Our article examines the link between internal audit and business integrity, offering advice on how to identify and strengthen this connection.
With reputation becoming increasingly important, organisational integrity has taken centre stage. Internal audit has long been recognised as a force for good governance, but, as we argue in this article, it now has an opportunity to champion integrity as a means of competitive advantage. This involves carrying out cultural audits and educating all employees on the importance of ethical behaviour.
Companies are aware poor reputation can damage shareholder value – sometimes irreparably. Once word gets out that a business is not acting with integrity, customers may stop buying, potential recruits may think twice about joining and shareholders undoubtedly get nervous.
It may be leadership’s responsibility to define what an organisation stands for, but who can ensure cultural values are acted on consistently, by all employees?
It’s easy to state that you are putting your people, your customers and your communities first. But in practice there may be many deviations from this ideal, any one of which can lead to corporate disaster.
Initiatives like employee surveys and retention statistics, customer feedback and research programmes, social media noise assessments, and sustainability measurement and benchmarking; can all help gauge how effectively a company is embracing integrity. This list should be supplemented with cultural audit: where internal audit teams attempt to measure less tangible, qualitative factors such as collective behaviours, commitment to integrity, ability to speak out and challenge management, and customer centricity.
If internal audit is to be an advocate for greater business integrity, it should challenge the business to include at least one “integrity champion” residing on the audit committee. Likewise the board should oversee how effectively the company is performing against its stated objectives of integrity – assisted by data and evidence provided by internal audit.
Internal audit can also track the extent to which the company’s leaders are taking corrective action in response to incidences of poor integrity. Examining the root cause of low employee retention, or uncovering examples of employees being rewarded for the wrong types of behaviour, can help identify where the business lacks integrity. But, unless these findings are seen to be acted upon, then the required cultural changes are unlikely to happen. You only have to read about senior executives naming and shaming whistle-blowers to recognise that ingrained habits are hard to change.
To help build and embed business integrity, internal audit professionals must look beyond traditional financial controls and consider the company’s wider responsibilities to employees, customers, communities and the environment. If a business is seen to be failing in such responsibilities, sales and shareholder value could potentially fall dramatically.
The traditional internal audit approach will continue to be an essential component of our work, in order to provide necessary assurance on risk management and financial controls. But this needs to be delivered as part of a wider remit, where internal audit professionals consider risk in its broadest sense and think about alternative ways to give the business confidence in its behaviour. Such an expanded role demands a new set of skills and auditing techniques; and developing these capabilities is one of the biggest tasks facing the profession.
© 2020 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.