Consultant Zone

The risk of sole supplier audits

In the 2009 government review into banks corporate governance, led by Sir David Walker (former chairman of Morgan Stanley) one of the views expressed was that banks and other financial institutions should set up a separate risk committee with responsibility for oversight and advice to the board on current risk exposures and future risk strategies.

In addition the report said that the board risk committee should be attentive to the added value that external audit firms could bring in challenging its analysis and assessment of risk. The report also recommended that external relevant experience should be used to oversee a due diligence review of their current secured and unsecured assets.

More recently, a report by the House of Lords economic affairs committee observed that the assessment of risk is becoming a more prominent feature of corporate governance for banks and financial institutions.

Against that background, we have discovered an interesting trend. We have found that some banks and financial institutions having used the same audit or due diligence firms over the past 10 years or so, are now recognising that there is ‘single supplier risk’ exposure and are looking for fresh input and more relevant expertise.

In future, risk strategies are not going to be the invisible policies of the past and will take more prominent positions in the publications of annual accounts. As a result, the choice of audit firms and due diligence providers is open to more scrutiny than ever before and it is essential to eliminate the potential conflicts of the past.

The use of more than one supplier for due diligence and audit services can be used to improve standards generally with the use of champion/ challenge exercises. In addition, fresh input and more relevant expertise will often result in a more prudent corporate position.