Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.
Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of any corporate compliance enforcement action. In this Part 2, consider how to assess your culture with Viktor Cuijak.
Cuijak, a chartered accountant with a strong background in finance, audit, and risk consulting, currently serves as the Director of Customer Success and Services at Diligent. With a decade of experience in the Big Four and a focus on governance, risk, and compliance (GRC) objectives, Cuijak firmly believes in the importance of assessing and managing organizational culture as a risk factor. He views culture as a dynamic risk that can have significant consequences if not properly managed, and advocates for standardized and benchmarked culture assessments to provide valuable insights for risk management. Cuijak emphasizes the need for practical guidance on implementation, highlighting the significance of tone at the top and other artifacts such as policies, procedures, and feedback mechanisms in culture assessments. Crucial Role of Culture podcast.
Assessing and managing organizational culture as a risk factor is a crucial aspect of ensuring the success and sustainability of any organization. A compliance professional can begin by the using existing frameworks like COSO (Committee of Sponsoring Organizations of the Treadway Commission) for guidance in assessing and managing organizational culture. This framework provides principles and guidelines that help organizations understand the key factors that impact culture as a risk factor.
The tone at the top, policies, procedures, and feedback mechanisms were identified as key indicators of an organization’s culture. The tone at the top refers to the leadership’s actions and behaviors, which set the tone for the entire organization. Policies and procedures play a crucial role in shaping the desired culture, but it is not enough to simply have them in place. Actions, communications, and responses must align with the stated culture.
One of the key challenges is the nebulous and intangible nature of culture, which can make it difficult to assess and audit. However, Cuijak emphasized that culture can be thought of as just another risk that organizations need to manage. By asking the question, “What can go wrong?” organizations can identify potential risks and gaps in their culture and take steps to address them.
Standardized evaluation was also discussed as a valuable tool for assessing and benchmarking culture. It provides a common language and framework for managing risks associated with culture. By using evaluation tools, organizations can track their progress and identify areas for growth.
Cuijak also emphasized the importance of considering the impact of culture when making decisions. Culture is not just a checklist exercise, but rather a holistic approach that encompasses actions, communications, and responses. It is not enough to have policies and procedures in place; organizations must demonstrate their culture through their actions and communications.
While frameworks like COSO provide principles and guidance, they may not always provide the specific “how” in assessing and managing culture. This is where organizations need to tailor their approach and consider additional tools and techniques that align with their specific needs and goals.
In conclusion, assessing and managing organizational culture as a risk factor is a complex but essential task for organizations. By using existing frameworks, evaluating key indicators, and considering the impact of culture on decision-making, organizations can identify potential risks, address gaps, and create a culture that supports their overall success and sustainability.
Join us tomorrow where we explore creating a strategy to manage culture risk.
Tune into Viktor Cuijak on the Diligent podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.