intro to blog

James Paterson's blog

A selection of blog posts by James Paterson.

Corporate Governance Theatre: Risk culture, plausible deniability and wilful blindness

Very pleased to have been asked by the ACCA to write an article on ‘Corporate Governance Theatre: Risk culture, plausible deniability and wilful blindness’.

An overview follows immediately below, after which is a link to the full article on the ACCA’s website.

Background and introduction

My role as a consultant is to work closely with clients on governance, risk, compliance (GRC) and assurance challenges. Our aim is to ensure GRC improvements are genuinely welcomed and used by business managers, alongside risk, compliance and audit professionals; balancing rigour with pragmatism and cultural fit.
Earlier in 2018, I wrote an article on why we continue to get GRC and assurance surprises of some magnitude, despite management assurances and auditor sign offs. My perspective is that too often we have ‘corporate governance theatre’. Things look good in many ways, but – just below the surface – there are ‘hairline cracks’ that are missed by management, boards and even auditors and regulators, until it is too late.

After writing this article, I was happy to be asked by ACCA to write an article on risk culture – including ‘plausible deniability’ and ‘wilful blindness’, which are part of the theatre problem – and here this article:

  • provides an overview of plausible deniability, wilful blindness and associated phenomena
  • how and why these behaviours arise
  • warning signs to watch out for
  • practical steps in the context of GRC to make meaningful progress.

Note that, in my experience, progress is not about implementing new systems (though these may help), but rather by looking at what is currently being done from a different angle, with the objective of ‘getting real’ about the issues, and potential gaps, that matter the most.

Read the full article here

Not as straightforward as it seems – Adding value – Assurance maps

I ran a workshop in London over the past two days on the topic of Assurance Maps. Readers will not be surprised to learn that one of the key ingredients for a successful Assurance Map is to be clear about the added value that managers and senior managers will derive from the exercise (often board and audit committee members recognise that an assurance map will help “join up the jigsaw” of assurance efforts, and therefore tend to be supportive).

At face value this may seem to be a straightforward matter – if the board and audit committee can be persuaded support an assurance map, would it really matter if managers and senior managers were not that enthusiastic? In my experience working on assurance mapping efforts for the past 15 years, this is an important question, because there is a big difference between managers and senior managers tolerating an assurance map, but not seeing much benefit in what it gives; compared to them seeing it as a useful management tool that will help them manage aspects of their organisation. Clearly, in the latter case, you are much more likely to get ongoing interest in, and support for, further development of assurance maps from management; rather than them seeing an assurance map as a one-off activity that should be completed and then shelved.

What follows is a summary of our discussions. As you will see, the key message is the importance of being focused, specific and realistic about the added value goals being sought, and the need to think ahead, and manage proactively, how this added value might unfold (or not!). Continue Reading

IAS Conference 2018 – Internal Audit: Embracing the challenges of the future

I am looking forward to chairing the IAS Conference 2018 – Internal Audit: Embracing the challenges of the future taking place in November 2018.

The Internal Audit Service will hold its annual international conference on 6 November 2018. The Conference will focus on the global challenges affecting the Internal Audit (IA) profession and will be opened by the First Vice-President of the European Commission, Mr Frans Timmermans. In addition, Mr Richard Chambers, President and CEO of IIA Global will be a keynote speaker.

Full details about the conference can be found here, including registration options. The conference will also be live streamed.

When: 
Tuesday 6 November 2018, 8.00 – 18.00 (CET)
Where:
Alcide De Gasperi Room, Charlemagne Building
170, Rue de la Loi
1000 Brussels

Belgium

 

Chairing the EU Audit conference on Creativity & Innovation in Internal Auditing

I was very pleased to be involved with a team from the European Union Internal Audit Service to chair their 1 day workshop on Creativity & Innovation in Internal Auditing in October 2017.

James Paterson

The agenda was packed with interesting topics and great speakers. The main themes were:

  • The history of Accounting and Auditing – with insights into what might happen in the future
  • The impact of technology on business and internal audit – we covered; A, B, C, D: AI, BlockChain, Cyber and Data but surprisingly it emphasised the importance of not thinking technology should be even the main focus
  • Auditing Culture and Auditing behaviour – emphasising the importance of looking at these areas
  • Lean auditing and agile ways of working (which I also participated in) – highlighting that Value and Productivity needed to be an essential area of focus for Internal Audit teams going forward.

Slides are available through the following link:

https://ec.europa.eu/info/events/internal-audit-service-conference-2017-2017-oct-05_en

The conference web stream is available through this link:
https://webcast.ec.europa.eu/internal-audit-service-conference-2017

Hope some of this material is of interest.

Root Cause Analysis for Internal Auditors

I ran another Root Cause Analysis (RCA) workshop this week in London, with participants from the Financial services sector, Oil and Gas and Public sector. All those attending agreed that proper RCA was important to get to the heart of issues and to enable Internal Audit to provide insights, but none had done any formal training of any length on the topic and most had no explicit, consistent, RCA methodology defined.

We explored the root causes of how such an important topic could be relatively neglected, which includes its absence from current IIA standards, and came up with themes that I have heard on many other workshops, ranging from: “As auditors we have a natural instinct about root causes” to “There is limited time during assignments to do a proper RCA” to “Robust RCA would highlight quite sensitive matters and put us into conflict with management”. Continue Reading

Join our mailing list

We will keep you updated with news and events.

Contact

Contact and appointments:

Risk & Assurance Insights
T: +44 (0)7802 868914
Email

Please also use our contact form