WHY ORGANISATIONAL CULTURE MATTERS AND WHAT THIS MEANS FOR INTERNAL AUDITORS Elizabeth Johnstone Non executive director 1217146212 CONTEXT – ROYAL COM & APRA REPORT 2018 • "Complacency cultures dominated" • "Complacent, reactive, insular culture" • "Culture…not learning from experiences and mistakes " • "Cultural factors lie at heart of shortcomings" • "The company needs a cultural shake up" • "New CEO must fix culture" • "Moral compass lost in a sea of easy money" 2 WHAT I WILL COVER TODAY 1. 2. 3. 4. 5. 6. 7. Feedback, questions, a broader look at risk culture Being perverse – when wouldn't organisational culture matter? Organisational culture case studies – some recurring themes Culture warnings/red flags So why DOES organisational culture matter today? What does this mean for internal auditors? ASX Corporate Governance Principles and Recommendations 4th ed 3 SOME TOUGH QUESTIONS - How did the "third line of defence" fare? • Audit function meant to provide independent assurance that the risk management framework is fit for purpose & effective – did it? • Could internal auditors have brought bad culture data to boards? • Who thinks that they may have, and were ignored, watered down? • Do IA's have the experience, seniority to speak truth to power? • Is this a broader cultural issue – win/success at any cost? • Can you now "polish the brand?" Safe or brave? 4 COLLAPSE & FRAUD Harris Scarfe COLLAPSE & CEO’S REM Qintex 1989 1992 COLLAPSE & FRAUD Bond Corporation Holdings 2001 EMPLOYEES EXPLOITATION 7-Eleven COLLAPSE & FRAUD Hastie Group SEXUAL HARASSEMENT David Jones COLLAPSE One.Tel 2004 COLLAPSE & FRAUD HIH Insurance ASBESTOS Telstra PHONE HACKING ASBESTOS News Corp James Hardie Industries 2010 2011 CEO’S CONTROVERSIAL COMMENTS Blackmores CARTEL PRACTICES Amcor and Visy 2012 INSIDER TRADING Gunns 2013 QUINDELL ACQUISITION Slater & Gordon INSIDER TRADING David Jones 2014 2015 CORRUPTION ALLEGATIONS Coca Cola Amatil and Orix EMPLOYEES EXPLOITATION Domino’s INSIDER TRADING CIMIC Group 2016 CEO’S WORKPLACE RELATIONSHIP Seven West Media 2017 CHINESE DETENTION Crown Resorts CORRUPTION Leighton Holdings (now CIMIC Group) 5 ANZ STORM FINANCIAL TRADERS’ UNACCEPTABLE BEHAVIOUR FX TRADING CBA MQG NAB NUGAN HAND BANK 1980 LEGAL ISSUES NAB 2004 2006 INSIDER TRADING MQG 2010 2011 INSIDER TRADING CBA 2014 FINANCIAL PLANNING CBA 2016 ANZ MQG NAB WBC AML/CTF ACT BREACH 2017 BBSW RATE MANIPULATION 6 CASE STUDIES – SOME COMMON ELEMENTS Problems in risk and control frameworks Failure to appropriately escalate issues effectively Preventable mistakes Unauthorised activities/ lack of integrity/ opportunism / collusion Flawed culture Governance weaknesses including dominant CEO or Chair Warnings missed Failure to question Accountability problems – who is held to account What is "called out"? Board/Management problems – reporting, competence, collegiality, 7 WARNINGS / RED FLAGS 1. Focus on performance with little regard to how results achieved 2. High performers allowed to operate outside rules/policies – behaviours not consistent with stated values rewarded 3. Frequent "near misses" of adherence to Code of Conduct, risk appetite limits 4. Excessive focus on consensus/collegiality – "go along, to get along" 5. Relationships outweigh skills/performance 6. Escalating bad news discouraged 8 WHY ORGANISATIONAL CULTURE MATTERS 1. Society is diminished where a "whatever it takes" "success at all costs" culture prevails 2. We are humans not robots 3. Too costly to ignore culture – value dilution hurts us all 9 WHAT DOES ALL THIS MEAN FOR INTERNAL AUDITORS? • Expect greater reliance, on IA function • Independent assurance that risk management framework adequate & operating effectively now requires more • A rallying cry for internal auditors – don't be in the group that says "culture has nothing to do with us" • How can your work be better known/understood/valued? • Re-defining your role & brand – key role in cultural transformation • Effectiveness not process – beyond the metrics – "Is this right?" • Upskilling – the behavioural sciences, root cause analysis • Using authority – being bolder 10 SOME SPECIFICS • Add value to organisation – call out conduct & systemic issues • Consequence management – what does good look like? • Be active participants in solutions – judgement not passive critics • Join dots across time/multiple audits/other information sources • Improve listening, asking, explaining, writing skills • Work closely with People, Performance and Culture teams • Do more root cause analysis – learnings for improvement 11 ASX Corporate Governance Principles th and Recommendations 4 edition draft • Public consultation draft issued 2/5/18 – submissions by end July • Enhanced emphasis on - social licence to operate - corporate values and culture - anti-bribery and corruption policies - diversity issues - cyber and carbon risks 12