Recent ethical scandals have put corporate culture in the spotlight. They reveal that a weak or toxic corporate culture may encourage inappropriate behavior across the organization. PwC held an Internal Audit Roundtable in Geneva to take on this topic. Here are some pieces of advice and best practices from the roundtable to help you achieve a healthier and stronger culture.
What is the role of Internal Audit in restoring trust in and within the organization?
There is an increasing expectation from the Board and Senior Management for Internal Audit functions to provide cultural assurance to the organization. Indeed, Internal Audit functions are well positioned to provide an independent assessment of corporate culture, while leveraging on their understanding of the organization.
How should it be performed?
As there is no “one size fits all” approach to auditing culture, Internal Audit plays a key role in helping the Board define the scope of the assessment (e.g. culture, risk culture), the framework to assess against (e.g. corporate values, behaviors, strategic priorities, etc.) and design the approach. To get a good coverage across high cultural risk areas, Internal Audit will likely use a combination of approaches including discrete culture reviews, thematic reviews and/or incorporating a cultural component into regular audits. It can also draw on a variety of data from different sources such as focus groups, employee surveys, desktop reviews and behavioral observations.
What value does it bring to the organization?
Culture assessments help the Board identify how the ‘intended’, ‘expressed’ and ‘actual’ culture is aligned within the organization. The ultimate value delivered to the business is the identification of behaviors having positive or detrimental impact and the drive for embedding positive behaviors across all layers of the organization.
In short, auditing corporate culture is not so much a one-time audit but rather a tool to assess the existing corporate culture and to start the journey for a healthier and stronger culture.
What Internal Audit Leaders in Switzerland think about it:
“ Our corporate culture is not strong enough. However, the organization is not yet ready for this type of assessment. ”
“ When I audited this local entity, I could feel that people wanted to talk to me about something that was wrong. ”
“ In my organization, this could work if we do not call it an audit, but rather an assessment. ”
“ We already started this type of cultural audit through a thematic review on fraud. ”
“ This type of assessment would probably highlight that our intended culture (purpose, vision, values) is not aligned with our expressed culture (leadership action, objectives, etc). ”
What are the top 3 questions you may ask yourself if you want to further explore this topic within your organization?
- Where is there cultural risk in my organization?
- What criteria do I assess against and what is in scope?
- How do I get Management buy-in and establish the mandate?
In our Internal Audit roundtable in Geneva, it was noted that not very many Internal Audit functions in Switzerland have actively addressed culture within their audit plans. At the same time, Chief Audit Executives recognize the value of culture and how it can play a key role in fostering good governance and a healthy control environment. A diverse array of approaches and techniques can be used by Internal Audit to assess culture and provide additional value add for Management and Boards.
Download the PDF version of this article here:
To learn more about this topic, please feel free to contact our Internal Audit Services team.
Partner, Internal Audit Services, PwC Geneva
firstname.lastname@example.org / +41 58 792 94 48
Partner, Internal Audit Services, PwC Zurich
email@example.com / +41 58 792 27 82
Director, Internal Audit Services, PwC Geneva
firstname.lastname@example.org / +41 58 792 98 52
Manager, Internal Audit Services, PwC Geneva
email@example.com / +41 58 792 96 23