Auditing risks in culture

By Ken Tysiac

Cultural flaws can seriously damage an organization. Here’s how internal auditors can reduce risks by embedding culture audits into existing audit programs.

Communicate your intentions. When internal auditors identify the risks that culture can pose, it may be up to them to take the first step to move the board and senior management toward supporting this kind of auditing, said Jason Pett, CPA, the U.S. internal audit services leader and financial services risk leader for PwC.

Start with a mandate. Ideally, the board or audit committee will see the value of including assessments of culture in the audit process. A mandate from the board or audit committee will provide internal audit the backing it needs to perform this work.

Evaluate culture in each audit. An evaluation of culture should take place in each audit performed and consist of a series of questions about culture. For example, in the basic audit of a performance bonus or commission structure in a sales channel, internal auditors would ask who establishes the criteria for bonuses; whether compensation is tied to doing the right thing for the company; whether bonuses incentivize the appropriate behaviors; and whether messages about expectations are properly communicated.

Use professional judgment. There is not one "standard" for corporate culture, so internal auditors will need to use professional judgment to evaluate culture based on their experiences and an accumulation of multiple data points, Pett said. "Internal auditors aggregate some substantive findings and some softer findings," he said. "But they're still facts that you've accumulated throughout the year across multiple audits. You then need to aggregate these facts ... and come to some sort of conclusion."

Report. The method of reporting on culture may vary, Pett said. Concerns (or lack of concerns) may be reported informally to the audit committee. Evaluations and conclusions on culture may be included in each individual audit report. Or findings on culture may be aggregated and presented in an annual report on organizational culture. Internal audit cannot allow itself to be influenced by negative reactions to findings, said Peter Parillo, CPA/CFF, CGMA, vice president for internal audit for energy services holding company South Jersey Industries. "The foundation of internal audit depends on you and any head of internal audit standing strong and confident in what they're doing and what their team is doing," he said.

Develop talent. A capable staff is the key to accomplishing this type of audit activity, Parillo said. "It takes very senior-level resources to understand the business, to do this right, and have the respect of senior management to drive those messages home," he said.

Editor's note: This checklist is excerpted from the article "Internal Auditors Turn Focus to Organizational Culture," Nov. 3, 2015.

—By Ken Tysiac (, a JofA editorial director.


Revenue recognition: A complex effort

Implementing the new standard requires careful judgment. Learn how to make significant accounting judgments and document them and collaborate with peers for consistent application.


How to create maps in Excel 2016

Microsoft Excel 2016 has two new mapping capabilities. J. Carlton Collins, CPA, demonstrates how to make masterful 2D and 3D maps in Excel 2016.


News quiz: Economy and health care changes top CPAs’ list

CPA decision-makers’ economic outlook and the House Republicans’ proposed tax changes as part of replacing the Patient Protection and Affordable Care Act received attention recently. See how much you know with this short quiz.