• Cart
Log in

Log in

home page banner blank

Audit Tips

July 16, 2020
9 Red Flags to Look for When Auditing Organizational Culture

In essence, audits of organizational culture are about determining whether an organization’s actual culture and behaviours conform to its professed, desired culture. This implies that the first requirement in a culture audit is to have a good understanding of the desired culture in the audited organization, including a clear picture of the expected behaviours that would embody this culture. From this point, auditors can proceed to identify areas where a gap between desired and actual behaviours could present significant risks to achieving an organization’s objectives. During this risk assessment process, auditors should pay particular attention to red flags that may indicate cultural issues worth examining further.

These red flags can include, among others:

Audit Tip 1

Some financial or safety controls are frequently overridden. This may indicate a cultural bias toward producing outputs at any cost, to meet unrealistic organizational targets.

Audit Tip 2

Failure to enforce codes of conduct and related policies and procedures. For example, compliance violations are noted but bring no consequences.

Audit Tip 3

Mistrust of auditors and regulators, and poor track record of implementing recommendations made by them.

Audit Tip 4

High rates of discontent expressed in employee surveys, across the organization or in specific divisions.

Audit Tip 5

High rates of complaints about the organization (or its personnel) filed by staff, clients, or the public.

Audit Tip 6

High staff turnover and absenteeism rates.

Audit Tip 7

Long-standing unresolved issues are not addressed. For example, when similar audit observations have been made many times over the years and no concrete actions have been taken to resolve the identified problem.

Audit Tip 8

Lack of actions or incentives to support organizational values. For example, no actions are taken to improve gender equality despite a stated goal to that effect.

Audit Tip 9

Lack of alignment of performance incentives and metrics with the organization’s policies and values. For example, incentives may only reward the delivery of projects on time and on budget, while the organizational values emphasize excellence of products and quality of services.

Auditors can obtain information to support risk assessment and to identify red flags in various ways. They can start by reviewing previous audits and an organization’s rate of implementing recommendations. They can also consult other financial and performance auditors who know the organization well and ask for their opinion on its culture. Next, they can review available information on the organization’s values and ethical commitments before requesting and analyzing staff survey reports, human resources policies, performance incentives, documentation of exit interviews, minutes of key management meetings, and so on. Of course, conducting interviews with management to obtain additional information is also part of the usual risk assessment process.

Liked it?

There is much more to learn in our Research Highlights article on Auditing Organisational Culture in the Public Sector.


See more Audit Tips