladino

View Profile

Start a conversation with the team

Explore More Insights

engineering drawing
Article

CFIUS Proposes Enhanced Review Procedures and Increased Penalties for Violations

Read More
a statue of a bull on a brick road
Article

Trends Watch: Outlook for Investing in Carbon Neutral Companies

Read More
a couple of women smiling
Podcast

Outlook for Investing in Diversified Alternative Equities

Read More
a person standing on a rock with Christ the Redeemer in the background
Article

Venture Capital Slowdown Continues into Q1 2024

Read More
a green light in front of a city
Article

Trends Watch: VC Investing in Synthetic Bio

Read More
a close-up of a fish
Podcast

VC Investing in European Scale-Ups that Foster Climate Change

Read More
a building with many windows
Article

Trends Watch: Quality Investing

Read More
a close-up of a fish
Podcast

Outlook for Investing in Cryptocurrencies

Read More
a row of buildings with flags
Article

Trends Watch: Investing in Managed Futures

Read More
a close-up of a bug
Podcast

Outlook for the ETF Industry

Read More
a building with a tree growing on the roof
On-Demand Webinar

Navigating the SEC Climate Disclosures | Insights and Strategies

Read More
a person holding a pen and a tablet
Article

Trends Watch: Investing in Emerging and Frontier Markets Technology

Read More
View All Insights

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.

Subscribe