An extract from James Paterson’s latest CPD technical article on the ACCA website.
It’s time that GRC professionals, regulators and Internal Audit recognised the importance of auditing culture and behaviour – the “soft stuff”
For the past six years I have been running the IIA UK training on auditing culture, I also helped write the IIA UK guidance on auditing culture. My background is worth explaining: I’m a finance professional, but did a masters’ degree in management (focusing on organisational behavior). I then left finance to work in HR (in leadership development and managing culture change). Then I became a Head of Internal Audit for AstraZeneca for seven years, and since 2010, I have been combining my passion for people and the soft stuff with my love of Internal Audit, doing training and webinars across Europe and further afield.
I am really happy that GRC professionals, regulators and Internal Audit have started to recognise the importance of the soft stuff when it comes to the effective management of risk and maintaining ethical conduct. This was caused – in a large part – by the recognition that many aspects of the financial crisis of 2007-2008 were caused by short-comings in the “bonus culture”, and underestimation of the latent risks building up. In addition, there were mis-selling scandals highlighting poor conduct in sales, which did not put the customer first.
In the UK, the importance of culture and conduct in relation to Internal Audit was formally recognised in a code of practice for Internal Audit in financial services, published in 2013, which said that Internal Audit should consider, when making audit plans: “the risk and control culture” and “the setting of, and adherence to, risk appetite” amongst other areas. In January 2020, the same points have been included in the IIA UK Code of practice for Internal Audit, applying to all sectors and not just financial services.
You can read the rest of this article on the ACCA website