Openness and agreeableness in governance: Can the auditor also be a partner?

  • Openness and agreeableness are positive traits for internal auditors, and broader governance, risk and compliance (GRC) professionals, working within an organisation.
  • Businesses increasingly see the value in a true ‘partnership’ between management and internal audit and GRC professionals that demonstrate characteristics of openness and agreeableness.
  • Can being open and agreeable impinge on the ability to conduct themselves independently and objectively?

 

Boards require an internal audit to be independent and objective, whereas management wants internal auditors to be collaborative business partners that contribute to business objectives and improvement. These are competing priorities that require careful navigation.

Understanding these traits, together with the trade-offs, and their application by internal audit and GRC professionals can help with role clarity, effective stakeholder engagement, and an effective process that meets the requirements of supporting standards.

Overview 

In today’s world and changing governance landscape, contemporary governance, risk and compliance (GRC) functions are evolving, together with the optimum skills-sets and traits required. This evolution of GRC professionals, particularly internal audit, has progressed since the 1960s and moved from a focus on checking and compliance, through system-based auditing, to a risk-based and business partnership approach. 

The desire to combine internal audit qualities such as independence, objectivity and scepticism with business partnering, collaboration and openness can be challenging to navigate as an internal audit or GRC function. Similar to internal auditors, risk and compliance professionals often require elements of independence, objectivity and scepticism when providing facilitation and advisory support in areas such as risk mitigation, controls design, operating effectiveness and business process improvement. 

Some questions to consider are: Have we gone too far as a profession and become a toothless 'value-added' business partner? Do we need to ground ourselves more in the principles of independence and objectivity? Have we become too amicable with management?

The Institute of Internal Auditors’ (IIA) definition positions internal auditing as an ‘independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes’. 

Today, it is rare not to see the concept and inclusion of an internal audit ‘business partner’ within function charters and mission statements as the key to ‘value-added audit functions’. Whilst there is benefit in being a business partner, the internal audit professional’s role as a business partner is to remain focused on where it truly adds value — to be independent and objective, not to become solely a business improvement function. 

Despite technological advancements and changes in focus for internal audit and GRC functions, human behavioural skills are at a premium more than ever. We were curious about this, specifically the views today’s professionals hold on the importance of agreeableness and open-mindedness in a professional or audit context.

A&P Advisory partnered with a qualified psychologist to design a survey to collect data on personality traits relating to openness and agreeableness. The 24 survey questions delivered a snapshot of the attitude of respondents — all governance, risk and audit practitioners — in terms of agreeableness and open-mindedness both in a professional and more general context. This article highlights some of these views and is intended as a starting point to explore this broad and complex subject further.

Survey highlights

  • Based on the survey results, for 83 per cent of the questions, the responses reflected an ‘open’ and/or ‘agreeable’ attitude. In addition, some survey questions attracted a very strong response to the ‘top end’, that is, more than 77 per cent of respondents expressed positive scales of Openness.
  • On the other hand, some responses indicated a clear preference for the opposite or 'bottom end' of the Agreeableness scale, showing traits reflective of 'disagreeableness'.
  • Additional analysis using the three lines of defence indicates that Line 3 (ie, internal audit) displays the highest rate of an 'open' and/or 'agreeable' attitude compared to Lines 1 and 2 (this based on the number of questions for which this line shows the highest percentage).

Analysis based on number of question for which this line has the highest 'open' and/or 'agreeable' attitude. See below for further details on the survey.

Auditors give confidence to the stakeholders of a business, like investors, customers and regulators, that the business is stable and well-run. Auditors help build trust in society and have access to some of the most senior people at some of the biggest organisations in the industry.

To do so, you need to understand business — how they are run, how they identify and manage risks, how they present themselves in the marketplace, and how the industries in which they operate work.

Recent surveys report that only 44 per cent of stakeholders felt internal audit professionals contributed significant value (2017), and only 16 per cent of internal audit functions are currently operating as trusted advisers to their key stakeholders (2019). How does this reconcile with the traditional skills auditors are taught? Have you wondered what key personality traits best support governance, risk management and assurance practitioners? What are the trade-offs for other internal audit elements such as independence and objectivity? 

 Advertisement

There are numerous myths about internal audit — ‘Auditors are nitpickers and fault finders’. ‘It’s best not to tell the auditors anything unless they specifically ask’. ‘Internal auditors follow a cycle in selecting their audit ‘targets’ and use standard checklists so they can audit the same things the same way each time’. ‘Internal audit is the corporate ‘police function’. 

Audit scepticism (‘an attitude that includes a questioning mind and a critical assessment of evidence’) is a constant personality trait discussed in auditing standards and included in auditing training programs. However, professional scepticism is only part of the picture — arguably openness and agreeableness as personality traits are just as important. 

Navigating board v senior management expectations for independence and objectivity

Boards require independent and objective assurance across the organisation. The setup of internal audit establishes internal audit reporting through an audit committee (OECD Principles of Corporate Governance, Basel Committee Principles, and IIA Global Standards), which fosters independence from the internal audit execution and objectivity to assure on risk appetite outcomes. 

Internal audit works closely with the organisation’s management, however, the accountability remains with the Board. The establishment of good working relationships, close understanding of the business and the resolving of audit issues will position internal auditors to complete their roles effectively, however, internal audit should ensure they operate without undue influence or obstruction from the organisation.

These influences can be from ’suggesting’ internal audit topics to steer auditors away from other topics, directing internal audit to perform improvement roles or to diminish critique or priority of audit issues. These influences can be implicitly or explicitly persuasive in situations where an internal audit function reports administratively to an audited area in the business (for example, Finance / Legal), are out-sourced or co-sourced audit functions where significant additional revenue is generated from non-audited sources (e.g. consulting) or KPIs exist in organisations so achieving high priority audit actions is the basis for bonus incentives.

Trust but verify 

Verifying information is a key element of internal audit work, however, how does that relate to the idea of believing the client during fieldwork? The Russian proverb ‘doveyai no proveryai’ comes to mind — ‘trust but verify’. Auditors can rely on evidence and information but can also be open-minded through internal audit activities. Through a combination of open-mindedness and other qualities, we can remain objective whilst also validating auditee claims.

Whilst there is no right or wrong for personality characteristics displayed by internal audit practitioners, awareness and situational application of these traits during certain activities can be extremely useful. The effectiveness of auditor and auditee interactions is a critical element of audit activities. The mastery of communication and interpersonal skills (‘soft skills’) is one of the most important skills internal audit professionals need. The other typical attributes of a good internal auditor include risk and compliance expertise, cultural awareness, diplomacy and a ‘follow your nose’ mentality. 

For openness and agreeableness in the NEO Personality Inventory (NEO PI-I), there are no ‘opposites’ for the traits — instead, it is a degree of openness and curiousness. ‘Open’ and ‘Agreeable’ are distinct traits and evolve primarily around orientation towards others. (Refer to the next section for further information on the NEO PI-I.) 

Similarly, while there are no ‘rights or wrongs’ from a social perspective, there might be benefits in self-awareness from a professional perspective. With the personality traits being mapped on a bell curve, you do not want to be on either the lower or extreme higher end. 

Some practical examples of openness and agreeableness related to typical internal audit activities are shown below. While openness and agreeableness are general traits, understanding these in internal audit situations can be valuable. 

GRC activities Openness and agreeableness reflections
Compiling your Verification or Audit Plan
  • Be aware of undue influence on management requests to either include or omit potential audits.
  • Use several sources to ensure the audit plan addresses key risks (not just management’s perception, which might be subjective)
Confirming governance priorities during the compliance planning process
  • Are the vigorous arguments from management on decreasing the risk levels of governance/compliance priorities fair and justified?
  • Are we placating management by reducing priorities to maintain a good relationship rather than standing our ground?

Governance traits survey: Background 

In May 2020, A&P Advisory partnered with a qualified psychologist to design a survey to collect data on the personality traits relating to openness and agreeableness.

The 24 survey questions delivered a view around the attitude of respondents in terms of agreeableness and open-mindedness in a professional or audit context as well as in more general terms. The survey was designed to be exploratory rather than a definitive or scientific survey and aimed at opening the conversation.

The data were based on the NEO Personality Inventory (NEO PI-I). The NEO PI-I is a personality inventory that examines a person's Big Five personality traits (openness to experience, conscientiousness, extraversion, agreeableness and neuroticism). The two most relevant scales relating to GRC professionals were identified to be: 

  • Openness — At the top end of openness, you are open-minded and comfortable changing your view based on new facts coming to light. At the bottom end, you are more routined and conforming.
  • Agreeableness — At the top end, you are trusting, help others and are agreeable, but this can lead to gullibility. If too agreeable, you are less likely to go into battle on what is right or wrong as you are more socially agreeable. At the bottom end, you do not trust people, are cynical, egocentric, competitive and aggressive.

Governance traits survey: Results

In total, 119 responses were received. Of these: 

  • 60 per cent are professionals with over 15 years of experience
  • 30 per cent work in resources and oil and gas, and 35 per cent in government and professional services
  • Respondents were mostly evenly split across Lines 1, 2 and 3 defence

The split in respondents is shown in the graphs below: 

Survey respondent industry

Survey respondent experience

Survey respondent job role (3 lines of defence) 

Survey questions 

  1. A large share of accident claims filed against insurance companies are false
  2. I am not interested in theoretical discussions
  3. I am usually cautious when dealing with auditors
  4. I believe management inherently do the right thing
  5. I believe that audit should be tough in both execution and follow-up of outstanding issues
  6. I believe that others have good intentions
  7. I dislike change
  8. I don't like to decide until I've looked at all of the readily available information
  9. I feel others' emotions
  10. I feel sympathy for those who are worse off than myself I have a high opinion of myself  
  11. I like a good fight when I have a strong viewpoint
  12. I like to help others
  13. I like to think about alternate ways of doing processes
  14. I often accept other peoples’ explanations without further thought
  15. I prefer to stick with things (processes, ways of doing things) that I know
  16. I prefer variety to routine
  17. I take advantage of opportunities to further my cause
  18. The truth is told by management during audit interviews
  19. Management can usually be relied on to keep their promises
  20. Most contractors will not overcharge, even if they think you aren’t knowledgeable of the service they are providing
  21. Generally speaking, would you say that most people can be trusted
  22. Do you think management want internal audit to be sceptical or open minded?
  23. Open mindedness (rather than scepticism) is included in my company culture

Additional survey results and analysis

Survey results of comparison of lines 1, 2 and 3 responses against openness.

In analysing the responses that best reveal the attitudes towards the two personality traits, the following came to the front: 

  • Openness — The strongest responses showing a positive scale of ‘Openness’ were:
    • I like to help others
    • I like to think about alternate ways of doing processes
    • I feel sympathy for those who are worse off than myself
    • I feel others’ emotions
    • I don’t like to decide until I’ve looked at all of the readily available information
    • I prefer variety to routine 
  • Agreeableness — The responses showing a negative scale of ‘Agreeableness’ were:
    • I believe that audit should be tough in both execution and follow-up of outstanding issues
    • I like a good fight when I have a strong viewpoint
    • I have a high opinion of myself
    • The statement ‘I am usually cautious when dealing with auditors’ had a close to 50:50 split in agreeableness response 
  • A high number of neutral or undecided responses were obtained (>30 per cent) for the questions:
    • The truth is told by management during audit interviews
    • Management can usually be relied on to keep their promises

Conclusion

The evolving role of the GRC function, particularly internal audit, as a business partner will continue to blend qualities such as independence, objectivity and scepticism with business partnering, collaboration and openness. However, business partnership, particularly for internal audit, must remain balanced and focused on where it truly adds value — to be independent and objective and not become another improvement function.

To maintain this balance, can we do all of this without losing the benefits of scepticism? It may be done by consciously changing our approach through reframing our language, moving away from preconceptions associated with openness and agreeableness, selecting and training personnel with this in mind, and formulating the content and approach of verification and audit programs to maintain the fine balance, protect what should be the holy grail for governance and audit professionals.

Ben Arnold can be contacted on 0467 814 688 or by email at ben.arnold@ap-advisory.com.au.

Anna Moolman can be contacted on 0404 384 495 or by email at anna.moolman@ap-advisory.com.au and Alistair Purt can be contacted on 0466 565 359 or by email at alistair.purt@ap-advisory.com.au.

Material published in Governance Directions is copyright and may not be reproduced without permission. The views expressed therein are those of the author and not of Governance Institute of Australia. All views and opinions are provided as general commentary only and should not be relied upon in place of specific accounting, legal or other professional advice.