The IIA Releases New Practice Guide on Auditing Conduct Risk
Organizational culture ― and how an organization comports itself with regard to conduct ― drives how business is done. It also underlies the effectiveness of the control environment, which supports the achievement of an organization’s objectives.
Poor culture and ineffective management of employee conduct has contributed to numerous business failures and has been identified as a root cause of a number of serious issues. In response, key financial services stakeholders, including boards and regulators with responsibility for oversight of the control environment, have heightened their focus on the appropriateness of organizational culture and the effectiveness of conduct risk management.
The issue of conduct is not easily separated from an organization’s culture; rather, it is a distinct segment of culture as a whole. “Auditing Conduct Risk” provides internal auditors with an understanding of methods to evaluate the management of conduct risk.
- Regulatory environment of conduct.
- Expectations defined.
- Measurement and reporting.
- Consequences of misconduct.
- Planning and performing the engagement.
IIA members are invited to download this guidance and all guidance as a benefit of membership. Nonmembers may purchase Supplemental Guidance by visiting the IIA Bookstore.