Auditors: EAC Report Debate

Full Debate: Read Full Debate
Wednesday 14th March 2012

(12 years, 9 months ago)

Grand Committee
Read Full debate Read Hansard Text
Lord Shipley Portrait Lord Shipley
- Hansard - -

My Lords, I, too, thank my noble friend Lord MacGregor of Pulham Market for chairing such a detailed and important inquiry, and for leading the committee to a set of very powerful recommendations.

When I draw back the curtains at home in Newcastle, I can see over the rooftops the new HQ building of Northern Rock that was under construction in 2007 when the bank failed and had to be nationalised. It is now owned by the city council, purchased under prudential borrowing powers, and earning a rental stream for the council. Here I should declare my interest as a member of Newcastle City Council still, and also as an account holder at Northern Rock in 2007 and now.

That view of that building each morning serves as a salutary reminder to me of what can go wrong; how trust in large, familiar institutions can be lost overnight; and how vital and essential it is that effective checks and balances are delivered through high-quality audit and risk management processes. We should never forget that a lot of people lost their shares in Northern Rock in 2007, nor that many employees lost their jobs.

Shareholders had a right to expect better than they got. They received annual reports and were entitled to think that the report was an accurate reflection of the health of the bank as a going concern. They still ask what went wrong. Was it a culture of box-ticking and telephone audit interviews rather than a detailed examination by the auditors of the Northern Rock business model? Did the auditors know or suspect? Was everyone too complacent? Had corporate memory of previous banking failures simply faded away?

We know now that, for many months before its collapse, Northern Rock was following a risky business model in its reliance on wholesale markets to sustain its very high lending levels. Yet auditors appear not to have been aware of, nor to have understood, the dangers—or, if they were, to have acted upon them. Today I still find myself astonished that, in 2006, not a single meeting between the FSA and the external auditors of Northern Rock or HBOS took place, and that only one meeting between the auditors of RBS and the FSA took place. In 2007, only one FSA/auditors meeting took place with each bank auditor.

In their response to the committee’s findings, the Government said that they had three clear policy objectives: high-quality audits which are independent of the body being audited; a competitive market in the supply of audits; and an audit market that is resilient and could withstand the withdrawal of one of the major firms. We can agree on that. However, there is a specific problem in the banking sector, because only three of the big four are active in it. In addition, choice of auditor can be limited by the need to avoid using a firm engaged by another bank. There is also a risk that, with only three audit firms active, the essential challenge theoretically provided by the audit system can end up being blunted. Familiarity, complacency and a lack of an alternative can dominate thinking. That is why the recommendations of the committee on the issue of risk are so very important, because we must separate risk from audit.

Risk and audit, however closely related, are actually about different things. Combining the two can lead to risk being seen as secondary to audit, and when an audit report gives no indication that a company is in trouble when it is, it suggests that the risk function has not been properly carried out. So, separation is vital.

There was, I think, a misunderstanding in the Government’s response to the committee’s report, regarding which audit company could give specialist advice to a risk committee. It is obviously important that the main auditor should explain any concerns it has directly to the committee. However, it would be inappropriate for a risk committee to be given continuing specialist advice on its work by the main auditor. I think that that was the committee’s overall intention. There is a related issue here in that there is a clear conflict of interest if an audit company provides other services to the company it audits. It surely must be better for other firms to provide such advice, and it would, of course, give companies not in the big four an opportunity to undertake such work.

I welcome the Government’s response that audit committees should meet formally with principal shareholders regularly, and I agree with the committee’s recommendation that published reports of audit committees should explain significant reporting issues raised during the course of an audit.

Shareholders bear responsibility too. It became all too obvious in our inquiry that shareholders did not question the choice of auditor as much as they should and that they tended, to their own potential detriment, to be insufficiently assertive in a company’s business.

We have at least learnt that, when concerns become apparent, there has to be a clear framework for bank auditors to talk directly and privately with the Bank of England. Too many people took their eye off the ball, forgot the examples of the past and made assumptions about viability that were deeply damaging to the reputations of many people. Supervisors, shareholders, board members, audit committees, risk committees—all need clarity about what is expected of them and a constant restatement of their role so that audit is not just left to somebody else.

Crucially, we have learnt that auditors have the clearest responsibility to advise on a company’s state of health. It is not enough to see annual audits as a snapshot in time. Auditors have a wider set of responsibilities, to shareholders, supervisors, customers and the taxpayer, to ensure that they fulfil the responsibilities placed upon them by others.

In conclusion, the committee’s report has been a major help in identifying how communication and the regulatory framework can be improved, and how we should learn from the lessons of the banking crisis. However, it requires continued vigilance, particularly in the years ahead, as corporate memory starts to fade yet again.