Are you getting the most from the ethics mandatory hours?

 Like many of you at this time of year, I have been looking to take the mandatory two hours of ethics training to comply with the IIA cpe  requirements. During the last few years, I attended webinars that did not interest me or added real value to my knowledge. So, this year I looked harder, and I was happy to find some really good free webinars that I have enjoyed attending. In fact, I found so many good webinars and I ended attending more than the required two hours.

One of the webinars was entitled "Why good people do bad things at work" by Andy Felo. The webinar is about the relationship between the "tone at the tope" and the "tune in the middle" and its impact on culture and ethical behavior within the Organization.

Another webinar was entitled "The seven deadly ethical sins of an organization" by Amanda Erven. I have found the definition and discussion of the seven sins engaging and I particularly liked the real-life examples she provided for each sin.

Another interesting webinar discussed an import issue which is bullying and bias in the workplace. The webinar is by Francine Griesing and its title is " Not just for school children: conquering bullying and bias in the workplace". This is such an important issue that should be in the radar of internal auditors.

One last example is a webinar that discussed ethics in this era of technological advancement. It is entitled "The ethical elements of Artificial Intelligence" by Katrina Ingram. This webinar provides a brief history of AI, ethical issues surrounding data, and discusses the principles of an AI ethical framework.   

I encourage you to choose your ethical webinars carefully and make the most out of it.

Takeaways from my recent readings

In this post, I am sharing some interesting takeaways from my recent readings. I will keep it very brief to enable you to go through it despite of your busy schedule! Of course, you can always download the original documents if you wish to learn more.

 Key Components of Digital Trust:

ISACA in a new free guide (Understanding the Six Key Components of Digital Trust| ISACA) defines digital trust as:

"Digital trust is confidence in the integrity of relationships among providers and consumers in a digital ecosystem."

The guide has identified six key components of the trust as follows:

• Quality of products and services
• Availability of information 24/7/365
• Security and Privacy
• Ethics and Integrity
• Transparency and honesty 
• Stability and Resilience

 Recession Playbook for Chief Audit Executives:

A Gartner 2022-2023 playbook identified the following 9 actions across three main areas that is believed to help in managing resources, being agile in securing talent, and accelerate digital and technological initiatives:

You can download the playbook by following this link:

Recession Playbook for Chief Audit Executives (gartner.com)

Turning Audit Clients into Allies

In its 2022 audit management playbook, AUDITBOARD offered some tips for turning audit clients into allies:

You can download a copy by following this link:

The Audit Management Playbook [2022 Updated] | AuditBoard

Do you have the "right to disconnect" outside business hours?

 A few days ago, the Province of Ontario in Canada introduced a right to disconnect law under which companies with 25 or more employees are required to establish policies that give employees the right to disconnect from business-related communications(including emails, messages, and phone & video calls, a ) outside regular business hours.

While the benefits and importance of the right to disconnect and its impact on the work/life balance and mental health wellness are not disputable, its implementation and success in practice are yet to be seen. 

Areas of consideration for internal audit

• Do you fully understand the spirit of the right to disconnect concept and are able to assess its effectiveness and implementation?
• Do you think it will limit your access to staff and information and impact your audit plan?
• Do you think it will increase your productivity?
• Would you plan to include it in your HR/culture audits?

If you work in a country that has already adopted the right to disconnect regulation, please share your experience.

picture source:Why You Should Respect Your Employees' Right to Disconnect | FlexJobs

Internal Audit's Role in Returning to Workplaces

 Last year, Richard Chambers in a blog post entitled "Returning to Workplaces Will Be Risky: Roll Up Your Sleeves, Internal Audit", offered examples of the questions Internal Audit should ask and get answers to from management regarding their plans to a safe return to the workplaces. These questions included:

• Has management adequately identified and assessed return-to-workplace related risks?
• Do proposed return-to-workplace policies and controls address the key risks?
• Are policies/controls effectively implemented (including communications)?

• Is the overall program functioning as intended, or are improvements warranted?

Obviously, the return to the workplace was not significant last year or during the first half of 2021. However, this may change significantly during the second half of the current year due to progress made in vaccination and the reopening plans around the world. I believe Internal Audit should focus its attention on the following issues:

• Reinforce & strengthen relationships: working remotely for an extended period of time under a climate of uncertainty and disruption may have affected  Internal Audit's relationships with its stakeholders. The CAE's priority, in my view, should be to reestablish timely contacts including in-person meetings with stakeholders as much as the safety and pandemic protocols permit. The stakeholders want to talk to Internal Audit as well as hearing from CAEs on their views, insight, and plans. A smart CAE will find the time to connect with his /her stakeholders and make the most out of the connection.
• Work closely with HR & Legal Departments to ensure there are proper anti-discrimination and conflict resolution plans: it will not be surprising, in the short term at least, that there will be employees resisting and challenging the organization's safety protocols such as wearing masks and physical distancing. There will be also others who did not get vaccinated for whatever reason. This may lead to conflict between the employees themselves and with management.  Internal Audit needs to ensure that there are practical and fair plans to deal with such situations.
• Encourage management to communicate the return policies and procedures before the return to the workplace: employees should not be surprised by the organization's procedures and protocols when they show up to work. They need to be aware in advance of what is waiting for them in the office and plan accordingly.
• Monitor and assess changes in corporate culture: whether we realize it or not,the pandemic and working remotely have changed people. The change could be in the mindset, the mental welness, priorities, perspective of life, and career plans. These changes can potentially influence the corporate culture. Internal Audit needs to work closely with HR and others to monitor trends and changes in culture to enable management to take timely actions to address the change.

I would love to hear from CAEs who have already returned to the workplace. Please share your experience and what challenges have you faced. What advice would you give to those who are about to return to their offices?

These are my thoughts, please share yours!

Picture credit:www.telljp.com

When Internal Audit Is Agile And The Audit Committee Is Not!

The traditional challenge for Internal Audit was in its ability to meet and/or exceed its stakeholders' growing expectations. While some Internal Audit functions may have suffered and failed to achieve this objective,  I would like to believe that most of the functions have been successful not only in meeting the expectations but also in taking the lead and initiative to introduce change and innovation and prove their relevance!

One of the buzzwords and trends nowadays is "agile internal auditing". Internal Audit functions around the world are working on understanding what it is about, exploring what it means to their operations and how to successfully implement it in their organizations. A successful implementation requires the buy-in and collaboration of stakeholders. You would think that management and the audit committees would be thrilled when Internal Audit starts the transformation process. That would be true in most cases, but sometimes there are forces within the Organization that resist change. When these forces are management, Internal Audit can seek the support of the audit committee to convince management. But, what if the audit committee is the resisting force? Imagine a situation where a CAE approaches the audit committee with  his/her plans to implement agile internal auditing and the answer he/she gets is:

• "This is a luxury we can't afford",
• "Stick with the audit plan, it works", 
• "This is not the time for a dramatic change", 
• "We don't have the resources and/or experience to do this", 
• " We will think about it",
• "What is agile internal auditing?"

Does this sound familiar? If you have heard any of the above responses, you are not alone! 

What comes to your mind when you hear such a response? You may conclude that Internal Audit did not do a good job communicating the concept and benefits of agile internal auditing to the audit committee. Perhaps they did not explain that it is more of a  mindset than a methodology, that it can be applied gradually, that it is not all or nothing approach or a one approach fits all solution. The reaction of the audit committee could indicate that there is a deeper disconnect with the audit committee! You may also conclude that the audit committee members don't possess the right mindset, vision, experience, or qualification to discharge their duties in these uncertain times! 

What will be your strategy to bridge the gap with the audit committee and initiate the transformation to agile internal auditing.? Please share your experience and thoughts. And remember to:

                                                               "be agile, be alive"!

Adapgility Consulting is your Internal Audit Partner and can help with the agility transformation process.

Picture source:www.hme-business.com

What Does It Mean to Be Ready And Relevant?

There is a common consensus that Internal Auditors need to be ready and relevant to succeed and thrive in the current disruptive times and to be ready for what comes next in the highly unpredictable future. Last August, I wrote a post entitled " Has Your Internal Audit Function Tested Positive For The Irrelevance Virus" in which I offered internal auditors some basic suggestions on how to get vaccinated against the irrelevance virus including:

• working on their mindset
• keeping an up-to-date understanding of the company's objectives and business
• understanding the stakeholders perspective on value internal audit can add
• transforming to agile auditing
• understanding the true essence of the internal audit independence concept
• communicating what matters in real-time
• utilization of available technology to its fullest potential
• taking a tablespoon of the "courage syrup" three times a day! 

You can read the full post by clicking on the link above.

Recently, I have attended a webinar sponsored by Workivia. The webinar took the form of a live discussion with Tim Berichon the author of the book " Ready and Relevant - Prepare to Audit What Matters Most ". While I have not read the book yet, I thought the discussion with Tim offered a good summary of his thoughts. The key takeaways from the webinar, at least as I understood it, are as follows:

• Stakeholders want to see internal audit become relevant and they now see how internal audit can perform
• Internal audit leaders have stepped up and taken their independence hat off and not allowed that to be a barrier or stopping them from being most relevant
• Relevance is about survival at the internal audit level and the business level
• The top barrier to agility and innovation was the internal audit team's resistance to change. Internal auditors need to look in the mirror and ensure they have the right mindset and the commitment to that mindset
• Get in the middle of the ERM fan! Internal audit leaders can own the risk management programs
• Automate everything you can. Free up internal auditors, they can not add value unless they can use their brains
• Automation can not replace soft skills yet
• Artificial Intelligence as it starts to be  more affordable may creep into the internal auditors' world in the future
• Tell your stockholders something they do not know, If you tell them what they know, you are irrelevant.
• Internal audit will never be irrelevant if it helps management meet its objectives
• Drop the word added from the phrase"value-added".Everything internal audit does should be a value, it does not need to be added to anything
• Set aside a certain percentage of internal audit time for management request and flexibility

I encourage you to watch the entire webinar, it is available on-demand and can be accessed by clicking on the title of the webinar as shown above.

After reading the above, do you think you know what being "ready and relevant" really means? How do you define it and communicate it to your stakeholders? What do you do to achieve the "ready and relevant goal? Let's start a dialogue and share experiences. 

picture credit:www.ieltsg.com

Did working from home alter corporate culture?

With so many people working from home/ remotely during the pandemic for an extended time, it is logical that we question if this environment has influenced the corporate culture. In this post, I will try to shed light on how home culture may have interfered with corporate culture.

What is corporate culture?

There are many definitions of corporate culture, but it is basically the combination of beliefs, values, ethics, behaviors, and actions of management and employees in running the business. Because this post is mainly written for internal auditors, it is useful to remind them of  the definition used by the IIA in its practice guide” Auditing Culture”:

“Culture represents the invisible belief systems, values, norms, and preferences of the individuals that form an organization. Conduct represents the tangible manifestation of culture through the actions, behaviors, and decisions of these individuals”.

Components of the corporate culture

Let’s first agree that every organization regardless of its size or structure has a culture. A quote from Pyxis blog post  explains this in simple words:

“Large or small, start-up or mature, commercial or government, every organization has a culture. Corporate culture is either designed from the beginning or left to develop by default. Either way, you will have a corporate culture.”

To understand how corporate culture may be influenced, we need to identify its components. The most important component is people, without people there is no culture! A second component is vision/mission/values,  a third important component is the environment and place of work. Scholars add more components such as leadership, communication, teamwork, and others.

Did working from home alter corporate culture?

In trying to answer this question, we at AdapGility Consulting have posted a poll in our LinkedIn Group. The poll question was:

“How did working remotely affect the culture at your organization?”

We have provided three possible answers and received the following results:

- It is about the same     29%

- Improved                       36%

- Deteriorated                  35%

While this poll is far from scientific, it provided me with a starting point to further explore the effect of remote working on corporate culture. The results somehow surprised me! While I was predicting that the vast majority of the answers will be in the stayed the same/deteriorated categories, I was not expecting that 36% of respondents felt that the corporate culture at their organizations has improved.

A study by Quartz and Qualtrics shows that 37% of workers feel that company culture has improved since the begging of the COVID -19 pandemic. The results of the study are almost identical to our Linkedin poll results! I am not sure if this reflects the reality or it is just a coincidence!

 Effects of remote working on culture

Looking back at the basic components of corporate culture, we may assume that the COVID-19 pandemic has changed, to an extent, how people feel and think.  It may have also changed our perspective on life, relationships, and values. The change could be positive or negative and it could be temporary or permanents! The change in the work environment/ place of work may also have an effect on mindsets and relationships.

The negative effects of working remotely are widely known such as the feeling of isolation, lack of focus, stress, and zoom fatigue, so I will not repeat them in this post. I will focus on discussing why almost one-third of the respondents to the survey and poll question felt that the corporate culture in their organizations has improved.

Supporters of remote working will tell you that working from home/remotely has provided them with a better work/life balance, reduction in costs (transportation, wardrobe), flexibility in time and place of work, ease of communication, less stress, and tax benefits in some countries.

We have asked the respondents to our poll question who said that the culture at their organizations has improved to share their experience and thoughts. We have received a detailed response from Theocharis Tzionis, a group member, who shared the below thoughts. While I understand the logic behind each point he raised, which seems to be influenced by the combination of the pandemic mindset/empathy and the remote working environment, the first point makes me wonder if the culture is being divided into sub-cultures that are acting in silos and not integrated throughout the organization:

-  First point to make here is that organisational culture for people could mean the culture in their teams, as this is the immediate effects on their own work life. For example, if your department has a more flexible approach to working hours than the rest of the organisation then you may perceive that aspect of culture to be a good one irrespective of the organisation as a whole.

- Managers became more compassionate and understanding.

- Less demanding which in trun makes people happier and thus more productive.

- You get to "see" leadership team more often. Through videos for the organisation's news and approach, as well as the actions for the pandemic.

- Provided far more information and subscriptions to apps for mental health (this should have been in place in my opinion irrespective of the pandemic).

- Managers and leadership team are more flexible.

- People get to spend more time with people that actually matters to them i.e. family and friends and don't have to spend time with office chat with people that may or may not like in the office. This will increase the overall perspective of organisational structure.

- Bad news are conveyed in a more professional and compassionate way because of the situation and the remote working.

- Businesses are changing, therefore leadership teams are forced to change and therefore are more acceptable to new way of doing things.”

- Managers became more compassionate and understanding.

- Less demanding which in trun makes people happier and thus more productive.

- You get to "see" leadership team more often. Through videos for the organisation's news and approach, as well as the actions for the pandemic.

- Provided far more information and subscriptions to apps for mental health (this should have been in place in my opinion irrespective of the pandemic).

- Managers and leadership team are more flexible.

- People get to spend more time with people that actually matters to them i.e. family and friends and don't have to spend time with office chat with people that may or may not like in the office. This will increase the overall perspective of organisational structure.

- Bad news are conveyed in a more professional and compassionate way because of the situation and the remote working.

- Businesses are changing, therefore leadership teams are forced to change and therefore are more acceptable to new way of doing things.”

What do you think? Does the above reflect what is happening at your organization?

Please share your thoughts.

picture credit:TED: Ideas worth spreading