Coping with Complexity: Internal Audit and Complex Governance

ABSTRACT Complexity, a key issue in accountability research, is almost coterminous with modern governance. Increased complexity is a key external contingency driving analyses of public administration. Scholars often conclude that “traditional” forms of centralized accountability and control are no longer feasible in the face of complexity, but at the same time, internal audit in government, as a form of centralized accountability and control, is expanding its scope. This apparent paradox is addressed by means of mixed research methods focusing on how internal auditors in government understand and cope with complexity. The article demonstrates that auditors do so by hybridizing values and through professional and relational anchoring of practices. The results suggest that public administration scholars should not write off centralized control in complex systems of governance. The article also suggests that new accountability issues arise, relating to professional autonomy and influence inside government.

purposes (Koppell, 2005), stakeholders (Page, 2006), and mechanisms (Bovens, Schillemans, & Goodin, 2014) of accountability. This often leads to the conclusion that "traditional" forms of central control and accountability are either insufficient or outdated (Behn, 2001;Jarvis, 2014;Schillemans, 2011). In a complex macro setting with multiple systems and forms of accountability, "simple" hierarchical control at the meso level within organizations is anachronistic.
At the same time, however, the meso-level practice of (internal) auditing has so expanded over recent decades that Power (1997) made the claim that we are now living in an "audit society" and are facing an "audit explosion." Auditing, as one of the most important and specific forms of public sector accountability, has been expanding in terms of both volume and relevance as well as subject matter, such that internal audits now reach far beyond finances. The rise and transformation of internal auditing in government (Brusca, Caperchione, Cohen, & Rossi, 2015) is highly remarkable in the face of general assessments of the increase in complexity, because internal auditors are generally seen as tools of central management aiming to control operations within organizations by guarding central standards and directives (Hayne & Salterio, 2014;Power, 1997). Thus, contrary to the claims in the macro-level public administration and accountability literature, at least this meso-level practice of centralized control in governments is blooming.
It is this central paradox that the present article is concerned with. While increased complexity at the macro level supposedly makes central control and accountability problematic, the meso-level practice of internal auditing (as a centralized form of control) is actually blossoming. How can these contradictory assessments from different but closely related disciplines be understood? Could it be that the macro-level claim of increased complexity is overstated and exaggerated? Or, conversely, could it be that the meso-level practice of internal auditing turns a blind eye to the macro-level complexity of its surroundings? In order to understand the linkage of macro-level complexity with meso-level accountability and control inside government, this article analyzes how internal auditors experience and cope with the complexities of auditing in government. The question will be answered by studying the meso-level practices of internal auditors in government. Two issues will be explored: Do internal auditors actually experience complexity as a salient feature of modern governance? And, if so, how do they cope with complexity?
The analysis will demonstrate that complexity is indeed a relevant issue for internal auditors, but also, and more importantly, that they have developed practical strategies to cope with macro-level complexities at the meso-level. This illuminates some of the ways in which centralized control and accountability can still be made to work under unfavorable conditions. The findings relieve some of the gloomy assumptions related to complexity as a macro-level challenge to government but simultaneously show that the ways in which complexity is handled raise new issues for accountability.
The present article is based on a 2-year research project with mixed research methods-a survey, interviews, and focus groups-focusing on the internal auditors working for the integrated audit office of the Dutch government.

Internal audit in government
Internal auditing is one of the important mechanisms of accountability in many countries, with the Anglo-Saxon world serving as forerunner (Broadbent & Guthrie, 2008). Auditors "are employed to check … accounts and hence provide external credibility through certification or audit opinion on the accounts" (Hayne & Salterio, 2014, p. 421). Auditing originally focused only on finances, but has now broadened its scope to encompass all major substantive issues within organizations (ACCA, 2014;Power, 1997). Over the past 20 years or so, public sector accounting has been the object of "great renewal" (Caperchione, 2015, p. 1), and the private sector has often been used as the aspirational benchmark. The modernization of contemporary public sector auditing and accounting aims to incorporate insights and practices from the private sector but also to broaden the scope and focus of auditing beyond financial accounting (Broadbent & Guthrie, 2008).
The current rise of auditing-and the alleged auditing of everything-has fueled a high-rising debate about an "audit society" (Power, 1997) in which the auditors are "taking over" (Pentland, 2000) and governments are suffering from accountability overload (Halachmi, 2014). The increased focus on auditing is directly related to the perceived growth in complexity of governmental organizations and policy fields. New models of governance, privatization of public services, and collaborations in networks have all pushed the growth of public sector auditing forward (Pentland, 2000, p. 307). This also signals a fundamental transition from external regulation, where external bodies exert control over organizations, to internal regulation and accountability by freestanding units within governmental organizations (Hood, Peters, & Scott, 2004;Spira & Page, 2003).
While auditing is an expanding activity, there is still conceptual confusion about its exact core. Power (1997, p. 4) claims "there is no precise agreement about what auditing really is, as compared with other types of evaluative practice, such as inspection or assessment. It is wiser to speak of a cluster of definitions which overlap but are not identical." In this sense, internal auditing refers to the employees within organizations whose task it is to investigate claims and to check whether information, processes, decisions, and implementation conform to established standards and expectations (Anthony & Govindarajan, 2001). Auditors act as tools of management and provide accurate, timely, and "true" information about the state of affairs of the organization. Auditing is a form of indirect self-observation (Power, 1997, p. 83). Modern organizations employ methods and procedures for control and information management, and auditors operate as secondary controls and observers of those primary systems. As such, auditors are important fact-checkers within organizations and serve as guardians of organizational norms (Van Twist, Steen, Bouwmans, & Bekkers, 2014).
People generally associate auditing with "number crunching" and "bean counting" (see Walker, 2014). And, although the numbers (not the beans) are obviously very important, internal auditors have, in particular, a role that extends well beyond the confines of the numbers "only." As one of the respondents said: The important thing is obviously the story behind the numbers. Our work is not only about checking the numbers … anyone could do that. The really important thing is to interpret how the two [reality and the norm] are related to each other.
By interpreting the numbers and certifying statements, auditors do something of high importance to their organizations-they produce trust, legitimacy, and comfort both externally and internally (Pentland, 2000;Power, 1997). The interpreted facts and figures are translated into a story of being in control, being aware of potential risks, and being competent and in charge. Carrington and Catasús (2007) define this role as "comfort theory," meaning that auditors ultimately serve to make everybody, including the leadership and the auditors themselves, feel comfortable about the organization, its strategy, and its more general state of affairs.
The need for a third party (the auditor) to step up is directly related to the complexity of tasks, organizations, and circumstances. It is simply necessary to rely on others for indirect self-observation when organizational activities transcend the reach of direct observation. The statements and observations of internal auditors are all attempts to reduce complexity in the sense that they conflate a large and diverse collection of data and information into a specific statement, certificate, or seal. In this sense, auditors shield the political and administrative leadership of government against unworkable levels of complexity. Simultaneously, however, the auditors themselves need to come to terms with the highly complex nature of modern government.

Complexity and audit in government
Most scholars in public administration would readily acknowledge that contemporary governance is characterized by increased complexity, denoting both the plurality of values, stakeholders, and organizations, as well as the contradiction in terms of accountability demands. The present analysis is, for instance, signified in the following quotation: There is scarcely a single duty of government that was once simple that is not now complex: government once had but a few masters; it now has scores of masters. Majorities formerly only acquiesced; they now conduct government… . And those views are steadily widening to new conceptions of state duty; so that at the same time that the functions of government are every day becoming more complex and difficult, they are also vastly multiplying in number. Administration is everywhere putting its hand to new undertakings.
The quotation actually comes from Wilson's (1887, pp. 200-201) seminal article on the study of administration, and the general argument of increasing complexity has been a dominant and recurring observation of some of the greatest minds in the field ever since. These scholars have pointed at various aspects of governance that are characterized by complexity and, in turn, are relevant for internal audit in government. The three most important dimensions will be discussed below.

Organization
A first source of complexity refers to the internal organization of the public sector and governmental capacity. Waldo, often hailed in the United States. as the contemporary champion of the discipline (cf. Frederickson & Smith, 2003, p. vii), understood societal complexity as the key challenge for public administration (Waldo, 1955, p. 67). In the face of complexity, the quality of policy analysis, as well as the education and training of civil servants, needed to be reinforced. He thus sought to strengthen governmental capacity in response to the external challenges in order "to make government work under the new and more demanding conditions" (Waldo, 1955, p. 19), a clear echo of Wilson's assessment almost 70 years earlier.
In response to the external complexity of societal expectations, the internal organization of the state, and of the public sector more broadly, has grown more complex since the 1980s (Bovens et al., 2014;Pollitt & Bouckaert, 2004). Complexity can thus refer to the institutional complexity of policy fields in which multiple actors are engaged in the "production" of public policies (Osborne, 2006) as well as to the complexity of specific organizations within the various fields (Rhodes, 1996).
Complex organizations are a challenge for auditors because their standard methods are based on "management system principles," where they are "checking activities against procedures and rules" in order to "find out about the level of compliance of the structure with an observed, matching or not, reality." (Le Coze, 2005, p. 630). But when governmental organizations are highly complex in and of themselves, and when their activities are performed in complex networks with many other entities, the auditor's task of verification becomes particularly difficult. The auditor needs standards as the basis for judgements and assurance, however: "What is an adequate standard for an unpredictable world?" (Nuijten, Twist, & Steen, 2015, p. 201).

Values
A second salient dimension of complexity is the multiplicity of relevant values. This was, for instance, central to Lindblom's (1959) now classic tract on policy as "muddling through." Lindblom reasoned that policymakers in contemporary societies could not possibly account in their decisions for all of the diverse and conflicting values of citizens and institutions. The theoretical model of "comprehensively rational" decision-making was impracticable in reality, he claimed. Because of the complexity of values, then, policymakers resorted to incremental forms of decision-making.
In more recent studies of public accountability, the multidimensionality of relevant values is an often recurring observation. In Romzek and Dubnick's (1987) important typology, a distinction is made between four sources of accountability, each undergirding a different set of values: political, hierarchical, legal, and professional. These four sets of values are of immediate relevance for internal auditors in government. Internal auditors, to begin with, are commissioned by a principal to "observe" some agent within the organization. In this sense, hierarchical accountability is relevant for auditors, and they can be expected to adhere to the specific demands made by their commissioning principal and also to value the efficiency of auditing. Furthermore, internal audit in government is organized within specific legal parameters. Auditors have a formal statutory task describing their responsibilities and obligations and also specifying the specific purposes of specific types of audit. However, auditors are also professionals, operating on the basis of professional norms, values, and understandings. Auditors' professional opinions and specific professional norms are important to understand their work. Simultaneously, however, as professionals, auditors work in a clearly political environment, where actors are expected to be sensitive to political issues and at least somewhat responsive to the political rules of the game. The political salience of issues can thus also be expected to be important for internal auditors, as well as, possibly, the reputation of the auditee.

Tasks
Wilson's analysis, quoted at length above, specifically points to the complexity and variable nature of governmental tasks, a concern resurfacing, for instance, in more recent research on the variable success rates of policies (Schäferhoff, 2014) and on task-diversity in governance (Van Thiel, 2012). The sheer number and variety of governmental tasks have steeply increased since Wilson's time. Administration continues to put its hand to new undertakings. The government's total "portfolio" is highly fragmented. Some of its tasks, for instance, demand strict adherence to rules, other tasks rest on highly complex decisions made by specialists and professionals (Schillemans, 2016), and more and more tasks are performed in networks or in collaboration with others (Peters & Pierre, 1998).
This complex task-environment is, at face value, a first obvious challenge for auditors in government, because different tasks, participants, and criteria for success would logically call for different types of assessment. This complexity is further aggravated by developments in internal auditing itself. Internal auditors traditionally served as organizational police officers or watchdogs (Morgan, 1979, p. 161). In recent years, however, auditing has evolved from a narrow control function focused on compliance to a the broader ambition of adding value (Power, 1997;Walker, 2014). Where traditional audits focus on red flags, modern audits more and more aim to provide policy advice and to stimulate improvements. Combining control and added value is now the formal goal of both the international Association of Chartered Certified Accountants (ACCA, 2014) and the case-organization of the present study, the Audit Dienst Rijk (ADR, 2012). Thus auditors need to find ways not only to signal issues and risks but to provide advice on quite divergent sets of governmental tasks.

Coping while auditing
Dealing with complexity presupposes the existence of coping strategies-ways to reconcile the apparently irreconcilable that enable auditors, and other agents, to do their work in the face of ambiguity and complexity (Lipsky, 2010;Nuijten et al., 2015). In Lipsky's original work, many coping strategies were detrimental from a strict public policy perspective and mainly served to help street-level bureaucrats face the incompatible day-to-day challenges on the front line of a public service (Tummers, Bekkers, Vink, & Musheno, 2015). Conversely, however, there are also more positive-or at least normatively neutral-coping strategies that allow professionals to reach their goals and to circumnavigate the complexities and conflicting demands of their environments. Three (sets of) coping strategies that have been found to be helpful in mitigating complexity will be described below.

Casuistry
The first coping strategy is characterized by flexibility. 1 Following Steenhuisen (2009), it is here termed casuistry, or case-based reasoning 1 In the face of complex tasks, values, and organizations, in a situation where the demands from different stakeholders are difficult to reconcile, auditors (and others) can choose to work on a case-by-case basis. Procedures and practices can be adapted from one audit to the next, and, as well, the rank order of goals, norms, and values can be rearranged with each audit. The strength of a coping strategy is that it does not take sides in value conflicts; the potential weakness is that actors may become erratic, trying to satisfice all relevant stakeholders simultaneously but failing to please any (cf. Koppell, 2005).

Value management: Biasing, firewalling, or hybridization
A second set of coping strategies focuses on the management of conflicting values. When multiple values are important, auditors (and others) face an uphill task. The easiest response would be to bias-that is, to systematically favor one value above others. This is intellectually and practically the easiest response, because it immediately deletes all layers of complexity. However, assuming that values are understood as important by relevant stakeholders, it is also a potentially conflict-ridden coping strategy. A more subtle approach would be to firewall-to allocate specific values to specific situations, actions, or spheres. For instance, the value of efficiency could be reserved for intra-organizational use and the value of improvement could be reserved for contacts with auditees. While biasing may lead to external conflicts, firewalling can lead to internal conflicts because different spheres are separated and hypocrisy looms. Hybridization, then, is potentially the least conflictual strategy. Hybridization entails the collating of diverse norms or values into a new norm or value that is hybrid and aggregated. By redefining several different values into a more inclusive new value, a complex value-environment is reordered and reorganized. However, the new hybrid value may be opaque and incomprehensible, merely glossing over and negating substantive conflicts rather than solving them. As such, none of these coping strategies is remotely near fail-safe. Nevertheless, internal auditors will need to choose one of these suboptimal coping strategies in the face of value-complexity. The empirical section will describe these coping strategies in more detail.

Anchoring: Procedural, relational, or professional
A third set of coping strategies revolves around the anchoring of practices. Anchoring strategies do not resolve value-conflicts substantively but instead resort to procedural means (see also Tummers et al., 2015). The first anchoring strategy is procedural. Auditors may cope with their complex environment by devising and strictly following standard operating procedures, working on the basis of a fixed format, with established routines and practices that provide "anchors" to their everyday work. A second anchoring strategy is relational. Public sector auditors operate in a context that includes a variety of important stakeholders: their principal, the auditee, the wider politico-administrative system. A relational coping strategy entails frequent informal contacts with all of these actors in which substantive issues are resolved relationally. A final coping strategy is professional anchoring. Auditors are professionals; they sport official titles, are members of professional associations, and need to comply with professional standards and norms. Their professional background and professional practices can be an important anchor, insulating auditors to some extent from organizational or political pressure because they can use their professional role and tasks to legitimate specific actions and decisions.

Research design
The research described in this article investigated whether auditors experience complexity, which dimensions of complexity they find, relatively speaking, more or less salient, and how they cope with complexity. The research was conducted between February 2013 and July 2014 by a team consisting of seven researchers. Three methods were used and combined: a survey, qualitative interviews, and focus-group meetings. The team followed a cumulative approach: In the first phase, exploration, the team explored the subject by means of interviews with auditors, audit managers, and experts, a focus group meeting, and desk research. A draft version of the survey was distributed to 25 respondents, with an 80% response rate. Results were not incorporated in the final survey. During this preparatory phase, important dimensions of complexity were identified, as well as important potential coping strategies (discussed above). On this basis, a survey was developed with items measuring both complexity and coping, and in the second phase of the project it was distributed to all the auditors in the internal audit office of the Dutch government. Simultaneously, interviews were held with auditors as well as a second focus group. The intermediate results were written down and discussed in two more focus group meetings. The final results were presented in a concluding session with some 40 auditors.
The different elements of the research approach will be described below in turn.

The organization
Research focused on auditors from the Audit Dienst Rijk (ADR), the internal audit office of the Dutch government. The ADR is a relatively newly integrated internal audit office for all departments of the Dutch government. It employs approximately 650 auditors (ADR, 2012, p. 16) and spent approximately 70 million euros in 2013, mostly on salaries (Ministry of Finance, 2012, p. 20). The ADR differentiates three core tasks: financial auditing, IT auditing, and operational auditing. Thus traditional financial auditing is important, but not the only type of auditing. The lion's share of the ADR's workload flows directly from its statutory task, while operational audits are designed on demand to address specific operational problems. The ADR's work is challenged by the fact that different parts of the central government use different reporting and budgeting systems (Budding & Van Schaik, 2015). Also, the various government departments are relatively autonomous, as the prime minister and his office have relatively weak coordinating powers (Andeweg, 1988). The complexity of the task-environment of Dutch governmental internal auditors makes it an adequate case for an analysis of how auditors understand and cope with complexity.

The survey
The survey was distributed on January 23, 2014, through an e-mail sent by the general director of the ADR. The project leader sent a reminder at a later stage. The survey was sent to a mailing list of 576 auditors, of whom 175 completed the questionnaire, making a response rate of 30.4%. The survey contained questions relating to the challenges for auditors, relevant dimensions of complexity, and measures for coping mechanisms. The survey items are listed in Table 1.
Most of the questions were measured on a 5-point Likert scale. The various items were measured with somewhat different types of questions. This variation was done for substantive reasons-because different types of questions seemed to work better for different types of issues-but also in order to contravene mindless responding by respondents filling out a fixed format.
Tasks were measured with a question asking respondents to choose whether it was their task to perform either one, neither, or both of the tasks described in Table 1.
Values were measured with eight questions asking respondents to indicate their relevance for auditing on a 5-point Likert-scale. The relevance of organizational complexity was measured with six questions pertaining to potential challenges for auditors, identified in the exploratory phase of the project. This part of the survey was preceded by a short explanation. The "complexity of government and policy processes" was one of six potential challenges, and, as it turned out, the most salient one, according to the respondents. 2 The coping strategy of casuistry was measured with a statement relating to case-by-case reasoning in auditing. Biasing would presuppose that one-or a set-of values from the earlier list of eight values would be found to be more important than others, while firewalling would mean that values would be alternatively relevant under different circumstances. Hybridization, to conclude, could not be asked directly in the survey. However, the fact that most values and stakeholders were found to be relevant already pointed in this direction; and this was pursued further in the qualitative part of the research.
The anchoring strategies were measured with three questions relating to the role of procedures in auditing (procedural anchoring)-one about the auditor's professional training and knowledge (professional anchoring) and two about the task-environment and informal contacts (relational anchoring).
The survey further contained some of the usual control variables about gender expression, age, position, and so forth, and also some questions relating to cooperation in government, but this last part is not discussed in the present article .

The interviews
During the project, 59 semi-structured interviews were held with auditors. All of these interviews focused on the practices of auditors and on their experiences and coping behaviors. The interviews were held by four researchers, under the supervision of the authors, and had a broad scope. Excerpts from the interviews were coded by the principal investigator (PI) through an open coding system that provided an overview of important recurring experiences and behaviors. The discussion in this article is limited to excerpts from the interviews that directly address the items in the survey relating to complexity and coping. More specifically, the PI used a coding scheme based on the items in Table 1 with which the excerpts from the interviews were analyzed and combined. Interviewees could thus validate (or not) the findings from the survey. They could also provide examples, explain and fill in on the strategies used, and suggest ways to interpret the findings.

The focus group meetings
The project used four focus-groups meetings in different stages of the project. While the interviews and survey focused on "ordinary" auditors, the focus groups were semi-open group discussions with 7 to 14 participants for each meeting-27 individual participants in total. These were all (highly) senior auditors, audit managers, or members of the management team. The focus groups had three purposes. The first focus group helped in identifying the most important dimensions of complexity and coping, and thus helped to develop the items for the survey. The three later focus groups were used to validate the intermediate findings. The researchers would present the findings, asking participants whether they recognized the findings, and whether they believed any important issues had been missed. This led to discussions with participants that helped the researchers to interpret and understand the findings. Participants would provide additional examples and explanations for the observations. With the exception of the meeting with the management team, all focus group sessions were transcribed and the transcriptions were coded by the PI along with the interviews.

Complexity and control
Public accountability, as most scholars on the subject would argue, is a far from unambiguous concept that denotes complex, multifarious, and partly contradictory practices and expectations (Bovens et al., 2014). The public sector has also more generally grown in complexity, according to many other scholars, and this is said to mean that traditional centralized forms of accountability and control are no longer feasible. These general assessments seem strangely at odds with the simultaneous development of internal audit in government. Because internal auditors are exactly that-centralized "tools" of accountability and control. Moreover, contrary, perhaps, to the expectations of public administration scholars, the role of internal audit in government has actually been expanding, both numerically and in scope (Broadbent & Guthrie, 2008;Caperchione, 2015;Power, 1997). How can this apparent paradox be understood? The easy answer would be that auditors actually do not understand or experience the relevance of complexity in their work. However, it is argued below that this is far from the case. This, then, leads to a second, more complex answer-that internal auditors have found ways to cope with their numerically demanding and substantively often contradictory environment.

Organization
While complexity is a key concern in public administration and public accountability studies, the concept as such is seldom central to the academic literature on auditing (Nuijten et al., 2015, p. 197). This suggests that the concept is irrelevant to auditing, but it may be that audit practitioners and scholars use different words to describe it or choose not to focus on it specifically, because it is not seen as relevant. As a first test of the relevance of the concept, the auditors in the survey were simply asked to indicate the relevance of a number of potentially important challenges for their work. As mentioned above in the methods section, the survey presented six potentially relevant challenges, and respondents answered on a Likert scale whether or not these were (highly) relevant to them. The simple measure of the "complexity of government and policy processes" was the most important of these six potential challenges. The mean response was fairly high at 3.8 (where 3 is neutral and 5 is full and strong support); only 6% of the respondents did not find the issue particularly relevant (at all). This suggests that organizational and processual complexity was indeed, as expected, a relevant challenge for internal auditors.
The complexity of the organization of government also featured prominently in the interviews and focus group discussions. Most respondents readily agreed that the complexities of policies, policy processes, and the politico-administrative system as such were fundamental aspects of their work. They claimed that "volatility" was a real issue in government and that central management constantly stressed that it was necessary to be able to "position oneself in a new context." As reporting systems (Budding & Van Schaik, 2015) and organizational cultures and practices (Andeweg, 1988) vary widely between government departments and underlying agencies, auditors claimed that wordings and phrasings in audit reports needed to be aligned with the different policy traditions and cultures of the departments. Some auditors also underlined the importance of keeping track of developments and norms in organizations and of the "need to learn to stay in tune, substantively, and what that means for us [auditors]." Whether or not the issue of complexity is legitimately understood as a challenge was sometimes somewhat disputed. One of the auditors, for instance, stated: "I don't usually think in terms of dilemmas or challenges. It is simply our task to investigate how tax money is spent." Note that this respondent did not challenge the relevance of complexity for auditors as such, but, rather, whether experienced complexity is correctly labeled as a challenge.

Values
The answers to the specific questions in the survey pertaining to the complexity of values and tasks further underscored the relevance of complexity for internal auditors. Most of the eight (sources) of values were seen as relevant, and the tasks of signaling and advising, at face value perhaps contradictory, were both seen as important. Table 2 provides an overview.
The information in Table 2 relates a simple story: Many values are indeed important for internal auditors in government. In particular, one's professional opinion and the specific purpose of the survey stand out from the others; the specific demands of the commissioning principal (in the Netherlands formally the administrative leader of the department), professional norms, and the political salience of the issue were also very important for internal auditing. This is interesting in the sense that the practical implications of these values can be quite contradictory. It is easy to understand that one's professional opinion could be at odds with demands of a government department or a commissioning principal, for instance, or that the political salience of an issue could meddle with the "social acceptability" of a fact-finding mission by auditors in a politically salient context.
During the interviews and focus groups, many interviewees did indeed suggest that government sometimes is a difficult environment for auditors, because "the government often uses very vague rules for itself. It is often mandatory for private sector organizations to use COSO [a specific business administration system], but not here." This quotation is indicative of the gist of many responses-contradictory or unclear expectations are indeed topical and important for internal auditors in government.

Tasks
Somewhat surprisingly, almost all the auditors also claimed that it was their task to signal issues and problems and to identify and provide policy advice with which the shortcoming could be remedied. This was a surprise, because the interviews had suggested that these two tasks-and the appropriate balance between them-were highly salient. The issue constantly and without prompting resurfaced during the interviews and focus groups. It also directly connects to the professional ambition of auditors to "break out" (ACCA, 2014), to improve the added value of auditing (Nuijten et al., 2015), and to excel in "audit and advice" (ADR, 2012). The interviewees often suggested, as does the professional literature, that these two tasks are difficult to reconcile; yet the respondents almost universally suggested that they already were reconciled. Whether the internal auditors in the sample were particularly successful, or unsuccessful, in this combination of control and advice is impossible to say. But their resolute responses to these questions about the combination of seemingly contrasting tasks suggests that while complexity is indeed an issue, it may be much less problematic "on the ground" than was theoretically assumed.
The general public administration literature tends to interpret complexity in a problemistic way, as an external impediment to established practices, particularly of centralized control. Many auditors, however, whose key task is central control, took a rather different view. The auditors simply saw complexity as one of the aspects of their profession that made their work worthwhile. They happily agreed that complexity is highly relevant, but they saw it, not as a problem, but rather as a source of professional satisfaction and even joy. Complexity was described as the "fun part of the job" that "makes it highly interesting." A fair number of auditors suggested that the complexity of government and its policies was precisely why they had been hired in the first place and that this confirmed that they had important work to do. One of the respondents half-jokingly stated, "It fills the order book!" Thus internal auditors in government do, as expected, experience complexity-of the organization, of relevant values, and of their tasks-as a relevant feature of their work and agree that it is their most important challenge. However, many of them see it as a positive challenge rather than a problem; it is a challenge that underscores the need for auditing as centralized control, rather than dispenses with it altogether.

Coping with complexity
The previous section demonstrated that internal auditors in government are indeed, as was expected, confronted by complexity in a variety of guises. It also showed, however, that complexity was perhaps as much an appreciated factor as an operational problem. How, then, do internal auditors in government cope with complexity in its many guises? In the course of the research, seven potential coping strategies were developed that could be used by auditors. The results from the survey and the qualitative part of the research suggest that three of these stand out in importance: hybridization, relational anchoring, and professional anchoring. These three coping strategies will be described in turn below. Table 3 provides a general overview.

Hybridization
Auditors (and many other professionals) are confronted with a large number of often (partially) contradictory values, related to a variety of relevant stakeholders, as was discussed above. It is difficult to satisfice all stakeholders and to take all values into account appropriately. Table 3 suggests that there are three main coping strategies with which to manage contradictory values (based on Graaf, de Huberts, & Smulders, 2013). Auditors can either prioritize (biasing), allocate values to subspheres (firewalling), or conflate values (hybridization) into a new, more hybrid, value.
The responses in the survey, along with the interviews and focus group meetings, strongly suggest that the third strategy, hybridization, is the most important and most prevalent of these value-managing coping strategies. Most values were seen and described as important, and auditors aspire to be simultaneously responsive to their principals, their profession, their personal professional judgment, and their organization.
The focus groups and interviews also support this interpretation. The interviews, in particular, suggest that internal auditors in government hybridize their responsibilities toward their profession, principal, organization, and statutory task into one and the same thing. For instance, respondents would claim that the principal simply wanted them to fulfill their statutory role as professionals, a description in which all potential tensions between political accountability, hierarchical accountability, and professional accountability evaporate. And another auditor would suggest that the management of the organization emphasized that auditors should serve their principal by enabling the principal to exert control over the organization, whether or not the principal chooses to actually do so. Again, the politico-administrative context, the formal statutory task, and the organizational hierarchy and needs are reinterpreted into the very same thing. Many auditors stressed that they primarily focused on the principal who commissioned their audit inquiry. Some stated that it is important to be "responsive" to the "language" of the commissioning principal and that the audit process needed to be designed together with the principal. Simultaneously, however, the primacy of the principal was not supposed to have any impact on the way they handled audits as professionals. One respondent, for instance, wrote that the distinctions between the values are difficult to see in practice: … professional, technical demands are difficult to separate from the demands set by the organization. And in a similar vein, an aspect such as "independence" is a professional requirement but also a personal attitude (an independent mind) or moral compass.
The strategy of hybridization was explicitly discussed during the two last focus groups, and many participants recognized it as such, although they did not use the word. Auditors would often talk about how important it was to serve the principal's interests. Yet the auditors also aimed to serve the principal's interests even if they did not meet with the principal or receive specific instructions. They assumed that the principal wished to receive reliable information about the organization in order to be able to (be in) control. Many auditors who claimed that the principal was their most important stakeholder conceded that they did not always speak to the principal in person or that the principal was not always concerned with what the auditor actually did. Irrespective, however, the auditors took pride in serving their principals. This interpretation suggests that auditors conflate, or hybridize, various values into a new value: Demands from the principal, their professional task, organizational demands, and their statutory mandate are all reinterpreted as the very same thing, glossing over apparent contradictions. One of the respondents stated as a truism: "In our organization, people are motivated to contribute to a government that works better." In this way, internal auditors seem to deploy a coping strategy of hybridization, in which tensions and complications related to multiple values, norms, goals, and actors are reconfigured.

Professional and relational anchoring
A second group of coping strategies is anchoring. Auditors (and others) can anchor their activities in various ways-in relationships with others, in professional norms and practices, or in strict procedures. In addition, auditors may also deploy a strategy of casuistry whereby they work on a case-by-case basis. Table 3 suggests that all of these coping strategies can be found to some degree, yet that professional and relational anchoring are probably the most important.
Relational anchoring, in which auditors are responsive to their principal and the wider administrative context, but also to the auditees, is highly important. Respondents suggested that it was indeed relevant, in order to make audits work, to invest in frequent informal contacts with auditees as well as to take the wider politico-administrative context into account. Even though auditors need to "verify facts in light of relevant norms," they thus also indicated that the relational aspect of their work was crucial.
During interviews the respondents would corroborate this view and claim that "we need to communicate to break the ice," that the norms they use "need to be explained," and "It is a lot about communication. You need to keep at that. You can't really overdo it. Sometimes you really need to take them by the hand." In the public perception, auditors are number crunchers and bean counters (Walker, 2014). Yet in their own accounts, communication is a highly important skill for auditors, at least in internal auditing in the Dutch government. One experienced auditor even claimed: "As far as I am concerned, auditors need three crucial skills: one is communicative skills, two is political sensitivity, and three a strong analytical ability." In addition to relational anchoring, the internal auditors also rely on their professionalism. Auditing has a strong technical core. Listening to auditors discussing their work means wading through sentences specked with acronyms and technical language. To provide an example from the present research: From 2012 onwards, process-and systems-owners (within the parameters set in the Cadre-document and MTHVs) will be responsible for organizing external audits (including ADR-audits, Gateways, etc.) for IT-projects. Specifically: IM's, business-related projects and IV-tenders (CIO Office, B/CAO and B/CIE) for  This type of technical-professional language helps auditors to face the complexities of government accountability. As one respondent put it: "Auditors simply need to deploy their techniques." Another respondent notes: "When you work for the audit office, you simply need to know your professional rules and stick to them." A third auditor stated: "We work with our toolkit." In everyday practice as in their mindset, professional training and tools help auditors to circumnavigate the complexities of their environment. This is also evident from Table 3, where most respondents, although not very strongly, would agree with the statement that their professional education and skills help to make audits succeed.

Conclusion and discussion
This article started with the paradox that the increase in macro-level complexity makes centralized accountability and control problematic, while at the same time internal audit at the meso-level is actually blossoming. In order to understand how internal audit works under conditions of complexity, the article analyzes whether and in what ways complexity is a relevant issue for internal auditors and how they cope with it.
The analysis-focusing on just one form of accountability in just one government-confirmed that macro-level complexity in its various guises is a key issue for internal auditors and probably for government accountability more generally. Auditors deploy various coping strategies-notably hybridization, relational and professional anchoring-as means with which to tame unworkable levels of complexity and to reconcile different tasks and values.
The analysis relaxes some of the gloomy assumptions related to accountability and complexity. The existence and proliferation of auditing shows that traditional central control in government is still possible. Whether auditing is particularly successful or unsuccessful is beyond the scope of the present research (but see Lenz & Hahn, 2015;Nuijten et al., 2015). Presumably the same holds for auditors as would hold for the members of most other professions-some are very good, others are not. But the theoretically important consequence for the macro-level debate on complexity and governance is that centralized controls should not be written off too easily; they can be helpful precisely under conditions of complexity (Peters, 2014). This sheds a much more favorable light on the role of complexity and coping than is common in the literature.
The macro-level literature on complex governance almost invariably results in concerned conclusions about the implications of complexity for centralized control and accountability. Yet internal auditors, who together comprise one of the most important meso-level instruments of centralized control and accountability, do not see complexity as problematic per se. On the contrary, it is a positive challenge that makes their professional lives worthwhile. They acknowledge the relevance of complexity but have developed feasible ways of coping with some of its consequences. This suggests that we should take care to treat complexity in a problemistic way and to understand that accountability settings that seem problematic on the macro level could be perfectly fine on the meso level (see also Schillemans & Bovens, 2011;Willems, 2014).
The study of internal auditors in this article suggests that there are practical ways to tame the evident complexity of norms and expectations. Whether this is effective or not is, again, beyond the scope of this research. Nonetheless, it shows that there are real practices of public sector accountability that address and manage complexity, and that seem to work, at least based on what is invested in them and according to those involved. This is, again, a good reason not to write off central controls too easily. But it is also a call for public administration scholars to redirect some of their research efforts toward the meso level where internal and external accountability meet and to analyze traditional hierarchical accountability empirically (Jarvis, 2014).
The authors argue that the ways in which internal auditors manage the complexities of their work environment in government can be understood in terms of coping. This approach extends the application of this concept beyond its original use for street-level bureaucrats and service providers (Gilson, 2015). Yet, as coping is about "behavioral efforts … [they] employ … in order to master, tolerate, or reduce external and internal demands and conflicts they face on an everyday basis" (Tummers et al., 2015(Tummers et al., , p. 1100, this form of conceptual traveling is feasible. It sheds an illuminative light on the efforts of actors in the public sector to do their jobs under conditions of uncertainty and complexity. Furthermore, a large part of the literature on coping is biased toward negative coping strategies. Lipsky originally explored the various ways in which street-level bureaucrats compromised public service goals with the realities of work on the front line (Gilson, 2015). In a different setting, Oliver (1991) came up with a list of five "strategic responses," ranging from acquiescence to avoidance to outright manipulation. And in their recent review article on coping, Tummers et al. (2015) come up with an almost cynical list of coping strategies used by front-line professionals, including complaining, substance abuse, cynicism, and rule-bending. All of these coping strategies make empirical sense; but it is claimed here that there are also more positive and constructive ways in which coping can be seen. Auditors (and other professionals in the public sector) deploy coping strategies as a means to reach for various important yet at least partially conflicting goals. This is an important insight: Coping strategies can be, and are, used to align various legitimate goals and values of government. Thus coping strategies cushion the impact of macro-level complexities on the meso level of organizations.
However, the specific coping strategies adopted by internal auditors come with strings attached. The preceding analysis suggests that complexity is, perhaps, not so problematic on the ground as could have been expected. At the same time, however, the specific ways in which internal auditors cope with complexity raise new accountability issues. Two of these stand out. To begin with, the organizational task of managing complexity is to some extent outsourced to internal auditors. Auditors cope with complexity with a combination of professional routines and tools and by hybridizing apparently conflicting values into an amorphous new value. With this approach, auditors reconfigure organizational issues and relevant values, making them more tangible for audits but also more difficult to assess and understand for nonauditors, including their principals, the auditees, and other stakeholders. This reconfiguration of issues opens up classical questions about the power balance between organizational principals and (auditors as) civil servants, and about the accountability of the auditors themselves.
Second, as auditors transpose complexity into difficult professional norms couched in acronyms that are difficult for others to penetrate, they may have an impact on organizations that goes beyond their formal tasks (see Pentland, 2000;Power, 1997). A second issue for future research, then, relates to professional accountability: How do auditors ascertain whether their practices indeed conform to professional norms? And how is professional accountability organized for internal auditors working in government?