United States

Data analysis and predictive modeling: A new approach to risk culture


Download article

Bad news often comes in waves. In the early 1990s, several corporate scandals led to the Sarbanes-Oxley Act of 2002; while later in the early 2000s, systematic risk from poor lending practices led to the Great Recession. Now, new names are emerging after a surge of control failures, fraud and regulatory breaches. The same question that plagued organizations nearly 20 years ago is relevant once again for financial services organizations: “How could this happen to us?”

Unfortunately, sometimes good people can do bad things, and controls implemented by management can fail to keep these bad things from becoming corporate disasters. Even worse, management can unknowingly create the environment that encourages bad behavior.

However, internal audit can implement a data-driven, predictive model to more effectively assess an organization’s risk culture. This model includes three key objectives:

  • Taking a more practical approach to assessing risk culture: Look at the impact the culture has across things that can be measured.
  • Identifying toxic culture from the ground up: Organizations typically assess tone at the top, or even tone in the middle, but culture deficiencies can often be identified at lower levels of the organization.
  • Implementing a scoring mechanism to compare cultures across different parts of the business: An organization can look for clues in day-to-day data to predict cultural health and associated risk across teams.       

Learn how internal audit teams can understand risk drivers within their organization and change the perspective on risk culture. A better model to assessing risk culture can improve the overall health of the business and reduce the potential of unwanted and embarrassing headlines.