# Introduction

he global economic crunch or melt down that stroke the world starting from 2008 is one of the greatest financial crises that planet earth has experienced since the great depression. This crisis left many people in a state of doubt concerning what the actual cause of the crisis was. Many blamed the crisis on the free market and its excessive risks taking. Just like former USA President Obama said in his first inaugural address that: ``... if there is one thing that this financial crisis has reminded us about is that we cannot have a thriving wall street while main street suffers?´´ Source: New York Times, Wednesday, November 05, 2008.

After the fall of Enron, it came to notice that the auditors of Enron could go a long way to indicate to investors and make public the accounting procedures used by Enron to show escalating profits on an accrual basis (using their so called mark to market accounting), as a result some international accounting standards and international auditing standards were introduced and others were modified in a bit to see how future occurrences of this nature could be mitigated. Just a few years later, the world was hit not just by a corporate failure but by a global financial meltdown.


# II.


# Research Objective

The purpose of this paper is to investigate qualitatively how the financial crisis educated auditors and how the auditing practice can be modified in order to prevent future financial crisis. But before going into this we will first of all try to show what caused the financial crisis in the first place. And later part tries to address the following questions:

? Were CEOs in banks taking excessive risks at the detriment of the investors? ? Did internal auditors in their audit reports point to this fact? ? What role did auditors play in the occurrence of this crisis?

? Could auditors reduce the gravity of the crisis or could they eliminate it completely?

III.


# General Literature Review a) Causes of Financial Crisis

Following the past several years of global economic turmoil, there have been extensive examinations by researchers to identify the root causes of the financial crisis and determine what could be done to reduce the risk of a future similar crisis. While none of them found that auditing was a root cause of the financial crisis, auditors, like all participants in the capital markets, have a responsibility to examine their role in light of lessons learned from the crisis and consider what improvements can be made in audit standards and what more they can contribute to market integrity and investor protection.

But the picture depicted by several researcher about the causes of the recent financial crisis as is easy access to apparently low-cost credit to fund an increasing supply of residential housing, coupled with the explosion of innovative financial instruments, as well as lax loan underwriting standards and documentation, led to an asset bubble that eventually burst the way asset bubbles tend to do (Carmassi et al., 2009). This was an economic turnaround caused by a collapse in risk management at many levels.

Consumers took on too much debt; lenders issued high-risk mortgages that were packaged and resold and those lenders held large amounts of risky, leveraged instruments; and investors purchased complex securities that they did not understand. The impact of the reversal was exacerbated by the interconnectedness of financial system.

The origin of the crisis points to the financially leverage institutions (bank) which make money by taking risks.

Banks form just one category of financial institutions. According to Hull (2007), a financial institution is one which performs many functions, but the basic task is to be intermediaries between buyers and sellers of financial services, such as borrowing and lending of funds and the provision of insurance against risks. The financial service industry is broadly divided into: Depository institutions, insurance companies, finance companies, investment banks and securities, firms, pension funds, mutual funds.

Just like other business corporations, banks are limited liability companies where there is often a divorce between management and control. Just like other limited liability companies, banks are owned by shareholders and managed and controlled by a Board of Directors. Due to this divorce between ownership and management, there are often conflicts of interest that result in the running of banks between the owners of the bank, and those who run and manage the affairs of the bank, and each stakeholder always wants to maximize his or her own benefit at the expense of other stakeholders. This calls for good corporate governance measures in banks that will minimize the conflicting gap between those who own the business and those who run it and those who are involved in the bank in one way or another (creditors, government, employees, taxpayers-other stakeholders) so as to have a balance between areas of interests and conflicts especially when it comes to risk management in banks.

The question that arises now is whether the Board of Directors is incapable of controlling risk in banks? We cannot directly give a ``yes´´ or ``no´´ answer to this question directly, but rather we examine those factors or pertinent issues that complicate risk control in banks by the Board of Directors.

Lucien & Spamann (2010) says that the compensation structure of bank executives have produced incentives for excessive risk because bank executives expect to share in any gains that might flow to common shareholders, but are insulated from losses that the realization of risks could impose on preferred shareholders, depositors, and taxpayers. They further go to explain that this has given executives incentives to give insufficient weight to the downside of risky strategies. The analysis of banks financing structures and compensation according to Lucien & Spamann (2010), shows that the payoffs of bank executives is most often tied to a highly levered bet on the value of the bank's assets. This is because top executives in banks at times own some common stock in the bank, and because they enjoy limited liability, they often engage in risky ventures which are optimal to their personal advantage but which are very excessive from the social point of view. Excessive risk here means risk that may either increase or decrease the value of a bank's asset but whose expected effect on banks value is negative (Lucien & Spamann). Some banks in the past attempted to check excessive risk taking by bank executives by tightening the link between the design of pay arrangements and shareholders' interests. But this alone cannot eliminate excessive risks because common shareholders could benefit from taking risks that are socially excessive. Hence, bank executive are sometimes encouraged by shareholders to take these excessive risk so that they make more profits.

Therefore, the compensation structure of bank executives can cause them to take excessive risk and vice versa and this complicates their objectivity as far as risk management is concerned since most often they usually have their interests to protect. Empirical studies have documented that CEOs who are insulated from shareholder pressure and do not receive high-powered pay are less prone to engage in risk-taking (Lucien & Spamann, 2010). Now, if we try to establish an agency relationship between the executives of the bank (insiders) and the shareholders we will realize just as (Lucien & Spamann, 2010) puts it that when compensation arrangements are flawed, it is common to look for agency conflicts between insiders and shareholders as source of the problem of excessive risk taking and corporate governance reforms as solution.

So, going back to the question on whether the Board of Directors is incapable of controlling risk taking, we may be tempted to say, yes if they are not checked because they will always want to maximize their benefits at the expense of other stakeholders and at times even at the expense of other parties also represented in the board. Therefore regulations should be geared towards preventing top executives in banks from taking risks that is socially excessive, yet privately optimal.

At this juncture, I will like to expand a bit further to see why excessive risk taking is aggravated in big banks especially in the USA. The biggest banks in the USA (as well as in many major world economies) are not stand-alone entities, but subsidiaries of financial conglomerates, known as bank holding companies in the USA.

Lucien & Spamann (2010) explains that modern US bank holding companies received a substantial share of their compensation not in common shares, but in options on such shares. This further has more risk incentives than the common shareholders holding companies.

Also, risk monitoring and risk control in banks by the providers of finance plays an important role in risk taking by executives. But it is important to mention here that many deposits in banks are covered under deposit insurance by the government, this reduces the incentive of creditors to monitor risks (moral hazard) and further increases the incentive of bank executives to take excessive risks (adverse selection) which they would not had it been the deposits were not covered. Small creditors too have insufficient funds to monitor risk taking and often prefer to benefit from risk monitoring as free riders. This further explains how complicated it is for the board of directors to keep aside personal gains and engage in risk taking objectively.

According to Levine (2004), banks possess two special traits that complicate risk management in banks namely: opaqueness and the fact that banks are often covered by deposit insurance from the government.

Beginning with opaqueness, this trait points to the fact that there is usually information asymmetry between insiders and outsiders and this makes it very difficult for diffuse equity and debt holders to monitor bank managers (Levine 2004). Due to conflicts of interest between debt holders and controlling owners of banks, there is always a disagreement between these two parties when it comes to risk taking. Debt holders are very sensitive when it comes to risk taking because they do not enjoy any upside potential from risk taking but do on the downside if the bank cannot service its debts. The opacity of banks makes it very complicated for debt holders to monitor risk in banks (Levine, 2004).

Still because of high information asymmetry caused by the opaque nature of banks it becomes very difficult to design incentive contracts that align managers' interests with bank equity holders. Furthermore, since managers frequently control the boards of directors that write the incentive contracts, managers of opaque banks can often design compensation packages that allow managers to benefit at the expense of the long-run health of the bank (Levine 2004).

Levine (2004) also points out that opaqueness also makes it easier for insiders to exploit outside investors and the government. The second aspect that we are going to examine here that makes banks different from other corporations is government regulation.

Firstly, it is important to mention that government regulation of banks through deposit insurance has a great implication regarding corporate governance in banks. Levine (2004) explains that deposit insurance has three main effects regarding the corporate governance of banks:

1. It reduces the incentives of depositors to monitor banks 2. It induces banks to rely less on uninsured creditors with incentives to monitor and more on insured depositors with no incentive to exert corporate governance. 3. Deposit insurance also strengthens the central banks role as lender of last resort and this have helped produced banks with very low capital assetratios relative to other firms. And as this capital falls, this increases the incentives of controlling owners to increase the riskiness of the bank.

IV.


# Bank and Auditor

If there is to be a positive legacy of the financial crisis, it must be in the lessons that market participants have learned from extremely challenging times. As with all stakeholders in the banking crisis, bank auditors must seek lessons to be learned.

Auditors play an important role in financial markets, promoting confidence in financial information provided by banks and other financial institutions and acting as a discipline for directors and management. This report seeks to identify incremental improvements in the functioning of the system in the future. Auditing and the regulatory framework that supports auditing have generally held up well in the crisis. The necessary reforms to the auditing regulatory framework implemented after the collapse of Enron seem to have stood up to their first major test. However, questions have been asked, including by the UK House of Commons Treasury Committee, about the value of bank audits, since auditing did not provide forewarning of the banking crisis. The European Commission, in its Green Paper on Corporate Governance in Financial Institutions and Remuneration Policies, issued in June 2010, asks questions about the scope of auditor responsibilities, covering areas similar to some of the proposals in this paper. While this report is based on UK experience, we believe that its analysis and proposals will be of wider interest.

The purpose of audits is to provide greater confidence in information provided by directors through an independent opinion on its truth and fairness. This is the same for banks as for other entities presenting audited financial statements. For banks, regulators and supervisors provide an additional defense, albeit with different objectives and different primary stakeholders.

One way for auditors to respond to the crisis is by suggesting changes to regulation, financial reporting standards or auditing standards. Indeed, we suggest some areas where long-term changes could be made in these areas. However, such changes take time and auditors can also take more immediate steps to promote positive improvements through market-based solutions and better communication.

Perhaps more than anything else, politicians ask questions about professional judgement when discussing the role of auditors. An auditor's work is conducted under a framework of professional standards, covering auditing, ethics and financial reporting, and of legislation and regulation.

Much of this work is behind closed doors, therefore the impact of an audit on financial statements and on the discipline provided by internal controls is not visible. This helps to explain why questions may arise about the exercise of professional judgement by auditors. If there is one big lesson from the crisis for auditors, it may be that more needs to be done to explain the value of audits to those outside the audit process. Making more information available about discussions between auditors and banks could increase the value placed on audit and thereby increase market confidence.

On a personal note, I would like to thank the contributors to this report, including the stakeholders we interviewed for their time and ideas and working party members for their hard work, support and openness. Preparing this report has been challenging. We acknowledge that many of our proposals, if implemented, would lead to additional work for auditors. However, in developing our proposals, we have been guided by the views of banks' stakeholders. Our aim throughout has been to address their concerns.

The financial crisis has shown clearly that excessive risk taking is very harmful to the health of the global financial economy and it is time that auditors need to re-examine how they assess risks. This recent financial crisis which can only be compared to that of the great depression of the 1930s shows how banks failed miserably in monitoring and assessing risks. Excessive lending to bank customers who could not pay back the borrowed amount caused liquidity in banks to dry up and escalated the financial crisis.

According to a report published by the Global Audit Information Network (GAIN) in 2009, the impact of the global financial crisis on many organizations around the world necessitated some research to measure the extent to which the crisis has impacted on internal audit activities. Mindful of the above, the Institute of Internal Auditors (IIA) and IIA Research Foundation (IIARF) conducted a survey in early March 2009 asking participants -mostly CAEs -specific questions regarding the overall impact of the economic slowdown on their organizations and, subsequently, their overall internal audit efforts. An analysis of the survey uncovered five key findings:

1. The economic recession has impacted not only organizations, but their respective internal audit activities as well. 2. Internal audit activities are transitioning risks that received extensive focus in recent years and concentrating more on emerging risks that resulted from the changing economic conditions.

3. A majority of respondents disagree with the statement that better risk management could have played a role in preventing the current crisis, yet most respondents agree internal auditing could have done more to assist their companies in identifying key risks. 4. Changing stakeholder expectations are impacting the focus of internal audit efforts. 5. Internal audit oversight and coverage of emerging risks associated with the acceptance of government stimulus funds are lacking.

The authors of this report further explained how Enterprise Risk Management (ERM) was able to alert some organizations on the perils of sub-prime loans, while in other places such as the financial services sector, ERM failed to do so. As the authors explain, organizations where ERM was not able to predict the current financial fallout share a number of common traits:

1. Barriers to full ERM implementation due to a lack of senior management support for risk management. 2. Ineffective risk identification and assessment channels.


# A lack of a clearly documented and communicated

risk appetite that defines the amount of risk the organization is willing to accept in pursuit of its objectives. 4. Fragmented ERM reporting. 5. Lack of ongoing risk monitoring. Mindful of the above, the authors suggest in their report that to ensure risk management efforts are effective and to properly identify key risks, internal auditors need to learn from the mistakes offered by current risk management failures.


# "Internal auditors have a historic opportunity to use the lessons learned from the current crisis to promote the creation of newly integrated ERM (Enterprise Risk Management) processes or to enhance existing ERM processes within their organization,"

State George Aldhizer, Ph.D., CIA, associate professor at Wake Forest University, and Mark Stone, authors of the report.


# "The global crisis has caused the majority of audit committee members and chief financial officers to reconsider the adequacy and effectiveness of their company's processes for managing business risks."

Also, as suggested by the authors of this report, internal auditors, explain Aldhizer and Stone, can persuade boards and their audit committees that the risk of fraudulent financial reporting and asset theft is skyrocketing, in part because many organizations have not adequately identified, assessed, and mitigated key external or strategic, operational, and compliance risks over the past few years.


# Excessive risk taking and the global financial crisis; Where do auditors come in?

The question that arises now is whether proper internal auditing could prevent this recent financial crisis or mitigate future occurrences of such an economic down turn?

Furthermore, as both business advisors and the eyes and ears of the audit committee, internal auditors are well positioned to improve existing ERM processes by stating that primary ERM leadership should be within a board-level risk committee or chief risk officer (CRO) that has substantial practical risk management experience.

Most importantly, the authors further suggest that internal auditors can promote a common definition of risk management throughout their organization, as well as a uniform definition of events posing the greatest risk to their organization's ability to achieve strategic objectives.

These and other recommendations, provided in the report, will go a long way in enhancing the ability of internal auditors to determine whether existing risk management efforts are on the right track and ensuring their organizations do not partake in activities that could hinder financial and overall corporate stability V.


# Discussion and Critical Evaluation

From the above general literature review, we have seen clearly that the global financial crisis erupted mostly as a result of risky undertakings by many companies and financial institutions. The fact that banks are financially leverage institutions that make money by taking risks further complicates the boundaries as to what should be considered appropriate risk. After this crisis many corporate governance reforms have been put in place especially those linked to internal risk management and the responsibility of internal auditors have been broadened and emphasis have been placed on internal risk control and management.

Auditors need to advice their clients on matters concerning excessive risks and notify the independent members of the board of directors any deviations from the maximum risky bench marks set by the company. This is because, just as we have seen above, CEOs of many banks often undertake excessive risks since they are often insulated from any down turns from those risks but receive very large bonuses if these risky ventures turn out good at the expense of the common stock of the shareholders.

As to whether auditing could prevent this recent financial crisis? A direct yes to the question will still be subject to certain qualifications likewise also saying that proper auditing and internal risk control would not have reduced the magnitude of the crisis is also very problematic since many studies show different results. What is true and certain is that auditing profession needs to evolve with the world of business and banks and companies need to develop 21 st century internal risk control and management systems to meet 21 st century business challenges.

Previous corporate scandals and the recent financial crisis also points to the fact that there is need for proper accounting procedures in companies' especially financial institutions. Fair value accounting also needs to be re-visited if need arises. Also to make accounting information reliable companies must conform to the recent corporate governance reforms post SOX that advocates the constant rotation of external auditors who will subject the accounts of all the companies under serious scrutiny and present an audit report at the annual AGM as to whether the accounts present a true and fair view of the business in question. Keeping the same audit firm for a long time (say more than five years) in the same company as external auditors can complicate the objectivity of auditors and impair their independence. This is because this audit firm may be afraid of losing a lucrative client.

The financial crisis has also shown that a complete reliance on accounting information contained in the financial statements can be misleading at times since most of accounting today is on an accrual basis. According to Fitzsimons et al (2010), the proposed SAS would also include requirements and guidance on misstatements of individual accounting estimates and indicators of possible management bias. Regarding risk assessment and related activities, the proposed SAS will require the auditor to: ``In responding to the assessed risks of material misstatement, the proposed SAS would require the auditor to consider whether specialized skills or knowledge...are required to obtain sufficient appropriate audit evidence´´ Source: Fitzsimons et al (2010).

The above means that the auditor must determine whether any of those accounting estimates that have been identified as having high estimation uncertainty give rise to significant risks.

Norman (2010) pointed out that throughout his life; he always firmly believed that the CAE (Chief Audit Executive) should report functionally to the chair of the audit committee and administratively to a top executive, such as the chief financial officer (CFO). But he is no longer sure that is optimal when he became CAE of a global business.

Norman (2010) explains that the New York Stock Exchange's (NYSE'S) Listed Company Manualprovides Additional guidance. Applicable to all companies with securities listed on the Exchange, the manual has a section on "Audit Committee Additional Requirements." One of the audit committee's duties is specified as: "discuss policies with respect to risk assessment and risk management." The manual states: While it is the job of the CEO and senior management to assess and manage the listed company's exposure to risk, the audit committee must discuss guidelines and policies to govern the process by which this is handled. The audit committee should discuss the listed company's major financial risk exposures and the steps management has taken to monitor and control such exposures. The audit committee is not required to be the sole body responsible for risk assessment and management. ... Many Companies, particularly financial companies, manage and assess their risk through mechanisms other than the audit committee. The processes these companies have in place should be reviewed in a general manner by the audit committee, but they need not be replaced by the audit committee.

The above clearly complicates the actual person on which the responsibility of the provision of risk oversight rests (Norman, 2010). In order to get reliable assurance, Norman (2010) further suggested that:

It will be very important that the governance committee or its equivalent should address to whom the CAE should report, as that committee is generally responsible for determining board and committee performance, updating charters, etc. It should consider: Who are internal auditing primary customers? Who needs to provide input into internal auditing planning process and receive reports after it completes engagements? Etc. he also suggested that interesting: ``? to see whether CAE (Chief Audit Executive) reporting relationships change as boards address their risk oversight responsibilities and consider the value that internal auditing can provide In filling the assurance void´´. Source: (Norman 2010).


# VI.


# Conclusion and Recommendations

From the above I conclude that the global financial crisis came as a result of excessive risk taking on the one hand and high irresponsibility on the other hand. It is true that auditing might have gone a long way to reduce the gravity of this crisis. But to mitigate future occurrences, it is going to take more than just auditing to prevent it since much research points to the fact that auditing alone was not enough to stop the crisis. Therefore, the various stakeholders involved in business management (CEOs, auditors, employees, government...etc) must stand up and do their home work. Auditors must also try as much as possible not just to do the thing right but also endeavor to do the right thing. This calls for the incorporation of a professional code of ethics and conduct in all business and a need for each stakeholder to acknowledge that the other affects us despite ourselves so that they will not be narcistic while their carry out their functions in the business.

		
		
			

				


* 
	
		Risk Management and Financial Institutions. Pearson Education
		
			JHull
		
		
			2007
		
	




* 
	
		Review of Business
		
			APFitzsimons
		
		
			LSatenstein
		
		
			BRSilliman
		
		
			2010
		
	




* 
	
		Harvard Law and Economics Discussion Paper No. 641
		
			LucianABebchuk
		
		
			SHolger
		
	
	
		Georgetown Law Journal
		
			98
			2
			
			2010. Spring 2010
		
	
	Regulating Banker´s Pay




* 
	
		Issue 2
		
			10
			p
		
	




* 
	
		Corporate governance in the Financial services sector
		
			HMorrison
		
		
			LindaJ
		
		
			CPaton
		
		
			2007. 2007
			Q Emerald Group Publishing Limited
			7
			
		
	




* 
	
		Internal Auditor, Global Financial Crisis
		
			MNorman
		
	
	
		AUDITORS' reports
				
			2009. 2008-2009. Dec 2010
			67
			p
		
	




* 
	
		Knowledge Alert, the Financial Crisis and its Impact on the Internal Audit Profession
		
		
			2009
		
	
	Available online at




* 
	
		Structural causes of the global financial crisis: a critical assessment of the 'new financial architecture'
		
			JamesCrotty
		
	
	
		Cambridge journal of economics
		
			33
			
			2009
		
	




* 
	
		Financial Statement Fraud: The Need for a Paradigm Shift to Forensic Accounting
		
			IfedapoAwolowo
		
		
			Francis
		
		
			2016
			7
			23
		
	




* 
	
		The financial crisis and the policy responses: An empirical analysis of what went wrong (No. w14631)
		
			JBTaylor
		
	
	
		National Bureau of Economic Research
		
			2009
		
	




* 
	
		The aftermath of financial crises (No. w14656)
		
			CMReinhart
		
		
			KSRogoff
		
	
	
		National Bureau of Economic Research
		
			2009
		
	




* 
	
		A cross-firm analysis of the impact of corporate governance on the East Asian financial crisis
		
			TMitton
		
	
	
		Journal of financial economics
		
			64
			2
			
			2002
		
	




* 
	
		Global financial crisis: The challenge to accounting research. Accounting
		
			PJArnold
		
	
	
		Organizations and Society
		
			34
			6
			
			2009
		
	




* 
	
		The global audit profession and the international financial architecture: Understanding regulatory relationships at a time of financial crisis. Accounting, organizations and society
		
			CHumphrey
		
		
			ALoft
		
		
			MWoods
		
		
			2009
			34
			
		
	




* 
	
		The real world of Enron's uditors. Organization
		
			CGrey
		
		
			2003
			10
			
		
	




* 
	
		The Enron scandal and the neglect of management integrity capacity
		
			JAPetrick
		
		
			RFScherer
		
	
	
		American Journal of Business
		
			18
			1
			
			2003