IIA PAS CONFERENCE 2016

Transcription

1 IIA PAS CONFERENCE 2016 Becoming a leading example Culture Arcadis Leonard Boogers Director Internal Audit Leonard.boogers@arcadis.com

2 Arcadis Why culture impacts Way of Working and control environment Arcadis journey creating a truly global culture Role Internal Audit 2

3 ARCADIS: DESIGN & CONSULTANCY FOR NATURAL AND BUILT ASSETS Global business lines Geographies Infrastructure Water Environment Buildings North America Emerging Markets* Continental Europe UK 26% 1) 13% 25% 36% Dutch roots date back to billion revenues* in /-30,000 active projects 39% 27% 18% 16% ~ employees in 40 countries Copyright ARCADIS ) Gross revenues Note: Brazil, Middle East, Asia 3

4 Revenue in billions of euros Total number of FTE Arcadis journey to growth impacts Culture 2014 Takeover Hyder & Callison 3, , , Takeover RTKL Associates Inc Takeover EC Harris ,5 1,0 0,5 0, Name changed to Arcadis 2009 Takeover Malcom Pirnie Years Revenue in billions of euros 2012 Takeover Langdon Seah Total number of FTE Copyright ARCADIS

5 Arcadis global footprint How to leverage our divers culture to become a truly global service provider for our clients? 5

6 or how to prevent. Unethical behaviour ultimately puts an organization at risk but Forbes magazine stated in 2015 that culture is the most overlooked element of audits.. It sheds light on a company s core DNA, which guides decision making 6

7 Arcadis Enterprise Risk Management How is culture embedded in Arcadis Business Control Framework (ABC)? Core Values Integrity Client Focus Collaboration Sustainability Arcadis Strategy Sustainable Growth Performance Collaboration Strategic Risks (11 controls) Reputation : Impacted by managing strategic and operational risks Market (1 ABC) Acquisition (4 ABC) Financing (3 ABC) People (3 ABC) Operational Risks (45 controls) IT (4 ABC) Client & Project (15 ABC ) Reporting (9 ABC) Capacity (2 ABC) Liquidity (2 ABC) Health & Safety (1 ABC) Governance & Compliance (12 ABC) Copyright ARCADIS 2016

8 Why Culture should also be in scope of Internal Audit COSO Public exposure re Integrated Risk Management Mission, vision & core values Strategy & Business Objectives Enhanced Performance Some of interrelated components of enterprise risk management: o Risk Governance & Culture; Board risk oversight, Desired organizational Behaviours, Commitment to Integrity & Ethics o Risk, Strategy and Object setting: Defines Risk Appetite o Risk information, Communication and Reporting: Reports on Risk, Culture & Performance Nederlands Corporate Governance Code Voorstel voor herziening Principe 1.3: Interne audit functie Principe 1.4: Verantwoording over risicobeheersing Principe 2.5: Cultuur Regulators & IIA (Conference 2016) placed culture on the agenda. 8

9 What is Culture? The Way we do things around here Culture eats strategy for breakfast, operational excellence for lunch and everything else for dinner (PWC 2016) 9

10 Approach to auditing culture Corporate values to stimulate desired behaviour and policies and rules to guide this Risk is that rules do not address underlying reasons of behaviour Potential disconnect between corporate values and personal behaviours How to prevent and assess the impact of a disconnect in Arcadis? 10

11 Perspectives and Insights Auditing Culture A Hard Look at the Soft Stuff ( 2015)* Many considerations can be taken into account when auditing culture and tailor to its environment 1. Satisfaction / Opinion Considerations: Employee surveys, 360 feedback, employee and customer complaints 2. Training: Induction programs, frequency, attendance, assessing effectiveness 3. Compliance: Complaints procedures (presence, compliance, protection whistle blower, management response), root cause losses & legal issues, analysis selfassessment vs. reported control weaknesses by Internal Audit, effectiveness and monitoring of corrective actions 4. HR practices, Incentives and Enforcement: Employee turnover, exit interviews, negative media coverage 5. Evidence of Soft Controls: Trust & openness, leadership leading by example, ethical standards, balancing ambition with ability Note: Culture and the Role of Internal Audit: Looking below the Surface, IIA UK

12 Influencing Behaviour - H&S Culture How to create a global H&S culture ensuring everyone comes home to their loved ones unhurt Global H&S system impacts culture and pays off Role Internal Audit Assess effectiveness 2 nd line global function Health & Safety Own on-site observations Integrate H&S experts in audit team Engage in conversations / H&S conferences H&S moment per meeting Certification: ISO 9001, ISO 14001, OHSAS Monthly Executive Board reporting 12

13 Influencing Behaviour Business Principles Arcadis General Business Principles (AGBP) and Specific Anti-Corruption Standards Embedding in induction program Bi-annual & mandatory training Reporting.. all employees of we are responsible.. in accordance with all laws and in a moral and honest manner Role Internal Audit Challenge of Arcadis Leadership Council OpCo audits o AGBP reports could be part of audit planning process o Interview HR regarding results, interpretation and follow up o Assess effectiveness induction program Follow up with Chief Compliance & Privacy Officer 13

14 Measuring Behaviour Employee surveys Your Voice being a global electronic survey, runs every 2 years It covers behaviour related topics Report discussed at Executive Board, region, OpCo, and functional level Region Topic My Job Collaboration My manager Values Etc. A B C Very Poor Poor Moderate Good Very Good Role Internal Audit Challenge of Arcadis Leadership Council OpCo score is part of audit planning process Follow up with HR global / region / OpCo re management progress 14

15 Measuring Behaviour Soft Control surveys 11 OpCo surveys, 8,000 invites (33% coverage) and 4,800 responses (=60 % response rate), with external support RESPONSE PREVENTION Comfort to report misconduct: The degree to which employees call each other to account about unethical behavior within the organization. Enforcement: The degree to which employees are punished for irresponsible conduct and rewarded for responsible behavior. DETECTION BEHAVIOR Transparency: The degree to which employee conduct and the effects thereof are visible within the organization. Openness to discuss dilemmas: The degree to which employees can discuss ethical dilemmas within the organization. Clarity of standards: The degree to which the rules and procedures are accurate, concrete and complete, so employees understand what is expected with regard to ethical conduct within the organization. Role modeling: The degree to which management sets a good example for the organization and their employees. Enabling environment: The degree to which the organization s targets correspond to predetermined values and norms. Support of employees for integrity: The degree to which employees endorse the proper use of corporate assets and the active realization of the interests of the organization and their stakeholders. 15

16 Measuring Behavior Soft Control surveys (cont.) Soft Control survey reporting: Internal / external benchmark opportunities Soft controls 0% xx% xx% xx% xx% xx% xx% xx% xx% xx% xx% 100% Clarity of standards Role modelling Enabling environment Support of employees for integrity Transparency Openness to discuss dilemmas Comfort to report misconduct Enforcement Arcadis 2016 External references Arcadis OpCo 16

17 Assessing Behaviour - Risk Workshops In , 80 Risk Workshops in all regions with in total 1,000 participants, mainly project managers Topics covered are Finance, Operations and Legal related to projects Facilitation by SendSteps and open dialogues Main insights in: o o o o Bottom-up risk perception and awareness Management behaviour and target setting Level of transparency Level of acceptance / culture to accept challenging discussions Follow up on Soft Control surveys and Risk Workshops positively impact client and employee satisfaction and thereby culture Arcadis

18 Internal Audit reporting Reporting Structure per audit 1. Input for Business Consideration The following observations have no direct relationship with key controls embedded in the Arcadis Business Control framework but are shared for consideration by the business. Observations 1.. Various interviewees cited that a culture of potentially. news, personalities and impacting the Recommendations 1. [.]. 2. High & Medium rated observations High Risk or Medium Risk Observations 1. Xx % of the joiners between Jan June 2016 did not complete the on-line AGBP training. No monitoring was present regarding non-completion or non-successful completion Recommendation 1. [ ] Management response 1. [.] Owner 1. [.] Target date 1. [.] Quarterly reporting to Executive Board and Audit & Risk Committee Unstructured reporting One-on-one meetings with members of Executive Board, and senior leadership in regions and global functions Arcadis

19 Lesssons Learned 1. Bring Culture to the Executive Board 2. Arrange Executive Board and senior management support 3. Change is difficult, require endurance but is not impossible 4. Level resources 5. Tools should fit the organization 6. Invest in emphatic interviewing techniques 7. Do not shy away in making subjective judgements 8. Leverage your peer network 9. Do not ignore the power of data analytics 19

20 Arcadis. Improving quality of life. Arcadis 2016