Tone at the top refers to the ethical atmosphere that is created in the organisation by the board and senior management team. This tone forms a key part of the control environment. Whatever tone the organisation’s leaders set will trickle down to other members of the organisation.

Arthur Andersen provides an example of the power of the tone at the top. The company was known for its strong culture based on obedience to company rules and prescribed behaviour, and respect for partners. This culture was embedded through a rigidly applied performance management system. In 2001 it became evident that some of Arthur Andersen’s senior managers and top executives had been instructing subordinates – sometimes directly and sometimes indirectly – to perform tasks that were blatantly fraudulent, which many did so unquestioningly. As Jones (2007, p. 181) notes ‘..Arthur Andersen’s values were so strong that they led subordinates to forget the ‘real’ ethics of what they were doing, and Arthur Andersen’s ‘distorted’ ethics became the ones they followed’. Arthur Andersen’s downfall suggests that the patterns of behaviour, modeled and perpetuated by the senior management team can have a powerful influence on wider organisational culture – much more so than formal codes. And senior management can manage culture to the detriment of the organisation.

Internal control is considered essential for good management as it helps organisations meet their objectives. The IIA defines control as ‘any action taken by management, the board and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved’.

One of the most influential models is the so-called COSO Internal Control Framework, which is presented diagrammatically in Figure 1. The framework consists of five inter-related components: control environment, risk assessment, control activities, information and communication, and monitoring.

 

 

Of particular relevance to us in our discussions of culture is the control environment - the foundations of an organisation’s control framework. COSO describes the control environment as setting ‘the tone of an organisation, influencing the control consciousness of its people’. Whilst COSO does not use the term culture, its description of the control environment infers culture. More precisely, the control environment consists of the high-level parameters that influence the organisation’s culture. The IIA defines the control environment as ‘the attitude and actions of the board and management regarding the importance of control within the organisation’ (emphasis added). The parameters include integrity, ethical values, management’s philosophy and operating style, organisational structure, and human resource policies and practices.

Consider the management philosophy and operating style of your organisation. How does it influence the behaviour of individuals?

<Click for feedback>

We have considered the control environment and how high-level processes and policies can influence culture. But micro-level control activities (ie the middle component of the COSO framework) can also influence culture. Control activities comprise the policies, procedures and processes that help ensure that necessary actions are taken to address risks to achievement of the entity's objectives. They include a diverse range of activities including approvals, authorisations, reconciliations, security of assets and segregation of duties.

Consider controls pertaining to segregation of duties. How might control activities in this area impact on culture negatively?

<Click for feedback>

 

There is no prescribed acceptable culture. The key consideration is whether the culture is appropriate for the organisation and the objectives it is trying to meet. In reviewing culture you need to consider two elements: the processes in place that influence culture, and the outcomes of these processes. Schein’s model and the model we set out in section 3, provide you with possible frameworks for understanding these processes. Cultural typologies give you a framework for benchmarking and describing cultures. In order to assess outcomes, you can employ a range of quantitative and qualitative measures. Most typically quantitative measures are gathered through staff perception surveys, records of misconduct, reports to speak up hotlines and actions taken, and staff complaints. Qualitative measures are gathered through interviews of senior management and the general workforce. You could also look at staff feedback from exit interviews, and these maybe quantitative or qualitative, to ascertain staff views of the culture.  

 

Want to know what your development needs are? Then use our online CPD tool.

 

 

COSO (1992), Internal Control -  Integrated Framework, New York (USA), AICPA.

 

Boddy, D. (with Paton, S.) (2011, 5^th edn), Management: An Introduction, Harlow (UK), Pearson Education Limited.

 

Cameron, K., and Quinn, R. (1999), Diagnosing and changing organizational culture, Reading (USA), Addison-Wesley.

 

Deal, T.E. and Kennedy, A.A. (1982), Corporate Culture: rites and rituals of corporate life, Reading MA (USA), Addison-Wesley.

 

Handy, C. (2004, 2^nd edn), Understanding Organisations, Harlow (UK), Pearson Education Limited.

 

Hatch, M.J. (with Cunliffe, A.) (2006, 2^nd edn), Organization Theory, Oxford (UK), Oxford University Press.

 

Jones, G. R. (2007, 5^th edn), Organizational Theory, Design, and Change, New Jersey (USA), Pearson Education Limited.

 

Schein, E.H. (2004, 3^rd edn), Organization Culture and Leadership, San Francisco (USA), Jossey-Bass.

 

Turner, D. (2009), The Internal Audit Environment, London (UK), Chartered Institute of Internal Auditors.

 

Home | Intro | Page 2 | Page 3