In the disruption of the past year, a highlight for me was the efficiency with which over 4,000 people in regional and head offices picked up their laptops and other belongings and immediately started working securely from home. It wasn’t completely without challenges – it was the first time the technology was used with this level of demand – but it was brilliant to see that our customer support functions continued to deliver professionally and consistently, particularly when handling insurance claims.
It was made possible because of the underlying IT technology platform and some established homeworking processes. We also had an established infrastructure to manage crises, but it focused on closing individual offices and moving to back-up sites. Nothing quite like the scale of closing all our offices.
A priority was to set up regular communications channels to keep staff informed about the company’s response to the pandemic and how it would support them. We’d done regular scenario activities, practising for denial-of-service attacks and office closures in the past, but nothing on this scale.
One important lesson was recognising just how fast events elsewhere can affect us. The wider group was quick to react and put in place a word wide co-ordination of local activities, identifying, developing and sharing best practices. There remain regular ongoing discussions with colleagues across different Allianz companies.
Weekly ‘broadcast’ calls were hosted by senior management to keep staff updated on developments, with question and answer sessions through which staff could express any concerns. Additional wellbeing support and flexible working were introduced. No one was put on furlough and everyone continued to be paid on time. In the first three months of the crisis, teams put in place their own local team meetings, discussion forms and other innovative ideas (weekly quizzes, recognition schemes, and walking meetings) to keep in touch and keep motivated.
This was important because the pandemic wasn’t the only disruption we faced. Internal audit went from a team of ten people at the end of 2019 to a team of 18 by the end of 2020, following the acquisitions of the Liverpool Victoria General Insurance Business and Legal & General Insurance. We had a couple of months before the first lockdown to meet and greet our new colleagues again followed by other new joiners who had to be on-boarded remotely.
The Internal audit team discussed how we could best support the business at this critical time whilst still delivering a 3rd line of defence assurance activity. This coincided with guidance received from the Group Audit team based on three principles.
Firstly to ‘audit what matters now’. We reviewed our plan and re-prioritised audits based on new risks and business pressures, identifying core, non-core and unplanned work that included short, focused reviews of critical issues, such as the homeworking controls, and temporary control changes introduced in response to the crisis. Secondly, to ensure there were ‘no surprises’ we set up additional discussions with the Audit Committee Chair and executive management to agree audit timings and adjusted scopes, based on agile principles.
Thirdly, we undertook to ‘be pragmatic’ when closing audit actions. Highest risk actions were completed on time, but we extended deadlines for closing lower risk actions if requested to enable management to deal with pandemic-related issues. We also worked closer than normal with second-line colleagues to ensure or combined assurance activities to address the critical risks.
The questions now include: should we continue to work and perform audits remotely? What will a new working model look like? What office space will we need in future?
Globally, Allianz is driving further substantial changes to meet environmental targets. For example, challenging the amount of office space actually required in the future and how to sustain a reduction in travelling. I don’t expect to be flying to attend a single meeting overseas this year!
As an audit team, we’re developing the way we use data analytics and have recruited a dedicated data analyst to assist on every audit. This will help in extending the scope of our assurance work but won’t necessarily fill the gap left if no physical meetings and personal contact with auditees and their teams becomes the norm.
For me, an important lesson from the recent disruption has been the value of collaboration within the profession and the wider internal audit community, via the Chartered IIA’s forums and other professional services groups. It was hugely helpful to share challenges, lessons and experiences and was a fantastic testament to the profession.