More than 56% of internal auditors in the financial services sector in North America consider corporate culture a high risk in their organisations.
A quick poll by the Institute of Internal Auditors (IIA) Financial Services Audit Center (FSAC) revealed that while auditors were worried about the risks, only 7% of organisations have programs specifically dedicated to auditing corporate culture, and 50% simply don't audit culture.
The poll also reveals that concern is higher among directors and senior managers, with 62% considering culture a high risk. So what are they doing about it?
At Walking the Talk, we find that culture is included in routine audit programs more and more often. In fact, it seems to be becoming a key responsibility for internal audit at many organisations.
But where do you start?
“You need to be able to define what good culture is within the specific company environment,” says Jason Pett, US Internal Audit Leader at PwC. “Is that just what the CEO says it is? Is it what the board says it is? Is it what you think it should be? It is a challenge for internal audit functions to audit against something that is a little bit more difficult to pin down.” I believe you need to start with the target culture.
To perform a solid audit of culture, you need to perform the following steps:
- Assess whether a target culture has been defined and whether it is linked to the business imperatives for culture. Does it enable strategy?
- Check systems, processes and symbols within the organisation and assess whether the messages they are sending are aligned or not with the target culture. If not, what messages are they sending?
- Perform a behavioural assessment across the organisation and compare the results with the target behaviours.
If organisations start auditing their culture on a regular basis, we will quickly see a decrease in organisational scandals, because the risk will have been assessed and hopefully mitigated by changing those elements of culture that need to shift.
When was the last time culture was audited in your organisation?