Wells Fargo implemented their Continuous Auditing process in 2001 and since then has continued to develop its program with tangible ROI: “$400,000 in travel expenses reduced annually and 23,500 budgeted hours reduced annually” Recently we had a chat with Erica Ocana-Smith Senior Audit Manager of Wells Fargo and she shared a few nuggets with us on how they changed their culture.
“Continuous auditing starts with a “cultural shift from policing to invisibility. You need to infuse it into business processes”
How is this done?
- Define the organizations security and compliance culture. “Our audit team sat down with the operations and management teams and defined what kind of culture we wanted. We came up with 7 culture statements the most critical one was – We want a culture of risk management and accountability of issues.”
- Get buy in from your entire audit and compliance team.
“This is what we were doing. We understand we were interrupting your work flow so we want to do it better.” The team now feels a part of the decision and has a vested interest in the success. - Show your team how it benefits them and makes their job easier.
“Won’t you rather find this than waiting for the auditor?” - Communication – collaborate with departments across the enterprise including management.
- Ensure ongoing awareness and training.
A cultural shift does not happen overnight, however if your entire organization is on board with continuous compliance or continuous auditing you lay the groundwork for having a secure enterprise.