This exploratory study investigates the manifold conceptions of the internal auditing (IA) of risk culture prevalent among four influential actors of the financial sector—regulators, normalizers, consultants, and implementers. By inductive analysis of 20 interviews and 295 documents, we illustrate a two-step interpretive scheme utilized by the four actors in their IA approaches of risk culture: defining broad goals and designing visibility schemes. The visibility schemes were tied to the demarcation, measurement, as well as the IA data collection techniques of risk culture. Our results indicate two dichotomous interpretations among the four actors concerning the IA of risk culture. The first interpretation, prevalent among regulators and implementers, promotes the control of risk culture primarily through verification. The second interpretation, adopted by consultants and normalizers, promotes the control of risk culture by IA along with the empowerment of employees through training programs. Our results not only contribute to understanding IA expansions, specifically to non-tangible domains such as risk culture but also enrich the literature exploring the mechanisms different stakeholders utilize to shape weakly professionalized IA practices.

Manifold Conceptions of the Internal Auditing of Risk Culture in the Financial Sector

Vikash Kumar Sinha;Marika Arena
2020-01-01

Abstract

This exploratory study investigates the manifold conceptions of the internal auditing (IA) of risk culture prevalent among four influential actors of the financial sector—regulators, normalizers, consultants, and implementers. By inductive analysis of 20 interviews and 295 documents, we illustrate a two-step interpretive scheme utilized by the four actors in their IA approaches of risk culture: defining broad goals and designing visibility schemes. The visibility schemes were tied to the demarcation, measurement, as well as the IA data collection techniques of risk culture. Our results indicate two dichotomous interpretations among the four actors concerning the IA of risk culture. The first interpretation, prevalent among regulators and implementers, promotes the control of risk culture primarily through verification. The second interpretation, adopted by consultants and normalizers, promotes the control of risk culture by IA along with the empowerment of employees through training programs. Our results not only contribute to understanding IA expansions, specifically to non-tangible domains such as risk culture but also enrich the literature exploring the mechanisms different stakeholders utilize to shape weakly professionalized IA practices.
File in questo prodotto:
File Dimensione Formato  
s10551-018-3969-0.pdf

accesso aperto

: Publisher’s version
Dimensione 1.04 MB
Formato Adobe PDF
1.04 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1073296
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 3
social impact