• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

Internal audit and risk functions must collaborate to champion a healthy culture

April 13, 2022

A rotten or weak corporate culture can seriously damage an organisation’s health.  That is the clear message coming from the Chartered Institute of Internal Auditor’s new report ‘Cultivating a healthy corporate culture – why internal audit and boards must take corporate culture more seriously in a post-Covid world’.  Indeed, it seems there is not a week that goes by without fresh media headlines linking a major scandal to an unhealthy culture.  Such culture-related scandals highlight the visible impact a culture crisis can have on reputation, public trust, and damage to long-term sustainability. 

In fact, we’ve seen time and again the role that an unhealthy culture can play in being a major cause of corporate collapses.  Whether it be BHS, Carillion or Patisserie Valerie, the root cause of these company failures is often associated with an unhealthy corporate culture.  Often fuelled by misconduct, bad behaviour, and the wrong tone from the top.  

Yet despite the potential negative impacts, the Chartered IIA’s research suggests that not enough boards are taking the risks associated with culture seriously.  The research based on a poll of over one hundred senior internal audit executives found that almost a quarter of boards have not even established and articulated what culture they want for the organisation despite this being a basic but fundamental requirement for the effective leadership, governance, and resilience of organisations.  Moreover, over half of the senior internal audit executives surveyed indicated that they had not been asked by the board or the audit committee to provide reports on culture or equality, diversity, and inclusion initiatives.

Yet with what many have described as the ‘Great Reshuffle’ taking place, following the Covid-19 pandemic, and many organisations facing significant challenges in attracting and retaining talent, this means it has never been more important for boards to focus on cultivating a healthy corporate culture.  This is reflected by a recent survey by the recruitment firm Hanson Search which found that culture ranks as the number one consideration when people are looking to make a job move.

Meanwhile, the Chartered IIA research found that the top three risks to have the biggest impact on culture are: human resources, talent management, and recruitment and retention risk (64.5%), inclusion, equality and diversity risk(34.1%) and health, safety and well-being risk (31.6%).  The fact is corporate culture is not just a risk in its own right, but it has a significant impact on a broad range of other risks, and vice versa with other key risks having a big impact on the corporate culture.

Given the increasing prominence of corporate culture as a business-critical risk, the Chartered IIA is calling on internal audit, audit committees, and boards to start being more proactive and step up regarding their organisation’s culture.  But it is not just internal audit or those governing an organisation that have a critical role to play here, there is also a vital role for risk functions too in monitoring, assessing, and providing assurance that the culture is healthy.  In fact, one of the key roles of internal audit is to assess how well the risk function is performing in its role in monitoring  culture, in other words providing third line assurance that the second line is doing its job properly. 

This point helps to underline the critical importance of cross-organisation collaboration on corporate culture and the need for internal audit, risk management and other business functions to work together in this area.  This was reaffirmed by the Chartered IIA’s latest survey which found that around half of all internal audit functions collaborate with risk management on their work on culture, only second behind HR.  Risk management should therefore work with internal audit to ensure there is a joined-up approach to identifying, managing, and mitigating culture-related risk.

Expectations for organisations to pro-actively cultivate a healthy culture are only likely to rise in the years ahead, along with the increased focus on ESG more broadly.  We therefore urge boards, internal audit, and all those engaged in the management of risk, to collaborate and work together in partnership to now step-up and play their part in monitoring, assessing, and providing independent assurance on corporate culture.


Gavin Hayes is Head of Policy and External Affairs at the Chartered Institute of Internal Auditors and author of ‘Cultivating a Healthy Culture’ which is available on the Chartered IIA’s website

Tags: Gavin Hayes
Prev / Next

Blog

Featured
May 8, 2026
Ewan Willars
Uncovering a hidden risk - focusing on intelligibility
May 8, 2026
Ewan Willars
May 8, 2026
Ewan Willars
December 15, 2025
Risk Matters: ECCTA – in the Boardroom
December 15, 2025
December 15, 2025
October 27, 2025
Hanif Barma
Strengthening risk oversight
October 27, 2025
Hanif Barma
October 27, 2025
Hanif Barma
September 16, 2025
True, Fair... and Future-Proof: Risk Accounting for a New Era
September 16, 2025
September 16, 2025
September 16, 2025
Risk Matters Blog – The Anatomy of a Ransomware Attack
September 16, 2025
September 16, 2025
April 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
April 15, 2025
Vera Cherepanova
April 15, 2025
Vera Cherepanova
March 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
March 6, 2025
Mo Warsame, Gavin Hayes
March 6, 2025
Mo Warsame, Gavin Hayes
September 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
September 4, 2024
Polly Williams, Mia Harris
September 4, 2024
Polly Williams, Mia Harris
August 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
August 25, 2024
Felix Ritchie
August 25, 2024
Felix Ritchie
July 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
July 16, 2024
Jane Hunter, Mia Harris
July 16, 2024
Jane Hunter, Mia Harris
June 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
June 2, 2024
Afshan Moeed
June 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
March 20, 2024
Neil Tinegate
What should boards know about digital technology?
March 20, 2024
Neil Tinegate
March 20, 2024
Neil Tinegate
March 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
March 15, 2024
Francis Kean
March 15, 2024
Francis Kean