David Iacucci, CPA, CRCM Denise Melious, CPA 29-Apr-19 AXP Internal 1
Learning Objectives Understand what the elements of a strong organizational culture are Understand regulatory expectations for organizational culture Understand the role of internal audit in assessing organizational culture Understand key elements of an organizational culture audit program 29-Apr-19 AXP Internal 2
Organizational Culture “While it can be tempting to dismiss the significance of a strong corporate culture, it has the potential to make or break your organization” Thought Farmer - “When I talk of the culture of an organization, I refer to its values and how these values are translated into everyday actions” Professor Sir Ian Kennedy - Source: MIT Sloan Management Review 29-Apr-19 AXP Internal 3
Elements of a Strong Organizational Culture • “Strong cultures have two common elements: there is a high level of Organizational Values agreement about what is valued, and a high level of intensity with regard Incentives & Tone at the Top to those values” – Deloitte Rewards • Simply defining an organization ’s Culture of Integrity mission, values, and code of conduct is not enough Consistency of Ability and Messaging Comfort in Throughout the Speaking Up Organization • That mission and values need to be embodied through the Accountability communication and behaviors of a company’s senior leaders *Source: Deloitte 29-Apr-19 AXP Internal 4
Factors Influencing Culture *Source: IIA 2016 North American Pulse of Internal Audit 29-Apr-19 AXP Internal 5
Regulatory Expectations for Organizational Culture “My assessment of recent history is that there has not been a case of a major prudential or conduct failing in a firm which did not have among its root causes a failure of culture as manifested in governance, remuneration, risk management or tone from the top” – Andrew Bailey “Culture is the implicit norms that guide behavior in the absence of regulations or compliance rules” – William Dudley Source: Fraser Institute 29-Apr-19 AXP Internal 6
Regulatory Expectations A strong culture is consistent with long term shareholder, employee, customer, and societal interests, as well as law and regulation While tone at the top is important, a strong culture is truly defined by the daily actions of the entire organization An institution’s culture, along with governance, is pivotal to building public trust and confidence in financial services While regulators typically don’t prescribe an institutional culture model, they are constantly assessing an institution’s culture through its day-to-day supervision 29-Apr-19 AXP Internal 7
The Role of Internal Audit in Assessing Organizational Culture Source: Tarrantcounty.com 29-Apr-19 AXP Internal 8
Role of Internal Audit Internal Audit is uniquely positioned to assess organizational culture given its: Independence, Objectivity; and Strong knowledge of business processes, risk appetite, policies and procedures, and compliance requirements However, recent data suggests that only 42 percent of internal audit groups audit culture Why is that? Source: PwC 29-Apr-19 AXP Internal 9
Role of Internal Audit cont. Does internal audit have a clear mandate to audit culture? Opinions of executive management is mixed Can culture be measured? Yes, but it requires a broad approach including both quantitative and qualitative measures Does internal audit have the required skillset? Typically, yes; however, additional training is usually necessary *Source: IIA 2016 North American Pulse of Internal Audit 29-Apr-19 AXP Internal 10
Key Elements of an Organizational Culture Audit Program 29-Apr-19 AXP Internal 11
Organizational Culture Audit Program There is not a one-size-fits-all approach to auditing culture Can be audited at the entity level, embedded into individual audits on the annual audit plan, or a combination of both Audits of culture should combine both hard and soft control testing Root cause analysis (i.e. connect the dots of already raised audit, second line, and external findings) Perform structured interviews Use anonymous employee surveys Review of ethics hotline / whistleblower cases Data analysis / analytics (e.g. how often does the business miss deadlines in addressing risk events and other internal / external findings / issues, customer complaints, etc.) Review incentive plans to ensure appropriate balance between risk and reward 29-Apr-19 AXP Internal 12
Keys to a Successful Organizational Culture Audit Program Align with senior leaders across the company on the scope of the review Define upfront how the results of the audit will be reported The standard audit report format may not be the best delivery mechanism Keep in mind that organizational culture is subject to a maturity model The institution might be in the first year of implementing a new company culture Strong communication and negotiating skills are necessary to deliver potentially unpalatable findings with mostly subjective evidence 29-Apr-19 AXP Internal 13
29-Apr-19 AXP Internal 14
Recommend
More recommend
