On 14 March, Melanie McLaren addressed the audience, at the Internal Audit Leaders’ Conference, on what boards need from internal audit to set and manage culture.
To download the formatted version, click here.
The plain text version of Melanie McLaren's speech can be found below.
Executive Director, Codes and Standards Division
Financial Reporting Council
Internal Audit Leaders’ Conference
16 March 2015
Good afternoon, I am delighted to be here to speak on the subject of corporate culture which the IIA and internal auditors play an integral role in promoting. Through their work in assessing risk and examining company culture, internal auditors help to enhance investor confidence. In a world where corporate scandals can appear common place, companies with a strong cultural seam will stand out. Embedding a healthy corporate culture is therefore vital to the success of any business, and with the help of the IIA and others, the FRC is focused on highlighting good practice through the work of the Culture Coalition.
Let me start by giving you some background on what we do at the FRC. Our mission is to promote high quality corporate governance and reporting to foster investment. We seek to maintain an effective regulatory framework for corporate governance and reporting in the public interest; one that supports the needs of investors and supports boards and the professions in meeting the necessary high standards. We measure success by the impact we make, not by our level of activity.
At the FRC we are clear that “regulation” comes in many forms and needs to be fit for purpose in order to achieve the right outcomes. When it comes to corporate governance, the principles of good practice apply across the board. Assurance that these principles are being applied effectively means that the importance of Internal Audit extends across the corporate spectrum.
High standards of corporate governance and reporting are important for the fair and effective functioning of the capital markets. They benefit investors, companies and the wider public interest. The FRC is responsible for maintaining codes and standards for corporate governance, investor engagement, corporate reporting, audit and other forms of assurance, and for actuarial information. We monitor compliance with corporate reporting and auditing standards. We oversee the accountancy and actuarial professional bodies in their regulatory roles; and we operate independent disciplinary schemes for accountants and actuaries. Our Financial Reporting Lab helps companies and investors collaborate on improvements to reporting.
Ultimately it is for boards, preparers, auditors and other professionals to implement the standards we set; our role is to support them as far as possible by reinforcing best practice and providing a regulatory framework that is seen as realistic and helpful. This is why over the next three years, we intend to work with our stakeholders to encourage and nurture improvement rather than introducing new requirements that add to the regulatory burden.
To achieve this we have decided not to add to the Corporate Governance Code but instead to embed the changes made since the crisis and promote better reporting against the Stewardship Code. In May, we will issue updated audit committee guidance which, as well as dealing with audit committee changes from ARD , amplifies the role of internal audit and the audit committee’s responsibility for it.
We will concentrate on promoting a step change in audit quality and on driving up standards of reporting. Our goal is that reporting and audit in the UK are world-leading to give the greatest possible confidence to investors globally.
We also look forward to making the most effective use of the new role we have been given by Government as the UK competent authority for audit regulation. We will seek to ensure that the framework established under the EU’s Audit Regulation and Directive (ARD) serves the interests of investors in the reliability of financial statements; and supports the UK audit profession in delivering statutory audit to the necessary high standards, with close regard to the public interest.
And finally, we will be focusing strongly on corporate culture.
Culture is very high on the FRC’s agenda and it is a topic that is very important to me. There have been many examples over the past decade of what a good company culture can do and what a poor culture can lead to. How could for instance, Volkswagen, one of the most reputable car makers in the world, admired for its technical excellence, its long term approach and its global and iconic nature cause such shockwaves from what appears to have been a wholesale cultural failure. Volkswagen has started to take steps to rectify what occurred but we will have to wait and see if they can inject a healthy culture back throughout the organisation once again.
A few years ago we saw with LIBOR how failings in corporate culture can lead to severe consequences both internally and externally. When there is a healthy culture, the systems, the procedures, and the overall functioning of an organisation exist in harmony together, when this is not the case, it can lead to questions over leadership, corporate governance, reputation and integrity.
The FRC understands that addressing behavioural issues and embarking on cultural change in a company is not an easy task. However, there are strong links between governance and establishing a culture that supports long-term success.
For the UK economy and business to prosper, we need to get corporate culture right at all levels to create trust in business, reduce company failings as a result of poor behaviour and serve the needs of wider society.
Codes put forward principles for best practice that make bad behaviour less likely to occur; and public reporting can make it harder to conceal such behaviour. But, by itself, that does not prevent inappropriate behaviour, strategies or decisions. Only the people, particularly the leaders within a business can do that.
In order to establish the appropriate culture, a board must define the purposes of the company and what type of behaviours it wishes to promote in order to deliver its business strategy. This involves asking questions and making choices: how to align values and purpose to the company’s strategy; how to integrate new leaders into the company culture, particularly at times of merger or acquisition; how to maintain culture under pressure; how to decide whether different parts of the business should operate different cultures, and how actively to communicate culture to shareholders in order for them to engage in constructive discussion. In order to do all this, the board must not just ensure that they pay attention to the findings of internal audits, but that they ensure sufficient internal audit arrangements are in place, and, like the FRC expects of external auditors, that they employ professional scepticism where necessary.
This leads me back to the work of our Culture Coalition which is a collaborative effort with the IIA (Chartered Institute of Internal Auditors), CIPD (Chartered Institute of Personnel and Development), CIMA (Chartered Institute of Management Accountants), IBE (Institute of Business Ethics) and City Values Forum “to assess how effective boards are at establishing company culture and practices, and embedding good corporate behaviour, and to consider whether there is a need for promoting good practice”. We have had a very encouraging response from many individuals and organisations. Our aim is to publish a report, that is practical, not directive and is a spectrum of views on practical, market-led observations to help boards and companies establish, embed and measure their desired culture.
I must mention specifically the IIA here and applaud it for the great contribution it is making in leading the project workstream which explores how companies embed a desired culture. This looks at how internal audit can contribute to improving culture through the assurance, advice and insight it provides to audit committees and boards. It also poses questions about whether internal audit can inspect culture and what cultural indicators internal auditors can use, to steer its work, and when reporting the existing culture in an organisation to the board.
The work also goes beyond this to look at the key interactions between internal audit and other relevant functions in the company, such as external audit, risk and compliance, and HR/organisational development. The latter focus reflects the growing profile and influence that the internal audit function has within the company.
The way the IIA has approached its contribution to the project truly reflects the spirit of the coalition. Already they have succeeded in bringing together individuals and organisations that may not usually work together to provide input and insight into this important project.
Through all the project worksteams we have gained some insightful observations including the variation of views on the extent to which you can and should measure indicators of culture and what sorts of indicators are useful. What we are learning is that there is no one size fits all approach and that the indicators selected for assessment should be tailored to each company’s circumstances.
The difference in roles between the boards and executives also cropped up during our discussions. The board’s role is to influence, identify a desired culture, assess and monitor culture while the executive role is to drive and embed that desired culture throughout the organisation. We believe that it is imperative for companies to link their purpose and values to their strategy and business model for success.
The collaboration of business functions such as HR, internal audit, risk, finance is also seen as crucial when trying to embed a desired culture and provide comprehensive assurance to the board.
To conclude, I would like to thank the IIA and all the partners for their contribution to our work in this area because from experience I have seen that values, behaviours and corporate culture are central to the way an organisation achieves its objectives and furthermore, if all these aspects are is integrated well into its business model, good things will follow, financially as well as reputationally.
With trust in business the UK’s economy will prosper and it will continue to be seen as strong choice for investors.
I now look forward to hearing any questions or views more generally.