In a quasi-experiment with external (EA), in-house internal (IIA), and outsourced internal auditors (OIA) as participants in their natural roles, we compare auditors’ internal control evaluations in the presence of differing management reporting motives. Grounded in Organizational Identity (OID) Theory, we find EAs’ evaluations are more (less) lenient when management’s motive is less (more) self-serving. We provide evidence that management’s motives affect EAs’ evaluations because management is a conduit for EAs’ OID and because EAs adopt an affiliative protective orientation. In contrast, we find no evidence management’s motives affect IIAs’ evaluations or that management is an OID conduit for IIAs. Finally, we find that although OIAs and IIAs exhibit similar OID levels, on average, OIAs’ evaluations are more lenient than IIAs’. Our results clarify how auditors form OID, how it manifests into protective behaviors, and suggest EAs’ preference to rely on OIAs’ work over IIAs’ may inadvertently diminish audit quality.