IIARF Behavioral Dimensions of Internal

BEHAVIORAL DIMENSIONS
OF INTERNAL AUDITING
A Practical Guide to Professional
Relationships in Internal Auditing
By
Mortimer A. Dittenhofer, PhD, CIA, CGFM

R. Luke Evans, MA
Sridhar Ramamoorti, PhD, CIA, CPA, CFE
Douglas E. Ziegenfuss, PhD, CIA, CPA, CFE
Disclosure
Copyright © 2010 by The Institute of Internal Auditors Research Foundation (IIARF), 247 Maitland
Avenue, Altamonte Springs, Florida 32701-4201. All rights reserved. Printed in the United States of
America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted
in any form by any means — electronic, mechanical, photocopying, recording, or otherwise — with-
out prior written permission of the publisher.
The IIARF publishes this document for informational and educational purposes. This document
is intended to provide information, but is not a substitute for legal or accounting advice. The
IIARF does not provide such advice and makes no warranty as to any legal or accounting results
through its publication of this document. When legal or accounting issues arise, professional
assistance should be sought and retained.
The Institute of Internal Auditors’ (IIA’s) International Professional Practices Framework (IPPF)
comprises the full range of existing and developing practice guidance for the profession. The IPPF
provides guidance to internal auditors globally and paves the way to world-class internal auditing.
The mission of The IIARF is to expand knowledge and understanding of internal auditing by provid-
ing relevant research and educational products to advance the profession globally.
The IIA and The IIARF work in partnership with researchers from around the globe who
conduct valuable studies on critical issues affecting today’s business world. Much of the content
presented in their final reports is a result of IIARF-funded research and prepared as a service to
The Foundation and the internal audit profession. Expressed opinions, interpretations, or points
of view represent a consensus of the researchers and do not necessarily reflect or represent the
official position or policies of The IIA or The IIARF.
ISBN 978-0-89413-684-9
05/10
First Printing
In Memory of
Lawrence B. Sawyer
1911–2002
Pioneer and
“Father of Modern Internal Auditing”
CONTENTS
About the Authors.........................................................................................................................vii

Acknowledgments......................................................................................................................................xi
Foreword............................................................................................................................................xiii
Introduction........................................................................................................................................... 1
Part I: The Foundations............................................................................................................................3

Chapter 1: Behavioral Foundations of Internal Auditing..............................................................5
Chapter 2: Behavioral Competencies Underlying Essential Attributes......................................17
Chapter 3: Social Behavioral Relationships in Internal Auditing...............................................31
Chapter 4: Behavioral Factors Influencing Internal Auditor/Client Relationships.....................39
Part II: Behavioral Skills........................................................................................................................55

Chapter 5: Communications........................................................................................................57
Chapter 6: Negotiation................................................................................................................67
Part III: Behavioral Dimensions in Practice..........................................................................................75

Chapter 7: Behavioral Aspects of Field Operations....................................................................77
Chapter 8: Behavioral Aspects of Forensic Auditing.................................................................91
The IIA Research Foundation Sponsor Recognition.........................................................................101

The IIA Research Foundation Board of Trustees..............................................................................101
The IIA Research Foundation Board of Research and Education Advisors..............................102
v
ABOUT THE AUTHORS
Mortimer A. Dittenhofer, PhD, CIA, CGFM, is an Emeritus Professor of Accounting at Florida

International University, Miami, Florida. Before retiring, he was the director of the School of
Accounting at Florida International University and a research fellow of The Institute of Internal
Auditors (IIA). He earned a B.A. in economics from Macalester College, St. Paul, Minnesota, MBA
from Northwestern University, and PhD in business administration from American University in
Washington, D.C.
Dittenhofer also taught at American University, Georgetown University, George Washington

University, Catholic University, and DePaul University in Chicago. He practiced internal auditing at
the former Atomic Energy Commission, National Aeronautics and Space Administration (NASA),
the Department of Health, Education, and Welfare, and the General Accounting Office (GAO). At
the GAO, he chaired the work group that developed the first edition of the world-renowned
Government Audit Standards (the Yellow Book). He was a two-term member of the committee that
developed The IIA’s International Standards for the Professional Practice of Internal Auditing.
He is well known for shepherding the publication of the IIA-sponsored textbook, Sawyer’s Internal
Auditing, 5th Edition, published in 2003. He also edited a two-volume annual government auditing
and accounting update reference series and is co-editor of The IIA’s three case study collections on
ethics. Dittenhofer received The IIA’s prestigious Bradford Cadmus Memorial Award in 1985, the
Leon R. Radde Distinguished Educator of the Year Award in 1989, and was the second recipient of
The IIA’s Lifetime Achievement Award in 2002.
Sridhar (“Sri”) Ramamoorti, PhD, CIA, CPA, CFE, is an associate professor of accountancy in
the Coles College of Business at Kennesaw State University in Kennesaw, Georgia. He has more
than 25 years of experience spanning academia, consulting, auditing, and forensic accounting.
Possessing a unique, academic-practitioner background, he is a consultant with Infogix, Inc., a
software-based information controls company, and a vice-president and managing director with
YCN Consulting, LLC, a professional services provider for governance, risk, and compliance
(GRC), as well as internal audit, risk advisory, and forensic accounting services.
A prolific author and contributor to standard-setting efforts in internal controls, Ramamoorti is

an author of the 2009 COSO Guidance on Monitoring Internal Control Systems (see www.coso.org)
and the 2010 ISACA exposure draft on Monitoring Internal Control Systems and IT (see
www.isaca.org). He is a co-author of Internal Auditing: Assurance and Consulting Services (2nd
edition, 2009), a textbook published by The IIA, that has been translated into Spanish and
Japanese, and professional guidance for practitioners such as Sarbanes-Oxley Section 404 for
Small, Publicly-Held Companies (CCH/Wolters Kluwer, 2009) and The Audit Committee Handbook
(5th edition, John Wiley, 2010).
Until recently, Ramamoorti was a partner in the National Corporate Governance Group of Grant
Thornton LLP in Chicago. He led the firm’s thought leadership initiatives in corporate governance
and accountability, assisting with global client pursuits, delivering board and audit committee
vii
Behavioral Dimensions of Internal Auditing
briefings, promoting university faculty relations, and mentoring younger professionals. Before
joining Grant Thornton, Ramamoorti worked at Ernst & Young (EY) in the Fraud Investigation and
Dispute Services (FIDS) practice. He was in-house EY faculty for fraud awareness training of more
than 1,000 EY partners and principals nationally. He spearheaded the development of an EY
proprietary litiga- tion risk management simulation model that attained “patent pending” status with
the U.S. Patent Office. Subsequently, he was also the Sarbanes-Oxley advisor for the EY National
Advisory Practices in North America. Earlier in his career, he was a principal in the Professional
Standards Group of Arthur Andersen, where he consulted on generally accepted auditing standards,
represented the firm on the AICPA Financial Instruments Task Force that produced SAS 92:
Auditing Derivatives, Hedging Activities, and Investments in Securities and an accompanying
AICPA guide, and was a key liaison for the multimillion-dollar Andersen-MIT research
collaboration.
He earned a bachelor of commerce degree from Bombay University, India, and holds MAcc. and
PhD (quantitative psychology) degrees from The Ohio State University in Columbus, Ohio. After
completing his PhD, he was on the accountancy faculty at the University of Illinois at Urbana-
Champaign for a few years. He has published extensively in research and professional journals such
as Management Science, European Management Journal, Research in Accounting Ethics, International
Journal of Accounting, Issues in Accounting Education, Journal of Information Systems, Internal Auditor,
and Financial Executive. He co-authored Using Neural Networks for Risk Assessment in Internal
Auditing (1998) and co-edited Research Opportunities in Internal Auditing (2003), both published
by The Institute of Internal Auditors Research Foundation (IIARF). He has many teaching and
research awards.
Ramamoorti was originally trained as a chartered accountant from India, and holds numerous
U.S. professional certifications (viz., CIA, CPA/CITP/CFF, CFE, CFFA, CFSA, CGAP, CGFM,
CICA, CRP, FCPA). Active in the profession, he is on the Board of Directors of Ascend, Institute
for Business and Professional Ethics (IBPE), Information Integrity Coalition (IIC), and the Board
of Governors of The IIA’s Chicago Chapter. He serves as vice-president (Practice) of two sections
of the American Accounting Association and is a member of The IIA’s Global Ethics Committee.
Currently co-chairman of The IIA’s Global 2010 Common Body of Knowledge (CBOK) study, he is
a past chairman of the Academy for Government Accountability (2005–2008) and a past member of
the Board of Trustees of The IIARF (2002–2008). He has made presentations in the United States,
Brazil, Canada, France, India, Japan, the Netherlands, Qatar, South Africa, Spain, Turkey, and the
United Arab Emirates.
Douglas E. Ziegenfuss, PhD, CIA, CPA, is professor and chair of the Accounting Department at
Old Dominion University in Norfolk, Virginia, where he teaches courses in auditing and coordinates
the Internal Auditing Enforced Program. He holds a B.A. in philosophy/history from Mount Saint
Mary’s College (magna cum laude), an M.S. in accounting from American University, and a PhD in
accounting from Virginia Commonwealth University, along with numerous professional
certifications.
His expertise includes operational, fraud, and information technology auditing, as well as corpo-
rate governance and professional ethics. He has authored or co-authored three books and 25 articles
on audit-related subjects. He regularly presents programs on audit management, fraud, and
quality management issues in numerous locations across the U.S. as well as internationally in
Hong Kong,
About the Authors
Mexico City, Paris, Toronto, and Australia. He has eight years of auditing experience in the public
utility and waste management industries.
Ziegenfuss received The IIA’s prestigious Leon R. Radde Distinguished Educator of the Year Award
in 1996. The Virginia Society of Certified Public Accountants recognized him as their “Outstanding
Accounting Educator” in 1997, and the Association of Government Accountants also recognized him
in 2000 as one of the most influential chapter members during its first 50 years for starting a student
chapter. From 2005 to 2009, Virginia Business designated Ziegenfuss a “Super CPA” educator.
His service to the auditing profession includes national board membership on The IIA’s Board of
Research and Education Advisors and as a trustee and secretary of The IIARF. Before that he served
as vice chair of The IIA’s Academic Relations Committee. Ziegenfuss has served on the board of
The IIA’s Tidewater Chapter and is a former chapter president. He also chaired the 1997 IIA Mid-
Atlantic Conference.
R. Luke Evans, MA, provides project coordination services for not-for-profit organizations as an
independent professional living in the Boston, Massachusetts area. He holds a B.B.A. in accounting
from the University of Toledo and an M.A. in educational policy and leadership (focused on
business administration curricula) at The Ohio State University.
Upon earning his bachelor’s degree, Evans served on the audit staff at Price Waterhouse & Co. and
later developed a public accounting practice serving small business clientele. Eventually he
expanded his experience into commercial credit analysis and lending at the Huntington National
Bank and BancOhio National Bank in their small business divisions.
Following several years in business, he entered graduate school at The Ohio State University to
study the teaching of ethics in business administration curricula, earning his master’s degree. He
continued with doctoral study into the contemporary moral and political philosophies that underlie
curriculum practices in higher education, satisfying his coursework and comprehensive exam
requirements. He then entered higher education administration at Ohio State, after which he
returned to post-graduate study to pursue human resource development at the University of
Illinois, Urbana-Champaign. While at Illinois, he collaborated with Sridhar Ramamoorti on a paper
titled “Strategies for Effective Learning: Insights of Research and Scholarship in Business
Education,” which was presented at DePaul University.
ACKNOWLEDGMENTS
We would like to thank the anonymous reviewers of the Board of Education and Research Advisors
(BREA) who undertook the review of this monograph in their spare time, along with the staff of The
Institute of Internal Auditors Research Foundation (IIARF) for their patient understanding of the
vagaries associated with author life events over the course of the project.
In addition, we would also like to express our appreciation and thanks to many outside
individuals who graciously and voluntarily provided feedback on various drafts of this
monograph: Andrew Bailey, Usha Balakrishnan, Gregory Capin, Daniel Gaffney, Marjorie
Maguire-Krupp, Denis Posten, Mohammed Siddiqui, Warren Stippich, Roxanne Torak, and
Richard Whitehead.
xi
FOREWORD
As an integral part of a complex web of relationships within an organization, contemporary internal

auditing involves significant social interaction between auditee and client. Auditor/auditee/client
interactions occur in organizational settings through both face-to-face and written communication.
Indeed, internal auditing is very much a relationship and communications business. This guide high-
lights many important behavioral dimensions in internal auditing and provides insights on human
relationships.
The nature, scope, and extent of auditor/auditee/client interactions lie at the very core of internal
audit assurance and consulting activities. Most internal audit practitioners would agree that
mastering interpersonal and communication skills, often called “soft skills,” is important. Soft skills
typically include the ability to share information, make persuasive arguments, negotiate agreements,
and demonstrate passion for change, while simultaneously understanding different roles and
responsibilities, empathizing with others, acting with integrity, and relating well with others from
all levels of the organization. To employ all these skills effectively in everyday situations, internal
auditors need to possess high degrees of emotional and social intelligence.
Social and behavioral disciplines such as psychology, social psychology, sociology, and cultural
anthropology seek to provide understanding and insight on the nature of such “soft skill” interactions
among people in various social and cultural settings. 1 For a few decades now, the behavioral dimen-
sions of internal auditing have received little systematic exploration in the professional and academic
literature.2 Given that behavioral considerations carry so much importance in the day-to-day prac-
tice of internal auditing, the authors conducted an online exploratory survey of internal auditors to
explore some of the current thinking of many internal auditors on how they perceive the social and
behavioral disciplines as informing the practice of internal auditing.
Anyone harboring doubts about the importance of this subject to internal auditing should consult
Summary of the Common Body of Knowledge 2006 (CBOK 2006) by The Institute of Internal
Auditors Research Foundation (IIARF) and read the section on internal auditor skills.3 It
identifies a list of critical behavioral skill sets relevant to the audit staff, senior supervisors, and
audit managers. The authors of CBOK 2006 state, “Practitioners consider almost all of the
behavioral skills listed to be important to [the performance of] their work at their current
position….”
In the spirit of The IIARF’s 2003 Research Opportunities in Internal Auditing (ROIA),4 this project
on the behavioral dimensions of internal auditors also seeks to make an important contribution to
the current understanding of interpersonal relations, communications, and other general behavioral
“aspects” in the internal audit profession. It is expected to be of significant interest and relevance to
practitioners, academics, and students of internal auditing.
xiii
References
1
Sridhar Ramamoorti, “Internal Auditing: History, Evolution, and Prospects,” in Andrew D. Bailey,
A.A. Gramling, and Sridhar Ramamoorti (eds.), Research Opportunities in Internal Auditing (ROIA)
(Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 2003).
2
See Victor Brink, 1965; Frederic E. Mints, 1972 and 1981; and Robert K. Mautz and others, 1984
for earlier treatments of this general topic.
3
Priscilla A. Burnaby, Mohammad J. Abdolmohammadi, and Susan S. Hass, A Global Summary of
the Common Body of Knowledge, 2006 (Altamonte Springs, FL: The Institute of Internal
Auditors Research Foundation, 2007), 34–35.
4
Andrew D. Bailey, A. A. Gramling, and Sridhar Ramamoorti (eds.), Research Opportunities in
Internal Auditing (ROIA) (Altamonte Springs, FL: The Institute of Internal Auditors Research
Foundation, 2003). Available online from www.theiia.org.
INTRODUCTION
Integrity and credibility are foundational to the concept of behavioral dimensions of internal
auditing. Internal auditors need to have both to carry out their responsibilities and add value to their
organizations in terms of reputation, effectiveness, efficiency, and compliance with laws,
regulations, policies and procedures. To be credible — or believable — they must be knowledgeable,
trustworthy, and ethical in conduct. They must adopt a fundamentally right way to behave based
on their individual set of personal values.
The concepts of ethical behavior govern the procedures conducted during an audit, including profes-
sional competence, appropriate amount of fieldwork, objective consideration of the information
disclosed, fairness and impartiality of the conclusions reached, and truthfulness of reporting. Ethics
is an underlying driving force that governs the entire audit process. The audit results help determine
the integrity and credibility of the internal auditors.
Collective ethical behavior works in the best interests of the entire organization and its stakeholders.
Throughout the audit process, internal auditors are responsible for being technologically current,
using the most sophisticated and appropriate methods available, and reporting fairly and honestly.
They also are obligated to perform in the best manner possible — with empathy for the client’s
thoughts and feelings.
Today’s internal auditors encounter a diversity of ethical concepts due to globalization and
the many cultures represented by more than 160 countries in which The Institute of Internal
Auditors (IIA) has practicing members. 1 Despite this diversity, the following three general spheres
might be useful for understanding the ethical complexities of behavior in human relationships:
• Personal — Ethics of Love and Friendship: Morality2

• Private/Professional/Fiduciary — Ethics of Duty and Responsibility: Propriety of Office
or Position3
• Public — Civic Ethics (and Honor): Loyalty to State (Adherence to Codes of Conduct)4
In all three spheres, ethics have separate historical and cultural origins interwoven together in
complex ways,5 especially considering the global economy. Beginning with the personal, each
ethical sphere seems to build upon the other.
Organizations are morally and legally bound to protect the best interests of their investors, the
employees who run the day-to-day operations, and the customers who rely upon the quality of goods
or services. The IIA’s Code of Ethics guides internal auditors in their efforts to support the effective-
ness of an entity’s risk management, control, and corporate governance activities through four basic
principles: (1) integrity, (2) objectivity (along with organizational independence), (3) confidentiality,
and (4) competency.
1
The principles of the Code of Ethics fall within the private/professional/fiduciary sphere of ethics of
duty and responsibility, or the propriety of office or position. When internal auditors practice these
basic principles, the Code of Ethics is more likely to be realized in the public sphere.
Against this backdrop, the behavioral dimensions of internal auditing are covered in three parts:
I. The Foundations
II. Behavioral Skills
III. Behavioral Dimensions in Practice
Part I focuses on the foundations, which include behavioral foundations of internal auditing (Chapter
1), behavioral competencies underlying essential attributes (Chapter 2), social behavioral
relationships in internal auditing (Chapter 3), and behavioral factors influencing internal
auditor/client relationships (Chapter 4). Part II discusses specific behavioral skills that internal
auditors typically use to actualize the points discussed in Part I — communication (Chapter 5) and
negotiation (Chapter 6). In Part III, behavioral dimensions in practice are discussed in the context of
field operations (Chapter 7) and forensic auditing (Chapter 8).
References
1
Common Body of Knowledge (Altamonte Springs, FL: The Institute of Internal Auditors Research
Foundation, 2006).
Harry Redner, Ethical Life: The Past and Present of Ethical Cultures (Lanham, MD: Rowman &
2
Littlefield, 2001), 49–68. Adapted.

3
Ibid, 85–103. Adapted. A fiduciary is someone who has undertaken to act for and on behalf of
another in a particular matter in circumstances that give rise to a relationship of trust and confidence.
Thus, a fiduciary duty is a legal or ethical relationship of confidence or trust between two or more
parties. (See Bristol & West Building Society v Mothew [1998] Ch. 1 at 18 per Lord Millett.)
4
Ibid, 67–85, 103–126. Adapted.
5
Ibid, 137.
PART I
THE FOUNDATIONS
CHAPTER 1
BEHAVIORAL FOUNDATIONS
OF INTERNAL AUDITING
For decades, conventional wisdom regarded the process of internal auditing as an unpleasant neces-
sity. Adversarial relationships between the auditor and auditee 1 were the norm, and the participants
tended to accept it and make do with the resulting discomfort, fear, stress, and angst.
Toward the latter half of the 20th century, however, some internal auditors with backgrounds in
areas other than purely financial auditing believed this adversarial relationship need not always be a
given. They saw that service juxtapositions present in other financial situations often created positive
relationships between parties. They realized that if relationships could be modified to include
service and contribution objectives, the adversarial aspect could be alleviated.
These internal auditors realized that maintaining independence 2 was paramount to the integrity of the
audit process; without it, the audit would amount to nothing more than a study. But they believed
that with the proper attitude of objectivity and impartiality, integrity could be maintained even in a
cordial atmosphere. They recognized that they had an ethical responsibility to add value to their
organization, its shareholders, and to society, but also believed that this responsibility extended
to the auditee (or client of a consulting engagement) as well.
Some internal auditors, especially those who had not been exposed to the strict inflexible dogma of
existing auditing mantra, saw opportunities to experiment with behavioral approaches. They began
to suggest to auditees that the internal audit process might be useful in helping to resolve
problems that were confounding them and their organizations. Many of these early experiments
were successful and resulted in surprised but satisfied auditees. Word spread on both sides.
Auditees became more accepting and less concerned with the concept of the audit. Internal auditors
were more comfortable with the improved candor, reactions, and acceptance of the auditees.
Internal audit executives were impressed and envisioned further improvements in auditor/auditee
relations and productivity. Some of the internal audit literature began to include behavioral
content, and more lectures and professional papers devoted more attention to the approach. The
transition, at least in this experimental and discussion stage, seemed to feed on itself and grow.
Some practitioners with backgrounds in social and behavior disciplines became eager to apply some
of the appropriate aspects to the mundane world of internal auditing. Hovering over these
evolutionary concepts, however, was the constant concern of fraud and malfeasance (not to mention
misfeasance and nonfeasance) and the possibility that this new approach might dull the internal
auditors’ perceptions, making them less alert to inappropriate behavior.
5
Behavioral Roles of the Internal Auditor

Internal auditors play many roles in the performance of the internal audit activity. These roles are not
always clear-cut to internal auditors, auditees/clients, or management. For instance, these roles are:
• Prescribed by management or the audit committee of the board of directors.

• Envisioned by internal auditors based on prior experience, education, current thinking, and
judgment.
• Performed by internal auditors resulting from environmental factors and current
conditions experienced during the audit process.
• Contemplated by the client based on the client’s previous audit experience and current
thinking of operational functions and management.
• Experienced by the client during the audit and may vary from the activities that the client
had expected, being better or worse than that contemplated.
Internal auditors should be aware of the complexity and impact of role performance. They should
be empathetic as to possible confusion and even antipathy in the mind of the client regarding perfor-
mance. And they should, when possible, explain apparent divergence from the usual expectations. Of
course, where evidence of malfeasance appears, the role changes to one of a more
forensic/adversarial approach where more sophisticated explanations to the client would be
necessary and appropriate.
Spencer Pickett identifies a series of uniquely different behavioral roles that he believes internal
auditors should perform:3
• Public Relations: Convincing the client that the internal audit process can be a helpful
process and that the auditor hopes to contribute to the success of the client’s operation.
Even in cases when the client is antagonistic, the internal auditor should try to identify
areas where the client and the auditor have common objectives and where the auditor can
help.
• Marketing: The auditor tries to identify the client’s needs and then sells the client on how
the audit can respond to these needs.
• Change Management: Providing recommendations for change is basic to the internal
auditor and is one of the basic objectives of internal auditing (i.e., the enhancement of the
efficiency, effectiveness, and compliance aspects of client operations).
• Crisis Management: The internal auditor has universally been considered a perpetual
designee for unique problems that arise. The internal auditor’s general experience makes
him or her a clear candidate for such special projects and damage control jobs. However,
care must be exercised that this urgent task does not overpower the basic objective of
internal auditing.
• Obstructive Management: This role sets the internal auditor in a position to remove
obstructive management approaches and to align them with the organization’s basic
objectives.
The Management View

During the audit, internal auditors should take a managerial approach to problems. 4 They should
downplay insignificant findings, search for the causes of significant ones, and work with operating
Chapter 1: Behavioral Foundations of Internal Auditing
managers to correct controls and other weaknesses. Internal auditors should keep in mind that opera-
tion personnel usually have a pretty good idea of what is going on. No matter what ideas the auditors
may have about improvements, chances are good that operations personnel have already considered
them. Relations are improved immeasurably when internal auditors consider these ideas, filter them
through their own experiences, modify them if necessary, and then present them to management as
the result of a team effort between the client and auditor.
In cases where the client identifies issues during the audit, it must be made clear from a behavioral
perspective that the impetus for the audit work and implementation of recommendations came from
the client, the identification of the issue was client-oriented, and the internal auditor served the client
by helping to resolve the issues. The language should be clear so there is no audit superiority, hubris,
or condescension. The client should be given credit where deserved.
During the reporting phase, for behavioral reasons, no finding should be formally reported that has
not been thoroughly discussed beforehand with client operating management. Weaknesses should
not be overstated. Nitpicking should not appear as findings in the formal audit report. Again, credit
for outstanding achievements by the client should be given a prominent place in the report.
When a client disagrees with the auditor’s comments, the client should be given the opportunity to
present his or her side of the discussion for two reasons: to present the opposing viewpoint, and to
give management enough information to make a decision about which way to proceed. This general
approach can go a long way toward promoting positive relationships and outcomes with the client.
A New Way of Thinking

A new way of thinking about management has evolved: a migration from “command and control” to
“learning.” Rod Collins, who has described this migration, writes:
In today’s business, formal controls, such as policies, procedures, written authorizations,

organization charts, and chain of command practices are less valuable and effective than
informal controls, which include intangible attributes such as ethics and values, corporate
culture, trust, teamwork, open communication, and professionalism.5
Collins goes on to illustrate this migration in internal auditing by comparing the traditional command
and control audit approach with the newer control self-assessment (CSA) learning approach. Not
surprisingly, the congruence of soft controls requires supporting soft skills such as interpersonal
communications.
CSA has received much attention and is being practiced in many organizations. The Institute of
Internal Auditors (IIA) recognizes its importance and now sponsors the Certification in Control Self-
Assessment (CCSA) designation. It is a method based on group assessments of (1) areas where there
are control deficiencies; (2) the root causes of the deficiencies; (3) the changes in the operation that
will resolve the deficiencies; and (4) a follow-up review to determine whether the deficiencies have
been cured. This method, developed initially in Canada by Bruce McCuaig with Paul Makosz at Gulf
Canada Resources,6 has permeated the entire global arena of internal auditing. The method produces
groups of employees, well diversified horizontally and vertically, who, based on their experience and
control skills, identify areas where control is absent or faulty and develop corrective procedures. One
7
of the interesting facets of the method is the thesis that the original control concepts themselves may
be faulty and can be improved.
Collins further explains the contrast between the traditional audit approach and CSA as:
Traditional auditing relies on a judgment model, where auditors perform transaction anal-
ysis based primarily on the examination of records and one-on-one interviews with
key players involved in the function under review…. They advance their own
understanding so that they can identify problems, formulate findings, and recommend
corrections for deficiencies in their audit reports….
Conversely CSA employs a group-learning model. Auditors guide participants through

process analysis. The knowledge of the individuals and various group exercises enhances
each participant’s understanding of the whole process under review.7
Collins then says that the internal auditor will be more of a “facilitator of change” than an “overseer”
and become an “educator” using “learning models that advance employees’ capacities for self-
control and contribute to the development of the organization’s shared vision.” This will “focus on
effective informal controls through a team learning process.” He concludes by saying that this new
approach “will be organized around the corporate skills and processes necessary to maintain integrity
in the midst of constant change.” Also, CSA encourages business process risk owners to take interest
and responsibility and encourages participative decision-making in risk and control mapping
exercises. The transition in approaches from traditional internal auditing to CSA is a substantive
change and involves a basic psychological shift for internal auditors.
Objectivity
Independence in internal auditing comprises two basic factors: organizational placement and objec-
tivity. The former is reasonably easy to establish because special position can be set by arrangement
within the formal organizational structure (see Chapter 3). However, objectivity is a different matter.
Objectivity is a state of mind; an individual’s behavior that is subject to many pressures, both
internal and external, that can have varying influence on the internal auditor’s personality and
reaction to different situations.
Bias, of course, is a serious threat to objectivity. The adverse effect of bias has been identified in the
Generally Accepted Government Auditing Standards (GAGAS) set by the U.S. General Accounting
Office (now the U.S. Government Accountability Office) in 1972 8 and also by the internal auditing
standards issued originally by The Institute of Internal Auditors in 1978. Both sets of standards
have since been modified to make them more precise; however, the section on bias is still an impor-
tant element of each. Bias comes into play through psychological feelings of the individual, such as:
• Reactions to gender — perceived opinions as to competence, or acceptance.

• Reactions to ethnic origins — as to competence, or as to acceptance.
• Reactions to physical characteristics — appearance, dress, stature, speech.
• Reactions to economic aspects of the client — impressions, awe, dependence.
• Family relationships — nepotism; limited consideration of issues.
• Former personal involvement in the issue — participation, managing, auditing.
• Self-serving or unconscious bias — where internal auditing will benefit.
On the other hand, there can be outside social pressures that also could result in biased reactions.
These pressures can be classified as those:
• Impacting the internal auditors’ observed professional performance.

• Impacting the internal auditors’ anticipated economic condition.
• Relating to the internal auditors’ perceived professionalism by others.
• Impacting client/auditor relationships with attribution to the internal auditors.
• Creating possibility of job loss (e.g., replaced by outsourcing providers).
Bazerman et al.9 state that it is psychologically impossible for an (internal auditor) to be independent
and objective because of pressures caused by senior management’s power to “hire and fire auditors
at will.” When the internal auditor is hired by and reports to the audit committee of the board of
directors, this psychological barrier is somewhat neutralized. Also, in some cases there may be an
antagonistic relationship between the internal auditor and the client that can be a threat to objectivity
(especially in a situation when the client is in an important and essential position).
Professional Skepticism
Professional skepticism is an essential element of the internal auditor’s package of skills and an
ingredient that must be continually developed and “listened to.” 10 Often one hears about the
auditor’s sixth sense or gut instinct. Internal auditors practice a skeptical approach that hovers over
the entire audit process and that some pundits label the “smell test.” “Something smells bad here,
let’s look further into it.” Sometimes the further investigation is productive, sometimes not.
However, it should be an essential element of the audit process. How is this sixth sense developed?
Of what does it consist? How should it be used? The explanation is logical but not so simple. It is an
approach that most of us have to a varying degree as a matter of self-preservation. All one has to do
is shift the objective from personal safety to an objective evaluation of what will be encountered in
the internal audit work.
The internal audit process is based on the collection of information. We usually think of information
as an accumulation of data taken from records, business papers, reports, etc. However, information
for internal auditors is a far broader concept. It also includes:
• The result of observations such as the condition of assets: cash, buildings, inventories, and
so on.
• Management’s verbal and written assertions as to the current condition of the
organization, including financial aspects.
• Any other items on the auditor’s sensory “equipment” that can be converted into relevant
information concerning the object that is the subject of the audit.
• The auditor’s anticipation as to what the future holds for the client’s operation based
on known or suspected information and filtered through his/her experience or past
observation, or informed knowledge.
The sum of these inputs creates patterns that, in the mind of the internal auditor, have some signifi-
cance. Based on the auditor’s experience and intellectual inventory, the patterns are converted
into potential specific situations or pictures that must be interpreted as normal, good, bad,
potentially dangerous, etc. It is this process that can become the substance of stimulation for a
skeptical state of mind. The degree of skepticism becomes the determinant as to the action that the
internal auditor will or should take.
However, recorded data also can be converted to information as it is processed through our
conscious and psychological systems. It can be converted into mental models that can be interpreted
and evaluated as to meaning and significance.11
The Professional Evaluation Process

What actually happens, frequently as a subconscious process, is the internal auditor’s evaluation as
to the credibility of what he or she is observing. This process can be a six-part activity, though it may
take place as a single or closely related series of steps. The elements are:12
1. The purpose or goal of the evaluation — should we accept the results, the statement, projections,
the cause, or the reasons?
2. The establishment of a series of norms. In his experience, what has the internal auditor seen like
this? What were the outcomes of those experiences?
3. What will be the results of accepting the projected actions, procedures, or products?
4. How does this compare with one’s previous experience? Is there a pattern here and how does
that pattern relate to those that have been seen before?
5. What is one’s opinion or judgment based on the above? Are the differences material? Are there
any ameliorating aspects? Based on prior experiences, observed situations, aspects, etc., what are
one’s projections, opinions, or judgments?
6. If there are differences, should one report them? If so, how should one report them and to whom?
The results of the above may be a feeling of uneasiness that prompts some kind of action. If so, the
internal auditor has several options:
1. Report the situation with the reasons for questioning.
2. Expand the examination using past criteria or norms as guides for further work.
3. Point out to the client the situation and the reason for questioning it and ask for further
explanation.
4. Accept the situation and live with it on the basis of lack of materiality.
We want to make a point about the norms in option 2. This criterion could be the result of:
• An identical or similar situation in the internal auditor’s past experience with a different
result.
• A logical comparison in the internal auditor’s mental processes where the results were
other than that projected by the client’s current processes.
• A logical comparison of the elements of the situation where the projected results are
different from those in the client’s projection.
The unique aspects of the above norms are that the mental process is not only cognitive but also
an affective activity, a sensitivity or feeling that something is amiss. Some would call it an “intuitive
process” that may include “somatic markers” and emotional drivers.13
Source Credibility
Internal auditing functions on a foundation of information — good and bad. There could be several
sources of information that may appear to be good; nevertheless, it is important for internal
auditors to establish their credibility. Information can come from the following behavioral and
auditing methods:14
• Interviews
• Observation
• Documentation review
• Results of analysis
• Rationalization and cognitive processes of the auditor
Undoubtedly there are others; however, there are several points relative to each of the above that
internal auditors should keep in mind and evaluate when using these methods.
• Interviews
o Does the source actually appear to be knowledgeable about the accuracy of the
information?
o Does the source gain any advantage in providing false information?
o Does the source actually understand your request?
o Are there pressures on the sources to provide false information?
o Can the auditor observe subliminal physical reactions that indicate the
information may be false?
o Can a good understanding of proxemics (body language subtext and other nonverbal
behaviors) assist?
o Can cross-questioning provide responses that conflict?
• Observation
o Is the auditor viewing the entire range of the subject matter?
o Is the auditor knowledgeable as to what is being observed?
o Could there be quantity and quality differences of which the auditor is unaware?
o Is there evidence of adequate control, if control is an issue?
• Documentation Review
o If documents are from outside sources, are they original and can their contents be
independently verified?
o If data outputs are from computer systems, are these electronic systems tested for
validity and reliability under a system of sound internal controls?
o If visual outputs are from photographic systems, are these systems credible and
dependable under a system of sound internal controls?
• Results of Analysis
o Are the analytical methods appropriate for the intended result?
o Are the analytical methods accurate?
• Auditor’s Own Rationalization and Cognitive Processes
o Is the auditor being objective in the interpretation of the information?
o Is the auditor aware of his or her own emotions or non-rational self ?
o Is the auditor aware of any tendencies to interpret information using false
rationalization or irrational thinking?
The final method is especially important from the perspective of psychology — the importance of
“knowing thyself” (often called “self-insight” in behavioral literature). 15 The auditor’s willingness to
ask these questions in his or her mind as a guide while engaged in these methods is essential toward
bringing credibility to the audit process.
“Why Good Accountants Do Bad Audits”

M. H. Bazerman et al.’s seminal article, “Why Good Accountants Do Bad Audits,”16 describes a
series of situations, with behavioral aspects that clouded the auditors’ minds and caused
problems or at least confused their approach to the performance of the audit. The article identified
these situations as “Roots of Bias.” The article identifies this “bias” as “self-serving human
behavior.”
It is a basic theory that we all have self-interest, a desire for achievement and success. We also see
ourselves as knowledgeable in our own areas of interest, and we tend to interpret our former asso-
ciations — physical, mental, theoretical, and environmental — as contributing to this pre-conceived
status. Thus, we tend to interpret what we see and experience as contributing to this pattern of self-
interest. It becomes a foundation piece of reinforcing our own observation of our ability to observe,
analyze, and identify situations; however, the analysis is tainted with the feelings of personal
achievement and self-satisfaction.17
An important second aspect of the “Roots of Bias” is the “discounting of facts that contradict our
conclusions.” This aspect is related to our arriving at conclusions as to the causes and effects of
observed activities of the client and then trying to support these conclusions, rather than trying to
evaluate the conclusions by searching for the minuses as well as the pluses. It could be related to
lazy thinking; but in reality it is a conviction that our first conclusion is best and correct — and we
are loath to destroy that analysis.
The third element relating to bias is the “embracing of facts supporting our own viewpoints.” This
aspect is somewhat like the above item; however, it is really a matter of interpretation. We start with
an analytical approach with an unconscious foundation of what we expect to find — based on our
predetermined viewpoint — possibly based on previous experience or knowledge. From then on we
tend to interpret what we find as support for this conclusion. We also tend to discredit opposition as
minor or unsupportable.
The article also mentioned three aspects that “amplify unconscious bias” as:
• Familiarity — that auditors are less willing to find discrediting information on individuals
or (functions or) organizations that they know well. (parenthesis added) This bias should
preclude the auditors from auditing an organization of which they were a part, or auditing
a manager under whom they served.
• Discounting — the fact that “immediate consequences tend to receive more emphasis than
delayed outcomes, particularly when the delayed outcomes are uncertain.” This could be
tied to a matter of self-preservation, as the delayed outcome may never come about.
• Escalation — “minor indiscretions and errors created by unconscious bias may evolve
into conscious corruption.”
Another more complex form of bias of which internal auditors need to be aware is the possible pres-
ence of in-group bias or, as it is more commonly known, “groupthink” bias. Irving Janis, who
has studied this extensively, defines this as:
“A mode of thinking that people engage in when they are deeply involved in a cohesive
in-group, when the members’ strivings for unanimity override their motivation to realisti-
cally appraise alternative courses of action.18
Essentially this type of bias includes the individual biases described earlier; however, these biases
can manifest themselves collectively among the group’s members within its norms, especially when
its members share similar social and cultural backgrounds. In addition, when situations create
tensions in the group, junior members might become reluctant to raise controversial points they
believe need to be raised for fear of looking inexperienced or naïve and to protect their membership
in the group.
Janis suggested several ways groups might mitigate the effects of in-group bias:19
1. Group leaders assign each group member the role of “critical evaluator,” allowing each to air
doubts and concerns openly (though this might not be practical with those who exercise
autocratic leadership styles).
2. Senior group members avoid expressing opinions when group tasks are assigned.
3. The organization sets up independent groups to work on the same problem.
4. Group leaders create the climate focused on achieving effectiveness by seeking and examining
effective alternatives.
5. Group members individually discuss the group’s ideas with trusted people outside the group.
6. Group leaders invite outside experts into meetings where group members are allowed and
encouraged to discuss with and question these outside experts.
7. Group leaders assign at least one group member the role of devil’s advocate on a rotation basis.
While further study is required by social psychologists, sociologists, anthropologists, and others, this
complex area crosses over several domains of inquiry. But a general awareness of the features of in-
group bias perhaps can help mitigate the insidious power of such a potentially strong bias in orga-
nizations.20 Group behavior is discussed further in the next chapter as we note the difference between
individuals and groups and the roles individuals play within the behavioral dynamics of groups.
References
1
Both terms “auditee” and “client” are used interchangeably. “Auditee” refers traditionally to persons
in organizational units subject to internal audits. “Client,” a more contemporary term for auditees,
conveys an implicit notion that auditees are to be treated as persons (thereby working in everyone’s
best interests). Used more traditionally, “client” refers to management who “retain” (internal) audi-
tors for specific engagements. In many organizations, the chief audit executive (CAE) functionally
reports to the chair of the audit committee of the board. To the extent that many internal audit
engagements are undertaken at the behest of the audit committee, they too constitute a “client” of
internal auditing. See also L. Braiotta Jr., R. T. Gazzaway, R. H. Colson, and S. Ramamoorti, The
Audit Committee Handbook, 5th ed. (New York, NY: John Wiley & Sons, 2010), 225–226.
2
Because internal auditors within an organization are not “independent” as to the organization,
increasingly, the term “objectivity” is used to refer to their state of mind. It should be noted,
however, that while in-house/in-sourced internal auditors may not be independent of their
organization, nevertheless they are required to be independent of the activities they audit.
3
Spencer K. H. Pickett, The Internal Auditor Handbook (Chichester, UK: John Wiley, 1997), 85–86.
4
Sawyer et al., Sawyer’s Internal Auditing, 5th Edition (Altamonte Springs, FL: The Institute of
Internal Auditors, 2003), 1243.
5
Rod Collins, “Auditing in the Knowledge Era,” Internal Auditor (June 1999), 26–31.
6
Jack J. Champlain, Auditing Information Systems, 2nd ed. (Hoboken, NJ: John Wiley, 2003), 212.
7
Collins, 26–31.
8
The first author of this monograph, Mortimer A. Dittenhofer, was the chairman of the inaugural
GAO Committee that produced the first edition of the generally accepted government auditing stan-
dards (GAGAS), commonly known as the “Yellow Book.”
M. H. Bazerman et al., eds., Environment, Ethics, and Behavior: The Psychology of Environmental
9
Valuation and Degradation (San Francisco, CA: New Lexington Press, 1997).
This section is drawn primarily from a commencement address delivered by Mortimer A.
10
Dittenhofer, then retiring professor and Department of Accounting chair, to the graduates of the
College of Business Administration at Florida International University in Spring 2000.
11
Indeed, Ramamoorti and Traver have argued that risk assessment by seasoned internal auditors is
a “pattern recognition” problem. They proceed to show how such pattern recognition tasks can be
accomplished more formally (i.e., mathematically) by leveraging artificial intelligence (AI)
technology such as neural networks. See Sridhar Ramamoorti and Richard O. Traver, Using Neural
Networks for Risk Assessment in Internal Auditing: A Feasibility Study (Altamonte Springs, FL: The
Institute of Internal Auditors, 1998).
12
Charles W. Schandl, Theory of Auditing (Houston, TX: Scholars Book Company, 1978), 2–3.
13
See recent research by Antoine Bechara, Hanna D’Amasio, and Antonio R. D’Amasio, “Emotion,
Decision Making, and the Orbitofrontal Cortex,” Cerebral Cortex, 40 (2000), 295–307, on emotion-
based decision-making.
cf. Discussion on sources of evidence in R. K. Mautz and H. A. Sharaf, The Philosophy of Auditing
14
(Sarasota, FL: American Accounting Association, 1961).
B.A. Reilly and M.E. Doherty, “The Assessment of Self-Insight in Judgment Policies,”
15
Organizational Behavior and Human Decision Processes, Vol. 53 (1992), 285–309.
M. H. Bazerman, G. Lowenstein, and D. A. Moore, “Why Good Accountants Do Bad Audits,”

16
Harvard Business Review 80, No. 11 (November 2002), 96–103.
Confirmation bias, a technical term describing “selective perception,” is the tendency to “see what
17
one wants to see.”
18
Irving Janis, Victims of Groupthink (Boston, MA: Houghton Mifflin, 1972), 9.
Ibid, 209–215.
19
20
For a fuller review of cognitive biases and the use of heuristics in judgment and decision-making,
please see Daniel Kahneman, Paul Slovic, and Amos Tversky, Judgment Under Uncertainty:
Heuristics and Biases (New York: Cambridge University Press, 1982).
CHAPTER 2
BEHAVIORAL COMPETENCIES
UNDERLYING ESSENTIAL ATTRIBUTES
The conduct of the internal audit function relies upon highly trained and experienced personnel to
interact with, review, guide, and judge the actions of others in the performance of their responsi-
bilities. While internal audit personnel need to understand and rely on their knowledge of current
technology, it is their behavioral competencies that often determine the extent of successful
outcomes of assurance and consulting activities. Therefore, in addition to knowledge of current
auditing technology, the internal auditor needs to attain and continuously develop reasonable
knowledge of these behavioral competencies to guide the effective use of accounting and auditing
principles and administrative practices in the internal audit function.
In the first section we discuss behavioral dynamics and behavioral economics that are important
antecedents to studying human behavior. In the second series of sections we discuss three different
approaches to ethics that constitute much of the underpinning of behavioral concepts, including
emotional aptitude, independence, and confidence.
These discussions can only serve as brief overviews since much has been written on these topics.
The goal is to provide a suitable background to assist readers in understanding many of the
suggestions in the following chapters.
Behavioral Dynamics of Individuals and Groups

Chapter 1 discussed the range of complex attributes of individuals in internal auditing. This
complexity rises to another level when we consider the roles individuals play within the context of
behavioral dynamics in internal audit organizations.
First, there are some important differences between individuals and groups that internal auditors
should recognize and understand. These differences need to be considered while working within
groups so that interaction with these contacts is as effective and harmonious as possible.
Differences in people are usually well recognized as a fourfold classification of management styles
covering the:1
• Autocratic — based on a military concept of management; pure power directing others

from the top.
• Custodial — based on a superior/subordinate concept of management over those who are
expected to be obedient but content with their work.
• Supportive — based on a participative concept of management to drive excellence with
those “who want to work, grow, and achieve.”
17
• Collegial — based on a teamwork concept with mutual understanding and cooperation

among its members who work jointly to achieve shared goals.
Each of these four classifications requires unique approaches and responses by internal auditors
when conducting the audit. The range is from avoiding intimidation by those who embrace the
autocratic style, being careful with those who advocate the custodial style, highly selective with
those who prefer the supportive style, and analytical and thoughtful with those who emulate the
collegial style.
In an article on behavior, Dittenhofer discussed behavioral dynamics, which is presented in part

below:
There are differences between individuals and organizations which internal auditors must
consider. These differences are the result of varied backgrounds, dissimilar experiences in
the field of business or government, differences in education, different reactions to the
internal audit process, and so on. The internal auditor must take these differences into
consideration when auditing. Each individual must be considered as a unique point of
contact, and the internal auditor must relate to the different factors that make up the
client’s personality and that impact on his/her points of reference. The study of these
individual traits tends to bring to the auditor an insight into his/her own personality and
can make the auditor more knowledgeable as to how to develop harmonious and
constructive relationships.2
This element also identifies the collective personality differences within small and large groups.
Though the variances relate more to the social aspects of group action, auditors need to know how to
handle the groups. Some examples are:3
• The group’s nominal leader may not be the actual leader.

• Informal organizations within the group may tend to control the group.
• The group can be influenced by a strong vocal minority.
• Motivation is more difficult as group achievement frequently has little personal impact.
This area also has conceptual aspects identified earlier and discussed in more detail below. They
should be understood by the auditors so they can comprehend how and why groups function as they
do.
Wood and Wilson have covered the dynamics of auditor/client relationships in their discussion of the
impact of behavioral dynamics on auditor stress. In summarizing their thoughts, we see a series of
situations that are the foundations of these relationships.4
In the following section, the terms auditee and client are intended to be the same, and used
interchangeably:
• Contemporary focus on the objective of the internal auditor to add value to the
organization through a more cooperative approach than has been used in the traditional
auditor/client association.
• The audit is seen as a personal event on both sides — the auditor and the client.
“Opportunities for success and failure abound, all with similar impact on self-esteem and
Chapter 2: Behavioral Competencies Underlying Essential Attributes
emotional health.” There is stress on both sides caused by fear on both sides: fear of failure
to perform effectively as an internal auditor — and fear by the client as to disclosure of
adverse audit findings.
• The conditions under which the internal auditors work create considerable stress. Being
considered “outsiders,” possible travel and absence from family and familiar
surroundings, and working in the client’s organization can contribute to a stressful
relationship.
• The tension between routine testing, normal evaluations, and attempted helpfulness all
against the traditional adversarial evaluations and judgmental overtones can generate
confused behavioral expectations on the part of both the auditors and the client.
• The internal auditors must “get along” with the client and achieve the client’s cooperation.
However, the auditors perceive and frequently see themselves as aliens and outsiders. Yet
they must “identify with those who negatively identify with them.”
• Unusual business relationships develop between the internal auditors and the client.
Clients fear audits primarily because they dislike being audited. Internal auditors try to be
warm and friendly as evidence of an effective approach. The audit seems constantly to
return to the question on the part of the internal auditor as, “How close do I need to get to
this client?” How much distance do I want?
• The audit is perceived differently by the internal auditors and the client based on their
prior experiences.
• The client, not understanding the audit process, resents what are considered as
“unreasonable demands” relative to the search for evidence. However, the client may not
understand that this evidence could be used to support an audit conclusion that the
client is performing appropriately.
• Some clients are “contaminated” by previous personal or anecdotal experiences with the
audit process that colors the audit with apprehension even before it begins.
• The client has an “emotionally negative evaluation of the audit” and attributes this as an
“unfriendly or threatening aspect” of the normal audit.
• Clients defend their reputations and personal competence. Auditors defend their
responsibility to perform as auditors and to search for evidence as to appropriate or
inappropriate client performance. Internal auditors and clients are “invading each
other’s territories.”
• The audit becomes a serious game of “gotcha” on the part of the internal auditors and
“catch me if you can” on the part of the client. On the other hand, the auditors and the
client may take the “moral high ground toward each other in instances of unproductive
rectitude.” A cooperative attitude is difficult to attain in such a gaming situation.
• The basic sense of responsibility of the internal auditors and the client may underlie the
attitudes toward the audit. The client sees itself as a part of the operating organization
and tends to function in a manner of that perception. The auditors see themselves as
responsible to the organization with the objective of the assurance of integrity of financial
and operational information, efficiency, economy, and effectiveness as well as compliance
with laws, regulations, and procedures on an overall basis.
19
Wilson and Wood conclude their comments with:
Nothing is more central to the effectiveness of the internal audit function than these rela-
tionships between the evaluator and the evaluated, the helper and the helped, the “hit man”
and the “victim,” the consultant and the client.5
Behavioral Economics
“Behavioral economics is the combination of psychology and economics that investigates what
happens in markets in which some of the agents display limitations and complications.” 6 Since the
1960s, behavioral economics has emerged as a subdiscipline of 20th century neoclassical or
traditional economics. It brings behavioral concepts over from cognitive and social psychology as
well as from such related disciplines as sociology and anthropology to produce more realistic models
of economic judgment and decision-making. It has an impact on internal auditing.
Neoclassical economics from the 20th century essentially had assumed an “anti-behavioral” stance
by essentially ignoring the concepts of related behavioral disciplines in its highly rational theoretical
framework. Critics of neoclassical economics have argued that “behavior differs from the standard
model” and that “behavior matters in economic contexts.”
Behavioral economics is a different approach to the usual study of economics. It negates the auto-
cratic inflexibility of 20th century neoclassical or traditional economic laws in favor of behavioral
considerations of those who are influenced by that economic activity. Internal auditors need to be
aware of behavioral influences because these influences comprise the foundations and motivations of
practically all of the substance that they audit.
Because organization decision makers are acting on behalf of the organization, it is important that
the internal auditors be aware of the above aspect so they can intuitively review client actions with
the intent of determining whether these actions are in the best interests of the organization or
whether the behavioral interests have overpowered good judgment. Does the client appear, as
evidenced from observation and the audit, to engage in decision-making that is high risk or playing it
too safe? What heuristic does the client employ in decision-making? Are formal checks and balances
in place to inform the client on the quality of decision-making? Does the client appear to make
proactive decisions or procrastinate on important matters that could either benefit or harm the well-
being of the organization? And finally, does the client appear to make unrealistic decisions by not
recognizing uncomfortable realities that need to be addressed because it might make him or her look
bad? Acting as the surrogate for the organization, the client can be influenced by personal behavioral
drives and end up not performing in the organization’s best interests. The auditors should therefore
be aware of these drives intuitively and evaluate these behaviorally inspired forces during the course
of the audit.
Because behavioral economics is more inclusive of factors affecting human decision-making, there
are several other more specific aspects of which the internal auditor might be aware:7
• What heuristic does the client employ when comparing values in an investment decision
(e.g., placing more consideration on value-in-exchange market price or the value-in-use of
assets)? The decision may be more a function of behavioral factors than objective
analysis.
• What is the influence of “predictability’ on behavior in investment decision-making?
(Even on the operational aspects of the organization.)
• What is the effect of an individual client’s overreaction or underreaction to new

information in decision-making? Is there a rational explanation that is reasonable?
• How does “mental accounting and loss aversion” affect client decision-making in
organizations where individuals need to bite the bullet and declare a loss?
• If a client is living a lifestyle that is well beyond his or her current means, how does this
consideration raise red flags in possible malfeasance cases? Data shows that consumption
very closely tracks income over individuals’ lifecycles.
Ethics and Behavior

Understanding Ethics and Behavior
With its foundation in behavior, ethics is a result of how an individual feels toward those with whom
he or she interacts. The Institute of Internal Auditors (IIA) has established a Code of Ethics to guide
internal auditors in their contacts with clients and others. Ethical subjects are usually specific;
however, internal auditors’ interpretation, evaluation, and conduct are a result of their background,
experience, feelings, and emotions.
Immanuel Kant said:
“Without truth, social intercourse and conversation becomes valueless,” and “Lying makes
it impossible to derive any benefit from conversation.”8
These basic statements underlie the concept of internal auditing. They relate to what internal auditors
observe, think, interpret, and report. However, it goes much further than that. It also relates to their
interpretation of actual conditions and those elements by which he or she is bound, such as integrity,
objectivity, competence, confidentiality, and the other items that are required by The IIA’s Code of
Ethics. The question is: Why would internal auditors want to conform to or infer conformance to
other than the ethical action prescribed?
The reasons can relate to feelings of:
• Fear.
• Self-aggrandizement.
• Self-depreciation.
• Insecurity.
All of these reasons have their source in the complex behavioral makeup of internal auditors. They
are a product of their education, experience, family relationships, religious experience, and other
influences.
The ethical requirement of organizational independence requires the exercise of objectivity, which is
in the interpretation of the information one uses, hears, or reads. Information passes through the
filters of the mind and results in conclusions that the internal auditors report. These conclusions can
be colored as to source, strength, meaning, etc. based on their experience and intent. Self-
aggrandizement is a behavioral force that may come into play. On the other hand, minimization of
questionable items to protect an individual client is another issue. These behavioral forces can result
in a biased concept and even a biased audit report based on the intended concept.
A second ethical area is competence. Internal auditors should have the professional background
appropriate for the engagement. However, they can influence the evaluation of competence based
upon the circumstances surrounding the engagement. They may represent themselves as competent
because of economic need, or may stress incompetence based on a desire to not perform because of
fear or a belief that economic return would be jeopardized.
A third ethical area is reporting. The internal auditors are to “disclose all material facts known to
them that, if not disclosed, may distort the reporting of activities under review.” 9 Here again is a situ-
ation open to the internal auditors’ judgment and feelings. They can be colored by their relationship
to the clients and themselves, i.e., beneficent or antagonistic; desire for self-aggrandizement; or the
impact on a third party.
The IIA’s Code of Ethics is specific in its preamble that internal auditors should “make a balanced
assessment of all the relevant circumstances and are not unduly influenced by their own interests or
by others in forming judgments.” 10 (This sentence would have been more appropriate without
“unduly,” which means “excessively or immoderately.” Furthermore, it implies that “some
influence” is acceptable).11 However, the inference is that ethics is possibly vulnerable to outside
(behavioral) influences.
Sandra Waddock of Boston College, in an article published originally in Biz Ed (July-August, 2004),
adapted in Accounting Education May 2005,12 takes a strong position that there is a great proclivity
for the consideration of only the business and management aspects of ethics, and an omission of the
concepts that impact on society, such as environment, transparency, social and human values, and
impact on stakeholders other than stock values.
Waddock said, “If we want accountants (auditors) who are capable of acting with integrity and
understanding the broader system in which they work, we must teach them to be mindful-aware of
their belief systems, conscious of consequences, and capable of thinking broadly about the impact of
their actions and decisions. Accountants (auditors) have positions that are inherently value-laden and
embedded with ethical responsibilities…from this view, ethics, accuracy and transparency are
integral to accounting (auditing), not something to consider only when dilemmas arise” (parenthesis
added).13 “Unfortunately the courses that might teach accounting (auditing) students to be mindful of
consequences and consider the perspective of multiple stakeholders are hardly considered
mainstream in accounting (auditing) or management education today.” She concludes by saying, “A
narrow focus on shareholder wealth and a blind faith in market forces must broaden to a more
nuanced and intelligent focus that encompasses many stakeholders, including the natural world.”14
Ethics and Behavioral Risk
Today’s internal auditors are being encouraged to develop a cooperative bond with the client.
The intent is to make the audit process as painless as possible for both the client and the auditors
while still producing an effective and successful audit for the client, the auditor, and the
organization. What are the ethical risks for the auditors in this behavioral exercise?
1. The auditors may not be entirely convinced that a friendly relationship will work. They may
hold back and solely by word or physical demeanor attempt to create an aura of cooperation.
The client senses artificiality in the auditors’ behavior and becomes irritated. The ploy fails and
the client and auditors are at odds.
2. The auditors overreact in demonstrating their cooperative desires and allow the client to call the
shots. Whatever the client wants is granted. The auditors sublimate techniques of good internal
auditing toward an interest in harmonious relationships.
3. The auditors take a belligerent attitude with the intent of developing fear on the part of the
client. The client “clams up” — only answers questions, makes no suggestions, and does not
cooperate. The audit is flat, though it may fulfill minimum requirements.
4. The auditors convince the client that the audit will be a cooperative operation. The client
intends to deceive the auditors, believing that they will not question his or her actions or
comments. The auditors are overpowered by the client’s attempt to keep things harmonious and
do not remain alert for deception.
5. The auditors intend to take a collegial approach and work jointly with the client. The client,
aware of the auditors’ easy approach, takes advantage and acts in his or her own private interest
in the guise of a joint effort.
6. The auditors take an aloof attitude. They are reserved and secretive, making no effort during the
audit to discuss findings as they emerge. The client is informed of the audit results only at the
exit conference. The client spends the subsequent period refuting the audit report and
accomplishes no corrective action as suggested by the auditors.
There are probably other ethical behavioral risk scenarios. The internal auditors must remain alert to
indications of the client’s potential for taking advantage and, in some cases, modify their actions to
prevent unfortunate situations from arising.
Ethics and Integrity
Internal auditors can wield much power in the realm of ethics. Generally, they provide an opinion as
to assurance or the validity of statements of financial or operating conditions. This opinion also can
include whether the client is performing efficiently, economically, and effectively in compliance
with laws, regulations, policies, and procedures. However, as a result of the recent plethora of
corporate malaise and the resulting incidents of criminality and improper and unethical activities,
internal auditors should consider the need to expand the audit to search for such activities. This
expansion implies
that the internal auditors should know what is unethical. It also infers that this knowledge stems from
their own experience and practice as to following an acceptable code of ethics.
Internal auditors who are members of The IIA and those certified as internal auditors (CIAs) are
bound by The IIA’s Code of Ethics. However, questions remain. Do the auditors really believe that
they must conform to the Code? What is their interpretation of various facets of the Code? How
much do they use the Code to evaluate the activities of the client, if at all? What is the degree of
professionalism and ethics practiced by internal auditors who are not CIAs or members of The IIA?
Presently, there are no controls available.
Ethics has been defined in each of the recently published IIA ethics studies 15 and, in general, it seems
to be “the rules and actions that represent moral values relative to the pursuit of human life” (our
definition). Probably one of the most important elements is honesty. Without honesty there can be no
definitive conversation, research reports, financial statements, or business arrangements.
The recent definition of internal auditing does not specifically mention ethics as an element of the
characteristics for which internal auditors audit. Yet, it is important and auditors should make the
inferred connection that if they are bound by a code, the client should be as well.
Do internal auditors have an ethical responsibility to report all of their audit findings even if the
reporting could cause individual or corporate harm? Also, if senior management takes no action
on an important ethics or illegal incident disclosure, do the internal auditors have a further ethical
responsibility to notify other bodies or individuals? What if it is a criminal incident? What is the
ethical action?
Internal auditors also must maintain an independent and objective position as to the behavioral
aspect of the ethical performance of their auditing activity. This requirement applies not only to the
writing of the audit report but also to the interpretation and observation of the client’s activities.
Internal auditors have an ethical responsibility to include items in the audit report regardless of the
possible impact on themselves.
The current drive to work more cooperatively with the client may cloud the issue of independence.
Auditors must keep in mind that an association with a client that is too close can jeopardize indepen-
dence, and behavioral issues must be carefully considered to maintain the ethical position of auditor/
client relationship, both in fact and perception.
Emotions and Internal Auditing

Emotional Aptitude
Emotions play a part in everyday living and in the activities of the internal audit profession.
Emotions exist in conjunction with all of one’s thoughts and actions and cannot be separated, or as
Lennick and Kiel16 describe in their book, Moral Intelligence: Enhancing Business Performance &
Leadership Success, emotions, thoughts, and actions comprise “one’s experiential triangle.” It stands
to reason that, if this is so, it behooves internal auditors to be fully aware, understand, and appreciate
the influential role emotions often play in their thoughts and behavior during professional activities.
This role is complex. Emotions come about within specific situational contexts that entail “satisfied
with, disappointed that, or concerned about.” In other words, we simultaneously appraise not only
with our intellect but also our emotions, usually in terms of the appropriateness of various thoughts
and behaviors of both ourselves and others within some specific situation. In workplace situations,
these thoughts and behaviors usually involve social and cultural interactions with others in the
course of achieving organizational goals and objectives. So, if our emotions are inappropriate, our
thoughts and behaviors can be more easily misinterpreted, and may arouse inappropriate emotions in
others that can lead to needless difficulties and complications. On the other hand, when our emotions
are appropriate, it seems reasonable that they can support positive thoughts and behaviors, which
would be more conducive to being productive.
When a person is cognitively aware and reflects upon his or her emotions while engaged in
professional work, one can positively influence or “educate one’s [own] emotions” to be more
appropriate in complex situations by paying equal attention to both their knowing and feeling
aspects.17 Furthermore, as internal auditors experience new audit situations, new emotions will
undoubtedly arise that require continuous adjustment and provide opportunity for growth in
wisdom and emotional maturity over time. An ongoing education of one’s emotions seems
paramount toward developing emotional, social, and cultural competence and that of other people
in the workplace.
Emotional Competence
Daniel Goleman included a chapter in his book, Emotional Intelligence, relating emotional aspects to
the workplace.18 He believes that emotional deficiencies can cause such problems as decreased
productivity, mistakes, and high employee turnover. He believes that there is a direct relationship
between emotional harmony and efficient and effective operations. Yet, he cites managers who
believe that “feelings of empathy or compassion” for employees would prevent them from directing
employees to consider the well-being of the organization over personal or family responsibilities. He
cites managers who say that if they (the managers) were not “emotionally aloof,” they would not be
able to make the difficult decisions that the organization requires.
There are three applications of emotional treatment that Goleman believes can resolve the usual
changes in the workplace:
• Being able to consider grievances as helpful.

• Setting up situations where diversity is useful.
• Networking effectively.
He values friendly, helpful feedback as an important way to help employees improve their work so
they can produce what is expected of them. Criticism can be given, but it must be positive and
constructive. The result is acceptance, not becoming defensive or making excuses. He cites studies
where “inept criticism” was far more disruptive than “mistrust and …disputes over power and pay.”
Goleman also holds that “many managers are too willing to criticize, but frugal with promise.” Thus,
the only time the employees receive feedback is when they make mistakes. He emphasizes that “an
artful critique can be one of the most helpful messages a manager can send.”
Internal auditors should consider the above counsel from Goleman in their contacts with the client,
both orally and in their formal reporting. The tenor of comments and reports should be positive, not
negative. They should title recommendations as improvements to present operations, not as deficien-
cies. They also should commend operations well done and progress made. Also, when the client has
put into effect a prior recommendation and it is functioning well, there should be praise.
In cases where the client disagrees with an audit recommendation, the client’s position should be
fairly stated, even in the client’s language, if possible. Auditors may refute the opposition, but they
should be professional and not derisive. Finally, when the auditors observe a client operation that is
functioning especially well, they should express praise, especially when the improvement in the
operation resulted from the client’s independent action.
Independence and Confidence

Psychological concepts play a foundational role in internal auditing. Here the focus is on two that
impact materially on internal auditing: independence and confidence. We focus on auditors as indi-
viduals. They need to be aware that their thinking on key points can have determinative impacts on
the effective outcome of an audit.
In brief, independence focuses on the idea that auditors should keep an arm’s length in all activities
of the audit so they are free from unintentional (not to mention intentional) bias. On the other hand,
they must have the professional confidence that all information gathered was objectively examined
and judged credible and sufficient to support the audit’s conclusions and recommendations.
Independence
Independence is important to the internal audit process. While internal auditors may not be indepen-
dent of their organization, they are required to be independent of the activities they audit.
Without this independence and objectivity, the audit effort would become a mere study or review.
This independence protects the internal auditors from inappropriate relationships with clients
and from personal and external pressures and interference. It also helps insure the overall credibility
of the process. Once established, the internal auditors are free to pursue an objective approach to
the internal audit effort.
Specifically, independence is the result of:
• Freedom from personal restraints, such as:

o Having been a part of the client operation.
o Having preconceived ideas and opinions relative to the client operation.
o Having relatives in the client operation.
o Having a financial interest in the client operation.
• Freedom from external restraints, such as:
o Interference as to the scope of the audit.
o Selection of audit procedures to use.
o Providing time restrictions as to audit completion.
o Interference as to personnel arrangements.
o Restrictions as to funding of the audit report.
o Interference as to the audit report, content, and presentation.
o Influence as to the auditors’ continuity of employment.
• Placement of the internal audit function in the organization so as to have:
o Freedom of reporting.
o Freedom to function in an internal audit capacity.
o Freedom from organizational impairment.
o Freedom from organizational interference.
o Accountability to an audit committee or directly to a board of directors.
The U.S. Government Accountability Office introduces the subject of independence and describes
much of the above criteria in its Government Auditing Standards (the Yellow Book) by saying that
“opinions, findings, conclusions, judgments, and recommendations will be impartial and viewed as
impartial by objective third parties with knowledge of the relevant information” (§3.03).19
Confidence
Internal auditors must have the professional confidence that all information gathered was objectively
examined and judged appropriate, credible, and sufficient to support the audit’s conclusions and
recommendations. To achieve this, they bring professional skepticism to the audit process by objec-
tively examining all relevant information as to its appropriateness, credibility, and sufficiency so
that, in the end, they can state their audit conclusions and recommendations confidently and without
equiv- ocation. This assurance, in turn, can promote the client’s confidence and trust in the audit
conclusions and recommendations, and will increase the likelihood the recommendations will be
implemented.
In internal auditing, this confidence applies to:
• Information from documents, records, books of account, financial statements, reports, etc.
• The results of observations.
• Information from interviews and official assertions.
• Any other items registered on the auditors’ “sensory equipment” that can be converted
into relevant information.
• The auditors’ anticipation of what the future holds based on the information filtered
through their knowledge, experience, and cognitive concepts.
The result of the above evaluation must then be reviewed as to:20
• Determinations of competence.
• Reviews based on auditors’ experience.
• Projections of future impact.
• Patterns of expected effects.
• Judgmental evaluations.
Next, the internal auditors must determine whether the results of the verification process are:
• Valid — factual.
• Competent — the source is credible.
• Independent — free from bias.
• Complete — no mitigating factors.
Finally, internal auditors must determine whether there is any risk to the situation. If so, what is the
degree of risk? Can it be managed effectively and economically?
References
1
Sawyer, et al., Sawyer’s Internal Auditing, 5th Edition, (Altamonte Springs, FL: The Institute of
Mortimer A. Dittenhofer, “The Need for Behavioralism in Internal Auditing,” Management

2
Auditing Journal 3, No. 2 (1988), 5.

3
Ibid.
Donna J. Wood and James A. Wilson, “Stress and Coping Strategies in Internal Auditing,”
4
Management Auditing Journal 3, No. 2 (1988), 8–16.
5
Wood and Wilson, “Stress and Coping Strategies in Internal Auditing,” 8–16.
6
Sendhil Mullainathan and Richard H. Thaler, “Behavioral Economics” (Working Paper 7948,
NBER Working Paper Series, National Bureau of Economic Research, Cambridge, MA,
http://www.nber. org/papers/w7948, October 2000).
7
Ibid.
By Immanuel Kant, quoted in Thomas Donaldson and Patricia H. Werhane, “Ethical Duties
8
Towards Others: Truthfulness,” Ethical Issues in Business, 3rd ed. (Englewood Cliffs, NJ: Prentice
Hall, 1988), 63.
9
IIA Code of Ethics (Altamonte Springs, FL: The Institute of Internal Auditors, 2000).
10
Ibid.
11
American Heritage Dictionary (Boston, MA: Houghton Mifflin, 2000).
12
Waddock, Sandra, “Hollow Men and Women at the Helm…Holding Accounting Ethics,”
Accounting Education (May 2005), 145–150.
13
Ibid.
14
Ibid.
15
Mortimer A. Dittenhofer and Rebecca J. Klemm, Ethics and the Internal Auditor (Altamonte
Springs, FL: Institute of Internal Auditors, 1983); Mortimer A. Dittenhofer and John T. Sennetti,
Ethics and
the Internal Auditor: Ten Years Later (Altamonte Springs, FL: The Institute of Internal
Auditors, 1994); and Mortimer A. Dittenhofer and Douglas G. Ziegenfuss, Ethics and the
Internal Auditor: Twenty Years Later (Altamonte Springs, FL: The Institute of Internal Auditors,
2004).
Doug Lennick and Fred Kiel, Moral Intelligence: Enhancing Business Performance & Leadership
16
Success (Upper Saddle River, NJ: Wharton School, 2005), 117.
John H. Chambers, The Achievement of Education: An Examination of Key Concepts in

17
Educational Practice (New York: Harper & Row, 1983), 25–30. Chambers stresses that teaching for
effective cognitive learning also entails teaching appropriate affective learning if a student is to be
considered properly educated.
Daniel Goleman, Emotional Intelligence: Why It Can Matter More Than IQ (New York: Bantam,
18
1995), 148–154.
19
Comptroller General of the United States. Government Auditing Standards (The Yellow Book)
(Washington, DC: Government Printing Office, 2007).
20
Charles W. Schandl, Theory of Auditing (Houston, TX: Scholars Book Company, 1978), 2–3.
CHAPTER 3
SOCIAL BEHAVIORAL RELATIONSHIPS

IN INTERNAL AUDITING
The chapter is divided into five independent examples. Each example (numbered for clarity)
exemplifies and discusses a unique sociological aspect of the auditor/client behavioral relationship in
the conduct of internal auditing. These sociological aspects are independent of each other yet,
collectively, they cover many of the important sociological aspects of internal auditor/client
behavioral relationships.
We did not intend the chapter to be descriptive of internal auditor techniques. Indeed, much of this
book is devoid of specific auditing operative descriptions. It is important, though, that internal audi-
tors be aware of the behavioral aspects of various auditing situations so they can conduct the audit as
seamlessly as possible.
Experienced readers will frequently recall some of these social behavioral situations and compare
their past actions with our descriptions and recommended reactions. Each of the five examples
should be considered as a unique illustrative treatment of a specific sociological aspect of the
auditor/client behavioral relationship in the conduct of internal auditing. There is no particular
sequence or flow from one to another intended.
Example One: Interpersonal Relationships of Internal Auditors

A book titled An Atlas of Interpersonal Situations1 describes a number of situations that are generally
related to nontechnical, mundane, interpersonal aspects, and analyzes why they occur. This material
could be a foundation for much of the material that follows. The book states that its objective is
to provide “a tool for analyzing and understanding the influence of interpersonal situations on
social interactions.”2
The basic concept of “interdependence” is a keystone of the discussions and is described as “the
manner in which two individuals influence each other’s outcomes in the course of their interaction.” 3
In our work, the “interaction” is the internal audit, which is a more specific identification than we
examine in this text. This situation consists first of “the information they have about each other and
the situation and the behavioral options open to them as they interact.”4 A second aspect “involves
a focus on its objective properties.” 5 Internal auditors are interested in the “outcomes” of the inter-
personal situations and, thus, they are interested in the ingredients and the types of situations, if they
can be separated and independently typed. Outcomes are described as the “positive and/or negative
consequences of their interaction.” 6 Obviously, the intent is to arrange the results of the situation as
“large” on the parts of both players, thus, representing results that produce satisfaction in the
interests of both the internal auditors and the client. Ideally, on a scale of 1 to 10, the score should be
10 on each side, though the authors agree that a score of, say, 6–8 may be acceptable.
31
There are a number of internal audit outcomes that can result from the varied interpersonal relations:
1. Intransigence:
The internal auditors and the client are unable to agree on a specific situation. The normal result
is: (1) the presentation in the audit report describing the internal auditors’ position; (2) a letter
from the client explaining disagreement; and (3) the internal auditors’ repudiation of the
client’s position. The correspondence should be confined to factual information, though there is
no question that, even though the substance is factual, the motivation may have an interpersonal
basis.
2. Mutual Benefits:
In this situation, both the internal auditors and the client experience benefits from the results
of the audit. This is a situation where not only do the auditors receive credit for beneficial audit
practice, but they involve the client in determining and accomplishing the corrective action. A
modification of this situation is when the client is encouraged to identify problems; the auditors
have explored and defined problems; the auditors and the client have jointly identified resolu-
tions; and the client is mentioned in the audit report for the constructive participation in the
audit and the resolution of the ensuing findings. Accolades exist on both sides.
3. Mutual Joint Control:
This is much like the situation in the paragraph above. It infers that the internal auditors
and the client jointly control the results of the audit. It could imply an ad hoc organization set
up to program the audit, consider the findings, and develop the resolution of the conditions
requiring change. In this type of an arrangement, both organizations “gain benefits and/or
avoid harm from the same combination of behavior.”7 There is an aspect of this situation
that could result in a problem for the internal auditors — the loss of independence in
performance and reporting. The basis is the common interest in the successful achievement of a
more efficient and effective solution to an organizational problem. This objective becomes a
matter of common interest and, on the face of the action, avoids conflicting interest. The
ingredient that breeds success is the process of reasoning and the realization on the part of
both actors that there must be some give and take, though the central theme that must be taken
is the good or benefit for the organization.
4. Conflicting Mutual Joint Control:
This situation is an offshoot of the above situation with the exception that, although the internal
auditor and the client work together for the resolution of what seems to be a common interest,
each sees success in an aberration of the action to be recommended. Self-interest becomes
dominant, but control decisions must result from the suppression of self-interested outcomes
as a tradeoff of the benefits of a mutually agreed upon solution that will benefit the
organization. Each of the parties must come to the conclusion that the benefits of a jointly
acceptable solution outweigh the losses that will be individually sustained by that action. These
plus-and-minus decisions can be measured along psychological, social acceptance, financial,
bureaucratic, or other diameters. Again, the final solution must be influenced by the ultimate
benefit to the organiza-
tion, sometimes determined by a higher level of control such as executive management and/or
an audit committee.
Example Two: The Role of the Internal Auditor

Considered as a Sociological Concept
The definition and study of roles has always been an important element of behavioral theory in
internal auditing. Roles are the relationships that an individual has through personal, social, or
professional contacts. Roles, as we will discuss them, do not have a qualitative content as being
simply good or bad, but are descriptive as to content and objectives. Roles under adverse conditions
can cause stress, especially when there is conflict or ambiguity relative to the fulfillment of two or
more roles as to time, content, and attention.
Karl Albrecht has defined in his recent book, Social Intelligence: The New Science of Success, what
might be identified as the anatomy of a role. It consists of five “dimensions or categories of compe-
tence.” These dimensions are more easily recalled using the mnemonic S.P.A.C.E.:8
• Situational Awareness: “the ability to read situations and to interpret the behavior of
people in those situations….”
• Presence: “a range of verbal and nonverbal patterns, one’s appearance, posture, voice
quality, subtle movements….”
• Authenticity: “various signals from our behavior that lead (others) to judge us as honest,
open, ethical, trustworthy, and well-intentioned — or inauthentic.”
• Clarity: “Our ability to explain ourselves, illuminate ideas, pass data clearly and
accurately…”
• Empathy: “having a feeling for someone else…a shared feeling between two people.” (italics
in the original)
Keeping Albrecht’s five dimensions in mind can provide a working definition and diagnostic tool for
understanding roles.
There are three broad classifications of roles that internal auditors need to consider — personal,
professional, and status in the organizational or departmental hierarchy. In many cases, auditors
fit into one or several elements of each classification.
In the personal classification, the auditor can be a parent, spouse, teacher, mentor, coach, student,
and so on. It is clear that the responsibilities of each of these could, when placed in juxtaposition
with the others, cause problems relative to time, attention, location, and finance. Stress frequently
results when role requirements conflict with each other.
In the professional classification, the auditor can perform in multiple roles of:
• Auditor.
• Consultant.
• Investigator.
• Advisor.
• Ethics program manager.
33
• Risk evaluator.
• CPA evaluator.
• Nonaudit participant.
These roles do not necessarily conflict, 9 but successful performance in more than one would require a
broad background, experience, and personal qualifications. However, the internal auditor’s approach
to the requirements of each role could be considerably different. For example, auditing requires
objectivity, independence, subject matter knowledge, and interpersonal relations. Consulting requires
innovation and imagination. Investigation requires analytical ability, logic, and so forth. Ethics
management, frequently placed in the internal audit office, requires strict adherence to a code of
conduct.
In the status classification or position/rank in organizational hierarchy, the auditor can be a:
• Staff member.
• Supervisor.
• Manager.
• Director, principal, or partner.
Each of these roles requires a different element of leadership and cooperation and generates different
expectations as to knowledge and behavioral performance. The staff member interacts with the
client. Supervisory members also interact, but not to the same degree; however, they must be able to
influence their subordinates to perform well.
The natural complexity of each role using Albrecht’s five dimensions in conjunction with the three
major role classifications and range of roles within each group points to the everyday significance of
social role theory in internal auditing. Roles are also addressed in Chapter 7.
Example Three: Social Aptitude, a Required Talent

Internal auditors with finely honed technical skills may fail to turn out a good audit. Why? Often it
is a lack of social skills that results in the failure to build a cooperative frame of mind with the client
toward the conduct of the audit. The result is a psychological wall that maroons the internal auditors
devoid of any assistance from the client. The auditors may venture down unproductive paths while
the client watches with interest, but does not caution them about their potential missteps. The client
may reject ownership of the auditors’ recommendations and consider them alien to his or her
operation.
As mentioned earlier, Karl Albrecht identifies and describes situations such as the above and recom-
mends corrective action10 using the mnemonic term S.P.A.C.E. to summarize his suggestions. The
five dimensions are all important but, in our opinion, the final element, Empathy, is the most
important. Following are more detailed descriptions of the five dimensions with our application to
the field of internal auditing.
Situational Awareness. Albrecht relates this to “read situations and interpret behaviors of
people.” Much of this is performed in the preliminary survey. Reviewing the workpapers
of prior audits and the comments of previous internal auditors can provide information
on situations and people. Also, the interview portion of the preliminary survey can provide
first-hand information about the client personnel who will be the auditors’ contacts.
The auditors, on the other hand, must be careful not to create antagonism during these
processes. Albrecht says that the auditors should learn the client’s “possible intentions,
emotional state, and potential cooperation.” The auditors also will be able to evaluate the
audit program as to completeness and behavioral impact and, as a result of the discussions,
may become aware of additional areas that could prevent problems. The client also may
identify potential behavioral trouble areas that should be the subject of consideration.
Presence. Presence relates to verbal and nonverbal patterns, including physical aspects
such as tone of voice, activeness, freedom from controversial approaches, and physical
signals. Auditors should listen and offer subtle comments to encourage the client to talk
about areas that might be troublesome. They should ask simple questions and not interrupt
or attempt to finish a client’s sentence to show how much they know (or don’t know).
Authenticity. Here, auditors must convince the client as to their intentions and approach.
They should describe situations objectively and in a balanced fashion, citing both the pros
and cons. Expressing the client’s position where disagreement might exist is important.
Intellectual honesty — citing all the facts both pro and con about a situation and
discussing ameliorating conditions, even though they may be adverse to the audit process
— is also important. Albrecht cites honesty, openness, trustworthiness, and good
intentions.
Clarity. Internal auditors must ask questions and describe the work being performed and
the results achieved in the client’s own vernacular. Albrecht’s description is “to explain
ourselves, illuminate ideas, pass data clearly and accurately, and articulate our views.” The
description infers that the auditors should explain clearly what is being performed and
why. Then, after the segment of the audit is complete, they should provide the client with
the audit results. This is important in cases where the client is or is not performing
properly and where corrective action should be promptly taken and management advised.
Lack of clarity can result in conflicts.
Empathy. Albrecht defines empathy as a “shared feeling between two people” or “a state
of connectedness with another person, which creates a basis for positive interaction
and cooperation.” We take this further by defining the term as “placing one’s person
on the receiving end of one’s proposed utterance.” In other words, “Don’t do unto
others what you would not want done to you.” Obviously, this proposition cannot always
be followed when audit issues arise that must be reported. However, the methodology of
reporting can be as benign as possible with the positive approach of “can be improved by”
rather than “this is a deficiency.” Also, the client can be given advance notice so that credit
can be given for corrective action taken and so reported. Obviously, the above clearly
does not hold in forensic audit situations.
Is the above an unrealistic “blue sky” proposal? We think not. There is evidence that it is a desirable
approach and that the internal audit can become a value-adding asset to operational management.
Example Four: Social Networks Relating to Internal Auditing
There are many influences that can impact the members of an organization. Although these
influences have been described as relating to organizational networks, they are so basic in their
effect that they can also be described as relating to internal auditors and the position of the internal
audit activity in the organization. The following six dimensions that have been presented as
important to “personal networks” also can apply to internal audit basics:11
1. Balanced Hierarchical Position. Internal auditors and the internal audit activity are best served
relative to client recognition as to status by a three-level organizational arrangement:
• At the higher level — for influence, resources, power, and overall strategic intelligence.
• On the same level — for experienced assistance.
• At an adjacent level — for technical assistance and
expertise. Balance is important.
2. Organizational Position. Close relationship among those in the internal audit activity for hiring,
orientation, training, evaluation, and compensation. Together with internal audit leadership
styles, cultural values, and performance metrics, these behavioral qualities are effective for
learning and decision-making.
3. Physical Proximity. Despite advances in technology,12 face-to-face interactions in a relative

sense result in healthy personal relationships and the advantages of such assets as close
communication, body language, and the ability to ensure clear understanding and
commonality of intent and effort.
4. Structure of Interactions. Using contacts that promote appropriate and useful information.
This factor requires a careful selection of contacts that are the best sources for information.
Discrimination in contacts is necessary to assure mutual comfort in the “meeting of minds.”
5. Time Invested in Appropriate Relationship. The timing of relationships should be comfortably

appropriate and valuable as to learning, performance, and intelligence.
6. Length of Time Known. There should be a mutually recognized appropriateness in the balance
of time between trusted associates and new associates with new ideas. Care must be taken to
assure that the old associates do not confirm ideas out of loyalty rather than logic and
appropriateness.
It would be important to inventory the relationships in each of the above six areas to evaluate
their appropriateness and usefulness. Contacts need not be limited to the internal audit activity, but
should be representative of the associated horizontal and vertical dimensions.
Example Five: Why Internal Auditors Need Social Behavioral Skills

Communication is the common denominator in the practice of internal auditing. It is the interchange
between the auditor, client, management, external auditors, general counsel, and the audit
committee, etc. The success of the audit is largely dependent on the quality of this communication.
It is the source of information on which the results of the audit are based. A recent paper by
Becker Associates
attributes the mechanics of this communication to what they call Neuro-Linguistic Programming
(NLP).13 They describe the background of NLP as emanating from two communications professors at
the University of California, Santa Cruz, who associated verbal communications with physical reac-
tions related to the position of the head and eye movements. Thus, they identified this phenomenon
as being neurologically based and hence described as NLP.
These investigators applied NLP, a behavioral approach, to the audit process of gathering
information and identified strategies that they believed needed to be considered (for internal
auditing):
• The auditor’s internal state (and the client’s).

• The auditor’s language skills.
• The level of rapport during the audit.
The auditor’s internal state, relates to past experiences of intense discussions and the resulting stress.
This can associate stress with overall audit experience and result in a “pattern of anxious behavior.”
Also, the concept of an audit can turn normally well-adjusted people into “nervous, jittery
employees.” Internal auditors should try to neutralize any fear and sense of intimidation.
Internal auditors should have good language skills and avoid using words that induce fear and trepi-
dation. They should use language that encourages assistance, participation, and cooperation.
Their words should be positive and encourage the client’s understanding and well-being.
Rapport during the audit concerns the relationship between the internal auditors and the client. It
is based on “mutual trust and emotional affinity.” The authors describe this as “respecting another
person’s view of the world while being true to one’s own objectives” and “…results in a feeling of
goodwill and comfort.” This rapport can be based on interpersonal flexibility, the recognition of
other channels of communication, voice, spoken language, body language, vocal tone, and vocal
speed. It also requires that the auditors pay close attention to the client’s language.
The authors of the Becker paper then approach the problem by describing the receiving of informa-
tion by the auditor as being a factor of three potentially adverse communication “strategies,”
namely:
• Distortion.
• Generalization.
• Deletion.
Distortion occurs when the internal auditors filter communication messages through perceptual
differences. It can result in two auditors hearing the same message, but interpreting it quite
differently. The authors also considered mind-reading or reading between the lines as being a
potential source of distortion.
Generalization is the creation of conclusions based on insufficient input of information. The

adequacy of the degree and quality of the information should determine the conclusions reached.
Deletion involves ignoring some information and accepting other information; essentially, that infor-
mation that is of interest to the internal auditors and tends to reinforce the message they believe
is
important. It also refers to ignoring information when there is too much to consider or when the
internal auditors are under stress.
References
1
Harold H. Kelley, John G. Holmes, Norbert L. Keno, Harry T. Riley, Caryl E. Ruebult, and
Paul Van Long, An Atlas of Interpersonal Situations (Cambridge, UK: Cambridge University Press,
2003).
2
Ibid, 3.
3
Ibid.
4
Ibid, 5.
5
Ibid.
6
Ibid, 23.
7
Ibid, 150.
8
Karl Albrecht, Social Intelligence: The New Science of Success (San Francisco: Jossey Bass, 2006),
29-30.
9
Simultaneously serving as a CPA evaluator and advisor, however, would be a conflict of interest.
Indeed, Section 201 of the Sarbanes-Oxley Act of 2002 presents a list of proscribed services that
external auditors may not perform for their audit clients. One of those prohibited services is
rendering internal audit advisory services to a public company audit client.
10
Albrecht, 28.
11
Rob Cross and Andrew Parker, The Hidden Power of Social Networks (Boston, MA: Harvard
Business School Press, 2004), 83–87.
Due to major advances in global communications technologies such as mobile phones, the
12
Blackberry, the ubiquitous e-mail, instant messaging, and social networks such as Twitter, the need
for physical proximity is unnecessary.
13
Becker Associates, Why Quality Auditors Need Interaction Skills, http://www.becker-
associates.com/ whynlppap1.HTM (White Paper, 2006).
CHAPTER 4
BEHAVIORAL FACTORS INFLUENCING

INTERNAL AUDITOR/CLIENT RELATIONSHIPS
This chapter, similar to the previous one, contains a series of unique examples (unrelated except as
to general content) that apply to the intent of the book and the general subject matter. While
Chapter 3 dealt with behavioral relationships, this chapter deals more with professional relationships
that contain substantial behavioral aspects. Each section should be considered as a unique discussion
of an unrelated auditing aspect.
Each of the sections describes professional relationships and behavioral factors that internal auditors
should be aware of and consequently neutralize potential personality and professional behavioral
conflicts. The objective of the chapter is to identify various professional relationships and activities
and how behavioral factors influence internal auditors’ performance and operational success.
Example One: Client Conceptions and Attitudes Toward Internal Auditors

Client Conceptions Toward Internal Auditors
One of the problems that internal auditors face is the client’s conception of auditors and the work
they perform in the audit process. This conception has been the butt of jokes, leading many internal
auditors to be somewhat reticent about discussing their work. It brings to mind the somewhat ribald
story of the little boy who, when asked about his father’s occupation, replied, “He plays piano in a
brothel” — rather than acknowledge that he was an internal auditor. In The Internal Auditing
Handbook,1 Pickett Spencer has described well the most frequent associations held by clients about
the work of internal auditors. All of them describe broad behavioral relationships and thus become
substance for this book. They relate to broad client attitudes against which internal auditors must be
armed.
Traditional Tick and Check. The internal auditor is seen as a type of clerk who mechanically verifies
the accuracy of clerical operations. He is believed to have little skill and relatively no
professionalism. The client objects to having such a pedestrian individual assigned to evaluate his or
her operations which are management-oriented and seemingly far beyond the knowledge of such a
clerical-oriented individual.
Audit Snoop. The auditor is seen as a spy who has been sent to report on the client as to whether
the controls that have been established are being followed and, when the controls are breached, that
corrective action is promptly and properly taken. The client does not realize that the internal auditor
is also responsible for evaluating whether the controls that have been established are efficient and
effective.
39
Consultant. The internal auditor is seen as a consultant who will recommend actions to resolve prob-
lems but does not have the responsibility to make them function effectively. The auditor is seen as
coming into the operation with a superficial understanding of how it works and, based on limited
operational experience but extensive education, has the answer for all problems.
Adjunct of External Auditor. The internal auditor is seen as a supporting arm of the dominant
external auditor. The work of the former is somehow discredited as merely preparatory work for
the annual audit. Unfortunately, some internal audit activities do not establish their independent
status and some organizations do not identify internal auditing as an independent activity reporting
to senior management and the audit committee.
Management’s Representative. The internal audit activity is seen as a checker for management rather
than an independent function that serves the entire organization, reporting to senior management
and the audit committee. Completely lost is the concept of service to the client organization with the
objective of providing assistance in operating efficiently and effectively and in compliance with
appli- cable laws, regulations, policies, and procedures.
Someone to Be Feared. Some internal auditors do delight in developing a sense of fear in the client.
However, the current philosophy is to develop a collaborative, helpful approach. Regardless, in the
minds of many, the internal auditor is seen as a threat because of the possibility of adverse
comments. This fear can be alleviated if the auditor uses a cooperative approach and makes the
client a participative partner in the audit. On the other hand, there are some clients who are hostile
to the audit activity and refuse to be a part of it, sometimes prompted by fear. The elimination of
fear in these cases is most important, although sometimes difficult or impossible to achieve,
especially in recent times. Especially post-Sarbanes-Oxley, there has been a clear shift in the
perception of internal auditors carrying out an “audit for management” to conducting an “audit of
management.” This governance- level emphasis is now part of The IIA’s definition of internal
auditing.2 Therefore, the cooperative/ participative approach becomes all the more important for
reducing a climate of fear.
Client Attitudes Toward Internal Auditors3
Early studies on the relationships between internal auditors and those who were audited — the
clients — indicated that, in most cases, the clients bore few friendly attitudes toward the internal
auditors. Not only that, responses to questions about effectiveness, contribution, and problem-
solving that result from internal audit efforts brought disappointing results. On the other hand,
senior management, boards of directors, and audit committees seemed to recognize their need for
internal audit assistance in the management and direction of the organization.
This condition has improved materially as a result of the current change in the attitudes of the
internal auditors themselves, toward their clients, and toward their work. Most internal audit staffs
see their functions as being cooperative with the objective of contributing to the improvement of the
operation audited and the entire organization itself. The result is the increasing number of operating
managers who are requesting assistance from the internal audit staffs so they can improve their
operations, economy, efficiency, and effectiveness and toward the conservation of capital assets and
the improvement of managerial governance.4, 5, 6, 7
Feedback from the Client8
Before internal auditors can improve their image within the organization, they must know how they
are regarded. Ferrier suggests that a review of internal auditors by clients is a feasible step toward
improving client/auditor relations. Reporting the results of feedback to both internal auditors and
senior management helps ensure accountability for the internal audit function. Reports of feedback
can provide benefits, such as ways to:9
• Judge internal audit performance.

• Make future audits better by recognizing the areas in which the internal audit service can
be improved.
• Encourage harmonious relations with clients by creating a deeper atmosphere of
participation.
• Reduce the conflicts arising from the “them and us” syndrome where clients are
continually on the defense against the “management spies.”
• Expose clients to some of the problems and difficulties encountered by internal auditors
in evaluating the performance of others. A better appreciation of, and closer identification
with, the internal audit function will result.
Many internal audit organizations use a questionnaire for clients to complete at the conclusion of
audits. This is illustrated in the following example of an evaluation form.
41
Internal Auditor Evaluation
Activity or Department Evaluated:

Date Prepared:
Preparer:
Department or Activity:
Rating
(10-highest, No
1-lowest) Basis
1. Technical Knowledge:
How well did the internal auditors exhibit an
understanding of the objectives and the functions
of your department or activity?
2. Range of Service:
How well did they provide assistance to you?
3. Professional Knowledge:
How well did they exhibit a professional knowledge
of the principles and techniques of internal auditing?
4. Relations.
How well did the auditors get along with:
Management?
Employees?
5. Communications:
How well did they communicate
with: Operating Personnel?
Management?
6. Responsiveness:
How responsive were they to your needs?
7. Professionalism:
Did the internal audit personnel appear to be
well trained and professional?
Rating
(10-highest, No
1-lowest) Basis
8. Confidentiality:
Did the internal auditors treat the information
they obtained with appropriate confidentiality?
9. Attitude:
Did the internal auditors exhibit a professional,
helpful, and positive attitude toward you and
your staff?
10. Creativity:
To what extent were they creative in helping to
solve problems?
11. Productivity:
How productive did you consider the internal
auditors to be?
12. Significance:
How significant were the findings reported?
13. Helpfulness:
How helpful were the auditors in
suggesting corrective action?
14. Return:
Would you want the internal auditors to return
for another engagement?
15. Overall:
What is your overall rating of the internal audit
team (not necessarily an average of the ratings
already given)?
Please list any additional comments and recommendations that you would like to bring
to the attention of internal auditing or senior management.
Reprinted from Sawyer’s Internal Auditing. 5th Edition, pp. 1237–38.

Example Two: Need For and Importance of Good Relationships10
If findings from organizational behavior are to be believed, line people are adverse to staff people in
general and internal auditors in particular, and that controls — especially in the form of an internal
auditor — may cause people to be fearful, defensive, and at times dishonest. Does it matter? Isn’t it
the job of internal auditors to carry out their audits despite difficulties? Isn’t it their job to uncover
what was not apparent or was covered up, to disclose inefficiency, ineffectiveness, errors, poor
judgment, or poor work? Isn’t it their job to report objectively what they found?
The answer to all these questions is “yes.” But why make the job more difficult than necessary? Why
do it in a spirit of animosity when it can be carried out with an attitude of cooperation and
helpfulness?
The conflict in relationships was compounded by the auditors’ move from only financial audit
matters into the review of operations. Even though the client’s fears and distrust may not keep
internal auditors in an accounting area from achieving broad audit objectives, the internal audits of
operations to determine efficiency and effectiveness present different and usually more complex,
personalized, and judgmental problems.
When internal auditors perform comprehensive audits of operations, they cannot possibly be as well-
informed about those operations as a financial auditor in a financial department. Operating processes
may be technical, unfamiliar, complex, and bewildering. The operating staff may speak a language
and use terms that are foreign to the internal auditors. However, any corrective action they recom-
mend must be precise and in terms that the client and management can comprehend. The corrections
must be results-oriented but not necessarily dictate how it is to be done. The corrective action
required is likely to demand the wholehearted commitment of operating personnel if it is to be
effective. Yet, operating personnel are not accustomed to internal auditors and the internal
audit process, and thus are less likely to accept their recommendations. There must be confidence in
the internal audit process and an understanding that the suggested modifications will improve the
client’s operations and improve the organization’s well-being.
Stephen Keating, president of Honeywell, Inc., saw the importance of cooperation between the
internal auditor and client when he said, “Real progress cannot be made in an environment of
conflict and friction…. Finding the trouble is only half the battle — the other half is putting
recommendations to work. This requires understanding and confidence.”11
W. G. Phillips, also a corporate president, said that the internal auditor “must approach his job in a
constructive manner, recognizing that client mistakes are guides for improvement, not crimes…. He
must consider himself a partner with those involved in the audit, not an adversary.”12
The ability to deal effectively with others goes beyond pleasant relations with people being nice to
each other. It requires deep knowledge of the subject matter at hand and the ability to get the job
done with the least adverse effect on others.
Harmeyer cited a psychology study of 4,000 employees who had been dismissed.13 The study
showed, surprisingly, that only 38 percent had been discharged for technical incompetence. Almost
two-thirds, 62 percent, had been discharged for social unsuitability. Yet most organizations,
including The IIA, tend to concentrate on technical skills.14
Larry Sawyer often stated, “What profits the auditor to develop a sound finding only to see it bitterly
contested by operating management because the auditor, wittingly or unwittingly, created a
feeling of conflict and distrust? The matter becomes a personal problem; the contribution to
organizational benefit is ignored.”
Examples of Good Relationships15
Mints’s research study amassed abundant evidence of the importance of conducting internal audits
without animosity. His study included test audits in which some internal audit teams used a cool,
superior, impersonal style while others used a participative, teamwork approach. After each audit,
clients were asked to evaluate the auditors in terms of their audit style. For example, did they regard
the auditor as a police officer or a teacher? After the audits had been made, after the auditors had
been evaluated, and after sufficient time had elapsed for the effect of the audits to be known, one of
the internal auditors involved in the study wrote to the researcher:16
Within six months of the completion of an audit, the clients send a memo to the corporate
controller and division manager in which they report action taken or otherwise. We noted
a direct correlation between the client ratings of the auditors (and the corrective action
taken and reported) in these replies. When the auditors were highly rated, action was
normally taken on practically all items, and vice versa. Since motivating personnel is
one of our major objectives, I’d say this is a most important finding, which substantiates
our need to improve auditor acceptance by the client. (parentheses added)
The research study demonstrated, as clinically as such studies can, that poor behavioral relations
defeat the audit purpose and good relations promote it. Two further examples from the study
offer more evidence of this conclusion (it is not what you say but how you say it):17
One auditor who used the cold, aloof style performed an audit that was professional and
technically outstanding. It was characterized by imaginative and potentially profitable
work. Yet eight months after the audit, the operating organization had not implemented
the audit recommendations. The operating people were apparently seething over the
methods that the auditor had used.
On the other hand, in an audit that followed — in which the cooperative approach was
used — the controller of the division audited called the director of internal auditing to
compliment him and to say that the operating people were enthusiastic about
implementing the suggestions. The audit director was convinced that the differences in
style were responsible for the diverse results.
Another internal auditor (a manager) also evaluated the results of the audits conducted for a research
study. He was able to say without reservation that the results obtained from the warm, empathetic
style were significantly better than those obtained from the cold, reserved style. He also said that
one of the sad things coming out of his correlation was that, from a technical point of view, the
work performed by the reserved auditors was judged superior in some respects to that performed by
the empathetic auditors. Yet the results from the empathetic audit group showed that management
accepted and implemented their ideas more readily. He concluded:18
Putting it another way, the results of our audits depend a good deal on how we are
perceived by others, rather than how we perceive ourselves. Further, we can positively
influence the “how we are perceived by others” by getting ourselves involved with the
clients, by having empathy with them, and by considering and emphasizing what’s best for
them rather than for us.
Internal auditors should not think that a high status in the organization will shield them from the
effects of poor client/auditor behavioral relations. Macher reports a study of 21 executives who were
fired or forced to retire. The chief reason cited was poor interpersonal relations. The three most
frequently named factors were “insensitivity to others,” “cold/aloof,” and “betrayal of trust.”19
There seems to be little doubt that intelligent, imaginative internal audit work, in and of itself, is not
enough to ensure that recommended improvements will be made in operations. Clients must want to
implement the audit recommendations. So, audit style and method of communication — the ability
to influence and persuade others — may be as important as technical competence.
Relations between the internal auditor and client may improve if the auditor, the expert on control
and risk, appreciates the differences between imposed controls and self-initiated control. The
principle of self-initialed control requires that a staff group never be the primary instrument for
directing. Rather, the staff group, the internal auditors, should act and be perceived as a means of
transmitting the good reasons for the needed control procedures. They should seek to assist the
manager’s control of their activities. This assistance includes informing operating personnel when
they need help, but it also includes helping them get themselves under control and motivating them
to want to do so. Internal auditors are in the middle. They find themselves between management
controls on the one hand and those who are being controlled on the other. The way they conduct
themselves — as helpful buffers or abrasive forces — may mean the difference between effective
and ineffective operational audits.
Keys to Behavioral Success
An article by Ratliff and Brachner in the February 1998 issue of Internal Auditor20 addressed the
subject of relationships in internal auditing and insightfully observes, “People generally will entrust
their welfare only to those who are helpful and nonthreatening.”
This paradigm describes the intended attitude that progressive internal auditors have and have been
trying to develop in the minds of their clients. Ratliff and Brachner, after considerable research,
determined that to achieve successful relationships, two criteria must be met:
1. All parties must benefit from the relationship when the purposes therefore have been achieved,
and
2. The relationship must be mutually pleasant.
They go on to say that four basic conditions must be present:
1. An interaction of purposes or interests: either the same interest, or a symbiotic relationship.

2. Mutual trust — no threats.
3. Mutual respect based on competence, integrity, and responsibility.
4. Adequate means for conducting the relationship:
• The existence of a mutually agreed product or service.
• Effective communication.
• Good manners.
• Administrative support.
Ratliff and Brachner designed a program relating to their basic philosophy of the development of
relationships. The program included:
1. “Reach an agreement with management regarding the need for an internal audit and the use of
its results.
2. Work with management to identify the key relationships to be audited.
3. At the time of each interview, explain to the (interviewees) the purpose of the audit.
4. Conduct the interviews (using an interview schedule).
5. Based on the results of the interviews, classify the relationships into four categories (healthy,
somewhat troubled, severely troubled, and dead — diagnose the problems of the troubled and
dead items).
6. Search for common sources of difficulties.
7. Report the results without identifying any individual or individual relationship.
8. Follow up and monitor the quality of key relationships.” (parentheses added)
It is quite probable that the conduct of such an audit will bring essential points that can improve
relationships to the attention of the auditors. These findings substantiate our experience in several
internal audit assignments.
While the internal audit relationship needs to be “helpful and nonthreatening,” maintaining a profes-
sional distance is equally important. A recent study in New Zealand 21 discussed the proposition
proposed by Burns et al. 22 and Rittenberg and Covaleski23 that “intimidation and cruciality” have an
impact on both management and the client as to the effectiveness of the internal auditor’s functional
activities. They identify “intimidation” as the effect of the “perceived importance and complexity
of a discipline” and classify it as a certain “mystique” intentionally practiced by internal auditors
as a result of their background, knowledge, and experience. They identify “cruciality” as the impact
internal auditors have through (1) the power of their recommendations to establish internal controls;
and (2) the informal pressure resulting from them as “authority pressing for action.” Rittenberg and
Covaleski describe this to be “the possession of a body of abstract knowledge.”
It is thus very possible that in the consciousness of some clients, the internal auditor possesses these
characteristics, creating a halo effect of “internal controls expertise”:
1. Knowledge of various types and theories of controls that have proved effective for similar
exposures.
2. The ability to relate the client’s risk exposure to one or more of these controls.
3. Experience in analysis to evaluate the “fit” of the possible methods of control to the problem at
hand.
We have recently seen this procedure to be effective in the acceptance of a recommendation for
a “clearance account” to assure the receipt of funds from a bank to cover previously incurred
expenses for which the client should have been notified — a simple solution that had not occurred to
the client.
Burns and others suggest this expertise as a “mystique” and identify it as an “expertise bordering on
the sublime over a work ideology that is baffling but essential.” It is this concept in the mind of the
client that can cloak the internal auditors with the “ability to solve problems” and that will ultimately
cause the client to voluntarily identify these problems — provided the internal auditors assure they
will give credit to the client for the identification, and recognition of a problem solvable with the
assistance of the internal auditors.
This mystique should be disassociated with top management because if not, the auditor becomes
associated with top management and loses the power of having a unique collection of personal abili-
ties to present both to the client and to management.
The “intimidation model” caused essentially by the mystique approach instills in the client’s mind
the possibility of assistance by a specialist, much as one goes to a physician for the diagnosis of
physical problems. This “aura of assistance” is especially bolstered by the internal auditors’
reputation of helpfulness with former clients and frequency of associating the improvement as a
product of the client’s suggestion.
Burns is cited as recommending that internal auditors:
• Be expert in evaluating and testing internal controls (accounting controls are mentioned;
however non-accounting controls are just as important).
• Be expert in identifying and assessing risk and risk management.
• Remove himself/herself from the “jack of all trades — master of none” of operational
auditing. (This is questionable because, based on broad experience, the internal auditor
can bring this competence to the problem as a component of the “mystique.”)
• Should ensure that the audit is supported by an authority document such as a charter from
top management (and that the organization’s experience indicates that the charter is
strongly defended by top management). (parentheses added)
Example Three: Misplaced Confidence in Internal Auditors

In 1996, Alan Rabinowitz published a thought-provoking article in The CPA Journal relative to
public confidence in auditors. In that article he discussed certain behavioral aspects relative to
auditor- management interactions.24 He identified the lack of experienced supervision as one of the
problems resulting from the lack of proper supervisors who were elevated to the executive level.
However, he also spent some time discussing the mental attitudes of the staff.
His theory was that new staff auditors “viewed their largely routine and seemingly basic work as a
necessary evil and ‘rite of passage’ normally preceding responsible and interesting assignments.”
They wrote off this element of the audit process as being beneath their abilities. They tried to
graduate to better work as soon as possible and, thus, they “lacked the commitment to delve into
and prop-
erly comprehend the transactions and events occurring in the audited entity.” Although Rabinowitz
related this concept to public accounting, it could also hold for internal auditing.
Rabinowitz also believed that auditors “require greater skill in dealing effectively with people whose
work they audit.” His position is that colleges and universities spend too little time in this area. He
believes that matching these behavioral skills between the auditors and the client should be
compared not only for ease of audit relations, but also for eliminating this “disparity between the two
that mounts as does the chance for effective cover-up.” He believes that “people skills” are important
for successful auditing. He also believes that the educational process should devote “more extensive
attention to behavioral aspects of auditing…as one of the critical issues facing the auditing
establishment.”
He also describes a sense of complacency on the part of auditors who are so tied up in their tradi-
tional work that they do not “perceive or react to some newly present conditions.” They tend to “rely
on approaches that served well in the past and are heartened by the continued presence of employees,
managers, and executives with whom they never experienced serious problems.” He considers this
complacency to be a behavioral issue that should be cautioned against during the auditor’s basic
training.
Example Four: Impact of Different Client Management

Styles on Internal Auditing Behavior
Almost any internal auditor with experience becomes aware of the fact that the characteristics of
the client as to attitude will require a modification of the approach to and the conduct of the audit.
Frequently this information can be obtained from other auditors who have audited in the environ-
ment. Often the information is available in the “permanent file” for the client organization. If this
is the client’s first audit, or if a new manager is in charge of the unit, the internal auditors must be
immediately observant of the prevailing style of management they will encounter and conduct the
audit as harmoniously as possible. Even the most difficult client managers can become adherents to
the audit process if approached with care and are convinced that the audit is being performed in their
best interests.
There are four management styles that are usually
recognized:25 Theory X Autocratic
Theory X1 Custodial
Theory Y Supportive
Theory Z Collegial (sometimes called Theory
J) Comments on the styles:
Theory X: Rules are explicit; authorizations are centralized; communications, formal

and informal, are centralized to those in authority.
Theory X1: Similar to the autocratic Theory X except for an attitude of “taking care”
of the employees rather than directing them — use of an “instructive tone.”
Communication is similar to Theory X except there is more “selling.”
Theory Y: Usually a decentralized decision-making and participative management oper-

ation. Can encourage participation by the client in some cases. The objective
is education. Periodic communication and reporting is usually effective.
Theory Z (J): Learning by doing is common. Control mechanics are for information rather
than “dominating decisions.” Emphasis is on the continuing education of
participants so that the employee can become a colleague” in the
decision- making process. Management frequently uses a “quality circle” to
motivate, improve morale, and develop participants. The circle also improves
creativity and participation.
Obviously, each of these theories requires a different approach and attitude by the internal auditor
toward the client. However, there can be exceptions. In a case where the management was a type
“X,” the internal auditor convinced the manager to allow an interim conference in his, the manag-
er’s, interest. The result allowed the manager to direct the cessation of a practice that could have
brought discredit on his organization (and on himself). The faulty practice was discontinued and was
so reported in the audit report. The Theory X manager became an adherent of internal auditing and
asked for additional auditing assistance.
The Wallace’s have prepared a chart relating the various management styles to conferencing and
reporting approaches. It is reproduced on the following page.
Management Style Reflected by Internal Audit
Conferencing and Theory X Theory X Theory Y Theory Z

reporting Autocratic Modified Supportive Collegial
dimensions Custodial
Beginning audit Authorization: Instructive: Dialogue: Mutuality of
conference This is what This is what Here is what interest: How
we plan we plan we plan: any should we
suggestions? proceed?
Interim conferences Only if further Only if further Discuss status Establish a
direction of instruction of and important quality circle
auditee is needed auditee is needed findings and approach with
request input regular
meetings for
discussion
Closing (exit) Summarize the Summarize the Discuss the Jointly draft
conferences report in a report in a planned report the report
factual manner consulting and permit
manner input
Formality of report Very formal Formal Informal and Informal
formal
Method of reporting Written Written Oral and written Oral and
jointly written
Timing of reports Final report Final report Interim and final Interim and
final
Education of auditee None required Some advisable Some necessary Essential
regarding the audit
Wanda A. Wallace and James J. Wallace, Managerial Auditing Journal, Vol. 3, Issue 2, pp. 17–20. © Emerald
Group Publishing Limited. All rights reserved. Reprinted with permission.
Internal auditors should try to develop a relationship with the entire client community of helpfulness
through the internal audit process. It is also interesting to note that the client also has an oppor-
tunity to improve the internal auditors’ relationship through the conferencing approach and
more formally through the auditor evaluation process that is becoming common in progressive
internal audit operations.
References
1
Pickett K. H. Spencer, The Internal Auditing Handbook (Chichester, UK: John Wiley, 1997), 82–85.
2
Sridhar Ramamoorti, “Internal Auditing: History, Evolution, and Prospects,” in Andrew D. Bailey,
A.
A. Gramling, and Sridhar Ramamoorti (eds.), Research Opportunities in Internal Auditing
(Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 2003).
3
Portions of this chapter were adopted from Sawyer’s Internal Auditing, 5th Edition, Chapter 28,
published by The Institute of Internal Auditors in 2003.
4
N. C. Churchill and W. W. Cooper, “A Field of Study of Internal Auditing,” The Accounting Review
(October 1965), 267–281.
5
Frederic E. Mints, Behavioral Patterns in Internal Audit Relationships, Research Committee Report
17
(Altamonte Springs, FL: The Institute of Internal Auditors, 1972), 37.
6
D. K. Clancy, Frank Collins, and S. C. Rael, “Some Behavioral Perceptions of Internal Auditing,”
The Internal Auditor (June 1980), 50.
7
R. K. Mautz, Peter Tiessen, and R. H. Colson, Internal Auditing: Directions and Opportunities
(Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation, 1984), 120–124.
8
9
R. J. Ferrier, “One Step Beyond Peer Review,” The Internal Auditor (October 1985), 35–38.
10
Sawyer et al., 1233.
S. F. Keating, “How Honeywell Management Views Operational Auditing,” The Internal Auditor
11
(September/October 1969), 43–51.
W. G. Phillips, “The Internal Auditor and the Changing Needs of Management,” The Internal
12
Auditor (May/June 1970), 55–56.
W. J. Harmeyer, “Some of My Best Friends Are Auditors, But….” The Internal Auditor (January/
13
February 1973), 8.
14
James R. Wilson and Donna J. Wood, Behavioral Auditing Series (Altamonte Springs, FL:
The Institute of Internal Auditors, 1989).
15
Sawyer et al., 1234–35.
16
Mints, 60.
17
Ibid, 67.
18
Ibid.
Ken Macher, “The Politics of People,” Personnel Journal (January 1986), 50–53.
19
20
Richard L. Ratliff and James W. Brachner, “Relationships,” Internal Auditor (February 1998), 37–
43.
Karen Van Peursem, “Internal Auditors’ Role and Authority,” Managerial Auditing Journal, Vol.
21
19, No. 3. (2004), 378–393.
D. C. Burns, J. W. Greenspan, and C. Hartwell, “The State of Professionalism in Internal Auditing,”

22
The Accounting Historical Journal, Vol. 21, No. 2 (1994), 85–116.
Larry Rittenberg and M. A. Covaleski, “Internalization Versus Externalization of the Internal Audit
23
Function: Examination of Professional and Organizational Imperatives,” Accounting, Organizations

and Society 26 (2001), 617–41.
24
Allen M. Rabinowitz, “Rebuilding Public Confidence in Auditors and Organizational Controls,”
The CPA Journal (January 1996).
Wanda A. Wallace and James J. Wallace, “Audit Reporting and Conferencing for Different
25
Management Styles,” Managerial Auditing Journal 3, No. 2 (1988), 17–20.

PART II
BEHAVIORAL SKILLS
55
CHAPTER 5
COMMUNICATIONS
Internal auditors listen to obtain information. They talk to impart information. They write to commu-
nicate findings. Communication is the transfer of thoughts from the mind of one person to the mind
of another. Perfect communication is an utter impossibility. No two people have the same history,
education, background, training, parents, teachers, and colleagues. All these elements will affect
how listeners perceive what they hear, how speakers express what they say, and how writers
compose what they mean. Communication is the foundation on which behavioral relationships are
built and experienced.
Only when internal auditors truly understand the complexity of good communication can they begin
to achieve some reasonable degree of quality behavioral contacts. Meetings with the client, either
to introduce, make inquiries, convey findings, or impart recommendations, can go well or poorly —
depending in large part on how the internal auditor communicates during the preparation, conduct,
and conclusion stages of the audit.
Communication During the Audit1

Internal auditors who seek client cooperation need to plan their approach carefully. They must recog-
nize that the behavioral effects of communications occur during all three phases of the audit: (1)
anticipation of the audit, (2) conduct of the audit, and (3) preparation of audit findings.
Anticipation of the Audit
Positive steps on the part of internal auditors can defuse any behavioral anticipation and mystery
concerning the audit. They should keep surprise audits to a minimum, restricting them to such activi-
ties as handling cash and negotiable securities or where fraud is suspected. Normally, they
provide information in advance to clients, explaining the audit process and how to prepare. They can
emphasize the positive results of an audit to clients and the benefits clients can expect.
Burnett regards auditor/client relationships in terms of two client motivators: fear and recognition. 2
In these relationships, the client has fears of losing his or her job, of receiving an adverse evaluation,
or from the unknown — the mysterious audit. Internal auditors can counter these fears by explaining
the audit process and removing the surrounding mystery.
Jarvis describes an approach that was used in a multi-branch bank.3 A written communication
was designed to give branch employees a capsule view of what internal auditors do and do not
do, and thus to put them at ease on the day when they hear someone say, “Here come the auditors.”
Similarly, other organizations have produced brochures describing the internal audit function,
the experience and background of staff, its contribution to the organization’s well-being, and its
normal method of operations.
57
Conduct of the Audit
During the conduct of the internal audit, people are often given a feeling of importance and
participation if they are asked person-type rather than control-type questions. For example,
questions such as:
• What tasks do you perform?

• What tasks does your immediate supervisor perform?
• What tasks do those directly under your supervision perform?
• Which of the people in your work group do you see most often outside of work?
• When you want a job done in a hurry, to whom do you turn?
This type of inquiry has additional benefits. It provides a window to information on the organization
chart. It shows the actual network of relationships that overlay the formal, structured
organization chart, and it helps the internal auditor understand not only how things are supposed
to work, but more importantly how they actually do work.
Preparation of Audit Findings
Internal auditors can counter fears of poor evaluations or threats by demonstrating fairness and
objectivity and by putting all findings into perspective, balancing the good with the not-so-good and
giving client staff credit for positive contributions to the operation and the audit process. To provide
recognition, auditors should take into account Maslow’s Hierarchy of Needs. This aspect is
discussed in some detail in other sections.
The internal auditors should possess sufficient expertise in analysis and the development of findings.
They bring a measure of organizational independence and objectivity to the audit. They also bring
the broad knowledge and perspective of overall goals and objectives. If internal auditors develop
respect by the clients, their findings and recommendations will be accepted, or at least thoughtfully
considered.
By giving due consideration of the client’s familiarity and knowledge in their communications, the
internal auditors can concentrate on what they are best at: analysis and development of findings.
They should, in most cases, leave to the client the details of the recommendations for resolving any
problems unearthed, though the auditors can assist, if needed. Clients acting against their will tend
to stay with their own opinions. Rather, for behavioral intent, proposed solutions should be stated
tentatively and generally, and the internal auditors should invite the clients to present their views on
how conditions could be specifically improved — joining the clients in a problem-solving
partnership.
Communication Aspects of Meetings

In the list of behavioral relationships between internal auditors and the client, communication is
probably the most important aspect. And within the area of communication, the conduct of meet-
ings is particularly important, especially the opening and closing meetings of the audit. 4 The opening
meeting sets the tone for the entire engagement. The closing meeting, with its discussions of findings
and recommendations, is probably the most sensitive because of its operational observations and the
potential aspects for future action dictated by what the audit has disclosed.
Preparing for the Opening Meeting
When internal auditors prepare for meetings, they should know what they are going to talk about and
be fully prepared on the subject so they are off to a good start with the client. They should
prepare agendas, review them, and rehearse them. Also, they should anticipate questions and prepare
answers.
The oral presentation portion should be professional, interesting, and persuasive.5 In developing
a presentation, internal auditors should be concerned with content, organization, and delivery:
Content must be behaviorally correct and error-free. It should be sufficiently complete so

that all major points are included, but not so long as to exhaust the listeners. The audience
should be considered and the detail should be appropriate to their perception. All illustra-
tions should be relevant and simple.
In the organization of the presentation, sufficient background information should be

included to set the stage and show the purpose of the presentation. The presenter
should clearly, from point to point, emphasize when a new subject is being brought up.
The conclusions should be clearly and logically related to the body of the
presentation.
The delivery should be made in an assured manner so that the presenter is always in
command. Movements and gestures should be natural and non-distracting. The presenter
should maintain eye contact as much as possible and speak loudly enough, clearly enough,
and slowly enough.
There should be a summary at the end of the presentation that is action-oriented and leads the client
to the comprehension of what is desired and a commitment to action.
Scheduling the contact at the right time is also important. Contact certainly should be avoided imme-
diately before or after lunches or vacations. Moreover, the historical tenor of past contacts
between the participants can affect the present contact.
The Opening Meeting
It is normal for the client to be apprehensive about the arrival of the auditors. It is human nature to
resent and be apprehensive about a review of one’s operation. Consequently, the opening meeting, if
conducted well, can reduce apprehension. If properly handled, it can even result in acceptance and
cooperation in the conduct of the audit. There should be a full and free discussion of the audit’s
objective, its general plan, and the hoped-for activities of the client as a cooperative member of the
audit team.
Larry Hubbard, former editor of the “Back to Basics” department in Internal Auditor, suggests that
the internal auditors ensure that the client understands the technical terms that will be used
during the audit, such as “internal control” and “risk.” He also suggests that the client be aware of
The IIA’s International Standards for the Professional Practice of Internal Auditing.
The intent of the opening or preliminary meeting is to put the client at ease and ensure that there is a
meeting of minds between the internal auditors and the client. The auditors should convince the
59
client
60
that the audit report could identify him or her (the client) as one who suggested areas where there
might be problems. Thus, the report can then identify the assistance of the client with the work of the
internal auditors to arrive at the potential resolution of problems and instituting needed corrective
measures.
The Closing Meeting
At the completion of the audit there are two functions that serve to enhance the relationship between
the internal auditors and the client. One is the client’s evaluation of the audit process. Hubbard
suggests using the following questions: “Were we professional? Did we keep you informed as to the
status of the audit? Did we ask for your input and participation during the audit? Did we treat your
personnel with respect?”
The second function could be considered as setting the stage for the internal auditors’ return. There
are several suggestions that experienced internal auditors believe have behavioral value:
• There should be no surprises.

• The word “results” should replace “findings,” and the phrase “deficiency finding” should
never be used.
• The descriptive language of the report is not cast in concrete. If the client has better words
without the loss of the basic concept — use them. At least give the client the opportunity
to suggest.
• There should be “balanced reporting.” Give credit for progressive, affirmative results.
How did the client voluntarily improve things — controls, risks, performance?
• Cognizance should be given to client disagreement. If a rebuttal is used, it should be given
in good taste.
• Laud the client’s cooperative behavior. Give examples of assistance and the progressive
results achieved.
• Use the words “…could be improved” in place of “…the client is not performing as well
as he or she should perform.”
Imaginative internal auditors can improve and add more positive relationships. It is often a case of
empathetic feelings — what behavioral aspects will make the audit process more productive?
Meeting Feedback
Without adequate feedback, both the client and the auditors may be unsure about whether the objec-
tives of a meeting were met. If the purpose of the meeting was informational, the auditors may ask
the client to summarize the more significant points. If the objective is to get action started or
completed, ask for a commitment — who will be responsible for the action, when can it be
completed, and what are the plans for the action?
Interviewing
In the process of interviewing, specialists in the art of communication have suggested, as a means of
breaking the ice and to develop background information that might be useful in the audit process,
that
auditors use what are called people-type questions. They are general in nature and are used to start
the flow of information from the interviewee. The list below (that includes four previously
mentioned) is not exhaustive, but readers will observe that they become more complex as the series
proceeds.
a. What task do you perform?

b. What tasks does your immediate supervisor perform?
c. What tasks do the people under your supervision perform?
d. When you want a job done in a hurry, to whom do you turn?
e. Who do you contact if you believe your job could be done more efficiently?
f. Who do you contact if you believe that there are ethical problems?
g. Who do you contact if you believe that there might be improper activities taking place?
Effective Use of Questions6
Questions are a basic ingredient of the interview process. Jeffords, Thibadoux, and Scheidt have
described7 a series of other uses for the communicating process that could well be used by internal
auditors. The writers identify the varied uses of questions as:
• Controlling the communication process.

• Focusing attention on important aspects.
• Motivating immediate action.
• Minimizing conflicts.
• Facilitating negotiation.
• Defusing emotional reactions.
• Helping to persuade the client about the soundness of the questions being posed.
However, the writers suggest some behavioral methods that will make the questions and the answers
more useful and meaningful. First, they suggest that the questioner:
• “Always ask for specifics.” First, identify what should be described, break that item into
specific details, and then ask about them.
• “Pay attention to what is not said.” Use “open-ended” questions rather than “yes/no”
questions. Use the words how, when, where, and so on to get the full answer.
• “Guard against unwarranted assumptions.” Do not accept a quick reply. Ask for
details. Investigate.
• “Pay attention to the meaning of words.” Be sure that the client’s interpretation of a word
is the same as the auditor’s.
The writers then discuss the use of questions to “minimize conflicts and misunderstandings.”
Through the use of compromise and focusing on goals, the auditors can help by using the questions
approach. They identify the usual sources of conflicts as:
• Conflicts over facts.

• Conflicts involving feelings and perception.
• Conflicts involving personalities.
• Conflicts involving values.
In each of the cases, the internal auditors should use behavioral questions to explore the feelings of
the parties and the sources of the conflicts, the client’s perceptions, and the basis for problems.
Asking for examples of the issues in contention can frequently disclose misunderstandings or
perceptions that may be the cause of the conflict. To minimize conflicts:8
• Do not use questioning behavior that is aggressive; that is, tone of voice, attitude, critical
approach, sarcasm, and so forth.
• Consider compromise.
• Try to resolve conflicts — get at the root cause.
The questioning approach in interviewing should clearly indicate to the client that the internal audi-
tors have not taken a position, but are trying to find the source of conflict intending on reaching
resolution. Questioning should be sincere and “humble” and not defensive or didactic. As to
“values,” the writers themselves say, “Differences in values do not necessarily preclude productive
working relationships — individuals can simply agree to disagree on core values.”
Jeffords et al. describe behavioral questioning as a communication tool of persuasion and

negotiation. For instance, in the process of recommending an improved method of operation, the
internal auditors, through the imaginative use of questions, can lead the client to the desired
solution by allowing the method to “jell” in the client’s mind through his or her answers. By asking
the client to describe the problem and then exploring by using questions, the internal auditors and the
client can actually come up with the “client’s” solution to which he or she is committed through
rights of “ownership.” The auditors ask the client to defend the solution and the client convinces the
auditors of the value of the “new” solution to the problem. The auditors can pose questions and the
client defends the solution that becomes “the result of the audit process.”
Internal auditors also can use communication as a tool in negotiation, essentially in

understanding the position of the client as to needs, sensitivity of “private information,” self-
interest, proprietary information, and so on. The auditor should try to work with the client in
trying to protect that position while acknowledging the overlying organization’s needs.
• Use questions to guide the client to come to the conclusion that the internal auditors are
trying to sell.
• Act as a salesperson by creating confidence and asking questions to lead the client to
arrive at the position the internal auditors are trying to sell.
• Determine through questions the reasons the client may not want to come to the internal
auditors’ conclusion. Then, again through questions, try to weave these reasons into a
fabric that will resolve the situation that the internal auditors believe should be corrected.
Communication questions are a source of information and knowledge for internal auditors. They
provide an arsenal of potential material to be used in the fulfillment of the audit objectives.
“You don’t learn by talking; you learn by listening.”
Jeffords et al. emphasize effective listening by understanding the significance and meaning of the
speaker’s words. Internal auditors should also use nonverbal behavior through close attention and
neutral body language and listen for feelings as well as facts; be uncritical and nonjudgmental; learn
to listen reflectively; and periodically summarize verbally what the speaker has said for three
reasons: to show they were listening, to ensure that they understand the facts, and that they were
listening with an open mind.
The Cognitive Interview
Silverstone and Sheetz have identified what is called The Cognitive Interview, which was developed
in 1984 by Dr. R. Edwards Geiselman, Dr. Ronald S. Fisher, and several colleagues at The
University of California, Los Angeles (UCLA). The interview process is based on a series of
behavioral hypotheses:9
1. Remembered information is stored in “records or discrete units containing event-relevant data.”

The “records are [mentally] indexed by headings and may be searched by using designations
until the matching record is found.” (parentheses added)
2. Alternatively, “instead of discrete units, our memories are comprised of a network of associa-
tions,” Thus, it is possible to “access the memories from several different places.”
3. This model is known as the “schema theory.”10 Familiar events have a script that guides how
they are encoded in our brain in a series of slots — some familiar, some new. The brain selects
the slots.
The cognitive interview is a series of approaches to exploit the three above models of encoding and
retrieval to assist the interviewee to recall event information. There are three phases of the interview:
1. Free reporting
2. Questioning
3. Second retrieval of information
The free report is when the interviewee is encouraged to do the talking without interruption, if
possible. In phase two, the interviewer asks questions based on the interviewee’s comments in
phase one. In phase three, the interviewee is asked to make a second attempt so as to fill in areas
not completely covered in phase one. During the three phases, the interviewer should try to jog
the interviewee’s memory to mentally recreate the situation, visually or otherwise, as an assist
device to recall elements. This part of the process can be followed by specific questions about
various aspects of the situation.
The interviewer should be aware that in recall there are two types of error that the authors identify;
that is, errors, mistakes of fact, and confabulations, when the interviewee “constructs a memory that
did not occur in the first place.”
Rapport between the interviewer and the interviewee is extremely important. There must be a close
bond and there should be a high “comfort level” for both the parties. Some of this rapport can be
achieved through “Kinesic Mirroring,” where the interviewer subtly uses such behavioral things as:
• Body position — to emphasize contact, yet authority.

• Leg, hand, and arm positions — to emphasize points; movement to retain attention.
• Subtle body movement — to retain attention; to achieve closeness contact.
• Tone of voice — varied to retain attention; to emphasize points.
• Speed of speech — moderate to ensure understanding; periodic pauses to capture attention.
• Language matching — with that of the client.
Care must be taken, however, that the alteration is not considered mimicry. Eye movement or
“eye assessing cues” reflect the interviewee’s behavioral “data processing orientation.” This is
that eye movement to specific spatial areas when accessing information — “their preferred mode of
represen- tation.” For example:
• “People move their eyes up at an angle when remembering pictures.

• “People look to the side when recalling past sounds.
• “People look down at an angle when recalling kinesthetic or felt situations.”
If the interviewee “consistently looks up and to the left, he is seeing a picture.” If he “looks down
and to the right, he is probably assessing information in a kinesthetic manner.” If he “looks to the
side, he is probably an auditory-oriented thinker.”
Thus, when asking questions, the interviewer should try word selection to stimulate the interviewees’
visual recall behaviorally. So:
• For the visual-oriented interview use:

How does it appear? How does it look? How did things appear in your mind?
• For the auditory-oriented person:
How does that sound? How do you hear that?
Put the questions into the interviewee’s normal frame of reference. This is “language matching”
without using the interviewee’s same words.
References
1
2
R. R. Burnett, “Does Management Style Matter?” Internal Auditor (June 1983), 16–19.
3
J. E. Jarvis, “Here Come the Auditors,” Internal Auditor (August 1980), 43.
4
Larry D. Hubbard, “Opening & Closing Meetings,” Internal Auditor (February 2004), 27–29.
5
Sawyer, 1244.
6
Ibid, 1248.
Raymond Jeffords, Greg Thibadoux, and Marsha Scheidt, “The Power of Questions,” Internal
7
Auditing Report (February 2003), 1–8.

8
Raymond Jeffords, Greg Thibadoux, and Marsha Scheidt, “Utilizing Questions in the Audit
Interview,” Internal Auditing (January/February 2003), 14–20.
9
Howard Silverstone and Michael Sheetz, Forensic Accounting and Fraud Investigation (New York:
John Wiley & Sons, 2004), 138–48.
10
See Roger Schank’s extensive work on schema theory.
CHAPTER 6
NEGOTIATION
Behavioral Aspects of Negotiation

Negotiation is a process of give and take. It is essentially a compromise between parties where both
win. Interestingly enough, in some cases, the client can achieve this by perfecting the auditors’
proposal, in which case the win for both the auditors and the client is greater. Knowledgeable
auditors can enhance reputation and personal feelings of accomplishment, especially if the matter is
presented as a way to improve the position or reputation of the client. A case, previously discussed,
comes to mind where the manager’s subordinates were willfully disregarding government
regulations regarding the forward acquisition of excess construction materials. The manager was
informed by the auditor on an informal basis during the course of the audit and allowed to correct the
situation. He graciously gave credit to the auditor, who, in turn, indicated the prompt corrective
action taken by the manager in the audit report. This type of action consisted of immediate
negotiation; the problem was promptly resolved.
Negotiation between internal auditors and the client can relate to various issues, some of which are:
• Cause of problems.
• Financial or operational impact of problems.
• Strategic impact of problems — operational or financial.
• Identification of personal or organizational responsibility.
• Potential corrective measures.
The behavioral factors relating to the internal auditors that may have an impact on problem
resolution may be:
• The nature of their previous experience regarding the current issue. Past experience can be
a positive or negative.
• Their educational background, which also can be a positive or negative.
• Their position in the internal audit hierarchy.
• The anticipated impact of the decision on the financial and operational reports of the
concerned unit and the management of the organization itself.
• The anticipated impact on the reputation of the internal auditors as to:
- Knowledge of the issue in question.
- Knowledge about alternatives.
- Negotiation ability — compromise concepts.
In each of the above, the internal auditors anticipate the impact on their reputation and status as
internal audit professionals and as mediators of issues of financial, operational, or strategic impor-
tance. This feeling of personal impact on the final resolution tends to remain close to the surface of
67
the internal auditors’ consciousness. The concept of negotiation is compromise — a win-win

position. Imagination, knowledge, logic, and goodwill can accomplish much.
Negotiation Strategy
The internal audit process is a complex web of negotiations. After all, internal audit’s role is to
negotiate positions for different internal stakeholders. The presentation in the audit report is the
prime statement. When the client has no problems, negotiation is silent, though probably it has
been conducted informally throughout the entire audit process. In constructing the report and in the
personal contacts and discussions preceding the report issuance, the internal auditors have been
consciously negotiating during the audit by their presentation of the details of the findings; that is,
the criteria used, the conditions found, the causes of problems, the impact of the conditions on the
organization, and the recommendations for improved operations.
During the early conduct of the audit, internal auditors need to analyze the client’s attitude about the
audit process: friendly or belligerent; open to ideas or resistant; egocentric or broad minded; precise
or vague; and so on. Thus, the internal auditors can present the ideas that will ultimately be in the
audit findings in a way that the client can consider and adopt them, possibly with modifications. In
most of these cases, the negotiation takes place through a series of informal conversations — not in a
formal sit-down meeting. In many cases, a question that seems innocent can start the client thinking,
and the concept of an improved condition can emerge almost automatically.
An article that appeared in Internal Auditor listed eight valuable suggestions for internal auditors:1
1. “Don’t make all your demands up front.” Do not shock or overpower the client. Gradually
introduce the issue.
2. “Don’t reveal your true audit deadline to others.” Don’t give the client an excuse to delay
the audit, with the hopeful thought that as the audit comes to a close, you, the auditor, will
“compromise.” If the deadline is known, indicate that extensions are possible or that final
arrangements can be handled subsequent to a “final date.” Keep loose.
3. “Take advantage of the good guy, bad guy scenario.” Let us say the “good guy” is the auditor,
the “bad guy” is the chief audit executive (CAE). In a difficult situation with a stubborn client
who may be averse to an audit finding, the auditors can empathize with the client’s perspective,
but then remind the client that the CAE is not likely to agree, giving the reasons why, of course.
Subsequently, the auditors might then suggest a compromise position and leverage the CAE’s
probable stance to move the client from his or her fixed position toward making a compromise
that is in the best interests of all parties.
4. “Rely on the power of competition.” Identify the fact that other departments are being
cooperative with the audit process and that the audit reports so indicate, with favorable
comments from the CAE. Suggest that you want to help him or her (the client) to also be
congratulated for assisting in a cooperative and productive audit engagement.
5. “Attack problems, not people.” In the language of the audit report, keep the comments focused
on the problem. Do not bring personalities into the discussion. For example: “The controls
established to assure prompt replies to correspondence were set several years ago, before the
institution of current technical improvements. The correspondence director realized this and has
already investigated and revised the control process and its standards.” Be hard on the problems
but soft on the people.
6. “Put yourself in the other person’s shoes.” If the client resists a change that the auditor recom-
mends, try to get the client to describe the problem. Then ask, “What do you think is the best
way to solve it? Why is it the best way? Are there any difficulties? Can it be done here?” Then, tell
the client that you will include his or her positive answers in the audit report with the comment
that, “The client identified the problem, analyzed it, and, with his management’s approval, has
resolved it.”
7. “Give recognition when due.” The examples in items 5 and 6 above also relate to this suggestion.
8. “Try the fait accompli tactic.” In cases where the client has already voluntarily recognized a
problem that would have been an audit issue, and has adequately resolved it, comment on it.
Give the client credit for “self-audit” and interest in operating efficiently and effectively.
When these approaches are carried out with candor and objectivity, the audit relationship can
become a productive process and, in most cases, result in a pleasant and constructive relationship.
However, again, we are obviously excluding forensic engagements.
Negotiation for Constructive Audit Outcomes

The concept of negotiation by internal auditors seems to some observers as an unnecessary aspect
of the internal audit process. In the first place, it is conventional wisdom that the internal auditors’
findings are beyond discussion and, when given the blessings of management, they become
directives. Frequently the implication is that the recommendation for change, sometimes called
corrective action, is a reflection of failure on the part of the client. The client may protest verbally or
in writing, and then the recommendation becomes a problem.
The concept of negotiation has become quite well known since Roger Fisher and his associates at
Harvard University introduced the subject and produced several helpful books that are well accepted.
They handle the subject as an important adjunct of psychology and sociology and describe how
negotiation fits into almost all facets of human relations such as in business, government, education,
science, religion, and even families.
Following are some of the basic criteria that Fisher and his associates describe so well:2
1. The Problem of Position

The internal auditor and the client each take a position relative to a finding. For example, the
issue is related to control, let’s say of commissions paid to salespersons. The client says that his
control is the sales manager who, he holds, is intimately acquainted with his salespersons. He
countersigns the commission checks. The auditor believes that for proper control, the
commissions should be
69
controlled based on a computer listing of sales per salesperson. The client claims the computer
work is an extra expense that he must assume (to the detriment of his bonus). The auditor tries
to convince the sales manager that wrongfully paid commissions could also hurt his bonus. He
also tells him that the computer listings can give him a better control over the salespeople’s
activities. And, he adds, the listings could be compared to salespeople’s travel expenses, an
added control. The internal auditor convinces the client that he or she is considering the client’s
well-being and that of the firm’s as well as his or her own. The benefit is three pronged: the
client, the firm, and the auditor.
2. Separating People from the Problem

The internal auditors, in checking inventories on a government construction job, found that the
field engineers, in order to save detail work on their part, were ordering materials in large
quanti- ties, some of which would not be used until the next year, a position that is against
government regulations, though it could be considered an efficient action (an example cited
earlier). The situation would be a “noncompliance with government regulations” finding
against the construction project. The internal auditor immediately went to the chief engineer,
who didn’t like auditors, to advise him. At a meeting the next morning, the chief engineer
castigated the field engineers and set up a control system that indicated the time element of all
concerned material inventories. He told the field engineers that, if the auditor had not advised
him, he and they would have been in trouble. The internal auditor and the chief engineer
together described, for the audit report, the situation and the corrective action taken. The action
precluded negotiation, though the advanced notice was an element of negotiation (the case
described earlier).
3. Focus on Interests, Not Positions

The internal auditor was reviewing the capital assets operated by a firm engaged in retail opera-
tions. The firm enjoyed a heavy holiday business and owned a warehouse in which to store the
holiday merchandise. The warehouse was empty for about 10 months. The investment and the
operating costs were considerable. The internal auditor explored alternative arrangements such
as (1) renting a short-term warehouse space, (2) leaving the holiday merchandise in vans and
paying short-term demurrage, (3) a combination of (1) and (2) and renting part of the
warehouse to others on a long-term basis. What are the positions?
The Auditor The Client
1. The warehouse is not productive on an 1. I control a large part of the firm’s

annual basis. investment (ego).
2. Short-term contracts for space can be 2. The space is always available. I
don’t made on an as-needed basis. have to make annual arrangements.
3. Estimates show it is less expensive. 3. I’m not sure it’s less expensive.
4. The firm doesn’t have to rent messy 4. The temporary rental space may be a
temporary warehouse space. mess.
5. Partial annual revenues benefits the 5. The partial rental tenants may be
firm’s bottom line. difficult.
6. Alternative space is always available. 6. I’m not sure how much space I need.
7. Demurrage for two months compared 7. Demurrage is expensive.
to occupancy costs for 12 months.
Each of the above items must be negotiated. The internal auditors must try to convince the
client that what is now a cost-consuming arrangement can be converted into a revenue-
producing arrangement for which the client will be credited (and may be rewarded).
4. Possibilities for Mutual Gain

The internal auditor, in his audit of the accounts payable operation, found a substantial number
of duplicate payments. In the audit last year there were also a large number of duplicate
payments. The auditor said last year that this was a clerical problem that should be corrected
and wrote a management letter to warn the client. (No mention in the audit report.) With the
same problem resurfacing this year, the auditor warned the client that the condition would be
now in the audit report. The client is aghast. “If it was a management letter item last year, it
should also be this year.” The auditor said, “Joe, why didn’t you set up a control last year so
that the condition wouldn’t be repeated?” Joe was incensed. “You are nit picking — auditing.”
He stormed out of the audit office.
The auditor called, “Joe, come back here. “I’ll tell you what, if you and I can agree on a control
to prevent this condition, I’ll also put that into the audit report. Can you come up with a good
reason why you didn’t initiate the control last year? If it’s reasonable, I’ll also report it.” This
give-and-take opportunity between the auditor and the client emphasizes mutual gain and was
happily accepted by Joe.
5. Using Objective Criteria

The internal auditor was directed to investigate the construction of a large warehouse that the
firm was planning to build. The internal audit activity co-sourced the investigation with an
engi- neering firm so as to use engineers on the audit investigative staff. The auditors and the
engineers reviewed the blueprints and plans. The engineer stated that the planned ceiling trusses
would be metal rods and that this was not acceptable because of danger to the firefighters in
case of a fire. The rods when heated would contract and pull the walls in on the firefighters.
The contractor (fixed price) complained that the alternative would be too costly in materials and
construction time. The internal auditor researched the problem and found a book by an
authority on the impact of construction on firefighting, which supported the engineer’s
contention. The contractor was convinced and, because of the auditor’s mention of potential
culpability and monetary damages and loss of reputation, he agreed to the change. The firm
also was convinced and the additional cost was shared half-and-half with the contractor in a
contract change order.
6. What if the Other Side Won’t Play (Shall We Dance?)

The internal auditor discovered by asking an innocent question 3 as to whether a collection of
electronic equipment in building 201 was a part of the Research Department’s equipment. He
was told that it did belong to the Research Department but that it was test equipment and had
been charged as an expense of specific tests and was not on the books at all. The auditor asked
what controls were exerted over the equipment. He was told none were because the equipment
was “charged off.”
The auditor said that some control should be exerted over the valuable equipment. The client
didn’t agree because it was not charged to him. The auditor asked if there was a memo card
control by unit of equipment. The client said “No.” It was test equipment and the value was
charged to the various tests. The auditor asked whose tests was the equipment used for. The
client said the tests were his. The auditor asked if he was responsible for the equipment. He said
he wasn’t because the equipment was charged off to the former tests. End of discussion!
The auditor thought a minute. He asked the client whether one component in setting his salary
was the total value of the research equipment he controlled. The client agreed that it was. The
auditor suggested that the total value of the test equipment could be capitalized and added to
his regular operating equipment with a corresponding accounting reserve (for test equipment)
netting the test equipment on the books to zero. The client saw the monetary advantage to him
and, though he would have to inventory it and be responsible for it, it would be to his advantage
to inventory the equipment and control it as he did with his other equipment. He agreed to set
up the controls.
7. Using Emotions as You Negotiate4

The internal auditor had completed the audit. The exit conference was set and the client,
the director of purchasing, had been notified. As the participants assembled, the internal
auditor noted that the director was absent but that he had sent a member of his staff, a recent
hire with a master’s degree but no experience, to represent him. The internal auditor was
furious at the slight and cancelled the meeting. He sent a memo to the director.
Dear Joe:
I was sorry that you were unable to attend our exit conference. In your interest, I
felt it best to postpone it.
During the audit I had a number of questions and your representative answered them
to the best of his ability. We noted his explanation in the draft report. We want to be
certain that he represented your position fairly.
Also, we have some recommendations that we want to discuss for some

improvements to your excellent operation. We also have made several favorable
comments on some new changes that you recently installed. We want to be certain
that we presented them properly.
We hope we can count on seeing you at our postponed conference on January 15.
Sincerely,
Bill
Joe quickly saw the “Xmas card,” and promptly showed up at the postponed January 15 exit
conference. The alternative could have been for the auditor to complain about Joe’s absence
to Joe’s superior. Joe could have been directed to attend. In such a case, Joe’s attitude probably
would have been antagonistic, defeating the very purpose of the exit interview.
A Negotiation “Road Map”
In The Seven Steps to Collaborative Negotiations, Joan Pastor5 provides a “road map” of the negotia-
tion process. The steps follow:
1. Prepare.
• Write down all your knowledge, information, facts, ideas, and feelings on what she calls a
“dump sheet.”
• Identify the outcome you want from the negotiation.
• Develop an alternative result you will accept.
• State your “bottom line” in the negotiation process.
2. Set the Tone.

• Establish what you will accept in a “win-win” procedure.
• Show concern, respect, and interest in the other party.
• Develop and use physical traits showing interest and concern at the beginning of the
meeting — listening, objectivity, brainstorming solutions.
3. Listen and Get Issues on the Table.

• Identify the information relative to the negotiation meeting.
• Have supporting documentation available. Release and use only what is necessary.
• Ask for client feedback.
• Use listening skills to show the importance of responses.
• Do not indicate blame; emphasize facts.
• Use different types of questions to get facts (what, when, why, how, damage control).
• Paraphrase what client tells.
• Use a benefit statement to show value of suggestions to client.
• Assume agreement on facts and findings.
4. Look for Areas of Common Ground.

• Identify areas of agreement; of disagreement.
• Emphasize positive elements.
5. “Shoot for Collaboration”

• Brainstorm for mutual gain.
• Stay focused on issues, not people.
• Each party is responsible for contributing to the problem.
6. Get Decisions on Paper.

• Spell it out.
• Listen for unexpected expectations.
• Check them out.
7. Close With Final Summary.

• Close meetings with final summary expectations, next actions to take, and deadlines.
• Reconfirm deadlines.
These seven steps are designed to provide all sides of the story from everyone’s point of view and
result in brainstorming options for mutual gain. They will be “using a lot of other positive
influencing and problem-solving skills as well.”
References
1
Raymond Jeffords, Melynda Carter, and Annette Hixon, “Assessing Internal Auditor’s Negotiation
Skills,” Internal Auditor (February 1993).
2
Roger Fisher, William Ury, and Bruce Patton, Getting to Yes, 2nd ed. (Boston, MA: Houghton
Mifflin, 1991).
3
Asking innocent questions has been described as “naïve skepticism.” It can be enormously helpful
for internal auditors to ask non-threatening and disarmingly simple questions.
4
Roger Fisher and David Shapiro, Beyond Reason: Using Emotions as You Negotiate (New York:
Penguin Books, 2005).
5
Joan Pastor, Conflict Management and Negotiation Skills (Altamonte Springs, FL: The Institute of
Internal Auditors Research Foundation, 2007).
PART III
BEHAVIORAL DIMENSIONS IN PRACTICE
75
CHAPTER 7
BEHAVIORAL ASPECTS OF FIELD OPERATIONS
Role of Participative Auditing

Participative Auditing
The concept of participative auditing 1 has been on the scene since the early 1970s when Frederic
Mints, one of the founders of The IIA, proposed a modification to the traditional internal audit
approach. The traditional process considered the client to be the passive receiver of the internal audi-
tors’ methodology. The internal audit staff determined scope, designed programming, performed
audit functions, made recommendations, and completed reporting. The client, as the object of the
audit, was generally unaware of the findings and recommendations until the fieldwork concluded
and the final draft of the audit report was prepared. Exceptions to this flow occurred when the
auditors asked the client staff questions during the course of the audit.
However, people are willing to help others when they feel they will share in the benefits — when
they are all working toward the same goal. Operating staff have less animosity toward budgets when
they participate in establishing them. People work more enthusiastically toward goals when they
help set the goals and they accept standards when they help set the standards.
The same is true of internal auditing. The fear, distrust, and mystery dissipate when auditors and
clients work together in a spirit of cooperation and self-evaluation.
Mints proposed some methods of establishing teamwork relationships so that clients might feel a real
share and interest in the audit projects:
For example, the truly participative auditor might do such things as: (1) take the clients
into his confidence at the beginning of the examination by discussing his program along
with his objectives and the reasoning behind his approach; (2) solicit suggestions and
assistance from them; (3) discuss all findings currently with those directly concerned and
actively seek their help in developing proposed solutions; (4) provide the clients with
interim reports of findings so that steps toward implementation of corrective action might
be taken before issuance of the final report; and (5) review his reports with all those
concerned at each level and carefully consider their suggestions for modification before
going to the next higher level. When he does not agree with their suggestions for changes,
he would explain his views and attempt to persuade them of the reasonableness of his
position.2
Also, we might add a sixth (6) item to the list: ask the client to identify early known problems that
can be investigated and resolved by the client and the auditors in a joint effort.
The conduct Mints suggests in performing audits would appear basic to establishing a useful
relationship between auditor and client. We believe, however, that under some situations, a truly
participative
77
audit could imply that operating personnel will personally take part in the audit itself. A modification
of this approach is when the internal auditor asks the client at the beginning of the audit whether
there are areas in addition to those in the proposed audit scope that should be reviewed — where
there are problems that have not yet been resolved. The auditor and the client can work on this
problem together and come to a resolution. In the audit report, the client is given credit for being
aware of the problem, assisting the auditor in its resolution, and instituting the corrective action.
Internal auditors must always guide and direct the audit since, in the final analysis, the audit opinion
is theirs. Their direction is essential to for ensuring independence and objectivity. But within that
framework, participation can still take place. It calls for aggressively involving the client personnel
in gathering information, identifying weaknesses, and correcting defects. This can and has been done
with some success.3
An organization president requested the audit of research and development (R&D) activities. The
people assigned to the audit reviewed the R&D organization’s methods and also interviewed
scientists and engineers in other divisions and organizations. As a result, the auditors were able to
construct a body of R&D standards that, if met, would provide evidence that the R&D activities
were being carried out in a professional, businesslike manner. Here, for example, are two standards
(from approx- imately 30):
1. The technological requirements of R&D should be identified, and the personnel responsible for
the work should have the requisite knowledge and skills in their technologies.
2. R&D managers should be provided with adequate systems of financial control to assist them in
accomplishing their goals and missions within allocated budgets.
Once the standards were developed, the auditors met with client personnel and convinced them to
work with them as a team. The clients would contribute their technical knowledge and the auditors
would contribute their administrative and management expertise.
The clients then gathered pertinent and useful information about each of the 30 standards. They
provided information by accumulating procedures, instructions, manuals, statistics, job descriptions,
employee histories, and the like. In accordance with the agreement, the auditors validated the
information and made independent checks as necessary.
While they gathered information, the clients found deviations from these previously acceptable stan-
dards. Without any prompting, they initiated corrective action. Before the audit was completed, most
of the weak areas had been strengthened and most of the deviations had been corrected. The clients
and the auditors worked together in harmony to achieve mutual goals. The exercise in participative
auditing paid off.
With participative auditing, it is important to acknowledge the client’s assistance in audit reports
and other communications. This assistance becomes an element of satisfying for the client one of
Maslow’s “needs” — the achievement of recognition. The auditors’ competency is not lessened.
Such treatment indicates skill in interpersonal relations as well as in the technical aspects of the
audit.
With the increasing complexity of enterprise systems and the broadening of the scope of internal
audit work to include all manner of operations within the enterprise, such participative audits are
becoming the norm rather than the exception. A marriage of technical expertise contributed by the
client along with the management expertise contributed by internal auditors may be the only
effective way to make thorough audits of complex, technical activities.
Roles and Stress

Roles and Role Conflict4
People play many roles in the conduct of their normal lives. Roles consist of attitudes and the
conduct resulting from various situations. Both the internal auditor and the client play roles relating
to business and their personal lives. Historically, the roles could be roughly classified as (no
horizontal relationships):
Auditor Client
Traditional Police Officer Cooperate

Watchdog Intimidate
Detective Ignore
Professional Auditor Client

Supervisor Manager
Manager
Personal Parent Parent

Spouse Spouse
Teacher Teacher
Student Student
Historically, the role attributed to the internal auditor has been that of the “hardnosed sleuth.” It is
a role that has struck fear in the hearts of clients and, in many cases, obstructed the internal audit
process. For several decades, The IIA has tried to modify this situation and replace it with a role
more aligned to a constructive relationship and the concept of added value, even in the conduct
of non- consultation work. The idea is to assist rather than destruct.
Internal auditors cannot ignore the intended thrust of the audit effort — to examine and disclose the
actual conditions. But the presentation of facts, even though negative in concept, can be
accomplished as recommendations for improvement, not deficiencies.
On the other hand, internal auditors should try to encourage the client to take on a role of self-
improvement, where the client sees the internal auditors as assistants. Thus, a team effort can be
developed and, based on some anecdotal experience, possibly result in the client assisting in the
traditional audit process. Frequently, a softer touch can produce beneficial results.
79
What if the client refuses to play? Continue to provide information and indicate that the client’s
cooperative attention is still welcome. The client usually has a level of supervision for
reporting, and a copy of the audit information and the offer to discuss matters should be referred
to the supervisor. The client may have to answer to that level of management for his or her
inflexibility. Unfortunately, on occasion, that higher level also can be adamant about client
cooperation with the auditor, with the intent that an upper adversarial position will discredit any
audit effort. Reference to executive management is the only recourse left.
Stress and the Internal Auditor
At times there are conflicts between the requirements of the various roles. For instance, overtime
work as an auditor or a client may conflict with the requirements and responsibilities of being a
parent or spouse. These conflicts probably constitute the greatest cause of stress for both internal
auditors and the client. Other causes of stress arise in situations dealing with ethical conduct, beliefs
of inadequacy, travel requirements, time constraints, and circumstances where the organization’s
short-term wellness conflicts with issues of morality and honesty.
Resolving role conflicts and stress is not easy. Setting priorities and evaluating the effects of
activities are probably two of the best methods.
The lesson for internal auditors is to recognize that the client is subject to as many of the role
conflicts and stress issues as they are. In some cases, internal auditors may be aware of these client
problems. This is not to say that they must become counselors or advisors, but they can modify the
audit effort on a short-term basis to accommodate the client’s personal problems.
The auditors should prevent their role conflicts or stress issues from interfering with the audit as
much as possible. Recognizing the problems and prioritizing the issues should be basic requirements.
In an article titled “Internal Auditors and Job Stress,” Linda Larson defines and discusses the internal
auditing aspect of stress.5 She mentions some of the more frequent types of stress with which internal
auditors are faced, and then expands the list and classifies items into organizational and
individual job stressors.
Larson says, “The stress response is a mobilization of the body’s energy resources when confronted
with a stressor in his or her environment.” She quotes M. T. Matteson as saying that a stressor is any
“demand made by an internal or external environment that upsets a person’s balance and for which
restoration is needed.”6 Larson follows with a definition from J. C. Quick: “Stress is necessary for a
person’s growth, change, development, and performance both at work and at home.7 It classifies
stress as “good” when it “creates excitement, stimulation, and arousal for the individual” and “bad”
when it “results from an unpleasant situation such as losing one’s job” or the potential for a similar
bad situation.
The article states that individual symptoms of stress are:
• Physiological, short-term, and long-term: headaches, ulcers, high blood pressure.

• Psychological: apathy, dissatisfaction, irritability.
• Behavioral: Loss of appetite, weight gain, change in alcohol use.
Individuals react to stress based on their personalities. Some are resourceful and convert the stress
into a method of acceptance and modified behavior. Others see stress as unreasonable and often need
help to work through stressful situations.
Two faculty members, Donna Wood and James Wilson, both at the Joseph M. Katz Graduate School
of Business, University of Pittsburgh, were sponsored by The IIA to study the behavioral dynamics
of internal auditing. A major part of the study related to stress in internal auditing. 8 The researchers
received 518 usable replies that constituted 28 percent of those sent out. The survey included U.S.
and Canadian members of The IIA. The respondents were asked 10 questions that related the
relationship of internal auditors to clients. The summarized comments follow:
1. Auditors always wear more than one hat.

“A large majority agree; high and medium stress are more likely to do so.”
2. The auditor’s job is much more difficult when he/she has to play more than one
role. “Shows a clear association to stress.”
3. Joint audits (financial/operational and EDP) are very difficult for teams to coordinate.
“A majority of low stress respondents — not difficult.”
“40.6% of high stress respondents — hard to manage.”
4. “I find it hard to deal with the jokes [clients] make about auditors.”
“A clear majority — felt capable of handling jokes.”
“High stress respondents more likely…to find jokes troublesome.”
5. Friendliness gets in the way of an effective audit.
6. Auditors should not hesitate to go out drinking or out to dinner with clients when an audit is in
progress.
“Auditors who find themselves precariously balanced between these two approaches (items 5 &
6) are likely to experience higher job-related stress.”
Item 5: “High stress respondents are much less likely to disagree.”
Item 6: “Low stress respondents were more likely to feel that auditors were better off if
they did assume that social events were appropriate on audits.”
The authors discuss these situations to some extent and conclude that they are ambiguous situa-
tions and the need to have the ability to judge the situation. It can be stressful.
7. Female auditors find it harder to establish their credibility than do male auditors.
“Agreement with this statement is clearly associated with higher stress levels… whether male
or female.”
8. I can tell when clients are lying.
9. I can tell when clients are trying to hide fraud.
“Auditors who are confident of their observational skills will be less subject to stress.”
Significant associations appeared between the stress scale and the two statements’ (8 and 9)
observational skills. Low stress respondents were more likely to say that they could not detect
efforts to lie or hide fraud.”
10. In my experience clients rarely implement the recommendations of the auditors.
“Respondents overwhelmingly rejected this idea. But there was…a significant association
between stress and this statement.” A handful of low-stress respondents agreed with this state-
ment but almost 19 percent of high stress did so. High-stress respondents were much less likely
then low-stress colleagues to disagree with the statement.
The authors identify a series of support activities that they believe could help reduce the stress levels:
• Departmental supports for auditors.

• Training for new auditors.
• Mentors.
• Career counseling and update training.
• Potential for movement into higher management.
• Incentive for those who travel.
• Closer relations with audit managers.
Management of Change9
Change is feared by some and welcomed by others. Internal auditors are concerned about the former
and delighted with the latter. Fear of change poses a problem in the implementation of the internal
audit recommendations. Also, at times, change causes clients to reject the audit effort and rebuff the
auditors for instigating the change.
Internal auditors must be prepared to manage the potential impact of change resulting from audit
recommendations or those impacts that are anticipated by the client. Following are several causes for
client concern relative to change with suggestions for remedial action that can be made by the
internal audit staff:
1. Fear of the unknown can be neutralized by explaining, to the degree possible, the impact that
the change will make on current operations and clearly describing the potential advantages and
risks of the change.
2. Conflicts with present operations can be explained by describing the positive results that the
change will make and the credit that will be associated with client management.
3. Ego problems can be resolved by bringing client management into the decision-making process
so that client management becomes owner or part owner of the change.
4. Bureaucratic problems, including the need for vertical and horizontal realignments, can be
reduced by working with all involved units to outline the integrated changes that will be
needed, the impact on the associated units, the positive results that will be achieved, and the
advantages to the organization. The auditors can then respond positively to the anticipation of
negative impacts by working with the horizontal and vertical operational units involved.
5. If the change is not cost beneficial or results in a less efficient operation, explain the positive results,
the benefits of which exceed or justify the apparent losses.
The changes should be reasonable, not violate moral values or good business practice, possible to
accomplish, communicable, and cost-beneficial.
Facilitating Change
The concept of managing change as described in the previous section is an essential element of
the behavioral impact of internal auditing. As mentioned, it involves such aspects as allaying the
fear as to the results of the change and indicating that change is evolutionary, not revolutionary. It is
not enough for internal auditors to identify the need for change; they should also work with the
client to accept the change as a normal element of management.
This constructive concept takes a two-pronged approach to the problem: considering the interests of
(1) management and (2) those of subordinates. In each of these areas, the auditors should identify:10
(1) The evidence necessary to convince the client as to need.
(2) The implementation strategy that will be helpful and desirable.
In many cases, logic is not enough because of the client’s ingrained belief that logic was originally
used in the establishment of the subject methods. Attempting to get at the reason for reluctance to
the change can help. The emotions associated with what was initially determined to be a good
system must be handled carefully, sometimes by indicating that the elements that originally led to
the development of the current methods have themselves changed and require some modification.
Readers may find the following suggestions helpful:
• Serve managers with more than recommendations. Explain the “how” of the change.
• Recognize that audit recommendations don’t change organizations, people do.
• Consider the interpersonal elements involved with acceptance of the change. Respond to
them.
• Communicate early and communicate often. Do not rely only on the exit conference.
Discuss the possible changes as soon as they are disclosed. Continue to discuss them.
• Develop your powers of persuasion. Be convinced as to the worth of the changes and
present them with enthusiasm.
• Avoid becoming a zealot. Consider the client’s state of mind, use gentle persuasion, and
possibly compromise.
• Remember that change always takes longer than expected. Consider stress. Be patient.
• Value criticism. Consider the reason for criticism. Accept changes.
• Acknowledge and thank people. Use good manners.
• Do not overdramatize the need for change. Consider the value-added concept and relate it
to the assistance approach of internal auditing.
Work with the client to identify the need for the change and then continue by proposing that the
client, with your assistance, determine methods that would fit the “new” activity. Let the client
choose the method to make the change. The decision is the client’s management, not yours.
However, if you see problems, point them out and offer to help resolve them. Remember that you are
not directing that a change take place. That is a management decision. You are simply
recommending the action.
Use of Motivational Needs11
The subject of motivation is usually mentioned as a benign force that causes clients to accept the
audits as a stimulus for change. How does this work? We generally recognize Maslow’s series of needs
that motivate humans. These needs vary from the physical — air, food, and water — to the complex
need to believe that we are performing the work we were destined to perform. Two other needs —
security, both physical and economic, and the need for recognition — can serve to stimulate the
client to:
• Bring suspected problems to the internal auditors’ attention.

• Cooperate with the internal auditors in the conduct of the audit.
• Implement the internal auditors’ recommendations.
How are these motivational needs served? By disclosing in the audit report that the client performed
well and because of that, and the client’s cooperative action, the audit was successful.
Senior management recognition and the recognition by the client’s peers can impact favorably on the
client’s economic condition. Such recognition shows that the client understands the facets of good
management and is management-minded in accepting change for the good of the organization.
To Maslow’s five needs we can add the need for power. This need is always present under the
surface and definitely is felt by internal auditors, whether they admit it or not. In fact, it is this
potential feeling of power that directs some people into the practice in the first place.
However, a series of subliminal activities (beneath the threshold of conscious perception) can act as
motivators. These forces indirectly lead to the Maslow need for recognition, belongingness, and self-
actualization (assurance that one is performing effectively in one’s area of interest). A partial listing
of the activities that can act to motivate internal auditors and the manager (client) follows: 12
Motivating the Internal Auditor:

Participating in planning
Participating in report writing
Response to considerate leadership behavior
Receipt of current information and feedback
Receipt of rewards for good work
Assurance as to the positive aspects of internal auditing
Motivating the Manager (client):
Participating in sound two-way communication
Being advised currently of key findings and potential recommendations
Participating in discussions on key findings
Developing a balance between positive and negative findings
Use of efficiency and effectiveness in recommending management
changes Use in reporting of improvement rather than deficiency
Codori summarizes her description of motivating influence by writing:
Properly used, effective communication can generate positive motivation. Each audit
participant, when motivated in this way, can make unique and valuable contributions to
the goals of management auditing.13
Conflict
Management of Conflict14
Conflict is present in all organizations and shows itself in varying degrees. In most organizations, it
is kept reasonably under control. Conflict is caused by differences between people or organizations
relative to:
• Methods of performance of activities.

• Turf problems — areas of responsibility.
• Commitment of resources.
• Ideology and ethics.
Auditor/client conflicts are common. As a matter of fact, internal auditors seemingly acting in adver-
sarial positions constitute a basic aspect of conflict. Conflict can be resolved by arbitration,
mediation, or compromise. It can also be eliminated, though not resolved, by direction. To the
degree possible, both the internal auditors and the client should compromise so that the greatest
possible benefit for the organization can be achieved.
However, the concept of “auditor compromise” is sometimes a difficult issue. If there is a black-and-
white violation of accounting standards (Generally Accepted Accounting Principles [GAAP]), the
internal auditors are not in a bargaining position, unless there is some aspect of interpretation of the
issue. On the other hand, if there is an element of good business practice or potential improvement in
efficiency or effectiveness, there may be bargaining room. The concept of “half a loaf is better than
no bread at all” is not a bad idea.
Resolving Conflict15, 16
Some suggestions from an article in Internal Auditor hold much promise is resolving conflicts.
Resolution in this case infers that the conflict will no longer exist and that the parties agree to certain
conditions, understandings, and action. The article proposes two essential activities: (1)
understanding the conflict, and (2) negotiating a resolution.
Understanding the conflict involves answering three questions:
• Is the conflict real? Could it be a misunderstanding or poor communication?

• What is the conflict? The real conflict must be disclosed so that secondary issues are not a
concern.
• What is the cause of the conflict? The source of the problem should be identified as soon
as possible. It could be that the parties are arguing about the results of the conflict, not the
cause.
Concentrating on six activities can enhance negotiating a resolution:
• Concentrate on people issues. This involves treating the other side as human beings rather
than obstacles. Empathy is important, as is the recognition that the discussion could
generate progressive results.
• Separate the individuals from the context of the conflicts. Auditors should not attack
people, but should isolate the issues and discuss them.
• Consider the opposition’s view of the conflict. Viewing the conflict through the eyes of the
opposition can lead to resolution that can be compatible to the opposition. The ensuing
discussion should not take an accusatory tone.
• Involve the opposition in the decision-making process. Participation is a great leveler,
assuming the objective is a position desired by both parties.
• Discuss emotions openly. Emotions should be recognized and freely discussed. The fact
that stakes and reputations are threatened should be acknowledged and resolution should
be pointed toward mutual satisfaction. Emotional outbursts should be tolerated without
retribution or retaliation. After the release of the emotions, levelheaded discussion should
resume.
• Communicate. Each side should listen and try to comprehend. This aspect also infers that
the auditors should adequately plan their statements and not use inflammatory language.
The article then suggests that the parties develop alternative options. There must be a degree of flex-
ibility on both sides. There also are three obstacles that must be overcome:
• Premature judgment.
• Fixation on a single answer.
• Assumption of a fixed solution.
These obstacles can be overcome if the parties mutually:
• Brainstorm other options.

• Separate the creation process from the decision-making process.
• Consider all options.
• Look for mutual gain.
The basis for resolution is for agreement to be reached in establishing objective criteria to which
both parties can agree. Though the article shuns bargaining, it seems reasonable to believe that
compromise can still be used to produce a win-win result. Regardless of the ideal methodology used,
the element of emotions, and an earnest belief in the validity of one’s position, some element of
compromise is bound to creep in. Also, this may not be a bad solution because at a later date, after
the interim experience, another attempt can be made to resolve the remaining elements of the
conflict.
There is also the possibility that the discussion resulting from the conflict may produce positive
results for the internal audit process. It is conceivable that such discussion may result in new issues
and even new potential resolution aspects that neither party considered. In other words, the conflict
triggers an intense discussion, producing new values besides those held by either party at the
beginning of the conflict.
It is conceivable that conflict, though generally abhorred, should be welcomed as a sort of cleansing.
If presented well, conflict actually can be constructive.
Management of Hostility17
Despite all the good will in the world, internal auditors are still bound to face some antagonism.
They may seek to reasonably and logically present their viewpoint, but the client may remain
adamant, unhearing, unconvinced, and completely negative, or may simply refuse any discussion.
These confron- tations are bound to happen now and again.
The client opposition may be reflected in a number of ways:
• Client management does not deign to attend conferences, but sends a lower-level
individual to be his or her representative.
• The client manager questions all audit activities as being unnecessary and improper. The
internal auditors are forced to justify each action and may be met by a refusal to cooperate
or accept the activity.
• The client accuses the internal auditors of interfering with the operational work of the
audit area. Each test or other audit action must be approved by the client on the basis of
eliminating “audit-caused” interference.
• The client refuses to discuss interim findings, telling the internal auditors that they are on
their own and they had better be right or they will be “creamed” by top management.
• The client manager downgrades and ridicules potential findings as not material and
insignificant to the client operation.
• The client accuses the internal auditors of improprieties but refuses to support the
accusation.
• The client management refuses to participate in exit conferences but sends an insignificant
representative who listens and takes notes, but makes no comment.
• Even though the client’s direct operational supervisor tends to be cooperative, his or
her senior manager directs that there be no cooperation.
These suggestions may be useful:
• Select the right time. Do not try to open the closed mind to reason when the owner is
under stress, angry, tired, or distracted.
• Never take a locked-in-concrete position. All that does is seal the closed mind from any
possible penetration.
• Don’t rely only on logic. Logic never opened a closed mind. If it were agreeable to logic,
it would not be characterized as a closed mind.
• Never paint yourself into a corner. Never take a position from which you cannot
gracefully retreat or move around.
• Avoid force and embrace persuasion.
• At the onset, find a point of agreement. Opposition is useless; agreement is the opening wedge.
There must be some things that internal auditors and clients can agree on, even if it is
agreeing to disagree.
• Invite the clients to spell out their positions. Listen and try to understand — really listen.
Don’t be closed-minded yourself.
• Make an active effort to put yourself in the client’s place. Sincerely try to understand.
• Help them to be right. That is what the closed mind wants above all. When you understand
where they stand, when you have put yourself in their shoes, try to make them feel the
position you want them to take is the position they themselves want to take.
• Consider compromise. Plan to agree on some minor aspects of the confrontation. Next
time around you can again compromise and gain some of the points you gave away the
first time.
However, internal auditors should keep an open mind. Inflexibility on the part of the client may
directly impact the internal auditor’s position. As an example, the imposition of a new control aspect
may, in fact, result in a reduction of risk or a more efficient operation; however, the results on costs
may be more than the costs for the original operation. Examine the client’s arguments carefully.
When all else fails, when the problem or weakness is serious, when the risks are great and correction
cannot be compromised, internal auditors must remember their responsibilities and carry the matter
to higher authority. The time bombs of potential risk to the organization must be defused. But it is
best to try persuasion first. Internal auditors must remember that one day they may have to return to
deal with the closed mind.
References
1
Sawyer et al., Sawyer’s Internal Auditing, 5th Edition, 1252–54.
2
Frederic E. Mints, Behavioral Patterns in Internal Audit Relationships, Research Committee Report
17 (Altamonte Springs, FL: The Institute of Internal Auditors, 1972), 86.
3
Lawrence B. Sawyer, “Tomorrow’s Internal Auditor,” The Internal Auditor (June 1978), 20–23.
4
5
Linda Lee Larson, “Internal Auditors and Job Stress,” Management Auditing Journal 9 (2004),
1119–30.
6
M. T. Matteson and J. M. Ivancevich, Controlling Work Stress (San Francisco, CA: Jossey-Bass,
1987).
J. C. Quick and J. D. Quick, Organizational Stress and Preventive Management (New York:
7
McGraw Hill, 1984).

Donna J. Wood and James A. Wilson, “Stress and Coping Strategies in Internal Auditing,”
8
Managerial Auditing Journal 3, No. 2 (1988), 8–16.

9
Raymond Jeffords, Greg Thibadoux, and Marsha Scheidt, “An Internal Auditor’s Guide to
10
Facilitating Organization Change,” Internal Auditing (July/August 1998), 37–41.

11
Carol A. Codori, “Positively Motivating Auditors and Managers,” Managerial Auditing Journal 3,
12
No. 2, (1988), 21–23.

13
Ibid, 21–23.
14
Gene H. Johnson, Tom Means, and Joe Pullis, “Managing Conflict,” Internal Auditor (December
15
1998), 54–59.
16
17
Ibid, 1244.
CHAPTER 8
BEHAVIORAL ASPECTS OF FORENSIC AUDITING
Psychology of Fraud1
Donald R. Cressey, a well-known criminologist, was a student of Edwin H. Sutherland at Indiana
University following World War II. Sutherland, the president of the American Sociological
Association in 1939, was the author of White Collar Crime (1961) and one of the predominant
authorities in the field of criminology. Cressey made a study of incidents of embezzlement and
expanded it to cover the broad field of management crime. He held that these crimes are caused by:
• A variety of inappropriate and improper actions on the part of the perpetrator, being a
product of a “constitutional or moral weakness in the offender.” To this he added “faulty
or illogical reasoning…” in that the perpetrator believes the funds taken merely constitute
a “loan,” which is to be repaid. And, thus, a temptation is created that becomes difficult to
resist. (Some perpetrators even keep records, “intending to pay it back.”)
• “Poor defense measures,” meaning inadequate organizational controls.
The first point focuses on the behavioral aspects of the perpetrator, such as the tendency to seek
rationalizations to explain one’s behavior. The second addresses organizational control weaknesses
that tend to constitute the traditional approaches internal auditors have taken concerning fraud.
In this chapter, we assert that to be most effective in these traditional approaches, internal auditors
must first have sufficient insight into the psychological and behavioral aspects of perpetrators
(see also Ramamoorti, 2008).2
Donald Cressey was first faced with the need to explain a rationale as to why people steal. His
research produced the concept that some trusted people violate the trust placed in them — based on
the fact that some controls in business are fallible — and that they, the trusted people, believe they
have the freedom to deviate. He then developed a generalization that he thought applied to all
embezzlers. He believed that it was a psychological process made up of three phases:
• “The feeling that a personal financial problem is unshareable.”

• “The knowledge of how to solve the [financial] problem in secret, by violating a position
of financial trust.”
• “The ability to find a formula which describes the act of embezzling in words which do
not conflict with the image of oneself as a trusted person.”
The concept of the unshareable problem relates to shame or false pride on the part of the perpetrator,
though it may not seem so to an outsider. This shame or false pride aspect prevents the perpetrator
from asking for financial assistance, even though the employer or others who expect such requests as
a normal occurrence with the hope of preventing criminal actions could provide it.
91
This unshareable problem often leads to cover-up behavior of a dishonest, immoral, or unethical
nature. The perpetrator may think he can solve the problem in secret, which might relate to similar
plans that may have been used in the past, sometimes by accident, sometimes intentionally.
Finally, Cressey evaluates various rationalizations by executives who perform “unscrupulous or

criminal” acts. One such rationalization is the belief that “business is business.” Another is that
they are acting in the investors’ interests by providing greater earnings. Cressey believes fraud is
unshareable because the potential perpetrator is embarrassed to admit a former criminal action or
disclose poor judgment, or such other indication of personal failure.
Martin M. Greller provides a further intrinsic problem — a condition in the group to which the
perpetrator belongs. He cites two conditions that help make the problem unshareable.3
• “Peers in the group do not see each other regularly, thus there is “little sense of
psychological safety.” The group has weak boundaries and no one can determine for
certain whether he or she is in the group and, if so, for how long. The lack of openness and
cohesiveness discourages the sharing of problems.
• A second condition that inhibits problem sharing is the sentient role structure. The group
expects certain conduct of its members, including unrealistic expectations of infallibility
and self-sufficiency. This makes it difficult for a member to admit to having a problem.
There is fear and often an attempt to cover up.”
An extension of the unshareable problem is when rationalization becomes a supporting device

for fraudulent group activity. In this case, the group colludes to perpetrate the fraud and thus
helps its members to “understand their actions in a positive light.” Second, a group may
“covertly aid the fraud even though members obtain no monetary benefit for doing so” (sometimes
called “noble cause corruption.” The group is concerned with having a felon as a member, which can
be disruptive. So it finds it easier to “look the other way to avoid knowing, and thereby avoids
responsibility for taking action.” Because Greller holds that “the state of the group can play an
important role in laying the groundwork for fraud,” he believes that auditors should learn about
group dynamics and how types of isolation and communication can be indications of “likely settings
for fraud.” He believes that junior internal audit staff who are most exposed to group activity should
be trained in the analysis of these group activities.
Also, David R. Saunders considers management fraud in many instances as being a conceptualiza-
tion by the perpetrator that it is “merely a perversion of effective management behavior” and that the
rewards encourage managers to “operate as closely as possible to the borderline between legality and
illegality — the borderline between what is ethical and what is unethical.” And he says some cross
over.4
He classifies managers into three groups of pairs. The first group of pairs contains:
• Super competitors: fundamentally gregarious, afflicted with an innate unattractiveness,

thus losing the involvement they seek, which, however, they could earn. They are
effective in their jobs, but find them stressful and they are unhappy. He believes these
persons could have unshareable problems. They are “prone to employ psychological
projection as a defense
mechanism and rationalize that management fraud is primarily a perversion of the
super competitor.”
• Super physicians: ideally self-sufficient. Their “real world is their own internal world of
thoughts and ideas, they are innately attractive and are targets of other people’s
involvement attempts…their primary dedication is to make the external system work so it
will continue to afford them their personal intellectual freedom.” The physicians seem
unlikely to be perpetrators but “could look the other way” to preserve their personal
freedom.
A second group of pairs is composed of “idealists” and “cynics:”
• Idealists are like “competitors.” They want to be involved and they experience rejection.
They are more sensitive and they “have a much lower threshold for confusion.” They tend
to be “unable to ignore significance of reality” and focus their efforts as competitors. They
“make a virtue out of necessity.”
• Cynics are self-sufficient and are attractive to other people. They are “lacking in
sensitivity and integrative capacity.” They are capable of the “see no evil” type of
idealism. However, after a series of rejections, they believe that the world is out to take
advantage of them and ultimately they may try to “beat the world at its own game.”
Saunders tends to believe that cynics are more capable of management fraud by fulfilling
their wants without providing anything in return.
Finally, Saunders defines a third group of pairs composed of “generalists/specialists” and the
intuitive:
• Generalist/specialist: Here, Saunders is defining an auditing approach. He believes that

generalist auditors “bring to their work only what they have been taught and only to the
extent that they have learned it. Other auditors bring more, but normally they are given
(taught) only what is believed to be conventional and proper.” In this group, generalists
are at a relative disadvantage because they typically have no basis on which to proceed.
The specialist group does have some aptitudes (detection of fraud) that can be put to
work.
• Intuitive: Saunders states that even within a group of auditors there will be some who are
more adept at detecting fraud because their ability to detect is more of an “intuitive
process” and is better than pure guessing. This theory of intuition is fairly common and so
far it seems that no one has been able to clearly define it. It perhaps develops from a
person’s sum collection of mental notations made of past atypical behavior that over time
turns out to be a good indicator of unscrupulous or fraudulent behavior. It is this quirk
that can spur the imagination to be sensitive to bits and pieces that, when assembled, can
roughly paint a picture of fraud.
Saunders closes by saying that if fraud is “rational, that we should develop punishments sufficient to
deter it and to maximize the probability of detection.” If it is “irrational,” then “management must
develop control to prevent it and means to disclose it.”
In their 1996 supplement to Fraud and Commercial Crimes, Bologna, Lindquist, and Wells describe
“high-risk people as being financially overburdened with low self-esteem, who have worked their
way into positions of trust, have addictive personalities, can’t manage or trust their own funds, and
93
who rationalize their thefts as ‘borrowing’ or ‘getting even for imagined exploitation’.” As explained
earlier,
94
they describe the methods used by some to maintain meticulous records to support the “borrowing”
concept and believe that it can be used as a defense mechanism if caught, so as to show that
reimburse- ment was intended. They believe that people commit crimes of this nature for economic,
egocentric, ideological, and psychotic reasons, with “economic” being the most common in crimes
of fraud, theft, and embezzlement.5 Indeed, carefully orchestrated psychological defense mechanisms
can get opera- tionalized as “plausible deniability” under law.
There are more psychological theories relative to explaining criminal behavior. It is postulated that
understanding these theories can assist in understanding and treating people who have committed
certain crimes. In his collection of theories, Clive Hollins mentions that Reckless and Dimtz (1967)
believed self-concept might play a vital role in the development of criminal behavior. He quoted
several other sources in support of this concept; that is, Freud and his theories as well as Belly’s
theory of maternal deprivation. However, he believes that these latter two seem to have little
relationship to fraudulent activity and similar criminological acts.6
Hollins’s “learning theories” seem to have a closer relationship to this type of crime (fraud). As a
matter of fact, his discussion of “Differential Association Theory” was proposed by Sutherland and
Cressey (1970), two of the social psychologists mentioned before who had performed considerable
research in the areas of fraud and embezzlement. He holds that their theories not only “describe the
optimal social conditions for producing crime, but also attempt to explain the processes by which the
individual becomes a criminal.” Those whose behavior is within these definitions are seen as
criminals by the lawmakers.
Hollins quotes Sutherland (1947), who states nine postulates to define the process of fraudulent
acquisition:7
1. “Criminal behavior is learned.
2. The learning is through association with other people.
3. The main part of learning occurs within close personal groups.
4. The learning includes techniques to execute particular crimes and also [includes] specific atti-
tudes, drives, and motives conducive toward crime.
5. The direction of the drives and motives is learned from perception of the law as either
favorable or unfavorable.
6. Persons become criminals…when their definitions favorable to breaking the law outweigh their
definitions favorable to non-violation.
7. The learning experiences — differential associations — will vary in frequency, intensity, and
importance for each individual.
8. The process of learning criminal behavior is no more different from the learning of any other
behavior.
9. Although criminal behavior is an expression of needs and values, crime cannot be explained in
terms of those needs and values. (For example, it is not the need for money which causes the
crime, rather the method used to acquire the money: the method is learned.)”
It is through contact with people who hold favorable opinions toward the criminal action that the
deviant action is learned. There are considered to be problems with the above postulates; however,
Hollins states that Sutherland and Cressey are attempting to resolve them.
Behavioral Techniques of Forensic Auditing8

Fraud prevention and detection are important. The losses resulting from fraud are enormous. Their
effect on enterprises can be staggering, and internal auditors have a responsibility to be alert for the
existence of fraud and take appropriate action when it is suspected. In short, internal auditors must
act as “capable managers” who care deeply about the sustainability of the business model and the
long-run preservation of value.
The fact that capable managers will not tolerate reprehensible conduct makes them admirable by
conscientious employees. Likewise internal auditors’ rooting out wrongdoing should not affect the
way they are normally regarded.
Indeed, in some internal audit organizations, separate internal audit groups are employed for the
detective and protective audit phases. Thus, those performing the regular internal audit functions not
related to fraud are not identified with investigative tactics. They are free to carry out participative
audits with no tinge of any adversarial relationship. As a matter of fact, many of the inspectors
general (IGs) of the federal government and those of state and local governments have a staff of
investigators for this protective purpose. These investigators are usually individuals with some type
of legal or law enforcement experience. Also, the associated IGs maintain forensic training courses
for their staffs and participate in Federal Bureau of Investigation (FBI) and other forensic training
sessions.
But all auditors must be cognizant of the possibility of fraud and be alert to indications of question-
able conduct. When there are such indications, audit management should be immediately informed
so that appropriate action can be taken by fraud investigators and/or internal security personnel. Care
must be taken, however, that the internal audit organization does not wear the emblem of “fraud
investigators.”
It is common knowledge that auditors seeking to unravel fraud incidents should think like the person
committing the fraud. It is often said, “There is a bit of larceny in all of us.” In other words, “If I
were to perpetrate a fraud, how would I do it?” This frame of mind will cause auditors to evaluate
the controls set up to protect the weak areas, devise a plan to overcome those controls, and use that
plan as the substance of the audit work. The internal auditors will also determine corrective methods
to improve the controls in those weak areas. However, this is only part of the behavioral approach.
It is conventional wisdom that fraud is composed of three independent factors:
• A need that cannot be fulfilled with or by an individual’s current resources.

• A situation of loose controls that would allow the abstraction of resources.
• A state of mind that does not preclude fraudulent activity.
This trilogy is also related to risk, although it is primarily the second point that is most closely
related. Internal auditors must keep these three factors in mind during every audit. They should serve
as a sort of backdrop in their consciousness during the course of an audit and also as an element in
planning the audit. It should be a state of mind. There are long lists of red flags that have been
developed for each of these factors and internal auditors should consider them at the beginning of
every audit or at the start of each major element of the audit.
Cressey, a researcher of the causation of fraud, especially that of embezzlement, has been credited
with developing a series of categories of fraud causes. These categories include:9
• The incurrence of debt beyond the ability of the individual to liquidate it.
• Self-image of personal failure.
• Living beyond one’s means.
• Revenge for slights by management.
In addition, however, there are three others that are more behaviorally oriented that are worth
mentioning:
• The feeling that one is not being adequately compensated for one’s contributions to
the organization.
• The consideration of the organization’s fiduciary functions as a game with the miscreant
trying to outsmart the established controls.
• The social justice approach with the thought of equalization of income. The embezzled
funds go to the needy (with a slight commission to the perpetrator).
These are aspects that auditors should keep in mind and be alert to any outward manifestations that
might lead one to believe that one of these conditions might exist. Each of them could have some
behavioral clues that could alert the auditors. Some examples of red flags include:
• Constant complaining about inadequate compensation.

• Complaints about the compensation structure.
• A reputation for:
- Gambling.
- Drinking or drug use.
• Living beyond one’s means:
- Automobiles driven.
- Housing.
- Vacations.
• Comments about investment activities.
• Illness (self or family members).
• Statements about the stupidity of controls.
• Extramarital affairs.
The studies that have been made about the demographic characteristics of fraudsters lead one to
believe that no real profile can be developed. Current experience in the Enron era suggests that
people (mostly male) in the 30- to 45-year-old group are being indicted for corporate malfeasance.
The greed concept and the desire for affluent living seem to be dominant.
John D. O’Gara, in an introductory chapter in his book Corporate Fraud, differentiates management
fraud from employee accounting-cycle fraud by describing the former as “frequently rational” while
the latter is “transactional.”10 He then states that management fraud “involves using positional
power” and that the employee-accounting fraud takes “advantage of internal control weaknesses.”
His further definition is:
Type of
Management Fraud By Method
Financial reporting Senior management –

Nonfinancial statement Nonexecutive management –
Bribery & corruption Operating management Off the books
Asset misappropriation Administrative management On the books
He states that effective prevention of management, nonfinancial statement fraud depends on the
probability of detection and prosecution because management fraud frequently involves override
rather than control weaknesses. It usually is kept off the income statement to avoid detection, and
if detected, it usually will not be prosecuted. It requires a “broad business perspective that extends
well beyond traditional accounting” to be recognized and detected. It is thus “significantly under-
detected.” Recognition depends on symptoms and red flags in each organization based on its unique
culture and business context.
Attitudes Toward Fraud by Potential Executive Miscreants11

Gillett and Uddin’s study of 139 chief financial officers (CFOs) involved structural equation
modeling using five fraud scenarios and asking a specific pattern of questions relative to:
• Intention.
• Attitude.
• Positive Belief Evaluations.
• Negative Belief Evaluations.
• Need for Achievement Subjective Norm.
• Non Co-workers Group (Opinions).
• Co-workers Group (Opinions).
• Compensation Structure.
• Company Size.
The study used compact disclosure for the sample data and selection as of July 1998 and used only
domestic firms. Response was asked from CFOs or, if not identified, from treasurers or CEOs.
It was interesting to note that the study disclosed that the usual compensation red flags did not
appear to “affect intention for fraudulent financial reporting, contrary to hypothesis.” The authors did
say that “the measures used in this study did not accurately capture compensation structure.”
However, the study did indicate that “company size emerges as a potentially important red flag
for detecting fraudulent financial reporting.” The authors of the study believed that more research
was needed to determine why “individuals in larger companies are more prone to report
fraudulently.”
Following are two paragraphs from the conclusion of the study that indicate specific generalities that
are indicative of the results.
The reasoned action model performs well in this setting, and the results are similar to
those obtained in prior research in other disciplines: a strong Attitude → Intention link and
a weaker Subjective Norms → Intention link. The structural path Negative belief evalua-
tions → Attitude proved robust for all models. Since Attitude → Intentions is also a very
robust path, making management fully aware of the negative effects of fraudulent
financial reporting may help reduce the occurrence of fraudulent financial statements.
Given that participants in this study are already high-level executives, strong training and
public awareness initiatives by auditors, audit committees, regulators, and legislators
may be necessary to create significant change in management perceptions.
One disadvantage of all survey research is the potential for non-response bias. Whether
non-respondents are in some way significantly different from respondents cannot be
answered with any certainty. The overall attitude of the respondents to the financial
reporting scenarios was negative. A large majority of the respondents indicated that the
behavior was undesirable. Consequently, more respondents also claim that they had no
intention of acting out the behavior. Sixty-four percent of the respondents report abso-
lutely no intention of performing the behavior, and 6 percent of the respondents report that
they would probably perform the behavior (greater than 50 percent chance). These levels
of willingness to contemplate fraudulent financial reporting are consistent with evidence
gathered in KPMG’s (1999) 1998 fraud survey, where respondents indicated that
fraudulent financial reporting was very low in occurrence but the second most costly type
of fraud (following only medical/insurance claims fraud). However, it is still possible that
the respondents of our survey may overwhelmingly represent only those people who do
not commit fraud. Thus, possible non-response bias, negative belief evaluations of
attitudes toward the behavior, and the low value of intention for fraudulent financial
reporting potentially limit this study. On the other hand, our sample did include a number
of CFOs who were willing to perform the fraudulent behavior. To the extent that our
respondents are different from normal CFOs, in that they are possibly more aggressive or
deviant, these may in fact be the people we most want to study and understand.
Recently, Ramamoorti & Olsen (2007) in their article, “Fraud: The Human Factor” have attempted
to describe fraud as a fundamentally human act, and hence, the obvious merit of understanding the
psychology of fraud. While not addressed to internal auditors, as noted earlier, the article is
nevertheless pertinent to those who recognize the truth of the bromide, “Think like a crook to catch
a crook.”12
References
1
Donald R. Cressey, “Management Fraud, Accounting Controls, and Criminological Theory,”
Management Fraud, Robert K. Elliott and John J. Willingham, eds. (New York: Petrocelli, 1980),
117–122.
2
Sridhar Ramamoorti, “The Psychology and Sociology of Fraud: Integrating the Behavioral Sciences
Component into Fraud and Forensic Accounting Curricula,” Issues in Accounting Education, Vol.
23, No. 4, 2008, 521–533.
3
Martin M. Greller, “Management Fraud: Its Social Psychology and Relation to Management
Practices,” Management Fraud, Robert K. Elliott and John J. Willingham, eds. (New York:
Petrocelli, 1980), 173-175.
David R. Saunders, “Psychological Perspectives on Management Fraud,” Management Fraud,

4
Robert
K. Elliott and John J. Willingham, eds. (New York: Petrocelli, 1980).
G. Jack Bologna, Robert J. Lindquist, and Joseph T. Wells, Fraud and Commercial Crime, 1996
5
Cumulative Supplement (New York: John Wiley, 1996), 5–6.

6
Clive R. Hollins, Psychology and Crime (London: Routledge, 1989), 34 ff.
7
Ibid.
8
9
Joseph W. Koletar, Fraud Exposed (New York: John Wiley, 2003), 52–53.
10
John D. O’Gara, Corporate Fraud (New York: John Wiley, 2004), 3–5.
11
Peter R. Gillett and Nancy Uddin, “CFO Intentions of Fraudulent Financial Reporting,” Auditing:
A Journal of Practice of Theory (May 2005), 55–75.
Sridhar Ramamoorti and W. Olsen, “Fraud: The Human Factor,” Financial Executive (July/August
12
2007), 49–52.
The vision of The IIA Research Foundation is to understand, shape, and advance the global profession of
internal auditing by initiating and sponsoring intelligence gathering, innovative research, and knowledge
sharing in a timely manner. As a separate, tax-exempt organization, we do not receive funding from IIA
membership dues but depend on contributions from individuals and organizations, and from IIA chapters
and institutes, to move our programs forward. We also would not be able to function without our valuable
volunteers. To that end, we thank the following:
RESEARCH SPONSOR RECOGNITION
Visionary Circle
Paul J. Sobel, CIA
Chairman’s Circle
Stephen D. Goepfert, CIA JCPenney Company, Inc.
3M Company Lockheed Martin Corporation
Cargill Inc. Microsoft Corporation
Chevron Corporation PricewaterhouseCoopers LLP
ExxonMobil Corporation Southern California Edison Company
Itau Unibanco Holding SA
Diamond Donor
IIA Chicago
IIA Houston
THE IIA RESEARCH FOUNDATION

BOARD OF TRUSTEES
President: Paul J. Sobel, CIA, Mirant Corporation

Vice President - Strategy: Mark J. Pearson, CIA, Boise Inc.
Vice President - Research: Philip E. Flora, CIA, CCSA, Texas Guaranteed TG
Vice President - Development: Wayne G. Moore, CIA, Wayne Moore Consulting
Treasurer: Stephen W. Minder, CIA, YCN Group LLC
Secretary: Douglas Ziegenfuss, PhD, CIA, CCSA, Old Dominion University
Members
Neil Aaron, The McGraw-Hill Companies Jeffrey Perkins, CIA, TransUnion LLC
Eric N. Allegakoen, CIA, CCSA, Adobe Systems Edward C. Pitts
Richard J. Anderson, CFSA, DePaul University Michael F. Pryal, CIA, Michael Pryal and
Javier O. Arrieta, CIA, Laboratorios Farma Associates
Sten Bjelke, CIA, IIA Sweden Carolyn Saint, CIA, Lowe’s Companies, Inc.
Robert B. Foster, Fidelity Investments Mark L. Salamasick, CIA, University of Texas
James A. LaTorre, PricewaterhouseCoopers LLP at Dallas
Marjorie Maguire-Krupp, CIA, CFSA, Coastal Elizabeth Samuel, CIA, IIA South Africa
Empire Consulting Susan D. Ulrey, CIA, KPMG LLP
William Middleton, CIA, New South Wales Carmen Prevost Vierula, CIA, Bank of
Department of Education Canada
Leen Paape, CIA, Nyenrode Business University Shi Xian, Nanjing Audit University
101
THE IIA RESEARCH FOUNDATION

BOARD OF RESEARCH AND EDUCATION ADVISORS
Chairman
Philip E. Flora, CIA, CCSA, CFE, CISA, Texas Guaranteed TG
Members
George R. Aldhizer III, PhD, CIA, Peter M. Hughes, PhD, CIA, CPA, CFE,
Wake Forest University Orange County
Lalbahadur Balkaran, CIA, Ernst & Young LLP David J. MacCabe, CIA, CGAP,
MPA Kevin W. Barthold, CPA, CISA, Gary R. McGuire, CIA, CPA,
City of San Antonio Lennox International Inc.
Thomas J. Beirne, CFSA, CPA, CBA, John D. McLaughlin, Smart
Business The AES Corporation Advisory and Consulting LLC
Audley L. Bell, CIA, CPA, CFE, CISA, Steven S. Mezzio, CIA, CCSA, CFSA, CPA,
Habitat for Humanity International CISSP, CBA, Resources Global
John K. Brackett, CFSA, RSM McGladrey, Inc. Professionals
Thomas J. Clooney, CIA, CCSA, CPA, CBA, Deborah L. Munoz, CIA, CalPortland
CSP, KPMG LLP Company
Kathryn Constantopoulos, CIA, Claire Beth Nilsen, CFSA, CRCM, CFE,
Deloitte & Touche LLP CRP
Jean Coroller, Ernst & Young LLP Frank M. O’Brien, CIA, Olin Corporation
Mary Christine Dobrovich, Amy Jane Prokopetz, CCSA,
Jefferson Wells International Farm Credit Canada
Susan Page Driver, CIA, CPA, CISA, Mark R. Radde, CIA, CPA
Texas General Land Office Vito Raimondi, CIA, Zurich Financial
Ana Maria Escalante Penaloza, CIA, IIA Bolivia Services NA
Donald A. Espersen, CIA, CBA, Jesus Antonio Serrano Nava, CIA,
despersen & associates Banco Azteca
Randall R. Fernandez, CIA, Adams Harris Kyoko Shimizu, CIA, The Board of
John C. Gazlay, CPA, CCSA Audit of Japan
Dan B. Gould, CIA Katherine E. Sidway, CIA, Ernst & Young
Ulrich Hahn, CIA, CCSA, CGAP LLP
John C. Harris, CIA, Aspen Holdings/ Iva Sucha, CIA, IIA Czech
Republic FirstComp Insurance Company Linda Yanta, CIA, Eskom
Sabrina B. Hearn, CIA, CPA, CMA, CHFP,
University of Alabama System
The IIA Research Foundation Headquarters Support
Richard F. Chambers, CIA, CCSA, CGAP, Executive Director

David Polansky, Director of Finance
Bonnie L. Ulmer, Vice President,
Research Joe Sorrentino. Director, Retail
Operations Nicki Creatore, Operations
Manager
Erin Weber, Business Development Manager
Arnaldo Diaz, Retail Analyst
Lael Reitler, Retail Specialist
Susan Dworkis, Research Foundation Administrator
Behavioral Dimensions of Internal Auditing:
A Practical Guide to Professional Relationships
in Internal Auditing R
Internal auditing is very much a relationship and communications business. The authors
E
of this guide conducted an online exploratory survey of internal auditors to explore some of
the current thinking of many internal auditors on this important topic, and then examined
current thinking across the academic disciplines. Behavioral Dimensions of Internal Audit-
ing: A Practical Guide to Professional Relationships in Internal Auditing highlights many
important behavioral dimensions of internal auditors and provides insights on human
relationships. S
The human dimensions of internal auditing are covered in three parts:
I. The Foundations
II. Behavioral Skills E

III. Behavioral Dimensions in Practice
Integrity and credibility are foundational to the concept of human dimensions of internal
auditing. Internal auditors need to have both to carry out their responsibilities and add A
value to their organizations in terms of reputation, effectiveness, efficiency, and compli-
ance with laws, regulations, and procedures. To be credible — or believable — they must
be knowledgeable, trustworthy, and ethical in conduct.
This project seeks to make an important contribution to the current understanding of

R
interpersonal relations, communications, and other general behavioral “aspects” in the
internal audit profession. It is expected to be of significant interest and relevance to practi-
tioners, academics, and students of internal auditing. C
Order No. 5015
IIA members US $0
Nonmembers US $40
H
ISBN: 978-0-89413-684-9
10
19
8

IIARF Behavioral Dimensions of Internal

Uploaded by

Copyright:

Available Formats

IIARF Behavioral Dimensions of Internal

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IIARF Behavioral Dimensions of Internal

Uploaded by

Copyright:

Available Formats

BEHAVIORAL DIMENSIONS

Mortimer A. Dittenhofer, PhD, CIA, CGFM

About the Authors.........................................................................................................................vii

Part I: The Foundations............................................................................................................................3

Part II: Behavioral Skills........................................................................................................................55

Part III: Behavioral Dimensions in Practice..........................................................................................75

The IIA Research Foundation Sponsor Recognition.........................................................................101

Mortimer A. Dittenhofer, PhD, CIA, CGFM, is an Emeritus Professor of Accounting at Florida

Dittenhofer also taught at American University, Georgetown University, George Washington

A prolific author and contributor to standard-setting efforts in internal controls, Ramamoorti is

As an integral part of a complex web of relationships within an organization, contemporary internal

• Personal — Ethics of Love and Friendship: Morality2

Littlefield, 2001), 49–68. Adapted.

Behavioral Roles of the Internal Auditor

• Prescribed by management or the audit committee of the board of directors.

The Management View

A New Way of Thinking

In today’s business, formal controls, such as policies, procedures, written authorizations,

Conversely CSA employs a group-learning model. Auditors guide participants through

• Reactions to gender — perceived opinions as to competence, or acceptance.

• Impacting the internal auditors’ observed professional performance.

The Professional Evaluation Process

1. Report the situation with the reasons for questioning.

“Why Good Accountants Do Bad Audits”

3. The organization sets up independent groups to work on the same problem.

(Sarasota, FL: American Accounting Association, 1961).

Organizational Behavior and Human Decision Processes, Vol. 53 (1992), 285–309.

M. H. Bazerman, G. Lowenstein, and D. A. Moore, “Why Good Accountants Do Bad Audits,”

Harvard Business Review 80, No. 11 (November 2002), 96–103.

one wants to see.”

Behavioral Dynamics of Individuals and Groups

• Autocratic — based on a military concept of management; pure power directing others

• Collegial — based on a teamwork concept with mutual understanding and cooperation

In an article on behavior, Dittenhofer discussed behavioral dynamics, which is presented in part

• The group’s nominal leader may not be the actual leader.

• What is the effect of an individual client’s overreaction or underreaction to new

Ethics and Behavior

Immanuel Kant said:

The reasons can relate to feelings of:

Ethics and Integrity

Emotions and Internal Auditing

• Being able to consider grievances as helpful.

Independence and Confidence

Specifically, independence is the result of:

• Freedom from personal restraints, such as:

In internal auditing, this confidence applies to:

The result of the above evaluation must then be reviewed as to:20

Mortimer A. Dittenhofer, “The Need for Behavioralism in Internal Auditing,” Management

Auditing Journal 3, No. 2 (1988), 5.

Management Auditing Journal 3, No. 2 (1988), 8–16.

Success (Upper Saddle River, NJ: Wharton School, 2005), 117.

John H. Chambers, The Achievement of Education: An Examination of Key Concepts in

SOCIAL BEHAVIORAL RELATIONSHIPS

Example One: Interpersonal Relationships of Internal Auditors

3. Mutual Joint Control:

4. Conflicting Mutual Joint Control:

Example Two: The Role of the Internal Auditor

In the status classification or position/rank in organizational hierarchy, the auditor can be a:

Example Three: Social Aptitude, a Required Talent