Risk Communication from an Audit Team to Its Client

The article discusses the paradoxical foundation of a risk decision and the challenges the paradox puts on the management of risk communication. The exploration is done from a social systems theory perspective; a theory that provides a comprehensive theoretical framework for social systems and their communication processes and addresses the complexity, risk and conflicts of interests (Section ‘Systemic Audit: Widening the Perspective of Traditional Audit Approaches’). From this theoretical setting, the conclusion is derived that a statement about an organization’s risk cannot be proven as a ‘true’ statement and that a receiver of an audit report (the client) will always have good reasons to question an audit team’s risk communication (Section ‘The Paradoxical Foundation of a Risk Decision and Associated Challenges for Risk Communication Illustrated by the Example of an Audit Finding’). The article gives some hints on how an audit team can deal with clients’ needs by incorporating their requirements in its audit process, using concepts and tools from family therapy, brief therapy and systemic counselling (Section ‘Unpicking the Paradox of Risk Communication’).

of Internal Auditing, Standard 2012). Though the audit is initiated by a client and, in the beginning, the audit team is not in a position to know all the details of its engagement (e.g. 1000 Purpose Authority and Responsibility, Standard 2012), it is nevertheless held responsible for planning and performing the audit (2000 Managing the Internal Audit Activity et seqq., Standard 2012). At the end of the audit, auditors are supposed to negotiate management actions that remedy the organization's deficiencies and make organization safe again (2400 Communicating Results et seqq., Standard 2012).
To handle these challenges, a social systems theory perspective (Luhmann 1984) and related tools and methods of different systemic approaches proved highly efficient (e.g. for family therapy, see Selvini Palazzoli et al. 1977, for brief therapy, see de Shazer 1989;Weakland et al. 1974, for systemic counselling, see Königswieser and Exner 1998). They resulted in the development of systemic audit theory and a systemic audit approach (Haferkorn 2010;cf. Fig. 1, right column).
Social systems theory does not operate with concepts such as 'objectivity' and 'truth', but postulates that every truth depends on an observer and therefore must remain hypothetical (von Foerster and Pörksen 2013;von Glaserfeld 1995von Glaserfeld , 1996. In this theoretical setting, reality is a cognitive construction derived from an organism's experience (Glaserfeld 1995) and therefore limited to the abilities and experiences of the organism (Maturana and Varela 1987;Luhmann 1990  The doubts and concerns regarding a "total objectivity" or a "complete capture of risk", expressed by social systems theory, are in no way intended to ignore the justified expectations of society on the communication of risk. Quite the contrary, we need a theory which allows for ambiguity and blind spots to develop appropriate tools and measures for risk experts to discover the limits and options of their risk communication and to deal with the expectations of society observation of the organism draws a distinction, which specifies a unity distinct from a background (Spencer-Brown 1969;Maturana and Varela 1987). Taking a concept from biology, systems theory calls the unseen background 'blind spot' (Maturana and Varela 1987;Luhmann 1990). Every observation has therefore a limited focus and cannot claim to be all-embracing (cf. Fig. 1, second row). As participants of a social system thus have different perceptions, they cannot take for granted that each party understands the other's viewpoint-misunderstandings between involved parties are therefore likely (Luhmann 1986). For this reason, a systemic audit approach explores the context and conditions of risk communication to the stakeholders of an audit (Haferkorn 2010) and strives for connectivity (cf. Fig. 1, third row).
In this framework, an audit is operatively closed (Haferkorn 2010;Luhmann 1990), i.e. for example audit team depends on the auditees. Consequently, an audit team is not able to steer the audit towards a given objective, but rather focuses on what is possible and feasible in the existing audit context (e.g. available resources in experts, equipment and time) (Haferkorn 2010;Fig. 1, fourth row).
In this theoretical setting, it proved helpful to observe communication processes which can explain the functioning of social systems (Luhmann 2000 in relation to organizations, Haferkorn 2010 in relation to audits). Moreover, organizations are only able to survive when their communication continues to involve and balance the conflicting interests of important demands on the organization (Simon 2007, cf. Fig. 1, first and fifth row). Based on these assumptions, the following section discusses the interpretation of Luhmann's notion of 'risk decision' (cf. last row of Fig. 1) and explores its practical application in audits.
The Paradoxical Foundation of a Risk Decision and Associated Challenges for Risk Communication Illustrated by the Example of an Audit Finding Power's (2007) research on risk management draws on Luhmann's notion of risk (Luhmann 1991), which implies that future damage is not caused by natural disaster or other external, unswayable events but by a decision. 2 'Uncertainty is therefore transformed into risk when it becomes an object of management' (Power 2007, 6). 3 By incorporating more of Luhmann's theoretical program, we can gain an improved 2 Luhmann presumes the concept of a 'second-order observer'; the decision-maker bases his decision on his observations and is the 'first-order observer' (Luhmann 1991, 235-247). 3 The following considerations are based on the notion of risk, since an organization that realizes to be threatened by danger (or in Power's word 'uncertainty') should think about the possibilities of protection and thus about a risk decision (Luhmann 1991, 32-40;Haferkorn 2010, 175). understanding of the paradoxical foundation of a risk decision and the associated challenges of risk communication.
According to Luhmann, a risk decision, i.e. a decision that assumes a relationship between a decision and a probable future 4 damage, has a paradoxical foundation (cf. Luhmann 1991, 9-40 and. This is demonstrated using the following example of an audit team that informs its client about a risk to the organization, which in turn leads to discussions about the audit finding. The audit team informs the client that if a certain decision is taken, e.g. a certain control is not introduced in a workflow of the company, damage will occur within the next 5 months. Figure 2 exposes the four possibilities for future developments: 1. The organization introduces the control mechanism but the damage occurs nevertheless. The forecast-or in Luhmann's words 'the assumption of a relationship between risk decision and future damage'-was wrong. 2. The organization introduces the control mechanism and the damage does not occur. Consequently, the audit team cannot prove that the assumption of a relationship between the lack of a certain control and future damage was correct, as the forecasted damage did not occur. 3. The organization does not establish the control mechanism and the damage occurs. The risk communication was not successful: if the decision-makers had trusted in the audit team's expertise, they would have followed its suggestion.  Remark: The notion postulates a forecast horizon. Some risk communication ignores such a forecast horizon (e.g. some audit findings) and just states that certain damage might occur. I think that the inclusion of a time horizon is essential for the notion of risk (and the core of its difficulties), since otherwise a risk statement will always be true and therefore redundant. This is the parallel case of Keynes' statement: 'The long run is a misleading guide to current affairs. In the long run we are all dead. Economists set themselves too easy, too useless a task if in tempestuous seasons they can only tell us that when the storm is long past the ocean is flat again.' (Keynes 1923, 80). 4. The organization does not introduce the control mechanism and the damage does not occur. As in the first and second case, the assumption proved wrong.
In summary, Luhmann states that a risk decision is founded on a basic paradox. Either the assumption (relationship between a decision and a future damage) underlying a risk decision holds and the damage occurs-in this case, the risk decision has been in vain (case 3 in Fig. 2), or the assumption does not holdwhich means that the decision was based on a wrong assumption (case 1, 2 and 4 in Fig. 2). Since either the final risk decision or the assumption of the relationship is wrong, risk communication is based on a fundamental paradox (Luhmann 1991(Luhmann , 2002, last row in Fig. 1). 5

Unpicking the Paradox of Risk Communication
For a comprehensible communication of risk, experts often focus on a professional explanation of underlying facts and on the interpretation of corresponding research results for laypersons (e.g. Gigerenzer et al. 2010;Hollands and Lipkus 1999). Though facts play an important role, we have to bear in mind that communication is more than transmitting facts (Luhmann 1986;Roussy 2012 in relation to internal audits, Simon and Weber 2004, 91-97 in relation to systemic therapy).
Moreover, unlike damage, which can be experienced, Luhmann's notion of risk is not a hard and fast fact, since risk is not an observable or demonstrable phenomenon. Risk is rather a social construct and must therefore be dealt with in communication processes. The remaining question of section two is therefore how an audit team can increase the connectivity of its audit findings.

Luhmann's Dimensions of Meaning
Social systems theory assumes that the negotiations taking place in communication can be examined by distinguishing three meaning dimensions: the 'fact dimension of meaning' (Sachdimension) refers to the facts and the knowledge exchanged, the 'social dimension of meaning' (Sozialdimension) considers the social relationship 5 In his argumentation, Luhmann adds that the transformation of the logical statement into a probability statement by using the notion 'probable' damage does not unpick the paradox. Both concepts, logic as well as probability theory base their assumptions on a foreseeable and calculable future. Instead of one scenario probability theory uses several (in relation to continuous distributions even infinite) scenarios, but nevertheless the statement is still based on an observer (e.g. a person or a model) to predict future damage. In either case, whether a logical or a probability statement is given, the observer cannot foresee the future and has a blind spot (Luhmann 2002, 189). Thus a statement in risk communication (made by an audit team to its client) cannot be proven as a 'true' statement and its recipient will always have good reasons to question it. between communication partners and the 'temporal dimension of meaning' (Zeitdimension) deals with the timeline of communication processes (Luhmann 1984, 112 et seqq.;Simon 2014, 7 seqq. and 78-84 in relation to counselling).
With this differentiation in mind, I now can establish methods for dealing with challenges that arise within the complex risk communication from auditors to clients, notably the paradox described in the previous section. It should be noted that these dimensions of meaning overlap, for instance when the client does not acknowledge the facts underlying an audit finding (fact dimension of meaning), the audit team can try to gain a better understanding of the client's context and concerns (social dimension of meaning, cf. Collins 2010 in relation to communication between experts and laypersons) and invest time to gather further relevant information (temporal dimension of meaning) and adapt the presentation of audit results to the client's needs. Moreover, as the example indicates and as will be shown later, if connectivity poses problems, it can be helpful to change perspective.

Risk Communication Embedded in an Ongoing Process of Expectation Management
Against this background, it seems necessary to manage the expectations of involved parties (cf. Simon 2014; Königswieser and Hillebrand 2004 in relation to counselling). It is important for the audit department (or audit firm) to build a trustful relationship with the client from the beginning and to establish a generally accepted standing in (and outside) the audited organization (including, e.g. the supervisory body, cf. Roussy 2012). This foundation allows auditors and client (using the temporal dimension of meaning) to develop a common understanding and agreement on their mutual roles during the audit (i.e. a consensus on roles according to the social dimension of meaning, cf. Haferkorn 2013, 35-49).
Given this starting point, the audit team should balance interaction with auditees and other stakeholders in the course of the audit process (Haferkorn 2010, 71-89 regarding auditors' independence; regarding counselling cf. Königswieser and Hillebrand 2004, 94;Pfeffer 2001, 130-132). The team can manage the stakeholders' expectation by respecting their opinion when it seems appropriate (e.g. when asking for the self-image of the organization) and if they comply with the Code of Ethics, but it should also be prepared to politely reject their standpoint later in the process, e.g. when judging the facts underlying an audit finding (cf. Section 'Independence and Need for Social Interaction' in relation to independence of the audit team).
Furthermore, audit actions and observations can change a stakeholder's opinions and attitudes (i.e. the fact dimension of meaning affects the social dimension of meaning). For example, decision-making about the next steps in the audit process would be different if an internal auditor detected fraud. In such a case, he or she would have to be extremely careful in checking all the details of the finding, or would probably think about transferring the issue to an external auditor, who was less dependent on the organization.
Thus, connectivity of the audit finding is not a one-off event occurring at the moment when the finding is disclosed. On the contrary, connectivity is only possible when taking the time for an ongoing gain in knowledge about the needs of the parties involved and about the functioning of the organization audited. (Thus auditors consider the time dimension of meaning.) It is on this gain in knowledge that auditors base their decisions for the next audit step. To increase the audit team's flexibility in aiming for consensus on how to proceed and balancing client's and audit's requirements, the audit is thus not completely planned from the beginning to end, but leaves possibilities to react on unforeseeable information. However, ongoing expectation management and a reasonable involvement of the client in the steering of the audit process are keys to obtain client's confidence and trust in the audit team's risk communication (Haferkorn 2013, 5, 11, 12, 25, 210-212;cf. Bauer 2015, 59-64 in relation to controlling).

The Importance of Audit Preparation
Increasing the flexibility of an audit process by avoiding over-strict planning should not be confounded with lack of preparation. It is a common mistake in practice to think that audit preparation only costs time and is negligible. The earlier an audit team talks to the client, the earlier it can start to manage the expectations of client and auditees, the earlier it is able to evaluate the possibilities and limits of its audit process, and the earlier it can consider diverse scenarios on how to proceed when planning. By gaining a good understanding of its position vis-à-vis the client and the auditees already at the beginning of the audit process, the audit team saves time because it can focus on what is possible and feasible early on (cf. Simon and Weber 2004, 11 in relation to counselling). The audit team therefore uses the temporal dimension of meaning even before starting the on-site audit process and so externalizes part of its expectation management of stakeholders before delving deep into the actual audit work and its fact-finding.
If auditors want to explore which role clients wish to assume for themselves and in which role they see the auditors, they first have to investigate the power structure of the audit including the clients' context (e.g. the organization they work for, their relationship to the audited organization, their participation in relevant subsystems and coalitions and further social relationships observed through the social dimension of meaning). In order to avoid misunderstandings and disagreements during and at the end of an audit, a kick-off meeting proves very helpful, where all parties involved should have the possibility to introduce themselves and present their understanding of mutual roles and of what the audit's aim should be.

Conflicting Demands and How to Deal with Them
Meeting conflicting requirements (Section 'Systemic Audit: Widening the Perspective of Traditional Audit Approaches') on an audit often confronts the audit team with further conflicts of interest. Unpicking the paradox of risk communication thus usually leads to more conflicting demands in practice. 6 The following list includes the most common ones for audits and gives some hints on how they can be negotiated by the audit team (Haferkorn 2010, 35-50;Selvini Palazzoli et al. 1977 in relation to family therapy).

Risk Awareness Versus Illusions of Safety
On the one hand, the reason clients hire an auditor is to get an assurance. On the other hand, the audit team might communicate a dysfunction of the organization. In the latter case, clients might have neglected their oversight responsibility (in case they are part of any controlling or supervisory body) or they could lose money (in case they invested resources). The audit team therefore conveys bad news and clients will have to decide on how to handle the information provided by the auditor. That is why even though the clients order an audit, they often may not be willing to hear the audit result. Auditors thus should be aware of client's paradoxical attitude between hiring an auditor to learn about the organization's risks and not being ready to hear about the actual risk involved (cf. Haferkorn 2010, 43, 44;Weakland et al. 1974 in relation to brief therapy).
In the course of the audit process, the audit team should consequently not expect its findings to be met with an open ear (Beattie et al. 2000) and should prepare the client for a potential risk statement and the uncertainty going along with it (cf. Power 2004, 16;Grote 2011 in relation to the hope that the public will accept the uncertainty going along with a risk statement). Auditors use several approaches to balance this conflict between risk awareness and illusions of safety: If, in the preparation of the audit, the audit department or firm realizes that the client does not wish to hear about any deficits of the organization audited, it should refuse to contract or outsource the audit respectively (cf. ISAs 2012; Standard 2012). However, if an audit department or firm agrees to conduct the audit after all, it should think about measures to protect the client's and its own reputation. In a social dimension of meaning, it could, in such a case, employ an audit team of inexperienced staff, which does not have the knowledge necessary for relevant audit findings (cf. Ito et al. 2015, 73 the example Toshiba, where inexperienced auditors did not detect overstated profits of 1.2 billion US Dollar). Apart from the auditor 6 This goes in accordance with the observation that unpicking a paradox by simultaneously keeping the complexity of the topic generally leads to new paradoxes (cf. Luhmann 1993, 203). This is one reason, why social systems theory prefers circular, multicausal and recursive explanation models (Hänsel 2013, 29). providing limited resources, the client could also play on the temporal dimension of meaning and insist on a short audit. In the case of the Barings Bank failure in 1995, supervisors only spent 2 days at the bank's Singapore branch and had no realistic chance to detect that trader Nick Leeson had been hiding losses of 827 million British pound or 1.78 billion US Dollar (oral statement by a participating auditor made to the author).
Another way to create illusions of safety is to convince the audit team to only produce audit findings which are not important and at best can be resolved quickly during the audit. In the fact dimension of meaning, e.g. the audit department or firm can set up formal and empty requirements, which are prepared in a 'style over substance' manner intended to impress the reader. If, for example auditors are to stick to a checklist (cf. Haferkorn 2010, 222, 223 for a comparison on systemic and rule-based audit approaches), and if the checklist avoids questions that require substantive answers (cf. Power 2011 in relation to 'dumb' questions on risk management), there is a good chance that auditors will create no more than illusions of safety.
Moreover, the audit team has the possibility to communicate the audit finding merely orally and only to certain persons. The decision to take action or to leave things unchanged is then left up to that person. (Here again, conflicting demands are dealt with in the social dimension of meaning.) It is, however, important to point out that to cover up or conceal audit findings is not in accordance with the auditors' code of ethics (ISAs 2012; Standard 2012) and bears a substantial reputational risk for the auditor if a damage occurs and is eventually disclosed. Consequently, audit teams tend to at least allude to the issue in the audit report.
Another way to protect clients would be to merely communicate any deficits of the operational system without linking their potential damage to a strategic decision and thus the clients themselves. (The conflicting demands are then dealt with in the fact dimension of meaning by changing explanations for the predicted damage.) Even though this approach allows auditors to avoid discussions with their clients, there are unwanted side effects, too. First, the employees in charge will be frustrated about a finding, because their handling of the operations in question merely met the given strategic targets. This frustration may lead to conflicts with the auditors and tarnish their reputation or it can result in an undesirable personnel turnover, i.e. the employees concerned leaving the organization. Second, if auditors do not name the (overall) root of the potential damage, the deficits could remain or reappear in another form. As a result, neither the client nor the audited organization will be able to learn quickly (enough), which may prevent the organization from adapting to requirements of the environment in due time and cause it to cease to exist (cf. Feynman 1996, 109-231;Rogers et al. 2003, as an example, where warnings relating to the operational system were overheard and, when astronauts died, finally led National Aeronautics and Space Administration to drop its strategy in setting up a space shuttle program).
Although maintaining an adequate level of the client's comfort is fundamental for the communication of an audit team, it should nevertheless be aware about potentially disastrous effects which may arise by going too far when communicating one-sided illusions of safety. As is indicated above, lack of criticism and feedback can destroy trust in communication processes in-and outside the organization (cf. Power 2004, 5-6;Grote 2011). In such cases, audits lead to results that are counterproductive to the objectives they were designed to achieve. This is an irrevocable fact an audit team could point out in its communication with clients, in case they are not willing to accept an audit finding.

Independence and Need for Social Interaction
While the public wants an independent audit finding, it also expects the audit team to know the inside of the organization and therefore implicitly asks for audit actions, which, in turn, lead to interactions. 'Complete and total independence' is already challenged when client concludes the contract with the audit firm and negotiates the cost of the audit assignment. The number of auditors, their expertise and the time they are permitted for the audit are important prerequisites of an audit and can make a big difference on the audit result. Thus, clients and auditors naturally have an immense influence on the audit (Peemöller 2004;Marten et al. 2001, 156-185).
Responding to the stakeholders' demands without any restrictions would tarnish an audit team's reputation because its independence is an important prerequisite of the audit. When declining to meet a stakeholders' requirement, it will be helpful for the team to refer to the context of the audit and the existential importance of its independence. Putting independence into question implies putting the audit into question. This argument will quickly convince stakeholders that maintaining the auditors' independence is in the best interest of both sides (cf. Simon and Weber 2004, 11 et seqq. regarding counselling).

Objectivity and Dependence on Observers
On the one hand, International audit standards require audit findings to be objective (ISA 2012;Standard 2012). On the other hand, these findings depend on the way the audit is conducted including the interaction of auditors and auditees, the observations of the participating auditors and finally, how they are received by the client (Haferkorn 2010, 35-43). We should remember that in social systems theory 'everything which is said is said by an observer' (von Foerster and Pörksen 2013), existence of objectivity can therefore not be presumed.
To meet the public's and the client's requirement of 'objectivity' by maintaining some neutrality, it has proved helpful for auditors to aim for an early hypothesis on the functioning of the organization before making direct contact with the auditees. (If possible, auditors should use two contradicting hypothesis, cf. Section 'Conflicting Demands on the Audited Organization'.) In the fact dimension of meaning, the independence and neutrality of audit teams thus depend on how carefully they conduct the preparation with regard to the audit contents and on the knowledge they have gained based on professional experience with similar organizations.

General and Expert Knowledge
Not only auditors but also clients need an overarching knowledge about the functioning of the organization and, often enough, also expert knowledge, e.g. an understanding of an IT audit finding. Since a wide and deep understanding cannot be presumed, the explanations provided must be didactically prepared. In order to ensure connectivity, audit teams, which are ideally a mixture of generalists and specialists, should try to explain the audit findings in detail and in the organization's context. A deficiency in an IT-system for instance will certainly have a meaning for the operation of the organization, which then can be linked to a strategic target (cf. Haferkorn 2010, 51 et seqq. for an according audit approach). Generalists and specialists in an audit team should thus work together closely when explaining the audit findings (fact dimension of meaning).

Conflicting Demands on an Audit as a Project
Every project management has conflicting demands and so have audits. Generally speaking, the more time and resources spent on an audit, the higher is its quality. But the audit budget and timeframe are of course restricted. If auditors have sufficient transparency in their work, are ready to explain to stakeholders the important decisions on the audit process and involve them where adequate, they will increase the possibility of obtaining additional resources when necessary.

Paradox of Time
As organizations have to adapt to a changing environment, an audit finding is rarely presented at the right time. It is either communicated too early, and the organization is about to start working on the deficiency anyway, or it is too late because the organization has just finished implementing its organizational structure, processes and IT-systems, and fixing the issue would lead to reorganization and cause resources. Auditors can try to avoid this difficulty by entering into important organizational projects at an early stage and constantly expressing their concerns. Of course, this approach has a downside, too, as not only auditors' resources are tied up, but the auditors' independence and neutrality may also be challenged by becoming involved in the set-up of the organization.

Disagreement on the Facts of an Audit Finding
If auditor and client disagree on an issue, it is helpful to better understand the reason for the dissent in the fact dimension of meaning by trying to distinguish and discuss the following three levels of the audit finding (based on Simon 2006, 72-77 'drei Ebenen der Wirklichkeitskonstruktion'): • The observation of a phenomenon, which causes the dysfunction according to the auditor, • The explanation of the dysfunction and • The judgement of the audit finding as 'important' dysfunction or less important dysfunction.
Do audit team and stakeholder agree on the observation of a phenomenon, e.g. the audit team's statement that the organization does not function as it should and that the status quo of the organization is questionable? If not, what are the differences in their observations? The auditors could try to better explain their position, e.g. in explaining the context of the audit finding from different perspectives (IT-auditor, finance auditor, etc.). Widening the view on the phenomenon and commenting on the context may help the stakeholder to better understand the facts and to follow the audit team's further argumentation. The auditor could also try to gain substance by collecting more facts to support their statement (e.g. find historic scenarios causing damage). Additionally, auditors have to think about, for instance in asking further experts to join the audit or in using additional audit techniques.
Do audit team and stakeholder agree on the explanation given for the cause of a future damage, e.g. the lack of control? There are multiple reasons for damage and various reasons why an additional control measure does or does not help to prevent damage (Dowell and Hendershot 1997). What distinguishes auditor's from stakeholder's explanations of the situation? Why has the damage in question not yet occurred or what has changed to make damage more likely now? Do stakeholders and auditors agree on the forecast horizon for probable damage or does the stakeholder think he has plenty of time to remedy the issue? Why do they differ and what makes the difference?
Do auditor and client agree on the final judgement, the risk declaration, e.g. that there is a high potential for a rather high damage or a certain potential for a very huge damage? On which future damage scenarios do the parties involved agree and on which ones do they differ? If the audit team uses historical scenarios and explains situations where similar damage occurred in comparable cases, the client will probably be more ready to accept the issue and follow its recommendations. The auditor could also substantiate its findings by referring to other experts who have adequate expertise and share the auditor's point of view. Their reputation and standing could convince the client that the risk may actually realize.
If auditors want to understand the client's uncertainty, they will have to extend the risk communication and ask questions like the ones described above (social dimension of meaning). To dispel the client's doubts, the audit team can continue the audit process (temporal dimension of meaning) to give more substance to the audit finding by trying to collect more supporting facts and explanations for the issue in question (Puhani 2015 and, as an example for an excellent audit report, see Rogers et al. 2003).

Conflicting Demands on the Audited Organization
An audit team can increase the connectivity of its risk communication to the client if the audit findings are well balanced, i.e. if they show the advantages and disadvantages of the status quo of the audited organization and of the improvement suggested. There are various conflicting demands which organizations have to adjust to (Balck 1996;Weick and Sutcliffe 2001), such as centralization versus decentralization or cost-cutting versus growth. An auditor, who respects these contradicting requirements on an organization, ensures a certain neutrality towards the issue in question (cf. Section 'Objectivity and Dependence on Observers') and helps to avoid discussions with the client in cases where the audit team presents a one-sided audit result and the client elaborates on the disadvantages of the recommendation. This approach is able to reflect organization's ambiguity and uncertainty and maintains the flexibility of thinking of the audit team.

Conclusion
The systemic approach recommends structuring the audit process as a dynamic learning and decision-making process, where each audit step is based on the current knowledge gained in the previous audit steps. The audit team does not search for absolute truth in risk communication, but strives for connectivity to the client, e.g. by emphasizing the background of the audit statement including relevant decisions of the audit process and important assumptions of the audit findings.
The audit team thus deals with the uncertainty of a risk communication by disclosing auditors' blind spots and the conditions under which audit results should be revised. Consequently, the systemic approach enables clients to assess in which context and to what extent the audit team's risk communication can be a basis for their further decisions.