Page 48 - iiA
P. 48
a more strategic role in assessing risk governance structurally independent to be effective. Auditors
frameworks. Barclays’ IA team started embedding were empowered with greater independence, began
regular risk awareness workshops and scenario reporting directly to audit committees. Indian
analysis with senior leaders and business units firms—especially in IT, telecom, and financial
to ensure risks were integrated into day-to-day services—began embedding cultural audits and
decisions. risk culture diagnostics into their enterprise risk
management (ERM) programs. Internal audit’s
Example: Healthcare Industry role evolved from routine compliance checks to
Case: Johnson & Johnson a strategic function assessing governance, ethics,
Background of the Case: and risk culture.
In September and October 1982, seven people
in the Chicago area died after consuming Extra-
Strength Tylenol capsules that had been laced
with cyanide. The capsules were tampered with
after leaving the manufacturing plant, making
it a case of product sabotage, not a production
flaw. The company pulled 31 million bottles from
shelves and re-established public trust through
transparency and decisive action.
Post Crisis Reforms:
Following the Tylenol contamination crisis in the
1980s, J&J emphasized its “Credo” and enhanced
ethical standards. The crisis exposed the need
for stronger ethical standards and internal Conclusion
controls. The Internal auditors played a key role
in integrating this commitment into all aspects Culture is the invisible driver behind how
of the company’s operations. They worked to organizations respond to risk. An effective internal
implement procedures that ensured products were
safe, reliable, and ethically produced, aligning with audit function is not just a gatekeeper, it’s a cultural
steward, helping organizations align values with
Credo’s core values.
action. In the words of Mark Watson, a recognized
governance and risk expert “Internal audit is not
Example: Information Technology just a mirror held up to management, it is a lens
Industry that helps organizations see how culture shapes
Case: Satyam Computer Services Ltd. their future”.
(India)
Background of the Case: By embracing its role as both assessor and
influencer, Internal Audit can catalyze a shift
from reactive risk management to proactive risk
In January 2009, Ramalinga Raju, founder and ownership. A robust risk-aware culture ensures
chairman of Satyam Computer Services, confessed that risks are not only known, but shared, owned,
to manipulating the company’s financial statements and acted upon across all layers of the organization.
for years—inflating profits by nearly USD 1 billion.
This was India’s largest corporate fraud at the time,
often dubbed “India’s Enron.” Internal Audit is both the sentinel and the steward
in this transformation, building a culture where risk
becomes a language spoken across the enterprise.
Post Crisis Reforms:
Post-Satyam, Indian regulators and large companies
realized that internal audit functions must be
45 INTERNAL AUDIT TODAY
