Professional Course

Auditing Ethics, Culture, Conduct and Reputational Risk - UK-OAM223

ACI Learning, Online

Course description

Auditing Ethics, Culture, Conduct and Reputational Risk - UK-OAM223

Recent corporate disasters have highlighted the importance of establishing and maintaining a strong ethical culture. This classes covers how internal audit can review this difficult topic and assess reputational risks, get buy-in when presenting the findings, and how to effectively call for action.

Do you work at this company and want to update this page?

Is there out-of-date information about your company or courses published here? Fill out this form to get in touch with us.

Who should attend?

Chief Audit Executives and internal audit leaders considering proposing or performing work involving corporate culture; internal auditors of all levels responsible for auditing corporate culture or auditing ethics; those looking to identify and understand processes and metrics that are most likely to indicate a positive or negative corporate culture.


  • Fundamentals of Internal Audit (OAG101) , Advanced In-Charge Auditing (OAG201) and general knowledge or experience with internal controls.

Training content

You will learn how to help improve ethics and corporate culture, ways to bridge the gap between policy and practice, the typical components of an ethical framework and how to audit these untraditional topics.


Understanding and Connecting the Key Components of Culture and Ethics:

  • culture and its importance to organizational success or failure
  • an organization’s value system
  • clarity of mission
  • code of conduct and ethics—infrastructure
  • ethics and the law

What is Important to the Board and Executive Management:

  • leadership attributes
  • statements / behaviors / actions
  • connecting culture and ethics to performance, risk management and compliance
  • hiring / orientation / training practices—executives and all levels
  • messages sent / messages received around an organization’s culture and ethics
  • the important role of the CEO

The Great, The Good, The Bad and The Ugly:

  • current trends and what’s in the news - are you concerned?
  • analyzing those companies with the best cultures to those with the worst
  • the best places to work and why
  • the highest rated CEOs and why
  • the most decorated and highly ethical organizations
  • role models to success / the good corporate citizen
  • warning signs
  • it is time for a culture and ethics audit!

Models to Consider - Gathering Culture & Ethics Guidance for Testing:

  • COSO 2013
  • updated COSO ERM model
  • federal sentencing guidelines
  • Organization for Economic Co-operation and Development (OECD)
  • FINRA’s 2016 regulatory and examination priorities
  • ethical culture and guidelines for ethical leadership
  • international aspects—standards around the globe
  • the three lines of defense

Defining and Measuring Culture and Ethics – It’s a Big Job!

  • can culture and ethics be effectively measured?
  • the importance of the Tone-at-the-Top (TAT) assessment
  • the importance of the Tone-in-the-Middle (TIM) assessment
  • behavioral assessments
  • dissecting the results and arriving at consensus
  • opportunities and actions

The Ethics Committee—The Need for One Today!

  • emphasis today—how many organizations have an ethics committee
  • make a statement by having a formal ethics committee!
  • composition—executive members / key components / charter / activities / agenda
  • tracking and dealing with ethical matters and misconduct consistently
  • setting the social responsibility agenda
  • reporting to the board

Building a Comprehensive & Dynamic Culture and Ethics Audit Approach – Workshop

Planning & Scope:

  • obtaining sponsorship
  • outlining the communication protocols and confidential nature of the review / audit
  • the review / audit—internal and / or external involvement
  • scope—domestic and international considerations
  • models to deploy

Information Gathering:

  • story behind internal and external audits and results—company actions, timely implementations, etc.
  • information, assessments and surveys available—can this information be relied upon?
  • compliance and risk assessments
  • organization charts
  • employee surveys, etc.
  • human resource information, policies, talent management, training, etc.
  • specific policies and procedures

Field Work / Testing:

  • analyzing the organization chart
  • identifying culture and ethics messages / review website content, etc.
  • analyzing the code of conduct & ethics / employee handbooks / supplier codes, etc. and assessing effectiveness
  • hiring practices / new hire orientation / training / talent management / promotions policies and procedures pertaining to ethics, investigations, and discipline
  • deviations from standards
  • summarize risks and opportunities


  • conducting the TAT and TIM assessments
  • conducting an independent employee survey of culture and ethics – employee knowledge of the organization’s values, ethics and mission meetings with employees and “walk arounds” – how does work get done? the human resource group and care for employees - - assessing consistency and handling of matters
  • assessing complaints— customers and vendors
  • assessing the ethics committee (if one has been established)
  • summarize risks & opportunities

Analyzing Trends and Actions:

  • messages from the assessments
  • analyzing trends from hotlines and human resource investigations and matters (harassment, discrimination, retaliation, etc.)
  • organization’s methods for handling conflicts and resolutions
  • social responsibilities and the “face of the organization”
  • analyzing retention, turnover and exit meetings
  • summarize risks & opportunities

Continuous Monitoring:

  • continuous monitoring—build culture and ethics assessments into each review / audit
  • role technology plays within the organization and in culture and ethics
  • assessing culture at all domestic locations and internationally

Results and Reporting:

  • root cause analysis for matters raised during the review / audit
  • summarizing and evaluating the results of each aspect and overall
  • report type and development
  • communicating results
  • board reporting

Summary and Wrap-Up:

  • final deliverable—your culture and ethics audit program
  • outlining your next steps and actions

Certification / Credits

Completion of this course is worth 16 CPE Credits

ACI Learning

ACI Learning

At ACI Learning, we train leaders in Cybersecurity, Audit, and Information Technology. Whether you're starting your IT career, mastering your profession, or developing your team, we're with you every step of the way. We believe that training is not a...

Read more and show all training delivered by this supplier