Amsterdam Business School
Integrating data analytics into internal audit work: an institutional perspective.
Name: Duan Wenxuan
Student number: 11085258 Thesis supervisor: Brendan O'Dwyer Date: August 14th
Word count: 14645
MSc Accountancy & Control, specialization Control
Statement of Originality
This document is written by student Wenxuan Duan who declares to take full responsibility for
the contents of this document.
I declare that the text and the work presented in this document is original and that no sources other than those mentioned in the text and its references have been used in creating it.
The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.
Abstract
The paper used Burns and Scapens (2000)’s institutional change theory to analyze the change in routines among internal auditors in one of the consulting firms in the Netherlands. Attention was drawn on the collaboration between internal auditors and data analysts, and the interplay between these two counterparts was defined as a methodology called DPCG1 to institutionalize the organizational change in this consulting firm. Data analytics were successfully embedded internally inside the consulting firm however failed to institutionalize in a wider context among different clients. Three different dichotomies, formal versus informal change, revolutionary versus evolutionary change, regressive versus progressive change were discussed at the end of the paper.
Contents 1 Introduction ... 6 2 Research Design ... 8 2.1 Research context ... 8 2.2 Aim of research ... 8 2.3 Methodology ... 8 2.4 List of abbreviation: ... 12
3 An institutional theoretical framework ... 13
3.1 Three dichotomies of institutional change. ... 13
3.2 Burns and Scapens’ (2000) institutional framework: ... 14
3.3 Three typologies of changes: ... 16
3.4 Re-develop the framework... 17
3.5 Research limitation ... 19
4 The consulting firm as an institution: rules, routines and actions. ... 20
4.1 The initial delineation of institutional realm ... 20
4.2 Realm of action: ... 22
4.2.1 Change agent: Risk analytics champions ... 22
4.2.2 Other change agents: data analytics team and COE(center of experts). ... 23
4.3 Rules and routines: ... 23
5 The successful implementation of data analytics in one out-sourced internal audit engagement. ... 25
5.1 New routine, the collaborative DPCG framework: ... 25
5.2 Encode the change, institutional work on people’s awareness: ... 27
5.3 Enact the change: Emerging collaboration between IA and DA ... 29
6 Discussion: ... 33
6.2 Breaking the wall down: Making it possible to reproduce. ... 34
6.3 Regressive versus progressive: the necessity of contextual change... 35
6.4 Revolutionary versus evolutionary: institutionalize the change. ... 36
7 Conclusion ... 40
1 Introduction
As the world is turning into a big data era, 90% of data in the world is less than 2 years old (Hurwitz 2013) and more companies are improving their use and understanding of data in relevance to their business with the substantial increase in available data population, data analytics has become increasingly popular and has been in heated discussion for years. Analytics can help managements to overcome the limitation of their cognitive abilities and make it possible for them to draw a bigger picture. The monitoring component of COSO framework (2013) emphasizes: “ Control systems need to be monitored, and analytics can play a significant role in enhancing the effectiveness and efficiency of the monitoring process. ” (Soileau et.al, 2015, p.12) COSO Internal Control Integrated Framework (2013) also states that ‘‘risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives.’’. We can capture a clear signal from this definition that “there is a move for the risk assessment component in COSO framework from a generic check-the-box activity to one that is more value driven in nature.” (Cangemi, 2014, p.1). Internal Auditors are now pushing
risk-based auditing principles into action by working with business stakeholders to improve business procedures and ultimately deliver greater value for their clients. Data Analysis tools can be used to unlock hidden value and act as a key catalyst for delivering insights that can positively influence an organization’s risk management framework. (Cangemi, 2014, p.1)
To answer the question ‘how and why data analytics has been embedded in the internal audit
fieldwork in practice’, this paper aims to present an interpretive study of the implementation of data analytics in one of the consulting firms’ internal audit department in the Netherlands. The paper is concerned with the collaboration between internal auditors and other organizational change agents such as data analysts and the management of the clients. It is necessary to study the client’s influence on the organizational change because lots of the firm’s internal audit engagements are co-sourced, which means the internal auditors from the consulting firm have to work in collaboration with the clients and as a professional service firm the clients are always with decision rights. In the discussion section, three different types of change proposed by Burns and Scapens (2000), informal vs. formal, evolutionary vs. revolutionary, regressive vs. progressive were discussed based on the context of the case.
There is no extant internal audit research which brings about the process of institutional change in the internal audit field, this paper filled in this research gap by offering a qualitative case study. The paper draw on the institutional change theory developed by Burns and Scapens
revised theoretical framework was formulated following the steps proposed by Tsang (2013). The limitation of the research is that because of the insufficient collection of historical or archival data, it failed to capture the institutional change in a long timeframe, which did not show enough respect to the timing of change.
The paper is structured in the following sections: first, I explain my research design. Afterwards, I introduced a theoretical institutional framework developed base on Burns and Scapens’ (2000) institutional change framework. Following is an introduction of findings from the case and in the end, more findings are discussed using the criteria suggested by the theory in the discussion section. The conclusion is made at the end of the research.
2 Research Design
2.1 Research contextThe research is based on a five months’ thesis internship done by the researcher who worked in the consulting department of one of the consulting firms. As a team member, the researcher developed close relationship with the team’s personnel, particularly with the internal audit team.
2.2 Aim of research
I intend to have a deep understanding of how and why the implementation of data analytics in the consulting firm has influenced internal auditor’s patterns and routines of doing audit work, how this process has been institutionalized, and link the result not only to the extra-organizational causes but also to the intra-extra-organizational factors such as the extra-organizational culture and purposive actions of powerful individuals.
2.3 Methodology
The theoretical framework described in this paper is following Giddens’ (1984) structuration theory: the duality of action and institutions. It emphasizes that “although institutions shape behavior, institutions are themselves the outcome of the actions of individual members of the organization.” (Burns and Scapens, 2000, p.22) Thus, institutional change also needs to be understood regarding the behavior of individuals and groups within the organization. A case study method was used as it can ‘close in’ on real-life situations and text views directly in relation to phenomena as they unfold in practice (Flyvbjerg, 2006). There are more discoveries stemming from the type of intense observation made possible by the case study than from statistics applied to large groups (Beveridge,1951).
Qualitative research data was gathered by semi-structured interviews with all levels of consultants in the consulting firm from senior managers to junior staffs. 13 interviews were done face-to-face while the interview with II and IM were done by telephone and the duration of the interview ranging from 34 to 87 minutes. The interviewees can be divided into two different categories based on their department, namely internal auditors in risk department and data analysts in the data analytics department, data analyst consultants were selected as their critical roles in running the analytics for internal auditors in some engagements. Attention was focused on individuals’ view about the use of data analytics in internal audit work, while their relationship with each other was also investigated by the researcher, purposive actions to drive the usage of
data analytics was added as a supplementary. The researcher also sat down with several interviewees to act as an observer to see how they actually use data analytics in their daily work. Following is the details of all the interviewees.
# Interviewee Position Department Duration(minutes)
1 IA senior internal auditor Risk 55
2 IB senior staff Risk 40
3 IC Staff Risk 38
4 ID senior manager Risk 52
5 IE senior manager DA 33
6 IF senior staff Risk 87
7 IG senior staff Risk 47
8 IH Manager Risk 66
9 II senior manager DA 71
10 IJ senior manager Risk 35
11 IK senior staff Risk 36
12 IL Staff Risk 34
13 IM Staff Risk 35
Huberman & Miles (1994) and Irvine & Gaffikin (2006) suggest that qualitative data analysis embraces three linked sub-processes: data reduction; data display; and conclusion drawing/verification (which can be understood as ‘data interpretation’, O’Dwyer, 2004).
To analyze the collected interview data, I started with transcribing all the interview recordings in a word document, which is really a time-consuming procedure, however beneficial at the same time. As O’dwyer (2004, p.393) suggests:
“Transcribing the interviews yourself enables you to analyze in depth as you transcribe and gives you a better ‘feel’ for the data as you progress. This is unavoidably time-consuming but in terms of obtaining insights and forcing you to think about the data, it can be invaluable.”
Then I read through the transcript while replay the audio record, and I initiated codes representing the important topics whenever it is relevant to my research question and then
highlighted them in the word document. Following this procedure, I categorized each code into three different themes, subsequently, three summary tables1 were prepared listing the intuitively developed codifications of the themes, the explanation of their nature, and their location within each of the transcripts (Miles & Huberman, 1994; Ryan & Bernard, 2003).
Table1- Primary theme: Routines that connects the institutional realm with ream of action.
code/interviewee R/D R/P R/C R/G IA 2,4,5 3,8 6,8,9,10 3,4,5,6 IB 11 10 IC 16 17 IE 27,30 27 27,28 IF 34,35 IG 45 IH 48 48 48 47,48 II 54,57 Total 6 4 13 18
Code index: R/D: Routines/define; R/P: Routines/produce; R/C: Routines/consume; R/G: Routines/govern
Table 2- Primary theme: key processes in institutional framework
code/interviewee IF/EN IF/EC IF/R IF/IA IF/IS
IA 3 3 4,8
IC 17,18
ID 21 21 21,22 21,22
1 In tables 1 to 3, the numbers in the columns beside the interview codes (e.g. IA) refer to the pages of
the individual transcripts where the code was identified with bright highlighters. The numbers in the ‘Total’ row represent the number of interviewees addressing the specific theme under each category.
IE 29, 30 29, 30 28 27,28 IF 31,33,36,38 31,37,38 IH 49,54 47 II 57 57 57 IJ 61 Total 6 8 2 20
Code index: IF/EC: Institutional framework/encode; IF/EN: Institutional framework/enact; IF/R: Institutional framework/reproduce;
IF/IA: Institutional framework/institutionalize(awareness); IF/IS: Institutional framework/institutionalize(skills)
Table 3- Primary theme 3: Typology of change
code/interviewee IW/R IW/I CT/CC CT/IC
IA 3,4 3,9 IC 17 ID 21 IE 29 29,30 IF 35 IG 46 43,44,45,46 IH 48,50.51 II 56 56 IJ 60 61 Total 4 15 6 2
Code index: IW/R: Institutional work/reproduce; IW/I: Institutional work/institutionalize; CT/CC: Change type/Contextual change; CT/IC: Change type/intra-organizational change. Accordingly, descriptive analysis was framed around these themes, paying great attention to contradictions and similarities. In the discussion chapter, an iterative method was adopted,
allowing the researcher to go back to certain themes, revisit the literatures, transcripts and notes, and re-interview the participants for understanding more and in depth. An institutional theoretical framework served as a theoretical lens to guide me through the whole analysis process. 2.4 List of abbreviation: IA-internal audit DA-data analysts P2P-purchase to order O2C-order to cash
CIA-certified public accountant CAE-Chief audit executive
3 An institutional theoretical framework
Data analytics have become a popular topic under heated discussion for the recent years, audit practitioners, especially in the consulting firms, have realized the necessity of introducing analytics into the field work (EY 2013, KPMG 2014). Previous studies have been discussing about how to embed data analytics into both external and internal audit work (Michael P, 2014, DeRoche T, 2015). Auditors now appear to use data analytics in their fieldwork more, and there is also a promising market. However, there is always a gap between the theoretical material in textbooks and professional guidelines (for example GTAG 16 issued by IIA), which intended to tell practitioners how auditing should be done, and the actual practices of auditors.
3.1 Three dichotomies of institutional change.
Scapens (1994) requires us to take the study of accounting as a practice instead of studying accounting practice as some ‘ideal’, per se a theory or conventional wisdom. To study the change of internal audit practice, we need to first realize this gap between theory and practice. This paper adopts an institutional framework developed by Burns and Scapens in 2000 as the theory lens to guide the whole study, which brings into focus on the routine and institutionalized character of accounting practices, in this sense the institutional framework developed in this paper is offered as a way of seeing internal audit practice. There are three extant institutional theories about organizational change: new institutional economics (NIE), old institutional economics (OIE) and new institutional sociology (NIS).
New institutional economics is fundamentally rooted in new-classical economic theory, which is based on the core economic assumptions of rationality and equilibrium, for instance, the theory was developed by economists helping them predict behavior at the industry and market level of analysis, instead of an explanation of the behavior of managers within firms. Thus New institutional economics is focusing on analyzing the rational or ‘optimal’ outcomes rather than capturing the unfolding process from one equilibrium state to another and is not suitable for analyzing the process of change (Scapens, 1994).
Neo-institutional sociology assumes that institutions are ‘there’ and have an influence on actors and organizations as well as lead to isomorphism, homogeneity and stability because rational actors make their organizations increasingly similar as they try to change them (DiMaggio, 1983). The NIS literature has been criticized on its negligence of interplay between institutional forces and intra-organizational power relations. Change on the intra-organizational level should not be interpreted only as a result of extra-organizational institutional pressures
because it can also or even predominantly be the result of the actions and reactions of actors ( Collier, 2001; Tsamenyi et al., 2006). NIS focuses on the effects of extra-organizational institutions (social, economic and political)on the accounting practices of organizations thus not suitable for us to analyze the process of intra-organizational change of internal audit practice either.
Studies have shown that organizational routines can pass on organization specific skills through time, for example, Nelson and Winter (1982) described how can previous management accounting routines like budgeting procedure influence the habits of the subsequent employees. Burns and Scapens (1996 and 1997) showed that routines could underpin organizational memory , which informs daily decision making and constitutes a degree of stability, and potentially make it hard to change. However, Veblen, the founding father of OIE, argues that institutional change can take place in an going process. He introduced the notion of ‘idle curiosity’ which is potentially rooted in human genes and which drives humanity’s tendency the experiments and innovation, generating novelty and impetus for change. New ways of thinking and doing things can lead to the emerge of new technology and new routines that underpin the new patterns of behaviors, whereas these new routines will constitute and form new patterns of behavior, per se, new routines that resist further change. Therefore, change and stability are not independent, they both simultaneously happen in an ongoing process.
3.2 Burns and Scapens’ (2000) institutional framework:
Burns and Scapens’ (2000) institutional framework is based on old institutional economics, which provides a focus on organizational routines and their institutionalization. Before using Burns and Scapens institutional framework, the conception of rules, routines, institutions and actions and their relationship need to be clarified. According to Scapens (1994), rules are necessary to co-ordinate and give coherence to the actions of groups of individuals. Routines represent the patterns of thought and action which are habitually adopted by groups of individuals. Rules are the formalized statement of procedures while routines are the procedures actually in use. In this sense, rules can be defined as formally recognized way in which ‘ things should be done’, while routines can be defined as the way in which ‘things are actually done’. Internal audit is a process to provide reasonable assurance regarding to the achievement of objectives relating to operations, reporting and compliance (IIA). Accounting practices give social coherence and meaning to organizational behavior and allow individuals and groups within firms to give meaning to their day-to-day activities (Scapens 1994). Similarly, as a type of auditing
practice, we can view internal audit practices as, at least a part of, the routines which enable organizations to reproduce behavior and achieve organizational cohesion.
Institutions have commonly been described as ‘enduring elements in social life that have a profound effect on the thoughts, feelings and behavior of individual and collective actors (Lawrence and Suddaby, 2006, p.215). An OIE scholar defines institution as a way of thought or action of some prevalence and permanence, which is embedded in the habits of a group or the customs of a people (Hamilton, 1932, p.84)
To embed the relationship between actions and institutions into the conception of institutions, Burns and Scapens (2000, p.8) suggested a slightly revised definition of Barley and Tolbert (1997) to define institutions as: ‘The shared taken-for-granted assumptions which identify categories of human actors and their appropriate activities and relationships.’ Under this definition, there is a duality relationship between institutions and actions, in which institutions inform and shape the actions of individual actors by the taken-for-granted assumptions, meanwhile, these taken-for-granted assumptions are socially constructed by the actions.
The starting point of Burns and Scapens institutional framework is that accounting practice can both shape and be shaped by the institutions which govern organizational practice. They used rules and routines to link the institutions with actions under this framework. The chart below shows the basics of the framework:
Figure 1: the process of institutionalization.
“The institutional realm represents an existing framework of rules and typifications derived from a cumulative history of action and interaction. ”(Barley and Tolbert, 1997, p.97 ), in contrast, the realm of actions refers to the actual arrangements of people, objects, and events in the minutes to minutes flow of social life’s unfolding (Ranson et al.1980). Both vertical (a and b) and diagonal arrows (c and d) show the linkages denoting the duality relationship between the two realms. Vertical arrows represent that institutions can constrain and shape (encode and enact) action synchronically (at a specific point in time) while diagonal arrows mean that actions can maintain (reproduce) or modify (internalization) institutions diachronically (through cumulative influence over time).
3.3 Three typologies of changes:
Based on OIE, Burns and Scapen (2000) proposed three dichotomies of institutional changes in accounting practices: (1)formal versus informal change; (2) revolutionary versus evolutionary change; (3)regressive versus progressive change.
Formal change occurs by conscious design, usually through the introduction of new rules and/or through the actions of a powerful individual or group (Rutherford, 1994). In comparison with formal change, informal change may occur unconsciously at a tacit level, for instance, a new routine adopted over time that changes operating procedures. A case study on Omega introduced by Burns and Scapen found that sometimes when the new rules and routines are not in compatible with the existing ones, people are reluctant or resistant to change. However, if those who is responsible for the change is with sufficient power, they may still be able to impose the change. It is clear that the change agent’s power is quite important as for the successfulness of the change, however, there is no prior research on how it can contribute to the institutional change using Burns and Scapen’s framework.
3.4 Re-develop the framework
Extant theory did not pay enough attention to the power of actions’ influence on institutions and cannot fully explain institutional change. After prolonged criticism on the traditional neo-institutional research, ideas of change and agency were first introduced into the area of institutional theory in the form of institutional entrepreneurship (DiMaggio, 1988), namely “actors who have an interest in particular institutional arrangements and who leverage resources to create new institutions or to transform existing ones” (Maguire et al., 2004, p.657).
The concept of institutional entrepreneurship focuses attention on the manner in which interested actors work to influence their institutional contexts through such strategies as technical and market leadership or lobbying for regulatory change (Lawrence and Suddaby, 2006, p.46), which is defined as institutional work, that is, purposive actions that actors carry out to act upon (i.e., change, maintain, or disrupt) particular institutional arrangements (Lawrence and Suddaby,2006,p.26) Under institutional work theory, institutions are the product(intentional or otherwise)of purposive action. The focus of institutional work is to examine how actors interact with, and influence, institutions (Hayne and Free, 2014). Institutional work encompasses different types of purposive actions addressing the normative, cultural-cognitive, or regulative pillars of an institution (Järvenpää, 2009; Scott, 2008) to drive its creation, maintenance, or disruption.
In this paper, I re-developed Burns and Scapen’s institutional framework by adding institutional work into the realm of action to have a better understanding of the effectiveness of the formal or informal change carried out by a change agent. I used E.W.K. Tsang (2013)’s framework to re-build the theory. Tsang (2013) criticized Welch et al. ’s (2011) theorizing framework on a groundless assumption, which is stated by Welch et al. (2011) as : “ We consider
how the case study generates casual explanations and how it incorporates contexts- two features of the case study that are often regarded as being incompatible”. First of all, they argue that Welch et.al (2011) failed to provide evidence to show that these two features are actually treated by researchers as incompatible, secondly the so-called trade-off between the two dimensions even do not exist. Tsang (2013) therefore developed an alternative methodology to do theorizing for a case study, as it is shown below.
Figure 2: four steps to develop theory.
Following this methodology, the theoretical re-development in this paper was done in four steps:
Interpretive sensemaking: I conduct an in-depth case study of the use of data analytics in a consulting firm based on the method of interpretive sensemaking, through which I interviewed the internal auditors and relevant people and tried to understand their views on data analytics’ usage in internal audit fieldwork from an institutional change perspective. The focus was on interpreting the narratives given by the interviewees, probing into their intended meanings, and understanding the process of institutionalization thoroughly.
Contextualized explanation: I adopted the method of contextualized explanation and examined the contextual factors both inside and outside that may influence the consulting firm, in which the internal audit team is located. In this process, I can draw on existing theories to strengthen the explanation of the case.
Identification of empirical regularities: In order to check how far the internal audit team constitutes an empirical regularity, I adopted a multiple-case study approach and investigated
both fully outsourced and co-sourced internal audit engagement to frame the research in terms of understanding the phenomenon itself instead of finding theoretical explanations for those phenomenon.
Theory building & testing: Based on Giddens’ (1984) structuration theory, actions and institutions can interact with each other, and we need to consider actions’ influence on institutions. Burns and Scapens’ (2000) institutional change framework did not explain the process of institutionalization very well because it did not take the purposive actions leveraged by changing agents into consideration. I proposed a revised theoretical framework which includes a new element, the institutional work.
3.5 Research limitation
Burns and Scapens’ (2000) institutional change framework emphasizes the importance of trace the pathways of change, how has change tracked its way through the organization-and the timing of change. (K.Soin et al., 2002, p. 254). Studying the processes of management accounting change requires a conceptualization of the ways in which new accounting practices evolve over time (Nelson and Winter, 1982). One of the most challenging tasks to include the timeframe in institutional change research is to chart flows of action and interaction. (Barley and Tolbert, 1997). First of all, the time frame of the structuring process is likely to be longer when collectives are the relevant actors, in the context of this research, some of the collectives are playing the same role as changing agents, which makes the time scheme longer than expected, and it was impossible to catch everything by the researcher’s five month’s internship. Secondly, defining the actions of collectives can be problematic, since many individuals can act on behalf of a collective. In the field of internal audit work, each audit projects can represent a collective and it is influenced by each auditor’s action, the many audit engagements that the researcher investigate in the company makes it hard to draw an overall picture. Last but not least, charting the acts of multiple collectives is logistically more difficult than documenting the behavior of multiple individuals. However, due to confidential reason, it is impossible to get the documents which include company’s archival data. These altogether constitute the limitation of my research: the failure of providing sufficient longitudinal evidence.
4
The consulting firm as an institution: rules, routines and actions.
In Burns and Scapens (2000) institutionalization model, there are three elements that need to be identified before using: institutional realm, routines and rules, and realm of action.
4.1 The initial delineation of institutional realm
The IIA (institute of internal auditors) released the ‘Statement of Responsibilities of the Internal Auditor' in 1947. Internal audit was described as: “an independent appraisal activity within an organization for the review on the accounting, financial and other operations as a basis for protective and constructive service to management (Van Voorhis, 1952, p.1). In 1999, the IIA expanded the definition of internal auditing to include “independent objective assurance and consulting activities” (IIA, 2011a).
It is obvious that the scope of internal auditing has indeed increased and that it now includes consulting activities and operational support in addition to the traditional financial assurance and operational review activities (Brody et al., 2014). Corporate leaders are expecting internal audit to improve visibility and provide strategic insights that can deliver lasting value for the organization. Satisfying these growing expectations implies there must be a transformation particularly the securing of appropriate new skills and competences (E&Y 2013). Following the broadening of this scope, internal audit functions must evaluate their current competencies and how to address the requirements of an expanded mandate and scope. One way to provide broader coverage of risk is through the use of data analytics (DA). Data analytics is a powerful tool as it has the big potential to significantly increase the effectiveness and efficiency of internal audit.
IA can use analytics to gain increased assurance while improving efficiency and/or effectiveness of audit procedures, to identify unknown risks and assist with future planning, or to reduce travel and time spend on manual routine work steps:
“Yes, if you have invoices in a P2P process, some invoices are old, or like they are still unpaid or whatever, and we could do analysis on that, so we could investigate, ok, we see you have this bucket where items are still not paid, how does it work? We also saw that some items were not approved in the system but still paid. By using analysis in advance, we could really ask specific questions in advance and we don’t need to do the research on ourselves. Based on this analysis, we identify what elements we are going to focus on in the process, for other elements that (are with) no findings during the analysis, we did not look at it or did not really mind, we just ask some questions, but we do not dive into details. ” (IC)
Internal auditors can also use data analytics to manipulate a complete population of data to obtain insights to business process and initiate performance improvements.
“I would say data analytics is all the work that you do to find the exceptions in your data, your population. So it can be done for compliance, to find the exceptions. But it can also be done for identifying or analyzing the effectiveness of processes. ” (IA)
Since the unit of my research is the internal audit team inside one of the consulting firms, the institutional realm is not the institutions outside the consulting firm but the other department inside the consulting firm, in this respect, the management vision and style should be considered as part of constitutions of institutional realm. The consulting firm has launched a global data analytics program, and one of its IT visions in 2020 is ‘to become a leading example of technology driving profit revenue growth.’
There are two situations with regards to decision right in an internal audit co-sourcing engagement. There are engagements in which it is the auditor who decides how many to select the samples based on sampling methodology, taking into account the population, number of occurrences, level of risk, and using professional judgment. However, for some of the internal audit co-sourcing engagement, the task of the consulting firm’s internal audit team is just to support or to help the client’s IA department, therefore the client defines how the sample selection and audit process works, it is the client’s decision whether to embed data analytics into the audit process:
“They (the clients) give you and they tell you that you need to select ten samples to test and you will test on their site, it depends on the client.” (IJ)
Numerous works were done by the consulting firm to achieve its data analytics vision in 2020. The consulting firm has successfully rolled-out the Analytics Pursuit Platform (APP), a go-to-market tool which allows employees to access the best Analytics-enabled service offerings as well as Case Studies, Thought Leadership, Demos, Videos and other Go-To-Market collateral from around the world via the web, or mobile. A global analytics managed services platform was also launched to deliver a standardized analytics-as-a-service technology architecture and framework for the sector and the domain-specific solutions. The consulting firm also continues to improve the ‘Analytics IQ’ of its employees through the launch of information-to-insight training courses and the Analytics Learning Portal. Thought leadership articles on this topic are also available on the company’s intranet, for example, an article introduces big data and data analytics in audit process and initiated some concrete questions that internal auditors might ask themselves to better embed analytics into their work. Analytics is also an important topic of the
firm’s intra-community group, Sharing1, where the firm’s employee can interact with analytics practitioners around the world on use cases, best practices, and tips for analytics. The global centre of excellence (COE) is established where employees can find a key contact to consult when they are coming with problems with data analytics.
Institutional changes in the wider economy should also be considered as it has a fundamental influence on organizational change. Internal audit needs to respond to business processes that are becoming increasingly complex (and in some cases automated) as the technology landscape progresses, especially to handle big data. Big data are the massive and varied amount of data existing in and relevant to the business. Related risks cannot be effectively addressed using traditional methods
“Data are replacing paper work, and it means that our customers are using data to replace its paper work, and then internal audit needs to integrate data analytics into their work and abandon some of the traditional document works. Besides, there are data being produced because of the advent of big data, how could you not make changes to adapt to it ?” (IF)
The big four firms have all released articles on their website to emphasize data analytics usage in improving the efficiency and effectiveness of their internal audit work. For example, KPMG suggests that ‘‘With data analytics, organizations have the ability to review every transaction—not just a sample—which enables a more efficient analysis on a greater scale’’ (KPMG, 2013, 1).
When it comes to regulations and guidelines that are set up by the professional association in this profession, IIA has also given some guidance concerning analytics: “Members of the internal audit team will have a general understanding of data and data analysis software, and will have sufficient competency to review and interpret the results of automated analytic routines and perform simple analysis (sorting, filtering, grouping, and profiling)” (GTAG 16).
4.2 Realm of action:
4.2.1 Change agent: Risk analytics champions
In the firm’s internal audit team there are two data analytics champions, Alice and Jason. Alice has over ten years’ experience in internal audit practice. Before joining the company, she worked
for other consulting firms as a SOX consultant. Jason is a senior staff, and he has been working in the company for over five years. He is really intelligent and into data analytics. Other two junior consultants, Nicholas and Yolanda, also helped them with organizing events and together they constitute the data analytics champions in the internal audit team.
“We have a very small team in internal audit that is working on data analytics for internal audit. I am leading this team, in a sense that I coordinate event and I review articles. ”(IA)
4.2.2 Other change agents: data analytics team and COE(center of experts).
For many years the consulting firm has realized the power of analytics and there are lots of teams with analytics skills. For example, there is a data analytics team that has formulated in the firm’s Amsterdam office for over ten years. Elvis is leading the team now, she defines her team’s role as the following:
“Analytics is then, you could call it supporting to what is being defined, to execute on it. So to collect the relevant data, to perform the analytics, to visualize.” (IE)
The centre of excellence was launched in 2014, led by the chief analytics officer, to roll out new tools and enablement to support their people and capitalize on the significant and growing demand for analytics-based services.
“The center of excellence has developed a list of playbooks for analytics, to understand analytics per audit process. ” (IA)
4.3 Rules and routines:
A survey by a consulting firm (EY 2013) found that although data analytics is not a new concept, internal audit functions are still struggling to integrate data analytics into their core operations. Only 11% of CP&P (Consumer products & Retail) companies reported using data analytics throughout their core operations. Study after study has shown that the data analytics capabilities of internal audit functions consistently fall below what is desired and even what is required. The idea of using available data from various sources is not quite new for internal auditors. Although auditors are trained how to identify patterns and analyze data using methods ranging from simple trend analysis to more advanced regression analyses, most of this work is commonly performed using Microsoft Excel’s native functionality (DeRoche, 2015, p.1). The
implementation and improvement of using data analytics are the toughest challenges for internal audit department (Coderre, 2015).
Internal auditors have been receiving the training on manually doing control testing for a long time, which have led to the habitual adoption of a certain pattern of thought and action. They might resist embedding data analytics into their audit work simply thinking it is not worthy or because they are too stressed out to finish everything in time and there it is always time-consuming to make the changes.
“Right now you have a situation where an internal auditor, he has been trained for so long in a way of doing internal audit manually. Right now you are pushing to him a new solution, well I wouldn’t call it a solution but a new enabler, and he has to re-train himself in order to use it. So definitely there is a small problem there, because, if you think about it, if you are an internal auditor who has been trained for thirty years, you have received CIA1
and all the other different certifications and everything, your mindset is so programmed to do things with the checklist manually, I mean you understand the risks very well but it will be hard for you to change your mindset. Because they are so used to their old routine that sometimes they see analytics as ‘yeah, okay, I will do my work as it is, and if I find anything on top of the analytics, I will put that, included that in the report’.” (II)
Some companies use internal promotion to hire internal auditors, therefore mostly the internal auditor team is comprised of different people with different background, sometimes they are operational auditors and sometimes they are quality auditors who only hold a business process knowledge. These people are generally lack of internal audit knowledge and it is harder for them to see the value of adopting data analytics into their daily work.
“In some companies, they have a concept called “career auditor”, and some of them are not career auditor, so for example, you today, you joined the sales function. After five years, you have applied for a new job in the company. So let’s say you applied internally and you applied for internal audit. When you come into the internal audit function, you have the process knowledge, but you don’t know what a risk or a control is. Can you imagine what happens when I put the analytics in front of you? ” (II)
5 The successful implementation of data analytics in one out-sourced
internal audit engagement.
Metalfuture is a high-technology engineering group in tools and tooling systems for metal cutting, equipment, tools and services for the mining and construction industries, products in advanced stainless steel and special alloys as well as products for industrial heating. Metalfuture has over 40,000 employees and sales in more than 150 countries.
Metalfuture fully outsourced its internal audit to the consulting firm in which the researcher did his study. The team is mainly composed of internal auditors from internal audit department who physically sits in one city, however, travelling throughout the whole world. Core members include Amy who is a manager and has worked in the field for over ten years, and a senior staff who has been worked for five years in this field. In parallel, there are up to four internal audits during one month in different parts of the world, which requires more sophisticated data analytics to serve internal audit.
In 2014, a dedicated data analytics team was formulated in Germany to support the internal audit team for doing analytics for Metalfuture. This team consists of three people: Bob leads the team and coordinates the project with the internal audit team. He has worked for the consulting firm for over ten years. He started as a SAP consultant and now focuses on internal audit and analytics. Two staffs are doing the basic analytics for Metalfuture including Fanny and Jessica, and they report to Bob.
5.1 New routine, the collaborative DPCG framework:
The entire team at Metalfuture used a DPCG methodology to perform data analytics in the whole audit process (see the chart below). In defining analysis, internal auditors should set the objectives for the audit project, taking into account the scope of the audit, the timing, the team and the audit stakeholders. Analytics define is basically identifying what needs to be done, so what is important to cover, what is the context and what is the expected outcome. Elvis sees the role of one of the internal auditors that she once cooperated with as the following:
Figure 3: define-produce-consume-govern framework
“Internal audit is identifying the issue and identifying which is the biggest risk, so they are defining what analysis needs to be done. For example, Joan really understands the logic of when should you do analytics, she is really good at defining. She defines, okay, which analysis should be done, what do we need for this, and when the technical part has to be done, of course, we know the tools, but she is also really good in defining certain analysis. ” (IE)
The ‘ produce’ component involves the activities most people are thinking of when they think of analytics-specifically, the technical steps involved in the production of the analytics results.
“The analytics produce is basically identifying the data that you need to support the office, and transforming this into the analysis and producing the visualization. You could call it supporting to what is being defined, or to execute on it. So to collect the relevant data, to perform the analytics, and to visualize. ” (IE)
The ‘consume’ component involves turning data into insights, which is crucial to the final report. It usually involves the work of internal auditors interpreting and presenting audit findings to the clients based on the analytics results.
“And after that we read this up and then we forward these up to our clients because normally data analytics team not always present in the fieldwork, they are involved before the field, where they request the raw data from the client, let’s say the process data but they don’t provide the work product to the clients. Field team takes work product, follows up with data analytics if necessary and then shows that to the clients. ” (IH)
Before internal auditors can sit with the management and present the result of data analytics to everyone on an exit meeting, it is always important to validate the analytics result first. It is a
process which may require iterative investigation and negotiation with the control owner of the data.
Researcher: “Did you meet any scenarios where the clients challenged the results of the analysis and you were asked to make proper explanations?”
Respondent IA: “I think there is a difference between challenging the result of the analysis and how the analysis supposed to be done. So you need to validate the data before you use it and you need to validate the result before you go on talk to everyone about the result. Because maybe you have a very nice chart with a very nice exception. And when you talk to the owner of the data, they tell you, oh that looks very strange and they look into it and there is a reason why it should not be exception or maybe we assume that a column in the file has a meaning and it means something else, so you need to validate it so that you can make corrections before you share it with everyone. You need to talk a lot with the people who know the data, and the people who are going to be responsible for fixing if anything comes out of it. That is part of being an auditor, you need to talk to management, you need to talk to the issue owners or the control owners and validate things multiple times.” (IA)
The final element of an effective analytics process is governance. Generally an audit plan that incorporates analytics requires the use and coordination of a wide variety of skills. Internal auditor must define the scope; data architects and analysts must translate the requests generated during the ‘define’ process into valid queries to ‘produce’; the visualization team must take those results and turn them into reports and graphics that can be readily understood by the auditors and auditors must be able to turn it into insights. Governing analytics is to make sure that each team has the skills in store and right technologies are in place, right polices and rules have been defined.
“There is also a last component which is ‘govern’, which tells you when do you run the analytics, for example, do you run the analytics six weeks before the fieldwork, or do you run the analytics for an audit only for a week long, who does what, like for example, is it the technical guy doing the definition, no, it should be the auditor, and so on. ” (II)
5.2 Encode the change, institutional work on people’s awareness:
The first institutionalization process (arrow a in figure 1) entails the encoding of institutional principles (principles embedded in institutional realm to use analytics into internal audit work) into rules and routines “Formal organizational rules and procedures often define scripts (“script” is a comparable conception in Burns and Scapens’ institutional framework which combines both rules and routines to link the realm of institutions and realm of actions according to Barley and
Tolbert, 1997) that embody institutions and cover such activities as hiring personnel, evaluating performance, or offering goods or services to customers.” ( Barley and Tolbert, 1997, p. 102). By my observation and the analysis of the interviews that I conducted, no standard or rigid rules and routines were set up to encode the importance of using analytics into internal audit work in this consulting firm. One of the champions from data analytics center of excellence states the drawbacks of pushing internal auditors to use analytics:
“If you have too many rules, they may not use it. When you come and put too many rules, it is like you are pushing them to do it. You know that when someone push you to do something, you will not do it, but when you give them enough things to play with and you build up the appetite, they will come to you.” (II)
According to Barley and Tolbert (1997), the important principles in the realm of institution can also be encoded into scripts (rules and routines) in another way. Encoding can also take place by the self-interpretation and internalization of rules and routines to find the behavior proper for particular settings. (Berger and Luckmann, 1967). To encode the principles by letting people internalize the new routine, the consulting firm’s internal audit team has established a small risk analytics champion team to introduce the benefits of analytics to the internal auditors.
Alice defines the role of risk analytics champions in the internal audit team as the people to promote analytics to let every internal auditor realize its importance and power, to make sure that the internal auditors at their team are equipped with the right skills so that they can help clients do analytics if it is necessary and when they have questions concerning with analytics they can come to the risk analytics champions for help:
“We are just working on making data analytics visible for internal audit so that people know it is possible to do data analytics for internal audit, that we have these skills in the house, that there is a library of data analytics available for us to use, that we should introduce it in our internal audit engagement. The seniors understand what Spotfire1 is, what ACL2 is, and they have a minimum understanding of how it works. And that people know
that if they need help, they can come to us. And also, if they propose for internal audit, that we make sure that we also include information on the data analytics .” (IA)
One of the interviewees thinks data analytics champions shared lots of interesting topics such as web-based learning and articles. She thinks it is quite important to be aware of data analytics before use it and she thinks risk analytics champion team has done a good job to legitimize and promote analytics inside the internal audit team.
1 Spotfire is an application which uses overviewing dashboard to accomplish the function of data visualization. 2 ACL is a software provider to seamlessly integrate the industry’s standard data analytics capabilities into a
“Yes, if I want to know something more, I go to them and if there is a web-based learning or something, they share the links with us, promoting it and that is how I see their roles. I think it important that all the people are aware of data analytics because otherwise people will not use it. So it is really good that they do it and sometimes they just sent to us saying that, ‘ Guys, these are some really interesting stuffs, if you are interested, just check it out.’ I think they definitely doing a very good job, because they made people around aware of it.” (IC)
One of the data analytics champions, Jason, has asked an data analytics expert, Elvis, from another team in the consulting department of the firm to help him with training the internal auditor group for data analytics. Elvis has over seven years of experience in analytics and has done virtual trainings for other departments before, especially for audit department.
“Jason asked me to do a presentation on analytics for internal audit group. Well, I have done trainings to broader, like advisory colleague, also people from that team. And I do virtual trainings, internal audit is also part of the topics, there is an example that people are working on miscellaneous costs, I give virtual training on it. And this presentation is actually an external presentation so I will focus mainly on analytics but I will try to make the link with internal audit. ”(IE)
5.3 Enact the change: Emerging collaboration between IA and DA
The second part of the institutionalization process(arrow b in figure 1) denotes the actors to enact the routines which encode the institutional principles. A new routine, DPCG(define, produce, consume and govern) framework, has been introduced in section 5.1. To enact this new routine, internal auditors need to be responsible for defining and consuming whereas data analysts are focusing on producing.
“Yeah, they can prepare the queries, but it is IA team’s responsibility for interpreting the queries or for knowing which queries to build. Because they have a standard list of queries, but if you want something more specific, more looking at the targets for the company. Then you need someone who can think about oh, we should compare this with this or we should look at the exceptions in the population and it should be us.”(IA)
Internal auditors don’t have to have solid analytics knowledge in details; they can easily achieve their target by collaborating with the data analysts by explaining their needs. However, it is important for internal auditors to have a basic knowledge of how the system works so that they will not propose any unrealistic requests to the analysts.
“So I don’t really need to know how to build the chart, I just need to be able to explain to them, what I expect, and they will prepare it. So in our team, we need to have the knowledge to imagine what we want to have and
what we need, and to be able to explain to them. The part of knowing how the system works and how the queries work is for us to know some of the challenges that they have, so that we don’t ask for unrealistic things. Because it is very easy to see building a house in a day, if you do not know how long it takes to build the house. ” (IA)
One of the analytics champions in internal audit team states that as long as there is the collaboration between IT and IA, it is always not a problem with money as long as you want to embed analytics into internal audit work.
“I think it is mostly the time. I mean realistically for internal audit department, you can set up a very agile analytics capabilities. You can do it with one or two experienced people by two licenses for Spotfire or something like that; it is not going to be that expensive. You have too many teams with capabilities of Spotfire, set them up with a good network, internally within a company, that they know where all the IT departments are and are able to develop a good overview of the IT landscape and have them act as sort of center of excellence for analytics delivering services to each of the other teams, then you would have a very powerful analytics capability with the cost of two extra people.” (IG)
In the fieldwork of Metalfuture, the consulting firm’s internal audit team in the Netherlands has intimately worked with the dedicated data analytics team in Germany and together they used the DPCG framework introduced before to embed analytics. They did an audit which had multiple processes in scope, from p2p(purchase to pay) to o2c(order to cash) and financial statement root causes. Below shows an example of using data analytics to do the internal audit on account payable for the client.
Data analytics can play a key role in internal audit throughout the audit lifecycle from the risk assessment till the monitoring process. Data analytics before the field work helped the internal audit team from the Netherlands identify which risk is the most emergent one and help them make a ranking list of all the risks so that they have the priority to design interview questions before they came to the field, which will in the end saved the audit cost.
Figure 5: analytics and audit lifecycle
“The recent dedicated team with a sufficient experienced knowledge to dump the raw data from the client’s ERP system. They dump it, they process it, and they have the tool that they are working through Spotfire, they process this information depending on the passage of the system that they are working in, they prepare dashboards, with the underlying background information. ” (IH)
When it comes to the effectiveness of the collaboration, some of the internal auditors are quite aware of the opportunities and they always consider introducing analytics into suitable project whereas some others are just treating analytics as an ad hoc. It is good to have all the internal auditors be aware of the benefit and so that there will be more collaboration in the future.
“Because they are so used to their old routine that sometimes they see analytics as ‘yeah, okay, I will do my work as it is, and if I find anything on top of the analytics, I will put that, included that in the report.’ And then you have the other auditors who are more open to change, they will say: ‘Oh, I have the analytics result, let me look at this first, and let me change my audit program to reflect the actual risks, and then I perform the audit, and then I use analytics as a supporting evidence.’ So you have different types of auditors.” (II)
It is clear that the IA manager who is engaged in Metalfuture’s audit project is aware of the benefits of analytics and she redesigned her audit program to use analytics before the audit circle starts to include more data population to cover more risks and to improve the audit effectiveness in the end.
“Based on this, internal auditors usually look into the unusual trends, unusual mismatches, unusual working hours, segregation of duties. And prepare before the start of the field of their questions based on the red flags that identified as data analytics exercises. This helps a lot, because following up the questions based on data analytics results, we can later on come to the root causes of the issue which auditors identified. So data analytics before the field work allows internal auditors to see the unusual trend to see the red flags, to see something that they may want to follow up in subsequence.” (IH)
Elvis appraised the internal auditor team’s capability to spot opportunities and seek cooperation with data analyst. She also thinks that lots of the collaborations did not end up with a final report because of clients’ unwillingness to use analytics, but it is still good to let more people be aware of it.
“She(another senior manager) really knows how to spot opportunities, so she will always, if there is anything about analytics, she will put me in. So she is really aware of the opportunities, and then if she needs content, she will get me involved. It is really good because then, you really have this cooperation.
I think it is really good that more and more people are aware, so for example, it did not result in an assignment in the end. But that is not her(the senior manager) fault, kind of, because it was the clients now deciding, but the more people are aware, then it can be of added value for internal audit. It is a very good development. So I think as an consulting firm, for me, it is very important that my colleague see the added value and they start to see it more and more. So that is very useful. And that will definitely make the collaboration in the future more frequent ”(IE)
Continuous feedback is key to making sure that IA is testing the right things. An output might reveal a certain issue, but the follow-up could reveal a legitimate reason or a workaround (EY, 2014, p.6). In either case, the test must be revisited. When it becomes necessary to do this process iteratively, internal auditors should sit down with the data analysts to discuss the issue and follow-up steps before they illustrate findings to their clients, however, in reality, it is a different story.
“The best way to build feedback into the process is through a formal step where the auditors sit with the analyst who produced the outputs to make the relevant changes or recalibrations. However, in reality, the DA team is quite busy sometimes, so we don’t have the time to sit down and meet instead we will do the follow ups.”(IH)
6 Discussion:
6.1 Formal versus informal change?
Formal change is usually imposed by management by using a top-down approach. It is usually accomplished by the formal introduction of new rules. In this firm, Metalfuture has a very powerful new CAE1 who is very passionate about using data analytics; he leveraged his power to implement analytics into internal audit work. The company fully outsourced its internal audit to the consulting firm because it has the skills in house to help them with analytics. A set of guidelines about cooperating with the consulting firm’s internal audit work that is relevant to analytics has been set up internally at the firm. These guidelines are a formal set of rules and can be seen as the formal organizational change to embed analytics.
Despite from this formal (intentional) change that is obvious to observe and usually originated from intentions of powerful individuals, informal (unintentional) change may evolve out of the intended actions of the individuals who are enacting and reproducing organizational routines (Burns and Scapens 2000).
Amy is the manager who is leading Metalfuture’s project, by my observation, she does not know much about the DPCG framework. She defines the analytics champion’s role as the subject matter expert, and she did not attend the trainings provided by the analytics champions.
“They are subject matter expert, who may provide the certain training on how to use data analytics. I have never been involved in their trainings, and specifically to understand what they provide, you may need to interview them.” (IH)
However, she unconsciously adopted a certain methodology to collaborate with the dedicated analytics team, in which she declares that she contributes to the communication between the analytics team and fieldwork team. Although she is not clarified with the details of the DPCG methodology, she is competent to understand the core of this framework and put it into use without self-consciousness and the whole engagement on Metalfuture went very well in the end. Nelson and Winter(1982) proposed that individual skills have an important role to play in the institutionalization process of organizational behavior, and these skills are largely programmatic and originated from tacit knowledge that the a person acquires through the reflexive monitoring of its daily behavior. The skill to adopt the DPCG framework can be adopted by most of the internal auditors at the consulting firm unconsciously.
“I personally don’t dump the raw data, do not request the raw data from the company, I don’t process this data and I don’t create the flowcharts. But I can do in my communication with data analytics team normally that the field team, the process team requests from the data analytics team the following tests depending on the scope. ”(IH)
6.2 Breaking the wall down: Making it possible to reproduce.
The third process of institutional change(arrow c in figure 1) takes place when routines were reproduced because of the repeated behaviors. As it is previously analyzed in the institutional realm section, lots of internal auditors still have and prefer the routine to do manual checking, and they are the practitioners who are not fully ready to reproduce the institutional change because the informal change is lagging behind the formal change. If the processes of informal change lag behind the formal change processes, tensions may be introduced in the form of anxiety and resistance, possibly leading to the failure of the implementation (Burns and Scapens, 2000, p.19 ). There might be lots of resistances emerging because of the fear of change, especially something like a new technological change which may require the new routines to be embedded in people’s daily work. The gap in age and routine is also what is building up the obstacles for lots of company’s digitalization process of internal audit right now.
“I had a client coming to me and said, ‘I hate analytics, if it weren’t for that the CAE really requires us to do this, I would not do it.’ If you think about it, if you are an internal auditor who has been trained for thirty years, you have received CAE and all the other different certifications and everything, your mindset is so programmed to do things with the checklist manually, I mean you understand the risks very well but it will be hard for you to change your mindset, whereas if I was able to bring in a twenty or twenty-five year old tomorrow, with a computer science and risk background, it is very easy for him to apply the new techniques.” (II)
Although there have been articles promoting the idea that audit work is going to be digitalized (Lombardi et.al, 2015), there is no one who can foresee the exact time of the completion of this process and it is too earlier to formalize rules for lots of companies to use analytics into their internal audit work. However, in reality, it is almost impossible to equip every internal auditor with the analytics skills, therefore, collaboration becomes the best way to embed analytics into internal audit work. Lots of the internal audit co-sourcing engagement failed to use analytics partly because there is no powerful extra-organizational factors or individuals’ power, but also partly because of the hierarchical organizational structure inside the organization that inhibits the collaboration.
“I don’t know if you saw the Economics two or three years ago, there was an article about the on rushing way of change, I am not sure if you saw it, but basically they predicted that for accountants and auditors, there is a very high risk that they will lose their jobs due to automation. This is where the routine becomes very important, but again, as I told you earlier, we are about the rules and place to say that, you need to make sure that the numbers that are hiring, you need to make sure that this is respected, you need to make sure that this is involved, it doesn’t work.” (II)
A more relaxed knowledge sharing culture, and collaborative organizational structure will
surely facilitate the informal change of routines in an organization to keep up with the formal changes, which explains the consulting firm’s success in implementing data analytics for its outsourcing clients, and we see it as an institutional change that has been reproduced inside the consulting firm. One of the risk analytics champions contends how easily a firm can reproduce this institutional change at the cost of little human labor.
“You have too many teams with capabilities of Spotfire, set them up with a good network, internally within a company, that they know where all the IT departments are and are able to develop a good overview of the IT landscape and have them act as sort of center of excellence for analytics delivering services to each of the other teams, then you would have a very powerful analytics capability with the cost of two extra people. ”(IG)
6.3 Regressive versus progressive: the necessity of contextual change.
Tool (1993)’s dichotomy of institutional change offers a deeper insight into the technology change’s impact on internal audit. In his research both ‘ceremonial’ and ‘instrumental’ behavior were introduced. Ceremonial behavior comes out from a value system which preserves existing power structures whereas instrumental behavior emerges from another value system which applies the best available knowledge and technology to problems and seeks to enhance relationships. Regressive change describe ceremonial behavior and therefore inhibits institutional change. Meanwhile, Progressive change describes instrumental behaviors and facilitate institutional change. When new technology keeps questioning previous ceremonial, dominant values, the progressive change can happen.
Changes in technology, cross-cultural contacts, economic downturns and similar events increase the odds that actors will realize that they can (or must) modify an institution (Burns 1961; Ranson et al. 1980), Technology has increased the validity of data input, processing, and output, and has also increased the ability to access information (Soileau et.al,2015). Contextual change is usually necessary before actors can assemble the resources and rationales that are necessary for collectively questioning scripted patterns of behavior (Barley and Tolbert 1997).
