David Iacucci, CPA, CRCM Denise Melious, CPA 29-Apr-19 AXP - - PowerPoint PPT Presentation

david iacucci cpa crcm denise melious cpa
SMART_READER_LITE
LIVE PREVIEW

David Iacucci, CPA, CRCM Denise Melious, CPA 29-Apr-19 AXP - - PowerPoint PPT Presentation

Nov 30, 2023 106 likes •255 views

David Iacucci, CPA, CRCM Denise Melious, CPA 29-Apr-19 AXP Internal 1 Learning Objectives Understand what the elements of a strong organizational culture are Understand regulatory expectations for organizational culture Understand the

slide-1
SLIDE 1

David Iacucci, CPA, CRCM Denise Melious, CPA

AXP Internal 29-Apr-19 1

slide-2
SLIDE 2

Learning Objectives

— Understand what the elements of a strong organizational culture are — Understand regulatory expectations for organizational culture — Understand the role of internal audit in assessing organizational culture — Understand key elements of an organizational culture audit program

AXP Internal 29-Apr-19 2

slide-3
SLIDE 3

Organizational Culture

“While it can be tempting to dismiss the significance of a strong corporate culture, it has the potential to make or break your organization”

  • Thought Farmer

“When I talk of the culture of an organization, I refer to its values and how these values are translated into everyday actions”

  • Professor Sir Ian Kennedy

AXP Internal 29-Apr-19 3

Source: MIT Sloan Management Review

slide-4
SLIDE 4

Elements of a Strong Organizational Culture

Culture of Integrity Organizational Values Tone at the Top Consistency of Messaging Throughout the Organization Accountability Ability and Comfort in Speaking Up Incentives & Rewards

AXP Internal 29-Apr-19 4

  • “Strong cultures have two common

elements: there is a high level of agreement about what is valued, and a high level of intensity with regard to those values” – Deloitte

  • Simply defining an organization’s

mission, values, and code of conduct is not enough

  • That mission and values need to be

embodied through the communication and behaviors of a company’s senior leaders

*Source: Deloitte

slide-5
SLIDE 5

Factors Influencing Culture

AXP Internal 29-Apr-19 5

*Source: IIA 2016 North American Pulse of Internal Audit

slide-6
SLIDE 6

Regulatory Expectations for Organizational Culture

AXP Internal 29-Apr-19 6

“My assessment of recent history is that there has not been a case of a major prudential or conduct failing in a firm which did not have among its root causes a failure of culture as manifested in governance, remuneration, risk management or tone from the top” – Andrew Bailey “Culture is the implicit norms that guide behavior in the absence of regulations

  • r compliance rules” – William Dudley

Source: Fraser Institute

slide-7
SLIDE 7

Regulatory Expectations

— A strong culture is consistent with long term shareholder, employee,

customer, and societal interests, as well as law and regulation

— While tone at the top is important, a strong culture is truly defined by the

daily actions of the entire organization

— An institution’s culture, along with governance, is pivotal to building public

trust and confidence in financial services

— While regulators typically don’t prescribe an institutional culture model, they

are constantly assessing an institution’s culture through its day-to-day supervision

AXP Internal 29-Apr-19 7

slide-8
SLIDE 8

The Role of Internal Audit in Assessing Organizational Culture

AXP Internal 29-Apr-19 8

Source: Tarrantcounty.com

slide-9
SLIDE 9

Role of Internal Audit

— Internal Audit is uniquely positioned

to assess organizational culture given its:

— Independence, — Objectivity; and — Strong knowledge of business processes, risk

appetite, policies and procedures, and compliance requirements

— However, recent data suggests that

  • nly 42 percent of internal audit

groups audit culture

— Why is that?

AXP Internal 29-Apr-19 9

Source: PwC

slide-10
SLIDE 10

Role of Internal Audit cont.

AXP Internal 29-Apr-19 10

— Does internal audit have a clear

mandate to audit culture?

— Opinions of executive management is mixed

— Can culture be measured?

— Yes, but it requires a broad approach including

both quantitative and qualitative measures

— Does internal audit have the required

skillset?

— Typically, yes; however, additional

training is usually necessary

*Source: IIA 2016 North American Pulse of Internal Audit

slide-11
SLIDE 11

Key Elements of an Organizational Culture Audit Program

AXP Internal 29-Apr-19 11

slide-12
SLIDE 12

Organizational Culture Audit Program

— There is not a one-size-fits-all approach to auditing culture

— Can be audited at the entity level, embedded into individual audits on the annual audit plan, or a

combination of both

— Audits of culture should combine both hard and soft control testing

— Root cause analysis (i.e. connect the dots of already raised audit, second line, and external findings) — Perform structured interviews — Use anonymous employee surveys — Review of ethics hotline / whistleblower cases — Data analysis / analytics (e.g. how often does the business miss deadlines in addressing risk events

and other internal / external findings / issues, customer complaints, etc.)

— Review incentive plans to ensure appropriate balance between risk and reward

AXP Internal 29-Apr-19 12

slide-13
SLIDE 13

Keys to a Successful Organizational Culture Audit Program

— Align with senior leaders across the company on the scope of the review — Define upfront how the results of the audit will be reported

— The standard audit report format may not be the best delivery mechanism

— Keep in mind that organizational culture is subject to a maturity model

— The institution might be in the first year of implementing a new company culture

— Strong communication and negotiating skills are necessary to deliver

potentially unpalatable findings with mostly subjective evidence

AXP Internal 29-Apr-19 13

slide-14
SLIDE 14

AXP Internal 29-Apr-19 14