As can be seen by the recent publication of The Treasury Committee report focussing on the various ‘inquests’ into the failure of HBOS plc, independent reviews of businesses, processes and risk positions are back in the news.
The debate has now changed direction, including the resurrection of the idea of splitting the oversight of enforcement and supervision. Past experiences of the FSA prove that it was difficult to ensure both functions received adequate attention within a single organisation – given their conflicting objectives.
According to the PRA/FCA report published in November 2015, it is clear that HBOS’ problems were exacerbated by a deficient control and risk management framework. The traditional three lines of defence risk management model had failed. The report also identified a number of other issues, including weak controls and inadequate risk management.
One interesting comment within the latest publication was that “An impartial assessment of the FSA’s actions with respect to enforcement has been essential. Without it, the regulators would have been marking their own homework”.
That statement resonates strongly with Rockstead. The internal audit function, whilst important, cannot be truly relied upon without a “checking the checker” position being in place. Having an external line of defence is becoming an essential part of any review process. A similar expression we use is that “internal audit teams all go to the same staff party and as a result cannot possibly be regarded as independent”.
This latest report suggests that independent, external reviews are not simply advisable, but absolutely necessary. Rockstead is the only independent asset, business and process review company in the UK.