Internal Audit Committee Virtual Meeting 2020

Meeting Summary

RILA recently hosted its 2020 Annual Internal Audit Committee Meeting. Due to the COVID-19 pandemic, the meeting was held virtually for the 1st time! To accommodate the overall content and the member participants’ schedule, the Virtual Meeting was broken down into two parts: Part 1 (September 29, 2020) and Part 2 (October 6, 2020).  Industry and retail experts spoke on seven (7) key retail internal audit topics over the 2 Day Meeting.

Day 1 – September 29, 2020

U.S. Securities and Exchange Commission and the PCAOB Updates and Enforcement Trends - Darren DeStefano, Partner, Cooley discussed SEC Rules regarding control as well as recent PCAOB observations on remote work; increased auditor communications; and enterprise risk management and culture. He also highlighted COVID-19 legal risks and securities disclosure and trends.

  • SEC Guidance Topic 9 - COVID-19 (March 25, 2020) and SEC Guidance Topic 9A - COVID-19 Disclosure Considerations Regarding Operations, Liquidity and Capital Resources (June 23, 2020) are “essential reading” for SEC reporting during 2020. 

  • The SEC and multiple external parties are keenly focused on the behaviors and responses of public companies to the COVID-19 pandemic. Disclosures and actions will be evaluated with the benefit of 20/20 hindsight.


    • Management should proactively identify and monitor COVID-19 risks, including government orders and legislation, with acute focus on new and evolving “mission critical risks.”
    • Companies should consider best practices designed to protect the health and safety of employees, customers, and vendors.
    • Risk “red flags” should be raised to the Board or Audit Committee and meeting discussion topics well-documented.
Acceleration of Retail Internal Audit Transformation During the Pandemic: Inventory Risks and Remote AuditingA PWC panel consisting of Bob Hesselgesser, Partner; Greg Rotz, Managing Director; Suni Shamapande, Consumer Markets Director; Alison Meares, Internal Audit & Digital Solutions Director; and Emily Pruett, Core/External Audit Director covered the dramatic changes to the role and responsibilities of retail internal audit resulting from the COVID-19 pandemic. The PWC team emphasized the need for proactive risk focus, flexible operating models, diversification of and higher precision in the scope and nature of audit activities and leveraging behavioral trends to identify weaker areas within audit plans.​​
  • COVID-19 has significantly accelerated adoption of remote risk analytics.

  • BEST PRACTICE TIP - Factors and observations to consider when using a “virtual  audit”:

    • Updating risk assessment,
    • Consider any history of control deficiencies related to inventory counts or other controls over inventory quantities when factoring totals,
    • Technological abilities and reliability, and
    • Effectiveness of virtual observations of facilities.

Auditing the Cloud: Framework and Challenges- Ivor O’Neill, Director, KPMG detailed how retailers are increasingly relying upon a variety of cloud services to support critical retail operations. Retail internal audit teams are challenged to help companies identify, monitor, and manage cloud-related risks.

  • BEST PRACTICE TIP - Eight (8) key cloud audits risk considerations:

    1. Organization Strategy and Architecture,
    2. Information Security,
    3. Data Governance,
    4. Governance, Risk and Compliance Management,
    5. Availability and Continuity,
    6. Tech Operations,
    7. Vendor Management, and
    8. Business Operations.

Cultural Audit Frameworks - Sarah Martin, Chief Audit Executive, Abercrombie & Fitch Martin discussed the process for developing a cultural audit framework and how it can be used to identify and prioritize audits of key components.

  • BEST PRACTICE TIP - Key pillars of a comprehensive cultural audit should include:

    • Leadership Action,
    • Communication,
    • People Practices,
    • External Environment, and
    • Organizational Design.

Day 2 – October 6, 2020

Privacy and Cyber /Data Protection Through an Internal Audit Lens Privacy and Cyber/Data Protections A panel of EY experts, Angela Saverice-Rohan, Americas Privacy Leader, Mindy Dragisich, Partner, Adam Wright, Managing Director, Advisory Services, detailed how the current COVID pandemic has accelerated cybersecurity and privacy risks, including data collection, data processing, sale of data, third-party service providers, data requests, data accuracy, emerging risks, data security, and data privacy notices.

Reimaging the Audit Function, Getting by with Less: Effective Use of Scrum Agile – A Deloitte team comprised of Kate Ferrara, Advisory Principal, Burke Willis, Advisory Senior Manager, Collin Loomis, Advisory Senior Manager, Lauren Shaw, Advisory Senior Manager, discussed how retail internal audit teams can effectively use iterative scrum agile auditing.

  • BEST PRACTICE TIP - There are four (4) agile values to keep in mind when conducting scrum audits:

    1. Individuals and interactions over processes and procedures,
    2. Business impact over comprehension documentation,
    3. Customer collaboration over negotiating findings, and
    4. Responding to change over following a plan.

Retail Internal Audit's Role in Environmental, Social & Governance (ESG) ReportingBob Hesselgesser, Partner, Carolyn Holcomb, Partner, and Richard Gilchrist, Sustainability Director, PWC highlighted how in response to increased demands for transparency, activist investors and investment advising firms, as well as recent high-profile company scandals and compliance issues, companies are redefining their corporate values, business goals and priorities to include ESG.

  • BEST PRACTICE TIP – Leading retailers are using their internal audit teams and data analytics to develop comprehensive, fact-based narratives detailing their companies’ ESG goals, metrics, performance, and business impact.

Each meeting day, members engaged in robust peer-to-peer benchmarking sessions sharing experiences, challenges, hurdles and successes on selected topics: Internal Audit Department Operations, Audit Plans and Risk Assessments, and COVID-19 and Remote Work-Related Issues. Using virtual platform technology, members were able to rekindle long standing relationships as well as start building new ones.

For more information on RILA’s Internal Audit Committee, please contact Kathleen McGuigan, EVP & Deputy GC at or Tom Casey, VP Legal Affairs at

  • Finance
  • Legal Affairs & Compliance

Stay in the know

Subscribe to our newsletter