Auditing company culture: opportunity and challenge · challenge Tracey Keele, KPMG Advisory...
Transcript of Auditing company culture: opportunity and challenge · challenge Tracey Keele, KPMG Advisory...
Auditing company culture:opportunity and challengeTracey Keele, KPMG Advisory Partner
2© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Did you know…— That acts of goodness can weaken ethics?— That stress and tiredness make us more vulnerable to ethical lapses?— That cheating is contagious?— That misconduct rates may be highest in markets you expect to realize most growth?— That only 4 percent of issues are reported through hotlines? — That in Tibet, it is considered polite to stick out your tongue at your guests?— That the “soft stuff” is really hard?
3© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
ObjectivesUnderstand: — Why you can’t afford to ignore culture— How to action – current practices, tips and considerations— Why auditing culture is both an opportunity & a challenge
4© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Definitions“Soft stuff” = Values, leadership, mindset, behaviors, informal practices, and norms
“Hard stuff” = Processes, policies, and systems
“Culture” = The way things are done around here (i.e., impact of the “soft stuff”)
5© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
What is a culture audit?Definition 1: An audit that takes into account culture data points.
Definition 2: An audit that helps assess whether the culture you want is the culture you have. Provides organizational context by explaining the environment, informal norms, and key enablers or barriers to effective working practices.
6© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
What does this mean for you? 1. Have you heard about culture auditing previously? 2. Is your Board talking about culture? 3. Is your internal audit team doing something in this space?
Ignore culture at your perilWhy the “soft stuff” is as important as the “hard stuff”?
8© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Why the ‘soft stuff’ matters— Fundamental to risk management and employee conduct. — Integrity is positively correlated to financial performance.*— 40–60 percent of a company’s market cap relates to intangible assets (e.g. reputation).— Over 90 percent of CEOs and CFOs believe that improving culture would improve the
value of their company. Only 15 percent believe their culture is where it needs to be.** — Increasing regulatory attention. — In IIA Surveys, more than half of CAEs see organizational culture as high risk— But, more than half of CAEs (58%) say that they do not audit organizational culture
*Source: “Management, Culture, and Risk” (Corporate Executive Board, 2001); “The Value of Corporate Culture” (Journal of Financial Economics, 2015)
**Source: “Corporate Culture: Evidence from the Field”; Graham, Harvey, Popadak, and Rajgopal; Duke University 2015. Richard Chambers GAM Presentation, 2016.
“Culture eats strategy for breakfast”
Peter Drucker, has been described as "the founder of modern management"
“The need is not only to focus on hard risk, where the world is now in a much better place, but also to focus on soft riskor culture.”Source: Comments from Sir David Walker (author of the 2009 Walker Report) in 2014 saying that he’d include several new points if he were writing the report today… the main addition being culture, which was nearly absent from the previous report.
“In addition to focusing on plants and production lines and manuals and policies and testing and controls, I urge you to also focus on people.
People are at the heart of what you do, and it is the failures of people—often the combined failures of a number of people—which result in noncompliance.”Source: Maame Ewusi-Mensah, the Deputy Assistant Attorney General of the DOJ shared in a 2013 address to the industry regarding the DOJ’s focus on current Good Manufacturing Practices (cGMP)
12© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Incomplete picture (tip of the iceberg) – Inherent limitations in the design of traditional compliance and audit programs – focusing on formal policies, systems, and practices.
Looking below the surface – Risks associated with culture should be a critical area of focus for boards and senior leaders.
Tip of the iceberg –traditional approach to IAFormal values, governance and management practices
AKA “Hard stuff”
Focus of most compliance and audit programs
Leadership, informal practices,
and norms
Beliefs, mindsets, and behaviors
AKA “Soft stuff” Often missed
13© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Culture can drive desired business outcomes Organizations often struggle to meet competing stakeholders demands.These dilemmas are an opportunity to shape culture and drive desired behavior.
ROIC
Investors
Corporate Effectiveness and
Efficiency
Company
Client Satisfaction Needs
Customers
Contribution to society
Society / Regulators
Employee development and learning
People
• Serve shareholders v. comply with regulatory restraint
• Comply with letter v. spirit of the law
• Reduce costs v. maintaining controls
• Meet compliance standards v. quickly execute transactions
• Risk averse v. flexible and satisfy clients’ needs
• Product profitability v. value to customers
14© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Reflecting on your company culture1. How would you describe the culture of your organization?
2. How do your company values impact strategy and day-to-day operations?
3. How are cultural expectations defined, understood and reinforced?
IA’s Role in Culture is critical.
Change is coming because the soft stuff is just as important as the hard stuff.
How to action
17© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
How to drive risk culture change: A frameworkA successful culture program creates an opportunity to leverage culture as a competitive advantage.
Make It ClearAlign organization strategy with risk and compliance strategy to determine where organization wants to be positioned from a culture perspective; define desired culture
Make It KnownUnderstand current culture and how it compares with desired culture; identify gaps and identify value and behavioral enablers; leadership call to action
Make It RealDefine what needs to be done, and how to get to your desired culture (i.e. roadmap); apply culture change frameworks
Make It HappenImplement the roadmap and define measures of success at an initiative and enterprise level
Make It StickMeasure progress against the roadmap (initiative level) and the evolution of organizational culture (enterprise level)
Align Understand Define Implement Measure
Communication & Engagement
18© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
KPMG Soft controls model
The fundamentals of organizational culture: 8 soft controls
Speak-up
Reward & enforce
Openness
Discussability
Clarity
Commitment & ownership
Role modelling
Achievability
Behaviour
Corporate stress*; unrealistic goalsInability to challenge authority
Excessive focus on short term goals*; tolerance for small breaches*
Excessive focus on rules
Inability to challenge authority
* Financial Reporting Council – “ Corporate Culture and the Role of Boards” July 2016
Actions don’t match words
Siloed thinking
Blame culture
19© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Practices for auditing culture –making it stick
Culture root causingA deeper level of examination of the causes underlying audit results or other risk signals.
Expanded universe Perform new or deeper audits of areas not historically covered to get clearer view of culture. Pay attention to the “soft stuff”.
Greater use of tools such as surveys, maturity models, and workshops.
Observed behaviorsAuditors provide perspective on behaviors observed through the audit process.
Direct measurementAudits of culture against defined measures that look across qualitative and quantitative data points to assemble a picture.
Low Difficulty and impact High
Culture root causing Observed behaviors Expanded universe Direct measurement
20© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Example Scenario
Company Major Automobile Manufacturer
Project Review the quality controls of its standard manufacturing processes after safety complaints were registered
Identified issues Review noted that line workers were not double checking parts for quality before installing.
Remediation Provide additional training in order to ensure that employees continue to double check parts for quality before installing
21© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Digging Beneath the SurfaceWithout digging beneath the surface, how do we know training is the right intervention?
• Speak-up: Do management and employees feel comfortable to report errors and incidents of misconduct?
• Role Modeling: Is the desired organizational behavior of management and employees visible?
• Reward & Enforce? Is desired behavior rewarded and misconduct addressed? Do people learn from mistakes and incidents?
• Achievability: Are workers set up to succeed or are there underlying pressures or complexity that impact their performance?
22© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Common challenges— Lack of clarity on desired culture or values— Lack of buy-in management and/or Board buy-in
- Confidence in audit team- General skepticism on topic or need for assurance over culture- Don’t want to know
— Lack of experience and capabilities— Discomfort in grey areas/judgment — Confidentiality and gaining trust
23© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Practical First Steps― Initiate the dialog within your companies – Board and Management.― Understand not only the opportunity, but the risks and pitfalls― Get everyone onboard― Develop trust with AC that allows subjective judgments― Work cross functionally and find a champion(s)― Incorporate auditing culture into the IA charter― Think hard about required skillset (in or outsource?)
24© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
Questions to consider1. What is the vision for IA and how can auditing culture complement your
strategic ambitions?
2. What are some practical next steps you can take to move this forward?
3. What is your top opportunity & challenge?
Thank you
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 590775
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
kpmg.com/socialmedia