How we make decisions - internal audit insights from behavioural economics

This thought leadership piece examines the application of behavioural economics to how we examine controls and operate our internal audit activities. Could internal audit be the catalyst to more effective outcomes through application of behavioural nudges? Are we sure that there are no behavioural biases in our work?

What is a behavioural nudge?

In 2002, Daniel Kahneman proposed a new way of understanding why economic theories so often get it wrong and do not result in the changes expected. Sunstein and Thaler popularised this in their book ‘Nudge’, which looked at how we make choices in our lives and how we can practically improve decision-making.

The nudge theory is a concept which proposes positive reinforcement and indirect suggestions as powerful ways to influence the behaviour and decision-making of groups of individuals.

Both Barack Obama and David Cameron utilised the theory in Office.  In the UK the theory was responsible for a raft of policy ‘nudges’ that led to increases in the use of loft insulation, electoral participation rates, payday charitable giving, organ donation pledges and the introduction of pension auto enrolment.

Auditors can learn from this and use nudge theory in control assessment work, how we work with management to raise and ensure issues are closed and in how we work generally.

How does this relate to internal audit?

Economic theory has traditionally been based on three assumptions, all of which have relevance for how we view behaviour in our own organisations. These are that people:

  • act rationally, using all information available to take the ‘right’ decision
  • have unlimited self-control, resisting the temptation to take ‘poor’ choices
  • are selfish, looking to maximise the benefit of actions for their own gain.

Applying this approach to organisational decision-making implies that decisions are taken by carefully weighing up the costs and benefits, based on complete information with the aim of maximising organisational outcomes. However, in our audit work we regularly see examples of people taking ‘irrational’ decisions. Most of us have seen weak business cases with incomplete information being put forward and approved.

Nudge theory is part of a wider school of behavioural economics. As auditors we can adapt our analysis by first looking to understand how human behaviour works in practice – decisions being taken with emotions, with reference to norms and based on long formed habits rather than rational and robust analysis. In hindsight, this was observed in many aspects of corporate behaviour that led to the financial crisis. Thankfully, nudge theory also suggests ways in which ‘nudges’ can be made to encourage more effective decision-making.

The New Economics Forum sets out seven principles, that explain elements of organisational behaviour from which 19 insights have been distilled for audit leaders. For easy reference, we've broken down these seven principles into a simple map.

Principle #1

Other people’s behaviour matters: people observe others and copy; people are encouraged to continue to do things when they feel other people approve of their behaviour.

Auditor Insights Questions to consider
1. Examine and report on how decisions are made: spend time in the key committee meetings to observe the dynamic of decision-making, conduct interviews with those attending meetings to enquire about their viewpoint and understand their perspective on the dynamic of how decisions are made.
  • Who speaks in the meeting and whom are they really speaking too?
  • What is not being said that perhaps needs saying and why is this the case?
  • Does the chair actively encourage dialogue and manage healthy conflict, or do they look to subdue counter views?
  • How much are decisions pre socialised and taken outside the meeting to kill opposition and contrary views?
  • Does ‘Group Think’ exist and do people recognise this? 
2. Examine diversity of key decision-making bodies: analyse data on the composition of key organisational forums to understand the diversity of input.
  • Is there a healthy mix of gender, race and social groupings, input from disruptors and from across a range of functional and business disciplines?
  • Enquire with insights from the data to understand how appointments are made and the impact different perspectives have on the decisions taken. 
3. Review your audit methodology and functional decision taking: examine how decisions are taken in the audit activity including the sign-offs required and tollgate/stakeholder meetings.
  • What are the norms and conventions of these meetings and are they both supportive and challenging reviews of work?
  • Does your quality assurance approach reinforce conformity and homogeneity of thinking at the expense of creativity and contrary views?
  • Does group think exist in your audit team?

Principle #2

Habits are important: people do many things without consciously thinking about them. These habits are hard to change.

Auditor Insights Questions to consider
4. Ensure audit walkthroughs identify habitual behaviour and its risks: encourage auditors to look for habitual behaviour in audit walkthroughs including identifying habitual behaviour as the root cause of process failure - for example, people not following the correct documented approach in favour of an approach that they have followed for a long period. 
  • Does the formation of these habits introduce increased risk?

  • Should documented processes be updated to reflect better operating practice?

5. Identify where process design is stifling necessary judgement: decisions we take are influenced by both the layout and sequencing of the range of choices that are available. Choice architecture is often more effective when it encourages simplicity - effective process design, including flexibility to allow the exercise of judgement rather than the following of the same practice, will enhance control. The layout
  • Are strategic recommendations presented to senior management in an unbiased way with all options appropriately discussed?

  • Are they easily compared to one another?

6. Identify where default options in process design could lead to better outcomes: default options are an effective way of improving outcomes where sub-optimal behaviour is entrenched.
  • Could you work with management to identify better ‘default’ options in processes to increase the likelihood of a favourable process outcome?

  • Default options have been most notably used in pension auto enrolment to increase the amount of pension saving.

7. Review our own audit approach to identify where habits may be entrenched, or default options may lead to better outcomes: to change this type of behaviour requires genuinely compelling incentives or the use of default options that are more favourable with regard to the outcome that you are looking to achieve. Can we develop these in our audit functions?
  • Do you follow an old audit methodology or automatically default to unhelpful historical habits?

Principle #3

People are motivated to ‘do the right thing’: there are cases where money is de-motivating as it undermines people’s intrinsic motivation.

Auditor Insights Questions to consider
8. Review reward systems to ensure they are not encouraging inappropriate behaviour: reward is used to incentivise desired behaviours. Is this the most appropriate tool to use and will it really change the behaviour as required? Work with management to really understand the root cause of the issue rather than potentially reach for the default option of financial incentivisation.
  • Does the behaviour being driven by this reward align to organisational goals and values?

  • Are there unintended consequences of incentive schemes?

Principle #4

People’s self-expectations influence how they behave: the more public someone’s position on an issue is the less likely they will change it. Public commitments can lead to inertia or intransigence.

Auditor Insights Questions to consider
9. Assess recent risk events to understand whether change management is agile enough to adjust course when warning signals are present: intransigent positions in change programs are dangerous, potentially leading to continuation when closure may be required or driving ahead when course correction is needed. Audit should review recent risk events (internal and external) to see what warning signals were present and whether they were identified as such; presenting the outcome of these reviews to the executive is a good way to build credibility.
  • Is there a culture of stopping or redirecting projects?

  • Are there appropriate processes to evaluate projects in progress?

  • Are project targets focused on completion or success?

10. Conduct reviews of governance to assess how challenge and adjustment to strategic direction is conducted and whether this mitigates intransigency risks: just as intransigence can increase risk to change programs, it also applies to overall governance around the big strategic calls that organisations take. Decisions around areas such as products, markets, and growth strategies (organic or external) require robust challenge especially when direction has already been communicated to the market and internally to staff.
  • -Does the governance of the organisation have the strength to know when adjustment or abandonment is the right option or are personalities so strong that they could override debate and rational choice?

  • How are failures treated within the organisation? Are they recognised as learning points to call failure early and nimbly adjust?

  • Are performance management approaches supportive of open dialogue of learning from failures such that people are recognised for, say, ending projects at an early stage?

  • Do they encourage a culture of openness and declaration of problems or does ‘green-washing’ occur?

11. Review your interaction with stakeholders on issues identified: many audit functions are adopting an ‘agile’ approach to audit delivery that includes high levels of engagement with stakeholders throughout the audit process and early dialogue on emerging issues. 
  • Could an agile audit approach improve overall engagement with internal audit and easier landing of audit findings?

  • How do you ensure a ‘no surprises’ approach for management?

Principle #5

People need to feel involved and effective to make a change: just giving people the incentives and information is not necessarily enough.

Auditor Insights Questions to consider
12. Adopt a more inclusive approach with management to how you prioritise and execute your audit plan: many organisations are experimenting with different approaches, such as agile, in conducting their audit reviews. At the heart of many of these is greater involvement from management throughout the planning and audit review to gain understanding of the issues identified but also secure joint commitment to the issue and actions required to address.
  • Do you have an inclusive approach to your work, or could you work closer with management to increase commitment to the conclusions formed?

Principle #6

People are loss-averse and hang on to what they consider ‘theirs’.  The IKEA effect - people value something (eg a system or process) highly when they have been party to the development of the item regardless of an objective assessment of the quality or relevance of the item.

Auditor Insights Questions to consider
13. Train your auditors in the psychology of behavioural economics to increase their effectiveness in their engagement with management and the landing of issues: soft skills are important, however, practical training in the psychology of organisational decision-making could lead to a significant increase in the impact of the team in their interactions with management.
  • -How successfully are complex issues agreed with management?

  • Could an auditor benefit from a more sophisticated toolkit when trying to agree actions with management?

14. Consider recruiting psychologists / behavioural economists: training is important but is this skill so important that you should hire those fully qualified in this area?

  • There is an audit leaders podcast where RBS discuss their approach to behavioural auditing- listen to it here.

15. Conduct a review of your audit processes: auditors can be precious of the audit methodology that they have developed and follow in their audit work. These can be well established, institutionalised, approaches to audit work through the whole audit lifecycle and our approach to for example sampling, work-papers, tollgates and oversight and review.
  • Do our existing methodologies and ways of working always serve us as well as they could

  • Could we challenge some of our own systems and processes more objectively? Richard Chamber (CEO/President of IIA Global) speaking at the IA Conference 2019 questioned whether after 20+ years is it now time to change our internal audit methodology? What do you think?

16. Review the organisations approach to post project reviews to examine for bias in conclusions: post project reviews are typically conducted by those responsible for delivering the project.
  • Can audit bring greater objectivity to these reviews to ensure learnings are identified and acted upon in future work?

  • Can our independence be leveraged to review the inherent bias that may exist from having project management teams conclude on the effectiveness of their own project outcomes?

Principle #7

People are bad at computation when making decisions: they put undue weight on recent events and too little on far-off ones; they cannot calculate probabilities well and worry too much about unlikely events; and they are strongly influenced by how the problem/information is presented.

Auditor Insights Questions to consider
17. Review the quality and overall presentation of management information across the organisation to identify biases in how the information is presented.
  • How is management information presented?

  • Does it support effective decision taking or lead to a pre-determined conclusion?

  • Could you conduct a systematic review of the way in which management information is developed and used across the organisation to share strengths and weaknesses and identify potential biases in the way data and conclusions are presented?

18. Examine the use of stress testing in strategic decision taking and financial management to ensure that it considers a wide range of extreme but plausible events: for example the tests that sit behind published viability statements are of critical importance.
  • What is the organisations approach to scenario testing in developing both financial and strategic plans?

  • Are the scenarios well developed examining genuinely stretching events considering not just recent history but also longer-term risks?

  • Are the scenarios developed plausible?

  • Is reverse stress testing conducted (consideration of what would break the organisation) and plans developed to manage risks that this form of testing identifies?

19. Challenge your audit plans and planning processes to ensure that they do not lose sight of key longer-term risks.
  • To what extent is the audit risk assessment influenced by recent events rather than an assessment of risk?

  • Are audits conducted just to tick the box of being able to say that you have looked at the area rather than a true risk-based belief of its importance relative to other risks? 

Closing thoughts

Through this piece, we have seen that:

  • People suffer from a range of biases that routinely influence decision-making
  • We all have limited computation capacity and are influenced by our social networks
  • Despite our best efforts, we often lack self-control and because of this make decisions emotionally
  • We turn to rules of thumb to help us make sense of the complexity we face and operate a process of satisficing rather than optimising behaviour
  • This can mean that decision taking is influenced by biases that can lead to sub optimal outcomes.

Knowing this is powerful for internal auditors as we look to understand how our organisations work and challenge management and the audit committee to help it function better. It enables us to engage with management to look for more innovative ways to correct control weaknesses.

Whilst it is important to consider the use of the behavioural economics principles in our audit work, it is also important that we do not suffer from these biases ourselves as our objectivity is crucial. For example, do we have the diversity in our audit teams to prevent some of these effects negatively affecting our audit work? Is our diversity of thinking sufficient that we bring new insights in the conclusions drawn from audit testing and work with management to agree action plans to address the issues concerned? When was the last time you and your leadership team really and truthfully challenged yourself with these questions?

"If customers reward firms that act in our best interests, more such outfits will survive and flourish, and the options available to us will improve."

Richard Thaler, Nobel Prize winning economist 

Further reading

New Economic Forum – Behavioural Economics seven principles for policy makers at

‘Risk Savvy How to Make Good Decisions’ Gerd Gigerenzer.

‘Inside the Nudge Unit’ David Halpern.

‘Nudge: Improving Decisions about Health, Wealth and Happiness’ Thaler and Sunstein.

Comments on this site are moderated. Please allow up to 24 hours for your comment to be published on this site. Thank you for adding your comment.