In Your Face

In Your Face
Thought provoking opinions on topical issues.

Friday, December 20, 2002

The Added Value of Internal Audit, a Brief Overview

There is a joke which sums up some peoples’ attitudes to internal audit; it goes as follows:

There is a pint glass, it contains half a pint of milk.

The optimistic manager says that the glass is half full.

The pessimistic manager says that the glass is half empty.

The internal auditor says that the milk is sour
.”

Well I suppose, having run international internal audit departments in Philips and De Beers, I could be accused of being prejudiced. However, I firmly believe that a well run, independent and pro active internal audit department can add significant value to an organisation and its connected parties (such as shareholders).

I would point out that had the internal audit departments in both Enron and WorldCom operated in a professional and independent manner; then the gross mismanagement and corruption in these two companies would, in my opinion, not have occurred.

So how can an internal audit department add value? I will start with the basic, textbook, definition of the role of internal audit.

Internal audit provides independent objective assurance to the Board as to the adequacy of the business controls, and the effectiveness of the risk management and risk identification process.

In other words, the internal audit department should tell the Board when the company is being poorly managed, where risks are not being identified or mitigated and when the business objectives are not likely to be met.

In addition to this very wide ranging remit, a well run internal audit department adds value in the following ways:

 It acts as a training ground for future line managers, by exposing fast track members of the department to a variety of situations, activities and functions within the organisation.

 It provides a “one stop shop” for best practice advice.

 It provides an independent, objective opinion as to the quality of the business controls.

 It stimulates risk awareness throughout the organisation.

 It is a source of qualified, experienced talent that can aid management in business improvement programmes.

 It provides specialist professional independent opinions on a variety of situations; such as due diligence exercises.

 It reports on fraudulent activity within the organisation, with a view to understanding how it happened and how to prevent it occurring again.

 It ensures that the company wide initiatives, such as a code of conduct, are being adhered to.

I will expand on the subjects of business controls, risks (click here for risk article) and what constitutes a well run audit department (click here for the latter) in forthcoming articles.

Wednesday, December 18, 2002

Characteristics of a Well Managed Organisation

My experiences whilst working with KPMG, Philips and De Beers have given me a detailed understanding as to what constitutes a well managed organisation. I have put together my personal “top ten” list of the characteristics of a well managed organisation.

1. The organisation has a mission statement which is clearly communicated, and understood, by all members of the organisation. This will form the basis of the bsuiness plan.

2. The organisational structure is clearly defined, understood and appropriate for the activities carried out. Specifically, with regard to human reporting lines, there should be no dual/dotted reporting lines; these clutter up the clarity of the decision making process and cause conflict within the organisation. With regard to the actual organisational structure, this should be as “clean” and transparent as possible; complex off balance sheet arrangements at best confuse, and worst are deliberate attempts to obfuscate reality from interested parties (such as the Internal Revenue Service). In respect of the latter, I draw your attention to Enron.

3. The management of the organisation should clearly delegate responsibility for activities to those most appropriately qualified to perform them.

4. Targets and key performance indicators should be appropriate to the organisation’s mission, and be clearly communicated and understood. They should be stretching, but achievable; above all they should be measurable.

5. Management information must be timely, accurate, relevant and reliable. What gets measured gets done!

6. Management should take appropriate, timely, corrective actions in the event that targets are not being achieved.

7. There must be appropriate segregation of duties to ensure that one person’s ego does not take the organisation down the path to oblivion; specifically the roles of President, CEO and CFO must be separated.

8. There should be an independent supervisory board of appropriately qualified independent non executive directors. In my view, it is not merely enough for these non executives to posses titles and a string of directorships. They must be able to demonstrate that they deserve to hold office, and be proactive and “muscular” in their role; the non executives of, for example, Marconi and Cable and Wireless singularly failed in their roles.

9. There should be an independent, well qualified, proactive internal audit department which reports to an independent audit committee.

10. The organisation should have a code of conduct which is in the public arena and which is seen to be, and used as, a living document. See my article on Codes of Conduct (click here to read it) for more details.

Now, take a look at the organisation that you are dealing with/working for; does it posses all of the above? If not; then you should consider moving on, and dealing with/working for another better run organisation.

Tuesday, December 17, 2002

Ten Types of Fraud

In my roles as Head of Internal Audit and International Forensic Co-ordinator, in both Philips and De Beers, I have had many years of experience investigating frauds. Based on this experience I have put together my personal “top ten” list of common types of fraud. I recommend that you also read Ten Reasons Frauds Occur (click here to read it).

1. Falsification of expense claims – an old favourite with both senior and junior staff. Common “ruses” include; inflating mileage claims, entertaining friends and relatives at the company’s expense and claiming for expenses never incurred by stating that “the receipt must have been mislaid”.

2. Stealing money from the company bank account – the perpetrator having got away with this once, will usually try it again and again; until it is discovered. I personally reviewed a case where the perpetrator had been routinely helping himself to company cash for some twenty years.

3. Manipulating sales figures so as to reach target and achieve bonus – a simple version of this involves booking sales in one month (usually a quarter end) then crediting them back the next. Naturally unless the perpetrator keeps this “teeming and lading” up, the overstatement in one month will be shown as a shortfall in the next. Another, well worn, version of this involves booking orders as sales.

4. Falsifying supplier invoices – this is a little more daring, one case I have on record involved a senior manager who had some substantial renovation work carried out on his house. He then arranged for the invoices from the contractor to be sent to the company, posing as costs for work carried out on company premises.

5. Theft of stock – a time honoured way to make a “fast buck”. The perpetrator will over a period of time abscond with a number of items from the warehouse, and resell these to friends, family and members of the public. So long as the stock losses are within tolerance, then it is possible for this “scam” to remain undetected for a significant period of time.

6. Transactions that are not “arms length” – when a well run company asks for tenders for a service contract with a third party they usually obtain at least three closed quotes. The best value quote should then be selected. When the system does not run effectively, there is an opportunity for friends and relatives of the purchasing department to send in quotes that are accepted; bypassing the quotes from reputable suppliers. “Arms length” also applies to sales transactions where the purchaser bribes the salesman in return for a favourable contract.

7. Tax evasion – fraud on the corporate level. Excessively complex organisational structures are created, designed to obfuscate the revenue streams; and so hide reality from third parties, such as the Internal Revenue Service. Enron, with its complex off balance sheet structure and transactions, is a textbook example of this.

8. Fictitious invoicing – where there are poor accounting controls and insufficient segregation of duties in the F&A department the fraudster, if suitably positioned, can arrange for invoices (for services never delivered) from connected parties to be passed for payment.

9. Acquisition of company property at less than market value – this requires the collusion of at least two people (usually quite senior). Company property, such as fixed assets, offered for sale is “sold” to one of the individuals at a bargain price approved by the other. The property is then resold at market value, and the profit split.

10. Theft of raw materials – manufacturers should measure the quantities and costs of the raw materials used in the manufacturing process. Some processes use expensive materials, such as gold. When the measurement system has been compromised, or management do not investigate adverse yield variances, the fraudster has the opportunity to steal the raw material and sell it to third parties.

As I have noted this is my personal top ten, believe me there are many other types of frauds that have been, and are being, perpetrated.

Monday, December 16, 2002

Ten Reasons Frauds Occur

In my roles as Head of Internal Audit and International Forensic Co-ordinator, in both Philips and De Beers, I have had many years of experience investigating frauds. Based on this experience I have put together my personal “top ten” list of reasons why frauds occur.

1. Greed - good old fashioned human nature intervenes when an individual, or group of individuals, sees a chance to make “a fast buck”. A good example being those cases where people “adjust” their expense claims upwards.

2. Lack of transparency - complex financial transactions that are difficult to understand are an ideal method to hide a fraud. The Barings fraud was perpetrated by use of an accounting “dump account” that no one understood.

3. Poor management information – where a company’s management information system does not produce results that are timely, accurate, sufficiently detailed and relevant; the warning signals of a fraud, such as ongoing theft from the bank account, can be obscured.

4. Excessively generous performance bonus payments – the more generous the bonus, when coupled to a demanding target; the more temptation there is to manipulate results, such as year end sales figures, to reach that target.

5. Non independent internal audit department – where an organisation’s internal audit department is not independent, eg the where it does not report to a truly independent audit committee but to the Finance Director, the more likely that when there are signals that a fraud is occurring the more likely they will be ignored. It is indeed interesting to note that Cynthia Cooper (Head of Internal Audit at WorldCom) had to bypass her boss (the CFO) and go directly to the audit committee to report the discovery of the capital expenditure fraud.

6. Lack of clear moral direction from senior management – leadership comes from the top. Where the senior management indulge themselves in “semi corrupt” behaviour, eg adjusting their expense claims upwards, others will follow adopting the well worn mantra “everyone’s at it”.

7. Excessively complex organisational structure - designed to obfuscate the revenue streams; and so hide reality from third parties, such as the Internal Revenue Service. Enron, with its complex off balance sheet structure and transactions, is a textbook example of this.

8. Poor accounting controls– where the accounting controls, such as a monthly reconciliation of the bank account, are lapse the signals that a fraud has occurred will be missed.

9. Arrogance – some people believe that they are better than “the system”, and that they can get away anything. The late Robert Maxwell (of the Mirror Group) plundered his company pension scheme, arrogantly assuming that since he was chairman of the company he could get away with it; he almost did!

10. Complacency – I have met many a manager who has an almost childlike faith, based in part on the “old boy” network, in the probity of their colleagues; believing that fraud “is not the sort of thing that could happen here”. Others will, and do, take advantage of that trust.

My simple advice is, if you think that a fraud may be happening then fear the worst; because it probably is.

Wednesday, December 04, 2002

An Idiot's Guide To Assessing Organisational Performance

The lamentable failures with the world of commerce over the past few years, eg Enron, Marconi and WorldCom, lead me to conclude that effective corporate governance is merely a phrase to be trotted out to the media; rather than, as it should be, a way of life in some organisations. Additionally, the fundamentals of what constitutes good corporate governance and effective management appear to have been overlooked by individuals (such as investors and analysts) and organisations (such auditors); when they are reviewing an organisation’s performance.

Therefore, based on many years of practical experience around the world, in the spirit of sharing best practice (teaching my grandmother to suck eggs maybe?); I have put together a basic checklist of questions that one should ask, and receive a satisfactory response to, when making a judgement as to the effectiveness of an organisation’s management. This is not designed to be a fully comprehensive, “covers all situations”, questionnaire.

However, the list should cover the key areas relevant to most organisations; be they companies, charities, political/military/scientific/educational bodies. The checklist should be tailored to fit the specific circumstances; naturally, depending on the answers received, more probing questions can/should be asked.

In my opinion, this checklist would be of benefit to a variety of individuals and organisations including, but not limited to:

 Individual investors

 Analysts

 Internal/external audit

 Non Governmental Organisations

 Politicians

 Audit Committees

 Employees

In fact any stakeholder or interested party.

I have divided it into a number of sections, for ease of use.

Finger on the Pulse

1 What are the objectives of the organisation?

2 Are these objectives translated into realistic, achievable plans with timeframes and measurable milestones?

3 Are the objectives and plans communicated and understood by all?

4 What are the risks and opportunities that will affect the business objectives?

5 What is Management doing to address both the risks and opportunities?

6 Are there/have there been any major EDP changes planned? If so what are they, and what is the expected cost, benefit, timeframe for installation and payback period?

7 Have there been any frauds?

8 Details of any litigation being taken out either by or against the organisation?

9 Obtain the latest organisation chart, both senior personnel and organisational. Are there clear reporting lines?

10 Have there been any major investments/disinvestments previously or planned?

11 Ensure that there is an audit committee, and that it is independent of the Board.

12 Does the internal audit function report to the audit committee? If not, why not?

13 Review third party and (where applicable) internal audit reports.

Management Information

1 Review the latest results and compare to budget. Ensure that management receive regular (at least monthly) summaries of results (what gets measured gets done!).

2 Are the relevant key performance indicators on target eg RONA, Debtor days (DSO), cash flow?

4 Can management explain clearly, any material deviance from budget?

5 Are there adequate corrective actions in place to arrest negative deviations from budget?

6 Discuss the results with the appropriate Manager.

Have regard to, for example :

- Products with low sales against budget.

- Negative margins

Ensure that explanations for any of the above are adequate and that there are suitable corrective action plans in place to address these issues. Where the explanation seems confusing, be on your guard; either the manager doesn’t understand it or it is deliberate obfuscation.

7 Are there any areas where costs are significantly above budget? Why?

8 What are the corrective action plans to address these?

9 Review the debtor and creditor days figures. If these are high, what is Management doing to improve the situation?

10 Review the levels of stocks and enquire into reasons for levels that are higher than budget.

11 Obtain the latest forecast for the year and enquire into any significant variances between that and the budget. Also review the adequacy of the corrective actions.

Risk Management

1 Have management performed a risk assessment? If not why not?

2 Did the risk assessment highlight control gaps? If so, is there a corrective action plan?

3 Where there is a log of corrective actions :

- Do the corrective actions have a deadline and person responsible for completing the action?

- Are the deadlines being met? If not why not?

5 Is there a team responsible for monitoring progress of the action plan? If not why not? Is the process alive?

Financial Controls

1 Review the balance sheet for unusual dump accounts and other unusual items.

2 Select a sample of accounts eg accruals, provisions etc and ensure that they are adequately supported by documentary evidence/working papers.

3 Ensure that main sub ledgers are reconciled to the General Ledger.

4 Check a sample of debtors to ensure that credit limits are not exceeded.

5 Review adequacy/necessity for any provisions held.

6 Is there adequate data relating to currency exposure? How does the unit manage its exposure?

7 Are the main accounting functions/duties adequately segregated?

8 Does the CFO regularly monitor/review the controls and General Ledger? Is this evidenced, eg by use of a checklist?

9 Does the General Ledger agree to the monthly information submitted to the head office for consolidation?

11 Ensure that there are written procedures with regard to expense claims. Select a sample of expense claims and ensure that they follow the rules, are properly authorised and supported by documentary evidence, eg invoices. Ensure that there is no self authorisation of either expense claims or travel requisitions.

Code of Conduct

1 Does the organisation have a code of conduct? If so, has it been distributed to all members of staff?

2 Do all new employment contracts contain a reference to compliance?

3 Have there been any occasions of non compliance? Details please.

4 Have the non compliance occasions been reported to a Compliance Officer? What action has been taken?

Sunday, December 01, 2002

Leadership and Change Management

I have, over the years, had the “privilege” to observe at close quarters a variety of management and leadership styles. I would like to summarise these styles by using the following example, set millennia ago in a world of cave dwelling tribes.

Imagine, if you will, three tribes each living in their own set of caves. They each have a leader; A, B and C. Leader A sees that the current situation does not present a long term viable solution to the future housing, and resource, requirements of the community. A sees that in the valley, beyond the neighbouring jungle, there are resources; timber, food, pasture etc that will support a living growing community. Leader A also identifies that to take the tribe from the cave to the valley will be difficult and that there are risks involved; such as navigating their way through the jungle and feeding the tribe. However, the primary obstacle to relocating the tribe is their own natural inertia, namely the human characteristic of resistance to change. The caves are comfortable and safe, the huts that the tribe would have to build to live in the valley are a new untested idea; and after all, why put yourself in danger by uprooting and crossing the jungle?

A’s primary task is present a coherent, well researched and practical plan to the tribe; that outlines the dangers of staying put, the risks of crossing the jungle and the opportunities and rewards of moving to the valley. Leader A does not worry about focus groups, who would tell him that the tribe are quite happy to stay where they are. A calls a meeting of the tribal elders; and presents the case for moving, together with an analysis of the risks involved. The elders give their support and then communicate the message to the rest of the tribe. A sets out the details of the plan, allocates responsibility to specific elders for specific tasks and sets key performance indicators (such as daily food consumption) ensuring that they are regularly measured and action taken to improve performance where necessary. The tribe sets off and, during the long journey, A ensures that the tribe are kept “up to speed” with progress by regularly briefing them; measurable achievements are rewarded (eg by giving an extra food ration) thereby ensuring that people are motivated. The tribe reaches the valley, and development work on the huts begins.

Leader B also sees the valley and appreciates the fact that the tribe should not “stay put”. However, B does not perform sufficiently detailed research (not being a person with an interest in details) and overlooks the risks of crossing the jungle. B presents a very upbeat plan to the tribe (over the heads of the elders), no mention is made of the potential risks; after all B has not identified them! The tribe happily accept the vision of a new utopia and set off. Trouble, as it is wont to do, makes an unwelcome appearance. The lack of research into what would actually be required on the journey has meant that insufficient food was taken by the tribe. Additionally, no measurement system was put into place to monitor daily consumption (the devil is in the detail!). The food runs out, the tribe becomes disillusioned and scared. The elders wash their hands of the affair, and point out they were not involved in the decision making process. B is isolated and unsupported, there being no back up plan B starts to make panic decisions which exacerbate the situation. The tribe become hopelessly lost in the jungle.

Leader C likes the security and warmth of public approval, whilst C feels that it would be better to move the elders point out that the tribe are very happy where they are. Since there is no immediate threat to the tribe, or the leader, the decision can be postponed for a number of years. C agrees, why rock the boat? The tribe therefore stays put.

Let us now return to the scene some years later. What has happened to the three tribes. The first tribe succeeded in crossing to the valley and building the huts. They are flourishing, animals are being reared, crops nurtured and the tribe’s birth rate increasing.

The second tribe disintegrated into disarray and confusion, elders made a series of destabilising leadership bids and members of the tribe formed rival factions. In fact the tribe no longer exists as an identifiable entity. Some members made it through the jungle and joined up with the first tribe, others died, whilst some still inhabit the jungle (reverting to pre cave-dwelling status, reverse evolution in fact).

The third tribe is stagnating, birth rates are falling, the local eco system cannot support the tribe and it looks likely that they face extinction.

What does this tell us about leadership and change management? In my opinion successful leadership and change management require the following conditions to be fulfilled:

1. An effective leader must have the vision to see what can be achieved by changing the status quo. This vision must be clearly communicated and understood; if you don’t know where you are going, or why, then chances are you won’t get there!

2. An effective leader must have sufficiently researched the facts and details in order to formulate a successful plan.

3. An effective leader must understand the risks, and ensure that they can be managed to an acceptable level.

4. The plan must obtain the “buy in” of the people expected to carry it out. This requires that the rewards, risks and hardships involved must be fully and openly explained.

5. Key performance indicators should be set. These should be measured, and corrective actions taken in the event that targets are not met.

6. A reward structure must be developed to ensure that people are motivated.

7. Ongoing communication to the people carrying out the plan, as to its progress against target, must be maintained.

8. An effective leader should see the task through to completion, and not leave halfway through.

Take a look around you, at your company's management and at your politicians. Which category do they fall into? Should your answer be B or C then get rid of them, or find a place where leader type A runs the show.

Tuesday, November 26, 2002

Codes of Conduct, the Ethical Principles of Companies

Opening

In my article “In Place of Strife”, I discuss the need for companies to adopt a code of conduct; which states their attitude to ethical principles, covering core values such as:

1. Honesty

2. Trust

3. Respect

4. Fairness

I would like to expand on this and explain, in more detail; what the code is, why have it and how to implement it.

What is it?

Simply put, a company's code of conduct is their commitment to society as a whole to be a good corporate citizen.

Why have it?

There may be those in boardrooms, around the corporate world, who feel that implementing such a code is an unnecessary waste of time and money. I would like to draw their attention to three key reasons, which I suggest they repeat to themselves every night before going to bed, for having the code:

1. Reputation

2. Reputation

3. Reputation

The astute readers amongst you will have noticed that I have repeated the same word three times. Precisely so, I consider a companies reputation to be so important; that I believe it is necessary to repeat it as a reason three times.

Reputation affects brand value and, at a more precise level; sales, profits and cashflow. In other words, it affects the very existence of the company itself. Something that boards, employees and shareholders should be equally concerned with.

In the modern world companies are monitored by Non Governmental Organisations (NGO’s), such as Greenpeace, for breaches in a variety of issues such as; pollution, corruption, human rights abuses etc. The NGO’s act as media savvy rapid reaction forces, rallying against perceived infringements of “good corporate citizenship”. Witness the problems that major oil companies, sportswear manufacturers, mining conglomerates and even fast food outlets have had when an NGO has mounted a publicity campaign against them.

In essence, a modern company in the 21st Century cannot ignore the realpolitik of conducting business in the international environment. It must be seen to have “clean hands”, otherwise its precious brand image will suffer.

Key components

A basic code of conduct should state the company’s commitment to:

1. Society (eg environmental issues, quality of service and products etc.)

2. Shareholders (eg providing a decent return on equity)

3. Employees (eg covering issues such as harassment, discrimination and quality of work)

The code should give clear guidelines as to the company’s attitude to, eg:

1. Integrity of records, ie the accounts should reflect economic reality; and not be the Chief Executive’s fantasy.

2. Bribes and commission payments, staff and executives should neither accept or offer these; as they pollute and corrupt the business decision making process.

3. Interests outside the company leading to potential conflicts of interest, staff and executives who, for example hold shares in competitors or suppliers, should declare their interest.

4. Respecting national and international law eg obeying tax laws; viz complex off balance sheet schemes to evade tax should be disassembled immediately.

Implementation

The above list represents a basic structure which, quite properly, should be tailored to the individual organisation. In order to effectuate this, a code of conduct committee (reporting to the board or audit committee) should be formed. This should consist of senior representatives from (note committees tend not to work effectively if there are more than 6 people on them, so keep it “tight”):

1. Internal audit

2. Human resources

3. Legal

The committee should act to ensure that the code is best suited to the company and the environment, both cultural and legal, in which it operates. The committee should ensure that the code is a “living document” and develops as the company’s circumstances change.

The code should explain that compliance by all members of staff, at all levels, is expected and that appropriate disciplinary proceedings will be taken if breaches are identified.

The code must be supported, and be seen to be supported, by the board. As such the Chief Executive (CEO) should distribute (to all members of staff, shareholders and other relevant parties) a signed letter introducing the code. I cannot overstress the importance of the principle that CEO’s and senior executives are seen to practice what they preach, ethical behaviour comes from the top (ex executives of Enron and WorldCom take note!).

Dissemination

The code should be distributed to all employees, shareholders and be freely available to other interested parties. The prime method of dissemination should be by hard copy booklets which, in the case of employees, should be signed for to ensure their acceptance and understanding of the code.

Additionally, the code should be available for public viewing on the Internet and be reproduced within the annual report.

In order to stimulate peoples understanding a casebook, taking real life examples of potential breaches, should be prepared and distributed to managers for team briefings and discussion groups. A discussion example being:

“You are the Finance Director of business unit X, your CEO sees that the profit target for the year end may not be reached; and asks you to release a provision so that the target can be met, and bonuses paid. What do you do?”

The ensuing discussion should ensure that it is clearly understood by all that the release of a provision, in order to meet a profit target, is not acceptable. It is a shame for the investors and employees of Enron and WorldCom that such ethical practices were not driven from the top down.

Ongoing Monitoring

I am a great believer in the principle of “what gets measured gets done”. To this end the following procedures should be set up to ensure that the code is complied with:

1. Compliance officers should be appointed at local business unit level, these should be the senior legal officer.

2. The compliance officers should maintain a log of breaches of the code identifying the nature of the breach, and the disciplinary action taken.

3. A regular summary of the log should be submitted to the code of conduct committee.

4. Internal Audit should be charged with the ongoing monitoring of compliance of the code.

5. A regular summary report on material breaches should be prepared by Internal Audit, and submitted to the audit committee and the code of conduct committee.

6. Specific codes of practice with regard to environmental and safety issues can be audited and reported on within the annual report, or indeed in a separate report available to investors and outside bodies.

7. A summary report on compliance with the code should be placed within the annual report.

Summary

To those companies that still have yet to implement the above my message is simple; “wake up and smell the coffee!”. Fail to implement these and you will cease to exist.

Monday, October 28, 2002

In Place of Strife

Over the last year to eighteen months the world’s stock markets have been tumbling and investor confidence is at a low point. Scandals, frauds and mismanagement are occurring in organisations as diverse as Enron, AIB, WorldCom, Marconi and Arthur Andersen have severely tested the credibility of companies reported figures and profit forecasts.

I would like to place in the public domain my views on how we found ourselves in this situation, and how companies may win back confidence. These opinions are derived from my experiences and observations whilst working for “blue chip” organisations, in the UK and internationally, both as an external auditor and internal auditor (holding positions ranging from junior trainee to Head of Internal Audit).

The meltdown in confidence arose for a number of reasons, I highlight the following as my personal top ten “chart busting” favourites:

 The Gordon Gekko mentality of “greed is good”, all credit to that most insightful film “Wall Street”; which has beguiled senior executives, investors and external auditors. Whilst the Western economies were growing and shares in both the US and London were enjoying an unparalleled bull market investors and others, such as non executive directors (who should have known better), did not question too publicly, if at all:

- the remuneration packages of senior executives

- the growth and investment strategies, most notably within the “tech sector” (Marconi’s cash burn and level of gearing being a prime example of senior executives’ egos overriding common sense and good business practice)

- the corporate governance arrangements (such as the composition and “independent pro activity” of the audit committee)

of the companies they were involved with. To me this Gekko beguilement is best summed up by a quote from Bernie Ebbers (ex CEO of WorldCom) when asked about low investor returns on capital. He replied “investors do not care if a company’s return is 6 or 60 percent. They only care if the share price goes up”.

His comment insightfully highlights the short term vision of investors, and unwittingly highlights many a senior executive’s contempt for them.

 Much like the emperor who was sold the invisible suit, once the magic spell is shown to be a sham the illusion cannot be recreated. Specifically, the emperor needs some real clothes! These will take time and genuine effort, measured by hard work not “sophisticated financial solutions” (such as complex off balance sheet arrangements whereby, for example, assets are held in the Cayman Islands and liabilities in Bermuda), to weave.

 Companies need to re-evaluate their method of remunerating senior executives. The practice of offering large levels of share options is all very well, in theory. However, it places a significant pressure on the executive to always talk the stock up, and in the case of the less honest to arrange for transactions and off balance sheet schemes that give a misleading picture as to the earnings and gearing of the company (Maxwell, Enron and WorldCom all being text book examples of this).

 Even the very act of awarding share options is suspect; as the remuneration committee, whose job it is to review the level of senior executive remuneration and determine if it is fair and reasonable, are not in a position of complete impartiality. After all, they are hired by the same executives (even if the appointments of the non executives, who make up the remuneration committees, are asked to be approved or rather “nodded through” by the shareholders) for whom they are reviewing the pay awards.

Sometimes investors start to “rattle the cage” and complain about the level of remuneration. However, even if they are successful in delaying or preventing a change, such as in the case of Marconi (in early 2001), by then it may be too late. Marconi is now consigned to penny share status.

 The external auditors do not escape unscathed from the stench of cronyism and greed that contaminates many board rooms. Following the mega mergers of the eighties, there are effectively four main players in the market (allowing for the implosion of Andersens). These firms audit the majority of the quoted companies in the US and UK. The freedom of choice is therefore limited, even if companies wished to shop around.

That is in itself wishful thinking on my part, many of the audit firms have held the same client for years, some for fifty years or more. The “comfort blanket” of familiarity, complacency and dislike of change has in effect lead to a stagnant audit market. The only area seen as offering growth potential by the big four is in the area of consultancy and “added value services”; sold by the big four with an almost evangelical fervour.

I spent a few weeks in Andersens’ spiritual home in St Charles (near Chicago) at the beginning of 2000 observing one of their audit courses. I even have a certificate to prove it! This was indeed an eye opening experience. The key objective of a client review, it would seem, was not to do a good audit but to sell in extra services. Now the spiritual centre acts as an outplacement centre for all those Andersens’ employees looking to sell themselves to a new employer.

In my view, a stagnant audit market is not good for the companies, investors or auditors.

 The relationship between the external auditor and client could, in my opinion, even be termed incestuous; many quoted companies hire staff and senior executives that were trained by their audit firms. This, to my view, creates the following risks:

- The arms length relationship between auditor and client is tarnished.

- Both auditor and client develop a blinkered approach to the operation of the business, and their attitude to the audit process itself. Namely, the auditor takes the point of view “this is the way the audit was done by the previous auditor who is now CFO, and so this is the way we do it now”. Whilst the business, having hired past auditors, have in effect taken in a pool of people who have not necessarily the optimum range of experience gained by working in other industries or companies required to stimulate new ideas.

- The “old boys’ club” exerts a powerful influence over both client and auditor not to rock the boat. Namely, the client will be reluctant to change auditor and the auditor may be reluctant to address concerns with respect to the business that he comes across during its review.

 Companies, in addition to using the services of external audit, more often than not have an internal audit department (even if this is just to pay lip service to Turnbull). The mission of which should be to provide the Board with independent assurance as to the quality of the business controls, and the adequacy of the risk management process. To enable the internal audit department to function independently its reporting line should be to an audit committee which should comprise a majority of non executive directors. Herein lies two problems:

- Internal audit departments often do not report only to the audit committee, but have a dual line to a senior executive (usually the CFO). This severely limits the independence of the department. It is indeed interesting to note that Cynthia Cooper (Head of Internal Audit at WorldCom) had to bypass her boss (the CFO) and go directly to the audit committee to report the discovery of the capital expenditure fraud.

- How independent, and competent, are the non executive directors? The shareholders in Marconi may be forgiven for thinking that there were no non executives working at Marconi during the period of the cash burn.

The effectiveness, and indeed raison d’ĂȘtre, of the internal audit department is effectively nullified by a dual reporting line and a non independent audit committee which does not proactively question the status quo and actions of the senior executives.

 A non executive, in my view, cannot exercise his or her fiduciary duty adequately if he or she has a string of executive positions (many hold half a dozen or more). How can an individual devote sufficient time to each company with such a spread of responsibilities?

 Even more disturbing, in my opinion, are those cases where non executives hold positions on the boards of companies for which they worked for many years in an operational capacity. Companies offer these positions as a sinecure for years of loyal service. The thin veil of independence is exposed to be a sham. Whilst the non executive may well understand the companies operations, he or she is in no position to think or act independently.

 At an even more basic level there are those non executives who, because of their age, are simply not up to the job; they have become inflexible, they do not understand the changing environment.

The solution to these ills, in my opinion, is as follows (note that none of these points is earth shattering, they are simple common sense):

 Open up the auditing profession to more competition by enforced rotation of external auditors every five years or so.

 Place an enforced period of suspension, of at least one year, between a senior manager or partner in an audit firm relinquishing a particular client and joining that self same client.

 Companies should limit share option schemes to only account for a maximum percentage (say ten percent) of an individual’s total remuneration. This proposal invariably receives the curt riposte from companies (or rather their senior executives) that in order to attract the best you must pay “top dollar”. Well my riposte to this goes as follows:

- It has been my experience to observe the careers of quite a number of senior executives at close quarters. Their careers tend to follow similar paths. They arrive at the organisation and in keeping with their egos, and position, they identify a number of areas that need to be improved; otherwise the organisation may well as they put it “cease to exist”. With much fanfare of corporate videos and “managed” change programmes the new mantra is disseminated to the employees. These change programmes/projects tend to be given a five year time span. However, one small problem; the executive tends only to stay in that position for two years (their ego and supercharged need to move on “to face new challenges” prevents them seeing the project through to completion). This scenario I call “two year managers for five year projects”. The long suffering employees and organisation then endure the whole process over again with another executive who decides to change the change programme. The result, an organisation constantly changing but going nowhere.

- The concept that if you pay “top dollar” you will get the best always amuses me. To my view all that a super charged salary and benefit package does is attract those with the largest egos and greediest personalities. They move on after a short period of time to the next role which offers even more money; having no thought, or loyalty, for the people or organisation they leave behind.

- Regarding the quality of management attracted by these packages; ask the shareholders of Marconi or Enron if they feel they were well served by the senior executives they were told were the best money could buy!

In short, if a senior executive starts to complain about his level of remuneration; then show him the door and help him on with his coat.

 The cost of the share option schemes should be taken immediately to the profit and loss account. “An expense is an expense, is an expense!”, no prevarication. This way it is clear to all the world exactly how expensive the senior executives are.

 Non executive directors should only be recruited from outside of the organisation.

 The remuneration of non executive directors should be increased, and the number of posts which they hold reduced (maximum three); to allow them to devote a more appropriate amount of their time to the company.

 Internal audit should report directly to the audit committee. The committee should consist of a majority of non executive directors who should be appointed in terms of the above. There should be no dotted line to other directors. Dual reporting lines, in my experience, weaken the independence and effectiveness of the internal audit function.

 The chairman of the audit committee should, like the senior partner from the external auditors, attend the AGM and be prepared to answer questions from the investors.

 The chairman of the audit committee should be given the formal right to address the AGM without hindrance from the Board.

 The annual report should contain a statement from the audit committee signed by the chairman of the audit committee.

 External auditors should not provide add on consultancy services to their audit clients.

 Companies should adopt a code of conduct outlining their attitude to ethical principles, covering core values such as:

- Honesty

- Trust

- Respect

- Fairness

The code should state the company’s commitment to:

- Society (eg environmental issues, quality of service and products etc.)

- Shareholders (eg providing a decent return on equity)

- Employees (eg covering issues such as harassment, discrimination and quality of work)

The code should give clear guidelines as to the company’s attitude to, eg:

- Integrity of records.

- Bribes and commission payments.

- Interests outside the company leading to potential conflicts of interest.

- Respecting national and international law (eg obeying tax laws; viz complex off balance sheet schemes to evade tax should be disassembled immediately).

The code should be distributed to all employees, shareholders and be freely available to other interested parties. Compliance with the code should be audited annually, and a report to this effect placed within the annual report (what gets measured gets done!).

Mark my words these changes will come eventually, so why not stop delaying and just let’s get on and implement them now!