intro to blog

James Paterson's blog

A selection of blog posts by James Paterson.

2019 ECIIA Conference – Plenary presentation

Does internal audit have a blind spot concerning organizational politics?

I was pleased to be asked to present at the 2019 ECIIA conference in Luxembourg. It was an honour and a privilege to present to around 700 attendees. The key messages I delivered were:

  1. We (in internal audit) may not be doing enough to proactively identify and manage political pressure:
    • First at the level of (audit) teams, but also at the level of the IIA itself; and
  2. The wrong sort of politics may even be a problem within the Internal Audit profession

I defined organizational politics as:

  • The networking, influencing approaches, and use power that managers deploy to get the organization to make a decision they want, and/or
  • The strategies and tactics managers use to slow down decision making, or even to stop decisions being made..

Organizational politics can be seen in a good or bad light, depending on whether the political activity is genuinely for an organizational benefit, compared to primarily benefiting an individual’s career, power and/or influence.

Continue Reading

Culture and behaviour and Auditing Culture

A primer (part 1)

I’ve just run another course on Culture and auditing culture in London with 12 in attendance. This brief article gives a summary of key points concerning common misperceptions, and is offered as a counter-balance to much of what is currently being said about this topic. The second article will discuss specific approaches that, on my analysis, will lead to long-term progress in this arena.

Expectations of those attending

We discussed why people had come to the course and they said:

  • “Our new company is defining its culture, so we want to input to that”;
  • “We have many mergers and acquisitions and see culture issues as businesses try to merge, which we want to better understand”;
  • “We know it’s important, and want to think about a culture audit universe”;
  • “Auditing culture came up as an External Quality Assessment topic, so we want to learn about it”;
  • “Senior stakeholders have been talking about it, so we wanted to know more”;
  • “Our internal audits of risks point to root causes of issues coming from culture, so want to be clearer about what’s going on”;
  • The remaining 6 attendees (50%) explained they had put a culture on their audit plan because it is a current hot topic, and now wanted to be clearer about how to do an audit.
Continue Reading

Corporate Governance Theatre: Risk culture, plausible deniability and wilful blindness

Very pleased to have been asked by the ACCA to write an article on ‘Corporate Governance Theatre: Risk culture, plausible deniability and wilful blindness’.

An overview follows immediately below, after which is a link to the full article on the ACCA’s website.

Background and introduction

My role as a consultant is to work closely with clients on governance, risk, compliance (GRC) and assurance challenges. Our aim is to ensure GRC improvements are genuinely welcomed and used by business managers, alongside risk, compliance and audit professionals; balancing rigour with pragmatism and cultural fit.
Earlier in 2018, I wrote an article on why we continue to get GRC and assurance surprises of some magnitude, despite management assurances and auditor sign offs. My perspective is that too often we have ‘corporate governance theatre’. Things look good in many ways, but – just below the surface – there are ‘hairline cracks’ that are missed by management, boards and even auditors and regulators, until it is too late.

After writing this article, I was happy to be asked by ACCA to write an article on risk culture – including ‘plausible deniability’ and ‘wilful blindness’, which are part of the theatre problem – and here this article:

  • provides an overview of plausible deniability, wilful blindness and associated phenomena
  • how and why these behaviours arise
  • warning signs to watch out for
  • practical steps in the context of GRC to make meaningful progress.

Note that, in my experience, progress is not about implementing new systems (though these may help), but rather by looking at what is currently being done from a different angle, with the objective of ‘getting real’ about the issues, and potential gaps, that matter the most.

Read the full article here

Not as straightforward as it seems – Adding value – Assurance maps

I ran a workshop in London over the past two days on the topic of Assurance Maps. Readers will not be surprised to learn that one of the key ingredients for a successful Assurance Map is to be clear about the added value that managers and senior managers will derive from the exercise (often board and audit committee members recognise that an assurance map will help “join up the jigsaw” of assurance efforts, and therefore tend to be supportive).

At face value this may seem to be a straightforward matter – if the board and audit committee can be persuaded support an assurance map, would it really matter if managers and senior managers were not that enthusiastic? In my experience working on assurance mapping efforts for the past 15 years, this is an important question, because there is a big difference between managers and senior managers tolerating an assurance map, but not seeing much benefit in what it gives; compared to them seeing it as a useful management tool that will help them manage aspects of their organisation. Clearly, in the latter case, you are much more likely to get ongoing interest in, and support for, further development of assurance maps from management; rather than them seeing an assurance map as a one-off activity that should be completed and then shelved.

What follows is a summary of our discussions. As you will see, the key message is the importance of being focused, specific and realistic about the added value goals being sought, and the need to think ahead, and manage proactively, how this added value might unfold (or not!). Continue Reading

Join our mailing list

We will keep you updated with news and events.

Contact

Contact and appointments:

Risk & Assurance Insights
T: +44 (0)7802 868914
Email

Please also use our contact form