Much ink has been spilled exploring business culture in recent years, mostly in the aftermath of corporate scandals. Unsurprisingly, what has emerged is the systematising of culture, with good practice, roles, responsibilities, checks and balances and opportunities for internal auditors and others, particularly in the financial services sector to assure, comment and advise.
What is plain is that you cannot legislate for a good culture, however you can enforce actions on businesses that may yield better outcomes. On 16 September in the aftermath of the BHS pensions and Sports Direct minimum pay scandals The Business, Innovation, and Skills (BIS) Committee of the UK parliament launched an inquiry on corporate governance, focussing on executive pay, directors duties, and the composition of boardrooms, including worker representation and gender balance in executive positions.
Will measures like these be more effective in preventing corporate scandals in the future than a systems and inspection or even an alternative coaching and learning approach to business culture if the corporate structures and governance remain the same?
How effective is the current approach to managing business culture? How can internal audit provide an objective view as it is part of the organisation’s culture? How does internal audit address confirmation bias? Are you, as internal auditors as confident that your organization is as scandal-proof as it is fraud-proof? Could your internal audit department get a worker representative on the board?
I’d be most interested in hearing about your approach to assuring culture and how it adds value both now and in the future.
I support Mark's views - taking Mark's comment "Good culture will see current issues remediated quickly and reliably, and will evolve the approach for new risks to secure a sustainable and effective future framework"; I am looking for practical examples of how the employee risk regarding data and cyber security can be mitigated through the right culture of good risk awareness, good practice and shared learning.