Recommended Guidance
Culture can be difficult to define, including individual belief systems and preferences of each employee — from line workers to the corner office. Culture captures the complexity of defining and then assessing intangible organization-wide qualities or aspects that comprise human belief systems, social norms, and other psychological factors.
This practice guide will help internal auditors understand risks associated with an organization’s culture, how effective management of those risks supports a successful control environment, and how to approach an assessment of culture.
This guidance will enable internal auditors to:
- Understand the business significance of culture and conduct risk in an organization’s control environment.
- Identify the key components of culture and conduct risk.
- Understand key stakeholder concerns and expectations related to culture and conduct risk.
- Recognize internal audit’s role in assessing and reporting on organizational culture.
- Understand, based on example tools/guidance, possible approaches to assess and report on an organization’s culture and management of conduct risk.