AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Hybrid office working exposes post-pandemic culture crisis

Almost half (45.5%) of chief audit executives report that the pandemic has adversely impacted organisational culture. Prior to the pandemic, culture ranked well outside the top 5 risks to businesses, surpassed by prevailing issues such as cybersecurity and compliance. The steep rise of organisational culture up the list of risks to business has been found in a new poll of over 700 chief audit executives commissioned by the Chartered Institute of Internal Auditors to monitor which risks have been most impacted by the Covid-19 pandemic.

Chief audit executives reported that the top five risks to businesses exacerbated by the pandemic were:

  1. Business continuity, crisis management, and disasters response (67%)
  2. Cybersecurity and data security (62.5%)
  3. Health, safety, and security (53%)
  4. Organisational culture (45.5%)
  5. Financial, liquidity and insolvency risks (43%)

These results indicate that businesses must do more to prepare for future crises which have the potential to disrupt and derail ‘business as usual, and the Chartered IIA urges organisations to put plans in place now to mitigate damage in future.

The research highlights a rising post-pandemic organisational culture crisis, which has the potential to trigger a chain of negative impacts across wider business structures. The hybrid working model limits face-to-face interaction, curtailing previous processes to build strong organisational cultures and team cohesion.

The Chartered IIA urges internal auditors to address this issue now to avoid cultural erosion and knock-on business impacts later down the line, and has prepared a list of best practice tips to develop and maintain culture in the new hybrid working model:

  • Hold conversations with board members as early as possible to develop and implement a management strategy before a cultural crisis takes hold
  • Integrate culture into management control systems
  • Regularly engage with staff via surveys or forums to identify and respond to cultural issues
  • Implement digital systems which effectively facilitate the development and maintenance of human relationships
  • Ensure the internal audit team is empowered to hold management to account in preserving organisational culture in the new working normal.

Heli Mooney, Head of Internal Audit at Ryanair, said:

“Most businesses are focusing on ironing out issues of the hybrid working model from technical and practical perspectives. What is not dissected enough is how new working models can potentially erode organisational culture.

How do employees maintain their strong attachment to the business, continue to experience the shared purpose, values and sense of community within their organisation and uphold expected behaviours in the absence of the old office-centric in-person interactions – these should be some of the key questions asked.  Dilution of a strong organisational culture can trigger a myriad of other risks, not least on talent management and fraud.

Organisations must develop the tools and know-how to manage these risks and internal audit can play a crucial role in highlighting risks associated with cultural erosion.”

Alison McFadyen, Group Head, Internal Audit, Standard Chartered Bank, said:

“The hybrid working model poses its own unique risks, so at Standard Chartered we are looking to implement processes that remedy those. We are especially focused on retaining culture, something we’ve been paying close attention for the past two to three years.

We’ve implemented a behavioural risk assessment which aims to be a forward-looking view of culture, seeking drivers of red flags that could lead to wider issues. We also examine incentive structures, speak-ups, and individual interviews; the intent is to understand behaviours that could give rise to organisational culture risk.” 

Stephen Licence, Group Chief Internal Auditor, Legal & General, said:

“The impact of remote working on our corporate culture has been front of mind during the pandemic and is one of the factors driving our thinking around future ways of working.

Throughout the pandemic, Legal & General has been measuring and evaluating the impact of remote working on organisational culture. Risk factors have included the ability to maintain customer service; safeguarding data; ensuring effective collaboration and sharing of ideas; the impact on fraud risk; and the impact of remote working on the wellbeing of our people.

In Group Internal Audit we have needed to be flexible, react rapidly to the changing environment, and deliver high quality audit activities at pace. This has been supported by our growing analytics capabilities which have enabled us to provide insights around risk and control culture and highlight any changes that might be occurring as a result of remote and hybrid working. The ability to do this has been invaluable and continues to be a significant input to our planning for the future.”

John Wood, Chief Executive of the Chartered IIA, said:

“The risk of a culture crisis must be considered by all businesses pursuing a hybrid business model. The lack of face-to-face interaction brings new challenges to businesses which are set to continue long after the pandemic is deemed ‘over.’ It has never been more urgent for businesses to develop strong systems to both identify and mitigate risks to organisational culture, before it becomes a crisis.

Our research demonstrates that culture must be a key consideration at a management level as businesses map out their post-pandemic working model, and best practice tips shared by the Chartered IIA aim to encourage and guide internal auditor’s initial thoughts and discussions here.

The report has also indicated that businesses must do more to ensure business continuity during the next crisis, whatever that may be. The Chartered IIA recommends that internal auditors re-examine business continuity, crisis management and disasters responses, to defend against any future crises.”

The full data set is available below.

Notes to editors

  1. About the data: The research was commissioned as part of Risk in Focus 2022 - The part of the research that focussed on understanding the business risks most impacted by the pandemic combined both a quantitative survey with responses from 738 CAEs, and qualitative interviews with CAEs, from over 13 European countries including Austria, Belgium, France, Germany, Greece, Italy, Luxembourg, the Netherlands, Spain, Sweden, Switzerland and the UK & Ireland. The full Risk in Focus 2022 report and findings will be published in September 2021.
  2. The top 10 risks for Risk in Focus 2022 - The Pandemic Question, were: Business continuity, crisis management and disasters response (67%); Health, safety, and security (53%); Organisational culture (45.5%); Financial, liquidity and insolvency risks (43%); Human capital, diversity, and talent management (38%); Digital disruption, new technology and AI (35.5%); Macroeconomic and geopolitical uncertainty (34%); Supply chain, outsourcing and ‘nth’ party risks (34%); Fraud, bribery and the criminal exploitation of disruption (25%)
  3. The Chartered IIA represents over 10,000 internal audit professionals in organisations spanning all sectors of the economy, across the UK and Ireland. It champions the contribution internal audit makes to good corporate governance, strong risk management and a rigorous control environment leading to the long-term success of organisations, including those in the public sector.
  4. For further information, please contact Holly Mahon of Atlas Patners. You can reach her on email at or via mobile on 07593 441993.