Auditing Diversity: Progress Together and BDO LLP Explore Socio-Economic Inclusion in Financial Services

Progress Together and BDO LLP welcomed Internal Audit leaders across Progress Together’s Financial Services (FS) membership to discuss the challenges and benefits of auditing Diversity, Equity and Inclusion (DEI) with a deep dive into socio-economic diversity. 

Progress Together member firms shared how they approach DEI-related internal audits, and the Chartered Institute of Internal Auditors launched their latest technical guidance, ‘How to audit DEI’.  

Sophie Hulm, CEO of Progress Together shared an update on Progress Together’s annual data collection exercise. As evidenced in the ‘Shaping the Sector’ report, there has been an average increase in the representation of senior leaders from lower socio-economic backgrounds; from 26% in 2023 to 28% in 2024 for the member firms that have reported data two years in a row. Progress Together members are ahead of the curve in data collection on socio-economic diversity. 

Drivers for embedding socio-economic diversity and broader DEI into audit plans 

Sasha Molodtsov, Partner in BDO’s ESG Financial Services Advisory team, shared insights into how firms were increasingly considering DEI as a non-financial risk, driven by increased regulatory focus (particularly the FCA, PRA and Lloyds of London), industry expectations and public commitments on specific diversity ambitions, as well as increased expectations on FS Boards by the FRC from a corporate governance perspective. 

Recognising D&I as a non-financial risk in its recent Diversity and Inclusion Consultation Paper, the PRA calls out the role of risk, compliance and internal audit functions in contributing to the “firm’s controls around the strategies, helping (firms) measure progress and assess how to improve over time.” The FCA also sees the role of Internal Audit functions to “help boards to ensure a higher degree of scrutiny, with senior management held accountable for delivering on D&I”. This interest is not expected to slow as the PRA and FCA look to publish the final diversity and inclusion (D&I) respective policies in early 2025, raising the bar for the FS industry even higher. 

Practical guidance 

Ann Brook, Head of Technical Content & Research at the Chartered Institute of Internal Auditors, commented on the expectations of the internal audit profession and the challenges teams face when thinking about the audit universe and how D&I and related issues of culture are integrated into the most meaningful way. Is DEI to be delivered as a standalone audit? Or is it reviewed thematically as a component of every single audit? Specific considerations include: 

• The Assurance Approach: It is important to look at DEI more broadly. For example, the Global Internal Audit Standards, standard 9.5 – Coordination and Reliance, encourages Internal Audit teams to look at where else assurance is coming from and to think practically about the combined assurance approach for DEI, to ensure that Internal Audit can place their reliance on the firm’s control framework. This would open up opportunities to engage with second line functions beyond Risk, such as HR. For integrating DEI into audits, it is important to assess the risks and to consider what risks are pervasive to the business. This could dictate whether DEI is integrated into other audits or whether it should be a standalone audit. The Global Internal Audit Standards, standards 11.3 and 14.3 have some focus on finding the root cause of the risk by looking across the business and its embeddedness. If the root cause can’t be found, firms won’t be able to get to the bottom of the problem. This is acknowledged to be a challenging balancing act, given the finite resources that Internal Audit functions have. The Chartered Institute of Internal Auditors’ new technical guidance for DEI discusses this balance and encourages chief audit executives to look at the assurance approach. 

Pitching the Audit Plan: A catalyst for improvement is communicating the audit plan with what the business needs. This factors in a level of understanding of the maturity of the business and the separate business units. There could be benefits to conducting a similar maturity analysis approach for DEI. 

• Eight elements that can help to structure the Assurance Approach: Internal Audit should consistently consider:  

1. Governance 

1. DEI Policy 

1. DEI Objectives 

1. DEI Risk Management 

1. DEI Process 

1. People 

1. Training and Awareness 

1. DEI Monitoring and Reporting.  

These elements help to form a control framework that can be applied to DEI, and the newly published DEI guidance asks some key questions for audit professionals to consider for each element, noted above. The guidance won’t be able to answer all the questions, so the best-practice approach is to be practical and for key audit individuals to be the driver to help their firms on the DEI journey. 

Common themes from the discussion emerged: 

• DEI is on audit plans, but socio-economic diversity (SED) is not always called out: Firms seem to be at different stages of their DEI audit journeys. Questions over how audit teams ensure they are reviewing the ‘right’ risks and conducting DEI audits in the ‘right’ way, recognising context, maturity and proportionality is key. For some, bringing in external consultants to benchmark key focus areas of DEI has helped to progress the agenda and flag key areas to senior management. For others, DEI has been woven into other audits, such as culture audits, to bring DEI to life across the organisation. It seems that most firms have integrated DEI into the audit plan for 2025 in some way, which is a positive step. 

• CEOs and Execs are important stakeholders: As members of Progress Together, the ‘Accountable Executive’ plays a key role in governance, accountability and responsibility at the top, and how DEI and Socio-economic diversity factor into the governance framework that sets the ‘tone from the top’. This will filter into sub-committees, succession plans, reward and remuneration policies linked to DEI ambitions and where relevant, workforce representation targets.  

• Strategic focus and target setting can help integrate DEI and Socio-economic diversity across a business and governance framework: Some key questions to consider include whether the DEI strategy is achievable and is proportionate to the business. A DEI strategy should be accessible and form a part of the overall firm’s strategy, which must filter down and influence policies and procedures. Business units can then draw on these policies, such as HR (recruitment and performance management). The entire Internal Audit function should also know the strategy so that audit teams are aware of the commitments made and can further integrate DEI into the audit cycle. Awareness of specific diversity charters, as well as targets firms set for themselves, can also help audit teams assess whether business activities are supporting the DEI strategy the firm has set. 

• Recruiting talent and future talent: A quarter of the staff working within the Financial Services sector is estimated to leave within the next ten years. So, a key issue arises around talent, succession planning and skills, and where talent will come from in the future. Recruitment strategies should consider DEI and Socio-economic diversity specifically, and  

• for many firms, access to students, apprentices and university talent is a key focus area. Briefing Executive Search firms and conducting due diligence on the recruitment firms’ own DEI policies with regular management information/metrics can ensure diversity ambitions are being supported through the recruitment process.   

• Increasing data collection: Progress Together member firms are seeing a steady rise in data collected on socio-economic background (49% average response rate in 2023 to 58% in 2024). Whilst this is encouraging, there are still challenges with employees being comfortable with disclosing personal data.  Firms approach data collection differently; however, for most, it is voluntary, with either senior management or line managers leading the push. In some cases, a series of small nudges to fill out forms before attending work functions, during the benefits renewal process, or making charity donations has helped to improve engagement. There are also involuntary surveys with the option of ‘prefer not to say’. Ensuring data collection gives executives visibility over non-financial risks relating to talent or groupthink. Progress Together members get support from their data partner, the Bridge Group, and through sharing best practices with peers. 

• Data collection and risk assessment: Data challenges may affect how data can be integrated into the risk assessment. Data can be linked to the risk appetite and the strategy from the Board through metrics, and so data should be able to inform the inherent risk, residual risk, and controls of the risk assessment depending on the business maturity. There are fewer controls for less mature businesses, so the movement from inherent risks to residual risk is small. Data is crucial to the oversight of audit risks. 

Conclusion 

Internal Audit teams play a unique role in advancing the DEI ambitions a firm has set for itself. For Progress Together members, this includes a strong focus on Socio-economic diversity at senior levels. Whilst the Chartered Institute of Internal Auditors guidance on approaching DEI audits will help teams understand how to create meaningful scopes and get the most from an audit, there is still a lot of upskilling and work to be done. Given differing maturity levels, the framework and approach will differ for each firm, but the overarching goal of advancing DEI in FS remains a key priority.