The audit of high-risk financial
institutions
295. We discussed with the auditors of Northern Rock,
PricewaterhouseCoopers, their role at Northern Rock. Mr Sexton,
head of the UK assurance practice at PricewaterhouseCoopers, outlined
the conduct of an audit of a firm:
The audit is performed in accordance with standards
and regulations in the UK now issued predominantly by international
bodies. It seeks to provide comfort about historical financial
information as embodied within the financial statements included
in a company's annual report. That is the role of the statutory
audit. In the UK we do perform other work at times at the request
of companies predominantly in connection with interim announcements.
That is also performed in connection with practice guidance issued
by the Auditing Standards Practices Board in the UK.[568]
296. Mr Hitchins, a banking audit partner of PricewaterhouseCoopers,
explained that the only additional duty of the auditors in relation
to the audit of a bank as opposed to another type of company was
that there was a "statutory duty to report to the FSA if
we [the auditors] become aware of anything that is material to
the exercise of the FSA's functions".[569]
Mr Hitchins later explained that the auditor's duty of care towards
the Financial Services Authority "is to make sure the information
in the regulatory returns is consistent with the information we
have audited".[570]
However, Mr Sexton also noted that the auditor was not under a
duty of care to point out certain aspects of the structure of
Northern Rock's liabilities to the Financial Services Authority.[571]
297. When asked whether they as the auditors should
have picked up on the risks that Northern Rock was taking in its
liquidity strategy, the response of the witnesses was that the
accounts of Northern Rock accurately portrayed the state of the
company. Mr Sexton explained that:
I believe that the audit process as judged by
reference to the specifics of Northern Rock in the annual and
interim reportsour opinion on the latter was signed on
25 Julydiscloses very accurate information about liquidity
and other structures within Northern Rock.[572]
One issue we discussed was why the auditors had declared
Northern Rock a "going concern". In its memorandum,
PricewaterhouseCoopers laid out why it thought that it was right
to accept that Northern Rock was a "going concern":
In the first instance, the directors are responsible
for making the assessment that the bank is a going concern. That
is normally taken to mean that an entity is ordinarily viewed
as continuing in business for the 'foreseeable future' with neither
the intention nor the necessity of liquidation, ceasing trading
or seeking protection from creditors pursuant to laws or regulations.
The 'foreseeable future' is usually taken as meaning the next
12 months. As ISA570 observes at para 6 'When there is a history
of profitable operations and a ready access to financial resources,
management may make its assessment without detailed analysis.'
The bank fell into this category. It had traded profitably and
it had a track record of ready access to funds at low spreads
over LIBOR indicating a willingness by lending institutions to
provide finance. In February 2007 there were no indications in
the financial markets that the then extant circumstances were
to change dramatically. As the relevant auditing standard observes
'Any judgment about the future is based on information available
at the time at which the judgment is made. Subsequent events can
contradict a judgment which was reasonable at the time it was
made.' [ISA570 para 7] Obviously the future is by its nature uncertain,
and the relevant auditing standard therefore requires the auditor
to consider whether there is a 'material uncertainty' that 'may
cast significant doubt' that the company may not be a going concern.[573]
PricewaterhouseCoopers then discussed whether there
was a "material uncertainty" for Northern Rock. They
concluded that, having considered the operating plans of the company,
external forecasts of the UK domestic mortgage market and the
post year-end trading results, "None of these exhibited any
features other than to indicate a substantial profit for the bank
with every rational expectation that there would be no significant
financing difficulties".[574]
298. A second issue we discussed was whether there
was a conflict for an auditor between its non-audit and audit
work. In its written evidence, PricewaterhouseCoopers stated that
of the £1.8 million paid in fees to the auditor by Northern
Rock, total audit fees as statutory auditors were £1.1 million,
leaving £700000, which was "largely comprised of fees
relating to assurance services in connection with the bank's actions
in raising finance".[575]
These "assurance services" were "comfort letters
on the financial information in [the offering] circulars [for
securitisiation]".[576]
Mr Sexton while acknowledging that more securitisations meant
more money for the auditors for these comfort letters, did not
accept that this had been encouraged by PricewaterhouseCoopers:
Under our ethical standards we cannot provide
any kind of management input to a company to encourage it to perform
one transaction or another. That is completely forbidden under
our ethical standards. We cannot create a transaction flow in
order to charge fees; it is purely a reaction to the level of
transactions that a company may or may not choose to undertake.[577]
As well as this, PricewaterhouseCoopers noted that,
for Northern Rock, this balance of fees was actually less weighted
towards fees other than those for statutory audits than at other
firms. In the case of Northern Rock, the ratio of the auditor's
fees for other work against their fees for statutory audit work
was less than one, whereas as Mr Sexton pointed out:
If one looks at the FTSE 100 analysis in the
12 months broadly to 31 December-you will appreciate that year
ends are different for different companies-the ratio is of the
order of 1.1 to one.[578]
299. A lesson to be learnt from this crisis is
that the auditor can only provide an assurance of a snapshot of
the past state of the company. We recommend that the accounting
bodies consider what further assurance auditors should give to
shareholders in respect of the risk management processes of a
company, particularly where a company is regarded as an outlier.
We are also concerned that there appears to be a particular conflict
of interest between the statutory role of the auditor, and the
other work it may undertake for a financial institution. For example,
PricewaterhouseCoopers received £700,000 in non-audit fees
largely comprised of fees relating to assurance services in connection
with Northern Rock's actions in raising finance". We note
the work being undertaken by the accounting boards in respect
of this issue and recommend that both they and the FSA give swift
consideration to such particular conflicts in financial institutions.
519