Auditing Ethics, Culture, Conduct and Reputational Risk


Recent corporate disasters have highlighted the importance of establishing and maintaining a strong ethical culture. In the wake of the financial crisis, banks and other businesses are now focussing specifically on conduct and reputational risks. The Board's oversight role increasingly extends to organisations culture and ethics - and internal audit faces the challenge of providing assurance in these "hard to audit" areas.

Over two days you will:

  • Understand the core components of corporate culture and an effective ethical framework
  • Identify the key sources of conduct and reputational risks for your organisation
  • Learn how to provide assurance to satisfy your board
  • Explore how internal audit can act as a catalyst for improvement
  • Discover how to present your findings to achieve "buy-in" and action


What you will learn

You will learn how to help improve ethics and corporate culture, ways to bridge the gap between policy and practice, the typical components of an ethical framework and how to audit these untraditional topics.


Understanding and Connecting the Key Components of Culture and Ethics:

  • culture and its importance to organizational success or failure
  • an organization’s value system
  • clarity of mission
  • code of conduct and ethics—infrastructure
  • ethics and the law

What is Important to the Board and Executive Management:

  • leadership attributes
  • statements / behaviors / actions
  • connecting culture and ethics to performance, risk management and compliance
  • hiring / orientation / training practices—executives and all levels
  • messages sent / messages received around an organization’s culture and ethics
  • the important role of the CEO

The Great, The Good, The Bad and The Ugly:

  • current trends and what’s in the news - are you concerned?
  • analyzing those companies with the best cultures to those with the worst
  • the best places to work and why
  • the highest rated CEOs and why
  • the most decorated and highly ethical organizations
  • role models to success / the good corporate citizen
  • warning signs
  • it is time for a culture and ethics audit!

Models to Consider - Gathering Culture & Ethics Guidance for Testing:

  • COSO 2013
  • updated COSO ERM model
  • federal sentencing guidelines
  • Organization for Economic Co-operation and Development (OECD)
  • FINRA’s 2016 regulatory and examination priorities
  • ethical culture and guidelines for ethical leadership
  • international aspects—standards around the globe
  • the three lines of defense

Defining and Measuring Culture and Ethics – It’s a Big Job!

  • can culture and ethics be effectively measured?
  • the importance of the Tone-at-the-Top (TAT) assessment
  • the importance of the Tone-in-the-Middle (TIM) assessment
  • behavioral assessments
  • dissecting the results and arriving at consensus
  • opportunities and actions

The Ethics Committee—The Need for One Today!

  • emphasis today—how many organizations have an ethics committee
  • make a statement by having a formal ethics committee!
  • composition—executive members / key components / charter / activities / agenda
  • tracking and dealing with ethical matters and misconduct consistently
  • setting the social responsibility agenda
  • reporting to the board

Building a Comprehensive & Dynamic Culture and Ethics Audit Approach – Workshop
Planning & Scope:

  • obtaining sponsorship
  • outlining the communication protocols and confidential nature of the review / audit
  • the review / audit—internal and / or external involvement
  • scope—domestic and international considerations
  • models to deploy

Information Gathering:

  • story behind internal and external audits and results—company actions, timely implementations, etc.
  • information, assessments and surveys available—can this information be relied upon?
  • compliance and risk assessments
  • organization charts
  • employee surveys, etc.
  • human resource information, policies, talent management, training, etc.
  • specific policies and procedures

Field Work / Testing:

  • analyzing the organization chart
  • identifying culture and ethics messages / review website content, etc.
  • analyzing the code of conduct & ethics / employee handbooks / supplier codes, etc. and assessing effectiveness
  • hiring practices / new hire orientation / training / talent management / promotions policies and procedures pertaining to ethics, investigations, and discipline
  • deviations from standards
  • summarize risks and opportunities


  • conducting the TAT and TIM assessments
  • conducting an independent employee survey of culture and ethics – employee knowledge of the organization’s values, ethics and mission meetings with employees and “walk arounds” – how does work get done? the human resource group and care for employees - - assessing consistency and handling of matters
  • assessing complaints— customers and vendors
  • assessing the ethics committee (if one has been established)
  • summarize risks & opportunities

Analyzing Trends and Actions:

  • messages from the assessments
  • analyzing trends from hotlines and human resource investigations and matters (harassment, discrimination, retaliation, etc.)
  • organization’s methods for handling conflicts and resolutions
  • social responsibilities and the “face of the organization”
  • analyzing retention, turnover and exit meetings
  • summarize risks & opportunities

Continuous Monitoring:

  • continuous monitoring—build culture and ethics assessments into each review / audit
  • role technology plays within the organization and in culture and ethics
  • assessing culture at all domestic locations and internationally

Results and Reporting:

  • root cause analysis for matters raised during the review / audit
  • summarizing and evaluating the results of each aspect and overall
  • report type and development
  • communicating results
  • board reporting

Summary and Wrap-Up:

  • final deliverable—your culture and ethics audit program
  • outlining your next steps and actions

Further information

ACI Learning
ACI Learning
2 Days
Scheduled dates
Course type:
Virtual delivery

Contact Information

ACI Learning

6855 S. Havana St.
Suite 230
80112 USA