Auditing Financial Service Companies in a Virtual Business Model

RMA’s recent Risk Readiness Special Coverage Webinar explored the challenges, pitfalls, and best practices related to working and auditing from home. Given the changing risk profiles of financial services companies, the presenters shared real life examples of how, and what, they are focusing on as audit professionals in a virtual world.

Sponsored by the RMA Internal Audit Council, the panel of audit experts consisted of Jack MacNamara, Managing Director, Internal Audit Division of the Bank of New York Mellon (BNYM), Deputy Chief Auditor, and Chair of the RMA Internal Audit Council; Chigusa Hara, Managing Director, Morgan Stanley and Global Head of Enterprise-wide functions audit; David Horn, Senior Audit Director, Bank of New York Mellon (BNYM), Investment Management Technology Audit globally and Technology Audit for the EMEA region; and Richard Reynolds, national leader for PwC's Internal Audit, Compliance, and Risk Services practice for the financial services industry.

The panelists agreed that at the start of the work-from-home orders they were mindful of employees’ working environments and situations, i.e. children at home, homeschooling, caring for elderly parents, etc. Now that many weeks have passed, the panelists have been shifting the focus to team morale and increasing connectedness and motivation through video meetings, particularly informal check-ins like coffee breaks, happy hours, and virtual team building experiences.

Clearly, there is currently difficulty in performing in-bank audits and visits to branches and data centers have been delayed. The panelists are shifting the focus on training and transitioning resources to other projects that have been in queue. They advised to keep audit plans current and relevant considering the impact of control changes as well as changes in priority and scheduling. They also recommended being mindful of auditees’ circumstances by staying connected and taking the time to understand their control changes and new working environments.

The panelists also cautioned against the threat of emerging risks particularly to process and technology. They advised being mindful of the associated risks with using digital signatures, payment authorization processes, and oversight of third parties. Cyber threats are on the rise associated in part to the new infrastructures to support work from home. Auditors need to also be aware of the impact of increased remote scenarios on logging, alerting, and monitoring, as well as risks associated with stressed network bandwidth, support infrastructure, and resources.

Stay tuned for more information about these upcoming webinars:

  • Wednesday, May 20: Increases in Fraud Risk That Auditors Should Be Aware Of In Today's Virtual Business
  • Wednesday, June 3: Return to Normalcy – What Internal Audit Should Focus On?

How the Financial System Can Help Solve the Climate Crisis - And Create Prosperity to Boot

Read More

Meet the RMA Board: An Interview with RMA Credit Risk Council Chair and TIAA Chief Credit Officer Seth Waller

Read More

The Shape of Model Risk Management to Come

Read More

comments powered by Disqus