I was in a conversation recently when a colleague used an acronym I had not heard before: FOFO. It stands for “fear of finding out.” He was describing the culture in his organization. Sadly, many internal auditors can relate. They, too, work in environments where leaders prefer not to acknowledge “inconvenient truths.”

What is a FOFO Culture?

I have long subscribed to the definition of culture as “how things are done around here.” In a FOFO culture, leaders avoid information that could reveal problems. They would rather not know about risks, deficiencies, or failures. The thinking is that if you don’t look, you won’t have to deal with it.

Some of the key characteristics of FOFO cultures include:

• Leaders who ignore warning signs or downplay concerns.
• The sharing of bad news is discouraged, sometimes punished.
• Transparency is seen as a threat.
• Employees stay silent, fearing backlash.
• Short-term comfort takes priority over long-term resilience.

In such cultures, the truth is sometimes viewed as dangerous. Leaders insulate themselves from accountability, and middle-management and employees understand the risks of speaking up when something is wrong.

The Internal Auditor’s Challenge

As internal auditors, we have an important responsibility to shine a light on risks, inefficiencies, and control weaknesses. In healthy cultures, this work is valued. In FOFO cultures, it is often not valued and may even be viewed as a threat. When management is threatened by our work, the clash is inevitable.

Here are the ways I have seen this play out in practice:

• Resistance to Audit Findings: Management may deny, rationalize, or minimize what the internal audit reveals. A report showing gaps in compliance might be brushed aside as “overstated.” Leaders may claim that “no regulator has raised this” or that “this is how we’ve always done it.” The goal is to downplay the issue so it doesn’t have to be addressed.
• Withholding of Information: As internal auditors, we cannot function without access. In FOFO cultures, management often slows or blocks access to data, systems, or staff. Responses are delayed. Documents arrive incomplete. Sometimes, internal auditors are told outright that information is “not available.” These tactics frustrate the audit process and signal that leaders do not want answers.
• Marginalization of Internal Audit: Instead of treating internal audit as a partner, FOFO cultures frequently push internal audit to the sidelines. Executives may dismiss us as “policemen” or “compliance checkers.” Invitations to key meetings are withheld. This weakens our ability to anticipate and address risks.
• Retaliation, Subtle or Direct: In some environments, auditors who raise uncomfortable truths face personal risk. Retaliation may be subtle, such as stalled promotions, exclusion from decision-making, or reputational damage. As I have documented on multiple occasions over the years, sometimes internal auditors are pressured to alter reports or leave the organization. The effect on oversight following such instances is chilling.
• Audit Committee Blind Spots: FOFO cultures are often adept at managing upward. Audit committees may receive only the information management wants them to see. If internal audit is constrained, the committee gets a filtered view of risk. This undermines governance and creates the illusion that “all is well,” when it may not be.

The cumulative effect is discouraging. Internal auditors who entered the profession to add value find themselves in constant conflict with the culture. The mission to protect stakeholders becomes harder when those with authority resist the truth.

But this is also where our purpose is most critical. If we back down in the face of FOFO, the risks go unchecked. The organization may appear stable, but vulnerabilities accumulate. When they surface, the costs are far greater than if they had been addressed early.

Strategies for Navigating FOFO

1. Build relationships before you deliver bad news. In FOFO cultures, trust is scarce. If you only appear when there is a problem, you will be resisted. Build relationships with leaders in advance. Show that you understand the business. Offer insights that help them succeed. Trust will not eliminate FOFO, but it will soften the resistance.
2. Anchor everything to risk. Frame your findings in terms of risks that matter to leadership. FOFO cultures often fear exposure more than failure. By connecting issues directly to strategic, financial, compliance, or reputational risks, you make it harder to ignore the message. We must often speak the language of risk to be heard.
3. Use the audit committee as a lever. Audit committees exist to provide oversight. They are less likely to tolerate FOFO than management. Establish direct communication channels. Be clear, concise, and factual in reporting. Ensure the committee understands the risks if management chooses inaction.
4. Document relentlessly. In FOFO cultures, accountability is fragile. Document everything. Keep records of requests for information, management responses, and follow-up actions. This protects your team and ensures there is a trail of evidence. If leadership denies knowledge later, your documentation will reveal the truth.
5. Model courage and integrity. FOFO thrives on silence. We must resist being silenced. Courage is not reckless confrontation, but consistent professionalism. State the facts, even when they are unwelcome. Uphold your duty to stakeholders. A FOFO culture cannot reform if we conspire in the silence.

The Third-line in a FOFO Culture

Auditing in a FOFO culture is not easy. It requires skill, courage, and persistence. FOFO may delay accountability, but it never eliminates risk. When we persist, we can become the third-line safeguard against disaster.

We may not always change FOFO cultures. But we can expose risks, protect stakeholders, and ensure the truth has a chance to surface. That is the role of the profession. And in FOFO cultures, it may be our most important role of all.