This article was originally published in the SafetyAtWork magazine in March 2002, has been slightly edited with new links included. It is surprising how slow progress in the auditing sector has been, supporting some of the points raised in the Brydon Review.
The Enron saga means many things to many people. Some see the collapse as a result of greed, others as an inevitable result of US corporate capitalism, yet others focus on the political ramifications of the collapse. From a distance and in the context of workplace safety and risk management, the saga can be seen as a wake-up call for all businesses.
It is an essential part of modern business that a company’s actions need to be independently verified. This is usually done by a complex system of internal and external auditing of management systems. Traditionally, in the safety discipline, the auditing has focussed on Quality, Safety and Environment. The requirements for these audits are so that management can state that “so-and-so has determined that we comply” to whatever standard or legislation is relevant.
The sad fact is, however, that rarely do the financial auditors communicate with the safety auditors. Auditing is not seen as a discipline in itself. It is asserted that financial auditing is different from quality auditing. Even though both activities operate from the same basis and to the same purpose.
Several (financial) auditing experts were contacted for this article. Most provided responses similar to the following
“While she is an auditing expert, she says that the area of safety auditing is well out of the range of her experience.”
This is disputable. It is clear that many industry hazards that seem insurmountable are solved easily by looking outside that particular industry. The auditing of the finances of Enron should provide lessons for all companies involved or serviced by auditing.
The CEO of the National Safety Council of Australia, Eric Curtis, spoke to SafetyAtWork magazine, and also sees safety auditing as different from financial auditing:
“Safety auditing is not usually conducted to satisfy the requirements of legislation as with financial audits. Safety audits are usually carried out to assess or certify a safety management system. The law does not explicitly require organizations to have safety management systems. Having a certified safety management system does not ensure that an organization complies with health and safety legislation.”
Many companies employ auditors to assess the safety management system that is in place to establish compliance with OHS legislation. The law may not explicitly require a safety management system but employers have an obligation to maintain safe systems of work, of which surely a safe system of management is also part. Some Government OHS agencies have developed, and commercially sold, audit tools of a safety management system. In Victoria, at least, the SafetyMAP program was seen as strongly supported by the WorkCover Authority.
In the Final Report of the Inquiry into Workplace Safety Vol 1 November 1998, Professor Gunningham’s research was discussed:
“Professor Gunningham has emphasised the need for Government to establish minimum criteria which OHS management systems must meet, together with a system of third party auditing, with auditors acting in effect as `surrogate regulators'” .
page 84
If this was the case, the auditors/regulators would need to be above reproach as they would be a functional subset of the Government.
It seems logical that if you work in a company that requires safety auditing, that you are audited by an organisation with specific expertise in your industry. This would be good management. But what if the auditor is also part of an organisation that provides you with safety advice and services? Many companies are in the position where they provide preventative advice and “enforcement”. And this isn’t restricted to commercial entities. Government departments frequently have a preventative role and a compensation arm. In the safety auditing business it is expected that you provide services that prevent injuries at the same time as you compensate for injuries. Just as Arthur Andersen provided financial and accounting advice and then audited the decisions made based on that advice.
A Special Report in The Economist (February 9, 2002) says
“External auditors have come under heavy suspicion. Andersen, Enron’s auditor until the energy company filed for bankruptcy in December, is now the weakest link in a profession forced on to the defensive. And the failure of companies’ internal audit committees to spot the transgressions has raised doubts about the effectiveness of “independent” non-executive directors “
Linda Trevino, Professor of Organizational Behavior at The Pennsylvania State University, said to Safety At Work magazine,
“..we can draw lessons from the Enron/Andersen debacle about the importance of “independence” in auditing of any kind. Such independence appears to have been lost in financial auditing as the firms became entangled in consulting relationships with their auditing clients. However, it is important to note that independence is difficult to achieve even in the absence of such entanglements. If an organization is paying a company to certify its safety, can the certifying company maintain complete independence? Doesn’t that become more and more difficult as the relationship continues over time and the auditing firm becomes dependent on the revenue from that relationship?”
Associate Professor Chris Winder, of the University of New South Wales’ School of Safety Science believes that the important difference is one of legality. He believes that administrative procedures and Codes and policies will not stop someone who will deliberately break the law, as may have happened in the Enron case. He said to Safety At Work magazine,
“The underpinning of the audit process is that it works within the law. It works with honesty and integrity of the individuals involved. If an organisation bribes an auditor for a favourable audit, then this is corruption (and illegal) and not a conflict of interest. If an organisation establishes a relationship with an auditing company to provide other services (such as advice on safety) then I am not sure if this is really a conflict of interest, and just a company choosing what they see as the best source of advice for its needs. However, if by doing this, an organisation attempts to subvert the audit process, then of course this is a problem.”
Paul Volcker, Chairman of the Trustees of the International Accounting Standards Board (ISB); Chairman of Arthur Andersen’s Independent Oversight Board; and Former Chairman, Board of Governors of the Federal Reserve System asked on February 14:
“Can strong safeguards be put in place against other business interests intruding on the auditing process? What are the appropriate limits on non-auditing services performed by an auditing firm to avoid the perception or reality of an unacceptable conflict?”
Obviously the case of Enron shows this is shutting the door after the horse has bolted. As Professor Winder says, auditing relies on the integrity of individuals.
Audit is a business activity. Safety audits and others are frequently used not to make a workplace safer or the environment less damaged but to reflect (or increase) the dollar value of a company prior to sale or takeover. Eric Curtis, of the NSCA, acknowledges this:
“Clearly this may be the case with some audits. The quality and value of our audit and consulting services is of the highest priority to us. As an independent organization we believe the maintenance of the integrity of our services and our professional reputation is too fundamental to our business and our strategic standing in the market to risk compromising for a single audit.”
Just as homeowners may obtain a builder’s report on the structural integrity of a house prior to sale, so safety audits are used. If a company was audited and found to be only a level 2 company, or a low level on some other measure, and the sale value would be increased if it was a level 3 or a 4, the company will begin to make improvements to increase its levels. This may not increase the safety level of the workplace. In fact it could worsen it by having the employees and board members having a false sense of security and pride in the supposed safety achievements of their company.
Paul Volcker, strangely for an American, suggests government monitoring:
“High quality standards and improved audit practices should go a long way toward enforcement. However, there are areas where it may be difficult or impossible for any one firm to proceed alone. Hence, there is a need for official regulation.
The United States has the framework for regulation and enforcement in the SEC. Over the years, there have also been repeated efforts to provide oversight by industry or industry/public member boards. By and large, I think we have to conclude that those efforts at self-regulation have been unsatisfactory. Thus, experience strongly suggests that governmental oversight, with investigation and enforcement powers, is necessary to assure discipline.”
(Yet another turnaround on the benefits of Self-Regulation.)
The Economist suggests that one recommendation from the IASB review is
“…likely to be a split between [Andersen’s] auditing and consulting businesses. The conflict between the two has been controversial for some time. In 2000, Andersen earned more from Enron from non-audit services ($27m) than it did from auditing ($25m). A report submitted to Enron’s board on February 2nd revealed details of further conflicts of interest between the two businesses.”
The splitting is occurring in other large auditing firms, such as PricewaterhouseCoopers, Deloitte Touche Tomatsu, and has already occurred in KPMG and Ernst & Young. It will not be long before we see this trend extend to the safety businesses.
Nevertheless, Eric Curtis believes that it is possible to operate an auditing service from within the same company that offers OHS consultancy.
“We believe that the NSCA is a good example of how these complex arrangements can be successfully managed. We have had no incidence of compromise or complaint to date… We do not have plans to split the organization at this time but will observe with interest the experience of KPMG.”
Chris Winder believes that auditors are not always independent when they are from one company that provides both types of service. A company may provide safety advice on a commercial basis in the form of training, seminars, or direct advice on establishing a safety management system with the option of a safety audit in the future. The customer implements the advice and the original company returns and audits a safety management system that they had an integral role in establishing. Chris agrees that in this case the auditor is too close to the customer and “is not independent.” We believe that this circumstance is far more common than many think.
In a recent survey by Schulman, Ronca & Bucuvalas reported elsewhere in this issue of SafetyAtWork magazine,
“A large majority of financial executives (59%) would prohibit accounting firms from providing auditing services to their accounting clients. Only 35% feel accounting firms should be able to provide both of these services.”
And this survey comes to the heart of the issue. The independent financial auditors appear to have been too cosy with their customers. Some pledges by Andersen and others are positive but how did the auditing industry become so corrupted? This article asks whether the same questions should be put to the safety auditing industry. Reliable auditing is an essential part of the underpinning of so much of modern management. It is within corporate governance, corporate social responsibility, corporate manslaughter legislation, Quality, Safety and Environment auditing. We require truly independent auditing and accountability. Business and government need to be open and upfront on safety.
Recently, speaking on the topic of corporate governance, Noel Waite, Chairman of Waite Group, (in HR MONTHLY) said
“A great deal more emphasis needs to be placed on the selection of directors, chief executives and chief financial advisors. There needs to be people on boards who have sufficient practical experience, and industry and people knowledge. Accounting, financial and legal backgrounds are usually sought and of course needed, but so are people who have the capacity to have a conceptual view and home in on vital elements: People who have, if you like, some degree of emotional intelligence. People who are intuitive enough to realise that something is not quite right and they are able to pursue that line of thinking and investigate further.”
Splitting business arms into advice and enforcement is one initiative, an initiative that should never have been necessary. The other is an understanding of social and business ethics. Andersen’s activities may not have been illegal but they were unethical. Many smaller companies operate close to the relationship that auditors had with Enron.
Auditing should by its definition be independent. Whether it be financial, safety, quality, internal or external, independence is essential. Without it auditing is invalid and dangerous. Over the next few months expect to see safety auditors move away from the consultancy of the parent company. If this does not happen, go to another auditor. Certainly do not let your business be infected by the demons of chaos so much so that the only solution is an exorcist instead of an auditor.