How Well Do You Understand Your Organisational Culture?
Following our article on ‘Interrogating Integrity’ and the importance of culture in our last edition of Clarity, many Directors are seeking to understand their organisational culture and non-financial risks. As a result of issues raised by the Hayne Royal Commission and the Aged Care Royal Commission, some are asking how, respectively, Directors failed to know about the appalling treatment of clients by financial services providers and residents in some aged care facilities.
Failure to fully understand one’s risk culture – or more simply, how the behaviours and actions of staff impact ‘how we do things around here’ – should be a concern to any business owner who cares about their business reputation.
On a related note, reports from the Australian Prudential Regulation Authority (APRA) have also highlighted:
- The issues arising from over-reliance on the expertise of certain Directors;
- The over-reliance on (often filtered) feedback and reporting from management;
- The failure to fully understand the behavioural consequences of financial incentives in remuneration packages; and,
- The failure to identify and manage the non-financial risks to reputation.
These reports lead many Directors to wonder, “how can I ensure a culture of filtering bad news before it reaches the top is not endemic in my organisation?”
Truly understanding the culture of an organisation, and indeed department-specific subcultures of an organisation, is not achieved via a simple internal staff engagement survey, nor through an ‘add on service’ from existing financial audit partners. At PKF, we recommend to Directors and business owners that applying an independent lens to risk culture is sound governance, and one step toward mitigating future reputation risk.
Unlike financial auditing, there is no straightforward process or standards that can be applied across different business models or different functions within a business. We believe that risk culture audits, similar to financial audits, need to be conducted by independent specialists and that those specialists should apply a behavioural science perspective.
How is a risk culture audit conducted?
Usually, the deep dive risk culture assessment will start with an understanding of the business strategy, business model, and stated values. The process may incorporate currently held data such as turnover, sick leave statistics, exit interviews, whistleblower complaints, previous employee surveys; risk and compliance issues, remuneration incentive plans; all points of data which help refine an online staff survey questionnaire. Survey feedback helps scope focus group and individual interviews, which need to be conducted in such a way as to ensure confidentiality. Overall, the process looks carefully at risk and compliance behaviours within the business and how well they align with the stated business strategy.
PKF is working with risk culture specialists, who are also experienced in organisational behaviour, and who have built processes that can be scaled or modified to suit any organisational requirements and budget, including survey tools which can be self-administered.
For further information please contact your local PKF office.