Audit & Risk

Lessons from Enron must not be forgotten ten years on

It’s the tenth anniversary of Enron’s collapse in December 2001. It was followed by fraud revelations at other organisations, WorldCom being the most memorable.

in CEO Blog.

Together, the impact on investors was devastating. Many of Enron’s shareholders were employees who lost pension pots. During that period, $15bn of fines and shareholder compensation was paid and top executives of the companies concerned went to prison. 

The investigation into Enron’s collapse highlighted the outsourcing of internal audit to its external auditors, Arthur Andersen, as a major factor in the company’s downfall. This created a conflict of interest that stopped dubious accountancy practices being exposed sooner.

In the UK, some of the lessons of the Enron collapse were written into what is now the UK Corporate Governance Code or the guidance issued under the Code. For example, the Guidance to Audit Committees requires them to provide an explanation of how external auditor objectivity and independence is safeguarded if the company’s external auditor also provides it with non-audit services, including internal audit. 

In the wake of the 2008 financial crisis, external audit’s role as a tool to rebuild investor confidence is again a central theme. The EU’s proposals to reform the audit market, announced last week, include a ban on audit firms offering non audit service, including internal audit, to their external audit clients. 

Many say there’s a strong case for supporting this, to improve the quality of external audit. We support the proposal because it will help improve the quality of internal audit. Internal and external audit must be independent of each other for good corporate governance to flourish and renew trust amongst investors. It’s owed to those affected by catastrophic governance failure before and during the financial crisis to ensure that nothing stands in the way of effective corporate governance. Lessons learnt must not be forgotten.

Ian Peters, CEO at the IIA

The IIA: find out more

Visit the main IIA site


Senior Auditor

Salary: £26,293 - £28,746
Post Ref: C/50093182
Directorate: Finance, Assets and Information Services
Service: Finance
Closing Date: 25th September 2015, at 11.59pm
Location: Westgate Plaza One, Barnsley, South Yorkshire
Hours of Work: 37
Temporary until the 31st March 2016 with the possibility of extending this to the 30th June 2016
Job is open to Job Share / Suitable for Secondment

Group Auditor

Permanent, full time 37 hours per week
Salary: Grade 3 - £31,845 to 37,842 per annum

Reference: 624

Careers advice

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Room to grow

If you feel stuck in your role or sector, yet are keen to progress in an internal auditing career, what are your options? You could become a non-executive director or contribute your experience to higher education, suggests Ann Brook CFIIA.

Time to volunteer

Rachel Bowden, chair of the IIA’s Guidance Working Group, explains why she started volunteering and what she has gained from the experience.

Training & Development

Tap into a rich resource

The IIA's website has loads of useful and important resources for members and the institute is committed to improving services by putting digital at its heart. So what is available – and where can you find it?

What every director should know

Two years after its first publication, the IIA has published an updated and revised version of its "What Every Director Should Know" guide. So what's changed and who should read it?


The seven deadly sins of incident response

Brandon Tansey, security research engineer at Lancope, explains the seven (actually, eight) most common mistakes that companies make that leave them exposed to ever more frequent and serious attacks on their networks.

Top tips for protecting data

Data breaches are a part of daily life and sooner or later it's likely to happen to you. You can't stop everything, but, says Dietrich Benjes, vice-president at Varonis, you can put basic measures in place that will make it harder to steal data and keep your protection plans up to date.