Internal audit of COVID-19 policy Internal audit of COVID-19 policy

Recently, the Belgian federal government implemented stricter measures in the battle against COVID-19. As with every measure, personal responsibility is paramount. By holding an audit of your COVID-19 policy, you take the responsibility to determine whether your organization meets the set requirements and whether the measures indeed lead to the desired behavioral change in your organization.

Social distancing, hygiene measures, office occupation limitations, walking routes, and guidelines for contacts with customers, suppliers and other stakeholders. Most organizations have now drawn up rules for these subjects that should limit the chance of further spread of the coronavirus as much as possible. With organizations at risk of severe sanctions in case of non-compliance with COVID-19 measures, there is a need to gain more assurance regarding the operation of a COVID-19 policy, as well as the related measures and controls.

As the effectiveness of rules largely depends on the behavior and attitude of your employees, this requires an audit that looks beyond policy and what is on paper. This can be done by including soft controls in the audit approach. Ultimately, it is about achieving a structured change in behavior and therefore about believing, understanding, willingness and adaptability. Meanwhile, a number of internal audit functions have now successfully made use of the KPMG soft controls methodology in an audit of their COVID-19 policy.

With our approach, we propose working together on a program that suits the specific context of your organization. We can guide and support you with the tools we have developed in recent years and the insights we have gained through using our proven methodology numerous times in a variety of audits. The activities in the context of this audit concern both the hard policy-related side and - based on KPMG's soft controls methodology - the soft behavioral and culture component.

The audit approach may include any of the following activities:

• Analyzing policy documents and checking whether the drawn up policy meets the requirements set by your organization and the government.
• Measuring support, motivation and feasibility with regard to compliance with the policy on the basis of a concise survey.
• Observing behavior to check whether employees structurally adhere to the agreements and whether they set a good example to colleagues.
• Interviewing individual employees or per group to identify dilemmas and concerns around complying with the rules.
• Analyzing the cause of structural non-compliance with agreements.
• Advising on how the employee and organization can learn from the observations.

In our feedback, we report concisely and insightfully about the activities mentioned and we answer the following questions:

• Does the policy meet the set requirements?
• How are the measures, their practicality and effectiveness perceived by the employees?
• How is their support and motivation regarding the policy compliance?
• To what extent do employees adhere to the various parts of this policy?
• What are the bottlenecks and / or dilemmas that arise, and what are the underlying causes?
• What are the recommendations to improve and contribute to the learning and development of the organization?

We are happy to answer any questions you may have on this important topic.