Insight

Culture risk: Signals of change and the risk agenda

Culture is increasingly an important risk to consider with 79 percent of executives ranking it a "top five" contributor to their firms value

Edmund L. Green

Edmund L. Green

Managing Director, Risk Consulting, KPMG US

+1 703-286-8692

Chief Audit Executives (CAEs) continuously assess how to deliver on their objectives to maintain trust of shareholders and stakeholders. This includes considering signals of change in risks faced by their organization and, in turn, changing the focus of the internal audit plan if needed. Our complementary series, On the CAE agenda, provides a full view of top risks highlighted this period.

Signals of change

A 2021 report that features a survey of over 1300 C-Level executives revealed that 91 percent of executives believe culture is “important” or very “important” at their organization, 79 percent of executives rank culture as a “top five” contributor to their firm’s value while 92 percent believe improving culture would increase firm value. The report also revealed that 85 percent of executives believe poorly implemented or ineffective culture increases the chances of unethical or illegal behavior. Despite the agreed upon importance of culture, only 16 percent of executives believed their firm’s culture is where it should be.

Risk considerations

  • The absence of employee engagement in objective setting and strategy discussions can lead to lack of ownership and accountability. Similarly, unreasonable employee performance expectations, including tight deadlines, and stretch profitability targets coupled with inadequate resources, can result in low motivation and morale. 
  • An inflexible hierarchy impeding the flow of information up, down, and across the organization may result in risks going undetected or unreported, as well as conflicts between “micro cultures” and mistrust in the organization between employees and management.
  • Failure to consistently reinforce desired behaviors, and codes of conduct and related policies and procedures can lead to a cancer of unethical behavior and wanton disregard of laws and regulations.
  • Management refusing to acknowledge information contrary to their opinion can lead to employee mistrust of the organization.