Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Frances McLeod: Yes, you really can (and should) audit culture

In a popular post last month for the FCPA Blog that stirred lots of discussion, Frances McLeod made the case why companies should audit culture change as part of their compliance programs.

Frances, a founding partner of Forensic Risk Alliance, sat with me recently to talk more about the importance of developing an assessment tool to better understand leadership’s values with respect to compliance and ethics.

We also talked about how that assessment tool should be used and by whom.

Frances, pictured above, is a former investment banker. She holds a Master’s degree from Wadham College, Oxford and speaks English, German, French, and Mandarin Chinese.

Here’s our 15-minute discussion.


Richard Bistrong is a contributing editor of the FCPA Blog and CEO of Front-Line Anti-Bribery LLC. In 2010 he pleaded guilty to a conspiracy to violate the FCPA and served fourteen-and-a-half months at a U.S. federal prison camp. He was named to Compliance Week’s list of Top Minds in 2017 and was one of Ethisphere’s 100 Most Influential in Business Ethics in 2015.

His popular real-life compliance training video, Behind the Bribe, produced in cooperation with Mastercard, was released in June.

To request a demo of the full eleven-minute video or a licensing fee schedule, please click here.

Share this post



  1. Richard

    Good stuff. I agree with you and Frances, especially when it comes to what I call the impermeable layer of Middle Management. It distorts messages, if it allows any to move down or up at all.

    Just one thing. What Frances describes is company culture MEASUREMENT. An essential and useful tool, which I have used myself. All she says about its design sounds very familiar.

    However, this is not AUDIT, this is compliance measurement. In the (generally used) model of the 'three lines of defense' of internal controls, this is the second level. Audit is an independent verification that the processes and controls are in place to cover the identified risks and that these are working as intended. Typically, audit will look how the survey design was done; whether the analysis of the data was complete and correct; and whether it was accurately reported to management. Audit will assure management that this was correct and that it can rely on the survey for policy development.

    Sorry to be nit picking, but the term audit ought to be reserved for specific activities.


  2. Frank, well said and thank you. It's measuring, as a tool, first, and auditing thereafter. I think that's the spirit of what Frances is saying, but there is a difference, and thank you for bringing it to our attention.

Comments are closed for this article!