Yes to the red report

On compliance and ‘police officers’.

We are in a meeting at the Nordic financial institution, Danske Bank. We are in their head office in the beautiful old listed buildings in the old part of Copenhagen. This is where the phrase “yes to the red report” is coined, in a meeting with Group Internal Audit in Danske Bank. The managers responsible for internal audits talk about the journey they have been on in recent years. A completely new agenda has been set for how the internal audit department and the business can work together to create even greater benefits for the group as a whole. And communication between partners plays a significant role in the process. Among other things, this is about taking a department perceived as internal police officers and giving them appreciation for challenging the business.


In other words, “Yes to the red report” is the expression the management of Group Internal Audit uses to refer to a shift in attitude, meaning that the different managers in the business begin to appreciate – or say “yes” to – critical reviews of their areas, rather than acting defensively or brushing aside criticism with various types of resistance. “You must remember,” their team leader continues, “that in the financial sector, we hate surprises. We hate to be surprised by bad news or a critical conclusion.” In this context, “yes to the red report” is the exact opposite of a surprise.


If we look at this objective in a slightly broader context, it is also about how what we might call compliance functions start to communicate and co-operate with the business in a different way. With greater understanding. With a clear answer about why challenging the business is important and necessary. With a keener eye for how the observations and assessments made by the audit department can actually help the business achieve important goals. 

Getting a ‘yes’

In this sense, a “yes to the red report” is a way for the departments whose primary task is to look after the business (e.g., internal audit, compliance and risk management) to achieve much stronger co-operation with colleagues in other areas of the organisation. In the battle to win the trust of customers, employees and society, this task is more important than ever. The objective is also interesting from a rhetorical perspective, because a significant part of the solution is linked to the relationship between communication and the development of behaviours. Our claim is that it is possible to obtain a “yes to the red report” without pushing it through by means of finger-wagging or the threat of sanctions. The goal is to change behaviours and achieve compliance without using force. 

The purpose of this article is to take a closer look at this and show how compliance staff can benefit from three pointers relating to communication leading to a “yes to the red report”:

  • Communicate in a more targeted way in terms of behaviour.
  • Practise maintaining the balance between being an authority figure and being a helper through storytelling
  • Secure an initial ‘yes’ to something that is less binding

1) Communicate in a more targeted way in terms of behaviour

What ties the compliance functions to the business is the realisation that meeting rules and regulatory requirements has become a competitive advantage. An important narrative about “keeping one’s house in order” has emerged, and that is key to earning the trust of employees, customers and society as a whole.  But the opposite is also true: If the various “defence functions” are initially perceived as an internal police force – and perhaps act in a way that makes this perception reasonable – it can be harmful to the business. This is primarily because the role of internal police officer all too readily involves a form of communication that can be detrimental to mutual trust, rather than building it. Therefore, our initial advice is to target communication in relation to the behaviour you want to achieve. So, how can a “yes to the red report” be translated into behaviour? A red report typically involves an instruction that the department under review should take a number of concrete measures to deal with or address a risk or vulnerability identified by the internal audit department through its review of the business.

Defensive behaviour

A red report can also identify a flawed process that can make the company vulnerable, or that does not comply with strict regulations relating to e.g. documentation and data protection. Sometimes, however, the business does not view the problem in the same way as the internal auditors do. In other words, a “yes” to the red report refers to the manager who accepts and acts on a problem that he or she has yet to recognise or acknowledge as particularly important. It is a great challenge. The next step is to identify the behaviours that stand in the way of the objective (the “yes to a red report”). Behaviours that you must overcome in order to achieve the objective. It is our experience that defensive behaviour is a major obstacle. Defensive behaviour include acting defensively because you feel lectured, criticised or unfairly treated. It may also be the kind of resistance you encounter from people asked to do something in which they do not see the value. However, the point is that defensive behaviour can lead to a negative, self-reinforcing pattern as it is often a response to communication that pushes, demands, and primarily focuses on problems.

Defensive behaviour shuts down learning and collaboration. In contrast, we know that communication that is solution-focused and based on mutual trust and understanding of someone else’s situation reinforces positive behaviour and a more open attitude. Trust across organisations is a complex matter. In fact, we know from research that colleagues from different departments within the same organisation who do not already know each other have as little trust in each other as they do in total strangers. However, from the same research and from experience, we know of a number of practical considerations to make in this regard:

  • Be clear about your “mission statement”, i.e. why your function exists and what it can contribute.
  • Make sure you know what you are talking about – not just in your own field, but also in relation to the bigger picture and the group as a whole.
  • Put yourself in other people’s shoes as best you can, and be interested in the areas of the business that are the focus of your review. You do not have to be an expert on the other people’s business, but you must know the areas’ main objectives and issues.
  • Show that you want what is best for the manager and business, and quickly establish yourself as a reliable person. For example, make a promise that you can keep in the very early phase of the co-operation. Then clarify how your review of the business can contribute to the business’ objectives and possibly remedy a problem that could ultimately prove critical.  
  • Take the sting out of potentially difficult conversations that can emerge throughout the process by articulating them in an undramatic manner as a frequent and necessary part of professional collaboration and shared learning.
  • Establish a relationship with the employees who will ultimately be interviewees and contacts within the business as soon as possible. This will reduce the risk that the task of creating trust will have to start all over again when the responsibility changes hands. 

The recommendations above are in no way about adopting a submissive attitude towards the business. You can easily communicate with authority and give clear and unambiguous messages without losing the recipient-oriented focus. However, balancing the role of authority with that of a helper requires experience and practice.

2) Practise maintaining the balance between being an authority figure and being a helper through storytelling

The key to being able to challenge and make demands without losing other people’s respect lies in the balance between being an authority figure and a helper. Any authority figure – either internal or external – has formal authority that gives it a communication advantage in terms of earning acceptance of a difficult message. In the Danish Financial Supervisory Authority, they say that they have the option of “throwing the crown on the table”. This comes from the fact that they have a crown in their logo, which can serve as a reminder that they act on behalf of the Danish government. In other words, they have a public mandate. Similarly, compliance staff have a mandate that they can draw on, and this comes from the board. However, in this way, “compliance” is achieved through the use of force; a “because-I-say-so” type of argument. This can be both necessary and effective at times. The problem is that this approach does not create ownership or create a mutual understanding of the message. The consequence is often inadequate implementation, and the potential for great resource expenditure without much effect. It is however possible to communicate in such a way that the business understands and takes ownership of the messages.


However, this is neither easy nor straightforward. It requires that you appear as both an authority and a helper in your communication, and that you practise the balance between the two roles. Among other things, this includes requirements relating to how authority and trust are brought into play, and how your recipients understand and feel helped by the process. At Rhetorica, we have used storytelling to achieve just that for years. In particular, working with actantial model, developed by A.J. Greimas, is an important first step. In brief, storytelling is about the following:

  • Being able to explain your purpose so that others can understand it. Without the use of technical jargon. I.e. providing “the why”
  • Being able to put clear and precise messages into context (a storyline) that connects the past, present and future: Problem (past) – Solution (present) – Gain (future)
  • Making the recipient see that although “the report is red”, it is a means to achieving important goals (hero-helper relation)
  • Making the business the hero of the story in the battle for customer trust, thus avoiding an excessive use of authority through lecturing language
  • Being able to capture the recipient’s attention through vivid language that forms the right images and mood

The advantage of the storytelling method is that it reinforces positive behaviour. In fact, it has been documented in a research context that storytelling is the best kind of communication to create trust orally. The downside is that it can make the sender seem unclear, and perhaps even too kind, thus making it difficult to communicate directly and without beating around the bush. For the internal audit, there can be no doubt about which message the business must say “yes” to. Therefore, it may be a good tactic to break a difficult message down into smaller chunks.

3) Get an initial ‘yes’ to something less binding 

When the objective is to persuade managers in the business to say “yes” to a red report, we are asking them to take a big step. We should therefore consider whether we can get them to say “yes” to taking a smaller step at an earlier stage. This is linked to the principle of consistency; we are far more likely to say “yes” if what we are presented with is consistent with something we have agreed to in the past. The principle was first described by psychologists Jonathan Freedman and Scott Fraser in 1966 in their famous article: “Compliance without Pressure”. The article describes a research project that involved asking a representative number of people in a major residential area in California whether they would be prepared to erect a huge sign in their front garden reading “Drive safely!” in connection with a campaign relating to driving behaviour. The sign would be so large that it would block most of the view from their house.

Even for this good cause, we would expect that getting residents to accept this would be difficult. And it turned out that only 17% of residents chose to say “yes”– which was actually better than expected. What is interesting, however, is that 76% of residents in a different but similar test area actually agreed to having the large sign erected in their front yard. Why? For the simple reason that two weeks earlier, they had said “yes” to placing a small sticker (5 x 7cm) on the windscreen of their car that read: “Be a considerate driver”.

The example is referenced in Robert Cialdini’s book Influence: Science and Practice, and while it is hardly possible to draw a perfectly direct parallel to a “yes to the red report”, it is definitely a good idea to consider how the principle of consistency can be applied (you can read more about consistency in the article “Once you say A…” in this magazine). What should a manager say “yes” to at an early stage of the audit process so as to say “yes” to the red report later? For example, imagine that at the first meeting before the audit process begins, the clear point of departure is the objective that the process will help the group become the most trusted financial partner in the industry. In other words, the battle for customer trust is the objective the business can say yes to at an early stage. This will be an important step in reaching the point where a “yes” to the red report is necessary.


It all started with a meeting in Copenhagen with Group Internal Audit in Danske Bank. We obtained a clear overview of the journey from being perceived as an internal police officer to being appreciated for challenging the business; from the feeling of being unpleasantly surprised to saying “yes to the red report”. In this article, we have elaborated on the story. Our objective was to illustrate an approach to communication and difficult messages that can bring about acceptance without overplaying authority and the pressure that comes from being the internal auditing department. This is an issue that we have noticed with several of our clients who perform some form of compliance function. On that basis, we have concentrated on three pointers for gaining acceptance of difficult messages: Communicating in a targeted manner regarding the behaviour you want to achieve and the behaviour you want to overcome; practising the balance between being an authority figure and a helper through storytelling; getting an initial yes to something less binding that also shows a positive story: e.g. the battle for customers’ and society’s trust.

So, if your organisation is faced with similar challenges, we have hopefully managed to convince you that something can actually be done about the problem. The first step is to ask yourself: How should the “yes to the red report” be an objective for us?

Sources of inspiration:
Robert B. Cialdini: Influence: Science and Practice, Allyn & Bacon A Pearson Education Company, 2001. Jonathan L. Freedman & Scott C. Fraser: “Compliance Without Pressure: The Foot-in-the-Door Technique”, in: Journal of Personality and Social Psychology, Vol. 4, no. 2, 1966. Pau Zak: “The Neuroscience of Trust”, in: Harvard Business Review, January/February, 2017

How Can We Help You?

Get in touch with us or find the office closest to you

Get in touch

    * By clicking "Submit", you agree to our Privacy Policy.
    ** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.