Consciously dealing with the subconscious. About the relevance of gamification to internal auditing

At the recent annual symposium of the Internal Auditing & Advisory and IT Auditing & Advisory programmes of the Erasmus School of Accounting & Assurance (ESAA) we presented a report discussing the findings of a study into emerging trends in the professional practice of internal auditors. One of those trends is the ‘psychologisation of the internal audit profession’: it has become nearly impossible to separate risks from the related behaviour and the risk perceptions of those involved.
The internal audit function plays a key role in assessing and identifying risks, and is at the same time looking for ways to improve the effectiveness of its assessments and interventions. This increasingly involves the use of concepts that extend beyond the content of the message and focus on the ‘form’ of the message, the timing of the message, etc.
Experiments in the field of behavioural economics have shown that subtle changes to how a message is presented can influence people’s decision-making, particularity when it comes to decisions about risks. Knowledge about heuristics and biases in human decision-making has led to the successful application of ‘nudges’: simple interventions that ‘entice’ to adopt the desired behaviour and gently push them in the right direction. It has been shown that nudges are effective because they make the desired alternatives easier, more attractive, more socially engaging or timelier. So nudging could be an interesting addition to the classical repertoire of the internal auditor.
In the public sector interest in nudging has been increasing in recent years because it provides an effective means to influence people’s behaviour. Lines are painted on dangerous roads to make the road appear narrower. As a result, drivers slow down and drive more safely. Applying the image of a fly in urinals and placing waste baskets near traffic lights for people to aim at are playful incentives for safer and more hygienic behaviour. By making smart use of our subconscious inclination to play games and improve our game playing skills, we can actually bring about safer, more hygienic and therefore less risky behaviour. These are special forms of nudging known as ‘gamification’, which plays an increasingly dominant role in risk management and safety management, for example in hospitals. Gamification is also slowly but surely receiving more attention from the Executive Board and the Supervisory Board or Board of Trustees.
The application of nudging (and gamification as a special form of nudging) that we increasingly encounter in our day-to-day practice in the public and private sector obviously raises challenging questions for the internal audit practice: Are we able to, are we allowed to and do we want to use these types of tools to influence behaviour? Can we ignore these tools, which have such a big impact on risk behaviour in the public and private sector and which are increasingly incorporated into the risk management of all kinds of organisations, including hospitals? And how can gamification be reconciled to the professional seriousness of the internal audit profession, where contributing to the controlling of risks is a key priority, but focusing on the game element of this may nonetheless feel a bit awkward, to say the least?
The emergence of the phenomenon of gamification raises challenging questions for the internal audit practice and demands in-depth research into the opportunities, dilemmas and limits of the application of gamification in the professional practice of internal auditors.
In exploring this phenomenon, we will zoom in on the healthcare sector, where gamification plays an increasingly prominent role in the operational and governance practice with regard to risk control, and is therefore increasingly encountered by the internal audit function. Risks manifesting themselves in the healthcare sector have a major social impact and healthcare institutions face a rich palette of risk types that fall under the remit of the internal audit function. We believe that the lessons we have drawn from our exploration in this sector may also offer interesting starting points for a broader discussion about the application of gamification in the internal audit profession. The practical part of this exploration focuses on an initial exercise with gamification in the healthcare sector, but the findings are also relevant to the much larger Dutch internal audit profession as a whole, including internal auditors operating in entirely different fields.