Culture correlates to a company’s success; hence, investors and stakeholders are keen to obtain deeper insights into a company’s culture. Assurance practitioners are well placed to provide increased credibility to the range of information that organisations disclose and stakeholders require including gaining an understanding of and assessing elements of an organisation’s culture.
In a world where business decisions need to be made quickly and often less formally than in the past, a strong business culture can empower managers and staff to make decisions and take action whilst successfully managing risk.
The GFC created a sharp focus on the, at times, catastrophic effects of a poor corporate culture, particularly amongst players in the global financial services industry. But corporate culture is relevant to all organisations, particularly those with a retail customer base. An ineffective business culture can result in financial penalties, reputational and brand damage and, ultimately, compromise business viability.
Given the high stakes, independent assurance practitioners can play an important role by understanding, assessing and reporting on an organisation’s culture and values.
Consideration of culture is often made more difficult by a lack of clarity as to what we mean by ‘culture’. Each organisation is unique. The organisation’s current culture is the collective learned response to the challenges and successes of the past.
The ‘right’ culture will depend on the current and future priorities facing the organisation. There is no one-size fits all ideal culture. Any assessment of culture should consider these unique characteristics and the ‘ideal culture’ articulated by the organisation’s leaders through statements of Purpose, Vision and Values (or equivalents).
Auditors already implicitly consider aspects of business culture through many facets of their existing audit. Strengthening that business culture focus can deliver both deeper insight and preventative benefits. It is often possible, after the event, to identify how cultural failings contributed to a high profile corporate scandal or collapse. It is also possible, in many instances, to see that a targeted consideration of culture by a company’s oversight functions (the board, Human Resources, Risk Management), internal audit and external audit could help identify failings before they prove fatal.
The following are examples of how auditors can focus on culture:
The public fallout from instances of poor business culture mean that regulators are focussing on culture more than ever. Without visible action from impacted industries, more intensive monitoring and regulation is likely. Greater regulation will increase the cost burden on business.
“We need the financial sector to take up the challenge to put in place better incentives for prudent behaviour, so as to prevent problems emerging in the first place. That is likely to be far more productive than spending our time removing so-called ‘bad apples’ after the fact.” Wayne Byres, APRA Chairman, AFR Banking and Wealth Summit 5 April 2016.
Some analysts and investors have concerns that a focus on culture may distract the external auditor’s attention from the financial statement audit. This concern is not supported by fact.
Corporate culture is an important driver of every organisation’s control environment. A structured approach to understanding and assessing culture supports a robust and reliable assessment. When an external auditor considers culture, it can directly and positively impact the robustness of the control environment and the associated insights delivered.
For example, consider a bank’s engagement process with third party brokers. Accrediting the wrong type of broker could result in an increase in the submission of poor credit quality mortgage applications, and ultimately over the medium term heighten the credit risk of the mortgages portfolio. Having the ability to better understand and assess the cultural ‘fit’ of such third parties provides greater comfort over the types of brokers being engaged with, and the resulting impact on the mortgages portfolio.
Investors are attracted to companies that have (or appear to have) a balanced culture focussed on short and long term value creation. Consequently, investors value transparency on culture KPIs and metrics. There is benefit in obtaining an independent view on the extent of the alignment between an organisation’s actual and perceived culture and behaviours.
Elements of culture can be objectively assessed, for example, whether an organisation has implemented an operating model for risk culture. An engagement might deliver assurance over specific assertions made by management which form a part of the cultural framework and which are supported by internal controls. For example: “We have a cultural framework that is annually reviewed and available on our web site.” “All of our staff are trained on our core values and decision making process.” It may be challenging to measure and evaluate actual behaviours, but an indication of an organisation’s readiness for the future, whether there is an appropriate culture framework in place and the level to which it is embedded, can be independently assessed.
In a rapidly changing business environment, assurance practitioners should reconsider the traditional scope of their activities. By doing so, they can better position themselves to support a business’ oversight and governance functions in understanding and assessing the culture and providing increased credibility to the range of information that organisations disclose and stakeholders require. Obtaining an understanding and independent view of corporate culture is increasingly important and auditors are uniquely placed to provide it. After all, culture is not just a trend, it is a key determinant of whether a business will succeed or fail.