Bcu msc cg week 8 audit 290712
-
Upload
stephen-ong -
Category
Business
-
view
488 -
download
0
description
Transcript of Bcu msc cg week 8 audit 290712
ASPECTS OF CONTROL : AUDIT
MSC ACCOUNTANCY & FINANCE :CORPORATE GOVERNANCE
& OPERATIONS RISK ANALYSIS AND CONTROL
Stephen Ong BSc(Hons) Econs (LSE),
MBA International Business(Bradford)
Visiting Fellow, Birmingham City UniversityVisiting Professor, Shenzhen University
• Discussion : Leadership & control system design
1
• Gatekeepers, Internal Audit, Audit Committee & External Auditors
2
• Case Presentation: Premier Oil3
Today’s Overview
Casestudy 3 : Premier Oil1. Read and prepare the Casestudy on
Premier Oil (Monks & Minow (2011)) for discussion next class. Identify the corporate governance issues faced.
2. You are required to:
– Analyse the scenario’s in the case study and plot the resulting risk analysis on an appropriate risk map.
– Map out the stakeholder power/interest issues, and propose the appropriate corporate actions.
Risk Map Action
High
Medium
Low
Low Medium High
SIGNIFICANCE
PROBABILITY
Requires close monitoring
Manage and monitor Significant focus and action
Accept but monitorManagement effort
worthwhile Manage and monitor
Accept risksAccept but
periodically reviewAccept but monitor
Stakeholder mapping: the power/interest matrix
Figure 4.4 Stakeholder mapping: the power/interest matrixSource: Adapted from A. Mendelow, Proceedings of the Second International Conference on Information Systems, Cambridge, MA, 1986
1. Open Discussion
• Abernethya, Margaret A. , Bouwensb, Jan and Laurence van Lent (2010) Leadership and control system design, Management Accounting Research No.21: pp. 2–16
2. CORPORATE GOVERNANCE GATEKEEPERS
&MANAGEMENT CONTROL
SYSTEMS :THE ROLE OF INTERNAL AUDIT
The Role of Gatekeepers in Corporate Governance
• While regulators are gradually reinforcing the importance of gatekeepers such as auditors and credit rating agencies to ensure that companies are well governed, the Enron scandal and the recent bank failures suggest that gatekeepers often lack the necessary degree of independence, judgment, competence and power to prevent corporate fraud and failure.
• We assess the role of gatekeepers in corporate governance. Such gatekeepers include among others stock-market listing authorities, auditors, credit-rating agencies and bank regulators.
• We also review the role of corporate governance in regulated industries, including the financial sector.
Learning Outcomes• By the end of this lecture, you should be able to:
1. Evaluate the role of gatekeepers in ensuring that companies are run in the interest of their shareholders and other stakeholders
2. Critically assess the independence of gatekeepers – such as auditors and credit-rating agencies – vis-à-vis their client firms
3. Gauge the effectiveness of gatekeepers in preventing corporate fraud
4. Evaluate the danger of capture of gatekeepers by the economic actors they are supposed to supervise
5. Judge the existing empirical evidence as to whether regulation acts a substitute or a complement for corporate governance.
Introduction
• Gatekeepers play an important role in corporate governance as they provide monitoring and certification services.
• However, the various tend to suffer from a lack of incentives or conflicts of interests.
• Hence, it is unlikely that investors will be able to rely on a single type of gatekeeper.
• This lecture will also look at industry regulation and whether it acts as substitute or complement for corporate governance.
The Role and Duties of Gatekeepers• John Coffee defines the role of gatekeepers
as “assess[ing] and vouch[ing] for the corporate client’s own statements about itself or a specific transaction”.
• Gatekeepers may be particularly important in corporate governance systems where there is a lack of shareholder monitoring.
• They may also play a role in corporate governance systems with large shareholders as there may be a need to monitor related-party transactions.
The Role and Duties of Gatekeepers (Continued)
• Gatekeepers include
–auditors,– investment banks,– lawyers,– financial analysts,– credit rating agencies,– corporate governance rating agencies,– commercial banks and other creditors,– insurers of directors’ and officers’ liability (D&O insurers)– stock markets, and – securities exchange regulators.
• Reinier Kraakman argues that gatekeepers should only be made liable if the primary sources of liability prove to be insufficient.
• Third-party liability is justified if the gatekeeper is connected in such a way with the firm that this connection creates some responsibility in case the firm fails.
• However, gatekeeper liability also raises three issues.
The Role and Duties of Gatekeepers (Continued)
1. It may be very difficult for the gatekeeper to discharge the legal duties.
2. The gatekeeper may have insufficient incentives to fulfil its legal duties and may even be tempted to collude with the firm.
3. Enforcement of gatekeeper liability may be difficult as it depends
– not only on the type of gatekeeper and nature of its legal duties, but
– also on the degree of culpability.
The Role and Duties of Gatekeepers (Continued)
• Hence, gatekeeper liability may be complex and difficult to enforce.
• The question arises as to whether there is a need to regulate gatekeepers given that they put their reputational capital at stake when dealing with clients.
• The spectacular failures of Enron and Worldcom in the USA have renewed in gatekeeper liability and in
particular auditor liability.
The Role and Duties of Gatekeepers …
• The risk of losing the gatekeepers’ losing their reputational capital has done little to prevent corporate failures and conflicts of interests.
• One of the main features of the Enron case was that its auditor, Arthur Andersen, ignored irregularities in the firm’s accounting practices to avoid the loss of lucrative consulting income.
The Role and Duties of Gatekeepers (Continued)
• John Coffee blames the failure of Enron on– the commodification of
auditing services,– the auditor’s capture by its
client, and– the lack of competition
among auditors.
• Capture refers to the influence the client may have over its gatekeeper and may push the latter to serve the interests of the client rather than preventing malpractice.
The Role and Duties of Gatekeepers (Continued)
• The lack of competition may reduce the risk of reputational damage caused by client failure, calling for regulation.
• Another type of gatekeeper that failed to police Enron were financial analysts that kept on issuing buy recommendations, fuelling stock price increases.
• Other countries such as the Netherlands and Italy have had their own Enron-style corporate failures.
The Role and Duties of Gatekeepers (Continued)
€1.1 Billion FRAUD
• The Parmalat debacle in Italy can be blamed on its auditor and financial analysts, but also its creditors.
• The recent subprime mortgage crisis can be blamed on the failure of another gatekeeper, i.e. credit rating agencies.
• Regulators have responded by reinforcing the role and duties of gatekeepers.
The Role and Duties of Gatekeepers (Continued)
€14.3 Billion FRAUD
The Ideal Attributes of a Gatekeeper• A gatekeeper should have the following seven
attributes1. It should be independent of the firms it is to
supervise2. It should have access to the information required
to carry out its duties3. It should not be subject to major conflicts of
interests4. It should have the necessary skills, in particular
the necessary judgment and competence, to perform its duties
5. It should also have the right incentives.
The Ideal Attributes of a Gatekeeper (Continued)
6. It should have enough power to force its supervisees to disclose any information it requires to fulfil its duties and to force them to put a stop to malpractice and wrong-doing. It should also have the power and authority to penalise supervisees that fail to meet its requests.
7. It should provide meaningful and reliable third-party certification to investors and other users.
Types of Gatekeepers and Limitationsto their Role
• Recent corporate governance reforms have put a lot of emphasis on auditors as gatekeepers.
• However, the efficiency of auditors may be severely limited for at least two reasons1. Auditors rely on the information they are
provided with by the company2. Auditors may suffer from conflicts of interests.
• However, auditors are likely to have the necessary power via e.g. the issue of qualified audit reports.
Types of Gatekeepers and Limitationsto their Role (Continued)
• Investments are also likely gatekeepers given– the close relationships they have with
companies, and– the information they collect via the provision of
services such as underwriting and consultancy.• Both the theoretical and empirical literature
suggest that they are third-party certifiers.• However, the subprime mortgage crisis
suggest at least two reasons why investment bankers may not be credible gatekeepers.
1. Investment banks may be subject to conflicts of interests because of client capture or because of internal conflicts of interests.
2. Investment banks are strong lobbying groups that have been successful in keeping regulation of their activities at bay.
Types of Gatekeepers and Limitations
to their Role (Continued)
• Lawyers come in two versions– in-house legal counsels, and– outside lawyers dealing with
particular or one-off transactions of the firm.
• In-house counsels are likely to be well informed about the firm’s processes and dealings.
• However, they may be too close to the firm and suffer from capture and behavioural biases.
• In contrast, outside lawyers may not have enough information on the firm to detect wrong-doing.
Types of Gatekeepers and Limitationsto their Role (Continued)
• Financial analysts study the firm’s fundamentals and the forecast these for the near future.
• They issue buy, sell or hold recommendations based on these forecasts.
• However, financial analysts may suffer from conflicts of interests as they may be part of the same investment that is also underwriting the firm’s new equity issue.
• They may also be suffer from behavioural biases.
Types of Gatekeepers and Limitations
to their Role (Continued)
• Credit rating agencies rate the credit worthiness of debt securities such as government and corporate bonds.
• However, credit rating agencies are paid by the issuers themselves and issuers may be shopping around for the highest possible rating.
• Credit rating agencies have also been accused of failing to predict the– Asian crisis of 1997, and– to be at least partly responsible for the subprime mortgage
crisis.
Types of Gatekeepers and Limitations
to their Role (Continued)
• Similar to the auditing industry, the credit rating industry is highly concentrated and some dispute as to whether there is any danger of reputational loss.
• Corporate governance ratings agencies are still a fairly recent phenomenon, but developing fast.
• Corporate governance ratings agencies include– Deminor,– Standard & Poor’s, and– Governance Metrics International (GMI).
Types of Gatekeepers and Limitations
to their Role (Continued)
• These ratings have some use for interest parties, but they also have their limitations.
• Typically, the indices are in the form of counters which are incremented by a value of one if a particular corporate governance device is present.
• Hence, there is no detailed assessment about the conflicts of interests that are likely to prevail in a given firm.
Types of Gatekeepers and Limitations
to their Role (Continued)
• Commercial banks and other creditors may also act as gatekeepers.
• Similar to (large) shareholders, it is in the interests of banks and other debtholders to monitor corporate managers.
• However, large debtholders, via their close relationship with the firm and the information they collect, may acquire a monopoly position.
Types of Gatekeepers and Limitations
to their Role (Continued)
• Information about the directors’ and officers’ liability (D&O) insurance taken out by the firm may act as a powerful signal.
• The insured amount as well as the reputation of the insurer may provide valuable information to the market as to the risk investors face.
Types of Gatekeepers and Limitations
to their Role (Continued)
• Stock markets are another important gatekeeper.• They impose entry requirements on firms seeking
a stock-market listing as well as ongoing obligations on already listed firms.
• For example, the London Stock Exchange (LSE) imposes the UK Corporate Governance Code on the firms that are listed on it.
• Stock markets are frequently organised into segments that enable investors to distinguish between safer, mature firms and riskier firms.
Types of Gatekeepers and Limitations
to their Role (Continued)
• Securities exchange regulators, such as the SEC in the USA, are likely to play an important role given the lack of independence and incentives as well as the conflicts of interests other gatekeepers may suffer from.
• James Fanto argues that the SEC should be the ultimate gatekeeper and perform much closer monitoring of corporations similar to the regulator in the banking industry.
Types of Gatekeepers and Limitationsto their Role (Continued)
• However, this would then require the securities exchange regulator to monitor all sorts of areas of corporate governance for which other gatekeepers may have greater competence.
• Another limitation to its role as ultimate gatekeeper is that typically the law provides judicial immunity to the regulator.
Types of Gatekeepers and Limitations
to their Role (Continued)
• Hence given all of the above lacks of desirable attributes, investors and other stakeholders may have to rely on a range of corporate gatekeepers rather than a single gatekeeper.
Types of Gatekeepers and Limitations
to their Role (Continued)
Is Industry Regulation a Substitute for Corporate Governance?
• David Becher and Melissa Frye argue that industry regulation as to the very least an indirect impact on corporate governance.
• However, a priori it is not clear whether regulation is a substitute or complement for corporate governance.
• On one hand, regulation may be a substitute given that the regulator monitors the firms.
• On the other hand, industry regulators frequently push for improvements in corporate governance.
Is Industry Regulation a Substitute for Corporate Governance? (Continued)
• The existing empirical evidence is also inconclusive• Studies on the effects of the 1980s and 1990s.
deregulation in the US banking industry suggest that – there was an increase in CEO stock ownership,– there was an increase in the importance of variable pay,– but the overall effect on executive compensation was
relatively small.• A likely reason for these changes was the increase in
competition caused by the deregulation.
• Paul Joskow et al. find that US CEOs earn significantly less in regulated industries.
• Pay is lowest in those industries where there is price regulation.
• Joskow et al. propose two reasons for this1. As a result of political pressure, regulation may
keep salaries low to prevent public outrage2. Regulation may have an indirect effect on
executive pay by reducing managerial discretion and the returns from good management.
Is Industry Regulation a Substitute for
Corporate Governance? (Continued)
• Joskow et al. also find that pay is lowest in those industries with a single state regulator rather than multiple regulators.
• They conclude that this is evidence that the first, direct effect of regulation on pay dominates.
• All of the above studies suggest that regulation is a substitute for corporate governance.
• Other studies suggest that regulation is a complement.
Is Industry Regulation a Substitute for
Corporate Governance? (Continued)
• For example, Charles Hadlock et al. find that CEO turnover in regulated industries is at least as sensitive to performance as in unregulated industries.
• Joel Houston and Christopher James argue that the reason why CEO stock holdings and option-based pay are lower in banks is the fewer investment opportunities rather than regulation.
• There is also consistent evidence that firms from regulated industries have higher proportions of independent directors.
Is Industry Regulation a Substitute for
Corporate Governance? (Continued)
The management conumdrum‘In this ever changing and volatile world, stakeholders need assurance that organisations are being operated in a risk controlled manner. Organisations are under increasing scrutiny to identify all the business, social, ethical and environmental risks they face, and to explain how they manage them to an acceptable level. Governance is the responsibility of the leaders of organisations who have to provide assurance that risks have been identified and are being effectively mitigated. They need to establish risk management
systems that help to provide this assurance – internal audit are key in this process since leaders cannot do it alone.’
Institute of Internal Auditors UK and Ireland (2009)
Environmental influences
Figure 3.1 Environmental influences on the organisationSource: Adapted from Dobson et al.(2004).
General environment
Figure 3.3 Identifying environmental influences – PESTEL analysisSource: Adapted from Johnson and Scholes (2002), p. 102.
Institute of Internal Auditors
INTERNAL AUDIT
• is an independent, objective assurance and consulting activity designed to add value and improve an organisations operations.
• It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach
• to evaluate and improve the effectiveness of risk management, control and governance processes.
The advancement of internal audit
1970 1980
19902000
Expectations of internal audit• Since 2000 - Focus on Risk Based Internal Audit in top performers - Focus on what really matters - Acceptance of wider assurance role - Controls Assurance Frameworks - Head of Internal Audit opinion - Corporate Governance Statement of Internal Control - Annual Report and Accounts - Increasing reliance on Internal Audit
Increasing recognition of professional standards• Turnbull guidance on Role of Non Executives
and Audit Committeess• IIA Inc – Global Codes of Internal Audit Practice
2004 and 2009• In UK 2009 version adopted by HM Treasury as
Government Internal Audit Standard• APB recognition• IPPF and Code of Ethics• IIA UK and Ireland achieves Chartered status• 2009 King 111 in South Africa
Set Business & Department objectives
Business Plan
Consider Risk and performance Targets
Agree Assurance Framework
Internal Audit Planning
Feedback and follow up
Assurance Cycle
Assurance Cycle Overview
Overview of audit needs assessment process• Know the client• Understand the industry• Recognise the business culture• Identify the expectations of internal audit• Planning – identify the audit universe• Consultation regarding risk exposure• Use of audit experience• Reporting recommendations• Approval of plan and resource allocation
Needs to identify
Internal- Existing risk exposures- New systems
developments- Reorganisation- Changes in key staff- Policy changes- Concerns
External - New regulation or
legislation- Industry initiatives- Customer complaints- Legal actions in progress- Competitors- Media focus
Critical research• Business Plan• Risk register• Previous Internal Audit Reports• External Audit Management letter• Any third party reports• Board and Audit Committee minutes• Staff handbooks• Management Accounts and Financial reports• Web site
Meetings• Chair of Board• Chair of Audit Committee• Other Non Executive Directors• Chief Executive• Other members of Senior Management Team• Relevant Managers
- IT, Human Resources, Estates, Finance, Health and Safety, selected Operational Service area managers.
Planning• Internal Audit Strategy (IAS)
– initial proposals based on ANA– developed through research of clients business and
through discussions with management– refined in consultation with Executive Team, or– draft agreed with management– approved by Audit Committee prior to start of work
• Three year view linked to business plan and risk register
• Reviewed annually to focus on key risks and key control risk that business objectives are dependent on.
Risk based methodology
• Recognise real issues within in organisation
• Focuses attention• Delivers value added
product• Need to recognise
relationship with External Audit
• Relevance to Statement of Internal Control in Annual Report
High
Medium
Low
Low Medium High
SIGNIFICANCE
PROBABILITY
Requires close
monitoring
Manage and monitor
Significant focus and
action
Accept but monitor
Management effort
worthwhileManage
and monitor
Accept risksAccept but periodically review
Accept but monitor
Internal audit engagement• Allocation of work• Auditee
considerations• Standard
methodology• Evaluation• Exit meeting as
routine• Effective reporting • Assurance• Follow up
Allocation of Internal Audit from agreed plan
Allocation of Internal Audit from agreed plan
Define SCOs Define SCOs
Document SystemDocument System
Walkthrough TestsWalkthrough Tests
Compliance testingCompliance testing
Control EnhancementControl Enhancement
Recommended Risk Mitigation Plan
Recommended Risk Mitigation Plan
EvaluateControls
EvaluateControls
AssuranceReport
AssuranceReport
< Poor Controls< Good Controls< Satisfactory > Unsatisfactory
Follow UpFollow Up
In conclusion:
• Management define business objectives and implement systems that comprise sufficient processes and controls to achieve these objectives.
• Controls systems have a hierachy of controls – identify those key controls that manage/mitigate significant risk
• Controls can be preventative, Detective or of a compensating nature
• Level of assurance• Need for independence – Internal Audit?
The scope, roles and responsibilities of external audit • Audit of financial statements - true and fair view• Prepared in accordance with relevant guidance,
company law and accounting standards• Information in Annual Report consistent with
financial statements• Public sector auditors have additional
responsibilities– regularity opinion– use of resources– grant claims
The scope, roles and responsibilities of external audit
• Audit of financial statements– Audit assesses the risk of material misstatement in
respect of transactions, account balances and presentation and disclosures
– Misstatements: false or missing information whether by fraud or error
– Material: significant enough to influence the user's economic decisions
The scope, roles and responsibilities of external audit
• Reporting to those "charged with governance"– modifications to opinion– unadjusted misstatements– material weaknesses in the accounting and internal control
system– views on qualitative aspects of accounting practices and
financial reporting– any other relevant matters
Implications of Sarbanes-Oxley Act• The Act affected the responsibilities of the Auditor
– partner rotation every 5 years– provision of non-audit services regulated– Must discuss application of all critical
accounting policies and practices with audit committee
– Audit management's disclosures regarding the effectiveness of internal control
Implications of Sarbanes-Oxley Act
Audit of internal control -
implications for internal audit
?
External audit reliance on the work of internal auditWhat key factors have to be considered for an external auditor to place reliance on internal audit?
External audit reliance on the work of internal audit
• Approach to reliance is governed by accounting standards (ISA (UK & IRELAND) 610 - Considering the work of internal audit)
• 3 key levels for reliance– consider scope and activities of internal audit and their
effect on external audit procedures– assess the effectiveness of internal audit function– evaluate work of internal audit and confirm its adequacy
for external audit purposes
External audit reliance on the work of internal audit
Considering scope and activities of internal audit and their effect on external audit procedures• review of internal audit plan: scope, coverage,
relevance to external audit risk assessment• core financial systems and wider internal control• financial and operational reporting• compliance with law and regulation• fraud work
External audit reliance on the work of internal auditAssessing the effectiveness of internal audit function• organisational status:
objectivity• scope of function: nature
and extent of work and management's response to it
• technical competence• due professional care:
planned, supervised, reviewed and documented
External audit reliance on the work of internal auditEvaluating the specific work of internal audit and confirm its adequacy for external audit purposes• scope of work• performance of work: competency, supervision, review and
documentation• Audit evidence sufficient to draw conclusions and
conclusions reached are appropriate and consistent with work performed
• Matters reported are properly resolved……….involves some re-performance of work
Working in partnership - external and internal audit
• Audit Planning: seeking coverage of systems fundamental to the audit of financial statements
• Individual assignments: timing of work, extent of coverage, materiality levels, sample selection - ideally all have to be jointly considered
• Co-ordination and liaison: seeking to reduce duplication, work-load impact on client and sharing knowledge about business risks
• The pitfalls……– Planning to address
risk (core financial systems vs risk based audit)
– External audit requirements/needs can become too influential in shaping internal audit work
Working in partnership - external and internal audit
The Role of Audit in Corporate Governance “The annual audit is one of the cornerstones of corporate governance . . . The audit provides an external and objective check on the way in which the financial statements have been prepared and presented.”(Cadbury Report, 1992, p. 36, para. 5.1)
Auditor Independence • Balance between close relationship and preserving
independence• Provision of non-audit services • “. . . we do not believe it would be right to seek to
impose specific restrictions on the auditor’s supply of non-audit services through the vehicle of Code guidance. We are sceptical of a prescriptive approach, since we believe that there are no clear-cut, universal answers . . . there may be genuine benefits to efficiency and effectiveness from auditors doing non-audit work. “ (Smith Report, 2003, p. 27, para. 35)
Audit Committee
• Rotation of auditors • Smith Report• Audit committees • Cadbury Report
recommended that all companies should establish audit committees
Audit Committee• Recent research has shown that there is
convergence in corporate governance within Europe in the area of audit committees.
• Collier and Zaman (2005) found wide adoption by European countries of the audit committee concept
Effectiveness of the Audit Function “We do have—not officially, not publicly—concerns about their independence overall . . . you would be amazed at how, when you speak to auditors, from big firms as well as little firms, at drinks parties, at non-official events, and when they are in isolation (you would never get this if you had an audit conference), they often say that they are amazed that more does not come to light or that they often get their arm twisted by management—not from their own practice but of the companies they are auditing—to not worry about it, it is under control. I do find that quite alarming. What do you do about it? You cannot go out and say, ’Investment management believes that the
auditing profession is completely corrupt!’.
Auditors & Financial Scandals
• Arthur Andersen (now defunct): Enron, WorldCom, Nicor, Global Crossing
• Ernst & Young: Lehman Brothers, Anglo Irish Bank, HealthSouth
• KPMG: Allied Capital, Peregrine Systems, ImClone, Xerox
• Deloitte: Nortel, Royal Ahold, Reliant Energy
• PwC: Satyam Computer Services, AIG, Tyco
• Grant Thorton: Parmalat
US$1 Billion FRAUD
Next Casestudy 4 : Arthur Andersen1. Read and prepare the Casestudy on Arthur Andersen
(Monks & Minow (2011)) for discussion next class. Identify the corporate governance issues faced.
2. You are required to:
– Analyse the scenario’s in the case study and plot the resulting risk analysis on an appropriate risk map.
– Map out the stakeholder power/interest issues, and propose the appropriate corporate actions.
Core Readings• Solomon, Jill (2010) Corporate Governance and
Accountability 3rd Edition, Wiley, UK. Ch.6• Goergen, Marc (2012) International Corporate
Governance, Pearson. Ch.11
Additional Readings• Solomon, J. F., Solomon, A., Norton, S. D. and Joseph,
N. L. (2000) ‘A conceptual framework for corporate risk disclosure emerging from the agenda for corporate governance reform’, British Accounting Review, 32(4), December, 447–478.
• Collier, P. and M. Zaman (2005) "Convergence in European Corporate Governance: The Audit Committee Concept", Corporate Governance: An International Review, Vol.13, No.6, November, pp.753-768.
• Independent Audit Limited (2006) Better Governance Reporting, Independent Audit Limited, London, UK.
• Solomon, J. F. and C. R. P. Edgley (2008) "The Abandoned Mandatory OFR: A Lost Opportunity for SER?", Social Responsibility Journal, Vol.4, No.3, pp.324-348.
Next Week’s Ideas for Discussion• Prem Sikka, (2008),"Enterprise culture
and accountancy firms: new masters of the universe", Accounting, Auditing & Accountability Journal, Vol. 21 Iss: 2 pp. 268 - 295
QUESTIONS?