At first glance, the relationship between an organization’s or financial institution’s fraud risk and its corporate culture might seem obvious. Even a casual observer is likely to assume that a high-pressure, results-driven organization — with a culture that tolerates or even encourages people to cut corners or find loopholes and succeed at any cost — is bound to be at greater risk of financial reporting fraud and other risks. A root cause of many major scandals or frauds is dysfunction in the organization’s culture, with recent history offering numerous examples.
However, in many cases, the links between an organization’s corporate culture and fraudulent activity are not straightforward or clear-cut. The role that an organization’s underlying culture plays in contributing to fraud risk is often subtle and difficult to quantify, just as the culture itself can be challenging to define with specificity.
The critical question is how to develop a culture that reduces the risk of fraudulent activities and encourages ethical behaviors. The first step toward addressing that question is to develop a general understanding of what corporate culture is, what factors contribute to it and the role it plays in effective risk management.
It is essential that bank executives understand the relationship between culture and leadership, along with the reasons why it needs to be managed.
Organizational Culture and Why It Matters
Today’s definitions of “organizational culture” or “corporate culture” vary widely, from simple expressions such as “the way we do things here” to more complex and technical explanations.
All variations, distinctions and definitions of “corporate culture” or “organizational culture” have one thing in common: They describe characteristics that are primarily intangible and broadly dependent on individuals’ perceptions and interpretations of events and corporate priorities. This makes it inherently difficult to measure critical aspects of the culture and even more challenging to quantify the culture’s impact on an organization’s risk profile.
Virtually all of today’s widely recognized risk management systems or frameworks recognize the implied link between organizational culture and fraud risk. Specifically, the Committee of Sponsoring Organizations of the Treadway Commission framework defines an effective control environment as one in which personnel at all levels “demonstrate a commitment to integrity and ethical values.”
Shaping Culture: Start With a Diagnosis
As tricky as defining and measuring corporate culture are, it is even harder to shape and develop it. Many would argue that an organization’s culture is not something that can be created or built. To paraphrase from an interview with MIT Sloan School of Management Professor Edgar Henry Schein, an organization’s culture is something that is learned, not created.
One measurement option is to begin with a survey of employees. In addition to blatant examples of management’s arrogance, pressure, noncompliance or lax controls, surveyors should also be alert to subtle signs that certain risky behaviors might be tolerated or overlooked, even if they are not encouraged overtly.
Developing a Positive Culture: A Balanced Approach
Whether the risks are obvious or subtle, there are many positive steps boards and executive teams can take to shape both the control environment and the organization’s broader overall culture.
The 2020 World Economic Forum paper proposes six initiatives designed to provide what it describes as “a holistic approach to organizational ethics.”
- Build a new vision for boards
- Improve organizational oversight
- Review mission, strategy, and purpose
- Identify and encourage ethical leadership
- Increase organizational diversity and inclusion
- Measure stakeholder trust
This approach is but one example of the dozens of models, methods, and frameworks available to help organizations shape and adapt their corporate cultures. Virtually all such approaches share some common themes, such as the importance of senior-level commitment to ethical behaviors and the essential value of audits and other conventional risk management tools.
Above all, any effort to mitigate the fraud risks associated with organizational culture must work proactively to engage employees — ideally through a combination of ethics and compliance training programs along with less-overt cultural outreach efforts. Ultimately, as the World Economic Forum paper notes, “creating and sustaining a strong ethical culture is the key to creating an organization that makes behaving ethically as easy as possible.”
Visit bakertilly.com for a more comprehensive discussion of the topic.