Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Manifold Conceptions of the Internal Auditing of Risk Culture in the Financial Sector
KTH, School of Industrial Engineering and Management (ITM), Industrial Economics and Management (Dept.). Department of Management, Economics and Industrial Engineering, Politecnico Di Milano.ORCID iD: 0000-0002-7253-4779
Department of Management, Economics and Industrial Engineering, Politecnico Di Milano.
2018 (English)In: Journal of Business Ethics, ISSN 0167-4544, E-ISSN 1573-0697, p. 1-22Article in journal (Refereed) Epub ahead of print
Abstract [en]

This exploratory study investigates the manifold conceptions of the internal auditing (IA) of risk culture prevalent among four influential actors of the financial sector—regulators, normalizers, consultants, and implementers. By inductive analysis of 20 interviews and 295 documents, we illustrate a two-step interpretive scheme utilized by the four actors in their IA approaches of risk culture: defining broad goals and designing visibility schemes. The visibility schemes were tied to the demarcation, measurement, as well as the IA data collection techniques of risk culture. Our results indicate two dichotomous interpretations among the four actors concerning the IA of risk culture. The first interpretation, prevalent among regulators and implementers, promotes the control of risk culture primarily through verification. The second interpretation, adopted by consultants and normalizers, promotes the control of risk culture by IA along with the empowerment of employees through training programs. Our results not only contribute to understanding IA expansions, specifically to non-tangible domains such as risk culture but also enrich the literature exploring the mechanisms different stakeholders utilize to shape weakly professionalized IA practices.

Place, publisher, year, edition, pages
Springer, 2018. p. 1-22
Keywords [en]
Internal audit, Risk culture, Auditability, Financial sector
National Category
Business Administration
Research subject
Business Studies; Industrial Economics and Management
Identifiers
URN: urn:nbn:se:kth:diva-245081DOI: 10.1007/s10551-018-3969-0OAI: oai:DiVA.org:kth-245081DiVA, id: diva2:1294011
Projects
EDIM - European Doctorate in Industrial Management
Note

QC 20190306

Available from: 2019-03-06 Created: 2019-03-06 Last updated: 2019-03-06Bibliographically approved
In thesis
1. Shaping Risk Management in Banks
Open this publication in new window or tab >>Shaping Risk Management in Banks
2019 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The recent financial crisis of 2007-08 was a watershed moment in the history of banking. The unprecedented event led to severe scrutiny by standard setters and regulators on how the business of banking is run. As a result of this strict scrutiny, a wide variety of reforms aimed at the second line of defense (risk management) ensued globally. These reforms stirred debate among the five actors (regulators, standard setters, normalizers, consultants, and implementers – banks and their interest organizations) that affected not only the shaping of risk management standards but also their implementation in banks. Motivated by these contemporary events, this thesis examines the shaping of risk management in the banking sector.

Through the three exploratory field studies in Sweden and Italy, the thesis posits two important contributions. First, the thesis posits a framework, demonstrating how the dynamic shaping of risk management is changing the conceptions of risk management in the banking sector. More specifically, the thesis (in Paper I) demonstrates how the definition of liquidity was changed from its traditional notion of a match between cash inflow and outflow to managing net cash outflow demands by keeping high-quality liquid assets. Furthermore, the thesis (in Paper II) shows how non-convergence of operational risk practices forced regulators to change their activity and detail-oriented advanced approach of risk measurement that (unintentionally) allowed the variation of practices to flourish. In a similar vein, the thesis (in Paper IV) demonstrates how the extension of internal audit to the non-tangible domain of “risk culture” raises doubts about the notion of “verification” and “control” attached to the practices of internal audit in lending credibility to risk management practices.

Second, the findings indicate the different participation approaches of various interested actors in the shaping of risk management practices. Here, the thesis (in Paper IV) demonstrates how the five actors (regulators, standard setters, normalizers, consultants, and implementers – banks and their interest organizations) influenced the conception of internal audit of risk culture. On the issue of internal audit of the Basel risk models (in Paper III), the thesisi demonstrates the filtering approaches of multiple institutional demands via the internal organizational conditions that enable full or partial agency of low-level internal auditors in shaping their practices of lending credibility to risk management.

Given the findings, the thesis explicates two important implications for practitioners. First, the findings of the thesis indicate that reformulations of risk measurement and internal audit would require standard setters, regulators, normalizers, consultants, and implementers to understand a balance between what to control and whom to empower. Second, banks would need to carefully design the level of freedom to be given to internal audit and risk control teams in managing the complex institutional demands through organizational structure and skilling initiatives.

Abstract [sv]

Finanskrisen 2007–2008 blev en vattendelare i bankväsendets historia. Händelsen saknade motstycke i historien och ledde till närgående granskning av bankväsendets verksamheter. Till följd av granskningen genomfördes en mängd globala reformer inriktade på den andra försvarslinjen (riskhantering). Reformerna väckte en debatt bland de fem aktörerna (regleringsorgan, standardiseringsorgan, professionella organisationer [normalizers], konsulter och implementerare, det vill säga banker och deras intresseorganisationer) som påverkade både utformningen av standarder för riskhantering och genomförandet av dessa i banker. Med avstamp i dessa aktuella händelser undersöker avhandlingen hur riskhantering utformas i bankväsendet.

Avhandlingen består av tre explorativa fältstudier i Sverige och Italien och bidrar med två viktiga punkter. För det första upprättar den ett ramverk som visar hur den dynamiska utformningen av riskhantering förändrar uppfattningar om riskhantering i bankväsendet. Mer konkret visar avhandlingen (i artikel I) hur definitionen av likviditet ändrades från att traditionellt beteckna matchning mellan kassainflöde och kassautflöde till att inbegripa hantering av kassautflödeefterfrågan genom att behålla likvida tillgångar av hög kvalitet. Avhandlingen visar även (i artikel II) hur icke-konvergerandet av operativ rikspraxis tvingade regleringsorgan att förändra sin aktivitet och sitt detaljorienterade förhållningssätt till riskhantering, som (oavsiktligt) ledde till att variationer i praxis kunde uppstå. Vidare framgår (i artikel IV) hur internrevisionens utvidgning till det immateriella (non-tangible) området ”riskkultur” väcker tvivel om begreppen ”verification” och ”control” som är knutna till praxis för internrevision med avseende på att skapa tilltro till riskhanteringspraxis.

För det andra visar resultaten de olika aktörernas förhållningssätt till att delta i utformningen av praxis för riskhantering. Här framgår (i artikel IV) på vilka sätt de fem aktörerna (regleringsorgan, standardiseringsorgan, professionella organ, konsulter och implementerare) var med och påverkade uppfattningen om internrevision av riskkultur. Vad beträffar frågan om internrevision av Baselmodellerna visar avhandlingen (i artikel III) förhållningssättet att filtrera institutionella krav av interna organisatoriska villkor som ger internrevisioner på lägre nivå total eller partiell makt att utforma praxis för att skapa tilltro till riskhantering.

Resultaten framhäver två viktiga följder för aktörer. För det första tyder resultaten på att omformuleringen av riskbedömning och internrevision kräver att standardiseringsorgan, regleringsorgan, professionella organisationer, konsulter och implementerare förstår balansen mellan vad som ska kontrolleras och vem som ska stärkas. För det andra behöver banker försiktigt utforma nivån av frihet som ska ges till internrevisorer och riskontrollanter för att hantera de komplexa institutionella kraven genom organisatorisk struktur och initiativ till upplärande.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2019. p. 143
Series
TRITA-ITM-AVL ; 2019:3
Keywords
internal audit, risk management, risk culture, Basel models, operational risk, liquidity risk, internrevision, riskhantering, riskkultur, Baselmodellerna, operativ risk, likviditetsrisk
National Category
Business Administration
Research subject
Industrial Economics and Management; Business Studies
Identifiers
urn:nbn:se:kth:diva-245087 (URN)978-91-7873-127-5 (ISBN)
Public defence
2019-04-12, F3, Lindstedtsvägen 26, Stockholm, 13:00 (English)
Opponent
Supervisors
Projects
EDIM - European Doctorate in Industrial Management
Available from: 2019-03-06 Created: 2019-03-06 Last updated: 2019-05-10Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Sinha, Vikash Kumar
By organisation
Industrial Economics and Management (Dept.)
In the same journal
Journal of Business Ethics
Business Administration

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 28 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf