Auditing company culture: opportunity and challenge · challenge Tracey Keele, KPMG Advisory...

Auditing company culture:opportunity and challengeTracey Keele, KPMG Advisory Partner

2© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775

Did you know…— That acts of goodness can weaken ethics?— That stress and tiredness make us more vulnerable to ethical lapses?— That cheating is contagious?— That misconduct rates may be highest in markets you expect to realize most growth?— That only 4 percent of issues are reported through hotlines? — That in Tibet, it is considered polite to stick out your tongue at your guests?— That the “soft stuff” is really hard?


ObjectivesUnderstand: — Why you can’t afford to ignore culture— How to action – current practices, tips and considerations— Why auditing culture is both an opportunity & a challenge


Definitions“Soft stuff” = Values, leadership, mindset, behaviors, informal practices, and norms

“Hard stuff” = Processes, policies, and systems

“Culture” = The way things are done around here (i.e., impact of the “soft stuff”)


What is a culture audit?Definition 1: An audit that takes into account culture data points.

Definition 2: An audit that helps assess whether the culture you want is the culture you have. Provides organizational context by explaining the environment, informal norms, and key enablers or barriers to effective working practices.


What does this mean for you? 1. Have you heard about culture auditing previously? 2. Is your Board talking about culture? 3. Is your internal audit team doing something in this space?

Ignore culture at your perilWhy the “soft stuff” is as important as the “hard stuff”?


Why the ‘soft stuff’ matters— Fundamental to risk management and employee conduct. — Integrity is positively correlated to financial performance.*— 40–60 percent of a company’s market cap relates to intangible assets (e.g. reputation).— Over 90 percent of CEOs and CFOs believe that improving culture would improve the

value of their company. Only 15 percent believe their culture is where it needs to be.** — Increasing regulatory attention. — In IIA Surveys, more than half of CAEs see organizational culture as high risk— But, more than half of CAEs (58%) say that they do not audit organizational culture

*Source: “Management, Culture, and Risk” (Corporate Executive Board, 2001); “The Value of Corporate Culture” (Journal of Financial Economics, 2015)

**Source: “Corporate Culture: Evidence from the Field”; Graham, Harvey, Popadak, and Rajgopal; Duke University 2015. Richard Chambers GAM Presentation, 2016.

Presenter

Presentation Notes

“Culture eats strategy for breakfast”

Peter Drucker, has been described as "the founder of modern management"

“The need is not only to focus on hard risk, where the world is now in a much better place, but also to focus on soft riskor culture.”Source: Comments from Sir David Walker (author of the 2009 Walker Report) in 2014 saying that he’d include several new points if he were writing the report today… the main addition being culture, which was nearly absent from the previous report.

“In addition to focusing on plants and production lines and manuals and policies and testing and controls, I urge you to also focus on people.

People are at the heart of what you do, and it is the failures of people—often the combined failures of a number of people—which result in noncompliance.”Source: Maame Ewusi-Mensah, the Deputy Assistant Attorney General of the DOJ shared in a 2013 address to the industry regarding the DOJ’s focus on current Good Manufacturing Practices (cGMP)


Incomplete picture (tip of the iceberg) – Inherent limitations in the design of traditional compliance and audit programs – focusing on formal policies, systems, and practices.

Looking below the surface – Risks associated with culture should be a critical area of focus for boards and senior leaders.

Tip of the iceberg –traditional approach to IAFormal values, governance and management practices

AKA “Hard stuff”

Focus of most compliance and audit programs

Leadership, informal practices,

and norms

Beliefs, mindsets, and behaviors

AKA “Soft stuff” Often missed


Culture can drive desired business outcomes Organizations often struggle to meet competing stakeholders demands.These dilemmas are an opportunity to shape culture and drive desired behavior.

ROIC

Investors

Corporate Effectiveness and

Efficiency

Company

Client Satisfaction Needs

Customers

Contribution to society

Society / Regulators

Employee development and learning

People

• Serve shareholders v. comply with regulatory restraint

• Comply with letter v. spirit of the law

• Reduce costs v. maintaining controls

• Meet compliance standards v. quickly execute transactions

• Risk averse v. flexible and satisfy clients’ needs

• Product profitability v. value to customers


Reflecting on your company culture1. How would you describe the culture of your organization?

2. How do your company values impact strategy and day-to-day operations?

3. How are cultural expectations defined, understood and reinforced?

IA’s Role in Culture is critical.

Change is coming because the soft stuff is just as important as the hard stuff.

How to action


How to drive risk culture change: A frameworkA successful culture program creates an opportunity to leverage culture as a competitive advantage.

Make It ClearAlign organization strategy with risk and compliance strategy to determine where organization wants to be positioned from a culture perspective; define desired culture

Make It KnownUnderstand current culture and how it compares with desired culture; identify gaps and identify value and behavioral enablers; leadership call to action

Make It RealDefine what needs to be done, and how to get to your desired culture (i.e. roadmap); apply culture change frameworks

Make It HappenImplement the roadmap and define measures of success at an initiative and enterprise level

Make It StickMeasure progress against the roadmap (initiative level) and the evolution of organizational culture (enterprise level)

Align Understand Define Implement Measure

Communication & Engagement


KPMG Soft controls model

The fundamentals of organizational culture: 8 soft controls

Speak-up

Reward & enforce

Openness

Discussability

Clarity

Commitment & ownership

Role modelling

Achievability

Behaviour

Corporate stress*; unrealistic goalsInability to challenge authority

Excessive focus on short term goals*; tolerance for small breaches*

Excessive focus on rules

Inability to challenge authority

* Financial Reporting Council – “ Corporate Culture and the Role of Boards” July 2016

Actions don’t match words

Siloed thinking

Blame culture


Practices for auditing culture –making it stick

Culture root causingA deeper level of examination of the causes underlying audit results or other risk signals.

Expanded universe Perform new or deeper audits of areas not historically covered to get clearer view of culture. Pay attention to the “soft stuff”.

Greater use of tools such as surveys, maturity models, and workshops.

Observed behaviorsAuditors provide perspective on behaviors observed through the audit process.

Direct measurementAudits of culture against defined measures that look across qualitative and quantitative data points to assemble a picture.

Low Difficulty and impact High

Culture root causing Observed behaviors Expanded universe Direct measurement


Example Scenario

Company Major Automobile Manufacturer

Project Review the quality controls of its standard manufacturing processes after safety complaints were registered

Identified issues Review noted that line workers were not double checking parts for quality before installing.

Remediation Provide additional training in order to ensure that employees continue to double check parts for quality before installing


Digging Beneath the SurfaceWithout digging beneath the surface, how do we know training is the right intervention?

• Speak-up: Do management and employees feel comfortable to report errors and incidents of misconduct?

• Role Modeling: Is the desired organizational behavior of management and employees visible?

• Reward & Enforce? Is desired behavior rewarded and misconduct addressed? Do people learn from mistakes and incidents?

• Achievability: Are workers set up to succeed or are there underlying pressures or complexity that impact their performance?


Common challenges— Lack of clarity on desired culture or values— Lack of buy-in management and/or Board buy-in

- Confidence in audit team- General skepticism on topic or need for assurance over culture- Don’t want to know

— Lack of experience and capabilities— Discomfort in grey areas/judgment — Confidentiality and gaining trust


Practical First Steps― Initiate the dialog within your companies – Board and Management.― Understand not only the opportunity, but the risks and pitfalls― Get everyone onboard― Develop trust with AC that allows subjective judgments― Work cross functionally and find a champion(s)― Incorporate auditing culture into the IA charter― Think hard about required skillset (in or outsource?)


Questions to consider1. What is the vision for IA and how can auditing culture complement your

strategic ambitions?

2. What are some practical next steps you can take to move this forward?

3. What is your top opportunity & challenge?

Thank you

© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775

The KPMG name and logo are registered trademarks or trademarks of KPMG International.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

kpmg.com/socialmedia

Auditing company culture: opportunity and challenge · challenge Tracey Keele, KPMG Advisory...

Documents

Transcript of Auditing company culture: opportunity and challenge · challenge Tracey Keele, KPMG Advisory...