Auditors: Market concentration and their role - Economic Affairs Committee Contents

Examination of Witnesses (Questions 356-402)

Lord Sharman OBE, Dr Ian Peters and Dr Sarah Blackburn

14 DECEMBER 2010

  Q356The Chairman: Good afternoon, and welcome to our colleague Lord Sharman. Our principal objective is to talk about the role of internal audit but Lord Sharman, no doubt, will respond to the matter more widely on any of the points that come out of the questions. For the benefit of two of you at least, could I ask you to speak up—and not too fast—for the assistance of the Hansard reporters, and so on, and for the webcast? When we come to the questions: if you have nothing to add to the first response but agree with what has been said, we are quite happy for you to not come in because there are three of you. Would anyone like to make an opening statement, or will we go straight to questions?

  Dr Ian Peters: I am happy to go straight to questions.

  Q357The Chairman: I will kick off and then questions will come from my left.

  The Financial Reporting Council said that the role and responsibilities of audit committees should include, "to monitor the integrity of the financial statements of the company and any formal announcements relating to the company's financial performance, reviewing significant financial reporting judgements contained in them". Given the financial crises and the corporate scandals that we've seen, but particularly the financial crises, which have been of considerable interest to this Committee, has there not been a failure of both auditors and internal audits during the period leading up to these crises?

  Dr Ian Peters: Perhaps I should kick off in response to that. Internal audit provides assurance to the board—and to the audit committee in particular—on the identification of, management of and mitigation of risk. Of course that covers a whole range of risks, the whole range of risks that any organisation faces. So I think we have to put this in the context that we're covering a whole range of sectors and of course, not surprisingly, we would take the view that internal audit does a very effective job in most instances.

  However, in the case of the financial crisis and in the case of the banks and the financial institutions, it is clear that internal audit was part of the structure that went wrong. I think there are many lessons that we need to learn from that and that we are still learning. But I think particularly important is the fact that internal audit and audit committees were very much focused on process and on internal controls within the organisation, and were not looking beyond that; were not looking at the wider picture as much as clearly with the benefit of hindsight, they should have been doing. That would suggest that, going forward, internal audit needs to play a much broader role and a much more significant role, in looking at the governance of the organisation, looking at the behaviour in governance, the behaviour of management and the board, the skills, the abilities, the capabilities of the board and the non-executives in particular, to ensure that they are able to play their role effectively in identifying and ensuring that the organisation is mitigating risk.

  The Chairman: Would you like to add to that?

  Dr Sarah Blackburn: I should like to add one thing to that. Having both been chair of an audit committee and an internal auditor, I think the two roles are symbiotic. We need both acting together. We need the strength of an audit committee that, from its non-executive base, is able to challenge, feels empowered to look into everything that needs looking into and does not shy away from particular areas, which I think might have been one of the problems in the financial crisis. Internal auditors provide a lot of information and a lot of detail to the audit committee, and they can provide more if they are asked for more.

  I still think that internal auditors should act intelligently and should raise issues themselves, but if they are not backed up by their audit committee chair then they can have great difficulty in being heard.

  Q358  The Chairman: Looking purely at internal auditors and not at the audit committee more widely for a moment, I think Dr Peters said that one of the lessons is that internal audit needs to look wider. In your written evidence to us, particularly in relation to this question, you said that internal audit needs to make efforts "to cultivate a different perspective from the rest of the organisation". How does it do that, given that my impression—certainly from being a non-executive in companies—is that internal auditors have a rather narrower focus? They don't have that wider focus that I think you are suggesting. Does this not mean new skills and experience in recruiting internal auditors?

  Dr Sarah Blackburn: It certainly means that you need to recruit internal auditors who have the intellectual ability, the education, the qualifications and the experience of business. They need to understand the business, not just in terms of its operational nuts and bolts but understand where it's going and where it should be going, to understand the strategic mind of the organisation. Only by having that level of understanding can you challenge and ask questions that are catalytic, in order for the management and the board to think clearly, "What is going on here, and are we going in the direction we want to go, and are the things working properly in the way we intended?" So I think that is a challenge.

  As in any occupation, not every internal auditor is a shining example. I think the best internal auditors I would liken to the social anthropologist who lives among the tribal peoples of the Amazon, say, and learns what is going on there, perhaps participates in some of the rituals but is able to stand back with a degree of objectivity to write the report about what is going on, in order to share the enlightenment.

  Q359  The Chairman: Is there a problem in that, effectively, internal auditors are part of the management, are paid by the company and, therefore, may sometimes find it difficult to express a contrary view to the view of the management?

  Lord Sharman: Can I just make an observation on that? I should like to make an observation on the first one. I think it's a mistake to look at all internal auditors as being the same. There are very different approaches, particularly by industry and also within companies with industry. In some cases, internal audit will focus very heavily on process rather than the financial aspects of the operation. There may be very good reasons for doing that but I think it is just as well to bear that in mind.

  I don't think—and it is stupid to think it could—that an internal audit group could ever be independent. People talk about independence. They can't be independent. They're part of the organisation. But what they can be is truly objective. The way in which I think you have to go about doing that is, while it's necessary in terms of the pay and rations, that there be some link into the organisation—and I believe it should always be the most senior manager in the organisation—then the audit committee should be very actively involved: firstly, in the determination of the work programme of internal audit; secondly, in the determination of the objectives of the head of internal audit; thirdly, in the determination of the head of the internal audit's performance against those objectives; and fourthly, if nothing else, in the amount of variable pay that a head of internal audit might get, and that that variable pay should be arrived at on a different basis from other members of the management team. In particular, it should not include any objectives that are related to the financial performance of the company.

  Q360  The Chairman: Do you think what you have described happens often, particularly in financial institutions?

  Lord Sharman: No. I think it's an aspiration for some, but it's an aspiration that I don't think you would find widely spread at the moment.

  Dr Ian Peters: If I may say, I think Lord Sharman is absolutely right there, and that is why the role of the audit committee and the internal audit are inextricably linked. The audit committee, and the chair of the audit committee, must understand and grasp the nature of that role, recognise the critical importance that he as an individual, or she as an individual, has in ensuring that you get the best from internal audit, that you maintain its objectivity if you like—if we don't call it "independence"—and that relationship is key. If a chair of the audit committee and the audit committee itself does not grasp that and take that into account, then it is very difficult for internal audit to play an effective role in providing assurance and in providing the information and input that is required.

  One point on independence by the way: I think we could debate that all day, but I'm not quite sure why external audit is any more independent, in the sense that it's paid for by the company concerned and you change your external auditor. If you don't like them, you can get rid of them and change them for another one. So we could have the same debate about external audit as internal audit. The issue is what safeguards are in place to ensure its objectivity.

  Q361  The Chairman: We will be coming onto external auditors in that context. My impression is that what Lord Sharman was saying, and what he himself said was carried out by a minority of companies, is not the general way in which internal audit has been treated and regarded in many companies until now. Is that your experience?

  Dr Sarah Blackburn: Well, no, I don't think that's entirely my experience. I think that probably all organisations could do better, because we are all human. However, I think that some organisations have got a lot further on the path than others and, again, this kind of guidance comes from the top. It's to do with the direction from the chair, from the board members, and particularly the non-executive members, because they are the independent ones, and they are the ones who should set the tone of what it is that they want. I sometimes say to people, "You get the internal audit you deserve".

  Q362  Lord Smith of Clifton: Since the oversight of risk management is one of their main tasks, should audit committees have been more effective at heading off the impact of the financial crisis on their companies?

  Dr Ian Peters: I think the answer to that is "yes", put simply. It comes back to this point as to whether the audit committee adequately understood and delivered its responsibilities, its role, in ensuring that the risks were being managed effectively, being aware of the range and scope of risk, in ensuring that the governance of the organisation was effective and that appropriate behaviours were adopted. So I think we would have to say that, yes, audit committees bear a significant degree of responsibility, but not on their own.

  I think one thing Lord Sharman said a moment ago is very important. We shouldn't put everybody together in this. I think it is quite important to separate the situation in the banks in particular—the banks and the financial services sector, but particularly the banks—from the rest of the corporate community, and not tar everybody with the same brush. Certainly, within the banks, the focus—and I think partly a reflection of the sophistication of the banks and the banks' products—means that inevitably the focus is often on the detail, on the process, on the controls, perhaps more than taking a more stand-back view of the organisation and its risks as a whole.

  Q363  Lord Smith of Clifton: Would you go along, then, with Sir David Walker's recommendations that banks and insurance companies should have separate risk committees?

  Lord Sharman: Could I respond to that, because I am the chairman of an insurance company. I recognised, and I think many others did—perhaps in my case five years ago—that what we were asking audit committees to do, in terms of the span of their responsibilities, the time input required, the sheer volume of material that they were looking at, was not a viable, ongoing proposition. We separated the risk function, or the governance of risk, from the other aspects of the audit committee, because we wanted to ensure that risk would get at least as good a scrutiny as the other things. The problem with having risk in the audit committee—in my view anyway—is that there is a whole pile of things that the audit committee is mandated to do: it has to approve the financial statements; it has to approve any announcements about takeovers. It has a whole pile of things that it must do. So, when it comes to its deliberations those obviously come first. I think Walker is absolutely right on this and I would go beyond banks and other financial institutions—I think they're called BOFIs—and say that, in my view, in any organisation where there is a complex risk scenario you should have a separate risk committee.

  Dr Sarah Blackburn: If I might add to that from my perspective in the National Health Service, because clinical risk is so complex and is so much governed by the expertise of the clinical professions, indeed, you do find this separation out of clinical risk. However, one of the things that we have found in the National Health Service is that, unless these are brought back together—the operational risk, the administrative risk, the strategic risk together with the clinical risk, the complicated technical part—that it doesn't all hang together properly, so the board needs to assert its responsibility over all types of risk. It's very important in having a risk committee that risks aren't slid off that risk committee and that the board as a whole retains its corporate collegiate responsibility.

  Q364  Lord Shipley: Can I ask you about whether you think there is a partial assurance vacuum at the moment? Recent corporate troubles and the financial crisis would tend to suggest that there has been. Can you say something about how you think boards' assurance needs might be better met in the future?

  Dr Ian Peters: I think this again is a reflection of the fact that assurance was being provided in the areas of process, of internal control, but not in the broader areas of governance, of board behaviour, of management capability. What we need to do is look to those areas as well if we're going to have a total assurance, as far as one can have total assurance. You don't have full assurance of course. It can only ever be as far as you can offer an opinion, but nevertheless I would come back to that same point in a sense. It's another dimension of it.

  Q365  Lord Shipley: But looking at it from the perspective of the individual board member who has responsibilities, how might an individual be helped in terms of getting external advice, for example, about policies being pursued that they might have a concern about?

  Lord Sharman: Can I make an observation on that, again, from personal experience? I have found—and again, as I said, I operate in a regulated industry—that the appointment of an independent advisor to both the audit committee and the risk committee, separate from the external auditors, separate from the internal auditor, and separate from anybody else in the organisation—somebody completely independent, who acts as an advisor to those committees and can therefore also act as an advisor to the board—is particularly helpful. In our case, being a complex industry, it needs to be somebody with a very deep understanding of the industry in which we work.

  Q366  Lord Lawson of Blaby: Are there any cases of that or is this an entirely new idea of yours?

  Lord Sharman: No, I put it in place, Lord Lawson, 18 months ago.

  Q367  Lord Lawson of Blaby: How general is it?

  Lord Sharman: I suspect it's not very common.

  Q368  Lord Forsyth of Drumlean: Isn't one of the worries that you can destroy the unity of the board by having competing sources of advice?

  Lord Sharman: I don't see them as competing. I see them as complementary.

  Lord Forsyth of Drumlean: They might be competing.

  Lord Sharman: In that case, then, I think the board should be deeply concerned about what makes it competing and should pay great attention to it, because I think there you would have the nub of something the board should properly be focusing on. Particularly in the area of risk or anything like that, board members do need help. We have to do a lot of training these days. We do probably more training than I did when I was a practising accountant. But we have regular training sessions and things like that, and you have to provide the support for people who are sitting on boards to have the best possible basis for making a decision.

  Q369  Lord Smith of Clifton: Why wouldn't this luminary actually be one of your non-executives?

  Lord Sharman: Because you have a relatively limited pool to fish in. In any particular industry, once you start to eliminate people who are effectively conflicted because they are involved with competing organisations, it can be very difficult to get the expertise as a non-executive board member.

  Dr Ian Peters: We would also take the view that the internal auditor is a provider of information and, not advice, but input to the non-executives themselves. I think we almost touched on it earlier on in the discussion: how do we know that the internal audit function itself has sufficient expertise to perform its role effectively? When we're looking at the more complex areas in banking, for example, we don't know that necessarily. One of the key things we need to look at is: how can we strengthen the internal audit function within the banks and the financial sector in a way that enables the function to provide adequate assurance to the board. That means looking, yes, at pay and remuneration. It also means looking at where the pool of expertise is from which we can draw and feed into internal audit.

  As an institute, of course, we would like to think that all internal auditors were qualified with the institute's qualifications and that made them perfect internal auditors. In practice, the world isn't quite like that. We need to bring in external expertise, because to audit effectively, yes, you need good audit skills, but you also need to understand what you are auditing.

  So, of course, taking the risk management area in banks it wouldn't be inappropriate, necessarily, to draw on risk management and bring people from that area into internal audit for a period and then send them back again. The guest internal auditor or coming into internal audit by rotation is an approach that one might adopt to make sure that you have an appropriate mix of skills. It gets quite sophisticated and that's something that, certainly in the financial services sector, we need to look very closely at.

  Q370  The Chairman: Could I take a particular example to see if I can draw you out on what you were saying earlier? Dr Peters said that perhaps there was too much focus on process in internal audit in the banks leading up to the crisis. Would you expect in the better world internal auditors to be challenging, in the case of one bank in particular for example, that it was focusing on and investing too much in subprime mortgages from the United States and drawing attention to the risks that there were in relation to subprime mortgages? Or would that be coming from the external consultant?

  Dr Ian Peters: The simple answer is "yes".

  Dr Sarah Blackburn: Yes, well, when we look back with hindsight we can all see things that people should have asked questions about, and why would you lend money to somebody who didn't look like they could pay you back? That is such a basic question. I don't think you need an economics degree or great experience in the City to ask that question. Most people off the street would not lend money to somebody they didn't think could pay them back. So I think it does come back to this question of: even with external experts, how do we get a different point of view? How do we cultivate the Cassandras of this world—the people who will say things that are unacceptable, because they are worth saying so that people have another think and work out whether they are missing a risk here?

  Q371  Lord Forsyth of Drumlean: Isn't the answer to your question, in the case of why you would lend to people who weren't in a position to pay it back, because the Government had passed a law requiring you to do so? I'm just thinking—Lord Sharman's point—you could have a non-executive who had a particular view on a board and, if he could go and get external advice and challenge the executive policy—say the executives want to do a big merger or they want to take some strategic position—you could have a Cassandra. Cassandra happened to be right, but not all Cassandras are right.[8] I am just thinking what the practicalities are of how you would run a board where people can go off and get competing advice. We all know that in investment banking you can get advice to do whatever you want. Is this a practical way to try to maintain a structure within a unitary board? I can see the superficial attraction but, in practice, are you—as a chief executive rather than a chairman—going to welcome this kind of innovation in corporate governance?

  Lord Sharman: One of the great challenges of chairmanship these days is balancing the need for what I would describe as constructive challenge of the executive members of the board with being able to maintain the responsibilities of a unitary board. Technically, it's much easier with a two-tier board, because you have supervisors and you have managers. From my experience it still doesn't mean to say there is a great deal of challenge from supervisory boards, but I do think there is that. Technically, I'd be very surprised if any of the FTSE 100 in their appointment letters to non-executives do not provide for the non-executive to get independent advice if he wants to do it.

  Then coming back to: does it happen that frequently? It probably doesn't happen as frequently as it should do. On the issue of the banks that got themselves into trouble through not lending money but buying subprime instruments which I suspect no one understood at times, I suspect—and this is just suspicion—that the change in the risk profile of certain institutions was not understood as a result of this. It is that area where I think audit committees should be focusing in the future—on things like activities that change the risk profile of an entity.

  That is quite difficult to define, because I suspect again that in many cases, bits of the banks would be operating within delegated authority, because delegated authority was defined in a monetary amount—i.e. "you can run a book of this size"—but probably wasn't defined in terms of, "you can run a book of this size, but you mustn't change the risk profile of the bank". That is a struggle that certainly I'm struggling with at the moment: how do I move from just defining delegated authority in monetary amounts to delegated authority in monetary amounts and within defined risk parameters, or whatever? I think that's partly what we have to get right if we're going to prevent these things happening in the future.

  Q372  Lord Forsyth of Drumlean: Do you think that the annual reports, rather than having a report to the board about the audit committee, should include a separate report from the audit committee, which deals with issues like how they chose their auditors and how they ensured their independence, and so on?

  Lord Sharman: There are examples, quite a few examples, where you have reports like this. They are not as voluminous as the remuneration committee report, I have to say, but there are examples of audit committee reports in the FTSE 100 where it is a report from the audit committee to the shareholders, effectively. I should like to see that more widespread and I should like to see more engagement through the AGM with shareholders and the chairman of the audit committee. My experience on a Dutch board, where this has been the case for some time, is that you do get questions from the floor directed to the chairman of the audit committee about the way in which they've gone about discharging their duties.

  Dr Ian Peters: I think our view would be not quite that. It is perfectly appropriate and not in any way unhelpful for the audit committee to produce a report, which the board then determines to be included in the annual report. But essentially I think, rather as we took the view with the proposal from Walker about risk committees, it's essential that the board doesn't pass on its responsibility to individual committees within the board. So I think we would take the view that the annual report and accounts is the board's report and accounts and must be approved by the board, and the board must be accountable for the content. That includes the report about the role and activities of the audit committee. Now, if the board should choose to invite the audit committee to produce that report and simply signs it off, that is absolutely fine, but our view is that it is the board's responsibility.

  Q373  Lord Forsyth of Drumlean: Would that include the specifics that I mentioned; that is, it actually addressed specific matters such as how the audit committee monitored the independence of the external auditor and how it determined the choice of external auditor?

  Dr Ian Peters: Absolutely, it should include that, yes.

  Q374  The Chairman: Would you also include in that how often the audit committee went out to tender—in terms of competition, choice, independence and so on—for the external auditor and how often it changed its auditor?

  Dr Ian Peters: It would be entirely appropriate, yes.

  Dr Sarah Blackburn: I think that's anything that one would want to know if one were reading the report.

  Lord Sharman: I believe that's right but also, if you're changing the auditors, the shareholders have to appoint them anyway, so they would know. I think there ought to be—I don't know, every five years or something like that—a specific review by the audit committee of its audit relationship and a decision made "yes" or "no" and justified.

  Q375  The Chairman: We do know that they have to change their audit partner. Is it every five years of seven years?

  Lord Sharman: Every five years.

  Q376  The Chairman: Every five years. The evidence is that very few of the FTSE companies change their auditors and very few go out to an external tender.

  Lord Sharman: Well, there is a problem with something that I know you're discussing—but I'm particularly not keen to comment too much in view of my former life—but there is a problem with choice.

  Q377  Lord Forsyth of Drumlean: Yes, but at the moment you have more chance of seeing Halley's Comet than seeing a change of auditor in a FTSE 100 company.

  Lord Sharman: I can't remember how frequently Halley's Comet arrives, but I'm not prepared to challenge that.

  Q378  Lord Lawson of Blaby: Please don't be shy. We all know of your distinguished former career, but that does not prevent you from giving us good advice now, so if you would answer the Chairman's question in an uninhibited way.

  Lord Sharman: I believe, as I said, Lord Lawson, that the audit committee should justify once every five years or so the relationship with its auditor. It should do a thorough evaluation of it, and it should come to a decision as to whether it believes it should tender or not, and then justify that decision to its shareholders.

  Q379  Lord Best: We've heard that the UK Corporate Governance Code is not mandatory and companies don't have to have an audit committee. Are we right in thinking that the FRC's guidance on audit committees doesn't count for very much?

  Lord Sharman: I think that would be a harsh judgement. Since the Smith Guidance—which I think has now been turned into the FRC Guidance—which was in 2003, the function of audit committees has developed significantly. Not all of the change can be attributed to that guidance, but it has been helpful and I think it has set a benchmark against which audit committees should judge themselves. So I wouldn't dismiss it. I think it's helpful that it's updated from time to time essentially to codify best practice. I think there is no doubt that the level of acceptable practice has been raised in the past seven years. I think if you go back seven years, audit committees were much less effective than they are today.

  Dr Sarah Blackburn: I must concur with that. My experience is that they have become more professional since the time of the Smith Guidance. Of course everybody is still working towards that. Like boards, audit committees should evaluate themselves in a similar way, not just looking at the processes and going through some sort of tick list—have they done this; do they have one of those?—but looking at how they operate and whether they operate effectively. What has changed in the organisation as a result of the things that they have looked at? There are a number of parties you could call upon in order to help you and be involved in that self-evaluation, possibly even going to an external evaluation. Certainly, I have run those for audit committees and I think they are tremendously valuable in making sure that you focus on the service that you provide to your colleagues on the board, because of the extra scrutiny with which you look at areas of risk and the financial reporting.

  Q380  Lord Best: Are proposed revisions on non-audit services likely to be accepted, listened to or acted upon?

  Lord Sharman: I think so. I came from an audit committee relatively recently where there was an extensive discussion about the level to which we were prepared to contract the auditor for non-audit services. You have to be a bit careful about definitions here because, essentially, the way the thing is defined today, there are three categories of services: audit, which is the statutory audit; then there are audit-related services, which are the things you need to do because you are the auditor. They might be regulatory reports and things like that. Then there is non-audit, and in particular things like tax advice and that sort of thing. I think it is eminently reasonable to expect that audit committees will take a much harder look at the non-audit services with a view to restricting them in future.

  Dr Sarah Blackburn: One of the areas I think needs to be defined as a non-audit service is internal audit. Internal audit should not come from the external auditors of the company, but there may be circumstances in which there are things that fall into near audit services or where pragmatically there is a need for them to work closely together. Those sorts of things need to be overseen and co-ordinated by the audit committee to make sure that there is not a muddling up of the two assurance lines, because they are very different and have different purposes.

  In terms of thinking about what is in the non-audit services category, that's where internal audit should be. It's not part of the external audit and any extension of external audit activity should not be such as to encompass things that are done by internal audit, and not least from the audit committee's perspective: it's useful to have more than one source of assurance and more than one point of view.

  Lord Sharman: Yes, I would agree with that. I would put an absolute outright ban on anything that represented outsourcing of any kind. If there was a proposal that we will outsource our computer audit activity from the internal audit to the external audit, I think that would be totally unacceptable, because that's taking away a part of the assurance that you should rely on. I have a great deal of difficulty with much else as well. I don't believe there's a very strong case for external auditors providing internal audit services. I think I'd agree with the assertion there that you do need two. The more levels of assurance you can get, the better you're going to be.

  Q381  Lord Lawson of Blaby: I should like to focus on the problem, which most of the discussion has been about, of the auditing of the banks and "what went wrong?" Of course, a lot of things went wrong and the question of the audit, both external and internal audit, is only a part of it, and not a major part in my judgement. Nevertheless, what we are focusing on is what can be done there.

  First of all, if I may say from my personal experience of rather a long time ago, I do think it is unrealistic to place great weight on the sagacity or understanding of the non-executive directors. Ms Blackburn said what you should look at is what changes have taken place. I remember—this is between 15 and 20 years ago, when I was a non-executive director and a member of the audit committee of one of the biggest banks in this country—what I was conscious of changing was the extraordinary growth in derivatives in the derivatives business. I was a bit worried because this was such huge growth and, therefore, it seemed to me this was an area we should look at. The question was: how risky was this? I didn't understand the complexities of the derivatives business, and I don't think my fellow non-executive directors did.

  My concern was that it didn't seem to me that the management did. When I challenged the management and said, "Look, this is growing very fast. Are we comfortable we're not taking on too much risk?" they said, "Oh yes, we have a new thing called VAR, Value at Risk, and there is a very good mathematical model. We know all about it". That was how it was approached in those days. I don't think they understood it. They didn't understand the mathematical model. How could they? There were people in the business who claimed to understand it but certainly the non-executives couldn't. They couldn't challenge that. So we do need good professional steer, good professional advice, both external auditors and internal auditors.

  So with that background, what is your assessment with the benefit of hindsight—I'm not blaming anyone, but with the benefit of hindsight—of what went wrong? Was it that the auditors of all kinds didn't recognise that there was something that might be dangerous taking place; or was it that maybe they did have this instinct but there was no mechanism by which they could turn that into action; or was there a mechanism? Was there—as Lord Sharman said—the dialogue with the chief executive and the chief executive took no notice of it? In that case what do you do, if the chief executive says, "No, it is fine, I've looked into this very thoroughly and it's fine"? So which of those three is it? I'd like your answer to that.

  Then, finally, because this is what we are about, if you can identify what the problem is, what is your solution? What can be done that would reduce the chances of having a similar failure? I say that without wishing to be too melodramatic. I say that in the sense that Dr Peters very honestly admitted that there had been a degree of failure. What should we put in place, which will minimise—it won't eliminate it, but will greatly minimise—the chances of that happening again? The great thing about hindsight is that, although you can't turn the clock back, you can learn something from it. So what have you learnt in practical terms?

  Dr Ian Peters: That is a big question, Lord Lawson. As I am sure you will understand, there isn't a simple answer, though I'll try to be brief. First of all, I think we are still learning. That's the important point. Two years ago, before I joined the institute, the institute did do some research early on—a survey of heads of audit of the financial services, banks in particular—and got some initial input. At that time, it was very difficult to get anything that gave us much of a handle on what had happened. It was too raw. People were unable to speak out, I guess, in many instances.

  More recently, we started doing some more work in this area to try to look back with the benefit of hindsight, the dust having settled a little. Anything I say now, I have to put the caveat on it that I don't think we are at the position yet where we have a clear view. It's an emerging view.

  The feedback that I get is that—you listed three alternatives—it was essentially more that it wasn't just internal audit. It was everybody, from regulators, through to auditors internal and external, through to management, who were not looking in the right place; not so much not wishing to look in the right place but not recognising that they needed to look there, it not occurring to them that there was a potential problem.

  Q382  Lord Lawson of Blaby: If I may interrupt you at that point, because it is interesting you mentioned the regulators. Do you think you could have tipped off the regulators in some cases and that you failed to do so?

  Dr Ian Peters: I don't think that was the situation, no, as far as I'm aware. I'm cautious here, because there may have been some in some banks who may have been in that position; I'm not aware of any at the moment. The people I've spoken to—the input that I've had—would rather suggest that what internal audit was doing was down in the long grass. It was dealing with the detail, with the controls, with the processes. It wasn't looking up over the top and looking at what was out there, what was on the horizon. It now seems very odd, but in practice nobody was looking at the horizon at those potential risks. I don't know, maybe I'm stating the obvious. There have been a lot of reviews done of this, as we know; a lot has now been written.

  I don't think internal audit was in any more of a helpful place than anybody else was at that point. So, the question then arises: why wasn't it? Why was it not looking in the right place? Why was it not focused in the right area? Again, I think it's because you have to look at the context within which internal audit is operating. The board was not looking for assurance in those areas from internal audit. The audit committee was not looking for assurance in those areas from internal audit. Even the regulators were not raising these issues. So I think you have to then ask: how on earth was internal audit expected to spot that; everybody else had not seen this and they could see it? Unfortunately, everybody was blinded because we were all caught up. They were all caught up at the time in the hubris of it, in the fantastic situation that we were in, in the potential to make more money by engaging in deals in new financial products, and so on. Nobody could see that that was going wrong.

  My fear is that sounds like the obvious, but in practice sometimes it is the obvious. I think, as you rightly say, we now have to learn from that and say, "How can we put the right structures in place, the right arrangements, the right framework, so that next time we're looking in the right place?" In my view, that has to be looking at the relationship between the board, the audit committee, the internal auditor, the external auditor, and the regulator.

  Some of the feedback I have had from the banks on the regulators now is that, they're so fearful of it all going horribly wrong again, they're dealing with all the detail again, and that, whereas maybe the auditors and the audit committees should be spending 90% of their time on 10% of the problems, the regulators are looking for them to spend all their time on all of the problems. There needs to be more focus on the issues that matter most.

  Again, back to a point you made a moment ago, if I may, I think that is about expertise and knowledge and understanding. You're right that the non-executives generally will not understand the detail; neither will the internal auditors, as professional internal auditors, so they need to find another source of that expertise to be able to inform their own activities.

  The Chairman: Could I just follow up, and one other colleague wanted to get in, in response to the question of Lord Lawson.

  Lord Lawson of Blaby: Do any others want to add anything to that?

  Q383  The Chairman: I am going to ask in a minute. But to follow up on one point, that is: we have had discussions with other witnesses about whether the internal and external auditors should engage in more, sometimes confidential, dialogue with the regulators. One can see some of the pitfalls in this as well as some of the benefits. I wonder if you have any views on that subject.

  Dr Sarah Blackburn: I wouldn't want to talk for the external auditors. For the internal auditors, I think we are in the position of a service to the board, a service to management, and an intrinsic part of our value is that we are internal, that we are embedded in the organisation. I wonder whether we would be as effective, whether anybody would ever tell us anything. It's rather along the lines of: would you tell your GP anything that had been going on in your life that affected your health if you knew that, once a year, he was going to post it up on the internet so the whole world could see? I think we have to be very careful. The benefits of an internal audit service are that they give the company an opportunity to look at itself and to put things right before other people need to know about them. Therefore, I think I would be rather disinclined for internal auditors to be always popping outside to tell the regulator something.

  Lord Lawson of Blaby: Just to clarify, what the Chairman was talking about was not posting anything on the internet, but having a highly confidential discussion.

  The Chairman: Absolutely.

  Lord Sharman: Could I just say that, whatever everybody might wish, I think it's going to be inevitable that regulators will want to have a dialogue with external auditors and internal.

  The Chairman: And internal?

  Lord Sharman: Yes, and to some degree it already takes place. To some degree in financial institutions, the regulator has access to internal audit reports. It can request access to internal reports. It can request internal audit to do specific work for it, if it wants to. I think that's the de facto situation. The next step with more intensive regulation—I prefer to call it "intrensive"; the regulator prefers to call it "intrusive", so we're having a little debate over syntax there—which we're going to have is that it is inevitable that the regulator, if he's going to do his job, will want to have as much access to as much information as he can. So from that point of view, I don't think it's avoidable and I don't think it's entirely a bad thing.

  May I return to Lord Lawson's question because I have some points I'd like to make on that? You were asking about the lessons we can learn, because you're absolutely right that it's no good sitting here saying there was no one to blame. I think three things I would focus on in terms of causes of this crisis, but an overriding point I would make is the speed at which it happened. The crisis happened very quickly. No one foresaw it, and when you look at the trigger of commercial paper markets just shutting down, one of the interesting things that I think you would find is that if you went to anybody's stress-testing prior to that period they would have stress-tested their financial models against changes in interest rates, and things like that. I bet not many of them would have stress-tested against the availability of finance for the AAA-rated organisations. So that's just an overriding thing.

  I think three things happened that were inadequately appreciated. I think there was a significant change, and it was very much—as you were saying, Lord Lawson—about the move to derivatives, but I think as that move developed there was a significant change in the risk profile of many of the financial institutions that failed. You can look at the building societies that failed; a significant change in their mortgage books over a period of time. If you look at the commercial banks that failed; a significant change in the nature of their derivatives, the CDOs and other stuff that they were investing in. I do not believe—and it is just my opinion—that anyone within the top echelons of those organisations appreciated the change in risk profile. I certainly don't believe the boards fully appreciated what was happening, and I suspect the audit committees didn't either. The question then arises: should the external auditors and the internal auditors have appreciated that? Given that no one else did, I think that is a harsh judgement.

  Again, the second thing that happened was that some of the organisations that failed had a flawed business model. It was flawed, and surprisingly I can recollect being told that one business model that failed was the new face of banking, but it didn't fit with the basic education I'd had. Again, I find it difficult to believe that, certainly, the regulator did not understand that that was a flawed business model. But clearly the board didn't or they would have done something about it.

  The final thing is that I think there is evidence of a number of poor judgements made by boards. There were several transactions that—again, with the benefit of hindsight—turned out to be poor in judgement and execution.

  What do we learn from it? What I would say is this: that audit in the past—and I say "in the past"—has always been a process that looks backwards. I think we have to find a way of getting assurance that looks forward. The only aspect of an audit that looks forward at the moment is the assessment of an entity as a going concern, and that is just something where you sit there, "Do we have finance and everything in?" But I think audit, and particularly external audit, is directed to the opinion on a set of financial statements that have passed. I think it would be more helpful—and my colleagues are not going to bless me for this—and much more useful to corporate Britain, and society at large, if we could find a way of giving some assurance over forward-looking trajectories.

  Dr Ian Peters: Of course, that is exactly what internal audits should be about. External audit is about a snapshot and, therefore, effectively a look backwards. Internal audit—when it's done properly, when it's truly risk based—should be about looking forward and anticipating risk. That of course is effectively what didn't happen in banking and financial services as it should have done. That is the model that we promote throughout the profession. I am sure there are plenty of examples of that, although of course they're generally not public.

  Dr Sarah Blackburn: Of course, the other thing is that, when things are working well, those will not be the things that come to people's attention; it is only the obvious problems that we know about.

  Q384  The Chairman: But to pick up the points that Lord Sharman made, reading a lot of the books and other serious studies of this period, as I have been doing, I entirely agree that most people didn't see the risks of CDOs. It's astonishing to see how they were built up in the States as well as the subprime mortgages. No one challenged it. So it's quite difficult to see how internal auditors would be able to get underneath the surface and challenge those, when very intelligent directors of banks didn't do so either.

  Dr Ian Peters: I agree.

  Q385  Lord Forsyth of Drumlean: Perhaps I have a slightly cynical view of this. But wasn't what was happening that the money supply was being expanded very rapidly; there was cheap credit about; the banks were making shed loads of money from this cheap credit; people created derivatives, which enabled people to get around some of the regulatory constraints, and it would have been a very brave auditor who put up his hand and said, "Excuse me, Sir Fred, can you stop doing this?" at a time when lots of money was being made. Indeed, if you look at some of the banks that showed restraint—such as Lloyds before it did its disastrous deal with HBOS—they were pilloried in the city and their share price was squeezed as a result because they were not expanding their balance sheets. So isn't the analogy a bit like a stampede where everybody is going along?

  Lord Sharman, you said that nobody realised the risks. I can remember the chat about credit derivatives, and there were people expressing anxiety. But the truth was: if you were a rating agency, or if you were audit, or even if you were a regulator, or even if you were the bank, to put up your hand and say "Stop" to the stampede would have had terrific financial consequences for the Government, and isn't that what happened? In seeking a solution that relates to the conduct of auditors, are we not missing the systemic problem that arose because of the nature of the bubble that was created by this expansion of the money supply?

  Dr Ian Peters: I think that is absolutely right. That is why I said earlier it's about the relationship between the different parties; it's not one particular party. It is checks and balances, it seems to me.

  Q386  Lord Forsyth of Drumlean: But that relationship is about making money and getting fees.

  Dr Ian Peters: Yes, but it does not have to be just about that.

  Lord Lawson of Blaby: Not in the case of the regulators.

  Lord Forsyth of Drumlean: No, not in the case of the regulators. Well, yes, in the case of the Government it was about getting tax revenues.

  Dr Ian Peters: Indeed, of course, the bubble did burst and those organisations then failed, or very nearly failed; in private sector terms did fail. So I don't think it has to be just about that, and it is important that boards and management are reminded that there is a bigger picture. Take BP, for example; we all know what happened there. What is interesting is that the new Chief Executive of BP has introduced a new bonus arrangement for senior management in the organisation that puts the management of risk at the top of the criteria on which bonuses are based, rather than just how much money they make for the organisation. So it is about structures; it's about incentives; it's about remuneration; it's about how we incentivise people to achieve the appropriate goals and objectives. Yes, somebody needs to decide what those goals and objectives are and, ultimately, of course that has to be the shareholders. So we all bear a responsibility in order to question the decisions that the management and the board are making.

  Q387  Lord Forsyth of Drumlean: To take my stampede analogy, do you think the auditors are going to be in a position to stand aside and say, "Hang on a second, chaps, we need to go this way"?

  Dr Ian Peters: No, not if everybody is stampeding. But if the structures enable questions to be made in different parts of the organisation, then one would expect the internal auditors to be one of those groups putting forward the questions and creating the challenges. It's about the checks and balances. You're absolutely right, if you go back to what happened then, no, nobody could have expected the internal auditors to put their hands up in that situation. But I think, going forward, if we put the right checks and balances in place; it's all about minimising risk, at the end of the day. We will never avoid it completely. We will never prevent another crisis.

  Q388  Lord Forsyth of Drumlean: One of the ways that I think you could stand up to the stampede is to have that channel to the regulator, saying, "Look here, we're auditing these banks because we're worried about the extent to which the balance sheets are being extended", or whatever. That raises the issues you were concerned about, client.

  Lord Sharman: I would just add there, Lord Forsyth, that this comes into this issue. I don't know whether you call it the conflict or the interrelationship between accounts, accounting and prudence. I take the view that prudence is the job of the regulator. Accounts and accounting are the job of showing something that is true and fair, and the two may not necessarily be the same.

  Q389  Lord Shipley: I would like to be a bit clearer about how we move from a situation, in which internal auditors are sceptical, to one in which they can challenge. You say in your evidence, in paragraph 48, "The evidence we have gathered so far does not support a lack of scepticism from internal auditors in the banks in the run-up to the 2008 financial crisis". So we accept there is a problem and we have just been discussing the reasons for the problem. What I'm not clear about is what your solution to that is that would enable internal auditors, a large number of whom were apparently sceptical prior to the crash, to move from that position of scepticism to one of challenge with a meaningful outcome.

  Dr Sarah Blackburn: I certainly think there is potential in the combined code to strengthen the position of internal audit, and to refer to it not among a host of provisions but perhaps raise it to a principle level, in order that internal audit be seen as one of the essential elements in corporate governance. There is always a virtuous circle that we need to create in which there are more credible internal auditors who support more credible, independent non-executive directors. If non-execs have learned anything from the past few years, it is how precarious things can be, and how much a non-exec has to keep their eyes and ears open and think all the time, "What else is going on? What are the unknown unknowns here? What should I be focusing my attention on? What should I be asking the management about?" If you have that strength coming from your non-execs, then perhaps you have more opportunity for internal auditors to provide them with the knowledge from the ground up that may support the questions that they need to ask.

  Q390  Lord Lipsey: We are talking about stopping the stampede here. We keep hearing different suggestions as to who should have stopped the stampede. In the past two minutes, I've heard regulators and non-executives directors mentioned; I haven't heard internal auditors mentioned again, although—I think what you were saying earlier—there was a good deal of suspicion among the internal auditors, as there should have been, as to what was going on. Having said that, one question is whether this is because of the governance position—to call it that—of internal auditors themselves. For example, very often they get their pay and rations from the chief executive, who may be the person who is whipping on the stampede, with a view to filling his pockets with the proceeds of the dead cattle when they get to market. Is there a need to reform the internal audit procedures so as to strengthen the internal auditors, relative to the rest of the governance structure, in order for it to fulfil its important and admirable job of stopping the stampede before it gets under way?

  Dr Ian Peters: There is definitely a need to look at the regulatory environment in which internal audit operates. So, in our view, the corporate governance code is not strong enough, in terms of setting out—both in principle and in practice—where internal audit should sit and the relationship that it should have. It is not one of the key principles in the code, in terms of comply or explain, and that is where we believe it should sit. It is there but it's at a lower level in the area of accountability. We believe it should have a more prominent position and certainly, in terms of the guidance and support, there is no doubt in the mind of the institute that it is essential that internal audit should report to the chair of the audit committee and with a dotted line, by all means, to internal management. It needs a relationship with internal management—it is internal—and pay and rations, if you like, in terms of where the money comes from, but the remuneration levels and the hiring and firing of the head of internal audit should sit with the audit committee and the chair of the audit committee, as indeed should a view on the resources, on the budget available to the internal audit function.

  Q391  Lord Smith of Clifton: If you are going to approach the regulator, whether you're internal audit, external audit or a non-executive director, how do you go about this? Do you say to the chief executive or the chairman of the board, "I am going to report you, I am going to be a virtual snake", or are you a whistleblower? What are the protocols you follow before going to tip off the regulator that something is amiss?

  Dr Ian Peters: I am happy to respond, but—

  Lord Sharman: It is difficult to envisage those circumstances, because I would hope the person would certainly have had a long conversation and a series of discussions with me as the chairman. In extremis, I think they just go. I would work on the basis there had been conversations and normally the threat of going would get pretty significant attention. If somebody said to me, "Look, I'm unhappy with this, I don't think you're responding; I don't think the management is responding. I'll give you enough time to do it, but if I come back and nothing happens I'm going to go and see the FSA", you can reckon there would be a trail of people coming in and out of my office fairly swiftly.

  Dr Ian Peters: Certainly one would expect the head of internal audit to have the conversation with the audit committee chair and to then, if necessary, have the conversation with the chairman of the board. If it came to talking to the regulator—by which time, incidentally, the head of audit might well have resigned as part of this process—but certainly the relationship with the regulator, particularly in financial services with the FSA, is ongoing anyway. The FSA appoints its staff to work with specific companies and organisations. They know each other on first name terms, so it certainly wouldn't be difficult.

  Lord Sharman: Just to add to that, in a financial institution these days the chairman will sit down with the regulator at least twice a year on a one-to-one basis. The senior independent will do the same; the chairman of the audit committee will do the same; the chairman of the risk committee will do the same, and to some degree in future I expect the chairman of the remuneration committee will also do that. At the non-executive level there is very much an ongoing dialogue. The opportunity is there. But, as I say, if it was a really serious issue then I would expect it to have been aired with me and if we differed, then fine.

  The Chairman: We must move on. I think we're going to have the possibility of a vote, in which case, since we have a number of other topics we want to cover, you will have to forgive us while we go away for about 10 minutes and then come back again.

  Q392  Lord Lipsey: Just to go back one. As I understand it, internal audit is not compulsory at the moment for companies. Should it be?

  Dr Ian Peters: We would tend to go with the principle-based approach of comply or explain. I think the view of the corporate world in the UK is that that works well, it's not a system that is broke, and it doesn't need to be fixed as such, though we may well want to look at particular aspects of it, as indeed the FRC has been doing. But I don't think we would look for internal audit to become compulsory. Going back to my point earlier, it's about the positioning of internal audit, in terms of the combined code, or the corporate governance code as it now is, that should be more prominent and should be a key principle. We should try that first, certainly, before we go down the route of further regulation. I'm not somebody who generally favours regulating unless one absolutely has to. I have another role, which is a member of the Regulatory Policy Committee for the Government, and I would always rather find an alternative to regulation than to regulate, if possible.

  Q393  Lord Lipsey: But you don't know that you should have had internal audit until the thing goes wrong, and then it's too late to do anything about it. It might be regarded as more sensible for everybody to have the internal audit to begin with and see whether that doesn't solve some of the problems before they happen.

  Lord Sharman: My own view, for what it's worth, is that I would not sit on a board that did not have a proper internal audit function. I wouldn't be happy with the amount of assurance—

  Lord Lipsey: That is why you're so sought after as a non-executive.

  Lord Sharman: No, I'm too old. According to the code, I am beyond useful endeavour.

  Dr Sarah Blackburn: In terms of taking on a role in an organisation where I had no faith in the internal audit provision, that would be something I would not want to do. But I think we should look closely at some of the other sectors in this country where internal audit is mandatory, and notice that sometimes making something compulsory encourages people just to tick the box, and to have something cheap and nasty, or cheap and cheerful, is not productive. Sometimes I get a bit controversial with internal auditors by saying that I think it would be better for some organisations not to have a poor-quality internal audit function at all. What one needs is to have one that is worth having, that is effective. So if you have a mandatory system where people just go for the cheapest, I don't think that is helpful. I may add, I think my opinion of external auditing is that that, too, may be too cheap, although perhaps companies wouldn't thank me for saying it. If you do buy the external assurance on behalf of the shareholders on the basis of, "How quickly and cheaply can we get this done?" that doesn't strike me as a very good basis for providing assurance to those shareholders.

  Q394  The Chairman: I must say that I am slightly surprised at the institute's position on this. Given all the discussion we've had earlier about the importance of internal audits in relation to avoiding future financial crises, and so on, to say that major companies don't have to have an internal audit seems to me to be an unusual position. Even if you argue that some of them are cheap that is a question for the board and management to ensure that that doesn't happen, but to simply not have an internal audit function at all seems to me to be slightly odd.

  Dr Ian Peters: May I be absolutely clear? We're not saying they shouldn't have it. The question is: should it be mandatory; as in, should it be a regulatory requirement? I would question whether that is necessary. I think only this week Grant Thornton published a piece of work on the FTSE 350 that says it's somewhat over 90%—I cannot remember the precise statistic, but it's certainly in excess of 90%—do have an internal audit function and do have an audit committee, and I wouldn't mind betting if you looked at the ones that didn't, in many ways it's not appropriate because they're an investment trust or some sort of holding company, or whatever. So it's not that people are saying, "No, we don't want this" or "No, we shouldn't have it". The danger is, we bring in a piece of regulation—with respect, your Lordships well know that Governments have a tendency to do this—"Oh, it's okay, we've regulated, we've legislated; it's not a problem now, and the problem has gone away". Well, of course it hasn't because by regulating all we do—as Sarah Blackburn said—is tick boxes, but it doesn't say anything about the quality of the internal audit, about the effectiveness of it and the way it relates to the other aspects of governance in the organisation. So I think it's too easy and simple to go for a regulatory solution.

  The Chairman: I entirely recognise the point about being effective. We're about to have a Division, so we'll return, if we may—

  [The Committee adjourns]

  Q395The Chairman: Some of our colleagues are unable to come back and I hope we won't be too long now, but I would just like to ask a question that Lord Lawson was going to ask, which he told me about. Prior to the shift in responsibilities for much of the bank regulation supervision to the FSA under the previous Government, he understood that it was pretty normal for external auditors to have conversations with the regulator, that is the bank of England in that case, but that this practice was discontinued when the FSA took over the responsibilities. Any comment?

  Lord Sharman: I think that is the case. If I go back to the days when I was involved in auditing banks, there was quite regular dialogue between auditors and the Bank of England. I think it was part of the new—what was then described as—light-touch regulation.

  Q396  The Chairman: So some of the possible problems that we discussed earlier in this session, about these conversations between the regulators and the auditors didn't arise during that period?

  Lord Sharman: I can't comment. I don't know, but I don't believe they did.

  Dr Ian Peters: I don't think I can comment on what external audit did. I have no particular knowledge or expertise in that, but I think it is important to distinguish between internal and external audit when it comes to the implications of a conversation with the regulator, because clearly the internal auditor—as we've discussed—has to have that relationship with management within the organisation. I think it has to be a final course of action, rather than a regular occurrence, otherwise it has the potential to undermine the relationship with management.

  Q397  The Chairman: I think both of you made that point earlier in fact. Thank you. Turning to a totally new point, and this is an issue that we have been discussing quite a bit in the committee, particularly from some of the evidence we have had. In your experience, have IFRS hampered the exercise of prudence in financial reporting, and have ISAs made the audit more a matter of following a complex but routine box-ticking process, with lessened judgement on whether the financial statements are true and fair?

  Lord Sharman: Can I go first on that one? I think there are a great number of aspects of IFRS that can be improved. But I do feel too much has been made of this point. As I said before, I think it's worth noting that while prudence has a place in financial reporting so do other characteristics; for example, the information presented should be up-to-date, it should be relevant. Prudence is clearly very important in financial services regulation. If society wants—and it clearly does now want—financial services companies to be run on a more prudential basis, then I think the way to achieve that should be through prudential rules, through capital and liquidity requirements imposed by the regulator. I don't think it should be through the back door of accounting. As I said, accounts aim to show the affairs of a company on a true and fair basis, but it's for boards, shareholders and regulators to decide whether that reality is sufficiently prudent because there are other aspects of prudence, and again, it's more about looking forward than looking backward in my judgement.

  Dr Sarah Blackburn: Just one thing I would like to add on that, and I'm not going to talk about the IFRS because that is not my area of expertise. But I think, as a general principle, it's not a good idea to encourage people to design systems with the main criteria that they are easy to audit. It is very important that we put the best systems that we can in place and if that makes them difficult to audit, then we have to find ways of auditing them. We must not reduce things to box ticking.

  Lord Sharman: Can I go back to the ISAs as well now, because I forgot to comment on that? I have a rather sceptical view about how much better auditing gets because you have more boxes to tick. I have always believed that the big judgements are what auditing is about, and you very rarely get there by ticking the boxes. My judgement is that, certainly if you look to the United States, which has always been much more rules-based than the UK, I do not think we have any evidence at all that more and more rules improve the quality of auditing.

  Q398  The Chairman: Going back to IFRS, can I just ask Lord Sharman to comment on remarks made in a speech by the new Governor of the Irish Central Bank recently. I don't know if you're aware of them.

  Lord Sharman: No, perhaps you would quote them for me.

  The Chairman: I will just quote them for you, and this is a quote, "I have already railed elsewhere against the backward-looking loan-loss provisioning practices encouraged by IFRS and still all-too-pervasive in the reporting by most of the Irish banks. I find it unsatisfactory that expected losses in many parts of the portfolio are clearly higher than the provisions already taken, because I fear that this evident and in some cases explicit discrepancy may awaken doubts in the minds of investors as to the relevance of other aspects of the reported accounts".

  Lord Sharman: I agree with him. I think that was what I was getting at when I was saying that one of the lessons we need to learn from the crisis is that we need to provide assurance over the future rather than the past. If you look at a snapshot in time, and say, "At that point in time the right amount of provision was x", but six months to a year down the road you may need something different or bigger, that is what I'm talking about when I talk about looking forward. I think that is the problem with historical accounts, it is the problem with too many rules. You can't anticipate in historical accounts, within very sharp limits, what is going to happen in the future.

  Q399  Lord Forsyth of Drumlean: Has IFRS made it worse.

  Lord Sharman: Yes.

  Lord Forsyth of Drumlean: I think that is the point.

  Lord Sharman: Yes, that is absolutely the point.

  Q400  Lord Best: Can we ask Lord Sharman—as the expert in the round—your views on the concentration of audit in the hands of the Big Four? We have heard everybody else speak about this but, discard your background and the perspective of today, what would be your one thing if you believed it would be better and more competitive if there was a Big Five or a Big Six? What do you think would make that difference?

  Lord Sharman: I am tempted to give you the Irish answer and say, "I wouldn't start from here". Because clearly anybody who chairs a major company, or sits as chairman of an audit committee of a major company, cannot fail to be concerned about the lack of choice. It's not a lack of choice among four; quite often it comes down to the fact that you only have two that you can possibly appoint. As you use the other audit firms for other services—as quite often you do—you find they're not independent, and therefore you couldn't appoint them, and so on. I think it's a matter of great sadness to me that at the time of the Andersens failure, and, allied to the PricewaterhouseCoopers' merger, you had this great concentration because what effectively happened was Andersens was absorbed into the other Big Four. I would have liked to have seen Andersens absorbed into one of the second-tier firms or perhaps just the audit practice of it, which would have maintained it at five. Today I think we have to encourage the second-tier firms to invest more in the sorts of things they need and, in particular, international networks.

  Where you get the problem with the Big Four is that if you have a widely spread international business, you want to use a single firm of auditors and, quite frankly, the Big Four have much better networks, or in some cases they're integrated much more than they were, even when I was there. So, I think there is a problem there. I don't have a quick solution for you.

  Q401  The Chairman: I think we have found so far that there is pretty widespread agreement that there is a big problem there. I think the Big Four would say there is a big problem if you get down to the Big Three.

  Lord Sharman: I'm not sure that makes too much difference.

  The Chairman: But that is what they have said. I think our difficulty is to settle on a set of recommendations that will improve the situation.

  Lord Sharman: Yes, if you look at the European Commission Green Paper, I think some of the notions embodied in that would make things worse, not better. We need to be very careful about the notion of joint audits, which I think are a waste of space. I think they would be forever blaming each other. I think somehow we need to get the second tier up to speed.

  Lord Smith of Clifton: They were very reluctant. They said they wanted more access to the FTSE 250 but not much more. They were partners in the cartel as junior partners, so the coalition Government all over again.

  Q402  The Chairman: I think the way to conclude this, Lord Sharman, is to say that—I do not want to prolong the session today—if we were to furnish you with the sort of recommendations that we've had to improve the situation, and to have your views on any that you think would be worth following up, we would be very grateful.

  Lord Sharman: I would be very happy to do that.

  The Chairman: I conclude by saying that we've spent rather a long time today, not least because of the Division, but certainly even without it. I think that is a measure of the interest that you have created with us, so thank you very much indeed for your attendance.

8   Note by witness: As in reply to Q363, responsibility for risk remains with the Board-they must decide-a "Cassandra" merely gives a contrary piece of information. Back

previous page contents next page

© Parliamentary copyright 2011