Embedding a Way of Business
Posted on: 28/04/16
“Internal auditors have an important role to play in providing an organisation’s governing body and senior management with independent assurance in the area of corporate culture.”
- FinancierWorldwide.com, (2016). ‘Auditing culture – a piece of a broader governance puzzle.’ Online <http://www.financierworldwide.com/auditing-culture-a-piece-of-a-broader-goverenance-puzzle#.Vx3lvDArKUI> Accessed: 20th April 2016
The article explores the relationship between organisational culture and risk, and debates if the auditing of culture should be included in an internal audit to understand and gain better and different levels of insight in to the processes and policies within a business.
Conducting internal audits is an approach that can help gain deeper insights in to the operations and alignment of an organisation. An audit to understand these insights will provide a visibility on the operational controls in place which company leaders may rely on to manage and monitor their organisations.
The article explains the three lines of defence in effective risk management and control:
- Management controls
- Risk and compliance oversight functions established by management
- Independent assurance (internal audit)
Audit reports can be the identifier of serious and at risk issues in a business; from an audit, organisations will look for solutions that can improve concerns around issues such as, document standards, frameworks, policies and regulations.
Effectively gaining control of business operations and managing risk can be solved with a software solution. An implementation of a business management systems, like contract management systems can help senior management and a company’s governing body set the organisation’s objectives, defining strategies to achieve those objectives, and establishing governance structures and processes to best manage the risks in accomplishing those objectives.
Using software solutions like contract management systems in a procurement department will help establish and standardise frameworks to work alongside, as well as embed a way of operating to stay within company procedures, regulations and policies. Implementing systems to overcome issues risen in an audit report will ensure processes and controls are aligned with the desired behaviours and culture when conducting business.
“Organisational culture helps shape how people behave and the decisions they make within the parameters set by existing policies, processes and controls. If someone operates in violation of a documented policy, law, regulation or organisation procedure – it’s fairly easy to determine non-compliance and to conclude that such failures are inconsistent with an organisations desired culture.”
Implementing the first line of defence, with a business management system to your effective and efficient tool to control management of activities and operations within the business will enable the second line of defence. With advanced contract management systems, organisations will have the functionality to have complete compliance. Dashboards that provide clear visibility and alerts and notifications to contracts that need attention will reduce risk and ensure compliance is kept up to date.
With a business management system in place which also has the functionality to have an oversight of operational risk and any signs of non-compliance, the circle of carrying out an internal audit will start again to evaluate the assess the business to make any other additional improvements.
Internal audits can help business assess strategies and policies to understand if changes need to be made to embed a new organisational culture and approaches to management controls to improve their way of business.