Factors Influencing Corporate Culture – Chart From The IIA – Plus, Let’s Agree Upon Sample Culture And Governance Audit Programs

Passing this along, a chart from the Institute of Internal Auditors, identifying factors that influence corporate culture. I’m not sure about some of the ranking – particularly training and enforcement through disciplinary measures – it seems to me that those two categories would be ranked higher, and at about the same level as the establishment of a code of conduct (i.e., immediately below the first two ranked factors). Just comments for thought.

This chart came from a discussion about how to audit culture, and that it can be audited. As noted, for years auditors have tended to stay away from auditing culture, and I’ll also add governance as an audit area that auditors, internal and external, tend to stay away from, which is really perplexing since for years it has been known that culture is an important indicator of the possibility of fraud and unlawful acts. But, if I’m not mistaken, from my years of audit, when designing or planning the audit, doesn’t the external auditor already to some extent do an evaluation of and take into consideration the estimated reliability of the financial recordkeeping processes and internal controls – and wouldn’t that, or doesn’t that, or shouldn’t that, already to some extent take into consideration aspects of culture and governance?

Now both the COSO 2013 internal control framework and the new COSO enterprise risk management (ERM) framework list culture and governance as important framework criteria. Culture and governance are the first, underlying criteria in the new COSO ERM framework. And many other organizations are now promoting culture, including the National Association of Corporate Directors.


And, I say a “public discussion” because public and private businesses, nonprofits and governmental entities, and their auditors, will then have criteria to try to meet or exceed. Note, however, that I am not advocating that the criteria and steps create a legal standard. Internal controls and risk management design are highly discretionary – any effort to create a broad legal standard, other than, for example, the business judgment rule, will be met with extreme resistance, and very most likely failure and an inability to move these topics forward.

So . . . if you are an internal auditor, or an external auditor, how would you, or how do you, describe to management and the audit committee, and perhaps the board, the steps that you would take to audit the entity’s culture and the entity’s governance?

That’s all for now. I’m David Tate, and I’m a California litigation attorney, and I also handle governance and risk management. You need to consult with an attorney or appropriate professional about your situation. This blog post or video or audio is not an advertisement or solicitation for services inside or outside of California. Thanks for listening, viewing or reading.

David Tate, Esq., Royse Law Firm, Menlo Park, California office, with offices in northern and southern California. http://rroyselaw.com

See also my blogs at http://californiaestatetrust.com and at http://auditcommitteeupdate.com

Royse Law Firm – Practice Area Overview – San Francisco Bay Area and Los Angeles Basin

  • Corporate and Securities, Financing and Formation
  • Corporate Governance, D&O, Boards and Committees, Audit Committees, Etc.
  • Intellectual Property – Patents, Trademarks, Copyrights, Trade Secrets
  • International
  • Immigration
  • Mergers & Acquisitions
  • Labor and Employment
  • Litigation (I broke out the litigation because this is my primary area of practice)
  •             Business
  •             Intellectual Property – Patents, Trademarks, Copyrights, Trade Secrets
  •             Trade Secrets, NDA, Accounting Issues, Fraud, Lost Income, Royalties, Etc.
  •             Privacy, Internet, Hacking, Speech, Etc.
  •             Labor and Employment
  •             Mergers & Acquisitions
  •             Real Estate
  •             Owner, Founder, Investor, Board & Committee, Shareholder, D&O, Etc.
  •             Insurance Coverage and Bad Faith
  •             Lender/Debtor
  •             Investigations
  •             Trust, Estate, Conservatorship, Elder Abuse, and Contentious Administrations
  • Real Estate
  • Tax (US and International) and Tax Litigation
  • Technology Companies and Transactions Including AgTech, HealthTech, Etc.
  • Wealth and Estate Planning, Trust and Estate Administration, and Disputes and Litigation

Audit Committee 5 Lines of Defense 10222017 David W. Tate, Esq. jpg




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s