A selection of blog posts by James Paterson.
A conversation between James Paterson and Liz Crede – March 2016
Liz, can you talk about the idea of a right culture?
In my opinion there is only a right culture if it has the right fit for your organisation, business and its strategy. What would be a good culture for one organisation may not be so for another, due to the fact that their context may be different.
An effective culture is one that ensures your organisation is achieving the results you want to achieve, both externally and internally – and in all areas. It’s not just about profit and return on investment. It is about achieving the right results in terms of human performance, people being engaged with their work, doing the work they want to do as well as delivering on innovation as well as robust risk management and accounting practises.
Can you expand in more detail on the idea of different contexts demanding a different organisational culture?
Let me share my experience from two different industries I have worked in. In the pharmaceuticals sector, part of their culture is for it to be process orientated and to think in longer-term time horizons because it takes a long time to find and develop new drugs. So the whole process of creativity and experimentation and longer time frames is necessitated by the business and should be part of the culture.
However, if you go and work in a retail environment you’ve got to make decisions about what to do tomorrow which might be different from what you did yesterday; the context demands very fast paced, very quick reactions, so that business imperative feeds through back into the whole organisation. You couldn’t have a pharmaceutical type culture in a retail organisation or a retail culture in a pharmaceuticals company. It just would not work because of the need for immediacy and response, with a fast paced turnaround of trying things, and getting results and building on that in a very quick time scale versus the need for a more deliberate approach.
Consequently a good culture in a retail context is one that would enable decision making at the customer facing end, where face to face with customers you need autonomy of decision making, and a culture that supports, that empowers people, to enable them to do that, which is very different from a culture in pharmaceuticals that needs to double check decisions before putting a new drug out into the market. This context has a very different risk profile and requires a different organisational culture. Continue Reading
IIA International Conference, 17 – 20 July 2016, New York, USA.
Lean Auditing: How, What and Why?
James Paterson | Director, Risk & Assurance Insights Ltd.
In this session, participants will:
Further details about the conference can be found here.
Internal Audit Leaders’ Conference 16th March 2016
Combined assurance, one language, one voice, one view
James Paterson | Director, Risk & Assurance Insights Ltd.
Further details about the conference can be found here.
Over the past 14 years working in the internal audit arena I have seen a growing interest in the topic of Root Cause Analysis (RCA). My involvement in the topic has evolved from using it as part and parcel of a “lean auditing” approach, to running RCA webinars and seminars for the IIA UK, to the delivery of various in-house training workshops on this topic, and now more recently, offering a 1 day open course on RCA, as well as supporting the IIA UK to write a new practice guide on the topic.
This article explains:
What is RCA?
RCA is about identifying why an issue occurred compared to simply reporting the issue, or its immediate or contributing causes. The issue could be an error, non-compliance, and non-delivery of an objective or anything else that would be regarded as a failure or problem in the eyes of stakeholders. Continue Reading
I talked in an earlier blog about the benefits and drawbacks of having a ‘standardized approach’. Here is another example from assurance mapping where ‘standard’ terms can cause problems. Consider the standard assurance ratings as follows:
These seem so sensible and reassuring – let’s use these criteria to produce an assurance map! The importance of independent checking by Internal Audit will become clear!
The problem with this sort of standardized assessment is that it implicitly downplays assurance from the first and second lines of defense and favours audit work in a way that can cause significant issues when management are told about their low levels of assurance. Lets consider this question more closely how confident should we be with each type of assurance:
1) Management
Of course there is always a risk of self-deception in self-assessment by managers of their own activities, but if the criteria management should apply are clearly spelled out, and the manager concerned is experienced and unafraid to be honest, we can take a lot from their assessment. This is all the more so when management may be reporting upwards that they have issues and concerns that need to be addressed. Thus it is a dangerous over simplification to say that all management assurance is only of low quality. Continue Reading
Contact and appointments:
Risk & Assurance Insights
T: +44 (0)7802 868914
Email
Please also use our contact form