Auditing risks in culture

By Ken Tysiac

Cultural flaws can seriously damage an organization. Here’s how internal auditors can reduce risks by embedding culture audits into existing audit programs.

Communicate your intentions. When internal auditors identify the risks that culture can pose, it may be up to them to take the first step to move the board and senior management toward supporting this kind of auditing, said Jason Pett, CPA, the U.S. internal audit services leader and financial services risk leader for PwC.

Start with a mandate. Ideally, the board or audit committee will see the value of including assessments of culture in the audit process. A mandate from the board or audit committee will provide internal audit the backing it needs to perform this work.

Evaluate culture in each audit. An evaluation of culture should take place in each audit performed and consist of a series of questions about culture. For example, in the basic audit of a performance bonus or commission structure in a sales channel, internal auditors would ask who establishes the criteria for bonuses; whether compensation is tied to doing the right thing for the company; whether bonuses incentivize the appropriate behaviors; and whether messages about expectations are properly communicated.

Use professional judgment. There is not one "standard" for corporate culture, so internal auditors will need to use professional judgment to evaluate culture based on their experiences and an accumulation of multiple data points, Pett said. "Internal auditors aggregate some substantive findings and some softer findings," he said. "But they're still facts that you've accumulated throughout the year across multiple audits. You then need to aggregate these facts ... and come to some sort of conclusion."

Report. The method of reporting on culture may vary, Pett said. Concerns (or lack of concerns) may be reported informally to the audit committee. Evaluations and conclusions on culture may be included in each individual audit report. Or findings on culture may be aggregated and presented in an annual report on organizational culture. Internal audit cannot allow itself to be influenced by negative reactions to findings, said Peter Parillo, CPA/CFF, CGMA, vice president for internal audit for energy services holding company South Jersey Industries. "The foundation of internal audit depends on you and any head of internal audit standing strong and confident in what they're doing and what their team is doing," he said.

Develop talent. A capable staff is the key to accomplishing this type of audit activity, Parillo said. "It takes very senior-level resources to understand the business, to do this right, and have the respect of senior management to drive those messages home," he said.

Editor's note: This checklist is excerpted from the article "Internal Auditors Turn Focus to Organizational Culture," Nov. 3, 2015.

—By Ken Tysiac (, a JofA editorial director.


How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.


Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.


Deflecting clients’ requests for defense and indemnity

Client requests for defense and indemnity by the CPA firm are on the rise. Requests for such clauses are unnecessary and unfair, and, in some cases, are unenforceable.