Risk Communication from an Audit Team to Its Client

Haferkorn, Petra

doi:10.1007/978-3-319-74098-0_10

Petra Haferkorn³

Part of the book series: SpringerBriefs in Applied Sciences and Technology ((BRIEFSSM))

7882 Accesses
2 Citations

Abstract

The article discusses the paradoxical foundation of a risk decision and the challenges the paradox puts on the management of risk communication. The exploration is done from a social systems theory perspective; a theory that provides a comprehensive theoretical framework for social systems and their communication processes and addresses the complexity, risk and conflicts of interests (Section ‘Systemic Audit: Widening the Perspective of Traditional Audit Approaches’). From this theoretical setting, the conclusion is derived that a statement about an organization’s risk cannot be proven as a ‘true’ statement and that a receiver of an audit report (the client) will always have good reasons to question an audit team’s risk communication (Section ‘The Paradoxical Foundation of a Risk Decision and Associated Challenges for Risk Communication Illustrated by the Example of an Audit Finding’). The article gives some hints on how an audit team can deal with clients’ needs by incorporating their requirements in its audit process, using concepts and tools from family therapy, brief therapy and systemic counselling (Section ‘Unpicking the Paradox of Risk Communication’).

You have full access to this open access chapter, Download chapter PDF

Crucial Sites and Research Orientations: Exploring the Communication of Risk

Communication as a Risk Management Tool for Psychiatry

From Risk Aversion to Risk Management

Keywords

Systemic Audit: Widening the Perspective of Traditional Audit Approaches

Traditional standards for internal (Standard 2012) and external auditors (ISAs 2012) assign a wide range of responsibilities to a team that audits an organization (cf. Fig. 1, left column), e.g. while being independent and objective (e.g. Code of Ethics 1100 Independence and Objectivity, Standard 2012), auditors are to trustfully interact with clients and auditees (e.g. core Principles for the Professional Practice of Internal Auditing, Standard 2012). Though the audit is initiated by a client and, in the beginning, the audit team is not in a position to know all the details of its engagement (e.g. 1000 Purpose Authority and Responsibility, Standard 2012), it is nevertheless held responsible for planning and performing the audit (2000 Managing the Internal Audit Activity et seqq., Standard 2012). At the end of the audit, auditors are supposed to negotiate management actions that remedy the organization’s deficiencies and make organization safe again (2400 Communicating Results et seqq., Standard 2012).

To handle these challenges, a social systems theory perspective (Luhmann 1984) and related tools and methods of different systemic approaches proved highly efficient (e.g. for family therapy, see Selvini Palazzoli et al. 1977, for brief therapy, see de Shazer 1989; Weakland et al. 1974, for systemic counselling, see Königswieser and Exner 1998). They resulted in the development of systemic audit theory and a systemic audit approach (Haferkorn 2010; cf. Fig. 1, right column).

Social systems theory does not operate with concepts such as ‘objectivity’ and ‘truth’, but postulates that every truth depends on an observer and therefore must remain hypothetical (von Foerster and Pörksen 2013; von Glaserfeld 1995, 1996). In this theoretical setting, reality is a cognitive construction derived from an organism’s experience (Glaserfeld 1995) and therefore limited to the abilities and experiences of the organism (Maturana and Varela 1987; Luhmann 1990).^{Footnote 1} Every observation of the organism draws a distinction, which specifies a unity distinct from a background (Spencer-Brown 1969; Maturana and Varela 1987). Taking a concept from biology, systems theory calls the unseen background ‘blind spot’ (Maturana and Varela 1987; Luhmann 1990). Every observation has therefore a limited focus and cannot claim to be all-embracing (cf. Fig. 1, second row).

As participants of a social system thus have different perceptions, they cannot take for granted that each party understands the other’s viewpoint—misunderstandings between involved parties are therefore likely (Luhmann 1986). For this reason, a systemic audit approach explores the context and conditions of risk communication to the stakeholders of an audit (Haferkorn 2010) and strives for connectivity (cf. Fig. 1, third row).

In this framework, an audit is operatively closed (Haferkorn 2010; Luhmann 1990), i.e. for example audit team depends on the auditees. Consequently, an audit team is not able to steer the audit towards a given objective, but rather focuses on what is possible and feasible in the existing audit context (e.g. available resources in experts, equipment and time) (Haferkorn 2010; Fig. 1, fourth row).

In this theoretical setting, it proved helpful to observe communication processes which can explain the functioning of social systems (Luhmann 2000 in relation to organizations, Haferkorn 2010 in relation to audits). Moreover, organizations are only able to survive when their communication continues to involve and balance the conflicting interests of important demands on the organization (Simon 2007, cf. Fig. 1, first and fifth row). Based on these assumptions, the following section discusses the interpretation of Luhmann’s notion of ‘risk decision’ (cf. last row of Fig. 1) and explores its practical application in audits.

The Paradoxical Foundation of a Risk Decision and Associated Challenges for Risk Communication Illustrated by the Example of an Audit Finding

Power’s (2007) research on risk management draws on Luhmann’s notion of risk (Luhmann 1991), which implies that future damage is not caused by natural disaster or other external, unswayable events but by a decision.^{Footnote 2} ‘Uncertainty is therefore transformed into risk when it becomes an object of management’ (Power 2007, 6).^{Footnote 3} By incorporating more of Luhmann’s theoretical program, we can gain an improved understanding of the paradoxical foundation of a risk decision and the associated challenges of risk communication.

According to Luhmann, a risk decision, i.e. a decision that assumes a relationship between a decision and a probable future^{Footnote 4} damage, has a paradoxical foundation (cf. Luhmann 1991, 9–40 and 1995). This is demonstrated using the following example of an audit team that informs its client about a risk to the organization, which in turn leads to discussions about the audit finding. The audit team informs the client that if a certain decision is taken, e.g. a certain control is not introduced in a workflow of the company, damage will occur within the next 5 months. Figure 2 exposes the four possibilities for future developments:

1.
The organization introduces the control mechanism but the damage occurs nevertheless. The forecast—or in Luhmann’s words ‘the assumption of a relationship between risk decision and future damage’—was wrong.
2.
The organization introduces the control mechanism and the damage does not occur. Consequently, the audit team cannot prove that the assumption of a relationship between the lack of a certain control and future damage was correct, as the forecasted damage did not occur.
3.
The organization does not establish the control mechanism and the damage occurs. The risk communication was not successful: if the decision-makers had trusted in the audit team’s expertise, they would have followed its suggestion.
4.
The organization does not introduce the control mechanism and the damage does not occur. As in the first and second case, the assumption proved wrong.

In summary, Luhmann states that a risk decision is founded on a basic paradox. Either the assumption (relationship between a decision and a future damage) underlying a risk decision holds and the damage occurs—in this case, the risk decision has been in vain (case 3 in Fig. 2), or the assumption does not hold—which means that the decision was based on a wrong assumption (case 1, 2 and 4 in Fig. 2). Since either the final risk decision or the assumption of the relationship is wrong, risk communication is based on a fundamental paradox (Luhmann 1991, 2002, 189, last row in Fig. 1).^{Footnote 5}

Unpicking the Paradox of Risk Communication

For a comprehensible communication of risk, experts often focus on a professional explanation of underlying facts and on the interpretation of corresponding research results for laypersons (e.g. Gigerenzer et al. 2010; Hollands and Lipkus 1999). Though facts play an important role, we have to bear in mind that communication is more than transmitting facts (Luhmann 1986; Roussy 2012 in relation to internal audits, Simon and Weber 2004, 91–97 in relation to systemic therapy).

Moreover, unlike damage, which can be experienced, Luhmann’s notion of risk is not a hard and fast fact, since risk is not an observable or demonstrable phenomenon. Risk is rather a social construct and must therefore be dealt with in communication processes. The remaining question of section two is therefore how an audit team can increase the connectivity of its audit findings.

Luhmann’s Dimensions of Meaning

Social systems theory assumes that the negotiations taking place in communication can be examined by distinguishing three meaning dimensions: the ‘fact dimension of meaning’ (Sachdimension) refers to the facts and the knowledge exchanged, the ‘social dimension of meaning’ (Sozialdimension) considers the social relationship between communication partners and the ‘temporal dimension of meaning’ (Zeitdimension) deals with the timeline of communication processes (Luhmann 1984, 112 et seqq.; Simon 2014, 7 seqq. and 78–84 in relation to counselling).

With this differentiation in mind, I now can establish methods for dealing with challenges that arise within the complex risk communication from auditors to clients, notably the paradox described in the previous section. It should be noted that these dimensions of meaning overlap, for instance when the client does not acknowledge the facts underlying an audit finding (fact dimension of meaning), the audit team can try to gain a better understanding of the client’s context and concerns (social dimension of meaning, cf. Collins 2010 in relation to communication between experts and laypersons) and invest time to gather further relevant information (temporal dimension of meaning) and adapt the presentation of audit results to the client’s needs. Moreover, as the example indicates and as will be shown later, if connectivity poses problems, it can be helpful to change perspective.

Risk Communication Embedded in an Ongoing Process of Expectation Management

Against this background, it seems necessary to manage the expectations of involved parties (cf. Simon 2014; Königswieser and Hillebrand 2004 in relation to counselling). It is important for the audit department (or audit firm) to build a trustful relationship with the client from the beginning and to establish a generally accepted standing in (and outside) the audited organization (including, e.g. the supervisory body, cf. Roussy 2012). This foundation allows auditors and client (using the temporal dimension of meaning) to develop a common understanding and agreement on their mutual roles during the audit (i.e. a consensus on roles according to the social dimension of meaning, cf. Haferkorn 2013, 35–49).

Given this starting point, the audit team should balance interaction with auditees and other stakeholders in the course of the audit process (Haferkorn 2010, 71–89 regarding auditors’ independence; regarding counselling cf. Königswieser and Hillebrand 2004, 94; Pfeffer 2001, 130–132). The team can manage the stakeholders’ expectation by respecting their opinion when it seems appropriate (e.g. when asking for the self-image of the organization) and if they comply with the Code of Ethics, but it should also be prepared to politely reject their standpoint later in the process, e.g. when judging the facts underlying an audit finding (cf. Section ‘Independence and Need for Social Interaction’ in relation to independence of the audit team).

Furthermore, audit actions and observations can change a stakeholder’s opinions and attitudes (i.e. the fact dimension of meaning affects the social dimension of meaning). For example, decision-making about the next steps in the audit process would be different if an internal auditor detected fraud. In such a case, he or she would have to be extremely careful in checking all the details of the finding, or would probably think about transferring the issue to an external auditor, who was less dependent on the organization.

Thus, connectivity of the audit finding is not a one-off event occurring at the moment when the finding is disclosed. On the contrary, connectivity is only possible when taking the time for an ongoing gain in knowledge about the needs of the parties involved and about the functioning of the organization audited. (Thus auditors consider the time dimension of meaning.) It is on this gain in knowledge that auditors base their decisions for the next audit step. To increase the audit team’s flexibility in aiming for consensus on how to proceed and balancing client’s and audit’s requirements, the audit is thus not completely planned from the beginning to end, but leaves possibilities to react on unforeseeable information. However, ongoing expectation management and a reasonable involvement of the client in the steering of the audit process are keys to obtain client’s confidence and trust in the audit team’s risk communication (Haferkorn 2013, 5, 11, 12, 25, 210–212; cf. Bauer 2015, 59–64 in relation to controlling).

The Importance of Audit Preparation

Increasing the flexibility of an audit process by avoiding over-strict planning should not be confounded with lack of preparation. It is a common mistake in practice to think that audit preparation only costs time and is negligible. The earlier an audit team talks to the client, the earlier it can start to manage the expectations of client and auditees, the earlier it is able to evaluate the possibilities and limits of its audit process, and the earlier it can consider diverse scenarios on how to proceed when planning. By gaining a good understanding of its position vis-à-vis the client and the auditees already at the beginning of the audit process, the audit team saves time because it can focus on what is possible and feasible early on (cf. Simon and Weber 2004, 11 in relation to counselling). The audit team therefore uses the temporal dimension of meaning even before starting the on-site audit process and so externalizes part of its expectation management of stakeholders before delving deep into the actual audit work and its fact-finding.

If auditors want to explore which role clients wish to assume for themselves and in which role they see the auditors, they first have to investigate the power structure of the audit including the clients’ context (e.g. the organization they work for, their relationship to the audited organization, their participation in relevant subsystems and coalitions and further social relationships observed through the social dimension of meaning). In order to avoid misunderstandings and disagreements during and at the end of an audit, a kick-off meeting proves very helpful, where all parties involved should have the possibility to introduce themselves and present their understanding of mutual roles and of what the audit’s aim should be.

Conflicting Demands and How to Deal with Them

Meeting conflicting requirements (Section ‘Systemic Audit: Widening the Perspective of Traditional Audit Approaches’) on an audit often confronts the audit team with further conflicts of interest. Unpicking the paradox of risk communication thus usually leads to more conflicting demands in practice.^{Footnote 6} The following list includes the most common ones for audits and gives some hints on how they can be negotiated by the audit team (Haferkorn 2010, 35–50; Selvini Palazzoli et al. 1977 in relation to family therapy).

Risk Awareness Versus Illusions of Safety

On the one hand, the reason clients hire an auditor is to get an assurance. On the other hand, the audit team might communicate a dysfunction of the organization. In the latter case, clients might have neglected their oversight responsibility (in case they are part of any controlling or supervisory body) or they could lose money (in case they invested resources). The audit team therefore conveys bad news and clients will have to decide on how to handle the information provided by the auditor. That is why even though the clients order an audit, they often may not be willing to hear the audit result. Auditors thus should be aware of client’s paradoxical attitude between hiring an auditor to learn about the organization’s risks and not being ready to hear about the actual risk involved (cf. Haferkorn 2010, 43, 44; Weakland et al. 1974 in relation to brief therapy).

In the course of the audit process, the audit team should consequently not expect its findings to be met with an open ear (Beattie et al. 2000) and should prepare the client for a potential risk statement and the uncertainty going along with it (cf. Power 2004, 16; Grote 2011 in relation to the hope that the public will accept the uncertainty going along with a risk statement). Auditors use several approaches to balance this conflict between risk awareness and illusions of safety:

If, in the preparation of the audit, the audit department or firm realizes that the client does not wish to hear about any deficits of the organization audited, it should refuse to contract or outsource the audit respectively (cf. ISAs 2012; Standard 2012). However, if an audit department or firm agrees to conduct the audit after all, it should think about measures to protect the client’s and its own reputation. In a social dimension of meaning, it could, in such a case, employ an audit team of inexperienced staff, which does not have the knowledge necessary for relevant audit findings (cf. Ito et al. 2015, 73 the example Toshiba, where inexperienced auditors did not detect overstated profits of 1.2 billion US Dollar). Apart from the auditor providing limited resources, the client could also play on the temporal dimension of meaning and insist on a short audit. In the case of the Barings Bank failure in 1995, supervisors only spent 2 days at the bank’s Singapore branch and had no realistic chance to detect that trader Nick Leeson had been hiding losses of 827 million British pound or 1.78 billion US Dollar (oral statement by a participating auditor made to the author).

Another way to create illusions of safety is to convince the audit team to only produce audit findings which are not important and at best can be resolved quickly during the audit. In the fact dimension of meaning, e.g. the audit department or firm can set up formal and empty requirements, which are prepared in a ‘style over substance’ manner intended to impress the reader. If, for example auditors are to stick to a checklist (cf. Haferkorn 2010, 222, 223 for a comparison on systemic and rule-based audit approaches), and if the checklist avoids questions that require substantive answers (cf. Power 2011 in relation to ‘dumb’ questions on risk management), there is a good chance that auditors will create no more than illusions of safety.

Moreover, the audit team has the possibility to communicate the audit finding merely orally and only to certain persons. The decision to take action or to leave things unchanged is then left up to that person. (Here again, conflicting demands are dealt with in the social dimension of meaning.) It is, however, important to point out that to cover up or conceal audit findings is not in accordance with the auditors’ code of ethics (ISAs 2012; Standard 2012) and bears a substantial reputational risk for the auditor if a damage occurs and is eventually disclosed. Consequently, audit teams tend to at least allude to the issue in the audit report.

Another way to protect clients would be to merely communicate any deficits of the operational system without linking their potential damage to a strategic decision and thus the clients themselves. (The conflicting demands are then dealt with in the fact dimension of meaning by changing explanations for the predicted damage.) Even though this approach allows auditors to avoid discussions with their clients, there are unwanted side effects, too. First, the employees in charge will be frustrated about a finding, because their handling of the operations in question merely met the given strategic targets. This frustration may lead to conflicts with the auditors and tarnish their reputation or it can result in an undesirable personnel turnover, i.e. the employees concerned leaving the organization. Second, if auditors do not name the (overall) root of the potential damage, the deficits could remain or reappear in another form. As a result, neither the client nor the audited organization will be able to learn quickly (enough), which may prevent the organization from adapting to requirements of the environment in due time and cause it to cease to exist (cf. Feynman 1996, 109–231; Rogers et al. 2003, as an example, where warnings relating to the operational system were overheard and, when astronauts died, finally led National Aeronautics and Space Administration to drop its strategy in setting up a space shuttle program).

Although maintaining an adequate level of the client’s comfort is fundamental for the communication of an audit team, it should nevertheless be aware about potentially disastrous effects which may arise by going too far when communicating one-sided illusions of safety. As is indicated above, lack of criticism and feedback can destroy trust in communication processes in- and outside the organization (cf. Power 2004, 5–6; Grote 2011). In such cases, audits lead to results that are counterproductive to the objectives they were designed to achieve. This is an irrevocable fact an audit team could point out in its communication with clients, in case they are not willing to accept an audit finding.

Independence and Need for Social Interaction

While the public wants an independent audit finding, it also expects the audit team to know the inside of the organization and therefore implicitly asks for audit actions, which, in turn, lead to interactions. ‘Complete and total independence’ is already challenged when client concludes the contract with the audit firm and negotiates the cost of the audit assignment. The number of auditors, their expertise and the time they are permitted for the audit are important prerequisites of an audit and can make a big difference on the audit result. Thus, clients and auditors naturally have an immense influence on the audit (Peemöller 2004; Marten et al. 2001, 156–185).

Responding to the stakeholders’ demands without any restrictions would tarnish an audit team’s reputation because its independence is an important prerequisite of the audit. When declining to meet a stakeholders’ requirement, it will be helpful for the team to refer to the context of the audit and the existential importance of its independence. Putting independence into question implies putting the audit into question. This argument will quickly convince stakeholders that maintaining the auditors’ independence is in the best interest of both sides (cf. Simon and Weber 2004, 11 et seqq. regarding counselling).

Objectivity and Dependence on Observers

On the one hand, International audit standards require audit findings to be objective (ISA 2012; Standard 2012). On the other hand, these findings depend on the way the audit is conducted including the interaction of auditors and auditees, the observations of the participating auditors and finally, how they are received by the client (Haferkorn 2010, 35–43). We should remember that in social systems theory ‘everything which is said is said by an observer’ (von Foerster and Pörksen 2013), existence of objectivity can therefore not be presumed.

To meet the public’s and the client’s requirement of ‘objectivity’ by maintaining some neutrality, it has proved helpful for auditors to aim for an early hypothesis on the functioning of the organization before making direct contact with the auditees. (If possible, auditors should use two contradicting hypothesis, cf. Section ‘Conflicting Demands on the Audited Organization’.) In the fact dimension of meaning, the independence and neutrality of audit teams thus depend on how carefully they conduct the preparation with regard to the audit contents and on the knowledge they have gained based on professional experience with similar organizations.

General and Expert Knowledge

Not only auditors but also clients need an overarching knowledge about the functioning of the organization and, often enough, also expert knowledge, e.g. an understanding of an IT audit finding. Since a wide and deep understanding cannot be presumed, the explanations provided must be didactically prepared. In order to ensure connectivity, audit teams, which are ideally a mixture of generalists and specialists, should try to explain the audit findings in detail and in the organization’s context. A deficiency in an IT-system for instance will certainly have a meaning for the operation of the organization, which then can be linked to a strategic target (cf. Haferkorn 2010, 51 et seqq. for an according audit approach). Generalists and specialists in an audit team should thus work together closely when explaining the audit findings (fact dimension of meaning).

Conflicting Demands on an Audit as a Project

Every project management has conflicting demands and so have audits. Generally speaking, the more time and resources spent on an audit, the higher is its quality. But the audit budget and timeframe are of course restricted. If auditors have sufficient transparency in their work, are ready to explain to stakeholders the important decisions on the audit process and involve them where adequate, they will increase the possibility of obtaining additional resources when necessary.

Paradox of Time

As organizations have to adapt to a changing environment, an audit finding is rarely presented at the right time. It is either communicated too early, and the organization is about to start working on the deficiency anyway, or it is too late because the organization has just finished implementing its organizational structure, processes and IT-systems, and fixing the issue would lead to reorganization and cause resources. Auditors can try to avoid this difficulty by entering into important organizational projects at an early stage and constantly expressing their concerns. Of course, this approach has a downside, too, as not only auditors’ resources are tied up, but the auditors’ independence and neutrality may also be challenged by becoming involved in the set-up of the organization.

Disagreement on the Facts of an Audit Finding

If auditor and client disagree on an issue, it is helpful to better understand the reason for the dissent in the fact dimension of meaning by trying to distinguish and discuss the following three levels of the audit finding (based on Simon 2006, 72–77 ‘drei Ebenen der Wirklichkeitskonstruktion’):

The observation of a phenomenon, which causes the dysfunction according to the auditor,
The explanation of the dysfunction and
The judgement of the audit finding as ‘important’ dysfunction or less important dysfunction.

Do audit team and stakeholder agree on the observation of a phenomenon, e.g. the audit team’s statement that the organization does not function as it should and that the status quo of the organization is questionable? If not, what are the differences in their observations? The auditors could try to better explain their position, e.g. in explaining the context of the audit finding from different perspectives (IT-auditor, finance auditor, etc.). Widening the view on the phenomenon and commenting on the context may help the stakeholder to better understand the facts and to follow the audit team’s further argumentation. The auditor could also try to gain substance by collecting more facts to support their statement (e.g. find historic scenarios causing damage). Additionally, auditors have to think about, for instance in asking further experts to join the audit or in using additional audit techniques.

Do audit team and stakeholder agree on the explanation given for the cause of a future damage, e.g. the lack of control? There are multiple reasons for damage and various reasons why an additional control measure does or does not help to prevent damage (Dowell and Hendershot 1997). What distinguishes auditor’s from stakeholder’s explanations of the situation? Why has the damage in question not yet occurred or what has changed to make damage more likely now? Do stakeholders and auditors agree on the forecast horizon for probable damage or does the stakeholder think he has plenty of time to remedy the issue? Why do they differ and what makes the difference?

Do auditor and client agree on the final judgement, the risk declaration, e.g. that there is a high potential for a rather high damage or a certain potential for a very huge damage? On which future damage scenarios do the parties involved agree and on which ones do they differ? If the audit team uses historical scenarios and explains situations where similar damage occurred in comparable cases, the client will probably be more ready to accept the issue and follow its recommendations. The auditor could also substantiate its findings by referring to other experts who have adequate expertise and share the auditor’s point of view. Their reputation and standing could convince the client that the risk may actually realize.

If auditors want to understand the client’s uncertainty, they will have to extend the risk communication and ask questions like the ones described above (social dimension of meaning). To dispel the client’s doubts, the audit team can continue the audit process (temporal dimension of meaning) to give more substance to the audit finding by trying to collect more supporting facts and explanations for the issue in question (Puhani 2015 and, as an example for an excellent audit report, see Rogers et al. 2003).

Conflicting Demands on the Audited Organization

An audit team can increase the connectivity of its risk communication to the client if the audit findings are well balanced, i.e. if they show the advantages and disadvantages of the status quo of the audited organization and of the improvement suggested. There are various conflicting demands which organizations have to adjust to (Balck 1996; Weick and Sutcliffe 2001), such as centralization versus decentralization or cost-cutting versus growth. An auditor, who respects these contradicting requirements on an organization, ensures a certain neutrality towards the issue in question (cf. Section ‘Objectivity and Dependence on Observers’) and helps to avoid discussions with the client in cases where the audit team presents a one-sided audit result and the client elaborates on the disadvantages of the recommendation. This approach is able to reflect organization’s ambiguity and uncertainty and maintains the flexibility of thinking of the audit team.

Conclusion

The systemic approach recommends structuring the audit process as a dynamic learning and decision-making process, where each audit step is based on the current knowledge gained in the previous audit steps. The audit team does not search for absolute truth in risk communication, but strives for connectivity to the client, e.g. by emphasizing the background of the audit statement including relevant decisions of the audit process and important assumptions of the audit findings.

The audit team thus deals with the uncertainty of a risk communication by disclosing auditors’ blind spots and the conditions under which audit results should be revised. Consequently, the systemic approach enables clients to assess in which context and to what extent the audit team’s risk communication can be a basis for their further decisions.

Notes

1.
The doubts and concerns regarding a “total objectivity” or a “complete capture of risk”, expressed by social systems theory, are in no way intended to ignore the justified expectations of society on the communication of risk. Quite the contrary, we need a theory which allows for ambiguity and blind spots to develop appropriate tools and measures for risk experts to discover the limits and options of their risk communication and to deal with the expectations of society
2.
Luhmann presumes the concept of a ‘second-order observer’; the decision-maker bases his decision on his observations and is the ‘first-order observer’ (Luhmann 1991, 235–247).
3.
The following considerations are based on the notion of risk, since an organization that realizes to be threatened by danger (or in Power’s word ‘uncertainty’) should think about the possibilities of protection and thus about a risk decision (Luhmann 1991, 32–40; Haferkorn 2010, 175).
4.
Remark: The notion postulates a forecast horizon. Some risk communication ignores such a forecast horizon (e.g. some audit findings) and just states that certain damage might occur. I think that the inclusion of a time horizon is essential for the notion of risk (and the core of its difficulties), since otherwise a risk statement will always be true and therefore redundant. This is the parallel case of Keynes’ statement: ‘The long run is a misleading guide to current affairs. In the long run we are all dead. Economists set themselves too easy, too useless a task if in tempestuous seasons they can only tell us that when the storm is long past the ocean is flat again.’ (Keynes 1923, 80).
5.
In his argumentation, Luhmann adds that the transformation of the logical statement into a probability statement by using the notion ‘probable’ damage does not unpick the paradox. Both concepts, logic as well as probability theory base their assumptions on a foreseeable and calculable future. Instead of one scenario probability theory uses several (in relation to continuous distributions even infinite) scenarios, but nevertheless the statement is still based on an observer (e.g. a person or a model) to predict future damage. In either case, whether a logical or a probability statement is given, the observer cannot foresee the future and has a blind spot (Luhmann 2002, 189). Thus a statement in risk communication (made by an audit team to its client) cannot be proven as a ‘true’ statement and its recipient will always have good reasons to question it.
6.
This goes in accordance with the observation that unpicking a paradox by simultaneously keeping the complexity of the topic generally leads to new paradoxes (cf. Luhmann 1993, 203). This is one reason, why social systems theory prefers circular, multicausal and recursive explanation models (Hänsel 2013, 29).

References

Balck, H. (1996). Aufdecken von Strukturbrüchen. In H.-J. Bullinger, H. J. Warnecke, & E. Westkämper (Eds.), Neue Organisationsformen in Unternehmen (2nd ed. 2002, pp. 1203–1208). Berlin etc.,: Springer.
Chapter Google Scholar
Bauer, G. (2015). Einführung in das systemische Controlling. Heidelberg: Carl-Auer.
Google Scholar
Beattie, V., Fearnley, S., & Brandt, R. (2000). Behind the audit report: A descriptive study of discussions and negotiations between auditors and directors. International Journal of Auditing, 4, 177–202.
Article Google Scholar
Collins, J. W. (2010). Mobile phone masts, social rationalities and risk: Negotiating lay perspectives on technological hazards. Journal of Risk Research, 13(5), 621–637.
Article MathSciNet Google Scholar
de Shazer, S. (1989). Wege der erfolgreichen Kurzzeittherapie. Stuttgart: Klett.
Google Scholar
Dowell, A. M., & Hendershot, D. C. (1997). No good deed goes unpunished: Case studies of incidents and potential incidents caused by protective systems. Process Safety Progress, 16(3), 132–139.
Article Google Scholar
Feynman, R. P. (1996). „Kümmert Sie, was andere Leute denken?“ München, Piper (7th ed. 2005).
Google Scholar
Gigerenzer, G., Wegwarth, O., & Feufel, M. (2010). Misleading communication of risk. BMJ, 341, c4830. https://doi.org/10.1136/bmj.c4830 (12.10.2010).
Article Google Scholar
Grote, G. (2011). Risk management from an organizational psychology perspective: A decision process for managing uncertainties. Die Unternehmung, 65(1), 69–81.
Article Google Scholar
Haferkorn, P. (2010). Systemische Prüfungen. Systemtheoretische Prüfungstheorie und systemische Prüfungsansätze zur Einschätzung der Lebensfähigkeit von Organisationen. Heidelberg: Carl-Auer.
Google Scholar
Haferkorn, P. (2013). Zugleich ´drinnen und ´draußen. Zeitschrift Interne Revision (6/2013, pp. 292–304). Frankfurt a.M.: Erich Schmidt Verlag.
Google Scholar
Hänsel, M. (2013). Der Ordnung halber! Grundlagen der systemischen Beratung. In M. Vogel (Ed.), Organisation außer Ordnung (pp. 21–38). Göttingen: Vandehoeck und Ruprecht.
Chapter Google Scholar
Hollands, J. G., & Lipkus, I. M. (1999). The visual communication of risk. Journal of the National Cancer Institute. Monographs, 1999(25), 149–163 (Oxford, Oxford Journals).
Google Scholar
ISAs 2012: International Standards on Auditing 2012, published by International Federation of Accountants. URL: https://www.ifac.org/auditing-assurance/clarity-center/clarified-standards (23.12.2015).
Ito, T., Matsui, H., Ueda, K., & Yamada, K. (2015). Investigation Report Summary Version of 20 July 2015. Toshiba Corporation. Tokyo, URL: https://www.toshiba.co.jp/about/ir/en/news/20150725_1.pdf (21.01.2016).
Keynes, J. M. (1923). A tract on monetary reform (p. 80). London: Macmillan and Co.
Google Scholar
Königswieser, R., & Exner, A. (1998). Systemische Intervention: Architekturen und Designs für Berater und Veränderungsmanager. Stuttgart: Klett-Cotta.
Google Scholar
Königswieser, R., & Hillebrand, M. (2004). Einführung in die systemische Organisationsberatung. Heidelberg: Carl-Auer.
Google Scholar
Luhmann, N. (1984). Soziale Systeme. Frankfurt am Main: Suhrkamp.
Google Scholar
Luhmann, N. (1986). The autopoiesis of social systems. In F. Geyer & J. van der Zouwen (Eds.), Sociocybernetic paradoxes. Observation, control and evolution of self-steering systems (pp. 172–192). Sage: London.
Google Scholar
Luhmann, N. (1990). Essays on self-reference. Luhmann’s adaptation of autopoiesis to social systems. New York: Columbia University Press.
Google Scholar
Luhmann, N. (1991). Soziologie des Risikos. Berlin, New York: de Gruyter.
Google Scholar
Luhmann, N. (1993). Die Paradoxie der Form. In D. der Baecker (Ed.), Kalkül der Form (pp. 197–212). Frankfurt am Main: Suhrkamp.
Google Scholar
Luhmann, N. (1995). The paradoxy of observing systems. In Cultural critique, 31, The Politics of Systems and Environments, Part II (Autumn, 1995, pp. 37–55). University of Minnesota Press.
Google Scholar
Luhmann, N. (2000). Organisation und Entscheidung. Wiesbaden: VS Verlag.
Book Google Scholar
Luhmann, N. (2002). Einführung in die Systemtheorie. Heidelberg: Carl-Auer.
Google Scholar
Maturana, H. R., & Varela, F. J. (1987). The tree of knowledge: The biological roots of human understanding. Boston, MA: Shambhala Publications.
Google Scholar
Marten, K.-U., Quick, R., & Ruhnke, K. (2001). Wirtschaftsprüfung (3rd ed. 2007). Stuttgart: Schäffer-Poeschel.
Google Scholar
Peemöller, V. H. (2004). Neuere Konzepte zur Unabhängigkeit des Abschlussprüfers. In G. Förschle & V. H. Peemöller (Eds.), Wirtschaftsprüfung und Interne Revision (pp. 758–769). Heidelberg: Verlag Recht und Wirtschaft GmbH.
Google Scholar
Pfeffer, T. (2001). Das » zirkuläre Fragen « als Forschungsmethode zur Luhmannschen Systemtheorie (2nd ed. 2004). Heidelberg: Carl-Auer.
Google Scholar
Power, M. (2004). The risk management of everything: Rethinking the politics of uncertainty. London: DEMOS. URL: http://www.demos.co.uk/files/riskmanagementofeverything.pdf (11.10.2015).
Power, M. (2007). Organized uncertainty (2nd ed. 2010). Oxford: Oxford University Press.
Google Scholar
Power, M. (2011). Smart and dumb questions to ask about risk management. In Risk watch (pp. 2–5). Ottawa: Conference board of Canada.
Google Scholar
Puhani, S. (2015). Erfolgreiche Prüfungsprozesse in der Internen Revision. Konzepte, Kommunikation, Konfliktmanagement. Berlin: Erich Schmidt.
Google Scholar
Rogers, W. P., Armstrong, N. A., Acheson, D. C., et al. (2003). Report of the presidential commission on the space shuttle challenger accident. Washington, D. C. (U.S. Government Printing Office). URL: http://www.caib.nasa.gov/news/report/defaulkt.html (13.02.2009).
Roussy, M. (2012). Comment apprécier la compétence d’un auditeur interne? L’opinion des membres du comité d’audit, Revue d’analyse comparée en administration publique, 18(3), 33–51. URL: http://id.erudit.org/iderudit/1013774ar.
Article Google Scholar
Selvini Palazzoli, M. Boscolo, L., Cecchin, G., & Prata, G. (1977). Paradoxon und Gegenparadoxon. Stuttgart: Klett.
Google Scholar
Simon, F. B. (2006). Einführung in Systemtheorie und Konstruktivismus. Heidelberg: Carl-Auer.
Google Scholar
Simon, F. B. (2007). Paradoxiemanagement– Genie und Wahnsinn der Organisation. Revue für postheroisches Management, 1(2007), 68–87.
Google Scholar
Simon, F. B. (2014). Einführung in die (System-)Theorie der Beratung. Heidelberg: Carl-Auer.
Google Scholar
Simon, F. B., & Weber, G. (2004). Vom Navigieren beim Driften. Heidelberg: Carl-Auer.
Google Scholar
Spencer-Brown, G. (1969). Laws of form. Lübeck: Bohmeier Verlag.
Google Scholar
Standard 2012. International Standards for the Professional of Internal Auditors 2012, published by The Institute of Internal Auditors, Altamonte Springs. URL: https://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdf (23.12.2015).
von Foerster, H., & Pörksen, B. (2013). Wahrheit ist die Erfindung eines Lügners: Gespräche für Skeptiker. Heidelberg: Carl-Auer.
Google Scholar
von Glaserfeld, E. (1995). Radical constructivism: A way of knowing and learning. London: Falmer Press.
Book Google Scholar
von Glaserfeld, E. (1996). Radikaler Konstruktivismus, Ideen, Ergebnisse, Probleme. Frankfurt a.M.: Suhrkamp.
Google Scholar
Weakland, J., Fisch, R., Watzlawick, P., & Bodin, A. (1974). Brief therapy: Focused problem resolution. Family Process, 13, 141–168.
Article Google Scholar
Weick, K. E., & Sutcliffe, K. M. (2001). Managing the unexpected. San Francisco, CA: Jossey-Bass.
Google Scholar

Download references

Author information

Authors and Affiliations

German Federal Financial Supervisory Authority, Bonn, Germany
Petra Haferkorn

Authors

Petra Haferkorn
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Petra Haferkorn .

Editor information

Editors and Affiliations

Geneva School of Social Sciences, University of Geneva, Geneva, Switzerland
Mathilde Bourrier
Ecole Nationale de l’Aviation Civile, Toulouse, France
Corinne Bieder

Rights and permissions

<SimplePara><Emphasis Type="Bold">Open Access</Emphasis> This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.</SimplePara> <SimplePara>The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.</SimplePara>

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Haferkorn, P. (2018). Risk Communication from an Audit Team to Its Client. In: Bourrier, M., Bieder, C. (eds) Risk Communication for the Future. SpringerBriefs in Applied Sciences and Technology(). Springer, Cham. https://doi.org/10.1007/978-3-319-74098-0_10

Download citation

DOI: https://doi.org/10.1007/978-3-319-74098-0_10
Published: 28 June 2018
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74097-3
Online ISBN: 978-3-319-74098-0
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Risk Communication from an Audit Team to Its Client

Abstract

Similar content being viewed by others

Crucial Sites and Research Orientations: Exploring the Communication of Risk