| |
|||||||
![]() |
|||||||
| |
|||||||
|
|
|
|||||
The News pageSecurityfocus - Latest Vulnerabilities The Register - Management News Financial Director - Audit News Computer Weekley - IT Management News Computer Weekley - Security News
SecurityFocus - Security NewsNews: Change in Focus News: Twitter attacker had proper credentials News: PhotoDNA scans images for child abuse News: Conficker data highlights infected networks Brief: Google offers bounty on browser bugs Brief: Cyberattacks from U.S. "greatest concern" Brief: Microsoft patches as fraudsters target IE flaw Brief: Attack on IE 0-day refined by researchers News: Monster botnet held 800,000 people's details News: Google: 'no timetable' on China talks News: Latvian hacker tweets hard on banking whistle News: MS uses court order to take out Waledac botnet Infocus: Enterprise Intrusion Analysis, Part One Infocus: Responding to a Brute Force SSH Attack Infocus: Data Recovery on Linux and ext3 Infocus: WiMax: Just Another Security Challenge? Gunter Ollmann: Time to Squish SQL Injection Mark Rasch: Lazy Workers May Be Deemed Hackers Adam O'Donnell: The Scale of Security Mark Rasch: Hacker-Tool Law Still Does Little More rss feeds from SecurityFocus SecurityFocus - Latest VulnerabilitiesVuln: Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability Vuln: Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability Vuln: Linux Kernel KVM Multiple Privilege Escalation and Denial of Service Vulnerabilities Vuln: Linux Kernel KVM Segment Selector Loading Local Privilege Escalation Vulnerability Bugtraq: [USN-908-1] Apache vulnerabilities Bugtraq: [ MDVSA-2010:059 ] virtualbox Bugtraq: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities Bugtraq: Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability More rss feeds from SecurityFocus The Register Security NewsVuln: Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability Vuln: Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability Vuln: Linux Kernel KVM Multiple Privilege Escalation and Denial of Service Vulnerabilities Vuln: Linux Kernel KVM Segment Selector Loading Local Privilege Escalation Vulnerability Bugtraq: [USN-908-1] Apache vulnerabilities Bugtraq: [ MDVSA-2010:059 ] virtualbox Bugtraq: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities Bugtraq: Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability More rss feeds from SecurityFocus The Register Management NewsEmployers call for end to Mickey Mouse degrees Send fewer to uni, charge 'em moreA recruiters group is calling for an end to government targets to get 50 per cent of school leavers involved in higher education.? Tilera wins VC from Broadcom, Quanta, NTT Cash for homegrown multicoresLast November, El Reg told you about how multicore chip maker Tilera was lining up its third round of venture capital funding, a $25m pile of cash that would include $10m from Taiwanese PC maker and server wannabe Quanta Computer. On Monday, when the funding finally closed, it turned out that chip maker Broadcom and the financing arm of Japanese telco NTT are also kicking in some dough.? BSkyB yanks more cash from HP's hide Bad EDS deal gets worseIT giant Hewlett-Packard said on Friday after the markets closed on Wall Street that it had to knock off another £70m from its first quarter of fiscal 2010 ended in January to cover yet another interim payment to BSkyB relating to a lawsuit filed against EDS relating to the implementation of a customer relationship management suite at the broadcaster.? Another 36,000 US jobs lost in February Mixed bag for the IT sub-sectorsThe magic of numbers continued in the United States today, as the Department of Labor said the workforce in America shrank by 36,000 jobs in February, and yet the unemployment rate held steady at 9.7 per cent.? Netezza squeezes out Q4 growth Self-styled Oracle beaterData warehousing and analytics appliance maker Netezza has closed out its fiscal 2010, and like many hardware and software vendors in the IT racket, the company's profits took a hit. Unlike many hardware suppliers, Netezza actually managed to get a tiny bump in sales in the quarter and for the year, despite the economic meltdown.? Intel pitches Atom storage platform It ain't Xeon X86 but it's cheaperIntel is pitching an Atom processor platform for storage boxes in home networks and small office/home office applications.? Microsoft expects to flog But COO admits business spending may remain 'conservative'Microsoft?s chief operating officer, Kevin Turner, claimed yesterday that the software vendor would sell Ofcom wades into UK 'Net Neutrality' row BBC tech boss says web is 'primary outlet for future Beeb content'. What's that now?Ofcom has reportedly warned broadband providers that it plans to probe how they manage their web traffic and give ?preferential? treatment to some media owners.? On enterprise networking and administration Is anyone actively doing anything?There are some things in life that everyone just expects to function, almost without thought. You switch on the light, there will be electricity available; you turn the tap and water will flow; you pick up the phone, there will be a dial tone. Over the course of the last decade, much to the surprise of many who have long toiled in the industry, users now expect most, if not all, IT services to be similarly available whenever and wherever the need, or the whim, strikes.? Acer predicts end of cheap PC era Consumers get bitten in the ASPPC buyers, especially small businesses, should get used to paying more for their kit, after Acer predicted that ASPs would rise this year, for practically the first time in PC industry history.? Yahoo! chief! produces! magician's! hat! on! 15th! birthday! Still praying for rabbits and sparkly dust in Apple-wannabe-comebackYahoo! boss Carol Bartz popped a few champagne corks with reporters yesterday to celebrate the struggling web firm?s 15th birthday, and at the same time admitted that a turnaround could take years.? Microsoft claims 90m sales of Windows 7 'Fastest selling OS in history', apparentlyMicrosoft claimed yesterday that it had sold 90 million copies of Windows 7 since it hit manufacturers in July 2009.? German geeks invade Australia Still space for Brit techies, says Aussie senatorCebit Germany's top techie research house the Fraunhofer institute has turned its remorseless gaze onto Australia for one of its first joint research projects outside of Europe and the US.? Intel: Just 3,000 employees run Windows 7 And you should bin 4 year old PCsCebit Intel's CIO showed why it might take a while for Microsoft to make much of a dent in the XP-installed base yesterday as she urged the world to scrap any kit more than four years old.? IT jobs jump shows hope for UK economy Redundancy fears remainUK workers still fear losing their jobs even though survey data is starting to show an improvement in both permanent and temporary positions.? Force10 Networks files for IPO 10 Gigabit yields 143.8 megabucksCisco Systems doesn't own the networking market. It just thinks it does. In reality, Cisco's shareholders have a large piece of the networking racket, but there is plenty of room left over for other players to get at the trough. And today, Force10 Networks - one of the up-and-coming 10 Gigabit Ethernet networking providers that is not yet making money even as it is making sales - said it is taking an empty wheelbarrow down to Wall Street to get some cash and bring it back to San Jose.? Hedge fund offers $1bn for Novell Private partsWell, here's another potential acquisition that might slip through IBM's hands. New York-based hedge fund Elliott Associates sent a letter to the board of directors of Novell today after the market closed, offering the company $5.75 per share to take the company private.? Android app brings in $13K a month It's not just iPhone developers who get richOne Android developer is earning more than $400 a day from his find-your-car application, proving it's not just Apple fans who'll pay for basic apps.? Google borgs online photo editor Let's have a PicnikGoogle has acquired Picnik, a 20-person startup offering a web-based photo editing service.? SCO's Linux litigation architect angles for SCO's mobile biz Former CEO strikes backDesperate to fund its seemingly-endless legal battle for Unix copyrights against Novell and others, SCO Group has found someone willing to buy the bankrupt company's mobile assets - and it's none other than Darl McBride, the former SCO chief executive sacked as a result of his ruinous crusade to claim Unix.? Offloading malware protection to the cloud PayPal India hits reboot with bank withdrawals Personal payments remain suspendedPayPal confirmed late last week that the Reserve Bank of India had given it the go ahead to restart bank withdrawals in the country for settlements for exports of goods and services.? Microsoft spits out 'browser choice' update to appease EC antitrust probe Surf's up as Google, Apple, Mozilla wash ashore in WindowsMicrosoft will begin asking European Union citizens which web browser they wish to use on Windows-based computers from today.? Freebie BlackBerry bonanza kicks off Host your own BES for nowtBES Express launches today, offering free software for those who want to host their own BlackBerry servers but lack the budget to do so.? Forgot your ThinkPad password? Get new hardware Lenovo merciless on memory lossUsers of Lenovo ThinkPad laptops may be in for a nasty surprise if they forget their main (supervisor) hard drive password.? Biz services holding back recovery CBI bets on slow bounceBusiness and professional services are recovering much more slowly than consumer services although both sections of the economy expect some growth in the next three months.? Apple uncovers child workers in its plants iPod, iPhone, and Mac makers quizzedApple has found children were hired to help build some of its products, with one employer in its Mac, iPod and iPhone supply chain falsifying records.? Web threats: Why conventional protection doesn't work eBay Germany faces PayPal probe Ich nichten lichteneBay Germany is being investigated by competition authorities concerned that its tying of PayPal to certain eBay purchases is in breach of consumer law.? Jobs: I'll decide what to do with Apple's $40bn cash pile Smaug, Marner, Croesus? They never invented the iPhoneSteve Jobs has told shareholders not to complain about the Mac maker's $40bn and growing cash mountain as he could decide to do something interesting with it at any time.? Fujitsu strike is off Concessions on pay and pensions end four month strikeFujitsu and the Unite union have agreed terms to end the planned strike at the services giant.? NatWest suffers calamitous online banking breakdown But flack insists system never actually died on arseNatWest customers struggled to access the company's online banking, ATMs, telephone and even branch systems in the past few hours, after it was hit by a unspecified "technical issue" this morning.? Mandy accused of screwing small biz Giving more money to Google not good for Brits, is it?Web design and consultancy firms have reacted with outrage to Lord Mandelson's latest attempt to get more British small businesses online.? IBM offers voluntary redundo - two days into 'consultation' Well, you don't hang about do youIBM is offering staff voluntary redundancy just two days into the consultation period.? More workers poisoned by supplier for Apple, Nokia Nokia responds. Apple doesn'tThe Taiwanese company that provides displays and electronic components for Apple, Nokia, and others has admitted that more employees than previously reported have been poisoned by an industrial chemical used in its manufacturing facilities.? Offloading malware protection to the cloud Novell: Linux finally breaks even An open source milestoneWell, that only took six years and change.? EMC shuffles Ionix to VMware Welcome to the real worldEMC is keeping up appearances that its VMware subsidiary is still a separate company. Today, it transferred a number of system management products that were part of its evolving Ionix brand to VMware for $200m in cash.? HP slices up services for small biz Easily digestibleHP is bringing new support and datacentre analysis services to small and medium business (SMB) customers, as well as packaging up services in cheaper lumps for the channel to sell to such customers.? Capita shares hit despite decent sales Public sector outsourcer still making cashPublic sector outsourcer Capita watched its shares fall just over four per cent this morning despite the company reporting a pretty decent set of results.? Pocketgear, Handango join to create app store giant Only Apple and Google now tower over new merged beastIndependent application stores are usually overshadowed by the vendor-owned ones, but two of them have merged to create a mobile storefront that is larger than any of them, except the Apple App Store and Android Market.? EC sharpens long Google probe Three complaints under investigationThe European Commission is investigating Google to see if it has broken competition and anti-trust laws.? Juniper dangles $50m carrot over Junos Come all ye partnersJuniper Networks is dangling a $50 million venture capital carrot over startups willing to focus on building software and applications for the Junos operating system.? Wal-Mart buys internet TV biz Who do you Vudu?Worldwide retail giant Wal-Mart is buying its way into the rapidly expanding sphere of on-demand, internet-based television.? Intel and friends in $3.5bn tech stimulation Self-proclaimed heroes of the IT peopleAt a speech delivered at the Brookings Institution in Washington, DC, this morning, Intel's president and chief executive officer Paul Otellini said that the chip maker was spearheading a $3.5bn investment by itself and venture and established tech companies to cultivate new tech companies and thereby create jobs.? Dell's order status website wobbles at knees 'Your information does not match, please try again'Updated Dell customers hoping to check when their newly-purchased computer will be shipped are complaining about errors on the vendor's order status website.? Server makers end 2009 on a Pumping X64 ironComment Now that Hewlett-Packard and Dell have reported their latest quarterly results, it seems like a good time to do a post mortem on the economic downturn and its effects on server sales for the Big Three: IBM, HP, and Dell.? Google unveils one ad server to rule them all Combines DoubleClick, native ad managerGoogle has unveiled a new ad serving platform for internet publishers, merging the platform it acquired from DoubleClick in 2008 with its native Google Ad Manager.? Web threats: Why conventional protection doesn't work CollabNet chews up scrum dev house Danube Technologies down the hatchCollabNet is stuffing scrum into its web-hosted development arsenal with the purchase of Danube Technologies, a maker of scrum-based project management software.? Infosec job prospects recover after credit-crunch slide Trebles all round, especially for ID management expertsThe information security recruitment market is beginning to recover, after problems with the wider economy pushed job prospects and salaries down to a record low last summer, according to a new UK-focused salary survey.? The myth of Britain's manufacturing decline It's all built in China now - except the clever stuffComment Woe unto us for we don't make anything any more. We've given up on manufacturing and that's what ails the UK economy. We must therefore invest heavily in a renaissance of making things that we can drop on our feet and all will be right with the world.? Mixed messages for UK small biz Recession, isn't it?The British economy is showing some signs of recovery, but January's fall in retail sales is a sign that any recovery is weak and still needs help from government and low interest rates.? Cray swings profit on Q4 revenue dive Thanks, Uncle SamSupercomputer maker Cray finished out 2009 better than many might have expected it to do, reversing to a modest $3m profit on a 43 per cent revenue decline to $88.3m in the fourth quarter ended in December.? Financial Director - Audit NewsRegulator consults on code Neil Hodge, Financial Director, Saturday 19 December 2009 at 10:00:00 Director accountability and risk management under greater scrutiny as the FRC begins consultation on reform The Financial Reporting Council (FRC), the UK?s corporate
reporting regulator, has launched a consultation on its proposals to reform the
UK?s Combined Code on Corporate Governance in the wake of the current financial
crisis. While the FRC has not found evidence of serious failings in the governance of
British business outside the banking sector, it believes that the proposed
changes to the Code are ?sensible improvements? that would benefit governance in
all major businesses. The new Code ? which will be renamed ?The UK Corporate
Governance Code? to avoid confusion among overseas investors ? will also apply
to foreign companies operating in the UK if they apply for premium-listed status
only available to equity securities issued by trading companies, closed or
open-ended investment equities. The main proposals put forward by the FRC are; In line with Sir David Walker?s report on the corporate governance of banks
and financial institutions, the FRC has proposed a number of other changes to
the code extending its remit, including: In addition, the FRC may propose limited changes to its existing guidance to
audit committees, depending on the outcome of work being undertaken by the FRC?s
Auditing Practices Board on the provision of non-audit services and audit
partner rotation. Well received Margaret Cassidy, director of corporate governance at PricewaterhouseCoopers,
says the FRC ?has introduced a welcome change to the focus of the code, away
from the box-ticking approach driven by provisions to a more thoughtful one
centred around enhanced principles.? She adds that the proposals ?cast a spotlight on the pivotal role of the
chairman, whose leadership style can be expected to come under greater challenge
from investors in future. In addition, greater clarity around the board?s
responsibility for risk management should lead to a more rigorous application of
the existing Turnbull guidance for directors on internal controls.? Richard Wilson, audit partner and leader of the independent director
programme at Ernst & Young, says he very much welcomes the introduction of a
Stewardship Code, which he believes ?should help to improve further the
engagement of shareholders in influencing the governance of companies?. Peter Montagnon, director of investment affairs at the Association of British
Insurers, says the proposed amendments ?highlight some important issues,
including director accountability, board evaluation and risk management?.
However, he adds that the institutional investor ?has expressed reservation
about the annual election of chairmen alone, because this can be too-blunt an
instrument.? Consultation on the draft revised Code ends on 5 March 2010. Subject to the
outcome of consultation and the necessary changes to the London Stock Exchange
Listing Rules, the FRC intends that the revised Code should apply to all listed
companies with a premium listing for financial years beginning on or after 29
June 2010. Useful links Responses to the consultation on the draft revised code are requested by 5
March 2010 and should be sent to codereview@frc.org.uk Accounting ? Letter of intent: Don't blame the auditors Peter Williams, Financial Director, Monday 23 March 2009 at 18:30:00 An open letter to Treasury Select Committee chairman John McFall says auditors aren?t to blame for the crisis Dear John, In investigating the banking crisis from every angle, you have called many
eminent witnesses, including representatives of the auditing profession. They
will forgive the comment, but they are all from the Establishment, so it may
benefit the Committee to hear from a different perspective: that of
Financial Director, whose editors and journalists have, for the last 25
years, been commenting on, inter alia, financial reporting and auditing
issues. You will have established that this banking crisis was not spawned primarily
by an auditing crisis, though weaknesses in the system of auditing, regulation
and supervision exacerbated the problems caused by your favourite people, the
bankers. You will also have established that banks are incredibly complicated
organisations, both in sheer size and by way of the many different businesses
and business models existing behind the façade further complicated by the lack
of business model homogeneity in the sector. Auditors are expected to get their
heads around the business and pass opinion? well, on what, exactly? Re-reading the evidence from your audit panel session, perhaps you may have
felt somewhat frustrated by the lectures you got on what audit was and was not
designed to do, roles, you are told, laid down by parliament. This is defensive
and unhelpful. Forget the talk of watchdogs and bloodhounds: in essence,
auditors have one definite role and one possible one. The definite ?do it now?
role is to comment on the financial report at a particular moment in time. This
brings its own problems: you try valuing complex derivative products. The other
possible role for a statutory audit is to see whether a bank has enough capital
and reserves to see it through a financial or economic shock. But it is, as you
may have gathered, not a burden the auditors want to shoulder. They believe it
is the work of the board or the regulator. Why do auditors fight shy of
extending their remit? Well, one part of a bank may have 10,000 models for
100,000 transactions. At the moment, auditors look at the bank systems and controls and how they
generate the model. In other words, the audit is about the reliability of the
processes rather than whether individual models are giving the right answer. To
go to this level of detail you would have to increase the audit resource several
fold. Moreover, while ?going concern? may look at particular funding questions,
concerns about future risk do not currently lie within the auditor?s remit. Another intractable problem you should be aware of is the scarcity of bank
auditors. The best of them probably number only hundreds across the globe. The
idea that one can just magically conjure up bank auditors is fanciful, made
worse by the size and scale of multinational banks, meaning that audit work is,
in reality, the sole preserve of the Big Four. Conflicts of interest abound and
if one of their number collapsed, it would render bank sector auditing near
impossible. Even allowing for this difficult backdrop, given the scale of the crisis, the
audit profession can and should help. Your Committee could ask government to
engage the Financial Reporting Council to take the lead on examining key aspects
of bank auditing and involve external stakeholders such as bankers, regulators
and investors. There is an obvious agenda in the working group. The first task should be to
start reviewing the Auditing Practices Board?s practice note 19, on the audit of
banks and building societies in the UK. Updating may not be possible yet, but it
will have to happen. The FRC should work with the Bank of England and the
Financial Services Authority to review the relationship between auditors,
regulators and banks to ensure there are no gaps in regulation and that auditors
have the freedom they need to express their views and concerns on banking
clients. The FRC?s Audit Inspection Unit should re-examine all the audit files of the
banks to ensure the work is of sufficient quality, relevance and consistency.
Finally, the Financial Reporting Review Panel is examining the banking sector as
a priority, but explicitly, they should review all banks? accounts, no sampling
here. You may want to ask them to furnish you with a report before your inquiry
ends later this year, focusing on the requirements for companies to comply with
the business review, where the Companies Act 2006 has introduced two important
changes. The review is now meant to help shareholders assess how the directors
have performed their statutory duty to promote the company?s success. All
business reviews must contain a description of the principal risks and
uncertainties facing the company. Business reviews are required to refer to the
main trends and factors likely to affect the future development and performance
of the company: banks should be doing this, too. That?s a substantial and important to-do list for starters, which the
auditing profession should be encouraged to adopt. Yours in hope, Peter Williams HMRC audits fail importers Neil Hodge, Financial Director, Monday 24 November 2008 at 15:30:00 Attempts to reduce bureaucracy on importing goods has left importers facing uncertainty and potential financial loss The UK?s spending watchdog has found that British import businesses are
worried HM Revenue and Customs? attempt to ease some of the administrative
burden on shipping and receiving goods could potentially put them at financial
risk. In its report
The
Control and Facilitation of Imports, the
National
Audit Office (NAO) found that by reducing the number of audits and
inspections it does, HMRC may not only be miscalculating tax revenue, but also
putting importers at risk because they could be liable to pay back taxes at a
future date for filing incorrect reports. While HMRC?s strategy to limit the number of checks carried out at the border
has brought benefits, it has also brought some uncertainty about whether they
are paying the right amount of tax and duty, and the risk of sizeable back duty
demands if they make a mistake. Error count It is an area of real concern. The NAO found these businesses welcome audits
because they provide some assurance they are correctly complying with their
obligations. But feedback suggests they view this as an area where HMRC does not
perform strongly. One of the main criticisms raised is importers find it
frustrating to take assurance from a successful audit only for errors to be
discovered in subsequent audits and back duty demands issued. Such faults are partly a result of how the responsibility for managing
customs activity is divided among various directorates and that international
trade is a minor function for most of them. The NAO found that accountability
and reporting lines are blurred and that there is limited control of the
end-to-end process. Importers also find the burden of audit increases when customs staff lack an
understanding of the industry sector and the skills and knowledge appropriate to
carry out an efficient and effective audit. Increased bureaucracy and changing
regulations are also causing headaches for traders, as well as costing them
money. Big Four auditor
KPMG
estimates that the administrative burden for UK business of complying with
customs regulations is about £800m. As part of their normal business, traders carry out their own checks, and may
discover under or over payments. But under EU legislation, traders have to
correct errors on an entry-by-entry basis, so they have to submit separate
schedules for under and over payments rather than a single schedule. HMRC has
initiated discussions with the European Commission to allow a single schedule.
There are differences in the processes for correcting under-and over-payments,
hence importers regard applying for repayments as one of the more onerous areas.
Descriptions of goods can also be a source of frustration. Currently, for
each import, traders have to complete a declaration including classifying the
goods by commodity code. Every commodity has a unique ten digit code based on
its description and composition which determines the duty rate and any
restrictions; at present there are some 16,000 commodity codes. But classifying goods can be difficult because one item may potentially come
under more than one code. For example, a trader applied to HMRC for a commodity
code for an Easter snow globe made of glass with a polyresin base, containing a
depiction of bunnies and spring and playing music. HMRC considered that it could
fall under four categories (including the definition of a ?glass? item and a
?festive item?) and the issue was sent to the EU for clarification. This all
takes time. Speeding up processes Customs also operate a number of EU duty relief and suspension regimes which
allow these businesses to take advantage of reduced rates of duty or defer
payment of duty. There are 12 main regimes in operation, but the NAO found that
because of their complexity, it can be difficult for traders to identify the
appropriate regime. They also complain it is difficult to find complete
information about how to comply with the requirements of the regimes. In January 2008, the EU introduced a new initiative called
Authorised
Economic Operator (AEO). Traders can obtain AEO status after the
completion of a full audit to show their systems and processes meet certain
security standards. This will entitle them to speedier clearance at the border.
But there are concerns that the audits are resource intensive for the trader
and that the benefits in obtaining AEO status minimal. They have also raised concerns that HMRC does not have adequate resources to
carry out audits to the level required by the EU, which means they could
potentially face financial penalties for non-compliance. As of April 2008, fewer
than 100 import businesses had applied against HMRC?s predictions of 2,000
during 2008-09. Fed up Melanie Stern, Financial Director, Thursday 31 January 2008 at 00:00:00 This month: Fed rate slash; Northern Rock bail-out; predictions of US recession, and more... US Federal Reserve chairman Ben Bernanke announced a 75 basis points cut in
interest rates to 3.5% on 22 January. Commentators were shocked by the Fed?s reaction, unprecedented for coming a
week ahead of the scheduled rate-setting meet, and because the last time it made
emergency cuts was in the days following the 9/11 attacks. Moreover, it has been
26 years since such a big cut. The Fed pointed to tightening credit markets, a housing slump and rising
unemployment but no one was left in doubt as to what the message was: that
recession is too close for comfort. Bank of England Governor Mervyn King, speaking at an Institute of Directors
dinner in Bristol the evening the Fed made the cuts, indicated no copycat move
from the BoE and said that he thought it was the job of the markets to correct
themselves, not central banks. But we?ll soon see if the UK follows the US off
the contagion cliff. Con Bonds? Davos doom Eastern promise Fitch likes Fair Enron evils Beyond pensions TECHNICAL UPDATE The House of Lords ruled that the three-year time bar on Condé Nast?s
underclaimed VAT should be disallowed under EU law. The Law Lords said that the
1995 UK time limit regulations had been introduced without transitional
arrangements. DLA Piper tax disputes partner Hartley Foster says that, as total
claims from other litigants against HM Revenue & Customs may amount to £1bn,
the government is likely to act swiftly. Taxpayers now have ?a small window of
opportunity? to submit claims to HMRC. Listing rules In proportion Sarah Perrin, Financial Director, Thursday 31 January 2008 at 00:00:00 Any company that tries to agree an auditor liability cap that is based on any formula other than proportionality may find it has bitten off more than it can chew, if it can?t get buy-in from shareholders Official guidance is currently being developed to help companies and their
auditors contractually agree a degree of limited auditor liability. However,
institutional investor groups have made it clear that, for listed companies at
least, one of the options included in the draft guidance will not be deemed
acceptable. The draft guidance in question has been developed by the Financial Reporting
Council and is based on the Companies Act 2006, which makes it possible for
contractual agreements to limit auditor liability to be entered into from April
this year. It explains that there are a number of options available for
companies and auditors: Investor dissent The ABI is not alone in its views. The National Association of Pension Funds?
voting guideline, issued in November 2007, says: ?Investors should consider
voting against resolutions which propose any form of liability limitation other
than proportional liability unless there are compelling reasons why that is not
appropriate?? Michael McKersie, the ABI?s assistant director of investment affairs,
stresses that his organisation does not oppose reform of joint and several
liability. ?Joint and several causes difficulties for those with deep pockets,
such as auditors,? he says. However, it does oppose the fixed monetary cap
option. ?A fixed cap will bear little or no relation to the damage that could
potentially be done by auditors,? McKersie says. ?It is an arbitrary amount. But
we are happy to contemplate proportionality. Proportionality is the right
conceptual approach, though it is quite complex.? The audit profession appears to accept that proportionate liability will be
the option that works in practice, at least for listed companies. ?When a
company has to put a resolution to its shareholders, if it knows a fixed cap
will be turned down and proportionality accepted, that?s the way it will work,?
says Ernst & Young partner Gerald Russell. ?The legislation has allowed caps
because not all companies are the same. Ernst & Young agreed a cap with its
own auditors a long time ago. But I think with big listed companies, caps are
unlikely to prevail.? Far from ideal However, mid-tier firms seem likely to oppose fixed caps. This is because
they would probably be unable to agree caps as large as those agreed by Big Four
auditors, thus making themselves potentially less attractive to clients. Jeremy Newman, managing partner at BDO, is opposed to fixed monetary caps. He
feels that most interested parties accept agreements based on proportionality as
the way forward. He would like the FRC?s final guidance to give a clear steer on
the types of agreement that would be most appropriate for particular situations
or clients. ?You would hear applause from the investment community, major
accounting firms and I think from corporates, because they would be clear what
was regarded as acceptable practice,? he says. ?There is a danger that given
ambiguous guidance, people will be scared to do anything.? A consensus does seem to be emerging that the FRC?s final guidance should
come out in favour of proportionality as the preferred basis for agreements
between listed companies and their auditors. The ABI?s McKersie says, ?All interested parties, certainly in the area we
look at quoted companies would welcome a clear indication that a
proportionate approach is deemed to be the acceptable basis that companies can
reasonably rely on shareholders supporting.? E&Y?s Russell agrees: ?If we know that institutional shareholders are
only going for one option [for plcs], then it would be better to have one
option. It will save endless individual negotiation if everybody can just pick
up the suggested agreement.? Accounting: Playing low-ball Peter Williams, Financial Director, Thursday 12 July 2007 at 00:00:00 The Big Four have a stranglehold over the audit market and it?s a position they are not about to relinquish easily The Big Four say they welcome the idea of more audit choice for large
companies. But do they mean what they say? After all, the concept of greater
audit choice for big business implies that the top firms would lose audits,
market share and profit. In this debate, the subject of low-balling has always been the elephant in
the corner: something that is really obvious, but which is never properly
discussed. The ultimate purpose of predatory pricing is to sell goods or
services at artificially low prices with the intent of driving competitors out
of the market, or to create a barrier to entry into the market for potential new
competitors. If other firms cannot sustain equal or lower prices without losing
money, they go out of business. The predatory pricer then has fewer competitors
or even a monopoly, allowing it to raise prices above the level that the market
would otherwise bear. Audit choice and low-balling are two sides of the same
coin. It is not in the interest of any of the major players to want to open up the
question of predatory pricing. The Big Four audit firms don?t want to discuss
it, nor do finance directors. So the audit trail on low-balling goes cold. While
some accept low-balling as an absolute fact of life, others deny that it ever
happens. Certainly, the documented evidence on low-balling is rare, but every few
years there is a low-balling tale or accusation from someone who ought to know.
And this keeps alive the idea that absence of evidence does not equate to
evidence of absence. The latest explosion came from Jeremy Newman, managing
partner of BDO Stoy Hayward, who is leading a sustained assault on the Big Four.
A clearly exasperated Newman has put into the public domain the story of a due
diligence job for which his firm quoted. Despite the fact that the maximum fee
level that BDO Stoy Hayward asked for was a third of the initial price of the
company?s auditors, the work eventually ended up being performed by the i
ncumbent for around 10% more than BDO Stoy Hayward?s top quote. It is tempting to dismiss the tale as an example of a canny finance director
using a different supplier as a stick with which to beat the incumbent ? and
presumably favoured auditor ? into providing the service at a more reasonable
price. Or is it, as Newman suggests, predatory pricing designed to force out his
firm from competing in certain segments of the marketplace? Significantly,
Newman also claims that the Big Four firms are increasingly targeting the
clients of BDO Stoy Hayward ? and presumably the other second-tier firms ? by
promising significantly reduced fees, which the incumbent is forced to at least
match, or risk losing the work. Even smaller independent firms feel the threat
of low-balling. These independents find their biggest clients ? significant
private companies, but not quoted entities ? are regularly targeted by the Big
Four. One way in which the incidence of low-balling could decrease would be if
clients made it clear that being the auditor gave a professional firm no
advantage when it came to bidding and winning other work. The downside of that
step is, why should FDs bother? It?s convenient to work with professionals who
know about your business and can swiftly start to do the task required of them.
The BDO complaint on low-balling has to be seen in the wider context of the
overall trends in the audit market. Jeremy Newman chose to release his tale
about low-balling at the time that the Financial Reporting Council ? among other
roles, the UK?s audit regulator ? is consulting on audit concentration (see
www.financialdirector.co.uk).
Part of the recommendations of the Market Participants Group should have an
impact on the possibility of low-balling. For instance, the recommendation that
audit firms disclose the financial results of their work on statutory audits and
directly related services on a comparable basis should ensure relevant
information emerges over time about audit firms? current pricing policies. In
particular, this may start to illuminate the issue of cross-subsidisation of
audit services by non-audit services. The Association of British Insurers
suggested to the FRC at the start of its consultation on audit choice in 2006
that there is a risk that large firms, which can afford to sustain such
subsidies, can use this device to create a barrier to entry by smaller firms.
While companies and shareholders don?t want to be overcharged for poor-quality
audit services, the ABI described it as ?simple common sense? that a fair price
for audit is a prerequisite for the maintenance of both choice and quality. The question at the heart of the debate on increasing choice in the audit
market is how hard the Big Four firms are prepared to fight to hold on to the
market share they have carefully gathered over the years, both through merger
and through organic development. All the evidence suggests the answer to that
question is easy: very hard indeed. 'Fourget' choice Sarah Perrin, Financial Director, Thursday 31 May 2007 at 00:00:00 Despite attempts to promote choice and competition, the Big Four still has a stranglehold on the audit market Auditing is back on the agenda, though this time not because of a major audit
failure or the collapse of a Big Four firm. Not yet, anyway. But recent
proposals to encourage more competition for large company audits, increased
auditor liability and revisions to international auditing standards could all
have an impact on the market for business assurance services. The debate about how to improve audit choice for larger companies rumbles on,
most recently stimulated by another report issued under the auspices of the
Financial Reporting Panel. The interim recommendations of the FRC?s Market
Participants Group form a package of suggestions directed at regulators,
accountancy firms, investor groups and companies. For example, companies, it is
suggested, could be required to give more information to shareholders on the
auditor reselection process. Similarly, boards could be forced to disclose any
contractual obligations to appoint certain types of audit firms. Same difference Although not very concerned about the restricted choice of auditors for large
companies, Everett says: ?The root of our concern is that the current situation
doesn?t give audit firm incumbents a particularly good incentive to improve
services, innovate or improve quality.? Friends Provident?s audit choice is
essentially limited to the Big Four. ?It?s a very specialised area of audit and
the skills to do that are concentrated in the Big Four,? Everett says. ?It would
take a bold move for the mid-tier to invest in these skills.? Nevertheless, Everett believes large companies can make effective use of
mid-tier firms ? if those firms promote themselves properly. ?Speaking from
previous experience, in a different organisation we used a mid-tier firm for
some specialised gap filling within our finance function and that was working
extremely well. There are things firms could do for bigger companies, and that
way they could gain their confidence and build up relationships.? he says. The lack of global presence remains a major stumbling block for mid-sized
firms which want to audit large companies. ?We have had approaches from some of
the mid-tier firms suggesting they can provide services,? says Ken Lever, FD of
Tomkins. ?The problem is that they don?t have the global reach of the major
firms.? That said, Lever is sceptical about the truly global nature of the
services offered even by the Big Four. ?I think the only firm that did operate
truly internationally was Andersen,? he says. Lever also suggests that the quality of personnel in firms outside the Big
Four may be more variable. ?They do have some very good quality people, but the
consistency of quality across these firms tends not to be as great as in the
larger firms,? he says. Like Everett, Lever suggests mid-tier firms could provide specialist services
to large companies. ?They might look to concentrate on providing internal audit
or Sarbanes-Oxley services,? he says, ?but they would have to buy in that
resource.? Perceived quality If there are some lingering perceptions that quality may be better in the Big
Four firms, Trevor Dighton, CFO at Group 4 Securicor, would challenge that.
Baker Tilly used to be Securicor?s auditors, before it merged with Group 4. ?We
were large for them in client terms, and we got a very good service,? Dighton
says. ?The level of service and attention to detail you get from the second tier
could conceivably be better than from a large firm.? Now Group 4 Securicor is audited by KPMG, which Dighton says is ?great?.
During the tender process which KPMG won, all Big Four firms and Baker Tilly
were invited to compete. However, in future Dighton suspects that the choice may
be limited to the Big Four. ?We do have a very broad international footprint,?
he says. ?We are in 100 countries.? Dighton finds it hard to see how the second
tier can close the gap in the near future, whether by organic growth or merger.
?There?s such a big gap between number five and number four,? he says. Audit fees Fees have gone up, driven partly by the change to International Financial
Reporting Standards. Unfortunately for FDs, some further fee rises may be on the
horizon if Ernst & Young?s fears about the impact of the new criminal
liability risk facing auditors are realised. Under the recent Companies Act it
becomes an offence for auditors if they ?knowingly or recklessly cause a report
to include any matter which is misleading, false or deceptive in a material
particular?. As Gerald Russell, a senior partner at E&Y, points out, the term ?reckl
essly? is not that well understood in law. ?We are worried this has the effect
of criminalising negligence,? he says. ?It may make auditors become more
circumspect, which may mean they have to spend more time on certain areas.
Auditors faced with criminal sanctions will spend a lot of time on the minutiae
of accounts, and time is money.? Even now, with the reams of disclosure required
under IFRS, auditors are having to spend more time on such detail and less time
on considering the business itself. ?More time is being spent on the accounts
package, rather than kicking the tyres,? Russell says. Separately, it is unclear whether revisions currently being made to
International Standards on Auditing (ISAs) as part of the International Auditing
and Assurance Standards Board?s clarity and improvements project might also
translate into higher audit fees ? or at least auditors trying to negotiate fees
up. What is clear is that the future clarified ISAs will be more specific than
their predecessors that have already been adopted in the UK. Although the UK?s
Auditing Practices Board has been trying hard to stem the tide of rule-based
standards, there is only so much one body can do in an international context.
Securities regulators internationally appear to support greater specification in
ISAs. What happens for the UK?s auditors depends on the European Commission?s
endorsement ? or otherwise ? of the clarified ISAs. With the IAASB around
half-way through its clarity project and aiming to finish by 2008, this is
something for auditors, and their clients, to keep an eye on for the future. FDs on their auditors Respondents to our survey came from across British industry ? from businesse
s with turnover of less than £25m up to those with turnover in excess of £1bn.
Nearly half said they were audited by a Big Four firm, while about a third are
audited by a mid-sized/national firm. On almost every issue, companies that are Big Four clients scored their
auditors lower than did those who use mid-sized or local firms. When asked,
'What value do you attach to the audit over and above compliance with statutory
requirements??, 60% scored their auditors at five out of 10 or less ? and that
figure rose to 69% for Big Four clients. The responses almost exactly mirror the results we found when we conducted a
similar survey in 1999 ? and in some cases, companies are even more disenchanted
with their auditors than they were eight years ago. Back then, for example, the single biggest gripe among clients of the then
Big Five was the quality of junior staff: 51% of them cited this as a problem
they had with their auditors. Today, 55% of the Big Four clients make the same
complaint. But fees have leapfrogged up the table of complaints: in 1999, 44% of all
companies and 42% of Big Five clients had problems with their auditors' fees;
today, 54% of all companies and 61% of Big Four clients cite fees as problem.
One consolation for auditors is that quality of service is less of an issue,
though still around a third of respondents today are unhappy with the service
provided by their auditors. ?I'm not sure I would use 'service' and 'auditors'
in the same sentence,? said one FD. ?Auditors often talk about adding value to
my business, in reality they are an inconvenience and have so little commercial
understanding that they cannot hope to offer me anything extra,? said another
FD. The full survey report will be available soon. To receive a copy, send an
email with the words "Audit survey" in the subject field and your name, company
and job title to editor@financialdirector.co.uk and it will be sent to you as
soon as it becomes available. Search to quantify quality Peter Williams, Financial Director, Thursday 4 January 2007 at 00:00:00 If the FRC wants to ensure audit quality, it must first define a standard against which performance can be assessed The Financial Reporting Council (FRC) is on a mission to discover whether the
quality of audits is being maintained and improved within the existing legal and
regulatory framework. And if audit quality is slipping, it wants to know what
should be done about it. In a discussion paper,
Promoting
Audit Quality , the FRC has identified the drivers it feels are
central to the maintenance and enhancement of audit quality, and examined
whether those drivers are under threat. The FRC has an objective of promoting and maintaining confidence in the audit
process and the resulting audit report. It sees this as a key component of the
corporate reporting and governance regimes and as a way of promoting an
effective capital market. It defines the achievement of audit quality by stating that users of
financial reports must be able to rely on an audit report to give ?a robust and
objective opinion? and that the financial statements should give: Lacking confidence Agreed definition Despite all the changes in company law, corporate governance, the regulation
of audit firms and auditing standards, there is limited transparency of the work
that audit firms actually do on individual audits and that makes an assessment
of audit quality difficult. The audit report ? which although extended in recent
years ? is essentially boiler plate and does not provide users with enough
information to assess the underlying quality of the audit. While audit committees have taken a greater role in corporate governance over
recent years, users continue to play a limited to non-existent role in
appointing and instructing the auditor. However, despite the difficulties, the FRC has defined four main drivers of
audit quality: A number of attempts have been made at defining audit quality. The ICAEW?s
audit faculty said in its publication, Audit Quality: ?At its heart
[audit quality] is about delivering an appropriate professional opinion
supported by the necessary evidence and objective judgements.? The
Audit
Quality Inspections report from the Audit Inspection Unit adds: ?A
quality audit involves appropriate and complete reporting by the auditors, which
enables the Audit Committee and Board properly to discharge their
responsibilities.? The FRC says that based on the AIU?s inspection it believes firms do attach
considerable importance to quality orientated cultures and do invest in
promoting audit quality.? But there are threats to that culture. The FRC says
that economic pressures change and that a firm?s culture is threatened by: Threats to skills and personal qualities include lack of effective mentoring,
failure to retain staff with the necessary experience and expertise, allocating
capable staff to prestige clients rather than on the basis of audit risk and
insufficient or ineffective training. An effective audit process is threatened by increased use of computerised
audit methodologies that may distance auditors from the company and switch focus
to coping with technology rather than evidence gathering. The FRC also says that over-prescriptive standards and regulations can
inhibit judgement and stop audit procedures being tailored to specific
circumstances. There is also the danger of client capture where the auditor is
too close to the client. In terms of the reliability and usefulness of audit reporting, some have
questioned whether auditors are properly fulfilling their legal responsibilities
to consider the adequacy of companies? accounting records and whether auditors?
reports should be more informative about key audit issues. Audit quality is not all down to auditors ? management, audit committees,
shareholders, litigation, regulators and the accelerating reporting regime all
play their part. Auditors are likely to tell the FRC that all is well. What FDs
and others will say is much harder to predict. Ouside the box: Transparency is key to accounting Peter Williams, Financial Director, Thursday 28 September 2006 at 00:00:00 Auditors must show that they have the systems in place to provide objective, transparent reports When accounting systems started to transfer from manual to
computerised in the 1980s, auditors had a problem. For a time, until it became
unfeasible, auditors attempted to audit around the IT, relying on the manual
controls rather than the IT ones. Many auditors and finance directors will
remember that the auditors? systems diagrams used to chart companies? accounting
systems showing a box with data going in and data coming out. Such black box auditing now seems laughable. But in the same way that
auditors adopted a black box approach to computerised accounts, stakeholders
have accepted a similar attitude to the governance of the auditing profession.
As a society we have regulated the edges of the auditing profession by demanding
certain standards, but auditors have been under little pressure to prove to the
investment community and beyond, through published information, that they have
the systems in place to ensure they perform a quality audit. Despite the auditing profession?s best efforts, this privileged black box
approach to their professional life has been steadily eroded over the years as
they have been forced by politicians and regulators to increasingly open up to
the public gaze. The latest example of this scrutiny is statutory transparency reporting by
auditors of listed companies. This legislation is driven by the European 8th
Company Law Directive on the regulation of auditors, which was agreed in June
and the measures have to be in place by the end of June 2008. Transparency reports will cover three areas: financial information;
governance/organisation; and quality, and will cover the entire firm, not just
the audit practice. According to the Professional Oversight Board (POB) ? the
part of the Financial Reporting Council (FRC) responsible for audit regulation ?
the idea is to help investors to understand the strengths of particular audit
firms. Clear information, says the POB, on a firm?s processes and practices for
audit quality provides an incentive for all within the firm to live up to both
the spirit and letter of what the firm has promised publicly. As the POB points out, audit firms enjoy a privileged status in that they
alone can act as statutory auditors. And the Big Four firms have an even more
privileged position in that they all but dominate the lucrative quoted company
sector. Under this directive, firms will have to explain and prove that they have the
skills and necessary processes in place to enable them to conduct audits
objectively and effectively. A few years ago, under the auspices of the Audit
and Assurance Faculty, the firms produced a substantial report on audit quality
aimed mainly at the profession itself. One of the most fascinating elements of
the process of producing the report was the discussions between the firms about
what constitutes a quality audit and what are the various firms? approaches,
tolerance and definitions of doing a good job. As a result of legislation,
regulation and auditing standards there is a tendency to think that all audit
firms produce the same audit. But this is not a homogenous product. The firms
produce noticeably varying audits, yet ones which those responsible would label
quality audits. This issue of audit quality is being explored by the POB and the
APB and they are developing a public consultation on the drivers of audit
quality. Setting out the drivers of audit quality may assist the audit firms to cope
with enforced transparency. When the firms respond to the POB?s consultation,
many could claim that they provide much of this information in other reports
that are in the public domain. Until a few years ago, most audit firms published little information about
themselves, aside from incomparable and limited figures released to the press,
so that league tables could be constructed. Two specific factors have driven a
more sunshine policy. First, most firms turned themselves into limited liability
partnerships (LLPs) in recent years. The privilege of LLP status came at the
price of producing sensible reports and accounts. Second, the UK Government?s
2003 review of auditing in the wake of Enron decided that there was a legitimate
public interest in public information of firms that audit public entities. In
response, 13 of the 20 largest firms gave a voluntary undertaking to meet
government proposals for transparency reporting. This they have done. However,
the presentation is currently scattered and is as much promotional as
information. Often, it is not couched in specific enough terms for those seeking
to make a judgement about audit quality. Transparency reports will provide public information on issues such as the
firms? processes and practices for quality control, for ensuring independence,
for partner remuneration and on their governance and network arrangements. This
is no longer just a job for the firms? PR departments. The audit profession
needs to see the transparency regulations of the 8th Directive as its Combined
Code. The time for proper corporate governance of the auditing profession is
arriving ? and not before time. Friends Provident reviews its OFR Anthony Harrington, Financial Director, Thursday 28 September 2006 at 00:00:00 As the government ponders plans to introduce a business review, many companies believe that the operating and financial review is still an invaluable report for stakeholders The government may have got cold feet over the idea of
forcing public companies to produce a full-blown operating and financial review,
but political jitters have had little impact on some plcs. Friends Provident, in
particular, has pushed the boat out on the OFR and believes that the document
will form an invaluable part of its reporting to all stakeholders in future. As Friends Provident?s finance director and CEO-elect, Phillip Moore
(pictured), argues, if you believe that stakeholders will benefit from the OFR,
then it should be done regardless of the difficulty. In fact, Moore argues that, while compiling a good OFR is time consuming, it
is not that difficult. ?The OFR is basically information that we have internally
anyway. It is the strategic thinking and context setting that informs every
board meeting. Why shouldn?t we share this with our stakeholders?? he says.
Clearly you do not share commercially confidential information, but no one is
asking for that, he says. Am I bothered? Two things about OFR reporting bother Moore, though not enough to stop
Friends Provident from publishing one. The first is the idea that in an
increasingly litigious world, some investor, somewhere, will start a class
action law suite based on the OFR. ?If you share your strategic thinking with people and then circumstances
change, they have to be adult enough to realise that the best laid plans
sometimes come to grief. We need some protection, so that we can share
information without giving hostages to fortune,? he says. UK law has no equivalent of the US safe harbour provisions, which allow a
company to make forward-looking utterances, in context, without opening
themselves to huge claims for damages. The second thing that bothers him is the inescapable fact that when you
combine the OFR and the annual report and accounts you have a document that is
too long to be properly informative. ?What we need is for the government to
introduce primary legislation that will allow companies to file their report and
accounts electronically, and put the full report on their website. ?But the document we send to shareholders and stakeholders, together with the
OFR, should strive to be no more than 60 pages long. Not many people want a
200-page brick thudding through their letter box,? he says. So what does he think about the business review that the government is now
thinking of substituting for the OFR? ?If we go back to first principles, our
desire is to communicate clearly and responsibly. We welcome any guidance, be it
from government, regulators or our stakeholders, as to the sort of information
they would like to see in our reports. If a business review moves us towards a
greater level of clarity, then that is a good thing,? he says. Same difference If the rules change, Friends Provident will simply call the document it
currently entitles its OFR, a business review. ?I hear some people saying that
the proposed business review is neither fish nor fowl, but it is, nevertheless,
a move in the right direction, beyond purely financial reporting,? he says. David Phillips, head of corporate reporting at PricewaterhouseCoopers agrees
with Moore that opponents to the OFR ? and the CBI has been less than enthused
about the idea ? tend to overplay the additional workload and expense it would
entail. In fact, he argues, PwC research shows that companies that opt for OFR
reporting tend to find that they benefit from greater market understanding of
the company?s longer term challenges and opportunities. ?We have done a lot of work on what the base information is that investors
need in order to make decisions. It turns out that what investors want is not so
much the financial outputs in the annual report and accounts, as the OFR, which
helps to explain how these financial outputs are achieved,? he says. Competitive edge Piers Evelegh, creative director of Flag, a specialist accounts design
consultancy, worked with Phillip Moore on Friends Provident?s OFR report. ?It
looked at what its competitors were doing and this was seen as a way of
differentiating itself in the market,? he says. The Friends Provident OFR was well rated by the market when it appeared and
the key to its success, Evelegh says, is that it was presented in a way that
made a vast amount of information easily accessible to readers who were not
necessarily expert users of financial reports. That, in a nutshell, is what the
OFR is all about. Anthony Harrington won the print category in the Business and Financial
Journalist Awards, presented by the Institute of Financial Accountants at its
90th birthday celebration, for his work in Financial Director and other
magazines. The winner in the TV category was Adrian Chiles of Working Lunch,
while the BBC's Evan Davies won the radio category. The tenth annual audit fees survey Andrew Sawers, Financial Director, Thursday 28 September 2006 at 00:00:00 FTSE-350 audits are more expensive and slower Thanks to Sarbanes-Oxley and emerging best practice, there
is now more uniformity in the way audit, audit-related and non-audit fees are
reported. This, our tenth
audit
fees survey, is published three months earlier than normal. Our audit fees
data comes courtesy of Manifest, the independent proxy governance and research
support organisation. As a result, the classification system we use this year breaks with that of
our recent surveys, but better reflects the emerging consensus. Here's some
highlights:
Click
here to download the 2006 audit fees survey. For previous audit fees surveys, click on the relevent links below. Manifest provides investors, advisers and quoted companies with
governance information and workflow tools. Independent and impartial, it has a
comprehensive governance and compensation database for UK and US equities.
Lessons from FTSE governance reports Neil Hodge, Financial Director, Thursday 31 August 2006 at 00:00:00 Audit committees are leading the trend for improved disclosure, but board reporting remains uninspiring. So how can it be improved? The quality of corporate governance reporting in the UK?s leading companies
is not improving as well as most investors would like, according to corporate
governance specialists Independent Audit. In its latest publication,
Board
Reporting in 2006: A survey of FTSE-100 annual reports, the consultancy
finds that: - Audit committees are divided more or less evenly into those that want
investors to know what they have been up to and those that still do not get this
across. - Board reporting is far less differentiated and boards remain generally shy
of giving much away. - Most nomination and remuneration committees have little to say about
anything except their terms of reference. - Nearly all boards are now assessing their effectiveness annually. Rotation
between external review and self-assessment is becoming evident. Most give
fuller explanations of what they are doing, but then spoil the effect by
implying that their rigorous exercises in continuous improvement failed to find
anything that could be improved. There are a lot more good examples of reporting on specific features of board
and committee work. The survey found more than 50 companies whose reports
contain particular sections, which might help other companies think through how
to improve their own reporting. Audit committees According to the survey, audit committees appear to be setting the trend in
improved reporting disclosure. Many of them have become much better at saying
what they actually did during the year. Nearly half have made a successful
effort to give the reader something of a feel for the nature of their work. There are many useful descriptions of activity, with BAA, BT, Old Mutual and
Wolseley being particularly well thought through examples.
Morrisons
gets this year?s ?most improved? prize; its report suggests it now has in place
not just an audit committee, but a serious one. Nearly all companies include assessing the independence of their external
auditors as part of their work, but only half describe how they do it (Aviva,
BHP Billiton, Morrisons, Old Mutual and SAB Miller providing useful
descriptions). Most committees (77%) now confirm that they assessed the effectiveness of the
external auditors (up from 58%). However, only one-third of these explain how
they did it, with Associated British Foods, Aviva, Gallaher, Hanson and Rexam
standing out. The board Board reporting, by contrast, remains generally uninspiring and
uninformative, says Independent Audit. Many annual reports mention the
importance of their company values or ethics, but hardly any board says anything
about how it reinforces values and ethics from the top. Presumably, most feel
they do this, but hardly any discuss how. Working together The latest survey found that few companies do much in the way of meeting the
Combined Code on Corporate Governance?s requirement to explain how the board
adopts a balanced approach to decision-making. They do, however, respond to that part of it which relates to non-executive
independence. Nearly all companies (97%) make the requisite statement on
independence and 82% report having a majority of independent directors ? down on
last year (88%). Around 90% of non-executive directors are classified as independent ? the
same as last year. Nearly half of the boards surveyed still have one or more
non-executive directors who have served in excess of nine years, of whom
two-thirds are said to remain independent. Allowing for the timing of board
changes, the number of long-serving directors across all FTSE-100 companies (65
on 43 boards) is broadly in line with last year. Few of them are due to retire
in the next year, which means the situation is likely to persist. According to Independent Audit, this absence of any significant reduction,
despite the large number of companies with long-serving directors, suggests that
companies are taking less of a box-ticking approach to this issue and are not
shedding directors just because of the passage of time. This could be a good
thing ? after all, the code?s principle is that independent directors should be
independent in mindset and approach, with the nine-year rule being a suggested
indicator of declining independence and not a rule at all. Dialogue with shareholders Although their efforts are generally unimaginative, most boards say something
about how they talk to investors. However, they say much less about how they
listened to what investors had to say. Even though BAE Systems, BT, HBOS,
Reckitt Benckiser, Royal Bank of Scotland and Vodafone show how it can be done,
three-quarters of companies said nothing about how their boards get investor and
other stakeholder feedback. Board effectiveness Nearly all boards (94%) conducted a review of their effectiveness.
Four-fifths of them explained their approaches, with half of these using a
questionnaire approach, around 20% relying on interviews, 10% using a
combination of the two and the rest working through a self-assessment
discussion. Around 40% of boards have now opted for some form of external review since
the revised Combined Code came into force in 2003, nine companies for the first
time this year. As in previous years, boards remain very shy of giving any
indication of the outcomes. Of the half who say anything about the result of
their evaluation, most simply state that they are effective, very effective or
fully effective. Most companies (83%) reviewed individual director performance. Less than half
(35 companies) give any indication that such reviews were distinct from the
assessment of the board; the others presumably wrap them in with the board
review. The lack of information makes it difficult to judge how boards are
tackling this. Similarly, while around 70% of boards reviewed the effectiveness of their
committees, only half of these distinguish the committee reviews from the board
review. However, reporting on remuneration and nomination, committee
effectiveness remains entirely uninformative. Shed a tier: Competition in the Big Four Sarah Perrin, Financial Director, Thursday 31 August 2006 at 00:00:00 Consternation about the Big Four's dominance of the listed company audit market is provoking competition fears and calls for intervention Interest in the matter of competition in the audit market has been heightened
this year. In April, the
Oxera
report, Competition and choice in the UK audit market, prepared for the
Department of Trade and Industry and the Financial Reporting Council, noted that
the Big Four firms account for 99% of audit fees in the FTSE-350 and audit 99 of
the FTSE-100. In May, the FRC published a discussion paper,
Choice
in the UK Audit Market, which considers questions such as how to promote
increased choice of audit firms in the large public company audit market. In July, Labour MP for Greater Grimsby, Austin Mitchell, tabled an early-day
motion in the House of Commons condemning the ?monopoly? of the Big Four.
Mitchell described their market dominance as ?anti-competitive, unhealthy and
promoting complacency within the industry? and called on the government ?to
consider structural reform to set the highest possible standards of
accountability and transparency?. The Association of British Insurers, in its response to the FRC consultation,
said: ?It should be made clear to the large accounting firms that, if their
share of the market is deemed to be excessive, they will be obliged to divest
part of their business.? Make the grade But what of the firms outside the Big Four? Do they want to audit large
listed companies? The answer is yes, but with some exceptions. The very largest
companies are generally seen as best suited to the Big Four. ?The top 150
companies, like the largest banks and insurance companies and natural resources
companies like BP, where there is such a scale required to audit them, or such
specialisation in the peculiarities of that industry, are best suited to being
audited by the Big Four,? says Steve Maslin, head of assurance services at Grant
Thornton, currently the
fifth
largest UK firm. However, once you get to companies around the 151 mark,
with market cap of around £1bn and audit fees around £1m, then Maslin sees those
as the heartland for firms like GT. ?For the majority of such companies, we have
the scale, sector knowledge, skills and expertise to deal with them,? he says.
BDO Stoy Hayward, the sixth largest UK firm, takes a similar view. It also
recognises that the largest companies require such specialist technical skills
that they currently need Big Four audit services. However, BDO is highly
interested in other listed company audits and is focusing its attention on
companies with a FTSE ranking of between 101 and 350. ?We are starting to push
more in sectors where we have specialist strength,? says Jeremy Newman, BDO?s
managing partner. ?For example, we are strong in retail, property, leisure and
hospitality and professional services. We have sector expertise here, so let?s
focus on those where we can bring added value.? BDO is notable among Tier A firms for auditing the only FTSE-100 company not
to be served by a Big Four firm ? PartyGaming. The online gaming company entered
the FTSE-100 club last summer on flotation, taking BDO with it. Despite this,
Newman understands that board members of other FTSE-100 companies may need more
persuasion before appointing BDO as their auditor. ?In the 101 to 350 group,
where we have half-a-dozen or so audit clients, it?s easier to hold a footprint
and demonstrate that we have expertise,? he says. This summer, BDO was conducting what Newman calls an information campaign
directed at finance directors and audit committee chairman in FTSE-350
companies. However, Newman is realistic about the likelihood of picking up new
audit work as a result. ?Re-tendering in the FTSE-350 is rare,? he says. ?Our
best chance of getting more of them [as audit clients] is by acting for some
that get promoted to that league, and persuading them they don?t need to change
to a Big Four firm.? This alludes to the problem of perception ? particularly the assumption that
investors prefer companies to have a Big Four auditor. ?A lot of decisions are
made on the basis of perception rather than knowledge,? says Maslin. However, institutional investors and representative bodies have now begun
declaring their open-mindedness about audit appointments. The Association of
British Insurers?
response
to the FRC?s consultation says: ?Investors need to make clear, as the ABI has
recently done, that they do not automatically expect companies to select an
auditor from among the Big Four.? Not on the list Nevertheless, the Big Four-dominated statistics will take time to change. ?We
are already providing a number of non-audit services to FTSE-100 and FTSE-350
companies, but we are not there in the audit market, as much as anything because
we don?t get onto the tender list,? says Mark Harwood, senior audit partner at
Baker Tilly. ?Part of the problem is that the rates of switching, or churn, for
auditors are very low. So any rate of change is likely to be slow.? The Oxera
report found that switching rates were around 4% per year on average for listed
companies, and less than 3% for the FTSE-350. Most listed companies tendered
only once every five years or less. Nevertheless, audit committees may find their auditor appointment decisions
coming under greater scrutiny. The ABI?s FRC response says: ?Companies should
keep their choice of auditor under regular review and periodically tender for
new auditors,? says the ABI. Finance directors are also in the spotlight. The
ABI says: ?Quality should be a more important consideration than price. Too many
auditors have been effectively chosen by finance directors anxious to make a
virtue out of their ability to drive down costs.? Another possible perception problem for Tier A firms relates to the
assumption that a Big Four audit is automatically higher quality. ?There?s a
size gap, but a size gap doesn?t equal a quality gap,? says Harwood. He hopes
that once the Audit Inspection Unit?s reporting on audit quality beds down, this
will become clearer. If you can?t beat them Firms outside the Big Four are already providing non-audit services to large
listed clients. Another way they could demonstrate their capability is through
participating in joint audits, an option strongly promoted by Mazars. David
Herbinet, head of corporate and public interest markets, notes that his firm is
already joint auditor of seven of the largest companies in Europe. ?They get the
Big Four name on their audit report, but they also get second auditors to
provide a different service to them,? Herbinet says. Audit quality is enhanced,
Herbinet suggests, by having two pairs of eyes on the job and by being able to
challenge management more robustly. ?It is easier to contradict positions taken
by management when there are two of you, than when you are on your own,? he
says. Service quality is enhanced by having healthy competition between the
joint auditors. The Hundred Group?s response to the FRC consultation suggests there could be
benefits from a modification of auditing standards to make it easier for the
audit of large groups of companies to be undertaken by more than one firm. But
Don Hutchison, national head of audit at BDO Stoy Hayward, rejected the proposal
outright, arguing that it would cause tension between rival firms and ramp up
costs. One potential barrier impeding Tier A firms from auditing FTSE-350 clients is
the need for an extensive and integrated international network. However, the
Tier A firms international networks do have considerable reach. Grant Thornton
International, for example, has members in 112 countries. Furthermore, GT?s
Maslin points out that the legal structures of the Tier A networks are the same
as those of the Big Four?s international networks. ?We have international audit
models that comply with international auditing standards and have invested in
people with international technical experience.? BDO?s Newman thinks FDs could benefit from switching to an audit firm outside
the Big Four. ?The consistent message I have got from FDs in our post-Oxera
information campaign is about their frustration with increasing levels of
bureaucracy at the Big Four, inconsistent application of IFRS, partners being in
the thrall of technical departments, audit departments being scared to challenge
central technical departments?? he says. By moving to a Tier A firm, Newman argues, these FDs could benefit from a
better quality of service. ?It?s a cultural thing,? he says. ?The AIU (audit
inspection unit) report talks about cultural difficulties in some of the Big
Four firms. There are also financial issues.? As Newman points out, Tier A firms
have lower partner-staff ratios ? perhaps 10 staff per partner, compared to 17
or 18 at the Big Four. ?We have much more partner engagement,? says Newman. Right pitch However, when pitching for new audit clients, Tier A firms tend to be asked
questions about their capability for delivering the service ? a result of
companies? anxiety around justifying the appointment of a firm outside the Big
Four. ?It?s quite a negative pitch process,? says Newman. Nevertheless, the Tier A firms generally seem opposed to market intervention,
even if that would improve their chances of making tender lists. They want to
gradually build up their client base among the lower levels of the full list
first, before looking at the largest companies. ?I think the market can make
significant progress in increasing choice in the 1,500 or so companies in the
full list,? says Maslin. ?Perhaps in a few years? time that would create a
platform where we had one or two firms like Grant Thornton, which would be in a
better position to challenge at the highest level.? Guidance for auditor disclosure Peter Williams, Financial Director, Tuesday 27 June 2006 at 00:00:00 Draft guidance aims to help companies comply with requirements to disclose auditor renumeration in accounts The government has taken another step in using regulation and disclosure in
order to head off the perceived threat to auditor independence. At the request of the DTI, the ICAEW has issued draft guidance Tech 04/06 for
companies and their auditors on how to comply with requirements to disclose
auditor remuneration in accounts. Regulations in force for accounting periods beginning on or after 1 October
2005 made extensive changes to current practice regarding disclosure of auditor
remuneration. These changes include an increase in the amount of information to
be disclosed about non-audit work carried out by auditors, including extensive
disclosure of non-audit fees in prescribed categories, such as tax, IT, internal
audit, valuation and actuarial services, litigation support, recruitment and
remuneration, and corporate finance. There is also a catch all ?other services?
category. Lynn Pearcy, a member of the working party, which drafted the guidance said:
?These disclosures have been introduced to address concerns about threats to
independence when an auditor derives a material amount of income from providing
non-audit services to an audit client. However, the regulations are difficult to interpret in some areas. We believe
that our guidance will lead to greater consistency in company disclosures.? Although they may not be complicated to understand they will be tiresome for
finance directors and auditors to comply with and get right. Legal requirements The technical release provides guidance on the application of the legal
requirement for companies to disclose in their individual and group accounts the
remuneration receivable by the company?s auditor and the auditor?s associates
for the audit of accounts and other non-audit services. It aims to ensure that
directors and auditors understand the nature and purpose of the requirement and
the basis for deciding into which categories and sub-categories a service
provided by the auditor falls. The requirement is preserved for all companies to disclose auditors?
remuneration for audit services. In relation to other services, the regulations
require more extensive disclosure than was previously the case. The 1991
regulations required only a single aggregate figure for non-audit services and
this was restricted to amounts for services provided to the company and its UK
subsidiaries. The regulations apply to all companies, including small and medium-sized
companies. However, SMEs do not have to make such extensive disclosures as other
companies, and are not caught by the non-audit service disclosure requirements.
In addition to legislative measures for disclosure, auditors are bound by the
Auditing Practices Board?s Ethical Standards. In particular, Ethical Standard 5
Non-audit services provided to audit clients imposes certain
constraints and safeguards in relation to the provision of non-audit services.
Ethical Standard 5 includes a definition of non-audit services, which excludes
services performed that legislation or regulation specify can be performed by
the auditors. The information must be disclosed in the notes to the accounts. A
cross-reference to information given elsewhere within the annual report would
not be sufficient. Disclosure is not required of remuneration for work performed for
?associates? and ?joint ventures?, or other significant investments (as defined
in Schedule 5). However, the ICAEW says that additional voluntary disclosure may
be desirable as good practice if such interests are particularly material. The regulations require disclosure of fees receivable by a company?s auditor
and associates of the company?s auditor from the company?s associated pension
schemes for services supplied to those schemes, whether or not the company?s
auditor or any of its associates is the auditor of the pension scheme. Associates of a company?s auditor are defined in the regulations. The
definition is designed to capture a range of individuals and organisations with
connections to the auditor. Associates include any entity controlled by the
auditor or under common control, ownership or management, or otherwise
affiliated or associated with the auditor through the use of a common name, or
through the sharing of common professional resources. For example, if a partner in an audit firm is also a director of a company
that supplies cleaning services to a client of that audit firm, payments for the
supply of those services are required to be disclosed in that client?s accounts,
within ?all other services?. Each auditor will have to assess the specific
circumstances and apply judgements in deciding whether an associate relationship
exists. Disclosure is not required of remuneration for work performed for
?associates? and ?joint ventures? (as defined in FRS9 Associates and joint
ventures, or IAS28 Investments in associates and IAS31 Interests in joint
ventures). But the ICAEW?s draft guidance says that additional voluntary
disclosure may be desirable as good practice if such interests are material.
Where, as part of the audit, work is undertaken within the audit firm by
non-audit professionals in relation to reviewing specialist work carried out by
others, such work is regarded as ?audit-assist? and, as such, the fee for such
work is included in the audit fee. Where a single fee has been agreed for the audit and other services, the
auditor needs to provide a reasonable breakdown of the total fee into different
services. What next? The guidance statement is not expected to change materially. However, this
technical release is unlikely to be the end of the change, as the 8th Directive
on Statutory Audit of Annual and Consolidated Accounts due to be implemented
across the European Union by 2008 will herald further reforms in this area. The
Regulations have been drawn up in the light of, but differ in detail from, the
disclosure requirements in the proposed 8th Directive. Nor is the disclosure
compatible with US Securities and Exchange Commission requirements. Accounting: Principle rules Peter Williams, Financial Director, Tuesday 23 May 2006 at 00:00:00 Principles-based accounting may be simpler and more flexible, but much depends on who sets the principles Arguments for principles-based accounting are seductively simple.
Principles-based accounting provides a comprehensive basis for preparing
financial statements with the flexibility to deal with new and different
situations. Principles have found favour over rules, post-Enron. In the US, the view
initially took hold that if rules-based accounting standards allowed the failure
of Enron to develop undetected, then it should not continue. The argument
against cookbook accounting is that it leads to the pejorative charge of
box-ticking. The pragmatic would argue that in today?s complex world where so
much is expected of corporate reports and those who prepare and audit them ? and
where the cost of mistakes are so high for all involved ? that ticking the boxes
is the only sane answer. This position to date has been shared by the
International Accounting Standards Board. That, however, should change according to the authors of a report,
Principles-based or rules-based accounting standards ? a question of judgement,
published by the Institute of Chartered Accountants of Scotland. The report
argues that global convergence of accounting standards cannot be achieved by a
rules-driven approach. The argument for principles, not rules, is that
rules-based accounting adds complexity, encourages financial engineering and
does not necessarily lead to a ?true and fair view? or a ?fair presentation?.
A rules-based approach also hinders accounting standards being translated
into different languages and cultures. To achieve the goal of principles-based
standard setting would require a radical change in the global profession in
order that preparers and auditors of accounts assume more responsibility for
making judgements and seek less detailed guidance from standard setters and
regulators. This requires the willingness of regulators to accept a broader
range of judgement-based outcomes. A single interpretative body would have to b
e created to focus on significant issues rather than detailed matters. Detailed
matters should be left to the judgement of preparers and auditors with clear
disclosure of how that judgement has been exercised. This may make theoretical
sense, but would require a bonfire of accounting vanities the like of which none
of us have seen. The present system may be imperfect, but at least the roles of
all the players are established. The vested interests are too entrenched. Standard-setters complain that they
are criticised because they produce rule-based standards, but claim they do so
only because they are asked to answer so many specific, detailed questions from
accounting experts within the big firms or large corporates. Over the decades,
the willingness and ability of auditors to hold in check their clients through
the exercise of good professional judgement is, at best, unclear. The amount
that auditors and finance directors disagree is still one of the great secrets
in corporate governance and corporate reporting. The view remains that executives will challenge auditors by asking, ?Where is
the rule that says such a proposed action is prohibited?? You can?t blame
auditors for preferring a situation where, if a client challenges their views,
other audit firms will give the same answer because all are applying the same
rule, so reducing the risk of losing clients to alternative opinions. The report
from the Scottish institute points out that it has been suggested that the
difference between principles and rules is that rules must be argued against,
but principles must be argued for. This requires a different professional
attitude and it must be questioned whether firms possess such an attitude. But perhaps more important is the fact that within the context of global
financial reporting, a greater spectrum of views exist than when accounting
standards were primarily national concerns about a principles framework aimed at
convergence, consistency and comparability. Principles in accounting involve
judgements based on society?s views of acceptable conduct, gaining such a
consensus is becoming harder not easier. In order for principles to prevail
there has to be sufficient common ground. While the pros and cons of principles versus rules have most impact on
standard-setters, preparers and auditors, it will inevitably have an impact on
users of financial information. One of the key objectives of financial reporting
is ?comparability? which usually means identical accounting treatment for all
transactions of a defined class, but some argue that comparability allows users
of accounting information to understand the underlying economic reality of the
transaction. This latter approach does not require identical accounting; rather,
it calls for a transparent and understandable approach to allow the user to make
the comparison. A move towards principles could see the need for a shift in
understanding of comparability and that would potentially give finance directors
more freedom. The ?principles versus rules? accounting debate ? which has
rumbled on for decades sparked into life occasionally by corporate scandals or
the emergence of a new accounting standard-setting regime ? could rapidly evolve
into a question of who makes the judgement, who sets the principles? If it is
me, great; if it is you, I?d be a lot less keen. Computer Weekley - IT Management NewsIT industry job satisfaction double UK average, survey shows IT security must address business trends, says Forrester Will NPfIT Summary Care Records really save lives? It is not cloud versus in-house, says Forrester Twitter is magnet for fakes, fraudsters and celebs Costly Digital Britain projects to go ahead says Timms BMA says: halt rushed roll-out of imperfect Summary Care Records London Stock Exchange puts in new IT head at Turquoise Digital Economy Bill amendment threatens free speech on web CIOs must make a 10-year desktop strategy plan Malware found on out-of-the-box Vodafone HTC Magic smartphone Online bank fraud up, but total card fraud falls for first time Microsoft releases eight bug fixes and warns of IE zero?day vulnerability European SMEs neglect back-up and recovery, survey reveals Security Zone: Enterprise architecture is too often a missed opportunity for security Split views on funding UK innovation Opinion: Is BCS priority the business or its members? Election 2010: Tories told what policy on IT should be Energizer battery charger contains Trojan virus, warns Cert Datacentre staff costs increase by 10% Computer Weekley - Security NewsEnergizer battery charger contains Trojan virus, warns Cert US cybersecurity efforts hindered by poorly defined roles says GAO Businesses need new security doctrine as Trojans evolve, says RSA Apache flaw threatens data security, say security researchers Google China hack is just the tip of the iceberg, RSA Conference told Human factor a key focus for infosecurity Older Windows exposed to VBScript hole Beware of fake Security Essentials software Hacker posts risque First Direct tweet Twitter hit by another round of phishing attacks Adobe fixes Download Manager flaw Wipro employee suicide in wake of fraud allegation Video: Twitter users targeted by Chinese phishing attacks Kneber botnet steals log-ins to 75,000 companies Chip and Pin 'broken', say Cambridge University researchers Shell staff details revealed in security breach Microsoft Patch Tuesday equals record with 13 updates EU officials downplay carbon credit phishing scam Australian judge upholds ISP's defence against piracy claims Apple fixes five holes with iPhone 3.1.3 firmware update
|
|
||||||
|
|||||||