Examination of Witnesses (Questions 356-402)|
Lord Sharman OBE, Dr Ian Peters and Dr Sarah Blackburn
14 DECEMBER 2010
Q356The Chairman: Good afternoon, and welcome
to our colleague Lord Sharman. Our principal objective is to talk
about the role of internal audit but Lord Sharman, no doubt, will
respond to the matter more widely on any of the points that come
out of the questions. For the benefit of two of you at least,
could I ask you to speak upand not too fastfor the
assistance of the Hansard reporters, and so on, and for the webcast?
When we come to the questions: if you have nothing to add to the
first response but agree with what has been said, we are quite
happy for you to not come in because there are three of you. Would
anyone like to make an opening statement, or will we go straight
Dr Ian Peters: I am happy to go straight to
Q357The Chairman: I will kick off and then questions
will come from my left.
The Financial Reporting Council said that the
role and responsibilities of audit committees should include,
"to monitor the integrity of the financial statements of
the company and any formal announcements relating to the company's
financial performance, reviewing significant financial reporting
judgements contained in them". Given the financial crises
and the corporate scandals that we've seen, but particularly the
financial crises, which have been of considerable interest to
this Committee, has there not been a failure of both auditors
and internal audits during the period leading up to these crises?
Dr Ian Peters: Perhaps I should kick off in
response to that. Internal audit provides assurance to the boardand
to the audit committee in particularon the identification
of, management of and mitigation of risk. Of course that covers
a whole range of risks, the whole range of risks that any organisation
faces. So I think we have to put this in the context that we're
covering a whole range of sectors and of course, not surprisingly,
we would take the view that internal audit does a very effective
job in most instances.
However, in the case of the financial crisis
and in the case of the banks and the financial institutions, it
is clear that internal audit was part of the structure that went
wrong. I think there are many lessons that we need to learn from
that and that we are still learning. But I think particularly
important is the fact that internal audit and audit committees
were very much focused on process and on internal controls within
the organisation, and were not looking beyond that; were not looking
at the wider picture as much as clearly with the benefit of hindsight,
they should have been doing. That would suggest that, going forward,
internal audit needs to play a much broader role and a much more
significant role, in looking at the governance of the organisation,
looking at the behaviour in governance, the behaviour of management
and the board, the skills, the abilities, the capabilities of
the board and the non-executives in particular, to ensure that
they are able to play their role effectively in identifying and
ensuring that the organisation is mitigating risk.
The Chairman: Would you like to add to
Dr Sarah Blackburn: I should like to add one
thing to that. Having both been chair of an audit committee and
an internal auditor, I think the two roles are symbiotic. We need
both acting together. We need the strength of an audit committee
that, from its non-executive base, is able to challenge, feels
empowered to look into everything that needs looking into and
does not shy away from particular areas, which I think might have
been one of the problems in the financial crisis. Internal auditors
provide a lot of information and a lot of detail to the audit
committee, and they can provide more if they are asked for more.
I still think that internal auditors should
act intelligently and should raise issues themselves, but if they
are not backed up by their audit committee chair then they can
have great difficulty in being heard.
Q358 The Chairman: Looking purely
at internal auditors and not at the audit committee more widely
for a moment, I think Dr Peters said that one of the lessons is
that internal audit needs to look wider. In your written evidence
to us, particularly in relation to this question, you said that
internal audit needs to make efforts "to cultivate a different
perspective from the rest of the organisation". How does
it do that, given that my impressioncertainly from being
a non-executive in companiesis that internal auditors have
a rather narrower focus? They don't have that wider focus that
I think you are suggesting. Does this not mean new skills and
experience in recruiting internal auditors?
Dr Sarah Blackburn: It certainly means that
you need to recruit internal auditors who have the intellectual
ability, the education, the qualifications and the experience
of business. They need to understand the business, not just in
terms of its operational nuts and bolts but understand where it's
going and where it should be going, to understand the strategic
mind of the organisation. Only by having that level of understanding
can you challenge and ask questions that are catalytic, in order
for the management and the board to think clearly, "What
is going on here, and are we going in the direction we want to
go, and are the things working properly in the way we intended?"
So I think that is a challenge.
As in any occupation, not every internal auditor
is a shining example. I think the best internal auditors I would
liken to the social anthropologist who lives among the tribal
peoples of the Amazon, say, and learns what is going on there,
perhaps participates in some of the rituals but is able to stand
back with a degree of objectivity to write the report about what
is going on, in order to share the enlightenment.
Q359 The Chairman: Is there a problem
in that, effectively, internal auditors are part of the management,
are paid by the company and, therefore, may sometimes find it
difficult to express a contrary view to the view of the management?
Lord Sharman: Can I just make an observation
on that? I should like to make an observation on the first one.
I think it's a mistake to look at all internal auditors as being
the same. There are very different approaches, particularly by
industry and also within companies with industry. In some cases,
internal audit will focus very heavily on process rather than
the financial aspects of the operation. There may be very good
reasons for doing that but I think it is just as well to bear
that in mind.
I don't thinkand it is stupid to think
it couldthat an internal audit group could ever be independent.
People talk about independence. They can't be independent. They're
part of the organisation. But what they can be is truly objective.
The way in which I think you have to go about doing that is, while
it's necessary in terms of the pay and rations, that there be
some link into the organisationand I believe it should
always be the most senior manager in the organisationthen
the audit committee should be very actively involved: firstly,
in the determination of the work programme of internal audit;
secondly, in the determination of the objectives of the head of
internal audit; thirdly, in the determination of the head of the
internal audit's performance against those objectives; and fourthly,
if nothing else, in the amount of variable pay that a head of
internal audit might get, and that that variable pay should be
arrived at on a different basis from other members of the management
team. In particular, it should not include any objectives that
are related to the financial performance of the company.
Q360 The Chairman: Do you think what
you have described happens often, particularly in financial institutions?
Lord Sharman: No. I think it's an aspiration
for some, but it's an aspiration that I don't think you would
find widely spread at the moment.
Dr Ian Peters: If I may say, I think Lord Sharman
is absolutely right there, and that is why the role of the audit
committee and the internal audit are inextricably linked. The
audit committee, and the chair of the audit committee, must understand
and grasp the nature of that role, recognise the critical importance
that he as an individual, or she as an individual, has in ensuring
that you get the best from internal audit, that you maintain its
objectivity if you likeif we don't call it "independence"and
that relationship is key. If a chair of the audit committee and
the audit committee itself does not grasp that and take that into
account, then it is very difficult for internal audit to play
an effective role in providing assurance and in providing the
information and input that is required.
One point on independence by the way: I think
we could debate that all day, but I'm not quite sure why external
audit is any more independent, in the sense that it's paid for
by the company concerned and you change your external auditor.
If you don't like them, you can get rid of them and change them
for another one. So we could have the same debate about external
audit as internal audit. The issue is what safeguards are in place
to ensure its objectivity.
Q361 The Chairman: We will be coming
onto external auditors in that context. My impression is that
what Lord Sharman was saying, and what he himself said was carried
out by a minority of companies, is not the general way in which
internal audit has been treated and regarded in many companies
until now. Is that your experience?
Dr Sarah Blackburn: Well, no, I don't think
that's entirely my experience. I think that probably all organisations
could do better, because we are all human. However, I think that
some organisations have got a lot further on the path than others
and, again, this kind of guidance comes from the top. It's to
do with the direction from the chair, from the board members,
and particularly the non-executive members, because they are the
independent ones, and they are the ones who should set the tone
of what it is that they want. I sometimes say to people, "You
get the internal audit you deserve".
Q362 Lord Smith of Clifton: Since
the oversight of risk management is one of their main tasks, should
audit committees have been more effective at heading off the impact
of the financial crisis on their companies?
Dr Ian Peters: I think the answer to that is
"yes", put simply. It comes back to this point as to
whether the audit committee adequately understood and delivered
its responsibilities, its role, in ensuring that the risks were
being managed effectively, being aware of the range and scope
of risk, in ensuring that the governance of the organisation was
effective and that appropriate behaviours were adopted. So I think
we would have to say that, yes, audit committees bear a significant
degree of responsibility, but not on their own.
I think one thing Lord Sharman said a moment
ago is very important. We shouldn't put everybody together in
this. I think it is quite important to separate the situation
in the banks in particularthe banks and the financial services
sector, but particularly the banksfrom the rest of the
corporate community, and not tar everybody with the same brush.
Certainly, within the banks, the focusand I think partly
a reflection of the sophistication of the banks and the banks'
productsmeans that inevitably the focus is often on the
detail, on the process, on the controls, perhaps more than taking
a more stand-back view of the organisation and its risks as a
Q363 Lord Smith of Clifton: Would
you go along, then, with Sir David Walker's recommendations that
banks and insurance companies should have separate risk committees?
Lord Sharman: Could I respond to that, because
I am the chairman of an insurance company. I recognised, and I
think many others didperhaps in my case five years agothat
what we were asking audit committees to do, in terms of the span
of their responsibilities, the time input required, the sheer
volume of material that they were looking at, was not a viable,
ongoing proposition. We separated the risk function, or the governance
of risk, from the other aspects of the audit committee, because
we wanted to ensure that risk would get at least as good a scrutiny
as the other things. The problem with having risk in the audit
committeein my view anywayis that there is a whole
pile of things that the audit committee is mandated to do: it
has to approve the financial statements; it has to approve any
announcements about takeovers. It has a whole pile of things that
it must do. So, when it comes to its deliberations those obviously
come first. I think Walker is absolutely right on this and I would
go beyond banks and other financial institutionsI think
they're called BOFIsand say that, in my view, in any organisation
where there is a complex risk scenario you should have a separate
Dr Sarah Blackburn: If I might add to that from
my perspective in the National Health Service, because clinical
risk is so complex and is so much governed by the expertise of
the clinical professions, indeed, you do find this separation
out of clinical risk. However, one of the things that we have
found in the National Health Service is that, unless these are
brought back togetherthe operational risk, the administrative
risk, the strategic risk together with the clinical risk, the
complicated technical partthat it doesn't all hang together
properly, so the board needs to assert its responsibility over
all types of risk. It's very important in having a risk committee
that risks aren't slid off that risk committee and that the board
as a whole retains its corporate collegiate responsibility.
Q364 Lord Shipley: Can I ask you
about whether you think there is a partial assurance vacuum at
the moment? Recent corporate troubles and the financial crisis
would tend to suggest that there has been. Can you say something
about how you think boards' assurance needs might be better met
in the future?
Dr Ian Peters: I think this again is a reflection
of the fact that assurance was being provided in the areas of
process, of internal control, but not in the broader areas of
governance, of board behaviour, of management capability. What
we need to do is look to those areas as well if we're going to
have a total assurance, as far as one can have total assurance.
You don't have full assurance of course. It can only ever be as
far as you can offer an opinion, but nevertheless I would come
back to that same point in a sense. It's another dimension of
Q365 Lord Shipley: But looking at
it from the perspective of the individual board member who has
responsibilities, how might an individual be helped in terms of
getting external advice, for example, about policies being pursued
that they might have a concern about?
Lord Sharman: Can I make an observation on that,
again, from personal experience? I have foundand again,
as I said, I operate in a regulated industrythat the appointment
of an independent advisor to both the audit committee and the
risk committee, separate from the external auditors, separate
from the internal auditor, and separate from anybody else in the
organisationsomebody completely independent, who acts as
an advisor to those committees and can therefore also act as an
advisor to the boardis particularly helpful. In our case,
being a complex industry, it needs to be somebody with a very
deep understanding of the industry in which we work.
Q366 Lord Lawson of Blaby: Are there
any cases of that or is this an entirely new idea of yours?
Lord Sharman: No, I put it in place, Lord Lawson,
18 months ago.
Q367 Lord Lawson of Blaby: How general
Lord Sharman: I suspect it's not very common.
Q368 Lord Forsyth of Drumlean: Isn't
one of the worries that you can destroy the unity of the board
by having competing sources of advice?
Lord Sharman: I don't see them as competing.
I see them as complementary.
Lord Forsyth of Drumlean: They might be competing.
Lord Sharman: In that case, then, I think the
board should be deeply concerned about what makes it competing
and should pay great attention to it, because I think there you
would have the nub of something the board should properly be focusing
on. Particularly in the area of risk or anything like that, board
members do need help. We have to do a lot of training these days.
We do probably more training than I did when I was a practising
accountant. But we have regular training sessions and things like
that, and you have to provide the support for people who are sitting
on boards to have the best possible basis for making a decision.
Q369 Lord Smith of Clifton: Why wouldn't
this luminary actually be one of your non-executives?
Lord Sharman: Because you have a relatively
limited pool to fish in. In any particular industry, once you
start to eliminate people who are effectively conflicted because
they are involved with competing organisations, it can be very
difficult to get the expertise as a non-executive board member.
Dr Ian Peters: We would also take the view that
the internal auditor is a provider of information and, not advice,
but input to the non-executives themselves. I think we almost
touched on it earlier on in the discussion: how do we know that
the internal audit function itself has sufficient expertise to
perform its role effectively? When we're looking at the more complex
areas in banking, for example, we don't know that necessarily.
One of the key things we need to look at is: how can we strengthen
the internal audit function within the banks and the financial
sector in a way that enables the function to provide adequate
assurance to the board. That means looking, yes, at pay and remuneration.
It also means looking at where the pool of expertise is from which
we can draw and feed into internal audit.
As an institute, of course, we would like to
think that all internal auditors were qualified with the institute's
qualifications and that made them perfect internal auditors. In
practice, the world isn't quite like that. We need to bring in
external expertise, because to audit effectively, yes, you need
good audit skills, but you also need to understand what you are
So, of course, taking the risk management area
in banks it wouldn't be inappropriate, necessarily, to draw on
risk management and bring people from that area into internal
audit for a period and then send them back again. The guest internal
auditor or coming into internal audit by rotation is an approach
that one might adopt to make sure that you have an appropriate
mix of skills. It gets quite sophisticated and that's something
that, certainly in the financial services sector, we need to look
very closely at.
Q370 The Chairman: Could I take a
particular example to see if I can draw you out on what you were
saying earlier? Dr Peters said that perhaps there was too much
focus on process in internal audit in the banks leading up to
the crisis. Would you expect in the better world internal auditors
to be challenging, in the case of one bank in particular for example,
that it was focusing on and investing too much in subprime mortgages
from the United States and drawing attention to the risks that
there were in relation to subprime mortgages? Or would that be
coming from the external consultant?
Dr Ian Peters: The simple answer is "yes".
Dr Sarah Blackburn: Yes, well, when we look
back with hindsight we can all see things that people should have
asked questions about, and why would you lend money to somebody
who didn't look like they could pay you back? That is such a basic
question. I don't think you need an economics degree or great
experience in the City to ask that question. Most people off the
street would not lend money to somebody they didn't think could
pay them back. So I think it does come back to this question of:
even with external experts, how do we get a different point of
view? How do we cultivate the Cassandras of this worldthe
people who will say things that are unacceptable, because they
are worth saying so that people have another think and work out
whether they are missing a risk here?
Q371 Lord Forsyth of Drumlean: Isn't
the answer to your question, in the case of why you would lend
to people who weren't in a position to pay it back, because the
Government had passed a law requiring you to do so? I'm just thinkingLord
Sharman's pointyou could have a non-executive who had a
particular view on a board and, if he could go and get external
advice and challenge the executive policysay the executives
want to do a big merger or they want to take some strategic positionyou
could have a Cassandra. Cassandra happened to be right, but not
all Cassandras are right.
I am just thinking what the practicalities are of how you would
run a board where people can go off and get competing advice.
We all know that in investment banking you can get advice to do
whatever you want. Is this a practical way to try to maintain
a structure within a unitary board? I can see the superficial
attraction but, in practice, are youas a chief executive
rather than a chairmangoing to welcome this kind of innovation
in corporate governance?
Lord Sharman: One of the great challenges of
chairmanship these days is balancing the need for what I would
describe as constructive challenge of the executive members of
the board with being able to maintain the responsibilities of
a unitary board. Technically, it's much easier with a two-tier
board, because you have supervisors and you have managers. From
my experience it still doesn't mean to say there is a great deal
of challenge from supervisory boards, but I do think there is
that. Technically, I'd be very surprised if any of the FTSE 100
in their appointment letters to non-executives do not provide
for the non-executive to get independent advice if he wants to
Then coming back to: does it happen that frequently?
It probably doesn't happen as frequently as it should do. On the
issue of the banks that got themselves into trouble through not
lending money but buying subprime instruments which I suspect
no one understood at times, I suspectand this is just suspicionthat
the change in the risk profile of certain institutions was not
understood as a result of this. It is that area where I think
audit committees should be focusing in the futureon things
like activities that change the risk profile of an entity.
That is quite difficult to define, because I
suspect again that in many cases, bits of the banks would be operating
within delegated authority, because delegated authority was defined
in a monetary amounti.e. "you can run a book of this
size"but probably wasn't defined in terms of, "you
can run a book of this size, but you mustn't change the risk profile
of the bank". That is a struggle that certainly I'm struggling
with at the moment: how do I move from just defining delegated
authority in monetary amounts to delegated authority in monetary
amounts and within defined risk parameters, or whatever? I think
that's partly what we have to get right if we're going to prevent
these things happening in the future.
Q372 Lord Forsyth of Drumlean: Do
you think that the annual reports, rather than having a report
to the board about the audit committee, should include a separate
report from the audit committee, which deals with issues like
how they chose their auditors and how they ensured their independence,
and so on?
Lord Sharman: There are examples, quite a few
examples, where you have reports like this. They are not as voluminous
as the remuneration committee report, I have to say, but there
are examples of audit committee reports in the FTSE 100 where
it is a report from the audit committee to the shareholders, effectively.
I should like to see that more widespread and I should like to
see more engagement through the AGM with shareholders and the
chairman of the audit committee. My experience on a Dutch board,
where this has been the case for some time, is that you do get
questions from the floor directed to the chairman of the audit
committee about the way in which they've gone about discharging
Dr Ian Peters: I think our view would be not
quite that. It is perfectly appropriate and not in any way unhelpful
for the audit committee to produce a report, which the board then
determines to be included in the annual report. But essentially
I think, rather as we took the view with the proposal from Walker
about risk committees, it's essential that the board doesn't pass
on its responsibility to individual committees within the board.
So I think we would take the view that the annual report and accounts
is the board's report and accounts and must be approved by the
board, and the board must be accountable for the content. That
includes the report about the role and activities of the audit
committee. Now, if the board should choose to invite the audit
committee to produce that report and simply signs it off, that
is absolutely fine, but our view is that it is the board's responsibility.
Q373 Lord Forsyth of Drumlean: Would
that include the specifics that I mentioned; that is, it actually
addressed specific matters such as how the audit committee monitored
the independence of the external auditor and how it determined
the choice of external auditor?
Dr Ian Peters: Absolutely, it should include
Q374 The Chairman: Would you also
include in that how often the audit committee went out to tenderin
terms of competition, choice, independence and so onfor
the external auditor and how often it changed its auditor?
Dr Ian Peters: It would be entirely appropriate,
Dr Sarah Blackburn: I think that's anything
that one would want to know if one were reading the report.
Lord Sharman: I believe that's right but also,
if you're changing the auditors, the shareholders have to appoint
them anyway, so they would know. I think there ought to beI
don't know, every five years or something like thata specific
review by the audit committee of its audit relationship and a
decision made "yes" or "no" and justified.
Q375 The Chairman: We do know that
they have to change their audit partner. Is it every five years
of seven years?
Lord Sharman: Every five years.
Q376 The Chairman: Every five years.
The evidence is that very few of the FTSE companies change their
auditors and very few go out to an external tender.
Lord Sharman: Well, there is a problem with
something that I know you're discussingbut I'm particularly
not keen to comment too much in view of my former lifebut
there is a problem with choice.
Q377 Lord Forsyth of Drumlean: Yes,
but at the moment you have more chance of seeing Halley's Comet
than seeing a change of auditor in a FTSE 100 company.
Lord Sharman: I can't remember how frequently
Halley's Comet arrives, but I'm not prepared to challenge that.
Q378 Lord Lawson of Blaby: Please
don't be shy. We all know of your distinguished former career,
but that does not prevent you from giving us good advice now,
so if you would answer the Chairman's question in an uninhibited
Lord Sharman: I believe, as I said, Lord Lawson,
that the audit committee should justify once every five years
or so the relationship with its auditor. It should do a thorough
evaluation of it, and it should come to a decision as to whether
it believes it should tender or not, and then justify that decision
to its shareholders.
Q379 Lord Best: We've heard that
the UK Corporate Governance Code is not mandatory and companies
don't have to have an audit committee. Are we right in thinking
that the FRC's guidance on audit committees doesn't count for
Lord Sharman: I think that would be a harsh
judgement. Since the Smith Guidancewhich I think has now
been turned into the FRC Guidancewhich was in 2003, the
function of audit committees has developed significantly. Not
all of the change can be attributed to that guidance, but it has
been helpful and I think it has set a benchmark against which
audit committees should judge themselves. So I wouldn't dismiss
it. I think it's helpful that it's updated from time to time essentially
to codify best practice. I think there is no doubt that the level
of acceptable practice has been raised in the past seven years.
I think if you go back seven years, audit committees were much
less effective than they are today.
Dr Sarah Blackburn: I must concur with that.
My experience is that they have become more professional since
the time of the Smith Guidance. Of course everybody is still working
towards that. Like boards, audit committees should evaluate themselves
in a similar way, not just looking at the processes and going
through some sort of tick listhave they done this; do they
have one of those?but looking at how they operate and whether
they operate effectively. What has changed in the organisation
as a result of the things that they have looked at? There are
a number of parties you could call upon in order to help you and
be involved in that self-evaluation, possibly even going to an
external evaluation. Certainly, I have run those for audit committees
and I think they are tremendously valuable in making sure that
you focus on the service that you provide to your colleagues on
the board, because of the extra scrutiny with which you look at
areas of risk and the financial reporting.
Q380 Lord Best: Are proposed revisions
on non-audit services likely to be accepted, listened to or acted
Lord Sharman: I think so. I came from an audit
committee relatively recently where there was an extensive discussion
about the level to which we were prepared to contract the auditor
for non-audit services. You have to be a bit careful about definitions
here because, essentially, the way the thing is defined today,
there are three categories of services: audit, which is the statutory
audit; then there are audit-related services, which are the things
you need to do because you are the auditor. They might be regulatory
reports and things like that. Then there is non-audit, and in
particular things like tax advice and that sort of thing. I think
it is eminently reasonable to expect that audit committees will
take a much harder look at the non-audit services with a view
to restricting them in future.
Dr Sarah Blackburn: One of the areas I think
needs to be defined as a non-audit service is internal audit.
Internal audit should not come from the external auditors of the
company, but there may be circumstances in which there are things
that fall into near audit services or where pragmatically there
is a need for them to work closely together. Those sorts of things
need to be overseen and co-ordinated by the audit committee to
make sure that there is not a muddling up of the two assurance
lines, because they are very different and have different purposes.
In terms of thinking about what is in the non-audit
services category, that's where internal audit should be. It's
not part of the external audit and any extension of external audit
activity should not be such as to encompass things that are done
by internal audit, and not least from the audit committee's perspective:
it's useful to have more than one source of assurance and more
than one point of view.
Lord Sharman: Yes, I would agree with that.
I would put an absolute outright ban on anything that represented
outsourcing of any kind. If there was a proposal that we will
outsource our computer audit activity from the internal audit
to the external audit, I think that would be totally unacceptable,
because that's taking away a part of the assurance that you should
rely on. I have a great deal of difficulty with much else as well.
I don't believe there's a very strong case for external auditors
providing internal audit services. I think I'd agree with the
assertion there that you do need two. The more levels of assurance
you can get, the better you're going to be.
Q381 Lord Lawson of Blaby: I should
like to focus on the problem, which most of the discussion has
been about, of the auditing of the banks and "what went wrong?"
Of course, a lot of things went wrong and the question of the
audit, both external and internal audit, is only a part of it,
and not a major part in my judgement. Nevertheless, what we are
focusing on is what can be done there.
First of all, if I may say from my personal
experience of rather a long time ago, I do think it is unrealistic
to place great weight on the sagacity or understanding of the
non-executive directors. Ms Blackburn said what you should look
at is what changes have taken place. I rememberthis is
between 15 and 20 years ago, when I was a non-executive director
and a member of the audit committee of one of the biggest banks
in this countrywhat I was conscious of changing was the
extraordinary growth in derivatives in the derivatives business.
I was a bit worried because this was such huge growth and, therefore,
it seemed to me this was an area we should look at. The question
was: how risky was this? I didn't understand the complexities
of the derivatives business, and I don't think my fellow non-executive
My concern was that it didn't seem to me that
the management did. When I challenged the management and said,
"Look, this is growing very fast. Are we comfortable we're
not taking on too much risk?" they said, "Oh yes, we
have a new thing called VAR, Value at Risk, and there is a very
good mathematical model. We know all about it". That was
how it was approached in those days. I don't think they understood
it. They didn't understand the mathematical model. How could they?
There were people in the business who claimed to understand it
but certainly the non-executives couldn't. They couldn't challenge
that. So we do need good professional steer, good professional
advice, both external auditors and internal auditors.
So with that background, what is your assessment
with the benefit of hindsightI'm not blaming anyone, but
with the benefit of hindsightof what went wrong? Was it
that the auditors of all kinds didn't recognise that there was
something that might be dangerous taking place; or was it that
maybe they did have this instinct but there was no mechanism by
which they could turn that into action; or was there a mechanism?
Was thereas Lord Sharman saidthe dialogue with the
chief executive and the chief executive took no notice of it?
In that case what do you do, if the chief executive says, "No,
it is fine, I've looked into this very thoroughly and it's fine"?
So which of those three is it? I'd like your answer to that.
Then, finally, because this is what we are about,
if you can identify what the problem is, what is your solution?
What can be done that would reduce the chances of having a similar
failure? I say that without wishing to be too melodramatic. I
say that in the sense that Dr Peters very honestly admitted that
there had been a degree of failure. What should we put in place,
which will minimiseit won't eliminate it, but will greatly
minimisethe chances of that happening again? The great
thing about hindsight is that, although you can't turn the clock
back, you can learn something from it. So what have you learnt
in practical terms?
Dr Ian Peters: That is a big question, Lord
Lawson. As I am sure you will understand, there isn't a simple
answer, though I'll try to be brief. First of all, I think we
are still learning. That's the important point. Two years ago,
before I joined the institute, the institute did do some research
early ona survey of heads of audit of the financial services,
banks in particularand got some initial input. At that
time, it was very difficult to get anything that gave us much
of a handle on what had happened. It was too raw. People were
unable to speak out, I guess, in many instances.
More recently, we started doing some more work
in this area to try to look back with the benefit of hindsight,
the dust having settled a little. Anything I say now, I have to
put the caveat on it that I don't think we are at the position
yet where we have a clear view. It's an emerging view.
The feedback that I get is thatyou listed
three alternativesit was essentially more that it wasn't
just internal audit. It was everybody, from regulators, through
to auditors internal and external, through to management, who
were not looking in the right place; not so much not wishing to
look in the right place but not recognising that they needed to
look there, it not occurring to them that there was a potential
Q382 Lord Lawson of Blaby: If I may
interrupt you at that point, because it is interesting you mentioned
the regulators. Do you think you could have tipped off the regulators
in some cases and that you failed to do so?
Dr Ian Peters: I don't think that was the situation,
no, as far as I'm aware. I'm cautious here, because there may
have been some in some banks who may have been in that position;
I'm not aware of any at the moment. The people I've spoken tothe
input that I've hadwould rather suggest that what internal
audit was doing was down in the long grass. It was dealing with
the detail, with the controls, with the processes. It wasn't looking
up over the top and looking at what was out there, what was on
the horizon. It now seems very odd, but in practice nobody was
looking at the horizon at those potential risks. I don't know,
maybe I'm stating the obvious. There have been a lot of reviews
done of this, as we know; a lot has now been written.
I don't think internal audit was in any more
of a helpful place than anybody else was at that point. So, the
question then arises: why wasn't it? Why was it not looking in
the right place? Why was it not focused in the right area? Again,
I think it's because you have to look at the context within which
internal audit is operating. The board was not looking for assurance
in those areas from internal audit. The audit committee was not
looking for assurance in those areas from internal audit. Even
the regulators were not raising these issues. So I think you have
to then ask: how on earth was internal audit expected to spot
that; everybody else had not seen this and they could see it?
Unfortunately, everybody was blinded because we were all caught
up. They were all caught up at the time in the hubris of it, in
the fantastic situation that we were in, in the potential to make
more money by engaging in deals in new financial products, and
so on. Nobody could see that that was going wrong.
My fear is that sounds like the obvious, but
in practice sometimes it is the obvious. I think, as you rightly
say, we now have to learn from that and say, "How can we
put the right structures in place, the right arrangements, the
right framework, so that next time we're looking in the right
place?" In my view, that has to be looking at the relationship
between the board, the audit committee, the internal auditor,
the external auditor, and the regulator.
Some of the feedback I have had from the banks
on the regulators now is that, they're so fearful of it all going
horribly wrong again, they're dealing with all the detail again,
and that, whereas maybe the auditors and the audit committees
should be spending 90% of their time on 10% of the problems, the
regulators are looking for them to spend all their time on all
of the problems. There needs to be more focus on the issues that
Again, back to a point you made a moment ago,
if I may, I think that is about expertise and knowledge and understanding.
You're right that the non-executives generally will not understand
the detail; neither will the internal auditors, as professional
internal auditors, so they need to find another source of that
expertise to be able to inform their own activities.
The Chairman: Could I just follow up, and one
other colleague wanted to get in, in response to the question
of Lord Lawson.
Lord Lawson of Blaby: Do any others want to
add anything to that?
Q383 The Chairman: I am going to
ask in a minute. But to follow up on one point, that is: we have
had discussions with other witnesses about whether the internal
and external auditors should engage in more, sometimes confidential,
dialogue with the regulators. One can see some of the pitfalls
in this as well as some of the benefits. I wonder if you have
any views on that subject.
Dr Sarah Blackburn: I wouldn't want to talk
for the external auditors. For the internal auditors, I think
we are in the position of a service to the board, a service to
management, and an intrinsic part of our value is that we are
internal, that we are embedded in the organisation. I wonder whether
we would be as effective, whether anybody would ever tell us anything.
It's rather along the lines of: would you tell your GP anything
that had been going on in your life that affected your health
if you knew that, once a year, he was going to post it up on the
internet so the whole world could see? I think we have to be very
careful. The benefits of an internal audit service are that they
give the company an opportunity to look at itself and to put things
right before other people need to know about them. Therefore,
I think I would be rather disinclined for internal auditors to
be always popping outside to tell the regulator something.
Lord Lawson of Blaby: Just to clarify, what
the Chairman was talking about was not posting anything on the
internet, but having a highly confidential discussion.
The Chairman: Absolutely.
Lord Sharman: Could I just say that, whatever
everybody might wish, I think it's going to be inevitable that
regulators will want to have a dialogue with external auditors
The Chairman: And internal?
Lord Sharman: Yes, and to some degree it already
takes place. To some degree in financial institutions, the regulator
has access to internal audit reports. It can request access to
internal reports. It can request internal audit to do specific
work for it, if it wants to. I think that's the de facto situation.
The next step with more intensive regulationI prefer to
call it "intrensive"; the regulator prefers to call
it "intrusive", so we're having a little debate over
syntax therewhich we're going to have is that it is inevitable
that the regulator, if he's going to do his job, will want to
have as much access to as much information as he can. So from
that point of view, I don't think it's avoidable and I don't think
it's entirely a bad thing.
May I return to Lord Lawson's question because
I have some points I'd like to make on that? You were asking about
the lessons we can learn, because you're absolutely right that
it's no good sitting here saying there was no one to blame. I
think three things I would focus on in terms of causes of this
crisis, but an overriding point I would make is the speed at which
it happened. The crisis happened very quickly. No one foresaw
it, and when you look at the trigger of commercial paper markets
just shutting down, one of the interesting things that I think
you would find is that if you went to anybody's stress-testing
prior to that period they would have stress-tested their financial
models against changes in interest rates, and things like that.
I bet not many of them would have stress-tested against the availability
of finance for the AAA-rated organisations. So that's just an
I think three things happened that were inadequately
appreciated. I think there was a significant change, and it was
very muchas you were saying, Lord Lawsonabout the
move to derivatives, but I think as that move developed there
was a significant change in the risk profile of many of the financial
institutions that failed. You can look at the building societies
that failed; a significant change in their mortgage books over
a period of time. If you look at the commercial banks that failed;
a significant change in the nature of their derivatives, the CDOs
and other stuff that they were investing in. I do not believeand
it is just my opinionthat anyone within the top echelons
of those organisations appreciated the change in risk profile.
I certainly don't believe the boards fully appreciated what was
happening, and I suspect the audit committees didn't either. The
question then arises: should the external auditors and the internal
auditors have appreciated that? Given that no one else did, I
think that is a harsh judgement.
Again, the second thing that happened was that
some of the organisations that failed had a flawed business model.
It was flawed, and surprisingly I can recollect being told that
one business model that failed was the new face of banking, but
it didn't fit with the basic education I'd had. Again, I find
it difficult to believe that, certainly, the regulator did not
understand that that was a flawed business model. But clearly
the board didn't or they would have done something about it.
The final thing is that I think there is evidence
of a number of poor judgements made by boards. There were several
transactions thatagain, with the benefit of hindsightturned
out to be poor in judgement and execution.
What do we learn from it? What I would say is
this: that audit in the pastand I say "in the past"has
always been a process that looks backwards. I think we have to
find a way of getting assurance that looks forward. The only aspect
of an audit that looks forward at the moment is the assessment
of an entity as a going concern, and that is just something where
you sit there, "Do we have finance and everything in?"
But I think audit, and particularly external audit, is directed
to the opinion on a set of financial statements that have passed.
I think it would be more helpfuland my colleagues are not
going to bless me for thisand much more useful to corporate
Britain, and society at large, if we could find a way of giving
some assurance over forward-looking trajectories.
Dr Ian Peters: Of course, that is exactly what
internal audits should be about. External audit is about a snapshot
and, therefore, effectively a look backwards. Internal auditwhen
it's done properly, when it's truly risk basedshould be
about looking forward and anticipating risk. That of course is
effectively what didn't happen in banking and financial services
as it should have done. That is the model that we promote throughout
the profession. I am sure there are plenty of examples of that,
although of course they're generally not public.
Dr Sarah Blackburn: Of course, the other thing
is that, when things are working well, those will not be the things
that come to people's attention; it is only the obvious problems
that we know about.
Q384 The Chairman: But to pick up
the points that Lord Sharman made, reading a lot of the books
and other serious studies of this period, as I have been doing,
I entirely agree that most people didn't see the risks of CDOs.
It's astonishing to see how they were built up in the States as
well as the subprime mortgages. No one challenged it. So it's
quite difficult to see how internal auditors would be able to
get underneath the surface and challenge those, when very intelligent
directors of banks didn't do so either.
Dr Ian Peters: I agree.
Q385 Lord Forsyth of Drumlean: Perhaps
I have a slightly cynical view of this. But wasn't what was happening
that the money supply was being expanded very rapidly; there was
cheap credit about; the banks were making shed loads of money
from this cheap credit; people created derivatives, which enabled
people to get around some of the regulatory constraints, and it
would have been a very brave auditor who put up his hand and said,
"Excuse me, Sir Fred, can you stop doing this?" at a
time when lots of money was being made. Indeed, if you look at
some of the banks that showed restraintsuch as Lloyds before
it did its disastrous deal with HBOSthey were pilloried
in the city and their share price was squeezed as a result because
they were not expanding their balance sheets. So isn't the analogy
a bit like a stampede where everybody is going along?
Lord Sharman, you said that nobody realised
the risks. I can remember the chat about credit derivatives, and
there were people expressing anxiety. But the truth was: if you
were a rating agency, or if you were audit, or even if you were
a regulator, or even if you were the bank, to put up your hand
and say "Stop" to the stampede would have had terrific
financial consequences for the Government, and isn't that what
happened? In seeking a solution that relates to the conduct of
auditors, are we not missing the systemic problem that arose because
of the nature of the bubble that was created by this expansion
of the money supply?
Dr Ian Peters: I think that is absolutely right.
That is why I said earlier it's about the relationship between
the different parties; it's not one particular party. It is checks
and balances, it seems to me.
Q386 Lord Forsyth of Drumlean: But
that relationship is about making money and getting fees.
Dr Ian Peters: Yes, but it does not have to
be just about that.
Lord Lawson of Blaby: Not in the case of the
Lord Forsyth of Drumlean: No, not in the case
of the regulators. Well, yes, in the case of the Government it
was about getting tax revenues.
Dr Ian Peters: Indeed, of course, the bubble
did burst and those organisations then failed, or very nearly
failed; in private sector terms did fail. So I don't think it
has to be just about that, and it is important that boards and
management are reminded that there is a bigger picture. Take BP,
for example; we all know what happened there. What is interesting
is that the new Chief Executive of BP has introduced a new bonus
arrangement for senior management in the organisation that puts
the management of risk at the top of the criteria on which bonuses
are based, rather than just how much money they make for the organisation.
So it is about structures; it's about incentives; it's about remuneration;
it's about how we incentivise people to achieve the appropriate
goals and objectives. Yes, somebody needs to decide what those
goals and objectives are and, ultimately, of course that has to
be the shareholders. So we all bear a responsibility in order
to question the decisions that the management and the board are
Q387 Lord Forsyth of Drumlean: To
take my stampede analogy, do you think the auditors are going
to be in a position to stand aside and say, "Hang on a second,
chaps, we need to go this way"?
Dr Ian Peters: No, not if everybody is stampeding.
But if the structures enable questions to be made in different
parts of the organisation, then one would expect the internal
auditors to be one of those groups putting forward the questions
and creating the challenges. It's about the checks and balances.
You're absolutely right, if you go back to what happened then,
no, nobody could have expected the internal auditors to put their
hands up in that situation. But I think, going forward, if we
put the right checks and balances in place; it's all about minimising
risk, at the end of the day. We will never avoid it completely.
We will never prevent another crisis.
Q388 Lord Forsyth of Drumlean: One
of the ways that I think you could stand up to the stampede is
to have that channel to the regulator, saying, "Look here,
we're auditing these banks because we're worried about the extent
to which the balance sheets are being extended", or whatever.
That raises the issues you were concerned about, client.
Lord Sharman: I would just add there, Lord Forsyth,
that this comes into this issue. I don't know whether you call
it the conflict or the interrelationship between accounts, accounting
and prudence. I take the view that prudence is the job of the
regulator. Accounts and accounting are the job of showing something
that is true and fair, and the two may not necessarily be the
Q389 Lord Shipley: I would like to
be a bit clearer about how we move from a situation, in which
internal auditors are sceptical, to one in which they can challenge.
You say in your evidence, in paragraph 48, "The evidence
we have gathered so far does not support a lack of scepticism
from internal auditors in the banks in the run-up to the 2008
financial crisis". So we accept there is a problem and we
have just been discussing the reasons for the problem. What I'm
not clear about is what your solution to that is that would enable
internal auditors, a large number of whom were apparently sceptical
prior to the crash, to move from that position of scepticism to
one of challenge with a meaningful outcome.
Dr Sarah Blackburn: I certainly think there
is potential in the combined code to strengthen the position of
internal audit, and to refer to it not among a host of provisions
but perhaps raise it to a principle level, in order that internal
audit be seen as one of the essential elements in corporate governance.
There is always a virtuous circle that we need to create in which
there are more credible internal auditors who support more credible,
independent non-executive directors. If non-execs have learned
anything from the past few years, it is how precarious things
can be, and how much a non-exec has to keep their eyes and ears
open and think all the time, "What else is going on? What
are the unknown unknowns here? What should I be focusing my attention
on? What should I be asking the management about?" If you
have that strength coming from your non-execs, then perhaps you
have more opportunity for internal auditors to provide them with
the knowledge from the ground up that may support the questions
that they need to ask.
Q390 Lord Lipsey: We are talking
about stopping the stampede here. We keep hearing different suggestions
as to who should have stopped the stampede. In the past two minutes,
I've heard regulators and non-executives directors mentioned;
I haven't heard internal auditors mentioned again, althoughI
think what you were saying earlierthere was a good deal
of suspicion among the internal auditors, as there should have
been, as to what was going on. Having said that, one question
is whether this is because of the governance positionto
call it thatof internal auditors themselves. For example,
very often they get their pay and rations from the chief executive,
who may be the person who is whipping on the stampede, with a
view to filling his pockets with the proceeds of the dead cattle
when they get to market. Is there a need to reform the internal
audit procedures so as to strengthen the internal auditors, relative
to the rest of the governance structure, in order for it to fulfil
its important and admirable job of stopping the stampede before
it gets under way?
Dr Ian Peters: There is definitely a need to
look at the regulatory environment in which internal audit operates.
So, in our view, the corporate governance code is not strong enough,
in terms of setting outboth in principle and in practicewhere
internal audit should sit and the relationship that it should
have. It is not one of the key principles in the code, in terms
of comply or explain, and that is where we believe it should sit.
It is there but it's at a lower level in the area of accountability.
We believe it should have a more prominent position and certainly,
in terms of the guidance and support, there is no doubt in the
mind of the institute that it is essential that internal audit
should report to the chair of the audit committee and with a dotted
line, by all means, to internal management. It needs a relationship
with internal managementit is internaland pay and
rations, if you like, in terms of where the money comes from,
but the remuneration levels and the hiring and firing of the head
of internal audit should sit with the audit committee and the
chair of the audit committee, as indeed should a view on the resources,
on the budget available to the internal audit function.
Q391 Lord Smith of Clifton: If you
are going to approach the regulator, whether you're internal audit,
external audit or a non-executive director, how do you go about
this? Do you say to the chief executive or the chairman of the
board, "I am going to report you, I am going to be a virtual
snake", or are you a whistleblower? What are the protocols
you follow before going to tip off the regulator that something
Dr Ian Peters: I am happy to respond, but
Lord Sharman: It is difficult to envisage those
circumstances, because I would hope the person would certainly
have had a long conversation and a series of discussions with
me as the chairman. In extremis, I think they just go. I would
work on the basis there had been conversations and normally the
threat of going would get pretty significant attention. If somebody
said to me, "Look, I'm unhappy with this, I don't think you're
responding; I don't think the management is responding. I'll give
you enough time to do it, but if I come back and nothing happens
I'm going to go and see the FSA", you can reckon there would
be a trail of people coming in and out of my office fairly swiftly.
Dr Ian Peters: Certainly one would expect the
head of internal audit to have the conversation with the audit
committee chair and to then, if necessary, have the conversation
with the chairman of the board. If it came to talking to the regulatorby
which time, incidentally, the head of audit might well have resigned
as part of this processbut certainly the relationship with
the regulator, particularly in financial services with the FSA,
is ongoing anyway. The FSA appoints its staff to work with specific
companies and organisations. They know each other on first name
terms, so it certainly wouldn't be difficult.
Lord Sharman: Just to add to that, in a financial
institution these days the chairman will sit down with the regulator
at least twice a year on a one-to-one basis. The senior independent
will do the same; the chairman of the audit committee will do
the same; the chairman of the risk committee will do the same,
and to some degree in future I expect the chairman of the remuneration
committee will also do that. At the non-executive level there
is very much an ongoing dialogue. The opportunity is there. But,
as I say, if it was a really serious issue then I would expect
it to have been aired with me and if we differed, then fine.
The Chairman: We must move on. I think we're
going to have the possibility of a vote, in which case, since
we have a number of other topics we want to cover, you will have
to forgive us while we go away for about 10 minutes and then come
Q392 Lord Lipsey: Just to go back
one. As I understand it, internal audit is not compulsory at the
moment for companies. Should it be?
Dr Ian Peters: We would tend to go with the
principle-based approach of comply or explain. I think the view
of the corporate world in the UK is that that works well, it's
not a system that is broke, and it doesn't need to be fixed as
such, though we may well want to look at particular aspects of
it, as indeed the FRC has been doing. But I don't think we would
look for internal audit to become compulsory. Going back to my
point earlier, it's about the positioning of internal audit, in
terms of the combined code, or the corporate governance code as
it now is, that should be more prominent and should be a key principle.
We should try that first, certainly, before we go down the route
of further regulation. I'm not somebody who generally favours
regulating unless one absolutely has to. I have another role,
which is a member of the Regulatory Policy Committee for the Government,
and I would always rather find an alternative to regulation than
to regulate, if possible.
Q393 Lord Lipsey: But you don't know
that you should have had internal audit until the thing goes wrong,
and then it's too late to do anything about it. It might be regarded
as more sensible for everybody to have the internal audit to begin
with and see whether that doesn't solve some of the problems before
Lord Sharman: My own view, for what it's worth,
is that I would not sit on a board that did not have a proper
internal audit function. I wouldn't be happy with the amount of
Lord Lipsey: That is why you're so sought after
as a non-executive.
Lord Sharman: No, I'm too old. According to
the code, I am beyond useful endeavour.
Dr Sarah Blackburn: In terms of taking on a
role in an organisation where I had no faith in the internal audit
provision, that would be something I would not want to do. But
I think we should look closely at some of the other sectors in
this country where internal audit is mandatory, and notice that
sometimes making something compulsory encourages people just to
tick the box, and to have something cheap and nasty, or cheap
and cheerful, is not productive. Sometimes I get a bit controversial
with internal auditors by saying that I think it would be better
for some organisations not to have a poor-quality internal audit
function at all. What one needs is to have one that is worth having,
that is effective. So if you have a mandatory system where people
just go for the cheapest, I don't think that is helpful. I may
add, I think my opinion of external auditing is that that, too,
may be too cheap, although perhaps companies wouldn't thank me
for saying it. If you do buy the external assurance on behalf
of the shareholders on the basis of, "How quickly and cheaply
can we get this done?" that doesn't strike me as a very good
basis for providing assurance to those shareholders.
Q394 The Chairman: I must say that
I am slightly surprised at the institute's position on this. Given
all the discussion we've had earlier about the importance of internal
audits in relation to avoiding future financial crises, and so
on, to say that major companies don't have to have an internal
audit seems to me to be an unusual position. Even if you argue
that some of them are cheap that is a question for the board and
management to ensure that that doesn't happen, but to simply not
have an internal audit function at all seems to me to be slightly
Dr Ian Peters: May I be absolutely clear? We're
not saying they shouldn't have it. The question is: should it
be mandatory; as in, should it be a regulatory requirement? I
would question whether that is necessary. I think only this week
Grant Thornton published a piece of work on the FTSE 350 that
says it's somewhat over 90%I cannot remember the precise
statistic, but it's certainly in excess of 90%do have an
internal audit function and do have an audit committee, and I
wouldn't mind betting if you looked at the ones that didn't, in
many ways it's not appropriate because they're an investment trust
or some sort of holding company, or whatever. So it's not that
people are saying, "No, we don't want this" or "No,
we shouldn't have it". The danger is, we bring in a piece
of regulationwith respect, your Lordships well know that
Governments have a tendency to do this"Oh, it's okay,
we've regulated, we've legislated; it's not a problem now, and
the problem has gone away". Well, of course it hasn't because
by regulating all we doas Sarah Blackburn saidis
tick boxes, but it doesn't say anything about the quality of the
internal audit, about the effectiveness of it and the way it relates
to the other aspects of governance in the organisation. So I think
it's too easy and simple to go for a regulatory solution.
The Chairman: I entirely recognise the point
about being effective. We're about to have a Division, so we'll
return, if we may
[The Committee adjourns]
Q395The Chairman: Some of our colleagues are
unable to come back and I hope we won't be too long now, but I
would just like to ask a question that Lord Lawson was going to
ask, which he told me about. Prior to the shift in responsibilities
for much of the bank regulation supervision to the FSA under the
previous Government, he understood that it was pretty normal for
external auditors to have conversations with the regulator, that
is the bank of England in that case, but that this practice was
discontinued when the FSA took over the responsibilities. Any
Lord Sharman: I think that is the case. If I
go back to the days when I was involved in auditing banks, there
was quite regular dialogue between auditors and the Bank of England.
I think it was part of the newwhat was then described aslight-touch
Q396 The Chairman: So some of the
possible problems that we discussed earlier in this session, about
these conversations between the regulators and the auditors didn't
arise during that period?
Lord Sharman: I can't comment. I don't know,
but I don't believe they did.
Dr Ian Peters: I don't think I can comment on
what external audit did. I have no particular knowledge or expertise
in that, but I think it is important to distinguish between internal
and external audit when it comes to the implications of a conversation
with the regulator, because clearly the internal auditoras
we've discussedhas to have that relationship with management
within the organisation. I think it has to be a final course of
action, rather than a regular occurrence, otherwise it has the
potential to undermine the relationship with management.
Q397 The Chairman: I think both of
you made that point earlier in fact. Thank you. Turning to a totally
new point, and this is an issue that we have been discussing quite
a bit in the committee, particularly from some of the evidence
we have had. In your experience, have IFRS hampered the exercise
of prudence in financial reporting, and have ISAs made the audit
more a matter of following a complex but routine box-ticking process,
with lessened judgement on whether the financial statements are
true and fair?
Lord Sharman: Can I go first on that one? I
think there are a great number of aspects of IFRS that can be
improved. But I do feel too much has been made of this point.
As I said before, I think it's worth noting that while prudence
has a place in financial reporting so do other characteristics;
for example, the information presented should be up-to-date, it
should be relevant. Prudence is clearly very important in financial
services regulation. If society wantsand it clearly does
now wantfinancial services companies to be run on a more
prudential basis, then I think the way to achieve that should
be through prudential rules, through capital and liquidity requirements
imposed by the regulator. I don't think it should be through the
back door of accounting. As I said, accounts aim to show the affairs
of a company on a true and fair basis, but it's for boards, shareholders
and regulators to decide whether that reality is sufficiently
prudent because there are other aspects of prudence, and again,
it's more about looking forward than looking backward in my judgement.
Dr Sarah Blackburn: Just one thing I would like
to add on that, and I'm not going to talk about the IFRS because
that is not my area of expertise. But I think, as a general principle,
it's not a good idea to encourage people to design systems with
the main criteria that they are easy to audit. It is very important
that we put the best systems that we can in place and if that
makes them difficult to audit, then we have to find ways of auditing
them. We must not reduce things to box ticking.
Lord Sharman: Can I go back to the ISAs as well
now, because I forgot to comment on that? I have a rather sceptical
view about how much better auditing gets because you have more
boxes to tick. I have always believed that the big judgements
are what auditing is about, and you very rarely get there by ticking
the boxes. My judgement is that, certainly if you look to the
United States, which has always been much more rules-based than
the UK, I do not think we have any evidence at all that more and
more rules improve the quality of auditing.
Q398 The Chairman: Going back to
IFRS, can I just ask Lord Sharman to comment on remarks made in
a speech by the new Governor of the Irish Central Bank recently.
I don't know if you're aware of them.
Lord Sharman: No, perhaps you would quote them
The Chairman: I will just quote them for you,
and this is a quote, "I have already railed elsewhere against
the backward-looking loan-loss provisioning practices encouraged
by IFRS and still all-too-pervasive in the reporting by most of
the Irish banks. I find it unsatisfactory that expected losses
in many parts of the portfolio are clearly higher than the provisions
already taken, because I fear that this evident and in some cases
explicit discrepancy may awaken doubts in the minds of investors
as to the relevance of other aspects of the reported accounts".
Lord Sharman: I agree with him. I think that
was what I was getting at when I was saying that one of the lessons
we need to learn from the crisis is that we need to provide assurance
over the future rather than the past. If you look at a snapshot
in time, and say, "At that point in time the right amount
of provision was x", but six months to a year down the road
you may need something different or bigger, that is what I'm talking
about when I talk about looking forward. I think that is the problem
with historical accounts, it is the problem with too many rules.
You can't anticipate in historical accounts, within very sharp
limits, what is going to happen in the future.
Q399 Lord Forsyth of Drumlean: Has
IFRS made it worse.
Lord Sharman: Yes.
Lord Forsyth of Drumlean: I think that is the
Lord Sharman: Yes, that is absolutely the point.
Q400 Lord Best: Can we ask Lord Sharmanas
the expert in the roundyour views on the concentration
of audit in the hands of the Big Four? We have heard everybody
else speak about this but, discard your background and the perspective
of today, what would be your one thing if you believed it would
be better and more competitive if there was a Big Five or a Big
Six? What do you think would make that difference?
Lord Sharman: I am tempted to give you the Irish
answer and say, "I wouldn't start from here". Because
clearly anybody who chairs a major company, or sits as chairman
of an audit committee of a major company, cannot fail to be concerned
about the lack of choice. It's not a lack of choice among four;
quite often it comes down to the fact that you only have two that
you can possibly appoint. As you use the other audit firms for
other servicesas quite often you doyou find they're
not independent, and therefore you couldn't appoint them, and
so on. I think it's a matter of great sadness to me that at the
time of the Andersens failure, and, allied to the PricewaterhouseCoopers'
merger, you had this great concentration because what effectively
happened was Andersens was absorbed into the other Big Four. I
would have liked to have seen Andersens absorbed into one of the
second-tier firms or perhaps just the audit practice of it, which
would have maintained it at five. Today I think we have to encourage
the second-tier firms to invest more in the sorts of things they
need and, in particular, international networks.
Where you get the problem with the Big Four
is that if you have a widely spread international business, you
want to use a single firm of auditors and, quite frankly, the
Big Four have much better networks, or in some cases they're integrated
much more than they were, even when I was there. So, I think there
is a problem there. I don't have a quick solution for you.
Q401 The Chairman: I think we have
found so far that there is pretty widespread agreement that there
is a big problem there. I think the Big Four would say there is
a big problem if you get down to the Big Three.
Lord Sharman: I'm not sure that makes too much
The Chairman: But that is what they have said.
I think our difficulty is to settle on a set of recommendations
that will improve the situation.
Lord Sharman: Yes, if you look at the European
Commission Green Paper, I think some of the notions embodied in
that would make things worse, not better. We need to be very careful
about the notion of joint audits, which I think are a waste of
space. I think they would be forever blaming each other. I think
somehow we need to get the second tier up to speed.
Lord Smith of Clifton: They were very reluctant.
They said they wanted more access to the FTSE 250 but not much
more. They were partners in the cartel as junior partners, so
the coalition Government all over again.
Q402 The Chairman: I think the way
to conclude this, Lord Sharman, is to say thatI do not
want to prolong the session todayif we were to furnish
you with the sort of recommendations that we've had to improve
the situation, and to have your views on any that you think would
be worth following up, we would be very grateful.
Lord Sharman: I would be very happy to do that.
The Chairman: I conclude by saying that we've
spent rather a long time today, not least because of the Division,
but certainly even without it. I think that is a measure of the
interest that you have created with us, so thank you very much
indeed for your attendance.
8 Note by witness: As in reply to Q363, responsibility
for risk remains with the Board-they must decide-a "Cassandra"
merely gives a contrary piece of information. Back