Manifold Conceptions of the Internal Auditing of Risk Culture in the Financial Sector

Research output: Contribution to journalArticleScientificpeer-review


Research units

  • Polytechnic University of Milan
  • KTH Royal Institute of Technology


This exploratory study investigates the manifold conceptions of the internal auditing (IA) of risk culture prevalent among four influential actors of the financial sector—regulators, normalizers, consultants, and implementers. By inductive analysis of 20 interviews and 295 documents, we illustrate a two-step interpretive scheme utilized by the four actors in their IA approaches of risk culture: defining broad goals and designing visibility schemes. The visibility schemes were tied to the demarcation, measurement, as well as the IA data collection techniques of risk culture. Our results indicate two dichotomous interpretations among the four actors concerning the IA of risk culture. The first interpretation, prevalent among regulators and implementers, promotes the control of risk culture primarily through verification. The second interpretation, adopted by consultants and normalizers, promotes the control of risk culture by IA along with the empowerment of employees through training programs. Our results not only contribute to understanding IA expansions, specifically to non-tangible domains such as risk culture but also enrich the literature exploring the mechanisms different stakeholders utilize to shape weakly professionalized IA practices.


Original languageEnglish
Pages (from-to)81-102
JournalJournal of Business Ethics
Issue number1
Early online date20 Jul 2018
Publication statusPublished - 1 Feb 2020
MoE publication typeA1 Journal article-refereed

    Research areas

  • Internal audit, Risk culture, Auditability, Financial sector

ID: 27869077