relationships. The human dimensions of internal auditing are covered in three parts:
E
I. The Foundations II. Behavior...
190 downloads
1466 Views
2MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
relationships. The human dimensions of internal auditing are covered in three parts:
E
I. The Foundations II. Behavioral Skills III. Behavioral Dimensions in Practice
A
Integrity and credibility are foundational to the concept of human dimensions of internal auditing. Internal auditors need to have both to carry out their responsibilities and add value to their organizations in terms of reputation, effectiveness, efficiency, and compli-
R
ance with laws, regulations, and procedures. To be credible — or believable — they must be knowledgeable, trustworthy, and ethical in conduct. This project seeks to make an important contribution to the current understanding of interpersonal relations, communications, and other general behavioral “aspects” in the
C
internal audit profession. It is expected to be of significant interest and relevance to practitioners, academics, and students of internal auditing.
H
Order No. 5015 IIA members US $0 Nonmembers US $40
ISBN: 978-0-89413-684-9
H C R
S
important behavioral dimensions of internal auditors and provides insights on human
A
ing: A Practical Guide to Professional Relationships in Internal Auditing highlights many
E
current thinking across the academic disciplines. Behavioral Dimensions of Internal Audit-
S
the current thinking of many internal auditors on this important topic, and then examined
A Practical Guide to Professional Relationships in Internal Auditing
E
E
of this guide conducted an online exploratory survey of internal auditors to explore some of
R
Internal auditing is very much a relationship and communications business. The authors
Behavioral Dimensions of Internal Auditing: A Practical Guide to Professional Relationships in Internal Auditing
R
Behavioral Dimensions of Internal Auditing: A Practical Guide to Professional Relationships in Internal Auditing
Behavioral Dimensions of Internal Auditing:
Mortimer A. Dittenhofer, PhD, CIA, CGFM Sridhar Ramamoorti, PhD, CIA, CPA, CFE Douglas E. Ziegenfuss, PhD, CIA, CPA, CFE R. Luke Evans, MA
10198
10198 RF-Behavioral Dimensions of IA BkCvr.indd 1
5/25/10 10:05 AM
Disclosure Copyright © 2010 by The Institute of Internal Auditors Research Foundation (IIARF), 247 Maitland Avenue, Altamonte Springs, Florida 32701-4201. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means — electronic, mechanical, photocopying, recording, or otherwise — without prior written permission of the publisher. The IIARF publishes this document for informational and educational purposes. This document is intended to provide information, but is not a substitute for legal or accounting advice. The IIARF does not provide such advice and makes no warranty as to any legal or accounting results through its publication of this document. When legal or accounting issues arise, professional assistance should be sought and retained. The Institute of Internal Auditors’ (IIA’s) International Professional Practices Framework (IPPF) comprises the full range of existing and developing practice guidance for the profession. The IPPF provides guidance to internal auditors globally and paves the way to world-class internal auditing. The mission of The IIARF is to expand knowledge and understanding of internal auditing by providing relevant research and educational products to advance the profession globally. The IIA and The IIARF work in partnership with researchers from around the globe who conduct valuable studies on critical issues affecting today’s business world. Much of the content presented in their final reports is a result of IIARF-funded research and prepared as a service to The Foundation and the internal audit profession. Expressed opinions, interpretations, or points of view represent a consensus of the researchers and do not necessarily reflect or represent the official position or policies of The IIA or The IIARF. ISBN 978-0-89413-684-9 05/10 First Printing
In Memory of Lawrence B. Sawyer 1911–2002 Pioneer and “Father of Modern Internal Auditing”
CONTENTS
About the Authors............................................................................................................................vii Acknowledgments..............................................................................................................................xi Foreword.........................................................................................................................................xiii Introduction . .....................................................................................................................................1 Part I: The Foundations.......................................................................................................................3 Chapter 1: Behavioral Foundations of Internal Auditing............................................................5 Chapter 2: Behavioral Competencies Underlying Essential Attributes......................................17 Chapter 3: Social Behavioral Relationships in Internal Auditing..............................................31 Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships....................39 Part II: Behavioral Skills...................................................................................................................55 Chapter 5: Communications.....................................................................................................57 Chapter 6: Negotiation.............................................................................................................67 Part III: Behavioral Dimensions in Practice.......................................................................................75 Chapter 7: Behavioral Aspects of Field Operations..................................................................77 Chapter 8: Behavioral Aspects of Forensic Auditing.................................................................91 The IIA Research Foundation Sponsor Recognition....................................................................... 101 The IIA Research Foundation Board of Trustees........................................................................... 101 The IIA Research Foundation Board of Research and Education Advisors................................... 102
v
ABOUT THE AUTHORS
Mortimer A. Dittenhofer, PhD, CIA, CGFM, is an Emeritus Professor of Accounting at Florida International University, Miami, Florida. Before retiring, he was the director of the School of Accounting at Florida International University and a research fellow of The Institute of Internal Auditors (IIA). He earned a B.A. in economics from Macalester College, St. Paul, Minnesota, MBA from Northwestern University, and PhD in business administration from American University in Washington, D.C. Dittenhofer also taught at American University, Georgetown University, George Washington University, Catholic University, and DePaul University in Chicago. He practiced internal auditing at the former Atomic Energy Commission, National Aeronautics and Space Administration (NASA), the Department of Health, Education, and Welfare, and the General Accounting Office (GAO). At the GAO, he chaired the work group that developed the first edition of the world-renowned Government Audit Standards (the Yellow Book). He was a two-term member of the committee that developed The IIA’s International Standards for the Professional Practice of Internal Auditing. He is well known for shepherding the publication of the IIA-sponsored textbook, Sawyer’s Internal Auditing, 5th Edition, published in 2003. He also edited a two-volume annual government auditing and accounting update reference series and is co-editor of The IIA’s three case study collections on ethics. Dittenhofer received The IIA’s prestigious Bradford Cadmus Memorial Award in 1985, the Leon R. Radde Distinguished Educator of the Year Award in 1989, and was the second recipient of The IIA’s Lifetime Achievement Award in 2002. Sridhar (“Sri”) Ramamoorti, PhD, CIA, CPA, CFE, is an associate professor of accountancy in the Coles College of Business at Kennesaw State University in Kennesaw, Georgia. He has more than 25 years of experience spanning academia, consulting, auditing, and forensic accounting. Possessing a unique, academic-practitioner background, he is a consultant with Infogix, Inc., a software-based information controls company, and a vice-president and managing director with YCN Consulting, LLC, a professional services provider for governance, risk, and compliance (GRC), as well as internal audit, risk advisory, and forensic accounting services. A prolific author and contributor to standard-setting efforts in internal controls, Ramamoorti is an author of the 2009 COSO Guidance on Monitoring Internal Control Systems (see www.coso.org) and the 2010 ISACA exposure draft on Monitoring Internal Control Systems and IT (see www.isaca.org). He is a co-author of Internal Auditing: Assurance and Consulting Services (2nd edition, 2009), a textbook published by The IIA, that has been translated into Spanish and Japanese, and professional guidance for practitioners such as Sarbanes-Oxley Section 404 for Small, Publicly-Held Companies (CCH/Wolters Kluwer, 2009) and The Audit Committee Handbook (5th edition, John Wiley, 2010). Until recently, Ramamoorti was a partner in the National Corporate Governance Group of Grant Thornton LLP in Chicago. He led the firm’s thought leadership initiatives in corporate governance and accountability, assisting with global client pursuits, delivering board and audit committee
vii
Behavioral Dimensions of Internal Auditing
briefings, promoting university faculty relations, and mentoring younger professionals. Before joining Grant Thornton, Ramamoorti worked at Ernst & Young (EY) in the Fraud Investigation and Dispute Services (FIDS) practice. He was in-house EY faculty for fraud awareness training of more than 1,000 EY partners and principals nationally. He spearheaded the development of an EY proprietary litigation risk management simulation model that attained “patent pending” status with the U.S. Patent Office. Subsequently, he was also the Sarbanes-Oxley advisor for the EY National Advisory Practices in North America. Earlier in his career, he was a principal in the Professional Standards Group of Arthur Andersen, where he consulted on generally accepted auditing standards, represented the firm on the AICPA Financial Instruments Task Force that produced SAS 92: Auditing Derivatives, Hedging Activities, and Investments in Securities and an accompanying AICPA guide, and was a key liaison for the multimillion-dollar Andersen-MIT research collaboration. He earned a bachelor of commerce degree from Bombay University, India, and holds MAcc. and PhD (quantitative psychology) degrees from The Ohio State University in Columbus, Ohio. After completing his PhD, he was on the accountancy faculty at the University of Illinois at UrbanaChampaign for a few years. He has published extensively in research and professional journals such as Management Science, European Management Journal, Research in Accounting Ethics, International Journal of Accounting, Issues in Accounting Education, Journal of Information Systems, Internal Auditor, and Financial Executive. He co-authored Using Neural Networks for Risk Assessment in Internal Auditing (1998) and co-edited Research Opportunities in Internal Auditing (2003), both published by The Institute of Internal Auditors Research Foundation (IIARF). He has many teaching and research awards. Ramamoorti was originally trained as a chartered accountant from India, and holds numerous U.S. professional certifications (viz., CIA, CPA/CITP/CFF, CFE, CFFA, CFSA, CGAP, CGFM, CICA, CRP, FCPA). Active in the profession, he is on the Board of Directors of Ascend, Institute for Business and Professional Ethics (IBPE), Information Integrity Coalition (IIC), and the Board of Governors of The IIA’s Chicago Chapter. He serves as vice-president (Practice) of two sections of the American Accounting Association and is a member of The IIA’s Global Ethics Committee. Currently co-chairman of The IIA’s Global 2010 Common Body of Knowledge (CBOK) study, he is a past chairman of the Academy for Government Accountability (2005–2008) and a past member of the Board of Trustees of The IIARF (2002–2008). He has made presentations in the United States, Brazil, Canada, France, India, Japan, the Netherlands, Qatar, South Africa, Spain, Turkey, and the United Arab Emirates. Douglas E. Ziegenfuss, PhD, CIA, CPA, is professor and chair of the Accounting Department at Old Dominion University in Norfolk, Virginia, where he teaches courses in auditing and coordinates the Internal Auditing Enforced Program. He holds a B.A. in philosophy/history from Mount Saint Mary’s College (magna cum laude), an M.S. in accounting from American University, and a PhD in accounting from Virginia Commonwealth University, along with numerous professional certifications. His expertise includes operational, fraud, and information technology auditing, as well as corporate governance and professional ethics. He has authored or co-authored three books and 25 articles on audit-related subjects. He regularly presents programs on audit management, fraud, and quality management issues in numerous locations across the U.S. as well as internationally in Hong Kong,
viii
About the Authors
Mexico City, Paris, Toronto, and Australia. He has eight years of auditing experience in the public utility and waste management industries. Ziegenfuss received The IIA’s prestigious Leon R. Radde Distinguished Educator of the Year Award in 1996. The Virginia Society of Certified Public Accountants recognized him as their “Outstanding Accounting Educator” in 1997, and the Association of Government Accountants also recognized him in 2000 as one of the most influential chapter members during its first 50 years for starting a student chapter. From 2005 to 2009, Virginia Business designated Ziegenfuss a “Super CPA” educator. His service to the auditing profession includes national board membership on The IIA’s Board of Research and Education Advisors and as a trustee and secretary of The IIARF. Before that he served as vice chair of The IIA’s Academic Relations Committee. Ziegenfuss has served on the board of The IIA’s Tidewater Chapter and is a former chapter president. He also chaired the 1997 IIA Mid-Atlantic Conference. R. Luke Evans, MA, provides project coordination services for not-for-profit organizations as an independent professional living in the Boston, Massachusetts area. He holds a B.B.A. in accounting from the University of Toledo and an M.A. in educational policy and leadership (focused on business administration curricula) at The Ohio State University. Upon earning his bachelor’s degree, Evans served on the audit staff at Price Waterhouse & Co. and later developed a public accounting practice serving small business clientele. Eventually he expanded his experience into commercial credit analysis and lending at the Huntington National Bank and BancOhio National Bank in their small business divisions. Following several years in business, he entered graduate school at The Ohio State University to study the teaching of ethics in business administration curricula, earning his master’s degree. He continued with doctoral study into the contemporary moral and political philosophies that underlie curriculum practices in higher education, satisfying his coursework and comprehensive exam requirements. He then entered higher education administration at Ohio State, after which he returned to post-graduate study to pursue human resource development at the University of Illinois, Urbana-Champaign. While at Illinois, he collaborated with Sridhar Ramamoorti on a paper titled “Strategies for Effective Learning: Insights of Research and Scholarship in Business Education,” which was presented at DePaul University.
ix
acknowledgments
We would like to thank the anonymous reviewers of the Board of Education and Research Advisors (BREA) who undertook the review of this monograph in their spare time, along with the staff of The Institute of Internal Auditors Research Foundation (IIARF) for their patient understanding of the vagaries associated with author life events over the course of the project. In addition, we would also like to express our appreciation and thanks to many outside individuals who graciously and voluntarily provided feedback on various drafts of this monograph: Andrew Bailey, Usha Balakrishnan, Gregory Capin, Daniel Gaffney, Marjorie Maguire-Krupp, Denis Posten, Mohammed Siddiqui, Warren Stippich, Roxanne Torak, and Richard Whitehead.
xi
FOREWORD
As an integral part of a complex web of relationships within an organization, contemporary internal auditing involves significant social interaction between auditee and client. Auditor/auditee/client interactions occur in organizational settings through both face-to-face and written communication. Indeed, internal auditing is very much a relationship and communications business. This guide highlights many important behavioral dimensions in internal auditing and provides insights on human relationships. The nature, scope, and extent of auditor/auditee/client interactions lie at the very core of internal audit assurance and consulting activities. Most internal audit practitioners would agree that mastering interpersonal and communication skills, often called “soft skills,” is important. Soft skills typically include the ability to share information, make persuasive arguments, negotiate agreements, and demonstrate passion for change, while simultaneously understanding different roles and responsibilities, empathizing with others, acting with integrity, and relating well with others from all levels of the organization. To employ all these skills effectively in everyday situations, internal auditors need to possess high degrees of emotional and social intelligence. Social and behavioral disciplines such as psychology, social psychology, sociology, and cultural anthropology seek to provide understanding and insight on the nature of such “soft skill” interactions among people in various social and cultural settings.1 For a few decades now, the behavioral dimensions of internal auditing have received little systematic exploration in the professional and academic literature.2 Given that behavioral considerations carry so much importance in the day-to-day practice of internal auditing, the authors conducted an online exploratory survey of internal auditors to explore some of the current thinking of many internal auditors on how they perceive the social and behavioral disciplines as informing the practice of internal auditing. Anyone harboring doubts about the importance of this subject to internal auditing should consult Summary of the Common Body of Knowledge 2006 (CBOK 2006) by The Institute of Internal Auditors Research Foundation (IIARF) and read the section on internal auditor skills.3 It identifies a list of critical behavioral skill sets relevant to the audit staff, senior supervisors, and audit managers. The authors of CBOK 2006 state, “Practitioners consider almost all of the behavioral skills listed to be important to [the performance of] their work at their current position….” In the spirit of The IIARF’s 2003 Research Opportunities in Internal Auditing (ROIA),4 this project on the behavioral dimensions of internal auditors also seeks to make an important contribution to the current understanding of interpersonal relations, communications, and other general behavioral “aspects” in the internal audit profession. It is expected to be of significant interest and relevance to practitioners, academics, and students of internal auditing.
xiii
Behavioral Dimensions of Internal Auditing
References Sridhar Ramamoorti, “Internal Auditing: History, Evolution, and Prospects,” in Andrew D. Bailey, A.A. Gramling, and Sridhar Ramamoorti (eds.), Research Opportunities in Internal Auditing (ROIA) (Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 2003).
1
See Victor Brink, 1965; Frederic E. Mints, 1972 and 1981; and Robert K. Mautz and others, 1984 for earlier treatments of this general topic.
2
Priscilla A. Burnaby, Mohammad J. Abdolmohammadi, and Susan S. Hass, A Global Summary of the Common Body of Knowledge, 2006 (Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 2007), 34–35.
3
Andrew D. Bailey, A. A. Gramling, and Sridhar Ramamoorti (eds.), Research Opportunities in Internal Auditing (ROIA) (Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 2003). Available online from www.theiia.org. 4
xiv
INTRODUCTION
Integrity and credibility are foundational to the concept of behavioral dimensions of internal auditing. Internal auditors need to have both to carry out their responsibilities and add value to their organizations in terms of reputation, effectiveness, efficiency, and compliance with laws, regulations, policies and procedures. To be credible — or believable — they must be knowledgeable, trustworthy, and ethical in conduct. They must adopt a fundamentally right way to behave based on their individual set of personal values. The concepts of ethical behavior govern the procedures conducted during an audit, including professional competence, appropriate amount of fieldwork, objective consideration of the information disclosed, fairness and impartiality of the conclusions reached, and truthfulness of reporting. Ethics is an underlying driving force that governs the entire audit process. The audit results help determine the integrity and credibility of the internal auditors. Collective ethical behavior works in the best interests of the entire organization and its stakeholders. Throughout the audit process, internal auditors are responsible for being technologically current, using the most sophisticated and appropriate methods available, and reporting fairly and honestly. They also are obligated to perform in the best manner possible — with empathy for the client’s thoughts and feelings. Today’s internal auditors encounter a diversity of ethical concepts due to globalization and the many cultures represented by more than 160 countries in which The Institute of Internal Auditors (IIA) has practicing members.1 Despite this diversity, the following three general spheres might be useful for understanding the ethical complexities of behavior in human relationships: • • •
Personal — Ethics of Love and Friendship: Morality2 Private/Professional/Fiduciary — Ethics of Duty and Responsibility: Propriety of Office or Position3 Public — Civic Ethics (and Honor): Loyalty to State (Adherence to Codes of Conduct)4
In all three spheres, ethics have separate historical and cultural origins interwoven together in complex ways,5 especially considering the global economy. Beginning with the personal, each ethical sphere seems to build upon the other. Organizations are morally and legally bound to protect the best interests of their investors, the employees who run the day-to-day operations, and the customers who rely upon the quality of goods or services. The IIA’s Code of Ethics guides internal auditors in their efforts to support the effectiveness of an entity’s risk management, control, and corporate governance activities through four basic principles: (1) integrity, (2) objectivity (along with organizational independence), (3) confidentiality, and (4) competency.
1
Behavioral Dimensions of Internal Auditing
The principles of the Code of Ethics fall within the private/professional/fiduciary sphere of ethics of duty and responsibility, or the propriety of office or position. When internal auditors practice these basic principles, the Code of Ethics is more likely to be realized in the public sphere. Against this backdrop, the behavioral dimensions of internal auditing are covered in three parts: I. The Foundations II. Behavioral Skills III. Behavioral Dimensions in Practice Part I focuses on the foundations, which include behavioral foundations of internal auditing (Chapter 1), behavioral competencies underlying essential attributes (Chapter 2), social behavioral relationships in internal auditing (Chapter 3), and behavioral factors influencing internal auditor/client relationships (Chapter 4). Part II discusses specific behavioral skills that internal auditors typically use to actualize the points discussed in Part I — communication (Chapter 5) and negotiation (Chapter 6). In Part III, behavioral dimensions in practice are discussed in the context of field operations (Chapter 7) and forensic auditing (Chapter 8).
References Common Body of Knowledge (Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 2006).
1
Harry Redner, Ethical Life: The Past and Present of Ethical Cultures (Lanham, MD: Rowman & Littlefield, 2001), 49–68. Adapted. 2
Ibid, 85–103. Adapted. A fiduciary is someone who has undertaken to act for and on behalf of another in a particular matter in circumstances that give rise to a relationship of trust and confidence. Thus, a fiduciary duty is a legal or ethical relationship of confidence or trust between two or more parties. (See Bristol & West Building Society v Mothew [1998] Ch. 1 at 18 per Lord Millett.)
3
Ibid, 67–85, 103–126. Adapted.
4
Ibid, 137.
5
2
PART I __________________________________________________ THE FOUNDATIONS
3
CHAPTER 1
BEHAVIORAL FOUNDATIONS OF INTERNAL AUDITING For decades, conventional wisdom regarded the process of internal auditing as an unpleasant necessity. Adversarial relationships between the auditor and auditee1 were the norm, and the participants tended to accept it and make do with the resulting discomfort, fear, stress, and angst. Toward the latter half of the 20th century, however, some internal auditors with backgrounds in areas other than purely financial auditing believed this adversarial relationship need not always be a given. They saw that service juxtapositions present in other financial situations often created positive relationships between parties. They realized that if relationships could be modified to include service and contribution objectives, the adversarial aspect could be alleviated. These internal auditors realized that maintaining independence2 was paramount to the integrity of the audit process; without it, the audit would amount to nothing more than a study. But they believed that with the proper attitude of objectivity and impartiality, integrity could be maintained even in a cordial atmosphere. They recognized that they had an ethical responsibility to add value to their organization, its shareholders, and to society, but also believed that this responsibility extended to the auditee (or client of a consulting engagement) as well. Some internal auditors, especially those who had not been exposed to the strict inflexible dogma of existing auditing mantra, saw opportunities to experiment with behavioral approaches. They began to suggest to auditees that the internal audit process might be useful in helping to resolve problems that were confounding them and their organizations. Many of these early experiments were successful and resulted in surprised but satisfied auditees. Word spread on both sides. Auditees became more accepting and less concerned with the concept of the audit. Internal auditors were more comfortable with the improved candor, reactions, and acceptance of the auditees. Internal audit executives were impressed and envisioned further improvements in auditor/auditee relations and productivity. Some of the internal audit literature began to include behavioral content, and more lectures and professional papers devoted more attention to the approach. The transition, at least in this experimental and discussion stage, seemed to feed on itself and grow. Some practitioners with backgrounds in social and behavior disciplines became eager to apply some of the appropriate aspects to the mundane world of internal auditing. Hovering over these evolutionary concepts, however, was the constant concern of fraud and malfeasance (not to mention misfeasance and nonfeasance) and the possibility that this new approach might dull the internal auditors’ perceptions, making them less alert to inappropriate behavior.
5
Behavioral Dimensions of Internal Auditing
Behavioral Roles of the Internal Auditor Internal auditors play many roles in the performance of the internal audit activity. These roles are not always clear-cut to internal auditors, auditees/clients, or management. For instance, these roles are: • • • • •
Prescribed by management or the audit committee of the board of directors. Envisioned by internal auditors based on prior experience, education, current thinking, and judgment. Performed by internal auditors resulting from environmental factors and current conditions experienced during the audit process. Contemplated by the client based on the client’s previous audit experience and current thinking of operational functions and management. Experienced by the client during the audit and may vary from the activities that the client had expected, being better or worse than that contemplated.
Internal auditors should be aware of the complexity and impact of role performance. They should be empathetic as to possible confusion and even antipathy in the mind of the client regarding performance. And they should, when possible, explain apparent divergence from the usual expectations. Of course, where evidence of malfeasance appears, the role changes to one of a more forensic/adversarial approach where more sophisticated explanations to the client would be necessary and appropriate. Spencer Pickett identifies a series of uniquely different behavioral roles that he believes internal auditors should perform:3 •
• •
•
•
Public Relations: Convincing the client that the internal audit process can be a helpful process and that the auditor hopes to contribute to the success of the client’s operation. Even in cases when the client is antagonistic, the internal auditor should try to identify areas where the client and the auditor have common objectives and where the auditor can help. Marketing: The auditor tries to identify the client’s needs and then sells the client on how the audit can respond to these needs. Change Management: Providing recommendations for change is basic to the internal auditor and is one of the basic objectives of internal auditing (i.e., the enhancement of the efficiency, effectiveness, and compliance aspects of client operations). Crisis Management: The internal auditor has universally been considered a perpetual designee for unique problems that arise. The internal auditor’s general experience makes him or her a clear candidate for such special projects and damage control jobs. However, care must be exercised that this urgent task does not overpower the basic objective of internal auditing. Obstructive Management: This role sets the internal auditor in a position to remove obstructive management approaches and to align them with the organization’s basic objectives.
The Management View During the audit, internal auditors should take a managerial approach to problems.4 They should downplay insignificant findings, search for the causes of significant ones, and work with operating managers to correct controls and other weaknesses. Internal auditors should keep in mind that operation personnel usually have a pretty good idea of what is going on. No matter what ideas the auditors
6
Chapter 1: Behavioral Foundations of Internal Auditing
may have about improvements, chances are good that operations personnel have already considered them. Relations are improved immeasurably when internal auditors consider these ideas, filter them through their own experiences, modify them if necessary, and then present them to management as the result of a team effort between the client and auditor. In cases where the client identifies issues during the audit, it must be made clear from a behavioral perspective that the impetus for the audit work and implementation of recommendations came from the client, the identification of the issue was client-oriented, and the internal auditor served the client by helping to resolve the issues. The language should be clear so there is no audit superiority, hubris, or condescension. The client should be given credit where deserved. During the reporting phase, for behavioral reasons, no finding should be formally reported that has not been thoroughly discussed beforehand with client operating management. Weaknesses should not be overstated. Nitpicking should not appear as findings in the formal audit report. Again, credit for outstanding achievements by the client should be given a prominent place in the report. When a client disagrees with the auditor’s comments, the client should be given the opportunity to present his or her side of the discussion for two reasons: to present the opposing viewpoint, and to give management enough information to make a decision about which way to proceed. This general approach can go a long way toward promoting positive relationships and outcomes with the client.
A New Way of Thinking A new way of thinking about management has evolved: a migration from “command and control” to “learning.” Rod Collins, who has described this migration, writes: In today’s business, formal controls, such as policies, procedures, written authorizations, organization charts, and chain of command practices are less valuable and effective than informal controls, which include intangible attributes such as ethics and values, corporate culture, trust, teamwork, open communication, and professionalism.5 Collins goes on to illustrate this migration in internal auditing by comparing the traditional command and control audit approach with the newer control self-assessment (CSA) learning approach. Not surprisingly, the congruence of soft controls requires supporting soft skills such as interpersonal communications. CSA has received much attention and is being practiced in many organizations. The Institute of Internal Auditors (IIA) recognizes its importance and now sponsors the Certification in Control SelfAssessment (CCSA) designation. It is a method based on group assessments of (1) areas where there are control deficiencies; (2) the root causes of the deficiencies; (3) the changes in the operation that will resolve the deficiencies; and (4) a follow-up review to determine whether the deficiencies have been cured. This method, developed initially in Canada by Bruce McCuaig with Paul Makosz at Gulf Canada Resources,6 has permeated the entire global arena of internal auditing. The method produces groups of employees, well diversified horizontally and vertically, who, based on their experience and control skills, identify areas where control is absent or faulty and develop corrective procedures. One
7
Behavioral Dimensions of Internal Auditing
of the interesting facets of the method is the thesis that the original control concepts themselves may be faulty and can be improved. Collins further explains the contrast between the traditional audit approach and CSA as: Traditional auditing relies on a judgment model, where auditors perform transaction analysis based primarily on the examination of records and one-on-one interviews with key players involved in the function under review…. They advance their own understanding so that they can identify problems, formulate findings, and recommend corrections for deficiencies in their audit reports…. Conversely CSA employs a group-learning model. Auditors guide participants through process analysis. The knowledge of the individuals and various group exercises enhances each participant’s understanding of the whole process under review.7 Collins then says that the internal auditor will be more of a “facilitator of change” than an “overseer” and become an “educator” using “learning models that advance employees’ capacities for self-control and contribute to the development of the organization’s shared vision.” This will “focus on effective informal controls through a team learning process.” He concludes by saying that this new approach “will be organized around the corporate skills and processes necessary to maintain integrity in the midst of constant change.” Also, CSA encourages business process risk owners to take interest and responsibility and encourages participative decision-making in risk and control mapping exercises. The transition in approaches from traditional internal auditing to CSA is a substantive change and involves a basic psychological shift for internal auditors.
Objectivity Independence in internal auditing comprises two basic factors: organizational placement and objectivity. The former is reasonably easy to establish because special position can be set by arrangement within the formal organizational structure (see Chapter 3). However, objectivity is a different matter. Objectivity is a state of mind; an individual’s behavior that is subject to many pressures, both internal and external, that can have varying influence on the internal auditor’s personality and reaction to different situations. Bias, of course, is a serious threat to objectivity. The adverse effect of bias has been identified in the Generally Accepted Government Auditing Standards (GAGAS) set by the U.S. General Accounting Office (now the U.S. Government Accountability Office) in 19728 and also by the internal auditing standards issued originally by The Institute of Internal Auditors in 1978. Both sets of standards have since been modified to make them more precise; however, the section on bias is still an important element of each. Bias comes into play through psychological feelings of the individual, such as: • • • • • 8
Reactions to gender — perceived opinions as to competence, or acceptance. Reactions to ethnic origins — as to competence, or as to acceptance. Reactions to physical characteristics — appearance, dress, stature, speech. Reactions to economic aspects of the client — impressions, awe, dependence. Family relationships — nepotism; limited consideration of issues.
Chapter 1: Behavioral Foundations of Internal Auditing
• •
Former personal involvement in the issue — participation, managing, auditing. Self-serving or unconscious bias — where internal auditing will benefit.
On the other hand, there can be outside social pressures that also could result in biased reactions. These pressures can be classified as those: • • • • •
Impacting the internal auditors’ observed professional performance. Impacting the internal auditors’ anticipated economic condition. Relating to the internal auditors’ perceived professionalism by others. Impacting client/auditor relationships with attribution to the internal auditors. Creating possibility of job loss (e.g., replaced by outsourcing providers).
Bazerman et al.9 state that it is psychologically impossible for an (internal auditor) to be independent and objective because of pressures caused by senior management’s power to “hire and fire auditors at will.” When the internal auditor is hired by and reports to the audit committee of the board of directors, this psychological barrier is somewhat neutralized. Also, in some cases there may be an antagonistic relationship between the internal auditor and the client that can be a threat to objectivity (especially in a situation when the client is in an important and essential position).
Professional Skepticism Professional skepticism is an essential element of the internal auditor’s package of skills and an ingredient that must be continually developed and “listened to.”10 Often one hears about the auditor’s sixth sense or gut instinct. Internal auditors practice a skeptical approach that hovers over the entire audit process and that some pundits label the “smell test.” “Something smells bad here, let’s look further into it.” Sometimes the further investigation is productive, sometimes not. However, it should be an essential element of the audit process. How is this sixth sense developed? Of what does it consist? How should it be used? The explanation is logical but not so simple. It is an approach that most of us have to a varying degree as a matter of self-preservation. All one has to do is shift the objective from personal safety to an objective evaluation of what will be encountered in the internal audit work. The internal audit process is based on the collection of information. We usually think of information as an accumulation of data taken from records, business papers, reports, etc. However, information for internal auditors is a far broader concept. It also includes: • • • •
The result of observations such as the condition of assets: cash, buildings, inventories, and so on. Management’s verbal and written assertions as to the current condition of the organization, including financial aspects. Any other items on the auditor’s sensory “equipment” that can be converted into relevant information concerning the object that is the subject of the audit. The auditor’s anticipation as to what the future holds for the client’s operation based on known or suspected information and filtered through his/her experience or past observation, or informed knowledge.
9
Behavioral Dimensions of Internal Auditing
The sum of these inputs creates patterns that, in the mind of the internal auditor, have some significance. Based on the auditor’s experience and intellectual inventory, the patterns are converted into potential specific situations or pictures that must be interpreted as normal, good, bad, potentially dangerous, etc. It is this process that can become the substance of stimulation for a skeptical state of mind. The degree of skepticism becomes the determinant as to the action that the internal auditor will or should take. However, recorded data also can be converted to information as it is processed through our conscious and psychological systems. It can be converted into mental models that can be interpreted and evaluated as to meaning and significance.11
The Professional Evaluation Process What actually happens, frequently as a subconscious process, is the internal auditor’s evaluation as to the credibility of what he or she is observing. This process can be a six-part activity, though it may take place as a single or closely related series of steps. The elements are:12 1. The purpose or goal of the evaluation — should we accept the results, the statement, projections, the cause, or the reasons? 2. The establishment of a series of norms. In his experience, what has the internal auditor seen like this? What were the outcomes of those experiences? 3. What will be the results of accepting the projected actions, procedures, or products? 4. How does this compare with one’s previous experience? Is there a pattern here and how does that pattern relate to those that have been seen before? 5. What is one’s opinion or judgment based on the above? Are the differences material? Are there any ameliorating aspects? Based on prior experiences, observed situations, aspects, etc., what are one’s projections, opinions, or judgments? 6. If there are differences, should one report them? If so, how should one report them and to whom? The results of the above may be a feeling of uneasiness that prompts some kind of action. If so, the internal auditor has several options: 1. Report the situation with the reasons for questioning. 2. Expand the examination using past criteria or norms as guides for further work. 3. Point out to the client the situation and the reason for questioning it and ask for further explanation. 4. Accept the situation and live with it on the basis of lack of materiality.
10
Chapter 1: Behavioral Foundations of Internal Auditing
We want to make a point about the norms in option 2. This criterion could be the result of: • • •
An identical or similar situation in the internal auditor’s past experience with a different result. A logical comparison in the internal auditor’s mental processes where the results were other than that projected by the client’s current processes. A logical comparison of the elements of the situation where the projected results are different from those in the client’s projection.
The unique aspects of the above norms are that the mental process is not only cognitive but also an affective activity, a sensitivity or feeling that something is amiss. Some would call it an “intuitive process” that may include “somatic markers” and emotional drivers.13
Source Credibility Internal auditing functions on a foundation of information — good and bad. There could be several sources of information that may appear to be good; nevertheless, it is important for internal auditors to establish their credibility. Information can come from the following behavioral and auditing methods:14 • • • • •
Interviews Observation Documentation review Results of analysis Rationalization and cognitive processes of the auditor
Undoubtedly there are others; however, there are several points relative to each of the above that internal auditors should keep in mind and evaluate when using these methods. •
•
Interviews o Does the source actually appear to be knowledgeable about the accuracy of the information? o Does the source gain any advantage in providing false information? o Does the source actually understand your request? o Are there pressures on the sources to provide false information? o Can the auditor observe subliminal physical reactions that indicate the information may be false? o Can a good understanding of proxemics (body language subtext and other nonverbal behaviors) assist? o Can cross-questioning provide responses that conflict? Observation o Is the auditor viewing the entire range of the subject matter? o Is the auditor knowledgeable as to what is being observed? o Could there be quantity and quality differences of which the auditor is unaware? o Is there evidence of adequate control, if control is an issue?
11
Behavioral Dimensions of Internal Auditing
•
•
•
Documentation Review o If documents are from outside sources, are they original and can their contents be independently verified? o If data outputs are from computer systems, are these electronic systems tested for validity and reliability under a system of sound internal controls? o If visual outputs are from photographic systems, are these systems credible and dependable under a system of sound internal controls? Results of Analysis o Are the analytical methods appropriate for the intended result? o Are the analytical methods accurate? Auditor’s Own Rationalization and Cognitive Processes o Is the auditor being objective in the interpretation of the information? o Is the auditor aware of his or her own emotions or non-rational self ? o Is the auditor aware of any tendencies to interpret information using false rationalization or irrational thinking?
The final method is especially important from the perspective of psychology — the importance of “knowing thyself ” (often called “self-insight” in behavioral literature).15 The auditor’s willingness to ask these questions in his or her mind as a guide while engaged in these methods is essential toward bringing credibility to the audit process.
“Why Good Accountants Do Bad Audits” M. H. Bazerman et al.’s seminal article, “Why Good Accountants Do Bad Audits,”16 describes a series of situations, with behavioral aspects that clouded the auditors’ minds and caused problems or at least confused their approach to the performance of the audit. The article identified these situations as “Roots of Bias.” The article identifies this “bias” as “self-serving human behavior.” It is a basic theory that we all have self-interest, a desire for achievement and success. We also see ourselves as knowledgeable in our own areas of interest, and we tend to interpret our former associations — physical, mental, theoretical, and environmental — as contributing to this pre-conceived status. Thus, we tend to interpret what we see and experience as contributing to this pattern of selfinterest. It becomes a foundation piece of reinforcing our own observation of our ability to observe, analyze, and identify situations; however, the analysis is tainted with the feelings of personal achievement and self-satisfaction.17 An important second aspect of the “Roots of Bias” is the “discounting of facts that contradict our conclusions.” This aspect is related to our arriving at conclusions as to the causes and effects of observed activities of the client and then trying to support these conclusions, rather than trying to evaluate the conclusions by searching for the minuses as well as the pluses. It could be related to lazy thinking; but in reality it is a conviction that our first conclusion is best and correct — and we are loath to destroy that analysis. The third element relating to bias is the “embracing of facts supporting our own viewpoints.” This aspect is somewhat like the above item; however, it is really a matter of interpretation. We start with
12
Chapter 1: Behavioral Foundations of Internal Auditing
an analytical approach with an unconscious foundation of what we expect to find — based on our predetermined viewpoint — possibly based on previous experience or knowledge. From then on we tend to interpret what we find as support for this conclusion. We also tend to discredit opposition as minor or unsupportable. The article also mentioned three aspects that “amplify unconscious bias” as: •
•
•
Familiarity — that auditors are less willing to find discrediting information on individuals or (functions or) organizations that they know well. (parenthesis added) This bias should preclude the auditors from auditing an organization of which they were a part, or auditing a manager under whom they served. Discounting — the fact that “immediate consequences tend to receive more emphasis than delayed outcomes, particularly when the delayed outcomes are uncertain.” This could be tied to a matter of self-preservation, as the delayed outcome may never come about. Escalation — “minor indiscretions and errors created by unconscious bias may evolve into conscious corruption.”
Another more complex form of bias of which internal auditors need to be aware is the possible presence of in-group bias or, as it is more commonly known, “groupthink” bias. Irving Janis, who has studied this extensively, defines this as: “A mode of thinking that people engage in when they are deeply involved in a cohesive in-group, when the members’ strivings for unanimity override their motivation to realistically appraise alternative courses of action.18 Essentially this type of bias includes the individual biases described earlier; however, these biases can manifest themselves collectively among the group’s members within its norms, especially when its members share similar social and cultural backgrounds. In addition, when situations create tensions in the group, junior members might become reluctant to raise controversial points they believe need to be raised for fear of looking inexperienced or naïve and to protect their membership in the group. Janis suggested several ways groups might mitigate the effects of in-group bias:19 1. Group leaders assign each group member the role of “critical evaluator,” allowing each to air doubts and concerns openly (though this might not be practical with those who exercise autocratic leadership styles). 2. Senior group members avoid expressing opinions when group tasks are assigned. 3. The organization sets up independent groups to work on the same problem. 4. Group leaders create the climate focused on achieving effectiveness by seeking and examining effective alternatives. 5. Group members individually discuss the group’s ideas with trusted people outside the group.
13
Behavioral Dimensions of Internal Auditing
6. Group leaders invite outside experts into meetings where group members are allowed and encouraged to discuss with and question these outside experts. 7. Group leaders assign at least one group member the role of devil’s advocate on a rotation basis. While further study is required by social psychologists, sociologists, anthropologists, and others, this complex area crosses over several domains of inquiry. But a general awareness of the features of in-group bias perhaps can help mitigate the insidious power of such a potentially strong bias in organizations.20 Group behavior is discussed further in the next chapter as we note the difference between individuals and groups and the roles individuals play within the behavioral dynamics of groups.
References Both terms “auditee” and “client” are used interchangeably. “Auditee” refers traditionally to persons in organizational units subject to internal audits. “Client,” a more contemporary term for auditees, conveys an implicit notion that auditees are to be treated as persons (thereby working in everyone’s best interests). Used more traditionally, “client” refers to management who “retain” (internal) auditors for specific engagements. In many organizations, the chief audit executive (CAE) functionally reports to the chair of the audit committee of the board. To the extent that many internal audit engagements are undertaken at the behest of the audit committee, they too constitute a “client” of internal auditing. See also L. Braiotta Jr., R. T. Gazzaway, R. H. Colson, and S. Ramamoorti, The Audit Committee Handbook, 5th ed. (New York, NY: John Wiley & Sons, 2010), 225–226.
1
Because internal auditors within an organization are not “independent” as to the organization, increasingly, the term “objectivity” is used to refer to their state of mind. It should be noted, however, that while in-house/in-sourced internal auditors may not be independent of their organization, nevertheless they are required to be independent of the activities they audit.
2
Spencer K. H. Pickett, The Internal Auditor Handbook (Chichester, UK: John Wiley, 1997), 85–86.
3
Sawyer et al., Sawyer’s Internal Auditing, 5th Edition (Altamonte Springs, FL: The Institute of Internal Auditors, 2003), 1243.
4
Rod Collins, “Auditing in the Knowledge Era,” Internal Auditor (June 1999), 26–31.
5
Jack J. Champlain, Auditing Information Systems, 2nd ed. (Hoboken, NJ: John Wiley, 2003), 212.
6
Collins, 26–31.
7
The first author of this monograph, Mortimer A. Dittenhofer, was the chairman of the inaugural GAO Committee that produced the first edition of the generally accepted government auditing standards (GAGAS), commonly known as the “Yellow Book.”
8
M. H. Bazerman et al., eds., Environment, Ethics, and Behavior: The Psychology of Environmental Valuation and Degradation (San Francisco, CA: New Lexington Press, 1997).
9
14
Chapter 1: Behavioral Foundations of Internal Auditing
This section is drawn primarily from a commencement address delivered by Mortimer A. Dittenhofer, then retiring professor and Department of Accounting chair, to the graduates of the College of Business Administration at Florida International University in Spring 2000.
10
Indeed, Ramamoorti and Traver have argued that risk assessment by seasoned internal auditors is a “pattern recognition” problem. They proceed to show how such pattern recognition tasks can be accomplished more formally (i.e., mathematically) by leveraging artificial intelligence (AI) technology such as neural networks. See Sridhar Ramamoorti and Richard O. Traver, Using Neural Networks for Risk Assessment in Internal Auditing: A Feasibility Study (Altamonte Springs, FL: The Institute of Internal Auditors, 1998).
11
Charles W. Schandl, Theory of Auditing (Houston, TX: Scholars Book Company, 1978), 2–3.
12
See recent research by Antoine Bechara, Hanna D’Amasio, and Antonio R. D’Amasio, “Emotion, Decision Making, and the Orbitofrontal Cortex,” Cerebral Cortex, 40 (2000), 295–307, on emotionbased decision-making.
13
cf. Discussion on sources of evidence in R. K. Mautz and H. A. Sharaf, The Philosophy of Auditing (Sarasota, FL: American Accounting Association, 1961).
14
B.A. Reilly and M.E. Doherty, “The Assessment of Self-Insight in Judgment Policies,” Organizational Behavior and Human Decision Processes, Vol. 53 (1992), 285–309.
15
M. H. Bazerman, G. Lowenstein, and D. A. Moore, “Why Good Accountants Do Bad Audits,” Harvard Business Review 80, No. 11 (November 2002), 96–103.
16
Confirmation bias, a technical term describing “selective perception,” is the tendency to “see what one wants to see.”
17
Irving Janis, Victims of Groupthink (Boston, MA: Houghton Mifflin, 1972), 9.
18
Ibid, 209–215.
19
For a fuller review of cognitive biases and the use of heuristics in judgment and decision-making, please see Daniel Kahneman, Paul Slovic, and Amos Tversky, Judgment Under Uncertainty: Heuristics and Biases (New York: Cambridge University Press, 1982).
20
15
CHAPTER 2
BEHAVIORAL COMPETENCIES UNDERLYING ESSENTIAL ATTRIBUTES The conduct of the internal audit function relies upon highly trained and experienced personnel to interact with, review, guide, and judge the actions of others in the performance of their responsibilities. While internal audit personnel need to understand and rely on their knowledge of current technology, it is their behavioral competencies that often determine the extent of successful outcomes of assurance and consulting activities. Therefore, in addition to knowledge of current auditing technology, the internal auditor needs to attain and continuously develop reasonable knowledge of these behavioral competencies to guide the effective use of accounting and auditing principles and administrative practices in the internal audit function. In the first section we discuss behavioral dynamics and behavioral economics that are important antecedents to studying human behavior. In the second series of sections we discuss three different approaches to ethics that constitute much of the underpinning of behavioral concepts, including emotional aptitude, independence, and confidence. These discussions can only serve as brief overviews since much has been written on these topics. The goal is to provide a suitable background to assist readers in understanding many of the suggestions in the following chapters.
Behavioral Dynamics of Individuals and Groups Chapter 1 discussed the range of complex attributes of individuals in internal auditing. This complexity rises to another level when we consider the roles individuals play within the context of behavioral dynamics in internal audit organizations. First, there are some important differences between individuals and groups that internal auditors should recognize and understand. These differences need to be considered while working within groups so that interaction with these contacts is as effective and harmonious as possible. Differences in people are usually well recognized as a fourfold classification of management styles covering the:1 • • •
Autocratic — based on a military concept of management; pure power directing others from the top. Custodial — based on a superior/subordinate concept of management over those who are expected to be obedient but content with their work. Supportive — based on a participative concept of management to drive excellence with those “who want to work, grow, and achieve.”
17
Behavioral Dimensions of Internal Auditing
•
Collegial — based on a teamwork concept with mutual understanding and cooperation among its members who work jointly to achieve shared goals.
Each of these four classifications requires unique approaches and responses by internal auditors when conducting the audit. The range is from avoiding intimidation by those who embrace the autocratic style, being careful with those who advocate the custodial style, highly selective with those who prefer the supportive style, and analytical and thoughtful with those who emulate the collegial style. In an article on behavior, Dittenhofer discussed behavioral dynamics, which is presented in part below: There are differences between individuals and organizations which internal auditors must consider. These differences are the result of varied backgrounds, dissimilar experiences in the field of business or government, differences in education, different reactions to the internal audit process, and so on. The internal auditor must take these differences into consideration when auditing. Each individual must be considered as a unique point of contact, and the internal auditor must relate to the different factors that make up the client’s personality and that impact on his/her points of reference. The study of these individual traits tends to bring to the auditor an insight into his/her own personality and can make the auditor more knowledgeable as to how to develop harmonious and constructive relationships.2 This element also identifies the collective personality differences within small and large groups. Though the variances relate more to the social aspects of group action, auditors need to know how to handle the groups. Some examples are:3 • • • •
The group’s nominal leader may not be the actual leader. Informal organizations within the group may tend to control the group. The group can be influenced by a strong vocal minority. Motivation is more difficult as group achievement frequently has little personal impact.
This area also has conceptual aspects identified earlier and discussed in more detail below. They should be understood by the auditors so they can comprehend how and why groups function as they do. Wood and Wilson have covered the dynamics of auditor/client relationships in their discussion of the impact of behavioral dynamics on auditor stress. In summarizing their thoughts, we see a series of situations that are the foundations of these relationships.4 In the following section, the terms auditee and client are intended to be the same, and used interchangeably:
18
•
Contemporary focus on the objective of the internal auditor to add value to the organization through a more cooperative approach than has been used in the traditional auditor/client association.
•
The audit is seen as a personal event on both sides — the auditor and the client. “Opportunities for success and failure abound, all with similar impact on self-esteem and emotional health.” There is stress on both sides caused by fear on both sides: fear of failure to perform effectively as an internal auditor — and fear by the client as to disclosure of adverse audit findings.
Chapter 2: Behavioral Competencies Underlying Essential Attributes
•
The conditions under which the internal auditors work create considerable stress. Being considered “outsiders,” possible travel and absence from family and familiar surroundings, and working in the client’s organization can contribute to a stressful relationship.
•
The tension between routine testing, normal evaluations, and attempted helpfulness all against the traditional adversarial evaluations and judgmental overtones can generate confused behavioral expectations on the part of both the auditors and the client.
•
The internal auditors must “get along” with the client and achieve the client’s cooperation. However, the auditors perceive and frequently see themselves as aliens and outsiders. Yet they must “identify with those who negatively identify with them.”
•
Unusual business relationships develop between the internal auditors and the client. Clients fear audits primarily because they dislike being audited. Internal auditors try to be warm and friendly as evidence of an effective approach. The audit seems constantly to return to the question on the part of the internal auditor as, “How close do I need to get to this client?” How much distance do I want?
•
The audit is perceived differently by the internal auditors and the client based on their prior experiences.
•
The client, not understanding the audit process, resents what are considered as “unreasonable demands” relative to the search for evidence. However, the client may not understand that this evidence could be used to support an audit conclusion that the client is performing appropriately.
•
Some clients are “contaminated” by previous personal or anecdotal experiences with the audit process that colors the audit with apprehension even before it begins.
•
The client has an “emotionally negative evaluation of the audit” and attributes this as an “unfriendly or threatening aspect” of the normal audit.
•
Clients defend their reputations and personal competence. Auditors defend their responsibility to perform as auditors and to search for evidence as to appropriate or inappropriate client performance. Internal auditors and clients are “invading each other’s territories.”
•
The audit becomes a serious game of “gotcha” on the part of the internal auditors and “catch me if you can” on the part of the client. On the other hand, the auditors and the client may take the “moral high ground toward each other in instances of unproductive rectitude.” A cooperative attitude is difficult to attain in such a gaming situation.
•
The basic sense of responsibility of the internal auditors and the client may underlie the attitudes toward the audit. The client sees itself as a part of the operating organization and tends to function in a manner of that perception. The auditors see themselves as responsible to the organization with the objective of the assurance of integrity of financial and operational information, efficiency, economy, and effectiveness as well as compliance with laws, regulations, and procedures on an overall basis.
19
Behavioral Dimensions of Internal Auditing
Wilson and Wood conclude their comments with: Nothing is more central to the effectiveness of the internal audit function than these relationships between the evaluator and the evaluated, the helper and the helped, the “hit man” and the “victim,” the consultant and the client.5
Behavioral Economics “Behavioral economics is the combination of psychology and economics that investigates what happens in markets in which some of the agents display limitations and complications.”6 Since the 1960s, behavioral economics has emerged as a subdiscipline of 20th century neoclassical or traditional economics. It brings behavioral concepts over from cognitive and social psychology as well as from such related disciplines as sociology and anthropology to produce more realistic models of economic judgment and decision-making. It has an impact on internal auditing. Neoclassical economics from the 20th century essentially had assumed an “anti-behavioral” stance by essentially ignoring the concepts of related behavioral disciplines in its highly rational theoretical framework. Critics of neoclassical economics have argued that “behavior differs from the standard model” and that “behavior matters in economic contexts.” Behavioral economics is a different approach to the usual study of economics. It negates the autocratic inflexibility of 20th century neoclassical or traditional economic laws in favor of behavioral considerations of those who are influenced by that economic activity. Internal auditors need to be aware of behavioral influences because these influences comprise the foundations and motivations of practically all of the substance that they audit. Because organization decision makers are acting on behalf of the organization, it is important that the internal auditors be aware of the above aspect so they can intuitively review client actions with the intent of determining whether these actions are in the best interests of the organization or whether the behavioral interests have overpowered good judgment. Does the client appear, as evidenced from observation and the audit, to engage in decision-making that is high risk or playing it too safe? What heuristic does the client employ in decision-making? Are formal checks and balances in place to inform the client on the quality of decision-making? Does the client appear to make proactive decisions or procrastinate on important matters that could either benefit or harm the well-being of the organization? And finally, does the client appear to make unrealistic decisions by not recognizing uncomfortable realities that need to be addressed because it might make him or her look bad? Acting as the surrogate for the organization, the client can be influenced by personal behavioral drives and end up not performing in the organization’s best interests. The auditors should therefore be aware of these drives intuitively and evaluate these behaviorally inspired forces during the course of the audit. Because behavioral economics is more inclusive of factors affecting human decision-making, there are several other more specific aspects of which the internal auditor might be aware:7 •
20
What heuristic does the client employ when comparing values in an investment decision (e.g., placing more consideration on value-in-exchange market price or the value-in-use of assets)? The decision may be more a function of behavioral factors than objective analysis.
Chapter 2: Behavioral Competencies Underlying Essential Attributes
•
What is the influence of “predictability’ on behavior in investment decision-making? (Even on the operational aspects of the organization.)
•
What is the effect of an individual client’s overreaction or underreaction to new information in decision-making? Is there a rational explanation that is reasonable?
•
How does “mental accounting and loss aversion” affect client decision-making in organizations where individuals need to bite the bullet and declare a loss?
•
If a client is living a lifestyle that is well beyond his or her current means, how does this consideration raise red flags in possible malfeasance cases? Data shows that consumption very closely tracks income over individuals’ lifecycles.
Ethics and Behavior Understanding Ethics and Behavior With its foundation in behavior, ethics is a result of how an individual feels toward those with whom he or she interacts. The Institute of Internal Auditors (IIA) has established a Code of Ethics to guide internal auditors in their contacts with clients and others. Ethical subjects are usually specific; however, internal auditors’ interpretation, evaluation, and conduct are a result of their background, experience, feelings, and emotions. Immanuel Kant said: “Without truth, social intercourse and conversation becomes valueless,” and “Lying makes it impossible to derive any benefit from conversation.”8 These basic statements underlie the concept of internal auditing. They relate to what internal auditors observe, think, interpret, and report. However, it goes much further than that. It also relates to their interpretation of actual conditions and those elements by which he or she is bound, such as integrity, objectivity, competence, confidentiality, and the other items that are required by The IIA’s Code of Ethics. The question is: Why would internal auditors want to conform to or infer conformance to other than the ethical action prescribed? The reasons can relate to feelings of: • • • •
Fear. Self-aggrandizement. Self-depreciation. Insecurity.
All of these reasons have their source in the complex behavioral makeup of internal auditors. They are a product of their education, experience, family relationships, religious experience, and other influences.
21
Behavioral Dimensions of Internal Auditing
The ethical requirement of organizational independence requires the exercise of objectivity, which is in the interpretation of the information one uses, hears, or reads. Information passes through the filters of the mind and results in conclusions that the internal auditors report. These conclusions can be colored as to source, strength, meaning, etc. based on their experience and intent. Self-aggrandizement is a behavioral force that may come into play. On the other hand, minimization of questionable items to protect an individual client is another issue. These behavioral forces can result in a biased concept and even a biased audit report based on the intended concept. A second ethical area is competence. Internal auditors should have the professional background appropriate for the engagement. However, they can influence the evaluation of competence based upon the circumstances surrounding the engagement. They may represent themselves as competent because of economic need, or may stress incompetence based on a desire to not perform because of fear or a belief that economic return would be jeopardized. A third ethical area is reporting. The internal auditors are to “disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.”9 Here again is a situation open to the internal auditors’ judgment and feelings. They can be colored by their relationship to the clients and themselves, i.e., beneficent or antagonistic; desire for self-aggrandizement; or the impact on a third party. The IIA’s Code of Ethics is specific in its preamble that internal auditors should “make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.”10 (This sentence would have been more appropriate without “unduly,” which means “excessively or immoderately.” Furthermore, it implies that “some influence” is acceptable).11 However, the inference is that ethics is possibly vulnerable to outside (behavioral) influences. Sandra Waddock of Boston College, in an article published originally in Biz Ed (July-August, 2004), adapted in Accounting Education May 2005,12 takes a strong position that there is a great proclivity for the consideration of only the business and management aspects of ethics, and an omission of the concepts that impact on society, such as environment, transparency, social and human values, and impact on stakeholders other than stock values. Waddock said, “If we want accountants (auditors) who are capable of acting with integrity and understanding the broader system in which they work, we must teach them to be mindful-aware of their belief systems, conscious of consequences, and capable of thinking broadly about the impact of their actions and decisions. Accountants (auditors) have positions that are inherently value-laden and embedded with ethical responsibilities…from this view, ethics, accuracy and transparency are integral to accounting (auditing), not something to consider only when dilemmas arise” (parenthesis added).13 “Unfortunately the courses that might teach accounting (auditing) students to be mindful of consequences and consider the perspective of multiple stakeholders are hardly considered mainstream in accounting (auditing) or management education today.” She concludes by saying, “A narrow focus on shareholder wealth and a blind faith in market forces must broaden to a more nuanced and intelligent focus that encompasses many stakeholders, including the natural world.”14
22
Chapter 2: Behavioral Competencies Underlying Essential Attributes
Ethics and Behavioral Risk Today’s internal auditors are being encouraged to develop a cooperative bond with the client. The intent is to make the audit process as painless as possible for both the client and the auditors while still producing an effective and successful audit for the client, the auditor, and the organization. What are the ethical risks for the auditors in this behavioral exercise? 1.
The auditors may not be entirely convinced that a friendly relationship will work. They may hold back and solely by word or physical demeanor attempt to create an aura of cooperation. The client senses artificiality in the auditors’ behavior and becomes irritated. The ploy fails and the client and auditors are at odds.
2.
The auditors overreact in demonstrating their cooperative desires and allow the client to call the shots. Whatever the client wants is granted. The auditors sublimate techniques of good internal auditing toward an interest in harmonious relationships.
3.
The auditors take a belligerent attitude with the intent of developing fear on the part of the client. The client “clams up” — only answers questions, makes no suggestions, and does not cooperate. The audit is flat, though it may fulfill minimum requirements.
4.
The auditors convince the client that the audit will be a cooperative operation. The client intends to deceive the auditors, believing that they will not question his or her actions or comments. The auditors are overpowered by the client’s attempt to keep things harmonious and do not remain alert for deception.
5.
The auditors intend to take a collegial approach and work jointly with the client. The client, aware of the auditors’ easy approach, takes advantage and acts in his or her own private interest in the guise of a joint effort.
6.
The auditors take an aloof attitude. They are reserved and secretive, making no effort during the audit to discuss findings as they emerge. The client is informed of the audit results only at the exit conference. The client spends the subsequent period refuting the audit report and accomplishes no corrective action as suggested by the auditors.
There are probably other ethical behavioral risk scenarios. The internal auditors must remain alert to indications of the client’s potential for taking advantage and, in some cases, modify their actions to prevent unfortunate situations from arising.
Ethics and Integrity Internal auditors can wield much power in the realm of ethics. Generally, they provide an opinion as to assurance or the validity of statements of financial or operating conditions. This opinion also can include whether the client is performing efficiently, economically, and effectively in compliance with laws, regulations, policies, and procedures. However, as a result of the recent plethora of corporate malaise and the resulting incidents of criminality and improper and unethical activities, internal auditors should consider the need to expand the audit to search for such activities. This expansion implies
23
Behavioral Dimensions of Internal Auditing
that the internal auditors should know what is unethical. It also infers that this knowledge stems from their own experience and practice as to following an acceptable code of ethics. Internal auditors who are members of The IIA and those certified as internal auditors (CIAs) are bound by The IIA’s Code of Ethics. However, questions remain. Do the auditors really believe that they must conform to the Code? What is their interpretation of various facets of the Code? How much do they use the Code to evaluate the activities of the client, if at all? What is the degree of professionalism and ethics practiced by internal auditors who are not CIAs or members of The IIA? Presently, there are no controls available. Ethics has been defined in each of the recently published IIA ethics studies15 and, in general, it seems to be “the rules and actions that represent moral values relative to the pursuit of human life” (our definition). Probably one of the most important elements is honesty. Without honesty there can be no definitive conversation, research reports, financial statements, or business arrangements. The recent definition of internal auditing does not specifically mention ethics as an element of the characteristics for which internal auditors audit. Yet, it is important and auditors should make the inferred connection that if they are bound by a code, the client should be as well. Do internal auditors have an ethical responsibility to report all of their audit findings even if the reporting could cause individual or corporate harm? Also, if senior management takes no action on an important ethics or illegal incident disclosure, do the internal auditors have a further ethical responsibility to notify other bodies or individuals? What if it is a criminal incident? What is the ethical action? Internal auditors also must maintain an independent and objective position as to the behavioral aspect of the ethical performance of their auditing activity. This requirement applies not only to the writing of the audit report but also to the interpretation and observation of the client’s activities. Internal auditors have an ethical responsibility to include items in the audit report regardless of the possible impact on themselves. The current drive to work more cooperatively with the client may cloud the issue of independence. Auditors must keep in mind that an association with a client that is too close can jeopardize independence, and behavioral issues must be carefully considered to maintain the ethical position of auditor/ client relationship, both in fact and perception.
Emotions and Internal Auditing Emotional Aptitude Emotions play a part in everyday living and in the activities of the internal audit profession. Emotions exist in conjunction with all of one’s thoughts and actions and cannot be separated, or as Lennick and Kiel16 describe in their book, Moral Intelligence: Enhancing Business Performance & Leadership Success, emotions, thoughts, and actions comprise “one’s experiential triangle.” It stands to reason that, if this is so, it behooves internal auditors to be fully aware, understand, and appreciate the influential role emotions often play in their thoughts and behavior during professional activities.
24
Chapter 2: Behavioral Competencies Underlying Essential Attributes
This role is complex. Emotions come about within specific situational contexts that entail “satisfied with, disappointed that, or concerned about.” In other words, we simultaneously appraise not only with our intellect but also our emotions, usually in terms of the appropriateness of various thoughts and behaviors of both ourselves and others within some specific situation. In workplace situations, these thoughts and behaviors usually involve social and cultural interactions with others in the course of achieving organizational goals and objectives. So, if our emotions are inappropriate, our thoughts and behaviors can be more easily misinterpreted, and may arouse inappropriate emotions in others that can lead to needless difficulties and complications. On the other hand, when our emotions are appropriate, it seems reasonable that they can support positive thoughts and behaviors, which would be more conducive to being productive. When a person is cognitively aware and reflects upon his or her emotions while engaged in professional work, one can positively influence or “educate one’s [own] emotions” to be more appropriate in complex situations by paying equal attention to both their knowing and feeling aspects.17 Furthermore, as internal auditors experience new audit situations, new emotions will undoubtedly arise that require continuous adjustment and provide opportunity for growth in wisdom and emotional maturity over time. An ongoing education of one’s emotions seems paramount toward developing emotional, social, and cultural competence and that of other people in the workplace.
Emotional Competence Daniel Goleman included a chapter in his book, Emotional Intelligence, relating emotional aspects to the workplace.18 He believes that emotional deficiencies can cause such problems as decreased productivity, mistakes, and high employee turnover. He believes that there is a direct relationship between emotional harmony and efficient and effective operations. Yet, he cites managers who believe that “feelings of empathy or compassion” for employees would prevent them from directing employees to consider the well-being of the organization over personal or family responsibilities. He cites managers who say that if they (the managers) were not “emotionally aloof,” they would not be able to make the difficult decisions that the organization requires. There are three applications of emotional treatment that Goleman believes can resolve the usual changes in the workplace: • • •
Being able to consider grievances as helpful. Setting up situations where diversity is useful. Networking effectively.
He values friendly, helpful feedback as an important way to help employees improve their work so they can produce what is expected of them. Criticism can be given, but it must be positive and constructive. The result is acceptance, not becoming defensive or making excuses. He cites studies where “inept criticism” was far more disruptive than “mistrust and …disputes over power and pay.” Goleman also holds that “many managers are too willing to criticize, but frugal with promise.” Thus, the only time the employees receive feedback is when they make mistakes. He emphasizes that “an artful critique can be one of the most helpful messages a manager can send.”
25
Behavioral Dimensions of Internal Auditing
Internal auditors should consider the above counsel from Goleman in their contacts with the client, both orally and in their formal reporting. The tenor of comments and reports should be positive, not negative. They should title recommendations as improvements to present operations, not as deficiencies. They also should commend operations well done and progress made. Also, when the client has put into effect a prior recommendation and it is functioning well, there should be praise. In cases where the client disagrees with an audit recommendation, the client’s position should be fairly stated, even in the client’s language, if possible. Auditors may refute the opposition, but they should be professional and not derisive. Finally, when the auditors observe a client operation that is functioning especially well, they should express praise, especially when the improvement in the operation resulted from the client’s independent action.
Independence and Confidence Psychological concepts play a foundational role in internal auditing. Here the focus is on two that impact materially on internal auditing: independence and confidence. We focus on auditors as individuals. They need to be aware that their thinking on key points can have determinative impacts on the effective outcome of an audit. In brief, independence focuses on the idea that auditors should keep an arm’s length in all activities of the audit so they are free from unintentional (not to mention intentional) bias. On the other hand, they must have the professional confidence that all information gathered was objectively examined and judged credible and sufficient to support the audit’s conclusions and recommendations.
Independence Independence is important to the internal audit process. While internal auditors may not be independent of their organization, they are required to be independent of the activities they audit. Without this independence and objectivity, the audit effort would become a mere study or review. This independence protects the internal auditors from inappropriate relationships with clients and from personal and external pressures and interference. It also helps insure the overall credibility of the process. Once established, the internal auditors are free to pursue an objective approach to the internal audit effort. Specifically, independence is the result of: •
•
26
Freedom from personal restraints, such as: o Having been a part of the client operation. o Having preconceived ideas and opinions relative to the client operation. o Having relatives in the client operation. o Having a financial interest in the client operation. Freedom from external restraints, such as: o Interference as to the scope of the audit. o Selection of audit procedures to use. o Providing time restrictions as to audit completion. o Interference as to personnel arrangements. o Restrictions as to funding of the audit report.
Chapter 2: Behavioral Competencies Underlying Essential Attributes
•
o Interference as to the audit report, content, and presentation. o Influence as to the auditors’ continuity of employment. Placement of the internal audit function in the organization so as to have: o Freedom of reporting. o Freedom to function in an internal audit capacity. o Freedom from organizational impairment. o Freedom from organizational interference. o Accountability to an audit committee or directly to a board of directors.
The U.S. Government Accountability Office introduces the subject of independence and describes much of the above criteria in its Government Auditing Standards (the Yellow Book) by saying that “opinions, findings, conclusions, judgments, and recommendations will be impartial and viewed as impartial by objective third parties with knowledge of the relevant information” (§3.03).19
Confidence Internal auditors must have the professional confidence that all information gathered was objectively examined and judged appropriate, credible, and sufficient to support the audit’s conclusions and recommendations. To achieve this, they bring professional skepticism to the audit process by objectively examining all relevant information as to its appropriateness, credibility, and sufficiency so that, in the end, they can state their audit conclusions and recommendations confidently and without equivocation. This assurance, in turn, can promote the client’s confidence and trust in the audit conclusions and recommendations, and will increase the likelihood the recommendations will be implemented. In internal auditing, this confidence applies to: • • • • •
Information from documents, records, books of account, financial statements, reports, etc. The results of observations. Information from interviews and official assertions. Any other items registered on the auditors’ “sensory equipment” that can be converted into relevant information. The auditors’ anticipation of what the future holds based on the information filtered through their knowledge, experience, and cognitive concepts.
The result of the above evaluation must then be reviewed as to:20 • • • • •
Determinations of competence. Reviews based on auditors’ experience. Projections of future impact. Patterns of expected effects. Judgmental evaluations.
Next, the internal auditors must determine whether the results of the verification process are: • •
Valid — factual. Competent — the source is credible.
27
Behavioral Dimensions of Internal Auditing
• •
Independent — free from bias. Complete — no mitigating factors.
Finally, internal auditors must determine whether there is any risk to the situation. If so, what is the degree of risk? Can it be managed effectively and economically?
References Sawyer, et al., Sawyer’s Internal Auditing, 5th Edition, (Altamonte Springs, FL: The Institute of Internal Auditors, 2003), 1059. 1
Mortimer A. Dittenhofer, “The Need for Behavioralism in Internal Auditing,” Management Auditing Journal 3, No. 2 (1988), 5.
2
Ibid.
3
Donna J. Wood and James A. Wilson, “Stress and Coping Strategies in Internal Auditing,” Management Auditing Journal 3, No. 2 (1988), 8–16.
4
Wood and Wilson, “Stress and Coping Strategies in Internal Auditing,” 8–16.
5
Sendhil Mullainathan and Richard H. Thaler, “Behavioral Economics” (Working Paper 7948, NBER Working Paper Series, National Bureau of Economic Research, Cambridge, MA, http://www.nber. org/papers/w7948, October 2000).
6
Ibid.
7
By Immanuel Kant, quoted in Thomas Donaldson and Patricia H. Werhane, “Ethical Duties Towards Others: Truthfulness,” Ethical Issues in Business, 3rd ed. (Englewood Cliffs, NJ: Prentice Hall, 1988), 63.
8
IIA Code of Ethics (Altamonte Springs, FL: The Institute of Internal Auditors, 2000).
9
Ibid.
10
American Heritage Dictionary (Boston, MA: Houghton Mifflin, 2000).
11
Waddock, Sandra, “Hollow Men and Women at the Helm…Holding Accounting Ethics,” Accounting Education (May 2005), 145–150.
12
Ibid.
13
Ibid.
14
Mortimer A. Dittenhofer and Rebecca J. Klemm, Ethics and the Internal Auditor (Altamonte Springs, FL: Institute of Internal Auditors, 1983); Mortimer A. Dittenhofer and John T. Sennetti, Ethics and
15
28
Chapter 2: Behavioral Competencies Underlying Essential Attributes
the Internal Auditor: Ten Years Later (Altamonte Springs, FL: The Institute of Internal Auditors, 1994); and Mortimer A. Dittenhofer and Douglas G. Ziegenfuss, Ethics and the Internal Auditor: Twenty Years Later (Altamonte Springs, FL: The Institute of Internal Auditors, 2004). Doug Lennick and Fred Kiel, Moral Intelligence: Enhancing Business Performance & Leadership Success (Upper Saddle River, NJ: Wharton School, 2005), 117.
16
John H. Chambers, The Achievement of Education: An Examination of Key Concepts in Educational Practice (New York: Harper & Row, 1983), 25–30. Chambers stresses that teaching for effective cognitive learning also entails teaching appropriate affective learning if a student is to be considered properly educated. 17
Daniel Goleman, Emotional Intelligence: Why It Can Matter More Than IQ (New York: Bantam, 1995), 148–154.
18
Comptroller General of the United States. Government Auditing Standards (The Yellow Book) (Washington, DC: Government Printing Office, 2007).
19
Charles W. Schandl, Theory of Auditing (Houston, TX: Scholars Book Company, 1978), 2–3.
20
29
CHAPTER 3
SOCIAL BEHAVIORAL RELATIONSHIPS IN INTERNAL AUDITING The chapter is divided into five independent examples. Each example (numbered for clarity) exemplifies and discusses a unique sociological aspect of the auditor/client behavioral relationship in the conduct of internal auditing. These sociological aspects are independent of each other yet, collectively, they cover many of the important sociological aspects of internal auditor/client behavioral relationships. We did not intend the chapter to be descriptive of internal auditor techniques. Indeed, much of this book is devoid of specific auditing operative descriptions. It is important, though, that internal auditors be aware of the behavioral aspects of various auditing situations so they can conduct the audit as seamlessly as possible. Experienced readers will frequently recall some of these social behavioral situations and compare their past actions with our descriptions and recommended reactions. Each of the five examples should be considered as a unique illustrative treatment of a specific sociological aspect of the auditor/client behavioral relationship in the conduct of internal auditing. There is no particular sequence or flow from one to another intended.
Example One: Interpersonal Relationships of Internal Auditors A book titled An Atlas of Interpersonal Situations1 describes a number of situations that are generally related to nontechnical, mundane, interpersonal aspects, and analyzes why they occur. This material could be a foundation for much of the material that follows. The book states that its objective is to provide “a tool for analyzing and understanding the influence of interpersonal situations on social interactions.”2 The basic concept of “interdependence” is a keystone of the discussions and is described as “the manner in which two individuals influence each other’s outcomes in the course of their interaction.”3 In our work, the “interaction” is the internal audit, which is a more specific identification than we examine in this text. This situation consists first of “the information they have about each other and the situation and the behavioral options open to them as they interact.”4 A second aspect “involves a focus on its objective properties.”5 Internal auditors are interested in the “outcomes” of the interpersonal situations and, thus, they are interested in the ingredients and the types of situations, if they can be separated and independently typed. Outcomes are described as the “positive and/or negative consequences of their interaction.”6 Obviously, the intent is to arrange the results of the situation as “large” on the parts of both players, thus, representing results that produce satisfaction in the interests of both the internal auditors and the client. Ideally, on a scale of 1 to 10, the score should be 10 on each side, though the authors agree that a score of, say, 6–8 may be acceptable.
31
Behavioral Dimensions of Internal Auditing
There are a number of internal audit outcomes that can result from the varied interpersonal relations: 1.
Intransigence: The internal auditors and the client are unable to agree on a specific situation. The normal result is: (1) the presentation in the audit report describing the internal auditors’ position; (2) a letter from the client explaining disagreement; and (3) the internal auditors’ repudiation of the client’s position. The correspondence should be confined to factual information, though there is no question that, even though the substance is factual, the motivation may have an interpersonal basis.
2.
Mutual Benefits: In this situation, both the internal auditors and the client experience benefits from the results of the audit. This is a situation where not only do the auditors receive credit for beneficial audit practice, but they involve the client in determining and accomplishing the corrective action. A modification of this situation is when the client is encouraged to identify problems; the auditors have explored and defined problems; the auditors and the client have jointly identified resolutions; and the client is mentioned in the audit report for the constructive participation in the audit and the resolution of the ensuing findings. Accolades exist on both sides.
3.
Mutual Joint Control: This is much like the situation in the paragraph above. It infers that the internal auditors and the client jointly control the results of the audit. It could imply an ad hoc organization set up to program the audit, consider the findings, and develop the resolution of the conditions requiring change. In this type of an arrangement, both organizations “gain benefits and/or avoid harm from the same combination of behavior.”7 There is an aspect of this situation that could result in a problem for the internal auditors — the loss of independence in performance and reporting. The basis is the common interest in the successful achievement of a more efficient and effective solution to an organizational problem. This objective becomes a matter of common interest and, on the face of the action, avoids conflicting interest. The ingredient that breeds success is the process of reasoning and the realization on the part of both actors that there must be some give and take, though the central theme that must be taken is the good or benefit for the organization.
4.
Conflicting Mutual Joint Control: This situation is an offshoot of the above situation with the exception that, although the internal auditor and the client work together for the resolution of what seems to be a common interest, each sees success in an aberration of the action to be recommended. Self-interest becomes dominant, but control decisions must result from the suppression of self-interested outcomes as a tradeoff of the benefits of a mutually agreed upon solution that will benefit the organization. Each of the parties must come to the conclusion that the benefits of a jointly acceptable solution outweigh the losses that will be individually sustained by that action. These plus-and-minus decisions can be measured along psychological, social acceptance, financial, bureaucratic, or other diameters. Again, the final solution must be influenced by the ultimate benefit to the organiza-
32
Chapter 3: Social Behavioral Relationships in Internal Auditing
tion, sometimes determined by a higher level of control such as executive management and/or an audit committee.
Example Two: The Role of the Internal Auditor Considered as a Sociological Concept The definition and study of roles has always been an important element of behavioral theory in internal auditing. Roles are the relationships that an individual has through personal, social, or professional contacts. Roles, as we will discuss them, do not have a qualitative content as being simply good or bad, but are descriptive as to content and objectives. Roles under adverse conditions can cause stress, especially when there is conflict or ambiguity relative to the fulfillment of two or more roles as to time, content, and attention. Karl Albrecht has defined in his recent book, Social Intelligence: The New Science of Success, what might be identified as the anatomy of a role. It consists of five “dimensions or categories of competence.” These dimensions are more easily recalled using the mnemonic S.P.A.C.E.:8 • • • • •
Situational Awareness: “the ability to read situations and to interpret the behavior of people in those situations….” Presence: “a range of verbal and nonverbal patterns, one’s appearance, posture, voice quality, subtle movements….” Authenticity: “various signals from our behavior that lead (others) to judge us as honest, open, ethical, trustworthy, and well-intentioned — or inauthentic.” Clarity: “Our ability to explain ourselves, illuminate ideas, pass data clearly and accurately…” Empathy: “having a feeling for someone else…a shared feeling between two people.” (italics in the original)
Keeping Albrecht’s five dimensions in mind can provide a working definition and diagnostic tool for understanding roles. There are three broad classifications of roles that internal auditors need to consider — personal, professional, and status in the organizational or departmental hierarchy. In many cases, auditors fit into one or several elements of each classification. In the personal classification, the auditor can be a parent, spouse, teacher, mentor, coach, student, and so on. It is clear that the responsibilities of each of these could, when placed in juxtaposition with the others, cause problems relative to time, attention, location, and finance. Stress frequently results when role requirements conflict with each other. In the professional classification, the auditor can perform in multiple roles of: • • • • •
Auditor. Consultant. Investigator. Advisor. Ethics program manager.
33
Behavioral Dimensions of Internal Auditing
• • •
Risk evaluator. CPA evaluator. Nonaudit participant.
These roles do not necessarily conflict,9 but successful performance in more than one would require a broad background, experience, and personal qualifications. However, the internal auditor’s approach to the requirements of each role could be considerably different. For example, auditing requires objectivity, independence, subject matter knowledge, and interpersonal relations. Consulting requires innovation and imagination. Investigation requires analytical ability, logic, and so forth. Ethics management, frequently placed in the internal audit office, requires strict adherence to a code of conduct. In the status classification or position/rank in organizational hierarchy, the auditor can be a: • • • •
Staff member. Supervisor. Manager. Director, principal, or partner.
Each of these roles requires a different element of leadership and cooperation and generates different expectations as to knowledge and behavioral performance. The staff member interacts with the client. Supervisory members also interact, but not to the same degree; however, they must be able to influence their subordinates to perform well. The natural complexity of each role using Albrecht’s five dimensions in conjunction with the three major role classifications and range of roles within each group points to the everyday significance of social role theory in internal auditing. Roles are also addressed in Chapter 7.
Example Three: Social Aptitude, a Required Talent Internal auditors with finely honed technical skills may fail to turn out a good audit. Why? Often it is a lack of social skills that results in the failure to build a cooperative frame of mind with the client toward the conduct of the audit. The result is a psychological wall that maroons the internal auditors devoid of any assistance from the client. The auditors may venture down unproductive paths while the client watches with interest, but does not caution them about their potential missteps. The client may reject ownership of the auditors’ recommendations and consider them alien to his or her operation. As mentioned earlier, Karl Albrecht identifies and describes situations such as the above and recommends corrective action10 using the mnemonic term S.P.A.C.E. to summarize his suggestions. The five dimensions are all important but, in our opinion, the final element, Empathy, is the most important. Following are more detailed descriptions of the five dimensions with our application to the field of internal auditing. Situational Awareness. Albrecht relates this to “read situations and interpret behaviors of people.” Much of this is performed in the preliminary survey. Reviewing the workpapers of prior audits and the comments of previous internal auditors can provide information
34
Chapter 3: Social Behavioral Relationships in Internal Auditing
on situations and people. Also, the interview portion of the preliminary survey can provide first-hand information about the client personnel who will be the auditors’ contacts. The auditors, on the other hand, must be careful not to create antagonism during these processes. Albrecht says that the auditors should learn the client’s “possible intentions, emotional state, and potential cooperation.” The auditors also will be able to evaluate the audit program as to completeness and behavioral impact and, as a result of the discussions, may become aware of additional areas that could prevent problems. The client also may identify potential behavioral trouble areas that should be the subject of consideration. Presence. Presence relates to verbal and nonverbal patterns, including physical aspects such as tone of voice, activeness, freedom from controversial approaches, and physical signals. Auditors should listen and offer subtle comments to encourage the client to talk about areas that might be troublesome. They should ask simple questions and not interrupt or attempt to finish a client’s sentence to show how much they know (or don’t know). Authenticity. Here, auditors must convince the client as to their intentions and approach. They should describe situations objectively and in a balanced fashion, citing both the pros and cons. Expressing the client’s position where disagreement might exist is important. Intellectual honesty — citing all the facts both pro and con about a situation and discussing ameliorating conditions, even though they may be adverse to the audit process — is also important. Albrecht cites honesty, openness, trustworthiness, and good intentions. Clarity. Internal auditors must ask questions and describe the work being performed and the results achieved in the client’s own vernacular. Albrecht’s description is “to explain ourselves, illuminate ideas, pass data clearly and accurately, and articulate our views.” The description infers that the auditors should explain clearly what is being performed and why. Then, after the segment of the audit is complete, they should provide the client with the audit results. This is important in cases where the client is or is not performing properly and where corrective action should be promptly taken and management advised. Lack of clarity can result in conflicts. Empathy. Albrecht defines empathy as a “shared feeling between two people” or “a state of connectedness with another person, which creates a basis for positive interaction and cooperation.” We take this further by defining the term as “placing one’s person on the receiving end of one’s proposed utterance.” In other words, “Don’t do unto others what you would not want done to you.” Obviously, this proposition cannot always be followed when audit issues arise that must be reported. However, the methodology of reporting can be as benign as possible with the positive approach of “can be improved by” rather than “this is a deficiency.” Also, the client can be given advance notice so that credit can be given for corrective action taken and so reported. Obviously, the above clearly does not hold in forensic audit situations. Is the above an unrealistic “blue sky” proposal? We think not. There is evidence that it is a desirable approach and that the internal audit can become a value-adding asset to operational management.
35
Behavioral Dimensions of Internal Auditing
Example Four: Social Networks Relating to Internal Auditing There are many influences that can impact the members of an organization. Although these influences have been described as relating to organizational networks, they are so basic in their effect that they can also be described as relating to internal auditors and the position of the internal audit activity in the organization. The following six dimensions that have been presented as important to “personal networks” also can apply to internal audit basics:11 1.
Balanced Hierarchical Position. Internal auditors and the internal audit activity are best served relative to client recognition as to status by a three-level organizational arrangement: • At the higher level — for influence, resources, power, and overall strategic intelligence. On the same level — for experienced assistance. • • At an adjacent level — for technical assistance and expertise. Balance is important.
2.
Organizational Position. Close relationship among those in the internal audit activity for hiring, orientation, training, evaluation, and compensation. Together with internal audit leadership styles, cultural values, and performance metrics, these behavioral qualities are effective for learning and decision-making.
3.
Physical Proximity. Despite advances in technology,12 face-to-face interactions in a relative sense result in healthy personal relationships and the advantages of such assets as close communication, body language, and the ability to ensure clear understanding and commonality of intent and effort.
4.
Structure of Interactions. Using contacts that promote appropriate and useful information. This factor requires a careful selection of contacts that are the best sources for information. Discrimination in contacts is necessary to assure mutual comfort in the “meeting of minds.”
5.
Time Invested in Appropriate Relationship. The timing of relationships should be comfortably appropriate and valuable as to learning, performance, and intelligence.
6.
Length of Time Known. There should be a mutually recognized appropriateness in the balance of time between trusted associates and new associates with new ideas. Care must be taken to assure that the old associates do not confirm ideas out of loyalty rather than logic and appropriateness.
It would be important to inventory the relationships in each of the above six areas to evaluate their appropriateness and usefulness. Contacts need not be limited to the internal audit activity, but should be representative of the associated horizontal and vertical dimensions.
Example Five: Why Internal Auditors Need Social Behavioral Skills Communication is the common denominator in the practice of internal auditing. It is the interchange between the auditor, client, management, external auditors, general counsel, and the audit committee, etc. The success of the audit is largely dependent on the quality of this communication. It is the source of information on which the results of the audit are based. A recent paper by Becker Associates
36
Chapter 3: Social Behavioral Relationships in Internal Auditing
attributes the mechanics of this communication to what they call Neuro-Linguistic Programming (NLP).13 They describe the background of NLP as emanating from two communications professors at the University of California, Santa Cruz, who associated verbal communications with physical reactions related to the position of the head and eye movements. Thus, they identified this phenomenon as being neurologically based and hence described as NLP. These investigators applied NLP, a behavioral approach, to the audit process of gathering information and identified strategies that they believed needed to be considered (for internal auditing): • • •
The auditor’s internal state (and the client’s). The auditor’s language skills. The level of rapport during the audit.
The auditor’s internal state, relates to past experiences of intense discussions and the resulting stress. This can associate stress with overall audit experience and result in a “pattern of anxious behavior.” Also, the concept of an audit can turn normally well-adjusted people into “nervous, jittery employees.” Internal auditors should try to neutralize any fear and sense of intimidation. Internal auditors should have good language skills and avoid using words that induce fear and trepidation. They should use language that encourages assistance, participation, and cooperation. Their words should be positive and encourage the client’s understanding and well-being. Rapport during the audit concerns the relationship between the internal auditors and the client. It is based on “mutual trust and emotional affinity.” The authors describe this as “respecting another person’s view of the world while being true to one’s own objectives” and “…results in a feeling of goodwill and comfort.” This rapport can be based on interpersonal flexibility, the recognition of other channels of communication, voice, spoken language, body language, vocal tone, and vocal speed. It also requires that the auditors pay close attention to the client’s language. The authors of the Becker paper then approach the problem by describing the receiving of information by the auditor as being a factor of three potentially adverse communication “strategies,” namely: • • •
Distortion. Generalization. Deletion.
Distortion occurs when the internal auditors filter communication messages through perceptual differences. It can result in two auditors hearing the same message, but interpreting it quite differently. The authors also considered mind-reading or reading between the lines as being a potential source of distortion. Generalization is the creation of conclusions based on insufficient input of information. The adequacy of the degree and quality of the information should determine the conclusions reached. Deletion involves ignoring some information and accepting other information; essentially, that information that is of interest to the internal auditors and tends to reinforce the message they believe is
37
Behavioral Dimensions of Internal Auditing
important. It also refers to ignoring information when there is too much to consider or when the internal auditors are under stress.
References Harold H. Kelley, John G. Holmes, Norbert L. Keno, Harry T. Riley, Caryl E. Ruebult, and Paul Van Long, An Atlas of Interpersonal Situations (Cambridge, UK: Cambridge University Press, 2003).
1
Ibid, 3.
2
Ibid.
3
Ibid, 5.
4
Ibid.
5
Ibid, 23.
6
Ibid, 150.
7
Karl Albrecht, Social Intelligence: The New Science of Success (San Francisco: Jossey Bass, 2006), 29-30.
8
Simultaneously serving as a CPA evaluator and advisor, however, would be a conflict of interest. Indeed, Section 201 of the Sarbanes-Oxley Act of 2002 presents a list of proscribed services that external auditors may not perform for their audit clients. One of those prohibited services is rendering internal audit advisory services to a public company audit client.
9
Albrecht, 28.
10
Rob Cross and Andrew Parker, The Hidden Power of Social Networks (Boston, MA: Harvard Business School Press, 2004), 83–87.
11
Due to major advances in global communications technologies such as mobile phones, the Blackberry, the ubiquitous e-mail, instant messaging, and social networks such as Twitter, the need for physical proximity is unnecessary.
12
Becker Associates, Why Quality Auditors Need Interaction Skills, http://www.becker-associates.com/ whynlppap1.HTM (White Paper, 2006).
13
38
CHAPTER 4
BEHAVIORAL FACTORS INFLUENCING INTERNAL AUDITOR/CLIENT RELATIONSHIPS This chapter, similar to the previous one, contains a series of unique examples (unrelated except as to general content) that apply to the intent of the book and the general subject matter. While Chapter 3 dealt with behavioral relationships, this chapter deals more with professional relationships that contain substantial behavioral aspects. Each section should be considered as a unique discussion of an unrelated auditing aspect. Each of the sections describes professional relationships and behavioral factors that internal auditors should be aware of and consequently neutralize potential personality and professional behavioral conflicts. The objective of the chapter is to identify various professional relationships and activities and how behavioral factors influence internal auditors’ performance and operational success.
Example One: Client Conceptions and Attitudes Toward Internal Auditors Client Conceptions Toward Internal Auditors One of the problems that internal auditors face is the client’s conception of auditors and the work they perform in the audit process. This conception has been the butt of jokes, leading many internal auditors to be somewhat reticent about discussing their work. It brings to mind the somewhat ribald story of the little boy who, when asked about his father’s occupation, replied, “He plays piano in a brothel” — rather than acknowledge that he was an internal auditor. In The Internal Auditing Handbook,1 Pickett Spencer has described well the most frequent associations held by clients about the work of internal auditors. All of them describe broad behavioral relationships and thus become substance for this book. They relate to broad client attitudes against which internal auditors must be armed. Traditional Tick and Check. The internal auditor is seen as a type of clerk who mechanically verifies the accuracy of clerical operations. He is believed to have little skill and relatively no professionalism. The client objects to having such a pedestrian individual assigned to evaluate his or her operations which are management-oriented and seemingly far beyond the knowledge of such a clerical-oriented individual. Audit Snoop. The auditor is seen as a spy who has been sent to report on the client as to whether the controls that have been established are being followed and, when the controls are breached, that corrective action is promptly and properly taken. The client does not realize that the internal auditor is also responsible for evaluating whether the controls that have been established are efficient and effective.
39
Behavioral Dimensions of Internal Auditing
Consultant. The internal auditor is seen as a consultant who will recommend actions to resolve problems but does not have the responsibility to make them function effectively. The auditor is seen as coming into the operation with a superficial understanding of how it works and, based on limited operational experience but extensive education, has the answer for all problems. Adjunct of External Auditor. The internal auditor is seen as a supporting arm of the dominant external auditor. The work of the former is somehow discredited as merely preparatory work for the annual audit. Unfortunately, some internal audit activities do not establish their independent status and some organizations do not identify internal auditing as an independent activity reporting to senior management and the audit committee. Management’s Representative. The internal audit activity is seen as a checker for management rather than an independent function that serves the entire organization, reporting to senior management and the audit committee. Completely lost is the concept of service to the client organization with the objective of providing assistance in operating efficiently and effectively and in compliance with applicable laws, regulations, policies, and procedures. Someone to Be Feared. Some internal auditors do delight in developing a sense of fear in the client. However, the current philosophy is to develop a collaborative, helpful approach. Regardless, in the minds of many, the internal auditor is seen as a threat because of the possibility of adverse comments. This fear can be alleviated if the auditor uses a cooperative approach and makes the client a participative partner in the audit. On the other hand, there are some clients who are hostile to the audit activity and refuse to be a part of it, sometimes prompted by fear. The elimination of fear in these cases is most important, although sometimes difficult or impossible to achieve, especially in recent times. Especially post-Sarbanes-Oxley, there has been a clear shift in the perception of internal auditors carrying out an “audit for management” to conducting an “audit of management.” This governancelevel emphasis is now part of The IIA’s definition of internal auditing.2 Therefore, the cooperative/ participative approach becomes all the more important for reducing a climate of fear.
Client Attitudes Toward Internal Auditors3 Early studies on the relationships between internal auditors and those who were audited — the clients — indicated that, in most cases, the clients bore few friendly attitudes toward the internal auditors. Not only that, responses to questions about effectiveness, contribution, and problem-solving that result from internal audit efforts brought disappointing results. On the other hand, senior management, boards of directors, and audit committees seemed to recognize their need for internal audit assistance in the management and direction of the organization. This condition has improved materially as a result of the current change in the attitudes of the internal auditors themselves, toward their clients, and toward their work. Most internal audit staffs see their functions as being cooperative with the objective of contributing to the improvement of the operation audited and the entire organization itself. The result is the increasing number of operating managers who are requesting assistance from the internal audit staffs so they can improve their operations, economy, efficiency, and effectiveness and toward the conservation of capital assets and the improvement of managerial governance.4, 5, 6, 7
40
Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships
Feedback from the Client8 Before internal auditors can improve their image within the organization, they must know how they are regarded. Ferrier suggests that a review of internal auditors by clients is a feasible step toward improving client/auditor relations. Reporting the results of feedback to both internal auditors and senior management helps ensure accountability for the internal audit function. Reports of feedback can provide benefits, such as ways to:9 • • • • •
Judge internal audit performance. Make future audits better by recognizing the areas in which the internal audit service can be improved. Encourage harmonious relations with clients by creating a deeper atmosphere of participation. Reduce the conflicts arising from the “them and us” syndrome where clients are continually on the defense against the “management spies.” Expose clients to some of the problems and difficulties encountered by internal auditors in evaluating the performance of others. A better appreciation of, and closer identification with, the internal audit function will result.
Many internal audit organizations use a questionnaire for clients to complete at the conclusion of audits. This is illustrated in the following example of an evaluation form.
41
Behavioral Dimensions of Internal Auditing
Internal Auditor Evaluation Activity or Department Evaluated: ____________________________________________ Date Prepared:_ ____________________________________________________________ Preparer: __________________________________________________________________ Department or Activity: _____________________________________________________
Rating (10-highest, 1-lowest)
No Basis
_______
_ _____
_______
_ _____
_______
_ _____
4. Relations. How well did the auditors get along with: Management? Employees?
_______ _______
_ _____ _ _____
5. Communications: How well did they communicate with: Operating Personnel? Management?
_______ _______
_ _____ _ _____
Responsiveness: How responsive were they to your needs?
_______
_ _____
Professionalism: Did the internal audit personnel appear to be well trained and professional?
_______
_ _____
1. Technical Knowledge: How well did the internal auditors exhibit an understanding of the objectives and the functions of your department or activity? 2. Range of Service: How well did they provide assistance to you? 3. Professional Knowledge: How well did they exhibit a professional knowledge of the principles and techniques of internal auditing?
6. 7.
42
Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships
Rating (10-highest, 1-lowest)
No Basis
_______
_ _____
_______
_ _____
Creativity: To what extent were they creative in helping to solve problems?
_______
_ _____
Productivity: How productive did you consider the internal auditors to be?
_______
_ _____
Significance: How significant were the findings reported?
_______
_ _____
13. Helpfulness: How helpful were the auditors in suggesting corrective action?
_______
_ _____
_______
_ _____
_______
_ _____
8.
Confidentiality: Did the internal auditors treat the information they obtained with appropriate confidentiality? 9. Attitude: Did the internal auditors exhibit a professional, helpful, and positive attitude toward you and your staff ? 10. 11. 12.
14. Return: Would you want the internal auditors to return for another engagement? 15. Overall: What is your overall rating of the internal audit team (not necessarily an average of the ratings already given)?
Please list any additional comments and recommendations that you would like to bring to the attention of internal auditing or senior management.
Reprinted from Sawyer’s Internal Auditing. 5th Edition, pp. 1237–38.
43
Behavioral Dimensions of Internal Auditing
Example Two: Need For and Importance of Good Relationships10 If findings from organizational behavior are to be believed, line people are adverse to staff people in general and internal auditors in particular, and that controls — especially in the form of an internal auditor — may cause people to be fearful, defensive, and at times dishonest. Does it matter? Isn’t it the job of internal auditors to carry out their audits despite difficulties? Isn’t it their job to uncover what was not apparent or was covered up, to disclose inefficiency, ineffectiveness, errors, poor judgment, or poor work? Isn’t it their job to report objectively what they found? The answer to all these questions is “yes.” But why make the job more difficult than necessary? Why do it in a spirit of animosity when it can be carried out with an attitude of cooperation and helpfulness? The conflict in relationships was compounded by the auditors’ move from only financial audit matters into the review of operations. Even though the client’s fears and distrust may not keep internal auditors in an accounting area from achieving broad audit objectives, the internal audits of operations to determine efficiency and effectiveness present different and usually more complex, personalized, and judgmental problems. When internal auditors perform comprehensive audits of operations, they cannot possibly be as wellinformed about those operations as a financial auditor in a financial department. Operating processes may be technical, unfamiliar, complex, and bewildering. The operating staff may speak a language and use terms that are foreign to the internal auditors. However, any corrective action they recommend must be precise and in terms that the client and management can comprehend. The corrections must be results-oriented but not necessarily dictate how it is to be done. The corrective action required is likely to demand the wholehearted commitment of operating personnel if it is to be effective. Yet, operating personnel are not accustomed to internal auditors and the internal audit process, and thus are less likely to accept their recommendations. There must be confidence in the internal audit process and an understanding that the suggested modifications will improve the client’s operations and improve the organization’s well-being. Stephen Keating, president of Honeywell, Inc., saw the importance of cooperation between the internal auditor and client when he said, “Real progress cannot be made in an environment of conflict and friction…. Finding the trouble is only half the battle — the other half is putting recommendations to work. This requires understanding and confidence.”11 W. G. Phillips, also a corporate president, said that the internal auditor “must approach his job in a constructive manner, recognizing that client mistakes are guides for improvement, not crimes…. He must consider himself a partner with those involved in the audit, not an adversary.”12 The ability to deal effectively with others goes beyond pleasant relations with people being nice to each other. It requires deep knowledge of the subject matter at hand and the ability to get the job done with the least adverse effect on others. Harmeyer cited a psychology study of 4,000 employees who had been dismissed.13 The study showed, surprisingly, that only 38 percent had been discharged for technical incompetence. Almost two-thirds, 62 percent, had been discharged for social unsuitability. Yet most organizations, including The IIA, tend to concentrate on technical skills.14 44
Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships
Larry Sawyer often stated, “What profits the auditor to develop a sound finding only to see it bitterly contested by operating management because the auditor, wittingly or unwittingly, created a feeling of conflict and distrust? The matter becomes a personal problem; the contribution to organizational benefit is ignored.”
Examples of Good Relationships15 Mints’s research study amassed abundant evidence of the importance of conducting internal audits without animosity. His study included test audits in which some internal audit teams used a cool, superior, impersonal style while others used a participative, teamwork approach. After each audit, clients were asked to evaluate the auditors in terms of their audit style. For example, did they regard the auditor as a police officer or a teacher? After the audits had been made, after the auditors had been evaluated, and after sufficient time had elapsed for the effect of the audits to be known, one of the internal auditors involved in the study wrote to the researcher:16 Within six months of the completion of an audit, the clients send a memo to the corporate controller and division manager in which they report action taken or otherwise. We noted a direct correlation between the client ratings of the auditors (and the corrective action taken and reported) in these replies. When the auditors were highly rated, action was normally taken on practically all items, and vice versa. Since motivating personnel is one of our major objectives, I’d say this is a most important finding, which substantiates our need to improve auditor acceptance by the client. (parentheses added) The research study demonstrated, as clinically as such studies can, that poor behavioral relations defeat the audit purpose and good relations promote it. Two further examples from the study offer more evidence of this conclusion (it is not what you say but how you say it):17 One auditor who used the cold, aloof style performed an audit that was professional and technically outstanding. It was characterized by imaginative and potentially profitable work. Yet eight months after the audit, the operating organization had not implemented the audit recommendations. The operating people were apparently seething over the methods that the auditor had used. On the other hand, in an audit that followed — in which the cooperative approach was used — the controller of the division audited called the director of internal auditing to compliment him and to say that the operating people were enthusiastic about implementing the suggestions. The audit director was convinced that the differences in style were responsible for the diverse results. Another internal auditor (a manager) also evaluated the results of the audits conducted for a research study. He was able to say without reservation that the results obtained from the warm, empathetic style were significantly better than those obtained from the cold, reserved style. He also said that one of the sad things coming out of his correlation was that, from a technical point of view, the work performed by the reserved auditors was judged superior in some respects to that performed by the empathetic auditors. Yet the results from the empathetic audit group showed that management accepted and implemented their ideas more readily. He concluded:18
45
Behavioral Dimensions of Internal Auditing
Putting it another way, the results of our audits depend a good deal on how we are perceived by others, rather than how we perceive ourselves. Further, we can positively influence the “how we are perceived by others” by getting ourselves involved with the clients, by having empathy with them, and by considering and emphasizing what’s best for them rather than for us. Internal auditors should not think that a high status in the organization will shield them from the effects of poor client/auditor behavioral relations. Macher reports a study of 21 executives who were fired or forced to retire. The chief reason cited was poor interpersonal relations. The three most frequently named factors were “insensitivity to others,” “cold/aloof,” and “betrayal of trust.”19 There seems to be little doubt that intelligent, imaginative internal audit work, in and of itself, is not enough to ensure that recommended improvements will be made in operations. Clients must want to implement the audit recommendations. So, audit style and method of communication — the ability to influence and persuade others — may be as important as technical competence. Relations between the internal auditor and client may improve if the auditor, the expert on control and risk, appreciates the differences between imposed controls and self-initiated control. The principle of self-initialed control requires that a staff group never be the primary instrument for directing. Rather, the staff group, the internal auditors, should act and be perceived as a means of transmitting the good reasons for the needed control procedures. They should seek to assist the manager’s control of their activities. This assistance includes informing operating personnel when they need help, but it also includes helping them get themselves under control and motivating them to want to do so. Internal auditors are in the middle. They find themselves between management controls on the one hand and those who are being controlled on the other. The way they conduct themselves — as helpful buffers or abrasive forces — may mean the difference between effective and ineffective operational audits.
Keys to Behavioral Success An article by Ratliff and Brachner in the February 1998 issue of Internal Auditor20 addressed the subject of relationships in internal auditing and insightfully observes, “People generally will entrust their welfare only to those who are helpful and nonthreatening.” This paradigm describes the intended attitude that progressive internal auditors have and have been trying to develop in the minds of their clients. Ratliff and Brachner, after considerable research, determined that to achieve successful relationships, two criteria must be met: 1. 2.
All parties must benefit from the relationship when the purposes therefore have been achieved, and The relationship must be mutually pleasant.
They go on to say that four basic conditions must be present: 1. 2. 3.
46
An interaction of purposes or interests: either the same interest, or a symbiotic relationship. Mutual trust — no threats. Mutual respect based on competence, integrity, and responsibility.
Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships
4.
Adequate means for conducting the relationship: • The existence of a mutually agreed product or service. • Effective communication. • Good manners. • Administrative support.
Ratliff and Brachner designed a program relating to their basic philosophy of the development of relationships. The program included: 1. 2. 3. 4. 5.
6. 7. 8.
“Reach an agreement with management regarding the need for an internal audit and the use of its results. Work with management to identify the key relationships to be audited. At the time of each interview, explain to the (interviewees) the purpose of the audit. Conduct the interviews (using an interview schedule). Based on the results of the interviews, classify the relationships into four categories (healthy, somewhat troubled, severely troubled, and dead — diagnose the problems of the troubled and dead items). Search for common sources of difficulties. Report the results without identifying any individual or individual relationship. Follow up and monitor the quality of key relationships.” (parentheses added)
It is quite probable that the conduct of such an audit will bring essential points that can improve relationships to the attention of the auditors. These findings substantiate our experience in several internal audit assignments. While the internal audit relationship needs to be “helpful and nonthreatening,” maintaining a professional distance is equally important. A recent study in New Zealand21 discussed the proposition proposed by Burns et al.22 and Rittenberg and Covaleski23 that “intimidation and cruciality” have an impact on both management and the client as to the effectiveness of the internal auditor’s functional activities. They identify “intimidation” as the effect of the “perceived importance and complexity of a discipline” and classify it as a certain “mystique” intentionally practiced by internal auditors as a result of their background, knowledge, and experience. They identify “cruciality” as the impact internal auditors have through (1) the power of their recommendations to establish internal controls; and (2) the informal pressure resulting from them as “authority pressing for action.” Rittenberg and Covaleski describe this to be “the possession of a body of abstract knowledge.” It is thus very possible that in the consciousness of some clients, the internal auditor possesses these characteristics, creating a halo effect of “internal controls expertise”: 1. 2. 3.
Knowledge of various types and theories of controls that have proved effective for similar exposures. The ability to relate the client’s risk exposure to one or more of these controls. Experience in analysis to evaluate the “fit” of the possible methods of control to the problem at hand.
47
Behavioral Dimensions of Internal Auditing
We have recently seen this procedure to be effective in the acceptance of a recommendation for a “clearance account” to assure the receipt of funds from a bank to cover previously incurred expenses for which the client should have been notified — a simple solution that had not occurred to the client. Burns and others suggest this expertise as a “mystique” and identify it as an “expertise bordering on the sublime over a work ideology that is baffling but essential.” It is this concept in the mind of the client that can cloak the internal auditors with the “ability to solve problems” and that will ultimately cause the client to voluntarily identify these problems — provided the internal auditors assure they will give credit to the client for the identification, and recognition of a problem solvable with the assistance of the internal auditors. This mystique should be disassociated with top management because if not, the auditor becomes associated with top management and loses the power of having a unique collection of personal abilities to present both to the client and to management. The “intimidation model” caused essentially by the mystique approach instills in the client’s mind the possibility of assistance by a specialist, much as one goes to a physician for the diagnosis of physical problems. This “aura of assistance” is especially bolstered by the internal auditors’ reputation of helpfulness with former clients and frequency of associating the improvement as a product of the client’s suggestion. Burns is cited as recommending that internal auditors: • • •
•
Be expert in evaluating and testing internal controls (accounting controls are mentioned; however non-accounting controls are just as important). Be expert in identifying and assessing risk and risk management. Remove himself/herself from the “jack of all trades — master of none” of operational auditing. (This is questionable because, based on broad experience, the internal auditor can bring this competence to the problem as a component of the “mystique.”) Should ensure that the audit is supported by an authority document such as a charter from top management (and that the organization’s experience indicates that the charter is strongly defended by top management). (parentheses added)
Example Three: Misplaced Confidence in Internal Auditors In 1996, Alan Rabinowitz published a thought-provoking article in The CPA Journal relative to public confidence in auditors. In that article he discussed certain behavioral aspects relative to auditormanagement interactions.24 He identified the lack of experienced supervision as one of the problems resulting from the lack of proper supervisors who were elevated to the executive level. However, he also spent some time discussing the mental attitudes of the staff. His theory was that new staff auditors “viewed their largely routine and seemingly basic work as a necessary evil and ‘rite of passage’ normally preceding responsible and interesting assignments.” They wrote off this element of the audit process as being beneath their abilities. They tried to graduate to better work as soon as possible and, thus, they “lacked the commitment to delve into and prop-
48
Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships
erly comprehend the transactions and events occurring in the audited entity.” Although Rabinowitz related this concept to public accounting, it could also hold for internal auditing. Rabinowitz also believed that auditors “require greater skill in dealing effectively with people whose work they audit.” His position is that colleges and universities spend too little time in this area. He believes that matching these behavioral skills between the auditors and the client should be compared not only for ease of audit relations, but also for eliminating this “disparity between the two that mounts as does the chance for effective cover-up.” He believes that “people skills” are important for successful auditing. He also believes that the educational process should devote “more extensive attention to behavioral aspects of auditing…as one of the critical issues facing the auditing establishment.” He also describes a sense of complacency on the part of auditors who are so tied up in their traditional work that they do not “perceive or react to some newly present conditions.” They tend to “rely on approaches that served well in the past and are heartened by the continued presence of employees, managers, and executives with whom they never experienced serious problems.” He considers this complacency to be a behavioral issue that should be cautioned against during the auditor’s basic training.
Example Four: Impact of Different Client Management Styles on Internal Auditing Behavior Almost any internal auditor with experience becomes aware of the fact that the characteristics of the client as to attitude will require a modification of the approach to and the conduct of the audit. Frequently this information can be obtained from other auditors who have audited in the environment. Often the information is available in the “permanent file” for the client organization. If this is the client’s first audit, or if a new manager is in charge of the unit, the internal auditors must be immediately observant of the prevailing style of management they will encounter and conduct the audit as harmoniously as possible. Even the most difficult client managers can become adherents to the audit process if approached with care and are convinced that the audit is being performed in their best interests. There are four management styles that are usually recognized:25 Theory X
Autocratic
Theory X1
Custodial
Theory Y
Supportive
Theory Z
Collegial (sometimes called Theory J)
Comments on the styles: Theory X:
Rules are explicit; authorizations are centralized; communications, formal and informal, are centralized to those in authority.
49
Behavioral Dimensions of Internal Auditing
Theory X1:
Similar to the autocratic Theory X except for an attitude of “taking care” of the employees rather than directing them — use of an “instructive tone.” Communication is similar to Theory X except there is more “selling.”
Theory Y:
Usually a decentralized decision-making and participative management operation. Can encourage participation by the client in some cases. The objective is education. Periodic communication and reporting is usually effective.
Theory Z (J):
Learning by doing is common. Control mechanics are for information rather than “dominating decisions.” Emphasis is on the continuing education of participants so that the employee can become a colleague” in the decisionmaking process. Management frequently uses a “quality circle” to motivate, improve morale, and develop participants. The circle also improves creativity and participation.
Obviously, each of these theories requires a different approach and attitude by the internal auditor toward the client. However, there can be exceptions. In a case where the management was a type “X,” the internal auditor convinced the manager to allow an interim conference in his, the manager’s, interest. The result allowed the manager to direct the cessation of a practice that could have brought discredit on his organization (and on himself). The faulty practice was discontinued and was so reported in the audit report. The Theory X manager became an adherent of internal auditing and asked for additional auditing assistance. The Wallace’s have prepared a chart relating the various management styles to conferencing and reporting approaches. It is reproduced on the following page.
50
Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships
Management Style Reflected by Internal Audit Conferencing and Theory X Theory X Theory Y Theory Z reporting Autocratic Modified Supportive Collegial dimensions Custodial Beginning audit Authorization: Instructive: Dialogue: Mutuality of conference This is what we This is what we Here is what we interest: How plan plan plan: any should we suggestions? proceed? Interim conferences Only if further Only if further Discuss status Establish a direction of instruction of and important quality circle auditee is needed auditee is needed findings and approach with request input regular meetings for discussion Closing (exit) Summarize the Summarize the Discuss the Jointly draft conferences report in a factual report in a planned report the report manner consulting and permit manner input Formality of report Very formal Formal Informal and Informal formal Method of reporting Written Written Oral and written Oral and jointly written Timing of reports Final report Final report Interim and final Interim and final Education of auditee None required Some advisable Some necessary Essential regarding the audit
Wanda A. Wallace and James J. Wallace, Managerial Auditing Journal, Vol. 3, Issue 2, pp. 17–20. © Emerald Group Publishing Limited. All rights reserved. Reprinted with permission.
Internal auditors should try to develop a relationship with the entire client community of helpfulness through the internal audit process. It is also interesting to note that the client also has an opportunity to improve the internal auditors’ relationship through the conferencing approach and more formally through the auditor evaluation process that is becoming common in progressive internal audit operations.
51
Behavioral Dimensions of Internal Auditing
References Pickett K. H. Spencer, The Internal Auditing Handbook (Chichester, UK: John Wiley, 1997), 82–85.
1
Sridhar Ramamoorti, “Internal Auditing: History, Evolution, and Prospects,” in Andrew D. Bailey, A. A. Gramling, and Sridhar Ramamoorti (eds.), Research Opportunities in Internal Auditing (Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 2003).
2
Portions of this chapter were adopted from Sawyer’s Internal Auditing, 5th Edition, Chapter 28, published by The Institute of Internal Auditors in 2003. 3
N. C. Churchill and W. W. Cooper, “A Field of Study of Internal Auditing,” The Accounting Review (October 1965), 267–281. 4
Frederic E. Mints, Behavioral Patterns in Internal Audit Relationships, Research Committee Report 17 (Altamonte Springs, FL: The Institute of Internal Auditors, 1972), 37. 5
D. K. Clancy, Frank Collins, and S. C. Rael, “Some Behavioral Perceptions of Internal Auditing,” The Internal Auditor (June 1980), 50.
6
R. K. Mautz, Peter Tiessen, and R. H. Colson, Internal Auditing: Directions and Opportunities (Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 1984), 120–124. 7
Sawyer et al., Sawyer’s Internal Auditing, 5th Edition (Altamonte Springs, FL: The Institute of Internal Auditors, 2003), 1230. 8
R. J. Ferrier, “One Step Beyond Peer Review,” The Internal Auditor (October 1985), 35–38.
9
Sawyer et al., 1233.
10
S. F. Keating, “How Honeywell Management Views Operational Auditing,” The Internal Auditor (September/October 1969), 43–51. 11
W. G. Phillips, “The Internal Auditor and the Changing Needs of Management,” The Internal Auditor (May/June 1970), 55–56. 12
W. J. Harmeyer, “Some of My Best Friends Are Auditors, But….” The Internal Auditor (January/ February 1973), 8. 13
James R. Wilson and Donna J. Wood, Behavioral Auditing Series (Altamonte Springs, FL: The Institute of Internal Auditors, 1989).
14
Sawyer et al., 1234–35.
15
Mints, 60.
16
Ibid, 67.
17
52
Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships
Ibid.
18
Ken Macher, “The Politics of People,” Personnel Journal (January 1986), 50–53.
19
Richard L. Ratliff and James W. Brachner, “Relationships,” Internal Auditor (February 1998), 37–43.
20
Karen Van Peursem, “Internal Auditors’ Role and Authority,” Managerial Auditing Journal, Vol. 19, No. 3. (2004), 378–393. 21
D. C. Burns, J. W. Greenspan, and C. Hartwell, “The State of Professionalism in Internal Auditing,” The Accounting Historical Journal, Vol. 21, No. 2 (1994), 85–116.
22
Larry Rittenberg and M. A. Covaleski, “Internalization Versus Externalization of the Internal Audit Function: Examination of Professional and Organizational Imperatives,” Accounting, Organizations and Society 26 (2001), 617–41.
23
Allen M. Rabinowitz, “Rebuilding Public Confidence in Auditors and Organizational Controls,” The CPA Journal (January 1996).
24
Wanda A. Wallace and James J. Wallace, “Audit Reporting and Conferencing for Different Management Styles,” Managerial Auditing Journal 3, No. 2 (1988), 17–20.
25
53
PART II __________________________________________________ BEHAVIORAL SKILLS
55
CHAPTER 5
COMMUNICATIONS Internal auditors listen to obtain information. They talk to impart information. They write to communicate findings. Communication is the transfer of thoughts from the mind of one person to the mind of another. Perfect communication is an utter impossibility. No two people have the same history, education, background, training, parents, teachers, and colleagues. All these elements will affect how listeners perceive what they hear, how speakers express what they say, and how writers compose what they mean. Communication is the foundation on which behavioral relationships are built and experienced. Only when internal auditors truly understand the complexity of good communication can they begin to achieve some reasonable degree of quality behavioral contacts. Meetings with the client, either to introduce, make inquiries, convey findings, or impart recommendations, can go well or poorly — depending in large part on how the internal auditor communicates during the preparation, conduct, and conclusion stages of the audit.
Communication During the Audit1 Internal auditors who seek client cooperation need to plan their approach carefully. They must recognize that the behavioral effects of communications occur during all three phases of the audit: (1) anticipation of the audit, (2) conduct of the audit, and (3) preparation of audit findings.
Anticipation of the Audit Positive steps on the part of internal auditors can defuse any behavioral anticipation and mystery concerning the audit. They should keep surprise audits to a minimum, restricting them to such activities as handling cash and negotiable securities or where fraud is suspected. Normally, they provide information in advance to clients, explaining the audit process and how to prepare. They can emphasize the positive results of an audit to clients and the benefits clients can expect. Burnett regards auditor/client relationships in terms of two client motivators: fear and recognition.2 In these relationships, the client has fears of losing his or her job, of receiving an adverse evaluation, or from the unknown — the mysterious audit. Internal auditors can counter these fears by explaining the audit process and removing the surrounding mystery. Jarvis describes an approach that was used in a multi-branch bank.3 A written communication was designed to give branch employees a capsule view of what internal auditors do and do not do, and thus to put them at ease on the day when they hear someone say, “Here come the auditors.” Similarly, other organizations have produced brochures describing the internal audit function, the experience and background of staff, its contribution to the organization’s well-being, and its normal method of operations.
57
Behavioral Dimensions of Internal Auditing
Conduct of the Audit During the conduct of the internal audit, people are often given a feeling of importance and participation if they are asked person-type rather than control-type questions. For example, questions such as: • • • • •
What tasks do you perform? What tasks does your immediate supervisor perform? What tasks do those directly under your supervision perform? Which of the people in your work group do you see most often outside of work? When you want a job done in a hurry, to whom do you turn?
This type of inquiry has additional benefits. It provides a window to information on the organization chart. It shows the actual network of relationships that overlay the formal, structured organization chart, and it helps the internal auditor understand not only how things are supposed to work, but more importantly how they actually do work.
Preparation of Audit Findings Internal auditors can counter fears of poor evaluations or threats by demonstrating fairness and objectivity and by putting all findings into perspective, balancing the good with the not-so-good and giving client staff credit for positive contributions to the operation and the audit process. To provide recognition, auditors should take into account Maslow’s Hierarchy of Needs. This aspect is discussed in some detail in other sections. The internal auditors should possess sufficient expertise in analysis and the development of findings. They bring a measure of organizational independence and objectivity to the audit. They also bring the broad knowledge and perspective of overall goals and objectives. If internal auditors develop respect by the clients, their findings and recommendations will be accepted, or at least thoughtfully considered. By giving due consideration of the client’s familiarity and knowledge in their communications, the internal auditors can concentrate on what they are best at: analysis and development of findings. They should, in most cases, leave to the client the details of the recommendations for resolving any problems unearthed, though the auditors can assist, if needed. Clients acting against their will tend to stay with their own opinions. Rather, for behavioral intent, proposed solutions should be stated tentatively and generally, and the internal auditors should invite the clients to present their views on how conditions could be specifically improved — joining the clients in a problem-solving partnership.
Communication Aspects of Meetings In the list of behavioral relationships between internal auditors and the client, communication is probably the most important aspect. And within the area of communication, the conduct of meetings is particularly important, especially the opening and closing meetings of the audit.4 The opening meeting sets the tone for the entire engagement. The closing meeting, with its discussions of findings and recommendations, is probably the most sensitive because of its operational observations and the potential aspects for future action dictated by what the audit has disclosed.
58
Chapter 5: Communications
Preparing for the Opening Meeting When internal auditors prepare for meetings, they should know what they are going to talk about and be fully prepared on the subject so they are off to a good start with the client. They should prepare agendas, review them, and rehearse them. Also, they should anticipate questions and prepare answers. The oral presentation portion should be professional, interesting, and persuasive.5 In developing a presentation, internal auditors should be concerned with content, organization, and delivery: Content must be behaviorally correct and error-free. It should be sufficiently complete so that all major points are included, but not so long as to exhaust the listeners. The audience should be considered and the detail should be appropriate to their perception. All illustrations should be relevant and simple. In the organization of the presentation, sufficient background information should be included to set the stage and show the purpose of the presentation. The presenter should clearly, from point to point, emphasize when a new subject is being brought up. The conclusions should be clearly and logically related to the body of the presentation. The delivery should be made in an assured manner so that the presenter is always in command. Movements and gestures should be natural and non-distracting. The presenter should maintain eye contact as much as possible and speak loudly enough, clearly enough, and slowly enough. There should be a summary at the end of the presentation that is action-oriented and leads the client to the comprehension of what is desired and a commitment to action. Scheduling the contact at the right time is also important. Contact certainly should be avoided immediately before or after lunches or vacations. Moreover, the historical tenor of past contacts between the participants can affect the present contact.
The Opening Meeting It is normal for the client to be apprehensive about the arrival of the auditors. It is human nature to resent and be apprehensive about a review of one’s operation. Consequently, the opening meeting, if conducted well, can reduce apprehension. If properly handled, it can even result in acceptance and cooperation in the conduct of the audit. There should be a full and free discussion of the audit’s objective, its general plan, and the hoped-for activities of the client as a cooperative member of the audit team. Larry Hubbard, former editor of the “Back to Basics” department in Internal Auditor, suggests that the internal auditors ensure that the client understands the technical terms that will be used during the audit, such as “internal control” and “risk.” He also suggests that the client be aware of The IIA’s International Standards for the Professional Practice of Internal Auditing. The intent of the opening or preliminary meeting is to put the client at ease and ensure that there is a meeting of minds between the internal auditors and the client. The auditors should convince the client
59
Behavioral Dimensions of Internal Auditing
that the audit report could identify him or her (the client) as one who suggested areas where there might be problems. Thus, the report can then identify the assistance of the client with the work of the internal auditors to arrive at the potential resolution of problems and instituting needed corrective measures.
The Closing Meeting At the completion of the audit there are two functions that serve to enhance the relationship between the internal auditors and the client. One is the client’s evaluation of the audit process. Hubbard suggests using the following questions: “Were we professional? Did we keep you informed as to the status of the audit? Did we ask for your input and participation during the audit? Did we treat your personnel with respect?” The second function could be considered as setting the stage for the internal auditors’ return. There are several suggestions that experienced internal auditors believe have behavioral value: • • •
• • • •
There should be no surprises. The word “results” should replace “findings,” and the phrase “deficiency finding” should never be used. The descriptive language of the report is not cast in concrete. If the client has better words without the loss of the basic concept — use them. At least give the client the opportunity to suggest. There should be “balanced reporting.” Give credit for progressive, affirmative results. How did the client voluntarily improve things — controls, risks, performance? Cognizance should be given to client disagreement. If a rebuttal is used, it should be given in good taste. Laud the client’s cooperative behavior. Give examples of assistance and the progressive results achieved. Use the words “…could be improved” in place of “…the client is not performing as well as he or she should perform.”
Imaginative internal auditors can improve and add more positive relationships. It is often a case of empathetic feelings — what behavioral aspects will make the audit process more productive?
Meeting Feedback Without adequate feedback, both the client and the auditors may be unsure about whether the objectives of a meeting were met. If the purpose of the meeting was informational, the auditors may ask the client to summarize the more significant points. If the objective is to get action started or completed, ask for a commitment — who will be responsible for the action, when can it be completed, and what are the plans for the action?
Interviewing In the process of interviewing, specialists in the art of communication have suggested, as a means of breaking the ice and to develop background information that might be useful in the audit process, that
60
Chapter 5: Communications
auditors use what are called people-type questions. They are general in nature and are used to start the flow of information from the interviewee. The list below (that includes four previously mentioned) is not exhaustive, but readers will observe that they become more complex as the series proceeds. a. b. c. d. e. f. g.
What task do you perform? What tasks does your immediate supervisor perform? What tasks do the people under your supervision perform? When you want a job done in a hurry, to whom do you turn? Who do you contact if you believe your job could be done more efficiently? Who do you contact if you believe that there are ethical problems? Who do you contact if you believe that there might be improper activities taking place?
Effective Use of Questions6 Questions are a basic ingredient of the interview process. Jeffords, Thibadoux, and Scheidt have described7 a series of other uses for the communicating process that could well be used by internal auditors. The writers identify the varied uses of questions as: • • • • • • •
Controlling the communication process. Focusing attention on important aspects. Motivating immediate action. Minimizing conflicts. Facilitating negotiation. Defusing emotional reactions. Helping to persuade the client about the soundness of the questions being posed.
However, the writers suggest some behavioral methods that will make the questions and the answers more useful and meaningful. First, they suggest that the questioner: • • • •
“Always ask for specifics.” First, identify what should be described, break that item into specific details, and then ask about them. “Pay attention to what is not said.” Use “open-ended” questions rather than “yes/no” questions. Use the words how, when, where, and so on to get the full answer. “Guard against unwarranted assumptions.” Do not accept a quick reply. Ask for details. Investigate. “Pay attention to the meaning of words.” Be sure that the client’s interpretation of a word is the same as the auditor’s.
The writers then discuss the use of questions to “minimize conflicts and misunderstandings.” Through the use of compromise and focusing on goals, the auditors can help by using the questions approach. They identify the usual sources of conflicts as: • • • •
Conflicts over facts. Conflicts involving feelings and perception. Conflicts involving personalities. Conflicts involving values.
61
Behavioral Dimensions of Internal Auditing
In each of the cases, the internal auditors should use behavioral questions to explore the feelings of the parties and the sources of the conflicts, the client’s perceptions, and the basis for problems. Asking for examples of the issues in contention can frequently disclose misunderstandings or perceptions that may be the cause of the conflict. To minimize conflicts:8 • • •
Do not use questioning behavior that is aggressive; that is, tone of voice, attitude, critical approach, sarcasm, and so forth. Consider compromise. Try to resolve conflicts — get at the root cause.
The questioning approach in interviewing should clearly indicate to the client that the internal auditors have not taken a position, but are trying to find the source of conflict intending on reaching resolution. Questioning should be sincere and “humble” and not defensive or didactic. As to “values,” the writers themselves say, “Differences in values do not necessarily preclude productive working relationships — individuals can simply agree to disagree on core values.” Jeffords et al. describe behavioral questioning as a communication tool of persuasion and negotiation. For instance, in the process of recommending an improved method of operation, the internal auditors, through the imaginative use of questions, can lead the client to the desired solution by allowing the method to “jell” in the client’s mind through his or her answers. By asking the client to describe the problem and then exploring by using questions, the internal auditors and the client can actually come up with the “client’s” solution to which he or she is committed through rights of “ownership.” The auditors ask the client to defend the solution and the client convinces the auditors of the value of the “new” solution to the problem. The auditors can pose questions and the client defends the solution that becomes “the result of the audit process.” Internal auditors also can use communication as a tool in negotiation, essentially in understanding the position of the client as to needs, sensitivity of “private information,” self-interest, proprietary information, and so on. The auditor should try to work with the client in trying to protect that position while acknowledging the overlying organization’s needs. • • •
Use questions to guide the client to come to the conclusion that the internal auditors are trying to sell. Act as a salesperson by creating confidence and asking questions to lead the client to arrive at the position the internal auditors are trying to sell. Determine through questions the reasons the client may not want to come to the internal auditors’ conclusion. Then, again through questions, try to weave these reasons into a fabric that will resolve the situation that the internal auditors believe should be corrected.
Communication questions are a source of information and knowledge for internal auditors. They provide an arsenal of potential material to be used in the fulfillment of the audit objectives. “You don’t learn by talking; you learn by listening.” Jeffords et al. emphasize effective listening by understanding the significance and meaning of the speaker’s words. Internal auditors should also use nonverbal behavior through close attention and neutral body language and listen for feelings as well as facts; be uncritical and nonjudgmental; learn
62
Chapter 5: Communications
to listen reflectively; and periodically summarize verbally what the speaker has said for three reasons: to show they were listening, to ensure that they understand the facts, and that they were listening with an open mind.
The Cognitive Interview Silverstone and Sheetz have identified what is called The Cognitive Interview, which was developed in 1984 by Dr. R. Edwards Geiselman, Dr. Ronald S. Fisher, and several colleagues at The University of California, Los Angeles (UCLA). The interview process is based on a series of behavioral hypotheses:9 1.
2. 3.
Remembered information is stored in “records or discrete units containing event-relevant data.” The “records are [mentally] indexed by headings and may be searched by using designations until the matching record is found.” (parentheses added) Alternatively, “instead of discrete units, our memories are comprised of a network of associations,” Thus, it is possible to “access the memories from several different places.” This model is known as the “schema theory.”10 Familiar events have a script that guides how they are encoded in our brain in a series of slots — some familiar, some new. The brain selects the slots.
The cognitive interview is a series of approaches to exploit the three above models of encoding and retrieval to assist the interviewee to recall event information. There are three phases of the interview: 1. 2. 3.
Free reporting Questioning Second retrieval of information
The free report is when the interviewee is encouraged to do the talking without interruption, if possible. In phase two, the interviewer asks questions based on the interviewee’s comments in phase one. In phase three, the interviewee is asked to make a second attempt so as to fill in areas not completely covered in phase one. During the three phases, the interviewer should try to jog the interviewee’s memory to mentally recreate the situation, visually or otherwise, as an assist device to recall elements. This part of the process can be followed by specific questions about various aspects of the situation. The interviewer should be aware that in recall there are two types of error that the authors identify; that is, errors, mistakes of fact, and confabulations, when the interviewee “constructs a memory that did not occur in the first place.” Rapport between the interviewer and the interviewee is extremely important. There must be a close bond and there should be a high “comfort level” for both the parties. Some of this rapport can be achieved through “Kinesic Mirroring,” where the interviewer subtly uses such behavioral things as: • • • •
Body position — to emphasize contact, yet authority. Leg, hand, and arm positions — to emphasize points; movement to retain attention. Subtle body movement — to retain attention; to achieve closeness contact. Tone of voice — varied to retain attention; to emphasize points.
63
Behavioral Dimensions of Internal Auditing
• •
Speed of speech — moderate to ensure understanding; periodic pauses to capture attention. Language matching — with that of the client.
Care must be taken, however, that the alteration is not considered mimicry. Eye movement or “eye assessing cues” reflect the interviewee’s behavioral “data processing orientation.” This is that eye movement to specific spatial areas when accessing information — “their preferred mode of representation.” For example: • • •
“People move their eyes up at an angle when remembering pictures. “People look to the side when recalling past sounds. “People look down at an angle when recalling kinesthetic or felt situations.”
If the interviewee “consistently looks up and to the left, he is seeing a picture.” If he “looks down and to the right, he is probably assessing information in a kinesthetic manner.” If he “looks to the side, he is probably an auditory-oriented thinker.” Thus, when asking questions, the interviewer should try word selection to stimulate the interviewees’ visual recall behaviorally. So: • •
For the visual-oriented interview use: How does it appear? How does it look? How did things appear in your mind? For the auditory-oriented person: How does that sound? How do you hear that?
Put the questions into the interviewee’s normal frame of reference. This is “language matching” without using the interviewee’s same words.
References Sawyer et al., Sawyer’s Internal Auditing, 5th Edition (Altamonte Springs, FL: The Institute of Internal Auditors, 2003), 1242.
1
R. R. Burnett, “Does Management Style Matter?” Internal Auditor (June 1983), 16–19.
2
J. E. Jarvis, “Here Come the Auditors,” Internal Auditor (August 1980), 43.
3
Larry D. Hubbard, “Opening & Closing Meetings,” Internal Auditor (February 2004), 27–29.
4
Sawyer, 1244.
5
Ibid, 1248.
6
Raymond Jeffords, Greg Thibadoux, and Marsha Scheidt, “The Power of Questions,” Internal Auditing Report (February 2003), 1–8.
7
64
Chapter 5: Communications
Raymond Jeffords, Greg Thibadoux, and Marsha Scheidt, “Utilizing Questions in the Audit Interview,” Internal Auditing (January/February 2003), 14–20.
8
Howard Silverstone and Michael Sheetz, Forensic Accounting and Fraud Investigation (New York: John Wiley & Sons, 2004), 138–48. 9
See Roger Schank’s extensive work on schema theory.
10
65
CHAPTER 6
NEGOTIATION Behavioral Aspects of Negotiation Negotiation is a process of give and take. It is essentially a compromise between parties where both win. Interestingly enough, in some cases, the client can achieve this by perfecting the auditors’ proposal, in which case the win for both the auditors and the client is greater. Knowledgeable auditors can enhance reputation and personal feelings of accomplishment, especially if the matter is presented as a way to improve the position or reputation of the client. A case, previously discussed, comes to mind where the manager’s subordinates were willfully disregarding government regulations regarding the forward acquisition of excess construction materials. The manager was informed by the auditor on an informal basis during the course of the audit and allowed to correct the situation. He graciously gave credit to the auditor, who, in turn, indicated the prompt corrective action taken by the manager in the audit report. This type of action consisted of immediate negotiation; the problem was promptly resolved. Negotiation between internal auditors and the client can relate to various issues, some of which are: • • • • •
Cause of problems. Financial or operational impact of problems. Strategic impact of problems — operational or financial. Identification of personal or organizational responsibility. Potential corrective measures.
The behavioral factors relating to the internal auditors that may have an impact on problem resolution may be: • • • • •
The nature of their previous experience regarding the current issue. Past experience can be a positive or negative. Their educational background, which also can be a positive or negative. Their position in the internal audit hierarchy. The anticipated impact of the decision on the financial and operational reports of the concerned unit and the management of the organization itself. The anticipated impact on the reputation of the internal auditors as to: Knowledge of the issue in question. - Knowledge about alternatives. - Negotiation ability — compromise concepts. -
In each of the above, the internal auditors anticipate the impact on their reputation and status as internal audit professionals and as mediators of issues of financial, operational, or strategic importance. This feeling of personal impact on the final resolution tends to remain close to the surface of
67
Behavioral Dimensions of Internal Auditing
the internal auditors’ consciousness. The concept of negotiation is compromise — a win-win position. Imagination, knowledge, logic, and goodwill can accomplish much.
Negotiation Strategy The internal audit process is a complex web of negotiations. After all, internal audit’s role is to negotiate positions for different internal stakeholders. The presentation in the audit report is the prime statement. When the client has no problems, negotiation is silent, though probably it has been conducted informally throughout the entire audit process. In constructing the report and in the personal contacts and discussions preceding the report issuance, the internal auditors have been consciously negotiating during the audit by their presentation of the details of the findings; that is, the criteria used, the conditions found, the causes of problems, the impact of the conditions on the organization, and the recommendations for improved operations. During the early conduct of the audit, internal auditors need to analyze the client’s attitude about the audit process: friendly or belligerent; open to ideas or resistant; egocentric or broad minded; precise or vague; and so on. Thus, the internal auditors can present the ideas that will ultimately be in the audit findings in a way that the client can consider and adopt them, possibly with modifications. In most of these cases, the negotiation takes place through a series of informal conversations — not in a formal sit-down meeting. In many cases, a question that seems innocent can start the client thinking, and the concept of an improved condition can emerge almost automatically. An article that appeared in Internal Auditor listed eight valuable suggestions for internal auditors:1 1.
“Don’t make all your demands up front.” Do not shock or overpower the client. Gradually introduce the issue.
2.
“Don’t reveal your true audit deadline to others.” Don’t give the client an excuse to delay the audit, with the hopeful thought that as the audit comes to a close, you, the auditor, will “compromise.” If the deadline is known, indicate that extensions are possible or that final arrangements can be handled subsequent to a “final date.” Keep loose.
3.
“Take advantage of the good guy, bad guy scenario.” Let us say the “good guy” is the auditor, the “bad guy” is the chief audit executive (CAE). In a difficult situation with a stubborn client who may be averse to an audit finding, the auditors can empathize with the client’s perspective, but then remind the client that the CAE is not likely to agree, giving the reasons why, of course. Subsequently, the auditors might then suggest a compromise position and leverage the CAE’s probable stance to move the client from his or her fixed position toward making a compromise that is in the best interests of all parties.
4.
“Rely on the power of competition.” Identify the fact that other departments are being cooperative with the audit process and that the audit reports so indicate, with favorable comments from the CAE. Suggest that you want to help him or her (the client) to also be congratulated for assisting in a cooperative and productive audit engagement.
68
Chapter 6: Negotiation
5.
“Attack problems, not people.” In the language of the audit report, keep the comments focused on the problem. Do not bring personalities into the discussion. For example: “The controls established to assure prompt replies to correspondence were set several years ago, before the institution of current technical improvements. The correspondence director realized this and has already investigated and revised the control process and its standards.” Be hard on the problems but soft on the people.
6.
“Put yourself in the other person’s shoes.” If the client resists a change that the auditor recommends, try to get the client to describe the problem. Then ask, “What do you think is the best way to solve it? Why is it the best way? Are there any difficulties? Can it be done here?” Then, tell the client that you will include his or her positive answers in the audit report with the comment that, “The client identified the problem, analyzed it, and, with his management’s approval, has resolved it.”
7.
“Give recognition when due.” The examples in items 5 and 6 above also relate to this suggestion.
8.
“Try the fait accompli tactic.” In cases where the client has already voluntarily recognized a problem that would have been an audit issue, and has adequately resolved it, comment on it. Give the client credit for “self-audit” and interest in operating efficiently and effectively.
When these approaches are carried out with candor and objectivity, the audit relationship can become a productive process and, in most cases, result in a pleasant and constructive relationship. However, again, we are obviously excluding forensic engagements.
Negotiation for Constructive Audit Outcomes The concept of negotiation by internal auditors seems to some observers as an unnecessary aspect of the internal audit process. In the first place, it is conventional wisdom that the internal auditors’ findings are beyond discussion and, when given the blessings of management, they become directives. Frequently the implication is that the recommendation for change, sometimes called corrective action, is a reflection of failure on the part of the client. The client may protest verbally or in writing, and then the recommendation becomes a problem. The concept of negotiation has become quite well known since Roger Fisher and his associates at Harvard University introduced the subject and produced several helpful books that are well accepted. They handle the subject as an important adjunct of psychology and sociology and describe how negotiation fits into almost all facets of human relations such as in business, government, education, science, religion, and even families. Following are some of the basic criteria that Fisher and his associates describe so well:2 1.
The Problem of Position The internal auditor and the client each take a position relative to a finding. For example, the issue is related to control, let’s say of commissions paid to salespersons. The client says that his control is the sales manager who, he holds, is intimately acquainted with his salespersons. He countersigns the commission checks. The auditor believes that for proper control, the commissions should be
69
Behavioral Dimensions of Internal Auditing
controlled based on a computer listing of sales per salesperson. The client claims the computer work is an extra expense that he must assume (to the detriment of his bonus). The auditor tries to convince the sales manager that wrongfully paid commissions could also hurt his bonus. He also tells him that the computer listings can give him a better control over the salespeople’s activities. And, he adds, the listings could be compared to salespeople’s travel expenses, an added control. The internal auditor convinces the client that he or she is considering the client’s well-being and that of the firm’s as well as his or her own. The benefit is three pronged: the client, the firm, and the auditor. 2.
Separating People from the Problem The internal auditors, in checking inventories on a government construction job, found that the field engineers, in order to save detail work on their part, were ordering materials in large quantities, some of which would not be used until the next year, a position that is against government regulations, though it could be considered an efficient action (an example cited earlier). The situation would be a “noncompliance with government regulations” finding against the construction project. The internal auditor immediately went to the chief engineer, who didn’t like auditors, to advise him. At a meeting the next morning, the chief engineer castigated the field engineers and set up a control system that indicated the time element of all concerned material inventories. He told the field engineers that, if the auditor had not advised him, he and they would have been in trouble. The internal auditor and the chief engineer together described, for the audit report, the situation and the corrective action taken. The action precluded negotiation, though the advanced notice was an element of negotiation (the case described earlier).
3.
Focus on Interests, Not Positions The internal auditor was reviewing the capital assets operated by a firm engaged in retail operations. The firm enjoyed a heavy holiday business and owned a warehouse in which to store the holiday merchandise. The warehouse was empty for about 10 months. The investment and the operating costs were considerable. The internal auditor explored alternative arrangements such as (1) renting a short-term warehouse space, (2) leaving the holiday merchandise in vans and paying short-term demurrage, (3) a combination of (1) and (2) and renting part of the warehouse to others on a long-term basis. What are the positions?
The Auditor 1. 2. 3. 4. 5. 6. 7.
70
The warehouse is not productive on an 1. annual basis. Short-term contracts for space can be 2. made on an as-needed basis. Estimates show it is less expensive. 3. The firm doesn’t have to rent messy 4. temporary warehouse space. Partial annual revenues benefits the 5. firm’s bottom line. Alternative space is always available. 6. Demurrage for two months compared 7. to occupancy costs for 12 months.
The Client I control a large part of the firm’s investment (ego). The space is always available. I don’t have to make annual arrangements. I’m not sure it’s less expensive. The temporary rental space may be a mess. The partial rental tenants may be difficult. I’m not sure how much space I need. Demurrage is expensive.
Chapter 6: Negotiation
Each of the above items must be negotiated. The internal auditors must try to convince the client that what is now a cost-consuming arrangement can be converted into a revenue-producing arrangement for which the client will be credited (and may be rewarded). 4.
Possibilities for Mutual Gain The internal auditor, in his audit of the accounts payable operation, found a substantial number of duplicate payments. In the audit last year there were also a large number of duplicate payments. The auditor said last year that this was a clerical problem that should be corrected and wrote a management letter to warn the client. (No mention in the audit report.) With the same problem resurfacing this year, the auditor warned the client that the condition would be now in the audit report. The client is aghast. “If it was a management letter item last year, it should also be this year.” The auditor said, “Joe, why didn’t you set up a control last year so that the condition wouldn’t be repeated?” Joe was incensed. “You are nit picking — auditing.” He stormed out of the audit office. The auditor called, “Joe, come back here. “I’ll tell you what, if you and I can agree on a control to prevent this condition, I’ll also put that into the audit report. Can you come up with a good reason why you didn’t initiate the control last year? If it’s reasonable, I’ll also report it.” This give-and-take opportunity between the auditor and the client emphasizes mutual gain and was happily accepted by Joe.
5.
Using Objective Criteria The internal auditor was directed to investigate the construction of a large warehouse that the firm was planning to build. The internal audit activity co-sourced the investigation with an engineering firm so as to use engineers on the audit investigative staff. The auditors and the engineers reviewed the blueprints and plans. The engineer stated that the planned ceiling trusses would be metal rods and that this was not acceptable because of danger to the firefighters in case of a fire. The rods when heated would contract and pull the walls in on the firefighters. The contractor (fixed price) complained that the alternative would be too costly in materials and construction time. The internal auditor researched the problem and found a book by an authority on the impact of construction on firefighting, which supported the engineer’s contention. The contractor was convinced and, because of the auditor’s mention of potential culpability and monetary damages and loss of reputation, he agreed to the change. The firm also was convinced and the additional cost was shared half-and-half with the contractor in a contract change order.
6.
What if the Other Side Won’t Play (Shall We Dance?) The internal auditor discovered by asking an innocent question3 as to whether a collection of electronic equipment in building 201 was a part of the Research Department’s equipment. He was told that it did belong to the Research Department but that it was test equipment and had been charged as an expense of specific tests and was not on the books at all. The auditor asked what controls were exerted over the equipment. He was told none were because the equipment was “charged off.” The auditor said that some control should be exerted over the valuable equipment. The client didn’t agree because it was not charged to him. The auditor asked if there was a memo card control by unit of equipment. The client said “No.” It was test equipment and the value was 71
Behavioral Dimensions of Internal Auditing
charged to the various tests. The auditor asked whose tests was the equipment used for. The client said the tests were his. The auditor asked if he was responsible for the equipment. He said he wasn’t because the equipment was charged off to the former tests. End of discussion! The auditor thought a minute. He asked the client whether one component in setting his salary was the total value of the research equipment he controlled. The client agreed that it was. The auditor suggested that the total value of the test equipment could be capitalized and added to his regular operating equipment with a corresponding accounting reserve (for test equipment) netting the test equipment on the books to zero. The client saw the monetary advantage to him and, though he would have to inventory it and be responsible for it, it would be to his advantage to inventory the equipment and control it as he did with his other equipment. He agreed to set up the controls. 7.
Using Emotions as You Negotiate4 The internal auditor had completed the audit. The exit conference was set and the client, the director of purchasing, had been notified. As the participants assembled, the internal auditor noted that the director was absent but that he had sent a member of his staff, a recent hire with a master’s degree but no experience, to represent him. The internal auditor was furious at the slight and cancelled the meeting. He sent a memo to the director. Dear Joe: I was sorry that you were unable to attend our exit conference. In your interest, I felt it best to postpone it. During the audit I had a number of questions and your representative answered them to the best of his ability. We noted his explanation in the draft report. We want to be certain that he represented your position fairly. Also, we have some recommendations that we want to discuss for some improvements to your excellent operation. We also have made several favorable comments on some new changes that you recently installed. We want to be certain that we presented them properly. We hope we can count on seeing you at our postponed conference on January 15. Sincerely, Bill Joe quickly saw the “Xmas card,” and promptly showed up at the postponed January 15 exit conference. The alternative could have been for the auditor to complain about Joe’s absence to Joe’s superior. Joe could have been directed to attend. In such a case, Joe’s attitude probably would have been antagonistic, defeating the very purpose of the exit interview.
72
Chapter 6: Negotiation
A Negotiation “Road Map” In The Seven Steps to Collaborative Negotiations, Joan Pastor5 provides a “road map” of the negotiation process. The steps follow: 1.
Prepare. • Write down all your knowledge, information, facts, ideas, and feelings on what she calls a “dump sheet.” • Identify the outcome you want from the negotiation. Develop an alternative result you will accept. • State your “bottom line” in the negotiation process. •
2.
Set the Tone. Establish what you will accept in a “win-win” procedure. • Show concern, respect, and interest in the other party. • Develop and use physical traits showing interest and concern at the beginning of the meeting — • listening, objectivity, brainstorming solutions.
3.
Listen and Get Issues on the Table. Identify the information relative to the negotiation meeting. • Have supporting documentation available. Release and use only what is necessary. • Ask for client feedback. • • Use listening skills to show the importance of responses. Do not indicate blame; emphasize facts. • Use different types of questions to get facts (what, when, why, how, damage control). • Paraphrase what client tells. • Use a benefit statement to show value of suggestions to client. • Assume agreement on facts and findings. •
4.
Look for Areas of Common Ground. Identify areas of agreement; of disagreement. • Emphasize positive elements. •
5.
“Shoot for Collaboration” Brainstorm for mutual gain. • Stay focused on issues, not people. • Each party is responsible for contributing to the problem. •
6.
Get Decisions on Paper. Spell it out. • • Listen for unexpected expectations. Check them out. •
7.
Close With Final Summary. Close meetings with final summary expectations, next actions to take, and deadlines. • Reconfirm deadlines. •
73
Behavioral Dimensions of Internal Auditing
These seven steps are designed to provide all sides of the story from everyone’s point of view and result in brainstorming options for mutual gain. They will be “using a lot of other positive influencing and problem-solving skills as well.”
References Raymond Jeffords, Melynda Carter, and Annette Hixon, “Assessing Internal Auditor’s Negotiation Skills,” Internal Auditor (February 1993).
1
Roger Fisher, William Ury, and Bruce Patton, Getting to Yes, 2nd ed. (Boston, MA: Houghton Mifflin, 1991).
2
Asking innocent questions has been described as “naïve skepticism.” It can be enormously helpful for internal auditors to ask non-threatening and disarmingly simple questions.
3
Roger Fisher and David Shapiro, Beyond Reason: Using Emotions as You Negotiate (New York: Penguin Books, 2005).
4
Joan Pastor, Conflict Management and Negotiation Skills (Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 2007). 5
74
PART III __________________________________________________ BEHAVIORAL DIMENSIONS IN PRACTICE
75
CHAPTER 7
BEHAVIORAL ASPECTS OF FIELD OPERATIONS Role of Participative Auditing Participative Auditing The concept of participative auditing1 has been on the scene since the early 1970s when Frederic Mints, one of the founders of The IIA, proposed a modification to the traditional internal audit approach. The traditional process considered the client to be the passive receiver of the internal auditors’ methodology. The internal audit staff determined scope, designed programming, performed audit functions, made recommendations, and completed reporting. The client, as the object of the audit, was generally unaware of the findings and recommendations until the fieldwork concluded and the final draft of the audit report was prepared. Exceptions to this flow occurred when the auditors asked the client staff questions during the course of the audit. However, people are willing to help others when they feel they will share in the benefits — when they are all working toward the same goal. Operating staff have less animosity toward budgets when they participate in establishing them. People work more enthusiastically toward goals when they help set the goals and they accept standards when they help set the standards. The same is true of internal auditing. The fear, distrust, and mystery dissipate when auditors and clients work together in a spirit of cooperation and self-evaluation. Mints proposed some methods of establishing teamwork relationships so that clients might feel a real share and interest in the audit projects: For example, the truly participative auditor might do such things as: (1) take the clients into his confidence at the beginning of the examination by discussing his program along with his objectives and the reasoning behind his approach; (2) solicit suggestions and assistance from them; (3) discuss all findings currently with those directly concerned and actively seek their help in developing proposed solutions; (4) provide the clients with interim reports of findings so that steps toward implementation of corrective action might be taken before issuance of the final report; and (5) review his reports with all those concerned at each level and carefully consider their suggestions for modification before going to the next higher level. When he does not agree with their suggestions for changes, he would explain his views and attempt to persuade them of the reasonableness of his position.2 Also, we might add a sixth (6) item to the list: ask the client to identify early known problems that can be investigated and resolved by the client and the auditors in a joint effort. The conduct Mints suggests in performing audits would appear basic to establishing a useful relationship between auditor and client. We believe, however, that under some situations, a truly participative
77
Behavioral Dimensions of Internal Auditing
audit could imply that operating personnel will personally take part in the audit itself. A modification of this approach is when the internal auditor asks the client at the beginning of the audit whether there are areas in addition to those in the proposed audit scope that should be reviewed — where there are problems that have not yet been resolved. The auditor and the client can work on this problem together and come to a resolution. In the audit report, the client is given credit for being aware of the problem, assisting the auditor in its resolution, and instituting the corrective action. Internal auditors must always guide and direct the audit since, in the final analysis, the audit opinion is theirs. Their direction is essential to for ensuring independence and objectivity. But within that framework, participation can still take place. It calls for aggressively involving the client personnel in gathering information, identifying weaknesses, and correcting defects. This can and has been done with some success.3 An organization president requested the audit of research and development (R&D) activities. The people assigned to the audit reviewed the R&D organization’s methods and also interviewed scientists and engineers in other divisions and organizations. As a result, the auditors were able to construct a body of R&D standards that, if met, would provide evidence that the R&D activities were being carried out in a professional, businesslike manner. Here, for example, are two standards (from approximately 30): 1.
The technological requirements of R&D should be identified, and the personnel responsible for the work should have the requisite knowledge and skills in their technologies.
2.
R&D managers should be provided with adequate systems of financial control to assist them in accomplishing their goals and missions within allocated budgets.
Once the standards were developed, the auditors met with client personnel and convinced them to work with them as a team. The clients would contribute their technical knowledge and the auditors would contribute their administrative and management expertise. The clients then gathered pertinent and useful information about each of the 30 standards. They provided information by accumulating procedures, instructions, manuals, statistics, job descriptions, employee histories, and the like. In accordance with the agreement, the auditors validated the information and made independent checks as necessary. While they gathered information, the clients found deviations from these previously acceptable standards. Without any prompting, they initiated corrective action. Before the audit was completed, most of the weak areas had been strengthened and most of the deviations had been corrected. The clients and the auditors worked together in harmony to achieve mutual goals. The exercise in participative auditing paid off. With participative auditing, it is important to acknowledge the client’s assistance in audit reports and other communications. This assistance becomes an element of satisfying for the client one of Maslow’s “needs” — the achievement of recognition. The auditors’ competency is not lessened. Such treatment indicates skill in interpersonal relations as well as in the technical aspects of the audit.
78
Chapter 7: Behavioral Aspects of Field Operations
With the increasing complexity of enterprise systems and the broadening of the scope of internal audit work to include all manner of operations within the enterprise, such participative audits are becoming the norm rather than the exception. A marriage of technical expertise contributed by the client along with the management expertise contributed by internal auditors may be the only effective way to make thorough audits of complex, technical activities.
Roles and Stress Roles and Role Conflict4 People play many roles in the conduct of their normal lives. Roles consist of attitudes and the conduct resulting from various situations. Both the internal auditor and the client play roles relating to business and their personal lives. Historically, the roles could be roughly classified as (no horizontal relationships): Auditor
Client
Traditional Professional
Police Officer Watchdog Detective
Cooperate Intimidate Ignore
Auditor Supervisor Manager
Client Manager
Personal
Parent Spouse Teacher Student
Parent Spouse Teacher Student
Historically, the role attributed to the internal auditor has been that of the “hardnosed sleuth.” It is a role that has struck fear in the hearts of clients and, in many cases, obstructed the internal audit process. For several decades, The IIA has tried to modify this situation and replace it with a role more aligned to a constructive relationship and the concept of added value, even in the conduct of nonconsultation work. The idea is to assist rather than destruct. Internal auditors cannot ignore the intended thrust of the audit effort — to examine and disclose the actual conditions. But the presentation of facts, even though negative in concept, can be accomplished as recommendations for improvement, not deficiencies. On the other hand, internal auditors should try to encourage the client to take on a role of selfimprovement, where the client sees the internal auditors as assistants. Thus, a team effort can be developed and, based on some anecdotal experience, possibly result in the client assisting in the traditional audit process. Frequently, a softer touch can produce beneficial results.
79
Behavioral Dimensions of Internal Auditing
What if the client refuses to play? Continue to provide information and indicate that the client’s cooperative attention is still welcome. The client usually has a level of supervision for reporting, and a copy of the audit information and the offer to discuss matters should be referred to the supervisor. The client may have to answer to that level of management for his or her inflexibility. Unfortunately, on occasion, that higher level also can be adamant about client cooperation with the auditor, with the intent that an upper adversarial position will discredit any audit effort. Reference to executive management is the only recourse left.
Stress and the Internal Auditor At times there are conflicts between the requirements of the various roles. For instance, overtime work as an auditor or a client may conflict with the requirements and responsibilities of being a parent or spouse. These conflicts probably constitute the greatest cause of stress for both internal auditors and the client. Other causes of stress arise in situations dealing with ethical conduct, beliefs of inadequacy, travel requirements, time constraints, and circumstances where the organization’s short-term wellness conflicts with issues of morality and honesty. Resolving role conflicts and stress is not easy. Setting priorities and evaluating the effects of activities are probably two of the best methods. The lesson for internal auditors is to recognize that the client is subject to as many of the role conflicts and stress issues as they are. In some cases, internal auditors may be aware of these client problems. This is not to say that they must become counselors or advisors, but they can modify the audit effort on a short-term basis to accommodate the client’s personal problems. The auditors should prevent their role conflicts or stress issues from interfering with the audit as much as possible. Recognizing the problems and prioritizing the issues should be basic requirements. In an article titled “Internal Auditors and Job Stress,” Linda Larson defines and discusses the internal auditing aspect of stress.5 She mentions some of the more frequent types of stress with which internal auditors are faced, and then expands the list and classifies items into organizational and individual job stressors. Larson says, “The stress response is a mobilization of the body’s energy resources when confronted with a stressor in his or her environment.” She quotes M. T. Matteson as saying that a stressor is any “demand made by an internal or external environment that upsets a person’s balance and for which restoration is needed.”6 Larson follows with a definition from J. C. Quick: “Stress is necessary for a person’s growth, change, development, and performance both at work and at home.7 It classifies stress as “good” when it “creates excitement, stimulation, and arousal for the individual” and “bad” when it “results from an unpleasant situation such as losing one’s job” or the potential for a similar bad situation. The article states that individual symptoms of stress are: • • • 80
Physiological, short-term, and long-term: headaches, ulcers, high blood pressure. Psychological: apathy, dissatisfaction, irritability. Behavioral: Loss of appetite, weight gain, change in alcohol use.
Chapter 7: Behavioral Aspects of Field Operations
Individuals react to stress based on their personalities. Some are resourceful and convert the stress into a method of acceptance and modified behavior. Others see stress as unreasonable and often need help to work through stressful situations. Two faculty members, Donna Wood and James Wilson, both at the Joseph M. Katz Graduate School of Business, University of Pittsburgh, were sponsored by The IIA to study the behavioral dynamics of internal auditing. A major part of the study related to stress in internal auditing.8 The researchers received 518 usable replies that constituted 28 percent of those sent out. The survey included U.S. and Canadian members of The IIA. The respondents were asked 10 questions that related the relationship of internal auditors to clients. The summarized comments follow: 1. 2. 3. 4. 5. 6.
Auditors always wear more than one hat. “A large majority agree; high and medium stress are more likely to do so.” The auditor’s job is much more difficult when he/she has to play more than one role. “Shows a clear association to stress.” Joint audits (financial/operational and EDP) are very difficult for teams to coordinate. “A majority of low stress respondents — not difficult.” “40.6% of high stress respondents — hard to manage.” “I find it hard to deal with the jokes [clients] make about auditors.” “A clear majority — felt capable of handling jokes.” “High stress respondents more likely…to find jokes troublesome.” Friendliness gets in the way of an effective audit. Auditors should not hesitate to go out drinking or out to dinner with clients when an audit is in progress. “Auditors who find themselves precariously balanced between these two approaches (items 5 & 6) are likely to experience higher job-related stress.” Item 5: “High stress respondents are much less likely to disagree.” Item 6: “Low stress respondents were more likely to feel that auditors were better off if they did assume that social events were appropriate on audits.” The authors discuss these situations to some extent and conclude that they are ambiguous situations and the need to have the ability to judge the situation. It can be stressful. 7. Female auditors find it harder to establish their credibility than do male auditors. “Agreement with this statement is clearly associated with higher stress levels… whether male or female.” 8. I can tell when clients are lying. 9. I can tell when clients are trying to hide fraud. “Auditors who are confident of their observational skills will be less subject to stress.” Significant associations appeared between the stress scale and the two statements’ (8 and 9) observational skills. Low stress respondents were more likely to say that they could not detect efforts to lie or hide fraud.” 10. In my experience clients rarely implement the recommendations of the auditors. “Respondents overwhelmingly rejected this idea. But there was…a significant association between stress and this statement.” A handful of low-stress respondents agreed with this statement but almost 19 percent of high stress did so. High-stress respondents were much less likely then low-stress colleagues to disagree with the statement.
81
Behavioral Dimensions of Internal Auditing
The authors identify a series of support activities that they believe could help reduce the stress levels: • • • • • • •
Departmental supports for auditors. Training for new auditors. Mentors. Career counseling and update training. Potential for movement into higher management. Incentive for those who travel. Closer relations with audit managers.
Management of Change9 Change is feared by some and welcomed by others. Internal auditors are concerned about the former and delighted with the latter. Fear of change poses a problem in the implementation of the internal audit recommendations. Also, at times, change causes clients to reject the audit effort and rebuff the auditors for instigating the change. Internal auditors must be prepared to manage the potential impact of change resulting from audit recommendations or those impacts that are anticipated by the client. Following are several causes for client concern relative to change with suggestions for remedial action that can be made by the internal audit staff: 1.
Fear of the unknown can be neutralized by explaining, to the degree possible, the impact that the change will make on current operations and clearly describing the potential advantages and risks of the change.
2.
Conflicts with present operations can be explained by describing the positive results that the change will make and the credit that will be associated with client management.
3.
Ego problems can be resolved by bringing client management into the decision-making process so that client management becomes owner or part owner of the change.
4.
Bureaucratic problems, including the need for vertical and horizontal realignments, can be reduced by working with all involved units to outline the integrated changes that will be needed, the impact on the associated units, the positive results that will be achieved, and the advantages to the organization. The auditors can then respond positively to the anticipation of negative impacts by working with the horizontal and vertical operational units involved.
5.
If the change is not cost beneficial or results in a less efficient operation, explain the positive results, the benefits of which exceed or justify the apparent losses.
The changes should be reasonable, not violate moral values or good business practice, possible to accomplish, communicable, and cost-beneficial.
82
Chapter 7: Behavioral Aspects of Field Operations
Facilitating Change The concept of managing change as described in the previous section is an essential element of the behavioral impact of internal auditing. As mentioned, it involves such aspects as allaying the fear as to the results of the change and indicating that change is evolutionary, not revolutionary. It is not enough for internal auditors to identify the need for change; they should also work with the client to accept the change as a normal element of management. This constructive concept takes a two-pronged approach to the problem: considering the interests of (1) management and (2) those of subordinates. In each of these areas, the auditors should identify:10 (1) The evidence necessary to convince the client as to need. (2) The implementation strategy that will be helpful and desirable. In many cases, logic is not enough because of the client’s ingrained belief that logic was originally used in the establishment of the subject methods. Attempting to get at the reason for reluctance to the change can help. The emotions associated with what was initially determined to be a good system must be handled carefully, sometimes by indicating that the elements that originally led to the development of the current methods have themselves changed and require some modification. Readers may find the following suggestions helpful: • • • • • • • • • •
Serve managers with more than recommendations. Explain the “how” of the change. Recognize that audit recommendations don’t change organizations, people do. Consider the interpersonal elements involved with acceptance of the change. Respond to them. Communicate early and communicate often. Do not rely only on the exit conference. Discuss the possible changes as soon as they are disclosed. Continue to discuss them. Develop your powers of persuasion. Be convinced as to the worth of the changes and present them with enthusiasm. Avoid becoming a zealot. Consider the client’s state of mind, use gentle persuasion, and possibly compromise. Remember that change always takes longer than expected. Consider stress. Be patient. Value criticism. Consider the reason for criticism. Accept changes. Acknowledge and thank people. Use good manners. Do not overdramatize the need for change. Consider the value-added concept and relate it to the assistance approach of internal auditing.
Work with the client to identify the need for the change and then continue by proposing that the client, with your assistance, determine methods that would fit the “new” activity. Let the client choose the method to make the change. The decision is the client’s management, not yours. However, if you see problems, point them out and offer to help resolve them. Remember that you are not directing that a change take place. That is a management decision. You are simply recommending the action.
83
Behavioral Dimensions of Internal Auditing
Use of Motivational Needs11 The subject of motivation is usually mentioned as a benign force that causes clients to accept the audits as a stimulus for change. How does this work? We generally recognize Maslow’s series of needs that motivate humans. These needs vary from the physical — air, food, and water — to the complex need to believe that we are performing the work we were destined to perform. Two other needs — security, both physical and economic, and the need for recognition — can serve to stimulate the client to: • • •
Bring suspected problems to the internal auditors’ attention. Cooperate with the internal auditors in the conduct of the audit. Implement the internal auditors’ recommendations.
How are these motivational needs served? By disclosing in the audit report that the client performed well and because of that, and the client’s cooperative action, the audit was successful. Senior management recognition and the recognition by the client’s peers can impact favorably on the client’s economic condition. Such recognition shows that the client understands the facets of good management and is management-minded in accepting change for the good of the organization. To Maslow’s five needs we can add the need for power. This need is always present under the surface and definitely is felt by internal auditors, whether they admit it or not. In fact, it is this potential feeling of power that directs some people into the practice in the first place. However, a series of subliminal activities (beneath the threshold of conscious perception) can act as motivators. These forces indirectly lead to the Maslow need for recognition, belongingness, and selfactualization (assurance that one is performing effectively in one’s area of interest). A partial listing of the activities that can act to motivate internal auditors and the manager (client) follows:12 Motivating the Internal Auditor: Participating in planning Participating in report writing Response to considerate leadership behavior Receipt of current information and feedback Receipt of rewards for good work Assurance as to the positive aspects of internal auditing Motivating the Manager (client): Participating in sound two-way communication Being advised currently of key findings and potential recommendations Participating in discussions on key findings Developing a balance between positive and negative findings Use of efficiency and effectiveness in recommending management changes Use in reporting of improvement rather than deficiency
84
Chapter 7: Behavioral Aspects of Field Operations
Codori summarizes her description of motivating influence by writing: Properly used, effective communication can generate positive motivation. Each audit participant, when motivated in this way, can make unique and valuable contributions to the goals of management auditing.13
Conflict Management of Conflict14 Conflict is present in all organizations and shows itself in varying degrees. In most organizations, it is kept reasonably under control. Conflict is caused by differences between people or organizations relative to: • • • •
Methods of performance of activities. Turf problems — areas of responsibility. Commitment of resources. Ideology and ethics.
Auditor/client conflicts are common. As a matter of fact, internal auditors seemingly acting in adversarial positions constitute a basic aspect of conflict. Conflict can be resolved by arbitration, mediation, or compromise. It can also be eliminated, though not resolved, by direction. To the degree possible, both the internal auditors and the client should compromise so that the greatest possible benefit for the organization can be achieved. However, the concept of “auditor compromise” is sometimes a difficult issue. If there is a black-andwhite violation of accounting standards (Generally Accepted Accounting Principles [GAAP]), the internal auditors are not in a bargaining position, unless there is some aspect of interpretation of the issue. On the other hand, if there is an element of good business practice or potential improvement in efficiency or effectiveness, there may be bargaining room. The concept of “half a loaf is better than no bread at all” is not a bad idea.
Resolving Conflict15, 16 Some suggestions from an article in Internal Auditor hold much promise is resolving conflicts. Resolution in this case infers that the conflict will no longer exist and that the parties agree to certain conditions, understandings, and action. The article proposes two essential activities: (1) understanding the conflict, and (2) negotiating a resolution. Understanding the conflict involves answering three questions: • •
Is the conflict real? Could it be a misunderstanding or poor communication? What is the conflict? The real conflict must be disclosed so that secondary issues are not a concern.
85
Behavioral Dimensions of Internal Auditing
•
What is the cause of the conflict? The source of the problem should be identified as soon as possible. It could be that the parties are arguing about the results of the conflict, not the cause.
Concentrating on six activities can enhance negotiating a resolution: •
• •
• •
•
Concentrate on people issues. This involves treating the other side as human beings rather than obstacles. Empathy is important, as is the recognition that the discussion could generate progressive results. Separate the individuals from the context of the conflicts. Auditors should not attack people, but should isolate the issues and discuss them. Consider the opposition’s view of the conflict. Viewing the conflict through the eyes of the opposition can lead to resolution that can be compatible to the opposition. The ensuing discussion should not take an accusatory tone. Involve the opposition in the decision-making process. Participation is a great leveler, assuming the objective is a position desired by both parties. Discuss emotions openly. Emotions should be recognized and freely discussed. The fact that stakes and reputations are threatened should be acknowledged and resolution should be pointed toward mutual satisfaction. Emotional outbursts should be tolerated without retribution or retaliation. After the release of the emotions, levelheaded discussion should resume. Communicate. Each side should listen and try to comprehend. This aspect also infers that the auditors should adequately plan their statements and not use inflammatory language.
The article then suggests that the parties develop alternative options. There must be a degree of flexibility on both sides. There also are three obstacles that must be overcome: • • •
Premature judgment. Fixation on a single answer. Assumption of a fixed solution.
These obstacles can be overcome if the parties mutually: • • • •
Brainstorm other options. Separate the creation process from the decision-making process. Consider all options. Look for mutual gain.
The basis for resolution is for agreement to be reached in establishing objective criteria to which both parties can agree. Though the article shuns bargaining, it seems reasonable to believe that compromise can still be used to produce a win-win result. Regardless of the ideal methodology used, the element of emotions, and an earnest belief in the validity of one’s position, some element of compromise is bound to creep in. Also, this may not be a bad solution because at a later date, after the interim experience, another attempt can be made to resolve the remaining elements of the conflict.
86
Chapter 7: Behavioral Aspects of Field Operations
There is also the possibility that the discussion resulting from the conflict may produce positive results for the internal audit process. It is conceivable that such discussion may result in new issues and even new potential resolution aspects that neither party considered. In other words, the conflict triggers an intense discussion, producing new values besides those held by either party at the beginning of the conflict. It is conceivable that conflict, though generally abhorred, should be welcomed as a sort of cleansing. If presented well, conflict actually can be constructive.
Management of Hostility17 Despite all the good will in the world, internal auditors are still bound to face some antagonism. They may seek to reasonably and logically present their viewpoint, but the client may remain adamant, unhearing, unconvinced, and completely negative, or may simply refuse any discussion. These confrontations are bound to happen now and again. The client opposition may be reflected in a number of ways: • •
•
• • • • •
Client management does not deign to attend conferences, but sends a lower-level individual to be his or her representative. The client manager questions all audit activities as being unnecessary and improper. The internal auditors are forced to justify each action and may be met by a refusal to cooperate or accept the activity. The client accuses the internal auditors of interfering with the operational work of the audit area. Each test or other audit action must be approved by the client on the basis of eliminating “audit-caused” interference. The client refuses to discuss interim findings, telling the internal auditors that they are on their own and they had better be right or they will be “creamed” by top management. The client manager downgrades and ridicules potential findings as not material and insignificant to the client operation. The client accuses the internal auditors of improprieties but refuses to support the accusation. The client management refuses to participate in exit conferences but sends an insignificant representative who listens and takes notes, but makes no comment. Even though the client’s direct operational supervisor tends to be cooperative, his or her senior manager directs that there be no cooperation.
These suggestions may be useful: • • •
Select the right time. Do not try to open the closed mind to reason when the owner is under stress, angry, tired, or distracted. Never take a locked-in-concrete position. All that does is seal the closed mind from any possible penetration. Don’t rely only on logic. Logic never opened a closed mind. If it were agreeable to logic, it would not be characterized as a closed mind.
87
Behavioral Dimensions of Internal Auditing
• • •
• • •
•
Never paint yourself into a corner. Never take a position from which you cannot gracefully retreat or move around. Avoid force and embrace persuasion. At the onset, find a point of agreement. Opposition is useless; agreement is the opening wedge. There must be some things that internal auditors and clients can agree on, even if it is agreeing to disagree. Invite the clients to spell out their positions. Listen and try to understand — really listen. Don’t be closed-minded yourself. Make an active effort to put yourself in the client’s place. Sincerely try to understand. Help them to be right. That is what the closed mind wants above all. When you understand where they stand, when you have put yourself in their shoes, try to make them feel the position you want them to take is the position they themselves want to take. Consider compromise. Plan to agree on some minor aspects of the confrontation. Next time around you can again compromise and gain some of the points you gave away the first time.
However, internal auditors should keep an open mind. Inflexibility on the part of the client may directly impact the internal auditor’s position. As an example, the imposition of a new control aspect may, in fact, result in a reduction of risk or a more efficient operation; however, the results on costs may be more than the costs for the original operation. Examine the client’s arguments carefully. When all else fails, when the problem or weakness is serious, when the risks are great and correction cannot be compromised, internal auditors must remember their responsibilities and carry the matter to higher authority. The time bombs of potential risk to the organization must be defused. But it is best to try persuasion first. Internal auditors must remember that one day they may have to return to deal with the closed mind.
References Sawyer et al., Sawyer’s Internal Auditing, 5th Edition, 1252–54.
1
Frederic E. Mints, Behavioral Patterns in Internal Audit Relationships, Research Committee Report 17 (Altamonte Springs, FL: The Institute of Internal Auditors, 1972), 86.
2
Lawrence B. Sawyer, “Tomorrow’s Internal Auditor,” The Internal Auditor (June 1978), 20–23.
3
Sawyer et al., 1232–33.
4
Linda Lee Larson, “Internal Auditors and Job Stress,” Management Auditing Journal 9 (2004), 1119–30. 5
M. T. Matteson and J. M. Ivancevich, Controlling Work Stress (San Francisco, CA: Jossey-Bass, 1987).
6
J. C. Quick and J. D. Quick, Organizational Stress and Preventive Management (New York: McGraw Hill, 1984).
7
88
Chapter 7: Behavioral Aspects of Field Operations
Donna J. Wood and James A. Wilson, “Stress and Coping Strategies in Internal Auditing,” Managerial Auditing Journal 3, No. 2 (1988), 8–16.
8
Sawyer et al., 1228–29.
9
Raymond Jeffords, Greg Thibadoux, and Marsha Scheidt, “An Internal Auditor’s Guide to Facilitating Organization Change,” Internal Auditing (July/August 1998), 37–41.
10
Sawyer et al., 1231–32.
11
Carol A. Codori, “Positively Motivating Auditors and Managers,” Managerial Auditing Journal 3, No. 2, (1988), 21–23.
12
Ibid, 21–23.
13
Sawyer et al., 1229.
14
Gene H. Johnson, Tom Means, and Joe Pullis, “Managing Conflict,” Internal Auditor (December 1998), 54–59.
15
Sawyer et al., 1229.
16
Ibid, 1244.
17
89
CHAPTER 8
BEHAVIORAL ASPECTS OF FORENSIC AUDITING Psychology of Fraud1 Donald R. Cressey, a well-known criminologist, was a student of Edwin H. Sutherland at Indiana University following World War II. Sutherland, the president of the American Sociological Association in 1939, was the author of White Collar Crime (1961) and one of the predominant authorities in the field of criminology. Cressey made a study of incidents of embezzlement and expanded it to cover the broad field of management crime. He held that these crimes are caused by: •
•
A variety of inappropriate and improper actions on the part of the perpetrator, being a product of a “constitutional or moral weakness in the offender.” To this he added “faulty or illogical reasoning…” in that the perpetrator believes the funds taken merely constitute a “loan,” which is to be repaid. And, thus, a temptation is created that becomes difficult to resist. (Some perpetrators even keep records, “intending to pay it back.”) “Poor defense measures,” meaning inadequate organizational controls.
The first point focuses on the behavioral aspects of the perpetrator, such as the tendency to seek rationalizations to explain one’s behavior. The second addresses organizational control weaknesses that tend to constitute the traditional approaches internal auditors have taken concerning fraud. In this chapter, we assert that to be most effective in these traditional approaches, internal auditors must first have sufficient insight into the psychological and behavioral aspects of perpetrators (see also Ramamoorti, 2008).2 Donald Cressey was first faced with the need to explain a rationale as to why people steal. His research produced the concept that some trusted people violate the trust placed in them — based on the fact that some controls in business are fallible — and that they, the trusted people, believe they have the freedom to deviate. He then developed a generalization that he thought applied to all embezzlers. He believed that it was a psychological process made up of three phases: • • •
“The feeling that a personal financial problem is unshareable.” “The knowledge of how to solve the [financial] problem in secret, by violating a position of financial trust.” “The ability to find a formula which describes the act of embezzling in words which do not conflict with the image of oneself as a trusted person.”
The concept of the unshareable problem relates to shame or false pride on the part of the perpetrator, though it may not seem so to an outsider. This shame or false pride aspect prevents the perpetrator from asking for financial assistance, even though the employer or others who expect such requests as a normal occurrence with the hope of preventing criminal actions could provide it.
91
Behavioral Dimensions of Internal Auditing
This unshareable problem often leads to cover-up behavior of a dishonest, immoral, or unethical nature. The perpetrator may think he can solve the problem in secret, which might relate to similar plans that may have been used in the past, sometimes by accident, sometimes intentionally. Finally, Cressey evaluates various rationalizations by executives who perform “unscrupulous or criminal” acts. One such rationalization is the belief that “business is business.” Another is that they are acting in the investors’ interests by providing greater earnings. Cressey believes fraud is unshareable because the potential perpetrator is embarrassed to admit a former criminal action or disclose poor judgment, or such other indication of personal failure. Martin M. Greller provides a further intrinsic problem — a condition in the group to which the perpetrator belongs. He cites two conditions that help make the problem unshareable.3 •
•
“Peers in the group do not see each other regularly, thus there is “little sense of psychological safety.” The group has weak boundaries and no one can determine for certain whether he or she is in the group and, if so, for how long. The lack of openness and cohesiveness discourages the sharing of problems. A second condition that inhibits problem sharing is the sentient role structure. The group expects certain conduct of its members, including unrealistic expectations of infallibility and self-sufficiency. This makes it difficult for a member to admit to having a problem. There is fear and often an attempt to cover up.”
An extension of the unshareable problem is when rationalization becomes a supporting device for fraudulent group activity. In this case, the group colludes to perpetrate the fraud and thus helps its members to “understand their actions in a positive light.” Second, a group may “covertly aid the fraud even though members obtain no monetary benefit for doing so” (sometimes called “noble cause corruption.” The group is concerned with having a felon as a member, which can be disruptive. So it finds it easier to “look the other way to avoid knowing, and thereby avoids responsibility for taking action.” Because Greller holds that “the state of the group can play an important role in laying the groundwork for fraud,” he believes that auditors should learn about group dynamics and how types of isolation and communication can be indications of “likely settings for fraud.” He believes that junior internal audit staff who are most exposed to group activity should be trained in the analysis of these group activities. Also, David R. Saunders considers management fraud in many instances as being a conceptualization by the perpetrator that it is “merely a perversion of effective management behavior” and that the rewards encourage managers to “operate as closely as possible to the borderline between legality and illegality — the borderline between what is ethical and what is unethical.” And he says some cross over.4 He classifies managers into three groups of pairs. The first group of pairs contains: •
92
Super competitors: fundamentally gregarious, afflicted with an innate unattractiveness, thus losing the involvement they seek, which, however, they could earn. They are effective in their jobs, but find them stressful and they are unhappy. He believes these persons could have unshareable problems. They are “prone to employ psychological projection as a defense
Chapter 8: Behavioral Aspects of Forensic Auditing
•
mechanism and rationalize that management fraud is primarily a perversion of the super competitor.” Super physicians: ideally self-sufficient. Their “real world is their own internal world of thoughts and ideas, they are innately attractive and are targets of other people’s involvement attempts…their primary dedication is to make the external system work so it will continue to afford them their personal intellectual freedom.” The physicians seem unlikely to be perpetrators but “could look the other way” to preserve their personal freedom.
A second group of pairs is composed of “idealists” and “cynics:” •
•
Idealists are like “competitors.” They want to be involved and they experience rejection. They are more sensitive and they “have a much lower threshold for confusion.” They tend to be “unable to ignore significance of reality” and focus their efforts as competitors. They “make a virtue out of necessity.” Cynics are self-sufficient and are attractive to other people. They are “lacking in sensitivity and integrative capacity.” They are capable of the “see no evil” type of idealism. However, after a series of rejections, they believe that the world is out to take advantage of them and ultimately they may try to “beat the world at its own game.” Saunders tends to believe that cynics are more capable of management fraud by fulfilling their wants without providing anything in return.
Finally, Saunders defines a third group of pairs composed of “generalists/specialists” and the intuitive: •
•
Generalist/specialist: Here, Saunders is defining an auditing approach. He believes that generalist auditors “bring to their work only what they have been taught and only to the extent that they have learned it. Other auditors bring more, but normally they are given (taught) only what is believed to be conventional and proper.” In this group, generalists are at a relative disadvantage because they typically have no basis on which to proceed. The specialist group does have some aptitudes (detection of fraud) that can be put to work. Intuitive: Saunders states that even within a group of auditors there will be some who are more adept at detecting fraud because their ability to detect is more of an “intuitive process” and is better than pure guessing. This theory of intuition is fairly common and so far it seems that no one has been able to clearly define it. It perhaps develops from a person’s sum collection of mental notations made of past atypical behavior that over time turns out to be a good indicator of unscrupulous or fraudulent behavior. It is this quirk that can spur the imagination to be sensitive to bits and pieces that, when assembled, can roughly paint a picture of fraud.
Saunders closes by saying that if fraud is “rational, that we should develop punishments sufficient to deter it and to maximize the probability of detection.” If it is “irrational,” then “management must develop control to prevent it and means to disclose it.” In their 1996 supplement to Fraud and Commercial Crimes, Bologna, Lindquist, and Wells describe “high-risk people as being financially overburdened with low self-esteem, who have worked their way into positions of trust, have addictive personalities, can’t manage or trust their own funds, and who rationalize their thefts as ‘borrowing’ or ‘getting even for imagined exploitation’.” As explained earlier,
93
Behavioral Dimensions of Internal Auditing
they describe the methods used by some to maintain meticulous records to support the “borrowing” concept and believe that it can be used as a defense mechanism if caught, so as to show that reimbursement was intended. They believe that people commit crimes of this nature for economic, egocentric, ideological, and psychotic reasons, with “economic” being the most common in crimes of fraud, theft, and embezzlement.5 Indeed, carefully orchestrated psychological defense mechanisms can get operationalized as “plausible deniability” under law. There are more psychological theories relative to explaining criminal behavior. It is postulated that understanding these theories can assist in understanding and treating people who have committed certain crimes. In his collection of theories, Clive Hollins mentions that Reckless and Dimtz (1967) believed self-concept might play a vital role in the development of criminal behavior. He quoted several other sources in support of this concept; that is, Freud and his theories as well as Belly’s theory of maternal deprivation. However, he believes that these latter two seem to have little relationship to fraudulent activity and similar criminological acts.6 Hollins’s “learning theories” seem to have a closer relationship to this type of crime (fraud). As a matter of fact, his discussion of “Differential Association Theory” was proposed by Sutherland and Cressey (1970), two of the social psychologists mentioned before who had performed considerable research in the areas of fraud and embezzlement. He holds that their theories not only “describe the optimal social conditions for producing crime, but also attempt to explain the processes by which the individual becomes a criminal.” Those whose behavior is within these definitions are seen as criminals by the lawmakers. Hollins quotes Sutherland (1947), who states nine postulates to define the process of fraudulent acquisition:7 1.
“Criminal behavior is learned.
2.
The learning is through association with other people.
3.
The main part of learning occurs within close personal groups.
4.
The learning includes techniques to execute particular crimes and also [includes] specific attitudes, drives, and motives conducive toward crime.
5.
The direction of the drives and motives is learned from perception of the law as either favorable or unfavorable.
6.
Persons become criminals…when their definitions favorable to breaking the law outweigh their definitions favorable to non-violation.
7.
The learning experiences — differential associations — will vary in frequency, intensity, and importance for each individual.
8.
The process of learning criminal behavior is no more different from the learning of any other behavior.
94
Chapter 8: Behavioral Aspects of Forensic Auditing
9.
Although criminal behavior is an expression of needs and values, crime cannot be explained in terms of those needs and values. (For example, it is not the need for money which causes the crime, rather the method used to acquire the money: the method is learned.)”
It is through contact with people who hold favorable opinions toward the criminal action that the deviant action is learned. There are considered to be problems with the above postulates; however, Hollins states that Sutherland and Cressey are attempting to resolve them.
Behavioral Techniques of Forensic Auditing8 Fraud prevention and detection are important. The losses resulting from fraud are enormous. Their effect on enterprises can be staggering, and internal auditors have a responsibility to be alert for the existence of fraud and take appropriate action when it is suspected. In short, internal auditors must act as “capable managers” who care deeply about the sustainability of the business model and the long-run preservation of value. The fact that capable managers will not tolerate reprehensible conduct makes them admirable by conscientious employees. Likewise internal auditors’ rooting out wrongdoing should not affect the way they are normally regarded. Indeed, in some internal audit organizations, separate internal audit groups are employed for the detective and protective audit phases. Thus, those performing the regular internal audit functions not related to fraud are not identified with investigative tactics. They are free to carry out participative audits with no tinge of any adversarial relationship. As a matter of fact, many of the inspectors general (IGs) of the federal government and those of state and local governments have a staff of investigators for this protective purpose. These investigators are usually individuals with some type of legal or law enforcement experience. Also, the associated IGs maintain forensic training courses for their staffs and participate in Federal Bureau of Investigation (FBI) and other forensic training sessions. But all auditors must be cognizant of the possibility of fraud and be alert to indications of questionable conduct. When there are such indications, audit management should be immediately informed so that appropriate action can be taken by fraud investigators and/or internal security personnel. Care must be taken, however, that the internal audit organization does not wear the emblem of “fraud investigators.” It is common knowledge that auditors seeking to unravel fraud incidents should think like the person committing the fraud. It is often said, “There is a bit of larceny in all of us.” In other words, “If I were to perpetrate a fraud, how would I do it?” This frame of mind will cause auditors to evaluate the controls set up to protect the weak areas, devise a plan to overcome those controls, and use that plan as the substance of the audit work. The internal auditors will also determine corrective methods to improve the controls in those weak areas. However, this is only part of the behavioral approach. It is conventional wisdom that fraud is composed of three independent factors: • •
A need that cannot be fulfilled with or by an individual’s current resources. A situation of loose controls that would allow the abstraction of resources.
95
Behavioral Dimensions of Internal Auditing
•
A state of mind that does not preclude fraudulent activity.
This trilogy is also related to risk, although it is primarily the second point that is most closely related. Internal auditors must keep these three factors in mind during every audit. They should serve as a sort of backdrop in their consciousness during the course of an audit and also as an element in planning the audit. It should be a state of mind. There are long lists of red flags that have been developed for each of these factors and internal auditors should consider them at the beginning of every audit or at the start of each major element of the audit. Cressey, a researcher of the causation of fraud, especially that of embezzlement, has been credited with developing a series of categories of fraud causes. These categories include:9 • • • •
The incurrence of debt beyond the ability of the individual to liquidate it. Self-image of personal failure. Living beyond one’s means. Revenge for slights by management.
In addition, however, there are three others that are more behaviorally oriented that are worth mentioning: • • •
The feeling that one is not being adequately compensated for one’s contributions to the organization. The consideration of the organization’s fiduciary functions as a game with the miscreant trying to outsmart the established controls. The social justice approach with the thought of equalization of income. The embezzled funds go to the needy (with a slight commission to the perpetrator).
These are aspects that auditors should keep in mind and be alert to any outward manifestations that might lead one to believe that one of these conditions might exist. Each of them could have some behavioral clues that could alert the auditors. Some examples of red flags include: • • •
•
• • • •
96
Constant complaining about inadequate compensation. Complaints about the compensation structure. A reputation for: - Gambling. - Drinking or drug use. Living beyond one’s means: - Automobiles driven. - Housing. - Vacations. Comments about investment activities. Illness (self or family members). Statements about the stupidity of controls. Extramarital affairs.
Chapter 8: Behavioral Aspects of Forensic Auditing
The studies that have been made about the demographic characteristics of fraudsters lead one to believe that no real profile can be developed. Current experience in the Enron era suggests that people (mostly male) in the 30- to 45-year-old group are being indicted for corporate malfeasance. The greed concept and the desire for affluent living seem to be dominant. John D. O’Gara, in an introductory chapter in his book Corporate Fraud, differentiates management fraud from employee accounting-cycle fraud by describing the former as “frequently rational” while the latter is “transactional.”10 He then states that management fraud “involves using positional power” and that the employee-accounting fraud takes “advantage of internal control weaknesses.” His further definition is: Type of Management Fraud
Financial reporting Nonfinancial statement Bribery & corruption Asset misappropriation
By Senior management Nonexecutive management Operating management Administrative management
Method – – Off the books On the books
He states that effective prevention of management, nonfinancial statement fraud depends on the probability of detection and prosecution because management fraud frequently involves override rather than control weaknesses. It usually is kept off the income statement to avoid detection, and if detected, it usually will not be prosecuted. It requires a “broad business perspective that extends well beyond traditional accounting” to be recognized and detected. It is thus “significantly underdetected.” Recognition depends on symptoms and red flags in each organization based on its unique culture and business context.
Attitudes Toward Fraud by Potential Executive Miscreants11 Gillett and Uddin’s study of 139 chief financial officers (CFOs) involved structural equation modeling using five fraud scenarios and asking a specific pattern of questions relative to: • • • • • • • • •
Intention. Attitude. Positive Belief Evaluations. Negative Belief Evaluations. Need for Achievement Subjective Norm. Non Co-workers Group (Opinions). Co-workers Group (Opinions). Compensation Structure. Company Size.
97
Behavioral Dimensions of Internal Auditing
The study used compact disclosure for the sample data and selection as of July 1998 and used only domestic firms. Response was asked from CFOs or, if not identified, from treasurers or CEOs. It was interesting to note that the study disclosed that the usual compensation red flags did not appear to “affect intention for fraudulent financial reporting, contrary to hypothesis.” The authors did say that “the measures used in this study did not accurately capture compensation structure.” However, the study did indicate that “company size emerges as a potentially important red flag for detecting fraudulent financial reporting.” The authors of the study believed that more research was needed to determine why “individuals in larger companies are more prone to report fraudulently.” Following are two paragraphs from the conclusion of the study that indicate specific generalities that are indicative of the results. The reasoned action model performs well in this setting, and the results are similar to those obtained in prior research in other disciplines: a strong Attitude → Intention link and a weaker Subjective Norms → Intention link. The structural path Negative belief evaluations → Attitude proved robust for all models. Since Attitude → Intentions is also a very robust path, making management fully aware of the negative effects of fraudulent financial reporting may help reduce the occurrence of fraudulent financial statements. Given that participants in this study are already high-level executives, strong training and public awareness initiatives by auditors, audit committees, regulators, and legislators may be necessary to create significant change in management perceptions. One disadvantage of all survey research is the potential for non-response bias. Whether non-respondents are in some way significantly different from respondents cannot be answered with any certainty. The overall attitude of the respondents to the financial reporting scenarios was negative. A large majority of the respondents indicated that the behavior was undesirable. Consequently, more respondents also claim that they had no intention of acting out the behavior. Sixty-four percent of the respondents report absolutely no intention of performing the behavior, and 6 percent of the respondents report that they would probably perform the behavior (greater than 50 percent chance). These levels of willingness to contemplate fraudulent financial reporting are consistent with evidence gathered in KPMG’s (1999) 1998 fraud survey, where respondents indicated that fraudulent financial reporting was very low in occurrence but the second most costly type of fraud (following only medical/insurance claims fraud). However, it is still possible that the respondents of our survey may overwhelmingly represent only those people who do not commit fraud. Thus, possible non-response bias, negative belief evaluations of attitudes toward the behavior, and the low value of intention for fraudulent financial reporting potentially limit this study. On the other hand, our sample did include a number of CFOs who were willing to perform the fraudulent behavior. To the extent that our respondents are different from normal CFOs, in that they are possibly more aggressive or deviant, these may in fact be the people we most want to study and understand. Recently, Ramamoorti & Olsen (2007) in their article, “Fraud: The Human Factor” have attempted to describe fraud as a fundamentally human act, and hence, the obvious merit of understanding the
98
Chapter 8: Behavioral Aspects of Forensic Auditing
psychology of fraud. While not addressed to internal auditors, as noted earlier, the article is nevertheless pertinent to those who recognize the truth of the bromide, “Think like a crook to catch a crook.”12
References Donald R. Cressey, “Management Fraud, Accounting Controls, and Criminological Theory,” Management Fraud, Robert K. Elliott and John J. Willingham, eds. (New York: Petrocelli, 1980), 117–122.
1
Sridhar Ramamoorti, “The Psychology and Sociology of Fraud: Integrating the Behavioral Sciences Component into Fraud and Forensic Accounting Curricula,” Issues in Accounting Education, Vol. 23, No. 4, 2008, 521–533.
2
Martin M. Greller, “Management Fraud: Its Social Psychology and Relation to Management Practices,” Management Fraud, Robert K. Elliott and John J. Willingham, eds. (New York: Petrocelli, 1980), 173-175.
3
David R. Saunders, “Psychological Perspectives on Management Fraud,” Management Fraud, Robert K. Elliott and John J. Willingham, eds. (New York: Petrocelli, 1980). 4
G. Jack Bologna, Robert J. Lindquist, and Joseph T. Wells, Fraud and Commercial Crime, 1996 Cumulative Supplement (New York: John Wiley, 1996), 5–6. 5
Clive R. Hollins, Psychology and Crime (London: Routledge, 1989), 34 ff.
6
Ibid.
7
Sawyer et al., Sawyer’s Internal Auditing, 5th Edition (Altamonte Springs, FL: The Institute of Internal Auditors, 2003), 1241.
8
Joseph W. Koletar, Fraud Exposed (New York: John Wiley, 2003), 52–53.
9
John D. O’Gara, Corporate Fraud (New York: John Wiley, 2004), 3–5.
10
Peter R. Gillett and Nancy Uddin, “CFO Intentions of Fraudulent Financial Reporting,” Auditing: A Journal of Practice of Theory (May 2005), 55–75. 11
Sridhar Ramamoorti and W. Olsen, “Fraud: The Human Factor,” Financial Executive (July/August 2007), 49–52.
12
99
The vision of The IIA Research Foundation is to understand, shape, and advance the global profession of internal auditing by initiating and sponsoring intelligence gathering, innovative research, and knowledge sharing in a timely manner. As a separate, tax-exempt organization, we do not receive funding from IIA membership dues but depend on contributions from individuals and organizations, and from IIA chapters and institutes, to move our programs forward. We also would not be able to function without our valuable volunteers. To that end, we thank the following:
RESEARCH SPONSOR RECOGNITION Visionary Circle Paul J. Sobel, CIA
Stephen D. Goepfert, CIA 3M Company Cargill Inc. Chevron Corporation ExxonMobil Corporation Itau Unibanco Holding SA
Chairman’s Circle JCPenney Company, Inc. Lockheed Martin Corporation Microsoft Corporation PricewaterhouseCoopers LLP Southern California Edison Company Diamond Donor IIA Chicago IIA Houston
THE IIA RESEARCH FOUNDATION BOARD OF TRUSTEES
President: Paul J. Sobel, CIA, Mirant Corporation Vice President - Strategy: Mark J. Pearson, CIA, Boise Inc. Vice President - Research: Philip E. Flora, CIA, CCSA, Texas Guaranteed TG Vice President - Development: Wayne G. Moore, CIA, Wayne Moore Consulting Treasurer: Stephen W. Minder, CIA, YCN Group LLC Secretary: Douglas Ziegenfuss, PhD, CIA, CCSA, Old Dominion University Members
Neil Aaron, The McGraw-Hill Companies Jeffrey Perkins, CIA, TransUnion LLC Eric N. Allegakoen, CIA, CCSA, Adobe Systems Edward C. Pitts Richard J. Anderson, CFSA, DePaul University Michael F. Pryal, CIA, Michael Pryal and Javier O. Arrieta, CIA, Laboratorios Farma Associates Sten Bjelke, CIA, IIA Sweden Carolyn Saint, CIA, Lowe’s Companies, Inc. Robert B. Foster, Fidelity Investments Mark L. Salamasick, CIA, University of Texas James A. LaTorre, PricewaterhouseCoopers LLP at Dallas Marjorie Maguire-Krupp, CIA, CFSA, Coastal Elizabeth Samuel, CIA, IIA South Africa Empire Consulting Susan D. Ulrey, CIA, KPMG LLP William Middleton, CIA, New South Wales Carmen Prevost Vierula, CIA, Bank of Department of Education Canada Leen Paape, CIA, Nyenrode Business University Shi Xian, Nanjing Audit University
101
Behavioral Dimensions of Internal Auditing
THE IIA RESEARCH FOUNDATION BOARD OF RESEARCH AND EDUCATION ADVISORS Chairman Philip E. Flora, CIA, CCSA, CFE, CISA, Texas Guaranteed TG Members George R. Aldhizer III, PhD, CIA, Peter M. Hughes, PhD, CIA, CPA, CFE, Wake Forest University Orange County Lalbahadur Balkaran, CIA, Ernst & Young LLP David J. MacCabe, CIA, CGAP, MPA Kevin W. Barthold, CPA, CISA, Gary R. McGuire, CIA, CPA, City of San Antonio Lennox International Inc. Thomas J. Beirne, CFSA, CPA, CBA, John D. McLaughlin, Smart Business The AES Corporation Advisory and Consulting LLC Audley L. Bell, CIA, CPA, CFE, CISA, Steven S. Mezzio, CIA, CCSA, CFSA, CPA, Habitat for Humanity International CISSP, CBA, Resources Global John K. Brackett, CFSA, RSM McGladrey, Inc. Professionals Thomas J. Clooney, CIA, CCSA, CPA, CBA, Deborah L. Munoz, CIA, CalPortland CSP, KPMG LLP Company Kathryn Constantopoulos, CIA, Claire Beth Nilsen, CFSA, CRCM, CFE, Deloitte & Touche LLP CRP Jean Coroller, Ernst & Young LLP Frank M. O’Brien, CIA, Olin Corporation Mary Christine Dobrovich, Amy Jane Prokopetz, CCSA, Jefferson Wells International Farm Credit Canada Susan Page Driver, CIA, CPA, CISA, Mark R. Radde, CIA, CPA Texas General Land Office Vito Raimondi, CIA, Zurich Financial Ana Maria Escalante Penaloza, CIA, IIA Bolivia Services NA Donald A. Espersen, CIA, CBA, Jesus Antonio Serrano Nava, CIA, despersen & associates Banco Azteca Randall R. Fernandez, CIA, Adams Harris Kyoko Shimizu, CIA, The Board of John C. Gazlay, CPA, CCSA Audit of Japan Dan B. Gould, CIA Katherine E. Sidway, CIA, Ernst & Young Ulrich Hahn, CIA, CCSA, CGAP LLP John C. Harris, CIA, Aspen Holdings/ Iva Sucha, CIA, IIA Czech Republic FirstComp Insurance Company Linda Yanta, CIA, Eskom Sabrina B. Hearn, CIA, CPA, CMA, CHFP, University of Alabama System
The IIA Research Foundation Headquarters Support Richard F. Chambers, CIA, CCSA, CGAP, Executive Director David Polansky, Director of Finance Bonnie L. Ulmer, Vice President, Research Joe Sorrentino. Director, Retail Operations Nicki Creatore, Operations Manager Erin Weber, Business Development Manager Arnaldo Diaz, Retail Analyst Lael Reitler, Retail Specialist Susan Dworkis, Research Foundation Administrator
102
relationships. The human dimensions of internal auditing are covered in three parts:
E
I. The Foundations II. Behavioral Skills III. Behavioral Dimensions in Practice
A
Integrity and credibility are foundational to the concept of human dimensions of internal auditing. Internal auditors need to have both to carry out their responsibilities and add value to their organizations in terms of reputation, effectiveness, efficiency, and compli-
R
ance with laws, regulations, and procedures. To be credible — or believable — they must be knowledgeable, trustworthy, and ethical in conduct. This project seeks to make an important contribution to the current understanding of interpersonal relations, communications, and other general behavioral “aspects” in the
C
internal audit profession. It is expected to be of significant interest and relevance to practitioners, academics, and students of internal auditing.
H
Order No. 5015 IIA members US $0 Nonmembers US $40
ISBN: 978-0-89413-684-9
H C R
S
important behavioral dimensions of internal auditors and provides insights on human
A
ing: A Practical Guide to Professional Relationships in Internal Auditing highlights many
E
current thinking across the academic disciplines. Behavioral Dimensions of Internal Audit-
S
the current thinking of many internal auditors on this important topic, and then examined
E
E
of this guide conducted an online exploratory survey of internal auditors to explore some of
A Practical Guide to Professional Relationships in Internal Auditing
R
Internal auditing is very much a relationship and communications business. The authors
Behavioral Dimensions of Internal Auditing: A Practical Guide to Professional Relationships in Internal Auditing
R
Behavioral Dimensions of Internal Auditing: A Practical Guide to Professional Relationships in Internal Auditing
Behavioral Dimensions of Internal Auditing:
10198
10198 RF-Behavioral Dimensions of IA BkCvr.indd 1
5/21/10 9:04 AM