Page 47 - iiA
P. 47
• Employee engagement and attrition indicators Post Crisis Reforms:
• Internal control overrides and red flags
Post the 2008 bribery scandal, Siemens undertook
• Performing Cultural Audits sweeping reforms in compliance, internal audit,
and corporate governance. It overhauled the
Auditing “culture” means evaluating the unwritten Internal Audit function to not only test controls
rules, values, and assumptions that guide decision- but also evaluate ethics, tone at the top, and
making. IA conducts cultural assessments using cultural indicators. Siemens’ IA team began routine
interviews, employee surveys, focus groups, and “cultural audits” that assessed whether ethics and
behavioral analytics to gauge ethical climate, risk compliance training were effectively influencing
escalation behaviors, and alignment with stated on-the-ground behaviors. The audit findings were
values. used to revise leadership development programs
and to tailor employee engagement strategies for
Challenges Faced by Internal Audit high-risk regions and business units. Siemens’
post-crisis audit and compliance transformation
Embedding a risk-aware culture is complex. has been recognized as a leading example of
Internal Audit often faces the following challenges: how internal audit can support ethical culture
rebuilding after a crisis.
• Cultural Resistance: Employees may resist
perceived oversight or fear consequences of Example: Financial Services Industry
transparency. Case: Barclays Bank (UK)
• Inconsistent Risk Frameworks: Legacy Background of the Case:
systems or fragmented policies can create
confusion. The 2008 financial meltdown exposed deep
• Leadership Buy-in: Without strong support systemic weaknesses across global banks,
from the top, cultural interventions lose including but not limited to excessive risk taking
credibility. and the failure of risk management at the Board
• Data Access and Quality: Behavioral and Executive levels. Though Barclays did not
indicators may be buried in unstructured or require a direct government bailout, it faced
siloed data. intense regulatory scrutiny and public distrust. It
• Skill Gaps: Auditing culture requires a was clear that a fundamental reset of governance,
nuanced understanding of behavioral science culture, and risk oversight was required.
and organizational psychology—skills not
traditionally within IA’s domain.
These factors can result in risk management
practices that fail to reflect the organization’s risk
appetite, strategy, or long-term objectives — or
provide actionable insight to leadership.
Real-World Applications and Industry
Case Studies
Example: Technology Industry
Case: Siemens AG
Background of the Case:
In 2008, Siemens AG agreed to pay over USD 1.6
billion in penalties to U.S. and German authorities Post Crisis Reforms:
after investigations revealed widespread bribery
across multiple countries—one of the largest After the 2008 financial crisis, internal audit
corporate corruption cases in history. functions in major banks, including Barclays, took
INTERNAL AUDIT TODAY 44
