Publication Cover
EDPACS
The EDP Audit, Control, and Security Newsletter
Volume 64, 2021 - Issue 6
185
Views
0
CrossRef citations to date
0
Altmetric
Research Article

WHY INTERNAL AUDIT SHOULD ASSESS CORPORATE CULTURE – A HOW-TO EXAMPLE

 

Abstract

While culture is integral to corporate governance, risk management and controls, yet many Internal Audit functions do not provide assurance and advisory services on culture. This article will explain why Internal Audit should assess corporate culture. The key drivers are as follows:

  • Culture has been widely recognized as the root causes for corporate scandals, failures and successes.

  • Culture is a top risk cited by Internal Audit’s stakeholders, regulators, institutional investors and professional bodies.

  • A strong positive culture could be a competitive advantage and an enabler to maximizing opportunities.

  • Governing bodies have oversight responsibilities for culture.

  • Management have responsibilities for determining, establishing, sustaining, reinforcing and adapting the desired culture.

  • Internal Audit has responsibilities for providing independent, objective assurance and advisory services for corporate culture.

This article will also provide examples on ways to learn about the culture of your organization and illustrate how to incorporate culture review in an IT audit project.

Exhibit A. Examples of Expected Behaviors for Key Roles in Implementation of System A.

The purpose of this exhibit is to provide some examples of expected behaviors of the PS, TL and TMs relating to the 8 Core Values and the survey questions for assessing if the actual behaviors were consistent with the expected behaviors. This exhibit is not meant to include all the survey questions.

When compiling the survey questions, all the questions for PS should be consolidated in the PS Survey, all those for TL on the TL Survey, and all those for TMs on the TM Survey.

Survey questions PS1, TL1, and TMs1 are related. Survey questions PS2, TL2, and TMs2 are related, and so forth for Core Value/Operating Principle/Expected Behaviors. IA should compare the response ratings of the PS, TL and TMs to identify positive ratings, negative ratings, significant variances among the three groups and contributing root causes.

Survey Response Rating Scale

SA = Strongly Agree

A = Agree

D = Disagree

SD = Strongly Disagree

DK = Don’t Know

Notes

1. Corporate Culture: Evidence from the Field, Duke University, 2018; John R. Graham, Duke University, National Bureau of Economic Research (NBER); Campbell R. Harvey, Duke University, National Bureau of Economic Research; Jillian Popadak, Duke University; Shiva Rajgopal, Columbia University.

Additional information

Notes on contributors

Angelina Chin

Angelina Chin, CPA, CIA, CRMA, CCSA. Angie is a retired executive of General Motors Company and Federal Reserve Bank of Chicago. She has 40 years of global audit and leadership experience in Finance and operations. She developed a deep appreciation of culture through her global experience in Strategic and Process Risk Management, SOX 404 Compliance Implementation, Finance Change Initiatives, audit and investigation, and as the Controller for General Motors do Brasil. Angie has been active on the IIA Board and Committees. She currently serves as the Vice Chair of its Committee of Research and Education Advisors. She co-authored and reviewed many IIA Practice Guides and publications. She was also a co-author and reviewer of Sawyer’s Internal Auditing, 7th Edition – Enhancing and Protecting Organizational Value (2019). She is the author of Understanding and Auditing Corporate Culture - A Maturity Model Approach published by The Internal Audit Foundation.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.