In recent years, focus has been magnified on the relationship between corporate culture and risk. Establishing frameworks for promoting and facilitating an ethical and honest culture within your organisation can go a long way to reinforcing your internal controls. Equally, neglecting the influence of corporate culture on good governance could significantly mitigate the impact of these controls or even result in them failing altogether.
As per the Malta Financial Services Authority (MFSA) Risk Culture Statement, establishing a positive risk culture encourages an open and proactive approach to managing risks and increases the likelihood of risks being appropriately identified, assessed, communicated and managed across all levels of an entity [1]. With this in mind, it is only natural that a considerable level of effort has now started to be placed on establishing and nurturing the correct standards of conduct within organisations.
One of the key indicators as to whether an entity is fostering and promoting a favourable culture is the level of satisfaction and engagement amongst its employees. Gauging the perception of the staff with regards to current working practices, through either pulse surveys or alternative means of measurement, can provide key insights into the shared attitudes and values within a company.
Analysing the level and potential root causes of staff turnover, which may be supported further by exit interviews from departing employees, will also call attention to whether favourable governance principles are being promoted. It is also probable that any results identified, be they favourable or otherwise, will be highly affected by the human resource (HR) practices employed by the company in question, which presents another potential avenue to examine the behaviours and ethics being sought and promoted.
Though typically more associated with hard controls, the impetus placed on compliance and risk management-related matters can also serve as a useful barometer of the cultural considerations and strength of soft controls within an organisation.
The seriousness afforded to any historic control deficiencies identified by the firm, combined with indications on the timeliness and effectiveness of any corrective action, are likely to also demonstrate whether or not a healthy culture regarding corporate governance has been fostered within an entity. Assessment of staff training programmes, either in terms of frequency of performance, attendance records or other alternative methods of evaluating training effectiveness, may support this even further.
Assessing the above will aid organisations in creating a clearer picture of their cultural makeup and shed light on the consideration afforded to competence, trust, shared values, leadership, and ethical standards.
Many stakeholders have begun to consider auditing the culture of their entities to be a key component of their approaches to risk management. The third line of defence, Internal Audit (IA) teams, can play a key role in facilitating these types of assessments due to the unique position they bear as an independent and objective function.
Knowledge gained from previous audit reviews makes the IA function well placed to provide perspective, based on previous observations made, on organisational practices and the resulting risk culture. The result is that it has become increasingly common for IA teams to be asked to review and provide an assessment of their clients’ culture and governance habits.
No one-size-fits-all approach
Naturally, the soft control aspects of audits and risk assessments will need to be tailored for each organisation to reflect the pertinent environments, opportunities and challenges they face. It must also be noted that audit teams such as IA cannot and should not be relied on as the sole source of insight and control with regard to the culture within an organisation. For IA to effectively analyse and audit culture, they will need clear visibility on the corporate governance values desired and promoted by top-level management and executives from within their own companies. Once these values have been established the company, aided by their audit teams, can set out to develop effective practices to align behaviours with the culture they wish to promote.
There is significant value to be had from an independent judgement of an entity’s cultural health and the mechanisms through which it is monitored. Indeed, as part of their recently published Supervision Priorities for 2023, the MFSA has stressed that assessments on whether firms are promoting appropriate compliance cultures are to be considered a top priority for the forthcoming year once again [2]. Establishing a comprehensive approach to promoting exemplary behaviours concerning the working environment has the potential to yield substantial benefits across all sections of an organisation.
Contact us
