Organizational culture drives how business is conducted and strategies are executed. All organizations have a culture, whether intentionally created or not. Likely there are organizational subcultures within individual departments, especially if multiple locations or campuses exist. Addressing culture is important because it presents opportunities to mitigate risks and act on opportunities to achieve success.
“Auditing Culture” helps internal auditors understand risks associated with organizational culture, how effective management of those risks supports a successful control environment, and how to approach a culture assessment.
After reading this guidance, internal auditors should be able to:
- Understand the business significance of culture and conduct risk in an organization’s control environment.
- Identify the key components of culture and conduct risk.
- Understand key stakeholder concerns and expectations related to culture and conduct risk.
- Recognize internal audit’s role in assessing and reporting on organizational culture.
- Understand, based on example tools/guidance, possible approaches to assess and report on an organization’s culture and management of conduct risk.
IIA members are invited to download this guidance as a benefit of membership. Nonmembers may purchase Supplemental Guidance by visiting the IIA Bookstore.