Presented by James Paterson
Risk and control issues are increasingly attributed to cultural weaknesses – and the new 2020 Code asks IA teams to look at this area. This course will examine what we mean by culture, risk culture and sub-cultures and behaviour, and also the systemic and psychological factors that drive culture. We will also examine the ways in which the IIA standards can “come to the rescue” in terms of having a robust approach in this area, and not just subjective impressions.
Who should attend?
Heads of internal audit and audit managers.
What will I learn?
Upon completion you will be able to:
- understand key guidance concerning internal audit's role in looking at culture
- understand the psychological and systemic drivers that create culture, sub-cultures and individual behaviours
- understand the many different ways to approach an analysis of culture (including measuring management attitudes to audit) and the benefits and pitfalls of each
- start to deepen your understanding of your organisation’s culture and your audit team culture and how this can and will affect your approach to auditing culture in your own organisation.
- definitions and models of culture - no one correct version - no matter what anyone tells you
Where does culture come from?
- psychological factors - individual, national, group dynamics and dealing with authority/politics
- differences between the espoused and real culture – understanding defensive routines.
Why is culture hard to measure
- what can and cannot be inferred from staff surveys
- the link between risk appetite and risk culture and the problem of finding suitable criteria when looking into cultural issues.
Chartered IIA and other guidance concerning culture
- overview of Chartered IIA, FCA etc guidance.
Practical approaches and good practices
- paying attention to audit behaviours and management attitude towards audits
- root cause analysis and culture
- practical first steps.
- recognising the limits of internal audit in this area – the risk of taking on a management role and of false assurance
- Being able to critically evaluate the strengths and weaknesses of using consultants to help you work on this area.
CPE competency areas covered
- Performance (Organisational governance | Risk management | Internal control
- Environment (Organisational strategic planning and management)
- Leadership and communication (Communication)
7 CPE points
Member: £625 + VAT
Non-member: £840 + VAT