Audit Information systems & IT Security
Audit Information systems & IT Security

Audit Information systems & and IT Security

Information System audit and IT Security

The News page

Securityfocus - Security News

Securityfocus - Latest Vulnerabilities

The Register - Security News

The Register - Management News

Financial Director - Audit News

Computer Weekley - IT Management News

Computer Weekley - Security News

SecurityFocus - Security News

News: Change in Focus
Publish Date: 2010-03-10
Change in Focus

News: Twitter attacker had proper credentials
Publish Date: 2009-12-18
Twitter attacker had proper credentials

News: PhotoDNA scans images for child abuse
Publish Date: 2009-12-18
PhotoDNA scans images for child abuse

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.

News: Conficker data highlights infected networks
Publish Date: 2009-12-16
Conficker data highlights infected networks

Brief: Google offers bounty on browser bugs
Publish Date: 2010-02-02
Google offers bounty on browser bugs

Brief: Cyberattacks from U.S. "greatest concern"
Publish Date: 2010-01-28
Cyberattacks from U.S. "greatest concern"

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.

Brief: Microsoft patches as fraudsters target IE flaw
Publish Date: 2010-01-21
Microsoft patches as fraudsters target IE flaw

Brief: Attack on IE 0-day refined by researchers
Publish Date: 2010-01-18
Attack on IE 0-day refined by researchers

News: Monster botnet held 800,000 people's details
Publish Date: 2010-03-04
Monster botnet held 800,000 people's details

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.

News: Google: 'no timetable' on China talks
Publish Date: 2010-03-04
Google: 'no timetable' on China talks

News: Latvian hacker tweets hard on banking whistle
Publish Date: 2010-02-26
Latvian hacker tweets hard on banking whistle

News: MS uses court order to take out Waledac botnet
Publish Date: 2010-02-25
MS uses court order to take out Waledac botnet

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.

Infocus: Enterprise Intrusion Analysis, Part One
Publish Date:
Enterprise Intrusion Analysis, Part One

Infocus: Responding to a Brute Force SSH Attack
Publish Date:
Responding to a Brute Force SSH Attack

Infocus: Data Recovery on Linux and ext3
Publish Date:
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.

Infocus: WiMax: Just Another Security Challenge?
Publish Date:
WiMax: Just Another Security Challenge?

Gunter Ollmann: Time to Squish SQL Injection
Publish Date:
Time to Squish SQL Injection

Mark Rasch: Lazy Workers May Be Deemed Hackers
Publish Date:
Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.

Adam O'Donnell: The Scale of Security
Publish Date:
The Scale of Security

Mark Rasch: Hacker-Tool Law Still Does Little
Publish Date:
Hacker-Tool Law Still Does Little

More rss feeds from SecurityFocus
Publish Date:
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

SecurityFocus - Latest Vulnerabilities

Vuln: Trend Micro Mobile Security Information Disclosure and Denial of Service Vulnerabilities
Publish Date: 2017-12-19
Trend Micro Mobile Security Information Disclosure and Denial of Service Vulnerabilities

Vuln: IBM RPA with Automation Anywhere CVE-2017-1751 Cross Site Scripting Vulnerability
Publish Date: 2017-12-19
IBM RPA with Automation Anywhere CVE-2017-1751 Cross Site Scripting Vulnerability

Vuln: IBM Business Process Manager CVE-2017-1494 Cross Site Scripting Vulnerability
Publish Date: 2017-12-19
IBM Business Process Manager CVE-2017-1494 Cross Site Scripting Vulnerability

Vuln: IBM Integration Bus CVE-2017-1694 Information Disclosure Vulnerability
Publish Date: 2017-12-19
IBM Integration Bus CVE-2017-1694 Information Disclosure Vulnerability

Bugtraq: ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524
Publish Date:
ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524

Bugtraq: APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2
Publish Date:
APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2

Bugtraq: APPLE-SA-2017-12-13-5 Safari 11.0.2
Publish Date:
APPLE-SA-2017-12-13-5 Safari 11.0.2

Bugtraq: APPLE-SA-2017-12-13-2 tvOS 11.2.1
Publish Date:
APPLE-SA-2017-12-13-2 tvOS 11.2.1

More rss feeds from SecurityFocus
Publish Date:
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

The Register Security News

Vuln: Trend Micro Mobile Security Information Disclosure and Denial of Service Vulnerabilities
Publish Date: 2017-12-19
Trend Micro Mobile Security Information Disclosure and Denial of Service Vulnerabilities

Vuln: IBM RPA with Automation Anywhere CVE-2017-1751 Cross Site Scripting Vulnerability
Publish Date: 2017-12-19
IBM RPA with Automation Anywhere CVE-2017-1751 Cross Site Scripting Vulnerability

Vuln: IBM Business Process Manager CVE-2017-1494 Cross Site Scripting Vulnerability
Publish Date: 2017-12-19
IBM Business Process Manager CVE-2017-1494 Cross Site Scripting Vulnerability

Vuln: IBM Integration Bus CVE-2017-1694 Information Disclosure Vulnerability
Publish Date: 2017-12-19
IBM Integration Bus CVE-2017-1694 Information Disclosure Vulnerability

Bugtraq: ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524
Publish Date:
ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524

Bugtraq: APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2
Publish Date:
APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2

Bugtraq: APPLE-SA-2017-12-13-5 Safari 11.0.2
Publish Date:
APPLE-SA-2017-12-13-5 Safari 11.0.2

Bugtraq: APPLE-SA-2017-12-13-2 tvOS 11.2.1
Publish Date:
APPLE-SA-2017-12-13-2 tvOS 11.2.1

More rss feeds from SecurityFocus
Publish Date:
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

The Register Management News tells freelance techies to slap 20 per cent on fees as IR35 tax hike looms
Publish Date: Wed, 25 Jan 2017 09:32:11 GMT

Concerns raise could spark exodus of self-employed talent

UK government departments are advising IT contractors to hike their fees by a fifth in order to avert an exodus of self-employed techies that will be hit by a forthcoming tax clampdown, multiple sources have told The Register.?

Cutting Hewlett-Packard Labs down to size
Publish Date: Wed, 25 Jan 2017 09:01:13 GMT

Addressing the 3D XPoint elephant in the storage-class memory room

Comment When Martin Fink resigned from his positions at HPE in August 2016, the announcement said: "Martin Fink, our chief technology officer and head of Hewlett-Packard Labs, will be retiring from HPE at the end of the year, after more than 30 years with the company." He was retiring, we were told, but he was just 51.?

Cisco: We know what you all want ? a $10,000 70in whiteboard with a $190/mo cloud sub
Publish Date: Wed, 25 Jan 2017 06:40:12 GMT

Of course, of course it has a cloud subscription

Cisco is kicking out a new set of screens and conferencing software aimed at overhauling its video conferencing and collaboration lines.?

After promising Donald Trump jobs will come home, IBM swings axe
Publish Date: Wed, 25 Jan 2017 02:33:03 GMT

'Rebalancing' will make IBM great again. America? That's someone else's problem

IBM's post-election promise to President Donald Trump to bring jobs home appears not to have been entirely accurate, as the company is making redundancies at home and stands accused of shipping jobs to Asia and Europe.?

Cisco to pluck AppDynamics for $3.7bn, just before IPO
Publish Date: Wed, 25 Jan 2017 01:59:48 GMT

Borg wants you to assimilate real-time performance info for everything

Cisco has announced it intends to acquire AppDynamics, a maker of software that performs real-time monitoring of application performance, the better to understand the impact on infrastructure and the end-user experience.?

Using LinkedIn will land you a shiny new job ? like, er, CTO of Microsoft
Publish Date: Tue, 24 Jan 2017 22:14:11 GMT

Redmond decides we need to talk about Kevin

Microsoft has reinstated its overall CTO role for the first time in 17 years and hired Kevin Scott ? currently senior vice president of infrastructure with LinkedIn ? to do the job.?

Yahoo! boo! hoo! hoo!: Verizon! hits! brakes! on! $4.8bn! biz! gobble!
Publish Date: Tue, 24 Jan 2017 20:17:14 GMT

And SEC probes three-year gap between data swipe and disclosure

Yahoo!'s sale to Verizon has been delayed, following revelations last year of historical data security breaches.?

We're not quitting the UK: Microsoft quashes Brexit fake news
Publish Date: Tue, 24 Jan 2017 17:03:15 GMT

Did I say that? Bullish MS man finds quotes ripped out of context

Microsoft has committed itself to the UK after comments by a manager were ripped out of context.?

Jinn workers besiege delivery app co-founder to protest wage changes
Publish Date: Tue, 24 Jan 2017 16:01:12 GMT

Couriers allege their pay was slashed retrospectively

Unpaid workers for the "sharing economy" delivery outfit Jinn who claimed they hadn't been paid besieged the company's co-founder to demand their wages last week.?

Brexit, schmexit: Christmas sales up 4 per cent at Dixons Carphone
Publish Date: Tue, 24 Jan 2017 11:59:08 GMT

Firm defies forecasts despite warnings of 'uncertain times'

Sales at Dixons Carphone in the UK and Ireland sales rose 4 per cent for the ten weeks up to Christmas, the retailer said today.?

Top UK judges rule: Government can't pull the Article 50 trigger alone
Publish Date: Tue, 24 Jan 2017 10:47:55 GMT

Parliament must be consulted on EU exit process

Prime Minister Theresa May?s plan to trigger formal talks for the UK?s withdrawal from the EU in March have been thrown into uncertainty.?

How Lexmark's patent fight to crush an ink reseller will affect us all
Publish Date: Tue, 24 Jan 2017 07:29:13 GMT

Yes, Lexmark is still a thing

If printer maker Lexmark International prevails against ink cartridge reseller Impression Products, tech giants and other American companies will gain the ability to control products through patent claims after they have been sold.?

Samsung Electronics is on fire! In a good way as profits leap
Publish Date: Tue, 24 Jan 2017 05:22:07 GMT

Memory and monitor surges trump phlaming phablet fiasco

Samsung Electronics, the Chaebol's business that encompasses smartphones, monitors, memory and more, has reported a bumper fourth quarter despite its phlaming phablet fiasco.?

It's official: Ejit ? sorry ? Ajit Pai is new FCC boss (he's the one who hates network neutrality)
Publish Date: Mon, 23 Jan 2017 23:57:12 GMT

Look forward to hearing lots more about how great he is

US President Donald Trump has formally designated Ajit Pai as the new chairman of America's powerful broadband and telly regulator, the Federal Communications Commission.?

Plump Trump dumps TPP trade pump
Publish Date: Mon, 23 Jan 2017 20:01:26 GMT

President Snowflake slots in an easy campaign goal first thing

US President Donald Trump has made good on a campaign promise and signed an executive order backing the United States out of the controversial Trans-Pacific Partnership (TPP) trade deal.?

Computacenter: No mention of Brexit but UK sales went nowhere in 2016
Publish Date: Mon, 23 Jan 2017 16:16:30 GMT

Again, nobody is saying rexit-bay

The gods of channel sales growth did not smile on Computacenter in 2016 as the UK filed standstill top line numbers and progress in European ops was unpicked by unfavourable forex rates.?

Government to sling extra £4.7bn at R&D in bid to Brexit-proof Britain
Publish Date: Mon, 23 Jan 2017 10:17:09 GMT

Ummm, good luck with that!

The UK government is to throw an extra £4.7bn at R&D for smart energy technologies, robotics and artificial intelligence, and 5G in its Industrial Strategy to be published later today.?

Fujitsu strikes are OFF ? it's not the 1970s after all
Publish Date: Mon, 23 Jan 2017 09:03:14 GMT

Unite: IT giant's bosses gave us a bigger package, would be rude not to have a butcher's

Unite has suspended all industrial action in its dispute with Fujitsu over planned cuts to job, pay and pensions in the UK.?

One BEEELLION dollars: Apple sues Qualcomm, one of its chip designers
Publish Date: Sat, 21 Jan 2017 01:08:55 GMT

Snapdragon biz's bad week just got worse

Following the lead of the FTC, Apple has filed suit against Qualcomm alleging it was charging excessive patent royalty fees for cellphone technology.?

Chinese investors gobble up owner of PCWorld, Macworld etc
Publish Date: Fri, 20 Jan 2017 21:58:04 GMT

IDG into the hands of the Middle Kingdom ? except its HPC bit

Two Chinese investors are buying the owner of PCWorld magazine and the IDC market research outfit International Data Group (IDG) ? but IDC?s high-performance computing research businesses are not included in the sale.?

CIA boss: Make America (a) great (big database of surveillance on citizens, foreigners) again!
Publish Date: Fri, 20 Jan 2017 20:42:33 GMT

New spymaster Pompeo ponders massive metadata collection, death for Snowden

While Washington is busy with the inauguration of President Trump, not all political business has stopped. The incoming administration is hoping to get its new CIA boss appointed today, but the Senate is having none of it.?

Welcome to the Wipe House: President Trump shreds climate change, privacy, LGBT policies on
Publish Date: Fri, 20 Jan 2017 20:22:08 GMT

We're gonna have the best 404s! The greatest 404s!

With Donald Trump taking over the presidency Friday morning, a different type of transition has also taken place: a digital transition.?

Elementary, my dear IBM: When will Watson make money?
Publish Date: Fri, 20 Jan 2017 14:31:04 GMT

Big Blue talks 'silver threads'

IBM Watson has taken heat from Wall Street for not adding to Big Blue's revenue as the company reported a 19th successive quarter of decline.?

Lords slam 'untrammelled' data sharing powers in Digital Economy Bill
Publish Date: Fri, 20 Jan 2017 14:04:23 GMT

'Deeply concerned' about possibility of sharing citizen info with companies

A House of Lords committee has slammed the "inappropriate" and "untrammelled" powers laid out in the Digital Economy Bill to share citizen data across the public sector.?

Chinese chip shop looks hot to trot as Tsinghua drops $30bn on factory
Publish Date: Fri, 20 Jan 2017 13:32:07 GMT

Largest fab in the Middle Kingdom to be surrounded by huge 'international city'

China?s flash-fancying Tsinghua Unigroup is going to build a $30bn-plus flash fab.?

Yet another committee gives a lashing for digital strategy delay
Publish Date: Fri, 20 Jan 2017 11:34:06 GMT

It's so important they held a 'three-week consultation'... over the Christmas hols

At the current rate Julian Assange is more likely to see the light of day than the government's digital strategy ? with a second Parliamentary committee having criticised its long-overdue publication.?

Toshiba scrambles to start chip biz minority stake sale ? reports
Publish Date: Fri, 20 Jan 2017 10:34:46 GMT

US nuclear power plant fiasco prompts fears of writedown

Reuters is reporting that Toshiba has started its chip business minority stake sale process.?

Apple, Amazon smash audiobook cabal after European pressure
Publish Date: Fri, 20 Jan 2017 08:26:09 GMT

EU antitrust bod nods in approval as another market opens up

Apple and Amazon have agreed to end the exclusivity deal that gave Audible sole access to the iBooks store.?

Fired Ofcom Remainer bod sues UK gov for withholding his payoff
Publish Date: Fri, 20 Jan 2017 07:41:15 GMT

Board member claims he was sacked for slamming Trump and Brexit

A sacked board member of UK telco regulator Ofcom is suing the British government for refusing to give him a £75,000 ($92,500) payoff.?

IT team sent dirt file to Police as they all bailed from abusive workplace
Publish Date: Fri, 20 Jan 2017 06:57:13 GMT

Saintly clients fled investment firm after workers revealed hellish smut mountain

On-Call Welcome again to On-Call, which returns for 2017 with more tales of your fellow readers' experiences of horrible jobs at horrible times.?

Facebook bans Russia's RT ahead of Trump's Inauguration Day (then changes its mind)
Publish Date: Fri, 20 Jan 2017 06:29:09 GMT

Breaking news, literally

Facebook apparently blocked Russia Today ? the Kremlin-bankrolled broadcaster now known as RT ? from posting anything other than text messages on the social network.?

Avaya files for bankruptcy
Publish Date: Fri, 20 Jan 2017 05:02:08 GMT

Decade-old capital structure needs a refresh for cloudier times

Avaya has filed for bankruptcy under Chapter 11 of the United States Bankruptcy Code, which allows organisations to re-organise their affairs in part by temporarily relieving them of obligations to creditors.?

On last day as president, Obama's CIO shrouds future .gov websites in secret code
Publish Date: Fri, 20 Jan 2017 04:31:07 GMT

New .gov domains will only ever offer HTTPS, says US CIO

On United States president Barack Obama's last day in office, the U.S. Chief Information Officer and the Federal CIO Council have announced a new rule that will see all future .gov websites shrouded in impenetrable secret codes.?

Big Blue's blues diffuse: IBM's sales drain now more like a sad trickle
Publish Date: Fri, 20 Jan 2017 01:59:10 GMT

Biz optimistic 2017 will see cloud and mobile help boost bottom line

IBM is touting growth in its cloud and cognitive business units as the enterprise giant wraps up a year of double-digit revenue declines.?

Uber coughs up $20m after 'lying about how much its drivers make'
Publish Date: Fri, 20 Jan 2017 01:28:20 GMT

FTC settlement bars taxi app maker from publishing fiction about potential riches

Cab app Uber has agreed to pay $20m to settle charges that it exaggerated how much drivers using its software can earn and downplayed the cost of financing cars through the company.?

Ooops! One in three tech IPOs now trading below their starting price
Publish Date: Thu, 19 Jan 2017 21:05:27 GMT

The technical term for this, in the financial world, is: 'Boned'

Around 33 per cent of the technology companies to enter the market in the last ten years are currently valued at a price lower than their IPO mark.?

IBM, Microsoft, US Govt all to blame for globalisation backlash: Jack Ma
Publish Date: Thu, 19 Jan 2017 17:47:04 GMT

It's your own fault, Trump-friendly tycoon tells Davos

Silicon Valley?s tech plutocrats have kept a relatively low profile at Davos, the WEF?s schmoozefest for corporate, government and NGO elites. But into the void stepped Jack Ma, founder of Alibaba.?

NCC Group's profit hit by contract cancellations
Publish Date: Thu, 19 Jan 2017 14:32:13 GMT

UK security firm's chairman steps down

NCC Group?s chairman Paul Mitchell said he would be stepping down as he UK cyber security consultancy announced a drop in profits on Thursday.?

Britain collects new naval tanker a mere 18 months late
Publish Date: Thu, 19 Jan 2017 08:29:00 GMT

Why? 'Umm, er, cable insulation standards,' mutters MoD

Britain?s naval service will receive new fleet support tanker RFA Tidespring more than 18 months late, following delays which left the vessel languishing in a South Korean shipyard.?

Is Qualcomm price gouging phone makers? Not everyone thinks so
Publish Date: Wed, 18 Jan 2017 22:58:11 GMT

Dissenting FTC voice sees an Obamaesque assault on tech licensing

Analysis America?s competition commissioners didn?t want to prosecute Google, which operates a monopoly in over a dozen markets, so why are they complaining about Qualcomm??

Uncle Sam sues Oracle for 'screwing over Asian, black and women staff'
Publish Date: Wed, 18 Jan 2017 21:21:18 GMT

Big Red threatened with government IT contract armageddon over pay gap

Oracle could lose its lucrative US government IT contracts after the Department of Labor accused the tech giant of racial and gender discrimination.?

Exclusive billionaires' investment club leads Collibra's $50m Series C
Publish Date: Wed, 18 Jan 2017 15:02:09 GMT

Belgian data governance business only loses a single board position too, sweet

Belgian data governance business Collibra has today announced the closure of its Series C round, almost tripling its venture capital funding.?

EE slapped with £2.7m fine by Ofcom
Publish Date: Wed, 18 Jan 2017 08:39:22 GMT

Some 40,000 customers were overcharged £250,000

EE has been slapped with a £2.7m fine by regulator Ofcom for overcharging tens of thousands of customers.?

Well, that sucks: China's Tencent so sorry after vid emerges of faux blowjob office game
Publish Date: Wed, 18 Jan 2017 06:39:10 GMT

Cloud giant's staff party leaves little to imagination

Video China's biggest internet biz Tencent has apologized after women employees were filmed on their knees in front of male coworkers in a raunchy end-of-year party game.?

Toshiba may sell silicon biz to contain fallout of nuke plant problems
Publish Date: Wed, 18 Jan 2017 03:00:42 GMT

Japanese company's foray into fission has been a fiscal flop that a RAM plant sale could fix

A troubled nuclear power station strategy in the USA has Toshiba considering the partial sale of its Japanese semiconductor business.?

Australia's Department of Social Services pushing ahead with data-matching plans
Publish Date: Wed, 18 Jan 2017 00:54:45 GMT

Midyear data release hopes to crowd source academic data-matching brainpower

The Centrelink ?robo-debt? debacle hasn't dimmed the Australian government's enthusiasm for data-matching as a policy tool.?

Chelsea Manning sentence slashed by Prez Obama: She'll be sprung in the spring
Publish Date: Tue, 17 Jan 2017 23:09:46 GMT

Pack your bags Julian, you're off to America, right?

In the final days of his administration, President Barack Obama has commuted Chelsea Manning's remaining sentence, meaning she'll be free on May 17, or shortly afterwards.?

Valley techies to protest outside Palantir ? Trump adviser's creepy citizen database biz
Publish Date: Tue, 17 Jan 2017 20:50:58 GMT

Thiel's upstart has the info needed for a Muslim registry

Silicon Valley engineers will protest outside the headquarters of data analytics firm Palantir Technologies Wednesday, demanding greater transparency over how its databases may be used by the incoming Trump Administration.?

Why Theresa May?s hard Brexit might be softer than you think
Publish Date: Tue, 17 Jan 2017 14:53:31 GMT

The real plan's under wraps?

Analysis The reality of red tape might mean the UK?s exit from the EU will take longer, and be softer, than the Prime Minister outlined today.?

UK's lords want more details on adult website check plans
Publish Date: Tue, 17 Jan 2017 13:58:07 GMT

Need to give it a good, proper scrutinising, don't you?

A House of Lords committee has called for greater detail on how the UK government intends to introduce online porn age verification plans in the Digital Economy Bill.?

Financial Director - Audit News

The balance of scepticism in auditing
Publish Date:

Peter Williams, Financial Director, Tuesday 24 August 2010 at 12:35:00

If auditing is to be more effective, a balance needs to be struck between accepting and challenging information

Relationships between finance directors and audit partners are under scrutiny as regulators attempt to learn some lessons from the financial crisis and recession.

The Auditing Practices Board (APB) issued a discussion paper in August that asks one deceptively simple question: what is the degree of scepticism auditors need to apply to conduct a high-quality audit? While it would be easy to tell FDs and their team to expect, even demand, that their auditors be more sceptical, it is not an easy concept to apply in practice.

Scepticism taken too far would result in a breakdown of the FD-auditor relationship needed to get the job done. The secret is to find a balance between the audit team taking the more-travelled road ? accepting everything the company tells them ­? and challenging every­thing to the nth degree. But auditors must now show they are prepared to challenge manage­ment assertions and that they understand that if they do not they fail to act as a deterrence to fraud ? and they will not be in a position to confirm with any confidence that a company?s financial statement gives a true and fair view.

The degree to which auditors are allowed to exercise their professional scepticism remains largely with their client?s FD. The FD sets the corporate tone and behaviour of the relation­ship. If FDs react to the legitimate challenge posed by the audit, by readily suggesting the firm or the partner could or should be removed from the job, then those FDs are deliberately undermining the value of the audit. On the other hand, only the most steel-necked FD enjoys a rough ride from an auditor when there is so much else on the agenda.

The APB suggests that auditors apply scepticism in the form of a sliding scale, where the intensity of their scrutiny and challenge depends on the initial response to their findings. It suggest that, currently, auditors approach an audit without a strong predis­position to believe that either the financial information is misrepresented or that the manage­ment is anything other than honest and candid. If on the way, the audit team receives answers or information that gives them cause for concern, they should ramp up the scepticism.

This starting point of a neutral mindset may no longer be good enough. If audit scepticism needs to be put at the heart of the process, auditors will need to shift away from a neutral position ? where there is no assumption of error or dishonesty ? to what some may view as a more combative position, one the APB calls presumptive doubt. So those setting audit standards now want auditors to start off thinking there could be something wrong and maintain that thought until the last moment of sign off, even where the auditor?s experience of the FD and the team has never given them a moment of doubt.

Of course, auditors know in practice that scepticism can cost dearly. Like everyone else, auditors are under pressure both from within their own firm and from the client to complete the job on time and on budget. And that atmosphere of ?let?s just get the job done? is probably the most powerful force militating against auditor scepticism.

It would be sensible to review the reasons behind a lack of forceful scepticism and the need for it now. But the APB work has to be put in the context of the criticism the audit profession has faced this summer from sources close to home. Out of a blue summer sky, auditors have faced two barrages of criticism from the joint Financial Services Authority and FRC paper Enhancing the auditor?s contribution to prudential regulation and the annual report of the FRC?s Audit Inspection Unit.

This emphasises the failure of auditors to challenge sufficiently hard management assumptions and valuations. Care is needed before accepting wholeheartedly this analysis: it is in the wider interest of corporate governance to see the evidence and possible causes for auditors in general being a soft touch.

The future of financial reporting
Publish Date:

Robert Bruce, Financial Director, Tuesday 24 August 2010 at 12:13:00

As regulators ponder their own futures, FDs simply wash their hands of the confused reporting bluster they spew

Thunderstorms in late summer are unpredictable things. They rumble over celebrations of the last days of sunshine, threatening disaster and disappointment, but all too often pass by for another day.

This summer, regulators have done the same thing. Issues like stewardship, prudential regulation and establishing quite what auditors still bring to the mix have rumbled on, but remain unresolved. As autumn gathers pace and holidays are a distant memory, finance directors and everyone else need to gather their senses and fix a course through these issues.

A hurdle is the uncertainty among the regulators themselves. No one yet has a clue what might happen to, for example, the Financial Reporting Council (FRC). Will it remain on the useful side of the fence, where it currently resides? Or will it turn out to be another quango merged into some other, larger, shinier new agency that will subsume other regulatory bodies, losing a couple of years? progress to the business integration with another structure?

I?m visualising reincarnation as a sort of Markets and Financial Reporting Authority: this could turn it into the UK equivalent of the US regulator Securities & Exchange Commission. Or it could decline into a position of boilerplate manufacturing.

There is precious little time left for lingering uncertainty of this magnitude. Gathering pressure for serious change in the relationship between the triptych of the FD, auditor and shareholders cannot be held back forever.

There is still a need for some definitive line on how this economic crisis failed to show up on the radar before it struck. And there is ever more shouting about how the reports and accounts FDs merrily sign off are couched in terms and produced in formats that do the opposite of providing readers with useful information.

Then there is the stewardship debate: do the great investment houses really care about how the companies they invest in or analyse for their clients are governed? Or are they happy simply to be able to jump ship earlier than everyone else when decline or disaster sets in?

Perhaps the amount of deconstructive think­ing required on these issues will keep the powers that be from ever resolving to resolve them. Take the argument about management commentary and whether a simpler narrative about how a company has performed should be audited as rigorously as the figures, or audited at all.

The recent research published by the Institute of Chartered Accountants of Scotland on what users want from external assurance and management commentary contains one wonderful quote from an anonymous fund manager that sums it all up. ?Would having the commentary audited inhibit directors?? he asks. ?I would be tempted to throw that back and say, ?well, why are you saying things there that you are not comfortable with and that cannot be substantiated or stand up to scrutiny???

In other words, in too many cases the absolutely obvious is ignored or shunted away because it is too embarrassing. The same is true with stewardship. On the surface, the Steward­ship Code issued over the summer by the FRC makes everything clear. Using the comply or explain mechanism, institutional shareholders must make clear whether they voted on the important issues, how far they monitored companies in which they invest and how far they have pushed for management change.

This is an example of the absolutely obvious. Why would large shareholders not seek to ensure that the companies that they, in part, own behave in such a way as to maximise their investment? Alas, that is not how things work. We may simply have another structure of boilerplate being erected.

And among the cosmic noise, where is the FD?s focus? FDs are now much less concerned with stewardship than they are with glam­orous big business. For them stewardship has become rather lost because they perceive it as dull and boring. Which suggests more disasters ahead.

Choosing an auditor
Publish Date:

Richard Hemming, Financial Director, Tuesday 24 August 2010 at 11:35:00

Banking agreements requiring businesses to use a Big Four auditor make FDs re-examine mid-tier values, finds Richard Hemming

The emergence of evidence that clauses in some UK banking covenants require companies to use only a Big Four accounting firm for their auditing needs ? not a mid-tier or other player ? has added fuel to the wider philosophical discussion around the way the audit world operates and the value it brings to business.

Finance directors? concerns have been exacerbated by the association some of those firms have with a number of high-profile and controversial cases of accounting errors or trickery ? and by increasingly sceptical regulators. On top of investigations by the Financial Reporting Council (FRC) and the Accountancy and Actuarial Discipline Board (AADB), the House of Lords is now conducting its own review of the major audit houses and will report its recommendations in the autumn.

The restrictive nature of clauses that require companies to use the auditor prescribed by the lender ? acknowledged by FDs to exist, though few are willing to be identified discussing it ? gives more weight to the ongoing conversation around whether companies that are forced to use the Big Four are getting value for money. FDs tell Financial Director that the value in a Big Four auditor is its global reach and reputation but add that, this aside, they are not convinced it provides any additional value for money on a service level that a mid-tier firm could not.

Is it right that lenders can force their clients to use a cherry-picked panel of the already most dominant auditors? ?I don?t know,? says the global head of planning and reporting at one very high-profile FTSE-100 company, who asked to remain anonymous. ?But the headlines usually involve the Big Four being in trouble from inadequate audits? you rarely read a story where there are problems in the wider auditing community.?

He thinks the clauses are a legacy from the time when the Big Four was the Big Eight. ?It is difficult to find real choice in competitive tendering for audits,? he says. When one of his group?s holding companies recently tendered out its auditing requirements, several second-tier firms and one Big Four firm applied. When there was no banking covenant that stipulated the business should go to a Big Four firm, they went for a mid-tier provider, but not because it was cheaper.

?The second-tier firms were initially more competitive in pricing, but this did not preclude the Big Four accounting firm from reducing its price,? he says. ?In the end, we went for a second-tier firm because we want to contribute to the success of those firms, so that hopefully one day they can match the Big Four. We do look for ways to use second-tier firms.?

But the power of brand still compels. ?Banks will seek to de-risk any deals they do and the perception is that a Big Four auditor on the mandate is a shortcut to quality,? says Katherine Lee, former FD at YouGov and now an investor relations consultant to FDs. ?I agree to a certain extent, but acknowledge that the BDOs and the Grant Thorntons of this world offer a similar service at a reduced fee. Probably, for companies outside the FTSE-100, these auditors understand their business better.?

KPMG is the only Big Four firm that responded to Financial Director?s enquiry as to whether the profession believes such restrictive clauses in banking covenants are fair and offer the best service for business. ?Everyone would feel happy if there were five big firms,? a KPMG spokesperson says. ?We?re not trying to block competition.? The British Bankers? Association declined to comment.

Many are concerned that there could be an audit firm crisis off the back of the banking crisis ? a worry not assuaged by the House of Lords? investigation. There is a very real fear that Ernst & Young (E&Y) is vulnerable to massive litigation for its alleged role in the collapse of Lehman Brothers. In mid-June the AADB announced that it was investigating E&Y?s role as an auditor at the investment bank in the months leading up to its implosion.

Of course, many FTSE-100 companies employ all four of the major accounting firms in one way or another. ?If one of the Big Four goes down, it becomes three, and when it comes to auditing it represents a very big problem,? says Gillian Lees, a spokesperson for the Chartered Institute of Management Accountants.

Indeed, this very issue is being investigated by the FRC. In early June its chief executive Stephen Haddrill announced that it would develop proposals to increase competition in auditing. This follows the failure of recommendations made three years ago that aimed to do precisely that ? though these came at a time when people were not asking the big questions of the audit industry they are now ? including making boards more accountable to shareholders and reducing the perceived risks to directors who choose a non-Big Four auditor. The findings will be looked at closely by business secretary Vince Cable who, before and after entering government, suggested he was in favour of reviewing the dominance of the Big Four and the leading law firms. The European Commission is also looking at auditor choice.

Prem Sikka, professor of accounting at Essex Business School and a vocal commentator on these issues, says that it is often shareholders who lose out when banking agreements force companies into a severely restricted process of auditor choice. ?Banks as a major creditor can insist on things, but there are other stakeholders whose interests are not taken into account: shareholders, employees, taxpayers, the State and trade creditors,? he says.

For many, the issue is the way in which UK companies are required to appoint the auditors through the audit committee and then a shareholder vote. ?I raise this issue every year with the Association of Chartered Certified Accountants [ACCA],? says Sikka. ?When it comes to a vote on the auditor, I want to know who exactly does the work, how many students do it and how many hours they spend. I?m asked to vote on something and the information I get is zero.?

Chas Roy-Chowdhury, head of taxation at the ACCA, believes simply that the onus is on second-tier accounting firms to prove they can deliver quality of value above and beyond the reputation of the Big Four. ?Firms need to show that the quality of work is uniformly good, irrespective of the size of the firm,? he tells Financial Director. But the feedback from the industry is that the work of those firms is already extremely highly regarded.

The power of reputation may be at play in the covenants as well as in the market more generally. But as soul-searching on the value of audit continues, FDs of companies that have traditionally felt the pressure to retain a Big Four auditor are reviewing that decision.

?Sometimes the Big Four?s reputation is more perceived than real,? Louisa Burdett, chief financial officer at the FTSE-100 publishing company FT Group, tells Financial Director. ?Often in the case of auditors, you are relying on the fact that there are wise heads behind the teenagers they send out.

?But just because it is a Big Four firm doesn?t mean there are not other wise heads out there. The issue of quality in auditing is central to the process of tendering and getting value for money. Who opines ? and at what point ? that BDO, for example, is good enough or

wise enough to become one of the inner circle??

FRC chief calls for audit overhaul
Publish Date:

Neil Hodge, Financial Director, Monday 24 May 2010 at 22:30:00

The financial reporting regulator highlights the issues with audit and calls for debate, reports Neil Hodge

The head of the UK accounting regulator has said that it is time to review the value of audit in the wake of the financial crisis.

Chief executive of the Financial Reporting Council (FRC) Stephen Haddrill says that the crisis, during which the role of auditors came under the spotlight, should lead to the function of audit being re-examined. ?Just when audit is needed more, the impression is growing that it is delivering less,? he adds.

Haddrill made the remarks at the Institute of Chartered Accountants of Scotland?s Aileen Beattie Memorial Event in London at the end of April. ?Audit is a key part of high quality governance,? he told the audience.

?The auditor sees the company?s approach to risk. The auditor challenges management?s judgement on the financials. The auditor reports to shareholders on whether the company is providing a true and fair view of the business. The investor only sees the tip of the iceberg of work. But nevertheless investors are relying on that work being done,? explained Haddrill.

The Treasury Select Committee has heard from various figures within the industry over the past year ? Haddrill included ? in order to ascertain whether there was a failure of oversight on the part of the audit profession during the banking crisis. While no-one has accepted formal responsibility, there has been a general acceptance that audit can tighten its procedures in the hope of avoiding a repeat.

Haddrill also said that the pre-eminence of the City as a financial centre meant

that audit must be seen to provide full oversight in order to reassure international equity investors.

?Overseas investors are taking a larger share in the equity of our markets. So as influence is lost, good corporate reporting and strong auditor oversight become all the more important,? he says.

The FRC expects to publish its thoughts on the subject later in the year. Michel Barnier, the new European Union internal market commissioner, has also said that the role of auditors needs closer scrutiny, and announced the process will start with the publication of an EU green paper on the subject in the autumn. That will most likely be a broad discussion document used in Brussels to pave the way for more specific legislative proposals.

Debate welcome

The Big Four accounting firms said they welcomed the debate on how the audit profession can better serve the needs of investors, especially on a global scale.

John Flaherty, assurance leader for the UK & Ireland at Ernst & Young, said: ?It is clear that there is a desire to explore how audit may be enhanced.?

He added that ?in the same way that regulation needs to have a global approach, a global solution to the future of audit has a much greater chance of meaningful and lasting impact?.

Richard Sexton, head of assurance at PricewaterhouseCoopers, says that ?investors tell us there is a high level of confidence in the audit, although they and we recognise that its current scope is narrow. The time is ripe for a full debate on the whole reporting model and the role the audit should play in it. Pricewaterhouse­Coopers is determined to play a key part in that debate.?

Oliver Tant, UK head of audit at KPMG, believes the the audit model is ?working, but in the light of recent events it may be that the auditor could do more. Rather than talking about restricting the role of the auditor, the debate should be around what more the market can gain from the auditor?s knowledge and skills.?


FRC chief executive Stephen Haddrill made several complaints against the current usefulness of audit. The key faults were:

Accounting standards have allowed management more discretion in the valuation of assets, which means that these values that are hard to pin down for complex instruments.

The role of the auditor has become more confined ? everyone with an oversight role has concentrated on their own job, rather than sharing information with other parties that would best serve a wider objective of financial stability.

The market has not set higher expectations of what it wants from external audit ? instead, it has applauded lower audit fees rather than higher quality.

Haddrill said that the areas he would like to address include:

1 Achieving a strong alignment between the auditor and the interests of the shareholder

2 The question of whether change is needed to make audit reports more useful

3 Considering whether more information about risk needs to be provided at the front of audit reports, and if the auditor should provide greater assurance

4 If auditors can give more help to regulators and avoid conflicts of interest in doing so.

Further reading

To read Stephen Haddrill?s speech in full, click here

The Treasury Select Committee?s recent sessions on the role of audit

Accounting: Examining the role of statutory audit
Publish Date:

Peter Williams, Financial Director, Monday 24 May 2010 at 22:30:00

Is statutory audit worth the money when most European businesses don?t do it?

Statutory audit has become such a natural part of the corporate governance furniture that many have forgotten what it is for. Why not scrap and swap it instead for assurance work, to be led by the demands of the market, not by governments?

Of course, after the financial crisis it may be hard to persuade politicians and regulators that an auditor?s visit should be a matter of choice for companies and their investors.

But audit has lost much of its grip on corporate life ? and does not appear to have been missed that much. In the UK, with only one or two caveats, businesses only need to appoint an auditor if turnover reaches £6.5m or balance sheet values exceed £2.26m. The threshold varies across the European Union (EU) but the net result is that, according to figures from the Association of Chartered Certified Accountants (ACCA), 98.7 percent of European companies are excused a statutory audit. But at the same time, those companies collectively employ almost half of Europe?s workforce. They matter.

If audit has been scrapped for small business, why keep it for large entities? According to Stephen Haddrill, the Financial Reporting Council?s still-new broom, auditors are needed because the shareholders of large companies have become more fragmented, so investors have less power to challenge management. He claims the era of insurance companies and pension funds wielding power is waning. They now own less than 15 percent of the shares on the London market, preferring bonds to equities. Overseas investors are taking a larger equity share and concentrated influence is lost. Auditors are sometimes accused of acting like management, forgetting they are meant to report to shareholders: in this scenario of disappearing investor influence, they are more like surrogate shareholders.

If auditors were forced out from behind the skirts of legal privilege, they would stand on their own two feet, proving their worth and delivering better value. That might lead to a more transparent audit process, and more robust audit reports. Such a move towards privatisation would also help auditors with their long-standing campaign to improve the liability arrangements that are just not working.

Most importantly, such a bold move would reverse the growing impression ? pointed out by Haddrill ? that just when audit is needed more, it is delivering less. He raises two examples of falling value. First, accounting standards have allowed management more discretion in the valuation of assets. This has resulted in a wide range of valuations of the same asset, which makes the audit process look pointless. Second, as was highlighted by the parliamentary investigations of the financial crisis, the role of the auditor has become confined to an oversight role. The wider thinking ? and contact with others in the regulatory framework ? no longer happens.

The EU and its member states are due to re-examine the role of audit with an overhaul of the fourth and seventh accounting directives, due to start at the end of this year or early 2011. The most likely outcome is that member states will be allowed to raise audit thresholds, gradually nibbling away at the hold of statutory audit. But there is little appetite for scrapping the audit law outright: it is seen as a minimum, a lowest common denominator safety net. Keep the statutory minimum, however, and there seems no way to raise quality and aspiration.

One final fact from ACCA?s audit briefing. While under EU law, only 0.3 million audits are required, and 1.4 million are actually performed. There is a host of reasons why non-statutory audits happen, but happen they do. Scrapping the statutory audit may be just the step required to deliver the value from audit that all stakeholders need.

To read more thinking on the future of statutory audit, see Robert Bruce?s column, Corporate Governance: Does governance exist in a world of short-term investment? Peter?s column returns in September

The Non-executive: Understanding the role of the audit committee chair
Publish Date:

Eric Tracey, Financial Director, Monday 26 April 2010 at 22:40:00

Our new columnist ponders the role of the audit committee chairperson in hiring and firing subsidiary FDs

The role of listed company audit committee chairs in the appointment or removal of subsidiary company FDs varies widely. In many cases, possibly the majority, there is no involvement of the audit committee chair at all. But, in my experience, their engagement in such an issue is in the best interest of the business as well as the subsidiary FD.

It is clearly in an audit committee chair?s interest to have sufficient contact with the FDs of major operating subsidiaries ? how much is sufficient is another topic ? not only to enable the audit committee to discharge its duties in relation to reviewing internal controls and assessing the quality of the finance function, but also to facilitate effective two-way communication.

In cases when that is the only time those FDs ever meet the audit committee chair, dialogue is likely to be pretty stilted and, for the FD, may feel more like an inquisition than a meeting. Feeling under interrogation can reduce the effectiveness of their contribution, a contribution that is even more important when that subsidiary FD thinks they may have discovered inappropriate accounting or, worse, by their predecessor, for example.

In those circumstances, that FD may feel at best lonely, insecure and worryingly

uncertain over what to do next, especially if the messages from their group-level executives are not wholly supportive or even consistent. Having someone they can turn to without breaching confidentiality obligations is a godsend if they have not come across such a situation before; that goes for the FD and the board.

It can be difficult for someone in such a situation to assess whether the examination of allegations against them by the board amount to sensible questioning to get to the bottom of the matter, or pressure not to rock the boat. The state of denial people often get into in such circumstances can be quite extreme and very difficult to deal with; the worse the initial suspicions , the greater the chance of ?it cannot be true? becoming the knee-jerk response.

An audit committee chair is likely to have seen this sort of thing before, by virtue of their experience, whether as an FD or as an auditor, for example. The committee will want to know that any allegations of wrongdoing are being properly examined and that evidence is not being lost. It may even have to provide moral support, as well as guidance, to the subsidiary finance director.

This is true whether or not the FD?s initial suspicions turn out to be well-founded. In the latter case, it is important that the FD doesn?t lose confidence in their own judgment and risk failing to properly follow up any future concerns that might crop up.

What if the FD discovers that the audit committee chair is of no help, or not up to it? You might say it is a bit late to discover that after joining the company, and even worse to make such a discovery after a problem has come to light.

That is why any candidate for the role of subsidiary FD should want to meet the audit committee chair as part of the recruitment process, as well as the executives ? typically the subsidiary managing director and group FD ? who run the process. Should you lose out because another candidate made a better, more informed judgment on these relationships, a good headhunter will ensure any messages of no confidence in any of the parties get delivered properly to the company.

That is why the company can also benefit from such an involvement of the audit committee chair in the recruitment process.

Eric Tracey is a chartered accountant and has served as FD for Wembley and Amey. He is a non-executive director, governance adviser and audit committee chair for various listed businesses in the UK and abroad. This column returns in July.

Corporate Governance: Repo accounting and the pressure to massage figures
Publish Date:

Robert Bruce, Financial Director, Monday 26 April 2010 at 18:00:00

Repo 105 is not a scandal ? it?s a revelation of the pressure that companies are under to massage quarterly figures

There are two things that need to be learned from the most recent, and voluminous, report on the collapse of Lehman Brothers. (Whether they will nor not is another matter.) The first is that the report underlines once more, with terrible gravity, that the role of the finance director is not to pull the wool over people?s eyes, though they sometimes do in the line of duty. The second is that US business culture almost insists that good businesses should mislead people.

Back when I wrote a weekly column in The Times, I used to take a shortcut to the newspaper?s central London office through the yacht marina at St Katharine?s Dock, just east of Tower Bridge.

Often, as I walked past one gin palace docked there, I would smile to myself: the boat had the name Fourth Quarter. The name transported me from London to New York ? and summed up the cultural background to US financial reporting.

The fourth quarter is when you pile everything you can into the figures and boost the results, the share price and your remuneration. True, it goes on in any economy. But in the US it is a pivotal part of the cultural swagger of big companies. And this report had it writ large.

Sure enough, that was what was going on at Lehman. We learn this, as if we hadn?t known it in our hearts all along, from the report compiled by Anton Valukas, the lawyer and bankruptcy court-appointed examiner whose job it was to identify anyone involved in the bank?s collapse who can be sued blind for any cash that is going.

It captures just how demanding the needs of quarterly reporting are: it is an endless task to come up with new ways of ensuring that, come the final day of each quarter, the balance sheet looks as wondrous as it can.

Take this quote from the report, from an email which bounced into inboxes around Lehman on 27 March 2008.

?We are very much in need of balance sheet. We must move things off by the end of the quarter. I need you all to go back to clients and offer them discounts to move things off. We have a lot of wood to chop in a short period of time but we can?t afford to fail. If this means leaving profit and loss on the table, so be it. If you have questions get back to me but we HAVE TO DO THIS!!?

The technicalities around how Lehman did it are almost incidental to the lessons to be learned from the affair. And let?s not forget that Repo 105 can hardly be seen as a rare occurrence: it is the kind of financial engineering that we know is commonplace and not always looked down on.

Even so, there will be much arguing in courts to come: the likelihood is that, under US accounting rules, Repo 105 was OK, while, though the ruse was conducted under the auspices of UK regulation and international financial reporting rules, it may still not have actually been lawful in the UK. Judging by the 2,000-page report, we could be looking at cases that roll through the courts for years ? or that take years just to get to court.

The emphasis within the report is more about who can be sued than the specifics of financial reporting rules. It is just as much of a smokescreen to argue that this is about accounting rules as it is to suggest that it is an auditing issue.

The essential point is that businesses are run by directors, not by the setters of accounting standards or by auditors. None of this great scandal would have come about if directors, in particular the three CFOs named and shamed in the report, who often claim that they are the conscience of the board, had done so. Their essential task should have been telling it like it is. They did not.

Robert Bruce is a leading commentator on accountancy issues

Repo accounting is to be reviewed ? read more here

Financial Director's Auditor Relationships Survey
Publish Date:

Lucy Quinton, Financial Director, Wednesday 24 March 2010 at 21:03:00

The upheaval of a new auditor ? or better use of an existing one? Lucy Quinton sifts through the results of our survey on auditor relationships and uncovers where FDs can maximise on those To download a full PDF of the survey, click here

Preparing a company for an audit has been said to be about as much fun as root canal surgery or a coast-to-coast red eye flight. However, while the relationship between the company?s board, its finance director, its auditors and its audit committee has never been a particularly harmonious one, it is more pivotal than ever as everything from what companies pay for audit services, to what all stakeholders get back is under unprecedented scrutiny.

In the past year, we have seen significant scrutiny of auditors undertaking non-audit services for auditing clients ? consultation on this is currently being run by the Audit Practices Board (APB) ? while influential bodies such as the Association of Chartered Certified Accountants say they do not believe a separation of audit and non-audit services is either possible or desirable.

Weighing in for business, The Hundred Group of Finance Directors, in its response to the APB?s consultation, simply called for greater transparency ? but no rules stopping their auditors undertaking non-audit work for them.

Committee strength

The audit committee, meanwhile, is in an evermore powerful position, not just in terms of assigning non-audit work to an auditor but in its ability to recommend and choose the auditor from the beauty parade that usually ensues when the incumbent?s term is coming to a close. As smaller audit firms gain ground and fight on price, the Big Four have to prove their worth more than ever before.

Perhaps it is these pressures on the sell side that explain the headline result from a survey on how happy FDs are with the service they get from their auditors, which Financial Director ran in association with KPMG. Of the 200-odd FDs who responded (from our readership and picked at random by us, not by KPMG) most tell us their relationships with auditors and their audit committee have improved in the past year.

The fundamental reason behind it, the survey says, was increased communicatio n between the FD, the auditor and the audit committee and a heightened sense of working to a common goal. As a result, there has also been an improvement in the understanding of business, compliance and risk issues by audit committee members. The 84.5 percent who said their relationship with their auditor had either improved or significantly improved in the last year indicates how well these relationships have been managed on the whole.

?Auditors cannot afford to create blocks,? Oliver Tant, head of audit at KPMG, told Financial Director in response to the survey.

That does not mean all is rosy. Some 15 percent of FDs say they are unhappy with their current auditor with specific reference from respondents to the increasingly excruciating level of detail in the audit process. Others found errors in accounts the auditor had missed or found a general drop in the quality of the audit performed. One found their auditor sending staff over that the client had previously made complaints about.

As shareholders have lost confidence, the auditor?s role has become more challenging. When it comes to the beauty parade, competition between the large auditors is tough and the traditional areas in which they joust ? cost and reputation of the firm as well as the lead auditor that will head up the team sent in to undertake the audit process ? have been added to of late. FDs who responded to our survey say the most important qualities an auditor should offer now are speed ? the time it takes a firm to respond to the client in need of accounting guidance, which nearly 15 percent of respondents say is a headline issue for them. In addition, 19 percent of respondents tell us that insight into emerging markets is near the top of their wishlist for auditors to improve, more than those who were asked in the same question if they wanted to see more fees become more competitive.

Title challenge

Of course, the dominance among FTSE-100 companies of the Big Four as auditor remains strong. But all this could be about to change, according to David Evans, senior partner at Mazars. Commenting on the results of a survey on audit quality run recently by the publisher of Financial Director and revealed in our sister title Accountancy Age, Evans says that mid-tier firms ?punch way above their apparent weight and can more than match up to the perceived performance of this group?. This means that FDs can look forward to increased levels of competition from audit providers ? which could also increase standards in the areas in which they wish to see an improvement.

Compliance fears

The majority of participants want greater assurance in two areas: compliance with industry regulatory bodies and compliance with the whims of the taxman. Not surprising given the amount of regulatory movement post-recession. That said, nearly half say they did not anticipate expenditure on that to rise: so either they will be looking for a cheaper, more effective auditor, or they will be squeezing their current one to do more for less.

We also asked FDs to tell us about the relationship they had with their audit committee and how the relationship might have changed in the past two years. Sixty-three percent say it has stayed the same ? but another 25 percent say it had improved somewhat. Only 5.1 percent report it as having deteriorated. Many report their audit committees are now better acquainted with their business on the ground and have a greater respect for the job of the FD as a result of better communication.

Comments from FDs include: ?In-depth understanding and a realistic approach to impairment?; ?supportive and providing good quality advice during poor economic environment?; ?greater understanding of our industry and prompt guidance from the auditor on ethical issues?; ?good communication and learning curve on both sides?; and ?there is trust and professionalism in our dealings and mutual respect.?

This year is certainly shaping up to be an interesting one, particularly in terms of the outcome of the conversation over the award of non-audit work to auditors and where the boundaries should lie.

Whatever else the results have revealed, we have found that FDs now have an opportunity to review what they pay their auditor and what they get for their money; and whether their current auditor can be haggled with ? or whether it is time to look for a fresh, perhaps more economically competitive view.

You can read the analysis of the recent study on audit quality here

Regulator consults on code
Publish Date:

Neil Hodge, Financial Director, Saturday 19 December 2009 at 10:00:00

Director accountability and risk management under greater scrutiny as the FRC begins consultation on reform

The Financial Reporting Council (FRC), the UK?s corporate reporting regulator, has launched a consultation on its proposals to reform the UK?s Combined Code on Corporate Governance in the wake of the current financial crisis.

While the FRC has not found evidence of serious failings in the governance of British business outside the banking sector, it believes that the proposed changes to the Code are ?sensible improvements? that would benefit governance in all major businesses. The new Code ? which will be renamed ?The UK Corporate Governance Code? to avoid confusion among overseas investors ? will also apply to foreign companies operating in the UK if they apply for premium-listed status only available to equity securities issued by trading companies, closed or open-ended investment equities.

The main proposals put forward by the FRC are;

  • The annual re-election of the chairman or the whole board. The FRC also recommends that the board should set out for shareholders why they make those recommendations, in papers accompanying a resolution to elect a non-executive director
  • New principles on the leadership of the chairman
  • New principles on the role, skills and independence of non-executive directors and the level of time commitment to ensure the board is well balanced and challenging. The FRC wants the Code to mandate the board to appoint a non-executive director to act as a senior independent director, providing a sounding board for the chairman and to serving as an intermediary for the other directors when necessary
  • Evaluation of the board to be externally facilitated at least every three years, while the chairman should hold regular development reviews with each director
  • The FRC proposes that the board is ?responsible for defining the company?s risk appetite and tolerance? and that the board ?should maintain a sound system of risk management and internal control to safeguard shareholders? investment and the company?s assets?. However, the regulator wants to add a new provision based on the Turnbull guidance, which states that the board ?should satisfy itself that appropriate systems are in place to identify, evaluate and manage the significant risks faced by the company?
  • An emphasis that performance-related pay should be aligned to the long-term interests of the company and its policy on risk.

In line with Sir David Walker?s report on the corporate governance of banks and financial institutions, the FRC has proposed a number of other changes to the code extending its remit, including:

  • The FRC taking responsibility for a Stewardship Code for institutional investors, as recommended by Sir David Walker;
  • Considering options for producing practical guidance on good practice engagement between companies and investors;
  • Carrying out during 2010 a limited review of the Turnbull Guidance on Internal Control, on which there will be separate consultation, while
  • The FRC has commissioned Institute of Chartered Secretaries and Administrators to work with others on its behalf to update the good practice guidance from the 2003 Higgs Report which addresses, for example, the roles of the chairman and non-executive directors.

In addition, the FRC may propose limited changes to its existing guidance to audit committees, depending on the outcome of work being undertaken by the FRC?s Auditing Practices Board on the provision of non-audit services and audit partner rotation.

Well received

The FRC?s proposals have been largely welcomed, though with some reservations.

Margaret Cassidy, director of corporate governance at PricewaterhouseCoopers, says the FRC ?has introduced a welcome change to the focus of the code, away from the box-ticking approach driven by provisions to a more thoughtful one centred around enhanced principles.?

She adds that the proposals ?cast a spotlight on the pivotal role of the chairman, whose leadership style can be expected to come under greater challenge from investors in future. In addition, greater clarity around the board?s responsibility for risk management should lead to a more rigorous application of the existing Turnbull guidance for directors on internal controls.?

Richard Wilson, audit partner and leader of the independent director programme at Ernst & Young, says he very much welcomes the introduction of a Stewardship Code, which he believes ?should help to improve further the engagement of shareholders in influencing the governance of companies?.

Peter Montagnon, director of investment affairs at the Association of British Insurers, says the proposed amendments ?highlight some important issues, including director accountability, board evaluation and risk management?. However, he adds that the institutional investor ?has expressed reservation about the annual election of chairmen alone, because this can be too-blunt an instrument.?

Consultation on the draft revised Code ends on 5 March 2010. Subject to the outcome of consultation and the necessary changes to the London Stock Exchange Listing Rules, the FRC intends that the revised Code should apply to all listed companies with a premium listing for financial years beginning on or after 29 June 2010.

Useful links

Copies of the FRC?s report, the consultation document containing the draft revised code and other documents relating to the review are available at

Responses to the consultation on the draft revised code are requested by 5 March 2010 and should be sent to

Accounting ? Letter of intent: Don't blame the auditors
Publish Date:

Peter Williams, Financial Director, Monday 23 March 2009 at 18:30:00

An open letter to Treasury Select Committee chairman John McFall says auditors aren?t to blame for the crisis

Dear John,

In investigating the banking crisis from every angle, you have called many eminent witnesses, including representatives of the auditing profession. They will forgive the comment, but they are all from the Establishment, so it may benefit the Committee to hear from a different perspective: that of Financial Director, whose editors and journalists have, for the last 25 years, been commenting on, inter alia, financial reporting and auditing issues.

You will have established that this banking crisis was not spawned primarily by an auditing crisis, though weaknesses in the system of auditing, regulation and supervision exacerbated the problems caused by your favourite people, the bankers. You will also have established that banks are incredibly complicated organisations, both in sheer size and by way of the many different businesses and business models existing behind the façade ­ further complicated by the lack of business model homogeneity in the sector. Auditors are expected to get their heads around the business and pass opinion? well, on what, exactly?

Re-reading the evidence from your audit panel session, perhaps you may have felt somewhat frustrated by the lectures you got on what audit was and was not designed to do, roles, you are told, laid down by parliament. This is defensive and unhelpful. Forget the talk of watchdogs and bloodhounds: in essence, auditors have one definite role and one possible one. The definite ?do it now? role is to comment on the financial report at a particular moment in time. This brings its own problems: you try valuing complex derivative products. The other possible role for a statutory audit is to see whether a bank has enough capital and reserves to see it through a financial or economic shock. But it is, as you may have gathered, not a burden the auditors want to shoulder. They believe it is the work of the board or the regulator. Why do auditors fight shy of extending their remit? Well, one part of a bank may have 10,000 models for 100,000 transactions.

At the moment, auditors look at the bank systems and controls and how they generate the model. In other words, the audit is about the reliability of the processes rather than whether individual models are giving the right answer. To go to this level of detail you would have to increase the audit resource several fold. Moreover, while ?going concern? may look at particular funding questions, concerns about future risk do not currently lie within the auditor?s remit.

Another intractable problem you should be aware of is the scarcity of bank auditors. The best of them probably number only hundreds across the globe. The idea that one can just magically conjure up bank auditors is fanciful, made worse by the size and scale of multinational banks, meaning that audit work is, in reality, the sole preserve of the Big Four. Conflicts of interest abound and if one of their number collapsed, it would render bank sector auditing near impossible.

Even allowing for this difficult backdrop, given the scale of the crisis, the audit profession can and should help. Your Committee could ask government to engage the Financial Reporting Council to take the lead on examining key aspects of bank auditing and involve external stakeholders such as bankers, regulators and investors.

There is an obvious agenda in the working group. The first task should be to start reviewing the Auditing Practices Board?s practice note 19, on the audit of banks and building societies in the UK. Updating may not be possible yet, but it will have to happen. The FRC should work with the Bank of England and the Financial Services Authority to review the relationship between auditors, regulators and banks to ensure there are no gaps in regulation and that auditors have the freedom they need to express their views and concerns on banking clients.

The FRC?s Audit Inspection Unit should re-examine all the audit files of the banks to ensure the work is of sufficient quality, relevance and consistency. Finally, the Financial Reporting Review Panel is examining the banking sector as a priority, but explicitly, they should review all banks? accounts, no sampling here. You may want to ask them to furnish you with a report before your inquiry ends later this year, focusing on the requirements for companies to comply with the business review, where the Companies Act 2006 has introduced two important changes. The review is now meant to help shareholders assess how the directors have performed their statutory duty to promote the company?s success. All business reviews must contain a description of the principal risks and uncertainties facing the company. Business reviews are required to refer to the main trends and factors likely to affect the future development and performance of the company: banks should be doing this, too.

That?s a substantial and important to-do list for starters, which the auditing profession should be encouraged to adopt.

Yours in hope,

Peter Williams

HMRC audits fail importers
Publish Date:

Neil Hodge, Financial Director, Monday 24 November 2008 at 15:30:00

Attempts to reduce bureaucracy on importing goods has left importers facing uncertainty and potential financial loss

The UK?s spending watchdog has found that British import businesses are worried HM Revenue and Customs? attempt to ease some of the administrative burden on shipping and receiving goods could potentially put them at financial risk.

In its report The Control and Facilitation of Imports, the National Audit Office (NAO) found that by reducing the number of audits and inspections it does, HMRC may not only be miscalculating tax revenue, but also putting importers at risk because they could be liable to pay back taxes at a future date for filing incorrect reports.

While HMRC?s strategy to limit the number of checks carried out at the border has brought benefits, it has also brought some uncertainty about whether they are paying the right amount of tax and duty, and the risk of sizeable back duty demands if they make a mistake.

Error count

Indeed, the watchdog found that while the frequency of importer audits is decreasing, error is actually increasing. In particular, new importers appear to have difficulty in complying, with this group experiencing error rates of nearly 50%. Furthermore, according to the NAO, while HMRC checks traders? documents for more than 280,000 imports each year, nearly one in five of these checks are not carried out correctly.

It is an area of real concern. The NAO found these businesses welcome audits because they provide some assurance they are correctly complying with their obligations. But feedback suggests they view this as an area where HMRC does not perform strongly. One of the main criticisms raised is importers find it frustrating to take assurance from a successful audit only for errors to be discovered in subsequent audits and back duty demands issued.

Such faults are partly a result of how the responsibility for managing customs activity is divided among various directorates and that international trade is a minor function for most of them. The NAO found that accountability and reporting lines are blurred and that there is limited control of the end-to-end process.

Importers also find the burden of audit increases when customs staff lack an understanding of the industry sector and the skills and knowledge appropriate to carry out an efficient and effective audit. Increased bureaucracy and changing regulations are also causing headaches for traders, as well as costing them money. Big Four auditor KPMG estimates that the administrative burden for UK business of complying with customs regulations is about £800m.

As part of their normal business, traders carry out their own checks, and may discover under or over payments. But under EU legislation, traders have to correct errors on an entry-by-entry basis, so they have to submit separate schedules for under and over payments rather than a single schedule. HMRC has initiated discussions with the European Commission to allow a single schedule. There are differences in the processes for correcting under-and over-payments, hence importers regard applying for repayments as one of the more onerous areas.

Descriptions of goods can also be a source of frustration. Currently, for each import, traders have to complete a declaration including classifying the goods by commodity code. Every commodity has a unique ten digit code based on its description and composition which determines the duty rate and any restrictions; at present there are some 16,000 commodity codes.

But classifying goods can be difficult because one item may potentially come under more than one code. For example, a trader applied to HMRC for a commodity code for an Easter snow globe made of glass with a polyresin base, containing a depiction of bunnies and spring and playing music. HMRC considered that it could fall under four categories (including the definition of a ?glass? item and a ?festive item?) and the issue was sent to the EU for clarification. This all takes time.

Speeding up processes

The EU and HMRC have tried to speed up the process. As permitted under EU legislation, HMRC runs the Customs Freight Simplified Procedures which allow businesses to complete a simplified declaration at time of import and submit a supplementary declaration by the fourth working day of the following month. Traders are authorised to use the procedures subject to meeting specified criteria and having a good compliance record. The procedures minimise the formalities at the border, allowing customs to focus resources on high-risk traders, while facilitating compliant businesses. In 2007-08, 84% of imports by volume and 30% by value were imported under these procedures. The EU average by volume is 70%. In total, 29,000 traders use the procedures.

Customs also operate a number of EU duty relief and suspension regimes which allow these businesses to take advantage of reduced rates of duty or defer payment of duty. There are 12 main regimes in operation, but the NAO found that because of their complexity, it can be difficult for traders to identify the appropriate regime. They also complain it is difficult to find complete information about how to comply with the requirements of the regimes.

In January 2008, the EU introduced a new initiative called Authorised Economic Operator (AEO). Traders can obtain AEO status after the completion of a full audit to show their systems and processes meet certain security standards. This will entitle them to speedier clearance at the border.

But there are concerns that the audits are resource intensive for the trader and that the benefits in obtaining AEO status minimal.

They have also raised concerns that HMRC does not have adequate resources to carry out audits to the level required by the EU, which means they could potentially face financial penalties for non-compliance. As of April 2008, fewer than 100 import businesses had applied against HMRC?s predictions of 2,000 during 2008-09.

Fed up
Publish Date:

Melanie Stern, Financial Director, Thursday 31 January 2008 at 00:00:00

This month: Fed rate slash; Northern Rock bail-out; predictions of US recession, and more...

US Federal Reserve chairman Ben Bernanke announced a 75 basis points cut in interest rates to 3.5% on 22 January.

Commentators were shocked by the Fed?s reaction, unprecedented for coming a week ahead of the scheduled rate-setting meet, and because the last time it made emergency cuts was in the days following the 9/11 attacks. Moreover, it has been 26 years since such a big cut.

The Fed pointed to tightening credit markets, a housing slump and rising unemployment ­ but no one was left in doubt as to what the message was: that recession is too close for comfort.

Bank of England Governor Mervyn King, speaking at an Institute of Directors dinner in Bristol the evening the Fed made the cuts, indicated no copycat move from the BoE and said that he thought it was the job of the markets to correct themselves, not central banks. But we?ll soon see if the UK follows the US off the contagion cliff.

Con Bonds?

Alistair Darling is waiting on the FSA to approve his plan to convert £25bn in Northern Rock debt from the Bank of England, into bonds that the stricken mortgage lender hopes will guarantee a quick sale. Northern Rock shares rose a whopping 46% on news of the offer ­ though were still about 90% below their value at the start of the year.

Davos doom

The US is definitely in for a long, hard recession, a panel of world-leading business heads decided at the annual Davos jolly in Switzerland. The BBC quoted New York-based economist Nouriel Roubini saying a ?severe recession" could last as long as a year. Stephen Roach, chairman of Morgan Stanley Asia, concurred and thought that Asia, especially China, would be hard hit by the slump.

Eastern promise

Gordon Brown attended the launch of the London Stock Exchange's new office in Beijing as part of his drive to attract more Chinese business to the UK. The LSE is already home to more Chinese companies than any other major exchange globally. The office is inside Beijing's Winland International Finance Centre, its logical home with neighbours such as HSBC, Goldman Sachs, UBS, and shortly a branch of the Tokyo Stock Exchange.

Fitch likes Fair

Ratings agency Fitch has said it expects fair value management to remain the central accounting focus for analysts and investors in 2008, in light of the unravelling fallout from the credit and liquidity crunches on sub-prime mortgage-related assets, it said. The firm was to publish a report on fair value accounting as we went to press.

Enron evils

A lawsuit by investors seeking to recover around £40bn from Merrill Lynch, Barclays and Credit Suisse First Boston, following the Enron collapse, had their case rejected by the US Supreme Court, after an earlier ruling that limits the right of shareholders to pursue third parties involved in deals that involved the bankrupt energy firm.

Beyond pensions

BP will not make any contributions to its pension scheme in 2008 because, under its scheme rules, it is permitted to stop making payments once funding to cover liabilities is more than 115% ­ it is now 135%, the company says. BP is the second large oil firm to make such a move, following Royal Dutch Shell.



The government had another stab at taking the pain out of capital gains tax by offering an ?entrepreneurs? relief?, which effectively reduces the 18% CGT rate announced in the last pre-Budget report to 10% for the first £1m of lifetime capital gains. The new rates are expected to come into effect from April 2008.

The House of Lords ruled that the three-year time bar on Condé Nast?s underclaimed VAT should be disallowed under EU law. The Law Lords said that the 1995 UK time limit regulations had been introduced without transitional arrangements. DLA Piper tax disputes partner Hartley Foster says that, as total claims from other litigants against HM Revenue & Customs may amount to £1bn, the government is likely to act swiftly. Taxpayers now have ?a small window of opportunity? to submit claims to HMRC.

Listing rules

A Financial Services Authority consultation paper on the London Stock Exchange Listing Rules suggests that it might be appropriate for international companies with a primary listing in London to abide by the same Combined Code ?comply or explain? requirements as UK companies and that they should also have to comply with a pre-emption rights regime equivalent to that followed by UK companies under UK company law.

In proportion
Publish Date:

Sarah Perrin, Financial Director, Thursday 31 January 2008 at 00:00:00

Any company that tries to agree an auditor liability cap that is based on any formula other than proportionality may find it has bitten off more than it can chew, if it can?t get buy-in from shareholders

Official guidance is currently being developed to help companies and their auditors contractually agree a degree of limited auditor liability. However, institutional investor groups have made it clear that, for listed companies at least, one of the options included in the draft guidance will not be deemed acceptable.

The draft guidance in question has been developed by the Financial Reporting Council and is based on the Companies Act 2006, which makes it possible for contractual agreements to limit auditor liability to be entered into from April this year. It explains that there are a number of options available for companies and auditors:

? A limit based on the auditor?s proportionate share of the responsibility for any loss;

? A limit set purely by reference to a ?fair and reasonable? test, as decided by the courts;

? A monetary cap (a set figure or an amount based on some formula, such as a multiple of audit fees); or

? A combination of some or all of these options.

Shareholders must vote in favour of any such contracts if they are to be valid.

Investor dissent

Although all the options outlined by the FRC are allowable by law, institutional investors have long opposed the idea of a fixed monetary cap. The Association of British Insurers has now said that it will issue ?red top? alerts when listed companies seek shareholder approval for contracts to limit liability using fixed monetary caps. Such alerts are designed to flag up to investors situations which the ABI does not consider best practice in terms of corporate governance.

The ABI is not alone in its views. The National Association of Pension Funds? voting guideline, issued in November 2007, says: ?Investors should consider voting against resolutions which propose any form of liability limitation other than proportional liability unless there are compelling reasons why that is not appropriate??

Michael McKersie, the ABI?s assistant director of investment affairs, stresses that his organisation does not oppose reform of joint and several liability. ?Joint and several causes difficulties for those with deep pockets, such as auditors,? he says. However, it does oppose the fixed monetary cap option. ?A fixed cap will bear little or no relation to the damage that could potentially be done by auditors,? McKersie says. ?It is an arbitrary amount. But we are happy to contemplate proportionality. Proportionality is the right conceptual approach, though it is quite complex.?

The audit profession appears to accept that proportionate liability will be the option that works in practice, at least for listed companies. ?When a company has to put a resolution to its shareholders, if it knows a fixed cap will be turned down and proportionality accepted, that?s the way it will work,? says Ernst & Young partner Gerald Russell. ?The legislation has allowed caps because not all companies are the same. Ernst & Young agreed a cap with its own auditors a long time ago. But I think with big listed companies, caps are unlikely to prevail.?

Far from ideal

This isn?t to say that all parts of the audit profession think agreements based on proportionality are ideal. As Russell points out, a major firm could still go bust if on the receiving end of a catastrophic claim. ?From a professional point of view, it?s a bit of a shame [that proportionality will prevail], because proportionality is fine, but it could bust a firm,? Russell says. ?That?s not in anyone?s interest.?

However, mid-tier firms seem likely to oppose fixed caps. This is because they would probably be unable to agree caps as large as those agreed by Big Four auditors, thus making themselves potentially less attractive to clients.

Jeremy Newman, managing partner at BDO, is opposed to fixed monetary caps. He feels that most interested parties accept agreements based on proportionality as the way forward. He would like the FRC?s final guidance to give a clear steer on the types of agreement that would be most appropriate for particular situations or clients. ?You would hear applause from the investment community, major accounting firms and I think from corporates, because they would be clear what was regarded as acceptable practice,? he says. ?There is a danger that given ambiguous guidance, people will be scared to do anything.?

A consensus does seem to be emerging that the FRC?s final guidance should come out in favour of proportionality as the preferred basis for agreements between listed companies and their auditors.

The ABI?s McKersie says, ?All interested parties, certainly in the area we look at ­ quoted companies ­ would welcome a clear indication that a proportionate approach is deemed to be the acceptable basis that companies can reasonably rely on shareholders supporting.?

E&Y?s Russell agrees: ?If we know that institutional shareholders are only going for one option [for plcs], then it would be better to have one option. It will save endless individual negotiation if everybody can just pick up the suggested agreement.?

Accounting: Playing low-ball
Publish Date:

Peter Williams, Financial Director, Thursday 12 July 2007 at 00:00:00

The Big Four have a stranglehold over the audit market and it?s a position they are not about to relinquish easily

The Big Four say they welcome the idea of more audit choice for large companies. But do they mean what they say? After all, the concept of greater audit choice for big business implies that the top firms would lose audits, market share and profit.

In this debate, the subject of low-balling has always been the elephant in the corner: something that is really obvious, but which is never properly discussed. The ultimate purpose of predatory pricing is to sell goods or services at artificially low prices with the intent of driving competitors out of the market, or to create a barrier to entry into the market for potential new competitors. If other firms cannot sustain equal or lower prices without losing money, they go out of business. The predatory pricer then has fewer competitors or even a monopoly, allowing it to raise prices above the level that the market would otherwise bear. Audit choice and low-balling are two sides of the same coin.

It is not in the interest of any of the major players to want to open up the question of predatory pricing. The Big Four audit firms don?t want to discuss it, nor do finance directors. So the audit trail on low-balling goes cold. While some accept low-balling as an absolute fact of life, others deny that it ever happens.

Certainly, the documented evidence on low-balling is rare, but every few years there is a low-balling tale or accusation from someone who ought to know. And this keeps alive the idea that absence of evidence does not equate to evidence of absence. The latest explosion came from Jeremy Newman, managing partner of BDO Stoy Hayward, who is leading a sustained assault on the Big Four. A clearly exasperated Newman has put into the public domain the story of a due diligence job for which his firm quoted. Despite the fact that the maximum fee level that BDO Stoy Hayward asked for was a third of the initial price of the company?s auditors, the work eventually ended up being performed by the i ncumbent for around 10% more than BDO Stoy Hayward?s top quote.

It is tempting to dismiss the tale as an example of a canny finance director using a different supplier as a stick with which to beat the incumbent ? and presumably favoured auditor ? into providing the service at a more reasonable price. Or is it, as Newman suggests, predatory pricing designed to force out his firm from competing in certain segments of the marketplace? Significantly, Newman also claims that the Big Four firms are increasingly targeting the clients of BDO Stoy Hayward ? and presumably the other second-tier firms ? by promising significantly reduced fees, which the incumbent is forced to at least match, or risk losing the work. Even smaller independent firms feel the threat of low-balling. These independents find their biggest clients ? significant private companies, but not quoted entities ? are regularly targeted by the Big Four.

One way in which the incidence of low-balling could decrease would be if clients made it clear that being the auditor gave a professional firm no advantage when it came to bidding and winning other work. The downside of that step is, why should FDs bother? It?s convenient to work with professionals who know about your business and can swiftly start to do the task required of them.

The BDO complaint on low-balling has to be seen in the wider context of the overall trends in the audit market. Jeremy Newman chose to release his tale about low-balling at the time that the Financial Reporting Council ? among other roles, the UK?s audit regulator ? is consulting on audit concentration (see

Part of the recommendations of the Market Participants Group should have an impact on the possibility of low-balling. For instance, the recommendation that audit firms disclose the financial results of their work on statutory audits and directly related services on a comparable basis should ensure relevant information emerges over time about audit firms? current pricing policies. In particular, this may start to illuminate the issue of cross-subsidisation of audit services by non-audit services. The Association of British Insurers suggested to the FRC at the start of its consultation on audit choice in 2006 that there is a risk that large firms, which can afford to sustain such subsidies, can use this device to create a barrier to entry by smaller firms. While companies and shareholders don?t want to be overcharged for poor-quality audit services, the ABI described it as ?simple common sense? that a fair price for audit is a prerequisite for the maintenance of both choice and quality.

The question at the heart of the debate on increasing choice in the audit market is how hard the Big Four firms are prepared to fight to hold on to the market share they have carefully gathered over the years, both through merger and through organic development. All the evidence suggests the answer to that question is easy: very hard indeed.

'Fourget' choice
Publish Date:

Sarah Perrin, Financial Director, Thursday 31 May 2007 at 00:00:00

Despite attempts to promote choice and competition, the Big Four still has a stranglehold on the audit market

Auditing is back on the agenda, though this time not because of a major audit failure or the collapse of a Big Four firm. Not yet, anyway. But recent proposals to encourage more competition for large company audits, increased auditor liability and revisions to international auditing standards could all have an impact on the market for business assurance services.

The debate about how to improve audit choice for larger companies rumbles on, most recently stimulated by another report issued under the auspices of the Financial Reporting Panel. The interim recommendations of the FRC?s Market Participants Group form a package of suggestions directed at regulators, accountancy firms, investor groups and companies. For example, companies, it is suggested, could be required to give more information to shareholders on the auditor reselection process. Similarly, boards could be forced to disclose any contractual obligations to appoint certain types of audit firms.

Same difference

Could such recommendations make a difference to the rather limited auditor choice available to large companies? ?There?s no one thing in the recommendations that will make a difference,? says Richard Everett, director of group finance at Friends Provident. ?Even taken collectively, I don?t think the package of recommendations will make a significant difference in the short term.? Nevertheless, he sees a benefit in keeping the debate about choice in the audit market going.

Although not very concerned about the restricted choice of auditors for large companies, Everett says: ?The root of our concern is that the current situation doesn?t give audit firm incumbents a particularly good incentive to improve services, innovate or improve quality.? Friends Provident?s audit choice is essentially limited to the Big Four. ?It?s a very specialised area of audit and the skills to do that are concentrated in the Big Four,? Everett says. ?It would take a bold move for the mid-tier to invest in these skills.?

Nevertheless, Everett believes large companies can make effective use of mid-tier firms ? if those firms promote themselves properly. ?Speaking from previous experience, in a different organisation we used a mid-tier firm for some specialised gap filling within our finance function and that was working extremely well. There are things firms could do for bigger companies, and that way they could gain their confidence and build up relationships.? he says.

The lack of global presence remains a major stumbling block for mid-sized firms which want to audit large companies. ?We have had approaches from some of the mid-tier firms suggesting they can provide services,? says Ken Lever, FD of Tomkins. ?The problem is that they don?t have the global reach of the major firms.? That said, Lever is sceptical about the truly global nature of the services offered even by the Big Four. ?I think the only firm that did operate truly internationally was Andersen,? he says.

Lever also suggests that the quality of personnel in firms outside the Big Four may be more variable. ?They do have some very good quality people, but the consistency of quality across these firms tends not to be as great as in the larger firms,? he says.

Like Everett, Lever suggests mid-tier firms could provide specialist services to large companies. ?They might look to concentrate on providing internal audit or Sarbanes-Oxley services,? he says, ?but they would have to buy in that resource.?

Perceived quality

He also suggests that market perceptions still encourage large companies to go with the Big Four. ?A lot of what?s going on from an audit perspective is driven by the demands of investors,? he says, adding that it is ?no accident? that the vast majority of the FTSE-350 have Big Four auditors. ?It?s almost seen as the wrong thing to do to have somebody other than the Big Four.? As Lever notes: ?Pioneers get arrows in their backs. Most audit committees are understandably conservative. Most take persuading that there should be any change at all. But why would they be anything other than conservative in their choice??

If there are some lingering perceptions that quality may be better in the Big Four firms, Trevor Dighton, CFO at Group 4 Securicor, would challenge that. Baker Tilly used to be Securicor?s auditors, before it merged with Group 4. ?We were large for them in client terms, and we got a very good service,? Dighton says. ?The level of service and attention to detail you get from the second tier could conceivably be better than from a large firm.?

Now Group 4 Securicor is audited by KPMG, which Dighton says is ?great?. During the tender process which KPMG won, all Big Four firms and Baker Tilly were invited to compete. However, in future Dighton suspects that the choice may be limited to the Big Four. ?We do have a very broad international footprint,? he says. ?We are in 100 countries.? Dighton finds it hard to see how the second tier can close the gap in the near future, whether by organic growth or merger. ?There?s such a big gap between number five and number four,? he says.

Audit fees

But audit choice aside, how about audit fees? ?They are quite high,? Dighton says. ?I would be concerned if they went up much more. It could be something to worry about, with the dominance of the big players.?

Fees have gone up, driven partly by the change to International Financial Reporting Standards. Unfortunately for FDs, some further fee rises may be on the horizon if Ernst & Young?s fears about the impact of the new criminal liability risk facing auditors are realised. Under the recent Companies Act it becomes an offence for auditors if they ?knowingly or recklessly cause a report to include any matter which is misleading, false or deceptive in a material particular?.

As Gerald Russell, a senior partner at E&Y, points out, the term ?reckl essly? is not that well understood in law. ?We are worried this has the effect of criminalising negligence,? he says. ?It may make auditors become more circumspect, which may mean they have to spend more time on certain areas. Auditors faced with criminal sanctions will spend a lot of time on the minutiae of accounts, and time is money.? Even now, with the reams of disclosure required under IFRS, auditors are having to spend more time on such detail and less time on considering the business itself. ?More time is being spent on the accounts package, rather than kicking the tyres,? Russell says.

Separately, it is unclear whether revisions currently being made to International Standards on Auditing (ISAs) as part of the International Auditing and Assurance Standards Board?s clarity and improvements project might also translate into higher audit fees ? or at least auditors trying to negotiate fees up. What is clear is that the future clarified ISAs will be more specific than their predecessors that have already been adopted in the UK. Although the UK?s Auditing Practices Board has been trying hard to stem the tide of rule-based standards, there is only so much one body can do in an international context. Securities regulators internationally appear to support greater specification in ISAs.

What happens for the UK?s auditors depends on the European Commission?s endorsement ? or otherwise ? of the clarified ISAs. With the IAASB around half-way through its clarity project and aiming to finish by 2008, this is something for auditors, and their clients, to keep an eye on for the future.

FDs on their auditors

In the middle of May, we asked Financial Director readers what they thought of the audit market and, indeed, their own auditors. Their responses give much cause for concern.

Respondents to our survey came from across British industry ? from businesse s with turnover of less than £25m up to those with turnover in excess of £1bn. Nearly half said they were audited by a Big Four firm, while about a third are audited by a mid-sized/national firm.

On almost every issue, companies that are Big Four clients scored their auditors lower than did those who use mid-sized or local firms. When asked, 'What value do you attach to the audit over and above compliance with statutory requirements??, 60% scored their auditors at five out of 10 or less ? and that figure rose to 69% for Big Four clients.

The responses almost exactly mirror the results we found when we conducted a similar survey in 1999 ? and in some cases, companies are even more disenchanted with their auditors than they were eight years ago.

Back then, for example, the single biggest gripe among clients of the then Big Five was the quality of junior staff: 51% of them cited this as a problem they had with their auditors. Today, 55% of the Big Four clients make the same complaint.

But fees have leapfrogged up the table of complaints: in 1999, 44% of all companies and 42% of Big Five clients had problems with their auditors' fees; today, 54% of all companies and 61% of Big Four clients cite fees as problem.

One consolation for auditors is that quality of service is less of an issue, though still around a third of respondents today are unhappy with the service provided by their auditors. ?I'm not sure I would use 'service' and 'auditors' in the same sentence,? said one FD. ?Auditors often talk about adding value to my business, in reality they are an inconvenience and have so little commercial understanding that they cannot hope to offer me anything extra,? said another FD.

The full survey report will be available soon. To receive a copy, send an email with the words "Audit survey" in the subject field and your name, company and job title to and it will be sent to you as soon as it becomes available.

Computer Weekley - IT Management News

Microsoft Dynamics specialists unhappy with their pay packets
Publish Date: Thu, 10 Nov 2011 12:32:00 GMT
A Microsoft Dynamics skills shortage is leading businesses to recruit less experienced individuals to plug gaps, while more experienced workers are looking to jump ship for more money.

TCS bags rare megadeal and 1,900 more UK workers
Publish Date: Thu, 10 Nov 2011 11:27:00 GMT
Tata Consultancy Services BPO subsidiary, Diligenta, has won a deal with life insurer Friends Life worth £1.37bn over 15 years which will see 1,900 Friends Life staff transfer to the Indian service provider.

Gartner ITxpo 2011: CIO Steve Chambers on the technology behind Visa Europe
Publish Date: Thu, 10 Nov 2011 11:17:00 GMT
At the Gartner ITxpo conference in Barcelona, Chambers discussed the IT challenges at Visa Europe, getting management buy-in, new technology platforms and developing the right skills.

FBI takes down botnet of four million computers in Operation Ghostclick
Publish Date: Thu, 10 Nov 2011 09:29:00 GMT
The FBI and Estonian police have taken down a botnet of over 4 million computers in an operation dubbed "Ghostclick". The cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries.

Wi-Manx deploys multimillion-pound datacentre with ultra-fast broadband
Publish Date: Wed, 09 Nov 2011 14:37:00 GMT
Isle of Man-based telecommunications firm Wi-Manx has deployed a multimillion-pound datacentre to better serve its business customers.

Adobe to change mobile Flash player strategy and axe European jobs
Publish Date: Wed, 09 Nov 2011 14:07:00 GMT
Adobe plans to abandon its Flash player for mobile browsers and cut 750 jobs across North America and Europe as part of a reorganisation.

Deputy government CIO Bill McCluggage quits to join storage hardware firm EMC
Publish Date: Wed, 09 Nov 2011 12:45:00 GMT
Bill McCluggage, the deputy government CIO, is to step down from his position at the Cabinet Office to take a position at storage hardware company EMC. McCluggage joined the Cabinet Office as deputy CIO in September 2009 on a salary of £90,000 per year.

Security concerns stop public sector IT managers rolling out BYOD programmes
Publish Date: Wed, 09 Nov 2011 09:17:00 GMT
Most public sector IT managers are too worried by security concerns to implement a bring your own device (BYOD) policy. Some 76% are concerned about employees plugging personal gadgets such as smartphones, iPads and USBs into their networks.

Security Zone: Security education and governance are vital - do not ignore them
Publish Date: Wed, 09 Nov 2011 08:56:00 GMT
Matthew Lord, CISSP, chief information security officer at Steria, discusses why security education and strong governance are often only found in security improvement plans or at best briefly discussed in the board room.

Social Media Awards 2011: Vote now!
Publish Date: Tue, 08 Nov 2011 18:00:00 GMT
Computer Weekly's search for the best use of social media in IT is back for its fourth year, in association with IBM, and we want you vote for the best uses of social media in UK IT. Fill out the form below and subimt!

CIO interview: Tony Prestedge, COO, Nationwide
Publish Date: Tue, 08 Nov 2011 17:28:00 GMT
Tony Prestedge explains how Nationwide is transforming its business through a £1bn investment in technology and how it kept the £1bn financial services IT transformation project on track when the finance sector was collapsing.

Gartner ITxpo: Gerry Pennell explains why the cloud won't make the Olympics squad
Publish Date: Tue, 08 Nov 2011 16:40:00 GMT
Olympics CIO Gerry Pennell believes cloud computing is far from ready for mission-critical applications in the 2012 London Olympic Games.

Security Zone: Managing false positives in security systems
Publish Date: Tue, 08 Nov 2011 13:26:00 GMT
Disabling signatures and policies that are perceived to generate false positives could severely hamper a security technology's ability to correlate events that may lead to the detection and mitigation of a real security breach. GlaxoSmithKline's Marty Seery, CISSP, considers the alternatives.

Department of Health opens up data in drive to localise IT procurement
Publish Date: Tue, 08 Nov 2011 12:44:00 GMT
The Department of Health has outlined a series of initiatives to support trusts in procuring IT at a local level.

UK government is rewriting the outsourcing rule book
Publish Date: Tue, 08 Nov 2011 12:30:00 GMT
Changes in the way the government buys IT services were reflected in the latest figures from TPI, which revealed that the number of outsourcing contracts signed by the UK public sector in the first half of this year was 70% higher than the same period last year, whereas the total value of these contracts was 47% less.

Sharing risk requires training, development and a top-down approach to security
Publish Date: Tue, 08 Nov 2011 11:59:00 GMT
It is generally accepted that good data security practices ensure confidentiality, integrity and availability of information - but is that really the case?

Case study: Smiths turns to cloud to boost workforce talent
Publish Date: Tue, 08 Nov 2011 11:29:00 GMT
Smiths Group, the £5bn engineering conglomerate, is aiming to raise the skill levels of its workforce and save millions of pounds a year with a cloud-based HR service.

Bogus phone calls linked to online fraud, warns Trusteer
Publish Date: Tue, 08 Nov 2011 10:19:00 GMT
Fraudulent phone calls are increasing in popularity among the criminal community to commit ID theft, warns security firm Trusteer.

Google+ opens for business with public pages feature
Publish Date: Tue, 08 Nov 2011 10:07:00 GMT
Google+ has opened a business "pages" feature on its social network, and has already attracted some big brands.

CIO interview: Martin Davies, head of technology at Bet365
Publish Date: Tue, 08 Nov 2011 10:03:00 GMT
Online gambling company Bet365 has firmly focused on growing its IT platforms, having started with just three web servers and 20 people to its current 17,000 servers and more than 320 people in IT.

Computer Weekley - Security News

Researchers use fake Facebook profiles to harvest data from thousands of users
Publish Date: Mon, 07 Nov 2011 09:57:00 GMT
Facebook failed to stop researchers using fake profiles to collect the personal data of users. The University of British Columbia researchers collected 250 gigabytes of data about Facebook users in two months, including e-mail addresses and phone numbers.

Cyber attack forces Adidas offline
Publish Date: Mon, 07 Nov 2011 09:03:00 GMT
The main Adidas website remains offline after the company was targeted by what it describes as a sophisticated criminal cyber attack. But the German sportswear company said there was no evidence any consumer data had been affected by the attack.

Speed essential to combating cyber crime, Kaspersky tells London Conference
Publish Date: Wed, 02 Nov 2011 15:15:00 GMT
Eugene Kaspersky told the London Cyberspace Conference governments must be quicker to react to cyber threats

The top five SME security challenges
Publish Date: Wed, 02 Nov 2011 09:07:00 GMT
Best practice in information security and compliance for small and medium-sized enterprises (SMEs) is often seen as a headache, but the SME faces the same security threat landscape as larger organisations - and without their budgets.

UK and US commit to open, secure internet at London Cyberspace Conference
Publish Date: Tue, 01 Nov 2011 16:11:00 GMT
The UK and US governments have committed themselves to preserving the openness of the internet, and have encouraged other countries to work together to secure cyberspace.

Dozens of chemical and defence firms hit by China-based hack
Publish Date: Tue, 01 Nov 2011 08:25:00 GMT
A China-based industrial espionage hacker attack targeted at least 29 chemical industry firms, including Fortune 100 firms, in July and September, researchers at Symantec have found.

Hack at Japan?s mapping agency raises concerns about a sustained attack
Publish Date: Mon, 31 Oct 2011 14:21:00 GMT
Japan's mapping agency is the latest in a series of government agencies to be targeted by hackers...

Critical infrastructure providers are less engaged with government cyber protection despite growing threats
Publish Date: Mon, 31 Oct 2011 11:29:00 GMT
Fewer providers of critical national infrastructure are engaged with government security programmes this year, than last year, according to research.

Facebook admits to 600,000 cyber attacks a day
Publish Date: Mon, 31 Oct 2011 09:41:00 GMT
Facebook has revealed that every 24 hours it receives around 600,000 logins to the social networking website from impostors attempting to access users' information.

UK cyber attacks at a 'disturbing' level, says GCHQ chief
Publish Date: Mon, 31 Oct 2011 09:41:00 GMT
Cyber attacks on the UK have reached "disturbing" levels, according to Ian Lobban, director of communications intelligence agency GCHQ.

Sophos warns Mac users as OS X hit by backdoor Trojan malware Tsunami-A
Publish Date: Wed, 26 Oct 2011 09:23:00 GMT
Apple's Mac OS X operating system is being targeted by malware dubbed OSX/Tsunami-A, a Linus backdoor Trojan that embeds itself on a computer system and monitors an IRC channel for further instructions.

Spammers operating public, spam-friendly URL-shortening services, warns Symantec
Publish Date: Tue, 25 Oct 2011 13:20:00 GMT
Spammers have set up their own public URL shortening services for concealing spam sites and making them harder to block.

Researchers uncover security flaw in Skype video chat service
Publish Date: Tue, 25 Oct 2011 11:39:00 GMT
A security flaw in the Skype video chat service may be putting millions of users at risk, according to a report by a group of international researchers.

New JBoss worm highlights cost of failure to keep IT security updated
Publish Date: Mon, 24 Oct 2011 14:20:00 GMT
A new worm is compromising servers running older versions of the JBoss Application Server and then adding them to a botnet, warns security firm Kaspersky Lab.

UK cyber security strategy aimed at growth, says government official
Publish Date: Fri, 21 Oct 2011 09:44:00 GMT
The UK's soon-to-be-published cyber security strategy will focus on promoting growth to bring about transformational change, says Owen Pengelly, deputy director of policy at the Office for Cyber Security and Information Assurance.

Symantec identifies Duqu malware evolved from Stuxnet in spy mode
Publish Date: Wed, 19 Oct 2011 11:25:00 GMT
Malware sharing the code of the Stuxnet worm has infected several industrial sites. The malware has been dubbed Duqu because of the frequent use of a .DQ file extension. In its present phase, Duqu seeks information about machinery and software.

RSA: Tim Berners-Lee calls for a new breed of information security systems
Publish Date: Fri, 14 Oct 2011 12:38:00 GMT
World Wide Web inventor Sir Tim Berners-Lee has called on the IT security industry to develop a new breed of systems that make it easier to manage the use of personal data.

UK government says it can attract and retain the cyber defence skills it needs
Publish Date: Fri, 14 Oct 2011 10:06:00 GMT
The government says it understands the need to make sure it has enough highly skilled IT professionals to respond to cyber threats.

Fears over medical record privacy could deter patients seeking treatment, finds survey
Publish Date: Thu, 13 Oct 2011 12:20:00 GMT
Patients' fears over the security of their medical records could have a negative effect on their health as people hold information back from medical institutions with poor records in protecting confidential data.

RSA: Data security should be more about detection than prevention
Publish Date: Thu, 13 Oct 2011 11:05:00 GMT
The traditional approach to information security that is focused on prevention is failing because it looks only at known threats, says Eddie Schwartz, chief information security officer at RSA.


Auditing Security and IT Systems
Copyright 2006-2008. All Rights Reserved. Something missing on this page? Let us know