Audit Survey - Where do we go from here?

In the next few weeks, ICI chairman Sir Ronnie Hampel will attempt to wrap up the four-year-long debate that has sought to answer a single question: what kind of corporate governance is needed to prevent senior management from flushing shareholder funds down the toilet?

Hampel and his 10-strong committee took the view in their interim report, published last year, that Sir Adrian Cadbury and Sir Richard Greenbury, authors of the two previous reports, had tied up management in enough red tape. His job, said Hampel, was to refine the recommendations put forward by Cadbury and Greenbury rather than invent more, despite the growing expectation of shareholders that their equity investments should be afforded greater protection from incompetent or megalomaniac bosses.

A major stepping stone on the route to a culture of better governance was Cadbury’s idea that all companies should set up an audit committee.

The committee was put in the hands of the company’s non-executive directors and was supposed to give extra protection from the risk of strange things ripping the heart out of the balance sheet or the profit and loss account.

But exclusive research carried out by Accountancy Age reveals that audit committees vary widely in their interpretation of the Cadbury code.

The research asked the audit committee chairman of FTSE-100 companies to say how they protect their companies from untoward events. The answers are a mixed bag. And the lack of consistency owes less to the size of the organisation than the personalities driving them.

A key issue that divides opinion is the extent of directors’ responsibility for internal controls. Sixty percent of respondents say directors should report on their effectiveness, but most say they should not be liable if something goes wrong. In their view, Cadbury only requires a review without guarantee.

One chairman argues that making heavier demands tends to have an adverse effect. ‘It is implicit that directors satisfy themselves that internal controls are adequate, cost-effective and – subject to the usual disclaimer – effective. But making that explicit raises the worry of litigation, and less forthright statements have become the norm,’ he says. Another comments: ‘Any explicit statement would require due diligence beyond that needed to run the business in the ordinary course.’

Issues of responsibility

The opposing camp maintains that directors have prime responsibility for stewardship over company assets: checking internal controls and standing by any findings is an extension of that.

But if directors are to avoid putting their heads on the block when internal controls are breached, who should carry the can? Exactly one-third believes the external auditor has the greatest responsibility for ensuring sensible controls are in place. One chairman states: ‘a large amount’ of responsibility should rest with the accountants, while another comments: ‘as much as possible’.

The same amount claims the liability should be shared. Depending on the company, the mantle is shared with the board of directors, general management or the internal auditors.

One chairman points out that ‘safeguarding against fraud is the responsibility of directors’. But he insists that ‘where there is clear evidence of negligence on the part of external auditors, they should not escape liability’.

The role played by internal auditors is likely to come under greater scrutiny if Hampel goes ahead with his plan to widen the definition of internal controls. The definition currently centres on financial controls.

Under the new guidelines, internal auditors would be expected to report to the audit committee on the strength of controls governing all relevant risks to the company.

If it happens, the trend to outsourcing some or all of the internal audit function could accelerate. Certainly, there is a sizeable minority of chairmen who would be happy to go down that road. Over a third believes the function can be outsourced, although there are several who say there are limits to the scope of the work that can be done externally.

On the other side of the fence stand more than 60% of respondents who are completely against the idea of outsourcing their internal audit function.

They believe it is more important that internal auditors are immersed in the culture of a company.

Yet rival camps join hands when it comes to using the same firm for internal and external audit work. A decisive 90% think it’s a bad idea. Independence and conflicts of interest are key deterrents.

This view was welcomed by the shareholder groups. Most of them have criticised Cadbury and Greenbury for concentrating their efforts on creating new management structures to protect shareholders rather than giving shareholders greater power directly over management. But where new structures exist, preventing conflicts of interest are a key priority.

Donald Butcher, president of the UK Shareholders Association, would be shocked if there were any move to use the same firm for internal and external audit work. He says: ‘It is a contradiction in terms to have internal audit managed by the internal auditors. Cost-effectiveness shouldn’t have an impact on the need for the appropriate checks and balances.’

Butcher is also concerned that the external auditors face a conflict of interest when they take on non-audit work. ‘We believe it should be unlawful for auditors to carry out non-audit work. There will always be a suspicion that audit fees are artificially low to get the non-audit work and that these fees, which can be very large, will compromise the audit. Some institutional investors agree with us, to the extent that they believe non-audit work should be restricted.’

Auditor independence

Last year, John McCullum, chairman of the #3.2bn West Midlands Pension Fund, called for auditors to be banned from non-audit work, claiming that auditor independence is being eroded. Investor protection lobby group PIRC has also told Hampel that rules are needed to restrict the services offered by auditors. Anne Simpson, PIRC’s joint MD, says it is ‘appalling’ that businesses are not obliged to disclose details of non-audit work performed by auditors.

But most audit committee chairmen disagree. While almost one-third are concerned about the independence of their auditors, over 60% feel that firms should not be restricted from other services to their audit clients.

One comment from a #1.2bn-turnover financial services company is typical: ‘The allocation of non-audit work is based on price and quality of service.

Boards must consider the risk of compromising the integrity of audit opinion when seeking advice.’

Low audit fees, on the other hand, have begun to niggle many companies.

More than half of the audit committee chairmen believe it could be an issue for them to address.

Audit fees have been tumbling since the onset of the last recession.

Some of the savings can be accounted for by advances in the use of technology, but there is a lingering suspicion that the quality on offer has declined as fees have dropped. Several of the Big Six firms have been caught low-balling to win clients over the years.

One engineering company comments: ‘We spend much time ensuring the quality of the audit is not prejudiced by low fees.’ Another says: ‘We frequently examine whether the scope of the audit is rigorous enough. Although this means an examination and breakdown of the structure, we do seek value for money.’

But the concern shown for quality has so far been dwarfed by the desire to cut costs. A mere 6% have questioned low audit fees. In fact, when pressed most companies consider their auditors to be both competent and value-for-money. Of the 25% who had put their business out to tender during the last three years, only four actually changed auditor. Many re-tendered as a matter of course, rather than because of any dissatisfaction with the service provided.

One chairman says: ‘It is difficult to judge the rate when there are so few companies of similar size and scope.’

Almost one-third supports the idea of changing audit firms at intervals varying from every five to every ten years. But almost the same number are concerned about the upheaval of taking on a new firm. One chairman admitts that although ‘change may be desirable occasionally, the loss of expertise and background knowledge outweigh the advantages of changing’.

A popular solution to this problem has been to rotate audit partners rather than to engage a different firm. Just over 25% of companies like to retain their trusted audit firm, and still ensure objectivity by switching to different partners within the same firm every five to seven years.

Hampel is unlikely to insist on a more severe regime of rotation for external auditors. His is more likely to recommend that audit committees instruct internal auditors to measure a wide range of business risks.

Such a move will throw the spotlight on the internal auditors. Hand-in-hand with the audit committee, they will be expected to preserve the integrity of the company. The shareholders will be hoping the cost to business of this new bureaucracy is not too high.