Abstract
Although internal auditors are expected to play an important role in corporate governance, they are not always effective in bringing their message to management’s attention when they observe that a risky course of action is being taken that could harm the organization. When information systems projects go awry, for example, internal auditors often struggle to get managers to listen to their warnings. Instead, managers may turn a deaf ear to the auditor’s warnings. In this paper, we build on the idea that internal auditors can follow an approach that combines two elements to reduce this so-called deaf effect: (1) the auditor can apply communication techniques to more effectively deliver the message, and (2) the internal auditor can develop a relationship with the manager such that the auditor is viewed as a ‘partner’ rather than an ‘opponent.’
Following a mixed method approach, we examined how ‘nudging with a descriptive norm’ as a communication technique could help internal auditors to reduce the deaf effect and how this can be understood in the context of the auditor-manager relationship (AMR). We conducted two experiments showing consistent evidence that both (1) nudging with a descriptive norm and (2) AMR, had significant indirect effects on the deaf effect that were mediated through perceived social norms. A complementary series of ten interviews with Chief Audit Executives shed further light on how internal auditors could apply ‘nudging with a descriptive norm’ as a communication technique, and what should be considered, including the auditor-manager relationship. Implications for both internal audit research and practice are discussed.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
From our personal life, many of us might recognize the situation in which we observe that someone near is pursuing a risky course of action that might turn from bad to worse. Parents might see their beloved ones entering an undesirable path such as excessive alcohol consumption, drunk driving, drug abuse, or other dangerous habits that are risky to themselves or others. In such situations, people are often influenced by whether their peers (e.g., friends, teammates, etc.) would exhibit similar risky behavior or not, and whether the risky behavior would meet the social norms that are shared across those peers.
When people pursue a risky path, it can be challenging to get their attention and convince them to no longer continue this risky course of action. It may not be enough just to warn them and advise them of what they ought to do. It may also be helpful for the person to know what their peers would do in similar circumstances. Nudging people’s behavior by providing them with purely descriptive information about what their peers would do in similar circumstances (i.e., a descriptive norm) has been documented in the literature. For example, descriptive norms have been shown to be effective in promoting environmentally sustainable behaviors (Lapinski et al., 2007; Goldstein et al., 2008; Schultz et al., 2008), reducing behaviors that are associated with health risks (Lapinski et al., 2013; Mollen et al., 2013), and reducing citizens’ risky behaviors regarding tax-payments (Wenzel, 2005a, b).
The challenge to effectively bring a message to stop someone else’s risky behavior not only applies to people’s personal lives and the risks that individuals take, but also applies to business risks. Our study builds on the idea of nudging with descriptive norms to stop risky courses of action in a business context. Specifically, we investigate whether internal auditors can use descriptive norms to nudge managers into stopping runaway IS projects. Runaway IS projects can have devastating effects on organizations and have been studied as behavioral entrapment to continue a risky course of action (Keil & Robey, 1999; Keil et al., 2000).
Our study contributes to the discourse regarding corporate governance in general and internal audit specifically. Academic research has suggested that internal auditors play an important role in corporate governance (Gramling et al., 2004; Sarens & De Beelde, 2006; Paape, 2007). Further, from a practice perspective, the need for an effective internal audit function that serves corporate governance has been acknowledged across multiple countries (e.g., IODSA, 2016; MCCG, 2022; FRC, 2024). Finally, the important role that internal auditors play in corporate governance has been described in professional guidelines from the global internal audit profession (IIA, 2018; IIA, 2024). Internal auditors are role-prescribed to observe and report whether risky courses of action could bring harm to the organization and its stakeholders (Sarens & De Beelde, 2006; Sarens et al., 2009; Eulerich et al., 2019). Internal audit research suggests that internal auditors often find that managers turn a deaf ear to their risk warnings, a phenomenon that is referred to as the ‘deaf effect’ in internal audit research (Lenz & Hahn, 2015; Nuijten et al., 2019). The occurrence of the deaf effect is regarded as detrimental to internal audit effectiveness (Lenz & Hahn, 2015), and therefore research is warranted to advance our understanding of how internal auditors can more effectively bring their message and reduce the deaf effect. This aligns with the recently submitted 2024 Global Internal Audit Standards that highlight the need for internal auditors to communicate effectively (IIA, 2024; Principle 11) and to achieve this, internal auditors should: (1) apply effective communication techniques (standard 11.2), and (2) take into account relationships they maintain with stakeholders, including managers as well (standard 11.1). Our study sheds light on how internal auditors can reduce the deaf effect. Following a mixed method approach, we combine a quantitative perspective with a qualitative perspective. Following a quantitative approach, we conducted a series of two experiments in which we empirically tested whether nudging with a descriptive norm (as a communication technique) and the auditor-manager relationship (i.e., whether the auditor is perceived as a trusted partner or an opponent) can influence the deaf effect and whether ‘perceived social norm’ serves as a mediating mechanism. Following a qualitative approach, we conducted a series of complementary interviews with Chief Audit Executives to further enrich our insights in how internal auditors could apply ‘nudging with a descriptive norm’ as a communication technique, and what should be considered, including the auditor-manager relationship.
While our paper is mainly aimed at contributing to the discourse on internal audit effectiveness, we also contribute to the literature on runaway IS projects by investigating the effect of a novel intervention to reduce the deaf effect in such projects. Furthermore, our study contributes to the literature on socials norms and nudging by applying the notion of ‘what your peers would do’ to a business context involving risk warnings issued by auditors to managers.
2 Literature review and theory base
Our study builds upon and contributes to three bodies of knowledge: (1) literature on internal audit effectiveness and the deaf effect, (2) literature on the deaf effect in the context of information systems (IS) projects, and (3) literature on nudging. We build upon these three bodies of knowledge by drawing on the theory base of nudging with a descriptive norm as explained below.
2.1 Internal audit effectiveness and the deaf effect
The growing body of literature on internal audit effectiveness advances our understanding of how auditors can improve the contributions they make to their organizations (Arena & Azzone, 2009; Alzeban & Gwilliam, 2014; Dal Mas & Barac, 2018; Kotb et al., 2020). Internal audit effectiveness can be understood from either a supply-side perspective or a demand-side perspective (Lenz & Hahn, 2015).
Following the demand-side perspective, internal audit effectiveness is understood from the expectations that stakeholders within the organization can have of the internal audit function (Sarens & De Beelde, 2006; Sarens et al., 2009; Messier et al., 2011; Soh & Martinov-Bennie, 2011; Lenz, 2013; Erasmus & Coetzee, 2018; Eulerich et al., 2019).
The supply-side perspective, which is the approach we take in this paper, describes effectiveness from the auditors’ perspective. Prior research in this area has investigated the organizational conditions and the skills that auditors find important to fulfil their role (Van Peursem, 2005; Pforsich et al., 2008; Mihret et al., 2010) and how such skills could be developed (Plant & Slippers, 2015; Barac et al., 2021; Coetzee & Du Plessis, 2021). In this stream of literature, internal auditors, mostly Chief Audit Executives (CAEs), describe how they assess their effectiveness. The factors considered to be important in shaping audit effectiveness include: the role of the CAE, the skills and competencies of internal auditors, organizational politics and culture, support from senior management, and the impact of the board, directly or through the audit committee (Lenz & Hahn, 2015). The supply-side perspective also highlights the need for auditors to build and maintain good relationships with their stakeholders, which are defined to be the audit committee (Goodwin, 2003; Arena & Azzone, 2009; Davies, 2009), C-level executives (Gramling et al., 2004; Sarens & De Beelde, 2006; Christopher et al., 2009), and managers or auditees (Dittenhofer, 2001; Arena & Azzone, 2009; D’Onza & Sarens, 2018). Our study is amongst the few that focus attention on the relationship between internal auditors and managers.
While Lenz and Hahn (2015) emphasized the need for research that examines moments of discomfort and conflict that auditors encounter, specifically calling for further research on the deaf effect (i.e., when managers turn a deaf ear to risk warnings issued by auditors), very few studies in the field of internal auditing have addressed this topic. Based on interviews with Chief Audit Executives, Nuijten et al. (2019) examined eleven deaf effect situations. More specifically, they identified a range of actions that internal auditors took to overcome a deaf effect situation and they examined how the auditor-manager relationship (AMR) unfolded until the deaf effect was eventually resolved. They found that the actions that auditors take, are both a cause and an effect of whether the manager and the auditor see themselves as either partners or opponents in terms of their relationship.
Without explicitly referring to the deaf effect or to the discourse on internal audit effectiveness, a recent study by Brown and Fanning (2019), examined persuasion techniques that internal auditors could follow to bring their message to the attention of business managers in the domain of financial reporting. In their experiment they present two different approaches that internal auditors can take to bring their message to managers: a ‘participative approach’ (also referred to as ‘coach’) versus a ‘traditional approach’ (also referred to as ‘police officer’). For internal auditors who follow a participative approach, managers’ agreement with the auditor’s advice increases when the auditor provides a favor compared to when the auditor does not provide a favor. In contrast, they find that for internal auditors who follow a traditional approach, managers’ agreement with the auditor’s advice decreases when the auditor provides a favor compared to when the auditor does not provide a favor.
Brown and Fanning (2019) suggest that future research could also investigate different types of persuasion techniques that internal auditors could use to make their recommendations more persuasive to managers, such as informational social influence (Cialdini, 1984) and how they influence manager behavior. Following this call for further research, in our study we build on the prior work of Nuijten et al. (2016) and examine how both AMR and nudging with a descriptive norm can shape perceived social norms, thereby helping internal auditors to become more persuasive in bringing their message to managers’ attention. More specifically, we test the idea that internal auditors could follow a combined approach in bringing their message to managers. First, they can add a descriptive norm to the message and tell what the manager’s peers would do in this situation. This approach is consistent with Cialdini (1984) and Cialdini and Goldstein (2004) who also used messages containing descriptive norms that describe what others do, or the behaviors they engage in. Second, internal auditors can develop a relationship with the manager such that the auditor is viewed as a ‘partner’ rather than an ‘opponent when they communicate the message to the manager. We elaborate the idea that both elements can shape the manager’s perception of a social norm. Social norms are the accepted standards of behavior of social groups (Cialdini, 1984; Cialdini & Goldstein, 2004). In the context of our study, social norms refer to whether it is found acceptable to push further a risky course of action or not.
2.2 The deaf effect in the context of information systems (IS) projects
Information systems researchers Keil and Robey (1999, p. 82) coined the phrase deaf effect in 1999, defining it as a situation in which actors in positions of authority “turn a deaf ear to signs of trouble.” In this and a subsequent article (Keil & Robey, 2001) they provide specific examples of the deaf effect in IS projects based on interviews with both internal and external auditors who spoke of their frustration in blowing the whistle on a troubled project only to find that their risk warnings were ignored (or worse, caused them to be fired from their job).
Following the initial field-based observations of the deaf effect reported by Keil and Robey (1999, 2001), several researchers (Cuellar et al., 2006; Cuellar, 2009; Nuijten, 2012; Lee et al., 2014) began to conduct scenario-based laboratory experiments to investigate the factors that influence the deaf effect in IS projects. In these experiments, internal auditors were portrayed as messengers and business managers were portrayed as message recipients. These studies examined characteristics of the messenger (Cuellar et al., 2006; Lee et al., 2014), characteristics of the recipient (Lee et al., 2014; Nuijten et al., 2016), as well as how the message was framed in terms of gains versus losses (Nuijten et al., 2016). Furthermore, Nuijten et al. (2016) examined how the auditor-manager relationship (AMR) could influence the deaf effect in IS projects.Footnote 1 The internal auditor and manager were portrayed either as partners (inspired by stewardship theory, in which relationships are based on principles of trust and goal alignment) or opponents (inspired by agency theory in which relationships are based on principles of distrust and goal incongruence). Nuijten et al. (2016) found that when an internal auditor is seen as a collaborative partner, managers will be less likely to turn a deaf ear to risk warnings issued by the auditor. The rationale behind this is that decision makers are more likely to be responsive to risk warnings when the auditor has the clear goal of contributing to management performance rather than exposing management failures.
In this study, we build upon prior research on the deaf effect and AMR by examining a different approach that internal auditors could follow to present their message. Specifically, we focus on how two factors—nudging with a descriptive norm and AMR—indirectly influence the deaf effect through perceived social norms. Of course, the deaf effect for messages that are issued by internal auditors is relevant beyond the context of IS projects. As noted earlier, research on the deaf effect could also contribute to the discourse on internal audit effectiveness (Lenz & Hahn, 2015).
2.3 Nudging
Behavioral economists have introduced the idea that nudging can be an effective means of eliciting desired behavior without exercising strong forms of control or forcing compliance (Thaler & Sunstein, 2009). These ideas have recently been applied to the context of auditor decisions and our study is not the first to examine the use of nudges in the domain of auditing. In an eye-tracking experiment that involved 12 undergraduate students in auditing, Gajewski et al. (2022) examined whether nudges in the user interface of a financial reporting system could influence subjects’ visual attention to audit evidence indicative of aggressive reporting. Further, in an experiment with 48 experienced auditors, Nolder et al. (2022) investigated whether using skeptical language to frame a firm’s accounting estimate decision could be an effective nudge. They found some support for the notion that such a nudge could elicit a higher level of professional skepticism in auditors performing a complex audit task.
While prior studies have thus begun to examine how auditors could be nudged, our research examines how internal auditors themselves could effectively apply a specific nudge to reduce the deaf effect. Our study is the first to apply the concept of nudging with a descriptive norm in a business context involving the deaf effect.
In the deaf effect context, the concept of nudging relates to the auditor-manager relationship in the sense that nudging occurs within the context of that relationship. In this study, we develop a research model that brings together nudging and AMR. The rationale for combining these two constructs is that both nudging and AMR may reduce the deaf effect by influencing perceived social norms. Both the packaging of the message (i.e., whether it includes a descriptive norm) and the nature of the auditor-manager relationship (i.e., whether the auditor is perceived as a trusted partner or an opponent) can affect how a message is perceived. Thus, a descriptive norm that is provided as an integral part of the message may guide managers towards choices that are desired from an organizational perspective. Further, whether such messages come from allies or partners, rather than opponents, can shape the manager’s perception of the social norm that is being communicated.
While prior research has advanced our understanding of the deaf effect, the effect of nudging with a descriptive norm has not been examined in this context. This gap in our understanding is an important one to explore because nudging with a descriptive norm represents an intervention that would be easy to implement in practice and there are good theoretical reasons to believe that it could reduce the deaf effect.
One of the most effective ways to nudge is through social influence (Thaler & Sunstein, 2009). For example, it has been shown that the behavior of peers affects productivity and tax compliance in field settings (Tayler & Bloomfield, 2011). Similarly, Mas and Moretti (2009) found that cashiers in a retail setting became more productive when a highly productive worker was introduced into their shift. Examples like these clearly show that the social influence of peers can be significant.
The cumulative findings from prior research on normative social influence show that the actions of other people have a powerful effect on both behavioral intentions and actual behavior (Sherif, 1936; Deutsch & Gerard, 1955; Cialdini et al., 1990; Cialdini & Goldstein, 2004; Jacobson et al., 2011). Many norms-based interventions appear to have an influence on human behavior (e.g., Cialdini et al., 1990, 1991; Cialdini, 2005; Schultz et al., 2007; Griskevicius et al., 2008) and numerous studies can be found on the effect of a descriptive norm in the areas of sociology, psychology and behavioral research. Research has shown that communicating a descriptive norm (i.e., how most people behave in a given situation) induces conformity to the communicated behavior (Schultz, 1999; Griskevicius et al., 2006; Nolan et al., 2008).
Thaler and Sunstein (2009) further explain the use of a descriptive norm in nudging and its positive effects on eliciting desired behavior. They recount numerous examples in which individuals can be nudged to behave in a certain way simply by informing them about what other people are doing. One example of this is the online promotion of organ donation in the state of Illinois where their website brings the power of social norms into play by plainly stating: “87% of adults in Illinois feel that registering as an organ donor is the right thing to do” (Thaler & Sunstein, 2009, p. 184). Such nudges work because we generally like to do what most other people consider to be the right thing to do in a given situation.
A descriptive norm can serve as a decisional shortcut for behavior (Cialdini et al., 1990). Such norms are thought to influence behavior because they provide information about the right way to act in certain situations (Cialdini, 1984; Cialdini & Goldstein, 2004; Jacobson et al., 2011). For example, Goldstein et al. (2008) examined how hotel guests behave when a card has been placed on the bathroom towel rack asking them to reuse their towels. In a field experiment, they tried to increase towel reuse by testing the effect of putting different messages on the card. One of the messages included the appeal “JOIN YOUR FELLOW GUESTS IN HELPING TO SAVE THE ENVIRONMENT,” and emphasized that the majority of hotel guests reuse their towels. This message proved to be much more effective than messages without a descriptive norm such as “HELP SAVE THE ENVIROMENT.” Similar results were also obtained by other researchers, for example, by Schultz et al. (2008) (in their towel re-use experiment in hotel rooms), Lapinski et al. (2013) (for the effects of a descriptive norm on hand washing), Maloney et al. (2013) (for the effects of a descriptive norm on voting behavior), and Lapinski et al. (2007) (for the effects of a descriptive norm on water conservation attitudes and behavior).
Mollen et al. (2013), examined the influence of a descriptive norm on food choices by conducting a field experiment in an on-campus food court. Effects of different messages on students’ food choice were compared against each other and a no-message control condition. They found that a healthy descriptive norm message resulted in healthier choices as compared with the no norm control condition. Similarly, in an experiment with 1,200 Australian citizens, Wenzel (2005a, b) found that simply informing taxpayers of the high rate of compliance increased compliance levels.
While the effectiveness of nudging with a descriptive norm has been examined in extant literature, our study is the first to assess how it applies in a business context, more specifically in the context of AMR, where the messenger (auditor) and the recipient (manager) can have a relationship as partners or as opponents.
3 Research model and hypotheses
3.1 Influence of a descriptive norm in the internal auditor’s message on the manager’s perceived social norm and the deaf effect
Much of the prior work on nudging with descriptive norms has examined how people behave in response to nudges that occur outside of any particular organizational context. For nudging to be a useful tool in a business context involving internal auditors, however, it is important to determine whether nudges that managers receive from an auditor can be effective and whether this is affected by the nature of the auditor-manager relationship. Toward this end, we examine the effect of a descriptive norm that internal auditors can deliver along with their risk warnings to determine if this can influence managers’ decisions.
Prior work has suggested that a descriptive norm can influence behavior by reinforcing perceived social norms. In this study, we explore this mediating mechanism by measuring the effect of an internal auditor’s message containing a descriptive norm on the social norms that are perceived by managers who received the internal auditor’s message. We posit that nudging the manager through a descriptive norm in the internal auditor’s message can indirectly influence the manager’s deaf effect to risk warnings by altering the manager’s perceived social norm. Specifically, we posit that a manager will be more likely to perceive that his/her peers would stop and no longer continue a risky course of action, when he/she receives an auditor’s risk warning that states that the manager’s peers would stop the risky course of action (i.e. the message contains a descriptive norm). Furthermore, we posit that a manager who perceives that his/her peers would stop and no longer continue a risky course of action, would be likely to stop the risky course of action. Thus, we state the following mediation hypothesis:
H1).An internal auditor’s message containing a descriptive norm will influence how a manager reacts to a risk warning. Specifically, an internal auditor’s message containing a descriptive norm will positively influence a manager’s perceived social norm thereby reducing the deaf effect.
3.2 Influence of internal Auditor – Manager Relationship on the manager’s perceived social norm and the deaf effect
In deaf effect situations, messengers report risk warning messages to decision makers who have the choice to listen to these messages and take corrective action or to not listen and continue the project as planned (Nuijten et al., 2016). In our domain of interest, the auditor plays the role of the messenger who delivers a risk warning and the manager (in our case, the project owner and decision maker) must decide whether or not to act on the risk warning. Nuijten et al. (2016) differentiate between an auditor-manager relationship (AMR) in which the auditor is seen as a partner and one in which the auditor is seen as an opponent. In their study, Nuijten et al. (2016) found that managers are more likely to heed the auditor’s risk warning and discontinue the course of action when the auditor is considered to be a partner instead of an opponent.
Cialdini and Goldstein (2004) posited that when making choices, people look at those who are similar to them. Based on the idea that people are most influenced by similar others, we posit that the auditor-manager relationship (partner vs. opponent) will impact perceived social norms. Specifically, we theorize that when the auditor is viewed as a partner (i.e., who has goals that are aligned with the manager) rather than an opponent (who has goals that are not aligned with the manager) the message is more likely to be perceived as a social norm.
In a study along these lines, Berger and Rand (2008) show that a descriptive norm can actually decrease (rather than increase) compliance when the descriptive norm is associated with an undesirable group. Extrapolating from this finding, we theorize that it is important to consider the source of the message and how the target recipient views the source. Prior work has shown that decision makers are more receptive to a risk warning when it comes from an internal auditor who is perceived as a partner rather than an opponent (Nuijten et al., 2016).
Specifically, we posit that a manager will be more likely to perceive that his/her peers would stop and no longer continue a risky course of action, when he/she receives a risk warning from an internal auditor that the manager sees as a partner (versus an opponent). In that case he/she might consider the auditor to be part of his own social group, sharing the same social norm to stop the risky course of action. Furthermore, we posit that a manager who perceives that his/her peers would stop and no longer continue a risky course of action, would be likely to stop the risky course of action. Based on the above theorizing, we offer the following mediation hypothesis:
H2).The nature of the auditor-manager relationship (partner or opponent) will influence how a manager reacts to an internal auditor’s message containing a risk warning. Specifically, a message received from an internal auditor who is seen as a partner will be perceived more as a social norm, thereby reducing the deaf effect.
Based on our literature review and theorizing, we developed the research model shown in Fig. 1 which we test in this study. As shown in the model, our dependent variable is a manager’s willingness to continue a troubled project, which serves as a proxy for the deaf effect, as it provides an indication of the degree to which the auditor’s risk warning and recommendation to redirect the project influences the decision-maker. We posit that perceived social norms will influence the deaf effect and that both AMR (i.e., whether the internal auditor is seen as a partner or an opponent) and whether or not the message delivered by the auditor contains a descriptive norm will indirectly influence the deaf effect through perceived social norms.
In our model, gender, work experience, and risk propensity are included as control variables based on prior work by Cuellar et al. (2006) revealing that the deaf effect can be influenced by both gender and work experience, as well as prior work by Lee et al. (2014) showing that risk propensity can also influence the deaf effect. While these studies revealed that gender, work experience and risk propensity can influence the deaf effect, we are not aware of any studies that included these variables in a business context that involved auditor messages including descriptive norms. Thus, in our study we adopted the control variables of the Cuellar et al. (2006) and Lee et al. (2014) studies in our experiments.
Research model
4 Method
To test our model, we conducted a mixed method study which involved two scenario-based laboratory experiments as well as qualitative interviews with Chief Audit Executives. We conducted our primary experiment with managers using a 2 × 2 factorial design in which we manipulated the risk warning message of the internal auditor (by including or not including nudging with a descriptive norm) and the auditor-manager relationship (AMR) (partner vs. opponent). We conducted a second experiment with students as a robustness check, and then validated and explored our results further by conducting interviews with 10 Chief Audit Executives.
4.1 Participants
Our participants for the primary experiment consisted of 88 U.S. managers recruited from the Qualtrics subject pool. These managers had an average age of 37.7 years (standard deviation of 9.5 years), an average work experience of 18.1 years (standard deviation of 9.8 years), and an average of 7.4 years of experience working with IS projects (standard deviation of 6.0 years). 47% were male and 53% were female. Responses were only added to our dataset after they met two basic criteria: (1) respondents had confirmed that they were native English speakers, and (2) respondents exceeded a minimum time threshold that was established for completing the experiment, so that we could be assured that they took the task seriously.
The second experiment, which was conducted as a robustness check, involved 170 undergraduate students who were enrolled in Accounting and Information Systems courses at two Belgian Universities. The students had an average age of 23.6 years (standard deviation of 4.2 years) and an average work experience of 1.5 years. 75% of the students were Europeans and the majority were Belgian citizens. 63% were male and 37% were female.
4.2 Scenario and treatments
In our scenario we asked the participants to consider themselves to be the project owner of an information system project within an insurance company. The scenario used in this experiment was based on one used by Nuijten et al. (2016) and involves a situation in which the subject (playing the role of a project owner) is informed that Mr. Johnson from the Internal Audit department has recently found serious problems with the project and advises that the project should be redirected (i.e., not continue as planned).
Consistent with prior studies in behavioral economics that have used similar treatments (e.g., Goldstein et al., 2008; Kredentser et al., 2012), we created the following message for our descriptive norm treatment: “Mr. Johnson informed you that MOST of your PEER COLLEAGUES Project Owners within THIS company REDIRECT the project under these circumstances. Subsequently, Mr. Johnson advised you to JOIN YOUR FELLOW PEERS and REDIRECT the project LIKE YOUR PEERS DO.” As a control, we crafted the following message that did not include a descriptive norm: Mr. Johnson advised you to REDIRECT the project.
We independently manipulated the auditor-manager relationship (AMR) to be either partner or opponent (Nuijten et al., 2016). For the partner treatment, we stated: “Mr. Johnson (the Internal Auditor) has a long history of working COLLABORATIVELY with IS project teams with the goal of helping to identify and manage project risks, thus enabling project owners to be successful. He is seen by the project management as adding value to the process. Thus, Mr. Johnson is treated as a TRUSTED PARTNER to management.” For the opponent treatment, we stated: “Mr. Johnson (the Internal Auditor) has a long history of working AGAINST IS project teams with the goal of exposing project failings, thus embarrassing project owners. He is seen as a policeman who does not add any value to the development process. Thus, Mr. Johnson is treated as an OPPONENT WHO IS NOT TO BE TRUSTED.” The complete scenario and manipulations can be found in Appendix 1.
4.3 Constructs and measures
Our independent variables were manipulated and treated as dichotomous variables. The presence or absence of a descriptive norm in the message was captured in the variable MDN (1 = Message including a descriptive norm; 0 = Message without a descriptive norm). Auditor-manager Relationship was captured in the variable AMR (1 = partner; 0 = opponent). The perceived social norm, which served as the mediator variable PSN in our model, was measured using a four-item scale developed for this study. Our dependent variable was the decision to continue a troubled information system project (Continue) despite the auditor’s risk warning and recommendation to redirect the project. We assessed this construct using a single well-established measurement item (Nuijten et al., 2016).
Consistent with prior studies (Keil et al., 2000; Cuellar et al., 2006), risk propensity (RiskProp) was measured using four items adapted from Sitkin and Weingart (1995). Appendix 1 shows all the construct measures that were employed. All analyses were done in Stata.
5 Results
5.1 Primary experiment (managers)
First, we conducted manipulation checks to ensure that our treatments were effective. The descriptive norm manipulation check consisted of a single item, MDNmc, which was used to assess whether subjects noticed and were able to recall whether or not the scenario contained a descriptive norm (i.e., whether the auditor Mr. Johnson mentioned how peers would behave in the situation as described in the scenario).
Table 1 shows the mean values of MDNmc for each of the four treatment conditions in Experiment 1. As indicated, the treatment with a descriptive norm resulted in higher MDNmc values for the treatment groups with a descriptive norm and lower MDNmc values for the treatment groups without a descriptive norm.
In order to test the effectiveness of our manipulation to portray the internal auditor as a partner or as an opponent, we adopted a manipulation check for AMR from Nuijten et al. (2016). Using a 3-item scale (see AMRmc under the measures section of Appendix 1) we computed a composite score.
Table 2 presents the mean values of AMRmc for each of the four treatment conditions. As indicated, the AMRmc values are lower for the opponent treatment groups and higher for the collaborative partner treatment groups.
To confirm these results, two separate two-way ANOVAs with interaction were conducted; one using MDNmc as the dependent variable and one using AMRmc as the dependent variable. The results of these ANOVAs, shown in Tables 3 and 4, confirmed that each manipulation was effective. Further, no significant interaction effect between AMR and MDN were detected.
Based on these manipulation checks we assessed that the manipulations were effective.
5.1.1 Measurement model assessment
For testing our research model, we chose Partial Least Squares (PLS) analysis. By using PLS we could assess both the measurement model and structural model together (Gefen et al., 2000, 2011).
Before testing our structural model, we determined the validity of our measurement model through four tests of convergent and discriminant validity as described by Fornell and Larcker (1981) and by Chin (1998).
First, we assessed individual item reliability by examining the item-to-construct loadings for each construct that was measured with multiple indicators. According to Hair et al. (2010) factor loading estimates should be higher than 0.5, as then the shared variance between each item and its associated construct exceeds the error variance. As shown in Table 5, all loadings exceeded the threshold of 0.5, and all exceeded the more conservative threshold of 0.7.
Second, we investigated the construct reliability for each block of measures (i.e., the internal consistency reliability). Table 5 reports the Cronbach’s alpha, the Dillon-Goldstein’s coefficients (ρC) and the Dijkstra-Henseler’s ρA (rho_A) values. In order to establish adequate reliability, these values should exceed 0.7. Table 5 shows that the Dijkstra-Henseler’s ρA, Dillon-Goldstein’s ρC and Cronbach’s α all exceed this value.
Third, we assessed the level of correlation of multiple indicators of the same construct. Fornell and Larcker (1981) view Average Variance Extracted (AVE) as a measure of construct reliability. The guideline threshold for AVE is 0.5, which means that 50% or more of the variance of the indicators is accounted for (Chin, 1998). As Table 5 indicates, the AVE values in our model exceeded the 0.5 threshold.
Fourth, we examined whether our latent variables are statistically different from one another, by computing the heterotrait-monotrait ratio of correlations (HTMT). The HTMT ratio should be lower than 1 and preferably under 0.85 in order to establish discriminant validity. Table 6 shows that all ratios are well below this conservative upper bound of 0.85, thus providing good evidence of discriminant validity.
5.1.2 Structural model assessment
Having an adequate measurement model in place, we tested our hypotheses by examining the structural model. Results of our analysis can be seen in Fig. 2, with more detailed information provided in Tables 7 and 8. Given the directional nature of the hypotheses, we used one-tailed tests.
Structural model showing results from primary experiment (Managers) Footnote
Dashed lines refer to paths that are included in the model and tested but not formally hypothesized.
The explanatory power of a structural model can be evaluated by examining the R-squared value for the ultimate dependent variable. Table 7 shows that the explanatory power of our structural model is adequate with an R-squared of 0.495 for our dependent variable Continue. As shown in Fig. 2; Table 7, the Descriptive Norm (MDN) to Perceived Social Norm (PSN) path is significant (path coefficient of 0.281 and p = 0.001), the path from Auditor-manager Relationship (AMR) to Perceived Social Norm (PSN) is significant (path coefficient of 0.277 and p = 0.001), and the path from Perceived Social Norm (PSN) to Continue is significant (path coefficient of -0.243 and p = 0.000). The direct path from AMR to Continue is also significant (path coefficient of -0.242 and p = 0.002).
As shown in Table 8, perceived social norm (PSN) was found to mediate the effects of both AMR and descriptive norm (MDN) on Continue. Thus, both H1 and H2 were supported.
5.2 Replication experiment (with students) serving as a robustness check
The second experiment, which was conducted with students, represents a replication of the primary experiment with managers and serves as a robustness check on our findings. The same manipulation checks and measurement model assessment were done in the second experiment. The manipulations were found to be effective, and the measurement model was comparable to the results obtained for the primary experiment. Since the purpose of the second study was just to determine if the results of the primary study could be replicated with a different sample of participants, for the sake of brevity we present only the structural model results.
5.2.1 Structural model assessment
Results of our analysis can be seen in Fig. 3, with more detailed information provided in Tables 9 and 10.
Structural model showing results from experiment 2 (Students)
Table 9 shows that the explanatory power of our structural model is adequate with an R-squared of 0.258 for our dependent variable Continue. As shown in Fig. 3; Table 9, the Descriptive Norm (MDN) to Perceived Social Norm (PSN) path is significant (path coefficient of 0.219 and p = 0.001), the path from Auditor-manager Relationship (AMR) to Perceived Social Norm (PSN) is significant (path coefficient of 0.297 and p < 0.001), and the path from Perceived Social Norm (PSN) to Continue is significant (path coefficient of -0.194 and p = 0.016). The direct path from AMR to Continue is also significant (path coefficient of -0.304 and p < 0.001).
As shown in Table 10, perceived social norm (PSN) was found to mediate the effects of both AMR and descriptive norm (MDN) on Continue. Thus, both H1 and H2 were supported.
The fact that we were able to replicate the pattern of results obtained in the primary experiment (with managers) using a completely different pool of participants (students), serves as a robustness check on our findings.
5.3 Enriching the experiment results with insights from internal audit professionals
While the experiments allowed us to test individual relationships in a causal model, we acknowledge that our model is simplified and cannot include all factors that could be relevant in an actual business context in which internal auditors attempt to bring their message to management’s attention. Therefore, we conducted a series of 10 interviews with internal auditors to gain further insights.
5.3.1 Interviewee characteristics
We conducted interviews with ten Chief Audit Executives who have been in the position to bring their message to management’s attention regarding information systems projects. In Appendix 2 we present a table with the descriptive characteristics of our interviewees. All of our interviewees worked for large organizations in The Netherlands and Belgium (i.e., four financial institutions, one energy provider, two hospitals, one municipality, a railway provider, and one provider of internal audit services). The interviewees were recruited from the first author’s network of internal audit professionals, and they were selected for their experience as a Chief Audit Executive as well as their knowledge of internal audit standards and practices. All interviewees still are or have been active members of the executive board and committees of the Dutch Institute of Internal Auditing Chapter (IIA-NL). Two of our interviewees have chaired the IIA-NL chapter and one of our interviewees has been the vice chair of professional practices on the global executive board of the IIA. All our interviewees are or have been actively involved as lecturers in the IIA-accredited IAEP excellence programs for internal audit education in the Netherlands.
5.3.2 Interview process
Based on an interview protocol we asked the interviewees open-ended questions about their experiences with nudging business managers using a descriptive norm. More specifically, our interviews aimed to address two things: (1) the perceived effectiveness of nudging with a descriptive norm, and (2) views on nudging from professional and ethical perspectives. To address our first topic, we asked: ‘do you think that managers in a business context could effectively be nudged with a descriptive norm coming from the internal auditor as it worked in our experiments?’, ‘do you use nudging with a descriptive norm?’ and ‘what factors could influence the effectiveness?’. To address the second topic, we asked: ‘to what extent do you think that nudging could raise ethical or professional issues if it is applied by internal auditors?’, and ‘is it allowed for internal auditors to nudge?’. All interviews were conducted by two members of the research team. Due to the Covid-19 pandemic, all interviews were conducted on-line using MS-Teams. Interviews typically lasted between one hour and seventy-five minutes. All interviews were tape recorded and transcribed verbatim. Prior to recording anything, participants were assured that they would remain anonymous and that any information they shared would be treated as confidential.
5.3.3 Interview results
Interviewee responses were grouped as factors by the first author. The factors as well as which and how many interviewees had mentioned this factor are presented in Appendix 2, along with a summary of interviewee responses. To assess the reliability of the process and the table, an external academic reviewer (who was not involved in our study) performed a review. The appendix shows that in the last three interviews no new perspectives were added, thus providing evidence of saturation.
The interviews both supported and enriched the results of our experiments. Our interviewees confirmed that managers in a business context are influenced by what their peers do. Interestingly, many of our interviewees confirmed that they have actually applied a descriptive norm to bring their message to the manager’s attention more effectively. For example, one of the CAE’s (interviewee #1) said (quote translated from Dutch): “I always use examples about how others do things within the organization to influence the manager to whom I communicate the risk warning. And that works in most of the situations.” Referring to how others do things in the organization is also used by another CAE (interviewee #5) we interviewed who said (quote translated from Dutch): “When I define actions together with management about resolving audit issues I say, ‘this is the way it is done by others in the organization.”
We asked our interviewees to comment on how managers in real-life organizational settings would compare to the participants in our experiments in terms of their receptivity to being nudged with a descriptive norm (i.e., being informed what their peers would do). Several CAEs indicated that they thought managers in a real-life business context would be equally or even more strongly affected by information of what their peers do than participants in our experiments. For example, one of our interviewees (interviewee #8) explained that the managers within his bank consider themselves as a “team of peers” and that nobody wants to underperform compared to their peers or be the weakest link. The interviewee suggested that therefore managers in his bank would be more easily influenced by information about their peers’ behavior than participants in an experiment who do not face the same group pressure. Furthermore, other interviewees added that organizational incentives and career opportunities often trigger managers to compare their own performance to that of their peers. This can make managers be more susceptible to being influenced by a descriptive norm than participants in an experiment who don’t have such incentives. Interestingly, many of our interviewees mentioned that a descriptive norm in a highly competitive organization context could have the opposite of the intended effect, if managers see their peers as competitors (for example for promotion to a higher position in the organization). One of the interviewees (interviewee #9) explained this high-competition context by describing the Tour de France race in which cyclists climb the steepest mountain with the aim of being the first one to reach the top. He illustrated the effect of a descriptive norm in this situation as follows: “if you learn that your competitor would give up, that can highly motivate you to not give up and continue in an attempt to outperform and beat your competitor.” Two of our interviewees (interviewees #3 and #10) added another interesting perspective on how nudging with a descriptive norm could have the opposite of the intended effect. Both interviewees worked at organizations with “a very low maturity level” and a very low quality of IS project managers. In such a context, if the internal auditor used a descriptive norm to tell a manager what “his/her peers would do” then the very poor performance those peers would not convince someone to act according to his/her peers. Based on these insights, further research is needed to confirm that the type of nudging we employed in our experiments would be effective in actual organizational settings. Our interview data with the CAEs suggest that they can be, but that the efficacy may depend on the specific organizational context.
During the interviews we also questioned the CAEs about whether there were any differences in the effectiveness of nudging with a descriptive norm depending upon whether the internal auditor is seen by management as a collaborative partner or an opponent. The interview data supports what was observed in our experiments, in that nudging was seen as less effective and perhaps even counterproductive when it is used by an auditor who is viewed as an opponent. One of the interviewees (interviewee #1) stipulated that (quote translated from Dutch): “If you as a policeman [attempt to] influence others by comparing them to others who do things properly, then the nudging will not work and it may have the opposite effect.” Another CAE (interviewee #8) said (quote translated from Dutch): “In my organization an internal auditor who points out the mistakes that managers make will not be effective.”
In terms of the ethics of nudging with a descriptive norm and whether such behavior would violate professional standards, the CAEs we spoke with did not see any major ethical or professional obstacles to incorporate nudging in their communication toolbox as an internal auditor. As paraphrased from several of our interviewees, it is just part of the internal auditors’ communication to management to bring their message.
6 Discussion and implications
Before discussing the implications of our study, it is appropriate to consider the main findings and the limitations. The study’s two main findings are:
-
(1)
Nudging with a descriptive norm has an indirect influence on the deaf effect through perceived social norms.
-
(2)
The auditor-manager relationship has an indirect influence on the deaf effect through perceived social norms.
Specifically, we found that: (1) including a descriptive norm in the auditor’s message helps managers to perceive a social norm that reduces the deaf effect, and (2) when the internal auditor who delivers a risk warning is seen as a partner rather than an opponent, the manager also perceives such a message as a social norm that reduces the deaf effect.
Despite these results, our two experiments and the interviews also revealed that something seemingly simple and effective as nudging with a descriptive norm, might not turn out to be that simple when it is applied in complex organizational settings. More specifically, the use of a descriptive norm is not perceived by everyone as a social norm, so in some circumstances it could have unanticipated and undesirable effects. Our study revealed four considerations for internal auditors who want to successfully apply a descriptive norm of “what someone’s peers would do” to avoid the deaf effect.
First, the auditor-manager relationship determines whether the auditor’s advice to stop the risky course of action would be seen as coming from someone who is seen as a partner (vs. an opponent) and would be perceived as a social norm. In daily practice internal auditors may struggle to maintain such a relationship, and managers may not always see auditors as their partners when they feel criticized. Second, our interviews revealed that for a descriptive norm to be effective, it helps to keep the message simple, positive, action oriented and to leave room for choice.
Third, the manager’s personal characteristics should be considered. More specifically, the manager’s risk attitude and the years of working experience could influence the manager’s receptivity to the auditor’s message. Our interviews suggest that the use of a descriptive norm of what someone’s peers would do, would be most effective for more senior and risk-averse managers.
Fourth, organizational context is an important consideration in determining if descriptive norms in an auditor’s message will be effective. Specifically, descriptive norms are likely to be more effective in a cooperative organization culture in which peers are seen as belonging to the same group, as opposed to a competitive culture in which peers are seen as competitors or rivals to be beaten. Additionally, descriptive norms are likely to be more effective in a mature organization in which peers are seen as successful and a good example to be followed, rather than in an organization where peers are performing poorly and are not seen as good role models to follow. Finally, organization incentives (e.g., financial incentives) should be considered as they could influence the effectiveness of using descriptive norms.
6.1 Limitations
This research involved two laboratory experiments and some qualitative interviews to enrich the results obtained in the experiments. We believe that the mixed method approach involving both quantitative and qualitative data represents a strength. Having said that, there are limitations associated with the type of experiments we conducted (i.e., scenario-based laboratory experiments). While experiments allow the researcher to achieve high internal validity, this comes at some cost in terms of external validity. Experimental designs for studies such as ours should not be evaluated based on the degree to which they reflect actual organizational settings, but rather on whether they contribute to our ability to test causal relationships that extend our understanding of human decision making (Dobbins et al., 1988). To achieve a high level of internal validity our study took a necessarily narrow focus and involved a small number of variables to achieve a high degree of control. Hence, in our experimental approach we were unable to include all the complexities of real work situations. This trade-off of higher internal validity for lower external validity is common in laboratory experiments and should not be construed as a flaw, though it does represent a limitation. Thus, any generalization of the findings of this study to other settings should be done with caution. It is possible that the results would be different in other settings as there are other organizational and political factors that may also affect managers’ deaf effect responses to risk warnings. Thus, further research is needed to confirm that our findings would be effective in actual organizational settings.
While our first experiment involved the use of managers, who are familiar with business settings, we replicated our experiment with a dedicated group of student participants who enrolled in university courses in the specific domain of managing information systems projects. We found the same pattern of results, adding robustness to our findings.
Second, we further explored our results by conducting a series of interviews with practicing internal auditors and gained additional insight into some factors that could influence the effectiveness of nudging with descriptive norms for internal auditors to bring their message to management’s attention. In the context of our study, we did not further test these factors and therefore suggest that they could be included in future research.
Despite the above limitations, this study contributes to our understanding of how internal auditors may be able to reduce the deaf effect and thereby influence the trajectory of troubled IS projects by issuing risk warnings that contain a descriptive norm. This is the first empirical study that we are aware of that examines whether nudging with a descriptive norm may improve the effectiveness of the Internal Audit function with respect to the management of IS projects.
6.2 Implications for research
While prior research has noted the importance of the auditor-manager relationship (AMR) and how this can influence the deaf effect, it has not examined the role that perceived social norms can play in this area. The unique contribution of our work is that we shine a spotlight on the mediating role of perceived social norms and how these influence the deaf effect while also being influenced by both AMR and a descriptive norm included in the risk warning. By focusing on what the auditor can do to craft the message in a way that reduces the deaf effect, our research contributes to this discourse and addresses an important theoretical gap. Specifically, we introduce a novel research model that leverages the idea of nudging with a descriptive norm. Our study builds upon and significantly extends the work of Nuijten et al. (2016) by introducing the idea of nudging to the problem of the deaf effect, and we test how it is related to the social norm that managers perceive after they receive a message from an internal auditor who is seen as a partner versus an opponent. Furthermore, our study identifies additional factors that could further enrich the research model and provide opportunities for future research.
Ours is the first study to show that nudging with a descriptive norm may indirectly reduce the deaf effect response to an auditor’s risk warning. While prior literature has established that a descriptive norm can serve as an effective nudge, our study is the first to shed light on how such an approach may work in the context of the deaf effect.
While our study reveals that nudging can be effective in the short term, more research is needed to determine the long-term effects of nudging on internal auditor effectiveness. Since relationships such as the AMR can develop and change over time, additional research is warranted to determine whether nudging with a descriptive norm might impact the AMR over time.
Our study reveals several factors that could further enrich the model and we invite other researchers to test them in future studies. The results of our study point to organizational context factors (e.g., how competitive the culture is within an organization) and personal factors (e.g., risk propensity and work experience) that warrant further research, as they could shape the effectiveness of descriptive norms in nudging a manager’s behavior.
Further research is needed to explore the effect of other types of nudging on the deaf effect response to risk warnings. Another type of nudging, for example, might involve making things easy for managers by, for example, minimizing bureaucratic procedures or obstacles that could prevent them from taking appropriate actions to deal with risks. Another approach might be to change the character of project review meetings so that the default is that a project will not go forward in the presence of major risks that remain unaddressed. Conversely, if the situation can be structured in a way such that ignoring the auditor’s risk warning and pressing forward requires effort to justify, this will have the effect of nudging the manager in the desired direction. We hope that our work will encourage others to investigate additional types of nudging that could be effective in reducing the deaf effect.
Finally, while we examine how nudging can make auditors more effective in a very specific situation, we believe that our findings have implications for research on corporate governance more broadly, as internal auditors could potentially use nudging across a wide range of situations to improve the quality of corporate governance.
6.3 Practical implications
This study has important practical implications because it suggests that auditors can use techniques from behavioral economics (i.e., nudging) to indirectly reduce the deaf effect through perceived social norms. Unlike other factors which have been discussed in the deaf effect literature, nudging is a technique that can be quickly and easily applied. However, it can also have unanticipated effects if the nudges are not properly aligned with the organizational context. Therefore, internal auditors should be careful in when and how they apply nudging with a descriptive norm.
Translating the results of our study to the internal audit practice, offer the following advice to auditors:
-
(1)
The effectiveness of a risk warning message that is delivered by an internal auditor is not only determined by the quality of its content, but also depends on how the message is communicated,
-
(2)
Internal Auditors should be aware that communication techniques are part of the auditor’s toolbox and therefore cannot be ignored,
-
(3)
Embedding descriptive norms in the auditor’s message could be an effective nudge but should be used cautiously. In order to effectively use a descriptive norm in a risk warning, the internal auditor must consider whether assumed relational, message, organizational, and personal factors are conducive to this approach.
-
(4)
Nudging with a descriptive norm should not violate the auditor’s trustworthiness and credibility. Therefore, the message should not contain any false statements that could backfire.
Although our study focuses specifically on how internal auditors can be more effective in bringing a message to management when IS projects go awry, we believe that its relevance to practice is much broader than that. In today’s complex society, organizations – both public and private – face the challenge to act responsibly and remain alert to any risk behavior that could cause damage to the own organization, to its stakeholders and to society at large. Regulatory bodies promulgate corporate governance standards and now increasingly encourage organizations to implement proper structures to manage not only financial risks but include environmental and social risks as well. Our study relates to this broader development in two ways.
First, internal auditors play an important role in corporate governance with their focus on risks in general and behavioral risks specifically. This was illustrated at the European Corporate Governance Conference that was held in March 2024 and in which the chairman of the European Confederation of Internal Audit Associations stressed the need to incorporate risk behavior in corporate governance practices and highlighted the contribution that internal auditors can make to effective corporate governance. Of course, in order to fulfil this ambition, internal auditors need to communicate effectively when they observe and identify risk behavior that could cause damage. Our study aligns with the recently submitted 2024 Global Internal Audit Standards (IIA, 2024) that suggest that internal auditors can achieve this, by (1) applying effective communication techniques (standard 11.2), and (2) taking into account relationships they maintain with stakeholders, including managers as well (standard 11.1). Our study sheds light on how internal auditors can reduce the deaf effect, following an approach that combines these two factors.
Second, in the era of digitization, organizations seek to capitalize on the promises of information systems while managing the risks that are inherent to such systems. Therefore, successful information systems projects are crucial to most organizations. Furthermore, successful corporate governance could require solid enterprise risk management systems or ESG (environmental, social, and governance)-implementations that also heavily depend on information systems projects that must be implemented successfully. Therefore, our example of internal auditors who find a deaf ear for their risk warnings regarding a runaway information system project is highly relevant to the broader context of internal auditing and corporate governance as well.
In conclusion, we believe it is important for internal auditors to learn and understand how the presentation of a message beyond its content, can influence the effectiveness of the message. This suggests that proper training of internal auditors in communication technique could be beneficial and that under the right circumstances nudging could be used effectively and ethically. Such training would need to include how to apply a communication technique like nudging with a descriptive norm in daily practice, how to identify and recognize circumstances where it could be effectively used, and how to keep it consistent with the ethical and professional standards. To comply with professional standards, any information the internal auditor might provide in a nudge must be a fair and correct representation and must not harm the internal auditor’s credibility.
We hope that the results of our study will provide an avenue for internal auditors to deal with the problem of the deaf effect and thereby contribute to more effective corporate governance.
Notes
Nuijten et al. (2016) labeled this more broadly as “messenger-recipient relationship.” We have chosen to use the term “auditor-manager relationship” here for consistency and because our focus is on the behavior of auditors.
Dashed lines refer to paths that are included in the model and tested but not formally hypothesized.
References
Alzeban, A., & Gwilliam, D. (2014). Factors affecting the Internal Audit Effectiveness: A Survey of the Saudi Public Sector. Journal of International Accounting Auditing and Taxation, 23(2), 74–86. https://doi.org/10.1016/j.intaccaudtax.2014.06.001.
Arena, M., & Azzone, G. (2009). Identifying Organizational drivers of Internal Audit Effectiveness. International Journal of Auditing, 13(1), 43–60. https://doi.org/10.1111/j.1099-1123.2008.00392.x.
Barac, K., Plant, K., Kunz, R., & Kirstein, M. (2021). Generic skill profiles of future accountants and auditors – moving beyond attributes. Higher Education Skills and Work-Based Learning, 11(4), 908–928. https://doi.org/10.1108/HESWBL-08-2020-0180.
Berger, J., & Rand, L. (2008). Shifting signals to help Health: Using Identity Signaling to reduce Risky Health behaviors. Journal of Consumer Research, 35(3), 509–518. https://doi.org/10.1086/587632.
Brown, T., & Fanning, K. (2019). The Joint effects of internal auditors’ Approach and Persuasion tactics on managers’ responses to internal audit advice. The Accounting Review, 94(4), 173–188.
Chin, W. W. (1998). The partial least squares Approach to Structural equation modeling. In G. A. Marcoulides (Ed.), Modern methods for Business Research (pp. 294–336). Lawrence Erlbaum Associates.
Christopher, J., Sarens, G., & Leung, P. (2009). A critical analysis of the independence of the internal audit function: Evidence from Australia. Accounting Auditing & Accountability Journal, 22(2), 200–220. https://doi.org/10.1108/09513570910933942.
Cialdini, R. B. (1984). Influence: The psychology of Persuasion. HarperCollins. https://books.google.com/books?id=mJidPwAACAAJ.
Cialdini, R. B. (2005). Basic Social Influence is underestimated. Psychological Inquiry, 16(4), 158–161. http://www.jstor.org/stable/20447283.
Cialdini, R. B., & Goldstein, N. J. (2004). Social Influence: Compliance and conformity. Annual Review of Psychology, 55(1), 591–621. https://doi.org/10.1146/annurev.psych.55.090902.142015.
Cialdini, R. B., Kallgren, C. A., & Reno, R. R. (1990). A Focus Theory of Normative Conduct: Recycling the Concept of norms to reduce Littering in Public places. Journal of Personality and Social Psychology, 58(6), 1015–1026. https://doi.org/10.1037/0022-3514.58.6.1015.
Cialdini, R. B., Kallgren, C. A., & Reno, R. R. (1991). A Focus Theory of Normative Conduct: A Theoretical Refinement and Reevaluation of the Role of Norms in Human Behavior. In Advances in Experimental Social Psychology (Vol. 24, pp. 201–234). Academic Press. https://doi.org/10.1016/S0065-2601(08)60330-5.
Coetzee, P., & Du Plessis, A. (2021). Face-to-face soft skills for entry-level internal auditors: A practice perspective. Industry and Higher Education, 35(2), 125–136.
Cuellar, M. J. (2009). An examination of the Deaf Effect response to Bad News reporting in Information Systems projects. Georgia State University. https://scholarworks.gsu.edu/cgi/viewcontent.cgi?article=1031&context=cis_diss.
Cuellar, M. J., Keil, M., & Johnson, R. D. (2006). The Deaf Effect response to Bad News reporting in Information Systems projects. e-Service Journal, 5(1), 75–95. https://doi.org/10.2979/esj.2006.5.1.75.
D’Onza, G., & Sarens, G. (2018). Factors that enhance the quality of the relationships between Internal Auditors and auditees: Evidence from Italian companies. International Journal of Auditing, 22(1), 1–12. https://doi.org/10.1111/ijau.12100.
Dal Mas, L. O., & Barac, K. (2018). The influence of the Chief Audit Executive’s Leadership style on factors related to Internal Audit Effectiveness. Managerial Auditing Journal, 33(8/9), 807–835.
Davies, M. (2009). Effective Working relationships between Audit committees and Internal Audit—the cornerstone of corporate governance in local authorities, a Welsh Perspective. Journal of Management and Governance, 13(1/2), 41–73. https://doi.org/10.1007/s10997-008-9070-9.
Deutsch, M., & Gerard, H. B. (1955). A study of normative and informational Social Influence upon Individual Judgment. The Journal of Abnormal and Social Psychology, 51(3), 629–636. https://doi.org/10.1037/h0046408.
Dittenhofer, M. (2001). Internal auditing effectiveness: An expansion of Present methods. Managerial Auditing Journal, 16(8), 443–450.
Dobbins, G. H., Lane, I. M., & Steiner, D. D. (1988). A note on the role of Laboratory methodologies in Applied behavioural research: Don’t throw out the baby with the bath water. Journal of Organizational Behavior, 9(3), 281–286. http://www.jstor.org/stable/2488080.
Erasmus, L., & Coetzee, P. (2018). Drivers of stakeholders’ view of internal audit effectiveness: Management versus audit committee. Managerial Auditing Journal, 33(1), 90–114. https://doi.org/10.1108/MAJ-05-2017-1558.
Eulerich, M., Kremin, J., & Wood, D. A. (2019). Factors that influence the Perceived Use of the internal audit function’s work by Eexecutive Management and Audit Committee. Advances in Accounting, 45, 1–7.
Fornell, C., & Larcker, D. F. (1981). Evaluating Structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(2), 39–50. https://doi.org/10.2307/3151312.
FRC (2024). UK Corporate Governance Code Financial Reporting Council. P 17. https://media.frc.org.uk/documents/UK_Corporate_Governance_Code_2024_kRCm5ss.pdf.
Gajewski, J. F., Heimann, M., Léger, P. M., & Teye, P. (2022). Nudging to Improve Financial Auditors’ Behavior: Preliminary Results of an Experimental Study. Lecture Notes in Information Systems and Organization, in: Fred D. Davis & René Riedl & Jan vom Brocke & Pierre-Majorique Léger & Adriane B. Randolph & Thomas (Ed.). In (pp. 191–197). Springer. https://doi.org/10.1007/978-3-030-60073-0.
Gefen, D., Straub, D. W., & Boudreau, M. C. (2000). Structural equation modeling and regression: Guidelines for Research Practice. Communications of the Association for Information Systems, 4(7), 1–70.
Gefen, D., Rigdon, E., & Straub, D. (2011). An update and extension to SEM guidelines for administrative and Social Science Research. MIS Quarterly, 35(2), 3–14. https://doi.org/10.2307/23044042.
Goldstein, N. J., Cialdini, R. B., & Griskevicius, V. (2008). A room with a viewpoint: Using social norms to Motivate Environmental Conservation in hotels. Journal of Consumer Research, 35(3), 472–482. https://doi.org/10.1086/586910.
Goodwin, J. (2003). The relationship between the Audit Committee and the internal audit function: Evidence from Australia and New Zealand. International Journal of Auditing, 7(3), 263–278. https://doi.org/10.1046/j.1099-1123.2003.00074.x.
Gramling, A., Maletta, M. J., Schneider, A., & Church, B. K. (2004). The role of the internal audit function in corporate governance: A synthesis of the Extant Internal auditing literature and directions for Future Research. Journal of Accounting Literature, 23(1), 194–244.
Griskevicius, V., Goldstein, N. J., Mortensen, C. R., Cialdini, R. B., & Kenrick, D. T. (2006). Going along versus going alone: When fundamental motives facilitate Strategic (non) conformity. Journal of Personality and Social Psychology, 91(2), 281–294. https://doi.org/10.1037/0022-3514.91.2.281.
Griskevicius, V., Cialdini, R. B., & Goldstein, N. J. (2008). Social norms: An underestimated and Underemployed Lever for managing Climate Change. International Journal for Sustainability Communication, 3(1), 5–13.
Hair, J. F., Black, W. C., Babin, B. J., & Anderson, R. E. (2010). Multivariate Data Analysis: A Global Perspective (7th ed.). Pearson.
https://www.theiia.org/globalassets/site/standards/globalinternalauditstandards_2024january9_printable.pdf.
IIA. (2024). Global Internal Audit standards. The Institute of Internal Auditors.
IIA (2018). Internal Auditing’s Role in Corporate Governance. IIA Position Paper. The Institute of Internal Auditors. https://www.theiia.org/globalassets/documents/resources/internal-auditings-role-in-corporate-governance-may-2018/internal-auditings-role-in-corporate-governance.pdf.
IODSA (2016). King IV Report on Corporate Governance. Institute of Directors South Africa. https://www.iodsa.co.za/page/king-iv.
Jacobson, R. P., Mortensen, C. R., & Cialdini, R. B. (2011). Bodies obliged and unbound. Differentiated response tendencies for Injunctive and descriptive social norms. Journal of Personality and Social Psychology, 100(3), 433–448. https://doi.org/10.1037/a0021470.
Keil, M., & Robey, D. (1999). Turning around troubled Software projects: An exploratory study of the Deescalation of Commitment to failing courses of action. Journal of Management Information Systems, 15(4), 63–87. http://www.jstor.org/stable/40398405.
Keil, M., & Robey, D. (2001). Blowing the whistle on troubled Software projects. Communications of the ACM, 44(4), 87–93.
Keil, M., Bernard, C. Y. T., Wei, K. K., Saarinen, T., Tuunainen, V., & Wassenaar, A. (2000). A cross-cultural study on escalation of Commitment Behavior in Software projects. MIS Quarterly, 24(2), 299–325. https://doi.org/10.2307/3250940.
Kotb, A., Elbardan, H., & Halabi, H. (2020). Mapping of Internal Audit Research: A Post-enron Structured Literature Review. Accounting Auditing & Accountability Journal. https://doi.org/10.1108/AAAJ-07-2018-3581.
Kredentser, M. S., Fabrigar, L. R., Smith, S. M., & Fulton, K. (2012). Following what people think we should do versus what people actually do: Elaboration as a moderator of the impact of descriptive and injuncitive norms. Social Psychological and Personality Science, 3(3), 341–347. https://doi.org/10.1177/1948550611420481.
Lapinski, M. K., Rimal, R. N., DeVries, R., & Lee, E. L. (2007). The Role of Group Orientation and Descriptive Norms on Water Conservation attitudes and behaviors. Health Communication, 22(2), 133–142. https://doi.org/10.1080/10410230701454049.
Lapinski, M. K., Maloney, E. K., Braz, M. E., & Shulman, H. C. (2013). Testing the effects of Social Norms and Behavioral Privacy on hand washing: A field experiment. Human Communication Research, 39(1), 21–46.
Lee, J. S., Cuellar, M., Keil, M., & Johnson, R. (2014). The role of a Bad News reporter in Information Technology Project Escalation: A Deaf Effect Perspective. DATA BASE for Advances in Information Systems, 45(3), 8–29.
Lenz, R. (2013). Insights into the effectiveness of Internal Audit: A Multi-method and Multi-perspective Study. Louvain School of Management Research Institute].
Lenz, R., & Hahn, U. (2015). A synthesis of the Empirical Internal Audit Effectiveness Literature and new Research opportunities. Managerial Auditing Journal, 30(1), 5–33. https://doi.org/10.1108/MAJ-08-2014-1072.
Maloney, E. K., Lapinski, M. K., & Neuberger, L. (2013). Predicting Land Use Voting Behaviour: Expanding our Undertstanding of the influence of attitudes and social norms. Journal of Applied Social Psychology, 43(12), 2377–2390.
Mas, A., & Moretti, E. (2009). Peers at work. The American Economic Review, 99(1), 112–145. https://doi.org/10.1257/aer.99.1.112.
MCCG (2022). Dutch Corporate Governance Code Monitoring Committee Corporate Governance. p. 56. https://www.mccg.nl/publicaties/codes/2022/12/20/dutch-corporate-governance-code-2022.
Messier, W. F. Jr., Reynolds, J. K., Simon, C. A., & Wood, D. A. (2011). The Effect of using the Internal Audit Function as a management training ground on the External Auditor’s Reliance decision. The Accounting Review, 86(6), 2131–2154. https://doi.org/10.2308/accr-10136.
Mihret, D. G., James, K. E., & Mula, J. (2010). Antecedents and Organisational Performance implications of Internal Audit Effectiveness. Pacific Accounting Review, 22(3), 224–252.
Mollen, S., Rimal, R. N., Ruiter, R. A. C., & Kok, G. (2013). Healthy and unhealthy social norms and Food Selection. Findings from a field-experiment. Appetite, 65, 83–89.
Nolan, J. M., Schultz, P. W., Cialdini, R. B., Goldstein, N. J., & Griskevicius, V. (2008). Normative Social Influence is underdetected. Personality and Social Psychology Bulletin, 34(7), 913–923. https://doi.org/10.1177/0146167208316691.
Nolder, C. J., Ratzinger-Sakel, N. V. S., & Theis, J. C. (2022). Nudging auditors’ unconscious to improve performance on an Accounting Estimate Task. International Journal of Auditing, 26(2), 78–93. https://doi.org/10.1111/ijau.12252.
Nuijten, A. (2012). Deaf Effect for Risk Warnings: A Causal Examination applied to Information Systems Projects (Publication Number EPS-2012-263-S&E) [Ph.D. thesis, Erasmus Research Institute of Management]. Rotterdam. http://hdl.handle.net/1765/34928.
Nuijten, A., Keil, M., & Commandeur, H. (2016). Collaborative Partner or Opponent: How the Messenger influences the Deaf Effect in IT projects. European Journal of Information Systems, 25(6), 534–552. https://doi.org/10.1057/ejis.2016.6.
Nuijten, A., Keil, M., Sarens, G., & Twist, M. J. W. (2019). Partners or opponents: Auditor-Manager Relationship Dynamics following the Deaf Effect in Information System projects. Managerial Auditing Journal, 34(9), 1073–1100. https://doi.org/10.1108/MAJ-02-2018-1811.
Paape, L. (2007). Corporate Governance - The impact on the Role, Position, and Scope of Services of the Internal Audit Function. (Publication Number EPS-2007-111-S&E) [Ph.D. thesis, Erasmus Research Institute of Management]. Rotterdam. http://hdl.handle.net/1765/1.
Pforsich, H., Kramer, B. K. P., & Just, G. R. (2008). Establishing an internal Audit Department: The case of the Schwan Food Company. Global Perspectives on Accounting Education, 5(1), 1–16.
Plant, K., & Slippers, J. (2015). Improving the business communication skills of postgraduate internal audit students: A South African teaching innovation. Innovations in Education and Teaching International, 52(3), 310–321. https://doi.org/10.1080/14703297.2013.852480.
Sarens, G., & De Beelde, I. (2006). The relationship between Internal Audit and Senior Management: A qualitative analysis of expectations and perceptions. International Journal of Auditing, 10(3), 219–241. https://doi.org/10.1111/j.1099-1123.2006.00351.x.
Sarens, G., De Beelde, I., & Everaert, P. (2009). Internal audit: A Comfort Provider to the Audit Committee. The British Accounting Review, 41(2), 90–106. https://doi.org/10.1016/j.bar.2009.02.002.
Schultz, P. (1999). Changing Behaviour with normative feedback interventions: A field experiment on Curbside Recycling. Basic and Applied Social Psychology, 21(1), 25–36. https://doi.org/10.1207/s15324834basp2101_3.
Schultz, P. W., Nolan, J. M., Cialdini, R. B., Goldstein, N. J., & Griskevicius, V. (2007). The constructive, destructive, and Reconstructive Power of Social Norms. Psychological Science, 18(5), 429–434. https://doi.org/10.1111/j.1467-9280.2007.01917.x.
Schultz, W. P., Khazian, A. M., & Zaleski, A. C. (2008). Using normative Social Influence to Promote Conservation among Hotel guests. Social Influence, 3(1), 4–23. https://doi.org/10.1080/15534510701755614.
Sherif, M. (1936). The Psychology of Social Norms Harper & Brothers. https://www.worldcat.org/title/psychology-of-social-norms/oclc/231258.
Sitkin, S. B., & Weingart, L. R. (1995). Determinants of Risky decision-making behavior: A test of the Mediating role of risk perceptions and propensity. Academy of Management Journal, 38(6), 1573–1592. https://doi.org/10.2307/256844.
Soh, D. S. B., & Martinov-Bennie, N. (2011). The internal audit function, perceptions of internal audit roles, effectiveness and evaluation. Managerial Auditing Journal, 26(7), 605–622. https://doi.org/10.1108/02686901111151332.
Tayler, W. B., & Bloomfield, R. J. (2011). Norms, conformity, and controls. Journal of Accounting Research, 49(3), 753–790. https://doi.org/10.1111/j.1475-679X.2011.00398.x.
Thaler, R. H., & Sunstein, C. R. (2009). Nudge: Improving decisions about Health, Wealth, and happiness. Penguin Books.
Van Peursem, K. A. (2005). Conversations with internal auditors, the power of ambiguity. Managerial Auditing Journal, 20(5), 489–512. https://doi.org/10.1108/02686900510598849.
Wenzel, M. (2005a). Motivation or rationalisation? Causal relations between Ethics, norms and tax compliance. Journal of Economic Psychology, 26(4), 491–508. https://doi.org/10.1016/j.joep.2004.03.003.
Wenzel, M. (2005b). Misperceptions of social norms about tax compliance: From theory to intervention. Journal of Economic Psychology, 26(6), 862–883. https://doi.org/10.1016/j.joep.2005.02.002.
Acknowledgements
We thank dr. Ingrid Rohde for her support in the statistical analysis of our results.
Funding
No funding was received for conducting this study.
Author information
Authors and Affiliations
Contributions
Arno Nuijten and Violeta Verbraak-Kolevska contributed to the study conception and design. Material preparation, data collection and analysis were performed by Arno Nuijten, Violeta Verbraak-Kolevska and Mark Keil. The first draft of the manuscript was written by Arno Nuijten, Violeta Verbraak-Kolevska and Mark Keil and all authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Competing interests
The authors have no competing interests to declare that are relevant to the content of this article.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix 1: scenario and measures
Base scenario used in experiments 1 and 2 for all treatments
Imagine that you are the Senior Vice President of the Pensions Operations department within a large insurance company. You inherited a prestigious IS-project called PENSION-VIEW. As Project Owner, YOU became responsible for the successful implementation of PENSION-VIEW and for realizing the benefits for your organization with this in-house developed system.
With this IS-project you could be the first insurance company in the market that grants all citizens (customers and potential customers) access to the complete set of their personal pension information. If your insurance company is the first in the market to provide this service at a reliable level, the expected gain to your company would be 60 million euros, as documented in a detailed business case for the project.
Your main competitors have all decided to wait for the supplier of a standard software-package to provide a module to the insurance-market that integrates and presents their pension data. If your implementation is too late or does not prove reliable during the first month of operations, you will miss your competitive advantage and your organization will gain nothing.
The main challenge and risk of the PENSION-VIEW project are the large number of interfaces to retrieve reliable information from other information systems that contain pension data.
Your PENSION-VIEW project is close to implementation and under time-pressure to continue implementation as planned.
According to standard procedures, Mr. Johnson from the Internal Audit department has recently reviewed the testing-procedures of your project.
Mr. Johnson reports that he has found serious weaknesses in the design and execution of the testing activities on the data exchange with other information systems that may lead to reliability problems in the first month of operations with severe consequences for the company. As a consequence, he reports that the project should be redirected (thus, not continue as planned).
Treatment condition 1 (with descriptive norm manipulation; with partner manipulation)
Mr. Johnson (the Internal Auditor) has a long history of working COLLABORATIVELY with IS project teams with the goal of helping to identify and manage project risks, thus enabling project owners to be successful. He is seen by the project management as adding value to the process. Thus, Mr. Johnson is treated as a TRUSTED PARTNER to management.
Mr. Johnson informed you that MOST of your PEER COLLEAGUES Project Owners within THIS company REDIRECT the project under these circumstances. Subsequently, Mr. Johnson advised you to JOIN YOUR FELLOW PEERS and REDIRECT the project LIKE YOUR PEERS DO.
Treatment condition 2 (without descriptive norm manipulation; with opponent manipulation)
Mr. Johnson (the Internal Auditor) has a long history of working AGAINST IS project teams with the goal of exposing project failings, thus embarrassing project owners. He is seen as a policeman who does not add any value to the development process. Thus, Mr. Johnson is treated as an OPPONENT WHO IS NOT TO BE TRUSTED.
Mr. Johnson advised you to REDIRECT the project.
Treatment condition 3 (with descriptive norm manipulation; with opponent manipulation)
Mr. Johnson (the Internal Auditor) has a long history of working AGAINST IS project teams with the goal of exposing project failings, thus embarrassing project owners. He is seen as a policeman who does not add any value to the development process. Thus, Mr. Johnson is treated as an OPPONENT WHO IS NOT TO BE TRUSTED.
Mr. Johnson informed you that MOST of your PEER COLLEAGUES Project Owners within THIS company REDIRECT the project under these circumstances. Subsequently, Mr. Johnson advised you to JOIN YOUR FELLOW PEERS and REDIRECT the project LIKE YOUR PEERS DO.
Treatment condition 4 (without descriptive norm manipulation; with partner manipulation)
Mr. Johnson (the Internal Auditor) has a long history of working COLLABORATIVELY with IS project teams with the goal of helping to identify and manage project risks, thus enabling project owners to be successful. He is seen by the project management as adding value to the process. Thus, Mr. Johnson is treated as a TRUSTED PARTNER to management.
Mr. Johnson advised you to REDIRECT the project.
As you left the meeting with Mr. Johnson, you saw two courses of action. You could decide to REDIRECT the project (thus, not continue as planned). Or, you could decide to CONTINUE as planned (thus, move the system into production as planned).
You must decide which of the two courses of action to take.
Measures
Continue (dependent variable)
Variable | Item Wording |
|---|---|
Continue | (1 = Strongly Disagree; 7 = Strongly Agree) I will certainly continue the PENSION-VIEW project as planned (i.e., without redirection) |
Appendix 2: insights from interviews with CAEs
CAE | Descriptives (Years working as CAE, Age, Gender, Active in IIA-chapter) | Does CAE use descriptive norms? | CAE’s opinions whether managers in a business context could effectively be nudged with a descriptive norm coming from the internal auditor, and the factors that determine effectiveness | CAE’s opinion whether nudging is allowed from ethical and professional perspectives, and what prerequisites apply |
|---|---|---|---|---|
#1 | CAE during 25 years (banks and payment services), Age 60–65, Male, Board member and chair at IIA-Netherlands, IIA-Belgium, IIA-global, ECIIA | Yes. Often. | Yes. Effectiveness may depend on 1. concrete actions and positive message (a)2. internal auditor must be seen as a partner (b)3. organizational culture (cooperative, safe, country) (c)4. the manager’s risk-attitude and experience/maturity (d) | Allowed. Prerequisites: 1. message should be true (i)2. it should not be manipulative (ii) |
#2 | CAE during 15 years (energy services), Age 45–50, Female, Board member and chair at IIA-Netherlands | Yes. | Yes. Effectiveness may depend on 1. positive framing (a)2. align with organizational KPIs (e)3. culture (country, safe, no rivalry) (c)4. core values (open, support each other) (c)5. how the internal auditor is seen (b) | Allowed. Prerequisites: 1. it should not harm credibility of internal auditors in the long run (iii)2. the nudge should not contain any lies (i) |
#3 | CAE during 20 years (banks and hospitals), Age 50–55, Male, Program Director of IA Excellence Program | No. Because we do not have ‘successful peers’ yet. | Yes. Effectiveness may depend on 1. how easily people in the organization are willing to change (f)2. aligned with incentives (e)3. maturity of the organization (g)4. culture (chimneys in the organization, early adopters) (c)5. Internal auditor not seen as policemen but as facilitator of improvement (b) | Allowed. Prerequisites: 1. it can motivate people to take action and follow others that are successful (iv) |
#4 | CAE during 22 years (banks), Age 50–55, Male, Chair of education committee at IIA-Netherlands | Yes. More in the previous organization than in current organization. | Yes. Effectiveness may depend on 1. It works if people see their peers as close and similar to themselves (c)2. It may have an opposite effect if people see others as competitors and different from themselves (c)3. Alignment with incentives and KPIs (e)4. Whether internal auditors are seen as helpers or as policemen (b) | Allowed. Prerequisites: 1. it should use real examples of successful peers (i)2. it should maintain integrity and objectivity (iii)3. it should not become a trick to manipulate others (ii)4. it should fit normal communication, in which auditors are also being nudged by managers (v) |
#5 | CAE during 25 years (banks, insurance, interim CAE at many service providers), Age 55–60, Male, Program Director of IA Excellence Program | Yes. Often. | Yes. Effectiveness may depend on 1. whether managers are open to learn from what other managers do (f)2. in a high-competitive environment it may not work (c)3. if your external competitors would stop, it may be a reason for you to continue and beat them (c)4. young ambitious employees may be highly competitive and be less open to information about what other managers do (d)5. it works better in a more cooperative environment with shared goals and values (c)6. descriptive norm works best when it is NOT a simple compliance situation (comply with or violate the law), but more in the grey and ambiguous area with pros and cons (h)7. Nudging with descriptive norms works best for managers who see the internal auditor as partner and not as a policeman (b) | Allowed. Prerequisites: 1. It should use real examples of what others did (i)2. it should be helpful to managers (vi) and not become a trick (ii)3. auditors are also being nudged by managers, so it is just part of communication (v) |
#6 | CAE during 15 years (banks, transportation services), Age 50–55, Male, Board IIA-Netherlands and Program Director of IA Excellence Program | Yes. | Yes. Effectiveness may depend on 1. that it adds value to managers to know what others do (e)2. Actions that managers need to take should be clear and simple (a)3. Use simple language (a)4. Organizational culture (like a beloved family, no fear) (c)5. Internal Auditor should be seen as partner not as policeman (b)6. Managers do not want to perform worse than their peer managers (c)7. Young and ambitious managers may not listen at all (d) | Allowed. Prerequisites: 1. the nudge should contain true information about what others do (1) |
#7 | CAE during 15 years (banks, municipalities), Age 50–55, Male, Board member at IIA-Netherlands | Yes. But not often. | No. Effectiveness may depend on: 1. IS projects often (90%) fail, so you need to accept that instead of nudging (i)2. Nudging requires that there is a norm. But the Board of Directors often fails to set such a norm (j)3. Financial incentives (e) and organizational culture (c)4. Internal auditors should not present solutions nor push/nudge managers towards any solution (k)5. As policeman you can use mandatory norms and as a partner you can use professional practice norms (b) | Allowed. But: 1. It does not solve the issue that managers and not auditors are responsible for finding solutions (vii)2. It can blur the communication between internal auditors and managers, regarding who is responsible for what (viii)3. In the nudging itself he sees no ethical issues and it is useful to train and recognize nudging on behalf of the manager (v) and the auditor (ix) |
#8 | CAE during 10 years (banks, pension services), Age 45, Male, Board member IT-Audit at IIA-Netherlands | No. Not really. | Yes. Effectiveness may depend on: 1. Managers who work in organization for long see peers as belonging to the same group (d) This may not apply to students (d)2. Informal culture of how we do things here (c)3. Positive culture of helping each other (c)4. Not a competitive culture (c)5. Nudge should align with incentives (e)6. Tone at the top (e)7. Group coherence and behavior (c)8. Internal auditor seen as partner not as policeman (b) | Allowed. Prerequisites: 1. it should not violate integrity, so should be true (i)2. it should add value (vi) so not a trick (ii) |
#9 | CAE during 20 years (banks, insurance services), Age 55, Male, Quality reviews at IIA-Netherlands and IIA-Australia | Yes. Often. | Yes. Effectiveness may depend on: 1. Personal experiences that managers have, like students (d)2. Culture, including peer pressure and values (c)3. Reward system, KPIs (e)4. Internal auditor as trusted advisor (b)5. Positive – values instead of norms (a)6. Works best for senior managers with experience (d)7. The auditor must not be very junior and needs organizational power (b)8. Group cohesion and groupthink (c)9. Give choice (a) | Allowed. But: 1. You need to solve the root causes and not manage/nudge the symptoms (vii) |
#10 | CAE during 20 years (banks, hospitals), Age 50–55, Male, QA at IIA-Netherlands | Yes. | Yes. Effectiveness may depend on: 1. Maturity of the organization, including good examples from peers (g)2. Culture (no fear, cooperative, common goals, helping each other to improve) (c) | Allowed. Prerequisite: 1. The auditor is aware and receives training (ix) |
Overview of factors derived from our interviews | (a) ‘message characteristics’ mentioned by #1, #2, #6, #9 = 4 out of 10 (b) ‘auditor-manager relationship’ mentioned by #1 to #9 = 9 out of 10 (c) ‘non-competitive culture’ mentioned by #1 to #10 = 10 out of 10 (d) ‘manager characteristics’ mentioned by #1, #5, #6, #8, #9 = 5 out of 10 (e) ‘incentives’ mentioned by #2, #3, #4, #6, #7, #8, #9 = 7 out of 10 (f) ‘organization willingness to change’ mentioned by #3 and #5 = 2 out of 10 (g) ‘organization maturity’ mentioned by #3 and #10 = 2 out of 10 (h) ‘decision characteristics’ mentioned by #5 = 1 out of 10 (i) ‘root-cause’ mentioned by #7 = 1 out of 10 (j) ‘no norm available’ mentioned by #7 = 1 out of 10 (k) ‘no solution’ mentioned by #7 = 1 out of 10 | (i) ‘true’ mentioned by #1, #2, #4, #5, #8 = 5 out of 10 (ii) ‘no trick’ mentioned by #1, #4, #5, #8 = 4 out of 10 (iii) ‘long run’ mentioned by #2, #4 = 2 out of 10 (iv) ‘motivate’ mentioned by #3 = 1 out of 10 (v) ‘managers nudge’ by #4, #5, #7 = 3 out of 10 (vi) ‘helpful’ mentioned by #5, #8 = 2 out of 10 (vii) ‘solution’ mentioned by #7, #9 = 2 out of 10 (viii) ‘responsibility’ mentioned by #7 = 1 out of 10 (ix) ‘training’ mentioned by #7, #10 = 2 out of 10 |
Auditor-manager Relationship (AMR) (independent variable–manipulated)
Variable | |
|---|---|
AMR | (1 = Partner; 0 = Opponent) |
Descriptive Norm (independent variable–manipulated)
Variable | |
|---|---|
MDN | (1 = Message including a descriptive norm; 0 = Message without a descriptive norm) |
AMRmc(used as a manipulation check)
Variable | (Anchors) Item Wording |
|---|---|
AMRmc1 | (1 = Strongly Disagree; 7 = Strongly Agree) I consider Mr. Smith to be a trusted partner to my PENSION-VIEW project |
AMRmc2 | (1 = Strongly Disagree; 7 = Strongly Agree) I consider Mr. Smith to be a collaborative partner to my PENSION-VIEW project |
AMRmc3 | (1 = Non-Trusted Opponent; 7 = Trusted Partner) I consider Mr. Smith to be a __________ to my PENSION-VIEW project |
MDNmc(used as a manipulation check)
Variable | |
|---|---|
MDNmc | Without looking back, please mark the box of the correct statement about the scenario: ο Mr. Johnson referred to what your peer project owners would likely decide on this project ο Mr. Johnson did NOT refer to what others would likely decide on this project |
Perceived Social Norm (PSN)
Variable | (Anchors) Item Wording |
|---|---|
PSN1 | (1 = Strongly Disagree; 7 = Strongly Agree) Within THIS company most of my PEER COLLEAGUES Project Owners REDIRECT the project under these circumstances |
PSN2 | (1 = Strongly Disagree; 7 = Strongly Agree) To CONTINUE the project under these circumstances would NOT be consistent with the decisions of most of my PEER COLLEAGUES Project Owners in THIS company |
PSN3 | (1 = Strongly Disagree; 7 = Strongly Agree) REDIRECTING the project under these circumstances is the decision of most of my PEER COLLEAGUES Project Owners in THIS company |
PSN4 | (1 = Strongly Disagree; 7 = Strongly Agree) REDIRECTING the project under these circumstances is the most popular choice of most of my PEER COLLEAGUES Project Owners in THIS company |
Risk Propensity (used as a control variable)
Variable | Item Wording (Anchors: 1 = Extremely LESS likely than others; 7 = Extremely MORE likely than others) |
|---|---|
RiskProp1 | Your tendency to choose risky alternatives based on the assessment of other people on whom you must rely |
RiskProp2 | Your tendency to choose risky alternatives relying on an assessment that is high in technical complexity |
RiskProp3 | Your tendency to choose risky alternatives which could have major impact on the strategic direction of your organization |
RiskProp4 | Your tendency to choose risky alternatives despite considerable failures in risky choices you made in the past |
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Nuijten, A.L.P., Verbraak-Kolevska, V. & Keil, M. Can nudging with descriptive norms help internal auditors stop runaway information systems projects?. J Manag Gov (2024). https://doi.org/10.1007/s10997-024-09705-z
Accepted:
Published:
DOI: https://doi.org/10.1007/s10997-024-09705-z