6 key areas of focus for culture auditing in 2018

A decade has passed since the global economic downturn, but many financial services firms are still suffering from image problems. Wells Fargo’s account fraud scandal in 2016 revealed some banks still have a long way to go before they resolve toxic workplace cultures.


The UK Financial Conduct Authority’s (FCA’s) Senior Managers and Certification Regime (SMCR), which was updated this month, aims to improve accountability at the highest levels of organisations. In March, the FCA also published a new discussion paper on how to transform culture in financial services.


Clearly, optimising company culture is high on the agenda for UK regulators, but how are businesses addressing these issues? Many rely on their internal audit (IA) departments to provide assurance. Approximately 55 per cent of IA teams are attempting to audit culture in some fashion, according to PwC.


But where should auditors focus their attention? A recent Deloitte report has highlighted six key areas of culture auditing for the financial services industry.

1. The tone from the top 

Board members and senior managers are expected to lead by example. There are several signs that businesses have correctly instilled the right tone at the top, including:


Championing and role-modelling: Leaders should clearly set out expected behaviours, as well as explain how their own decisions align with the firm’s values and targets.


Frequent culture discussions: The best board and executive committee meetings explicitly cover culture as a standing agenda item, including its impact on other issues, such as customer or market outcomes.


Cultural diversity: Businesses should practice what they preach and have a broad mix of individuals from different backgrounds at the board level.


Independent oversight: Firms must provide independent non-executive directors with enough time and resources to address cultural concerns.

2. Strategy and purpose

A strong strategic approach to improving a company’s culture must underpin a solid tone at the top. This is typically displayed through:


A defined purpose: Closely linking cultural expectations to a business’s values are important, with clear articulation of how staff are expected to behave across different areas of the business.


Comprehensive communication: Organisations should show how cultural expectations have been communicated throughout the firm. Setting up feedback mechanisms, such as a whistleblowing process, is also best practice.


Employee action: The workforce must be able to demonstrate they understand the desired culture, as well as articulate it to others.

3. Individual accountability 

Senior-level accountability is key, with the SMCR just one of a number of regulatory requirements worldwide to ensure individuals are held responsible for failings. Firms with sufficient individual accountability should have:


Statements of responsibility: These are a regulatory requirement in the UK for certain firms. Where these statements aren’t mandatory, similar documentation outlining lines of accountability should be in place.


Disciplinary structures: What policies are in place when procedures are breached? How robust are these processes? And is there evidence they have been used appropriately in the past?


Organisation-wide communications: Accountability and conduct expectations should be clearly written down and distributed across the business to ensure awareness of lines of responsibility.

4. Remuneration and incentives 

Embedding cultural ambitions into remuneration and incentive schemes are an effective way of encouraging staff to consider the long-term outcomes of decisions. This is achieved through:


Non-financial rewards: Celebrating cultural achievements and highlighting instances where desired behaviours were exhibited across the firm provide a non-financial impetus for change.


Establishing HR as a partner: An efficient HR department ensures consistency and oversight across firm-wide remuneration and incentive schemes.


Quality and risk measure discussions: The company should frequently address how poor ethics and ineffective risk management negatively affect remuneration.

5. Governance and controls 

Deloitte states that culture can either undermine or reinforce governance and control frameworks. Regulators have been particularly keen to emphasise the importance of control functions following the global financial crisis. But how do firms show good governance and controls?


Highly skilled IA teams: Auditors must be in synch with the firm’s cultural concerns and ambitions, as well as including these issues in general reviews. Organisations should also conduct culture-specific reviews.


Board-level appreciation of risks: Senior executives must be convinced that internal governance and control frameworks are working, while also considering the impact of strategic decisions on risk. Are risk issues regularly reported to the board?


Breach prevention protocols: Systems must be in place to provide evidence that policies and controls aren’t contravened or circumvented due to undesirable cultural behaviours.

6. Mindset and behaviours 

Ultimately, auditors must assess the general mood of the culture, which is exhibited through the mindsets and behaviours of staff. Positive indicators include:


‘Doing the right thing’: Employees who put the customer above the commercial interests of the firm or go the extra mile to provide client satisfaction are excellent signs.


Cultural and ethical initiatives: Regular and organisation-wide projects that promote good behaviour and educate employees on sensitive topics, such as whistleblowing, help encourage transparency and awareness.


Best-practice recruitment and retention: Fostering the right culture begins at recruitment, and carries through to retention and succession plans. Are you hiring with the right cultural objectives in mind?

Building the right audit environment for success

These are six key areas of focus for optimising culture auditing, but organisations still need highly skilled, experienced professionals on their IA teams. Only then can they begin putting theory into practice and seeing the desired results.


To discuss your internal audit recruitment needs, please contact me on 0207 936 2601 or via email at rb@barclaysimpson.com. I look forward to speaking with you.


Our Market Reports combine our review of the prevailing conditions in the internal audit recruitment market with the results of our latest employer survey.


Image credit: TakakoWatanabe