Audit & Risk

Lessons from Enron must not be forgotten ten years on

It’s the tenth anniversary of Enron’s collapse in December 2001. It was followed by fraud revelations at other organisations, WorldCom being the most memorable.

in CEO Blog.

Together, the impact on investors was devastating. Many of Enron’s shareholders were employees who lost pension pots. During that period, $15bn of fines and shareholder compensation was paid and top executives of the companies concerned went to prison. 

The investigation into Enron’s collapse highlighted the outsourcing of internal audit to its external auditors, Arthur Andersen, as a major factor in the company’s downfall. This created a conflict of interest that stopped dubious accountancy practices being exposed sooner.

In the UK, some of the lessons of the Enron collapse were written into what is now the UK Corporate Governance Code or the guidance issued under the Code. For example, the Guidance to Audit Committees requires them to provide an explanation of how external auditor objectivity and independence is safeguarded if the company’s external auditor also provides it with non-audit services, including internal audit. 

In the wake of the 2008 financial crisis, external audit’s role as a tool to rebuild investor confidence is again a central theme. The EU’s proposals to reform the audit market, announced last week, include a ban on audit firms offering non audit service, including internal audit, to their external audit clients. 

Many say there’s a strong case for supporting this, to improve the quality of external audit. We support the proposal because it will help improve the quality of internal audit. Internal and external audit must be independent of each other for good corporate governance to flourish and renew trust amongst investors. It’s owed to those affected by catastrophic governance failure before and during the financial crisis to ensure that nothing stands in the way of effective corporate governance. Lessons learnt must not be forgotten.

Ian Peters, CEO at the IIA

The IIA: find out more

Visit the main IIA site


AVP Operations Audit

Sector: Banking & Finance – Investment, Financial Services
Salary: To £75,000 + bens + bonus
Location: London UK
Our Ref: IM/119350

Programme Auditor

Permanent Full Time 36 hours
PO6 £32,453 - £35,309
Ref No: FN-03-015

Careers advice

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Room to grow

If you feel stuck in your role or sector, yet are keen to progress in an internal auditing career, what are your options? You could become a non-executive director or contribute your experience to higher education, suggests Ann Brook CFIIA.

Time to volunteer

Rachel Bowden, chair of the IIA’s Guidance Working Group, explains why she started volunteering and what she has gained from the experience.

Training & Development

What every director should know

Two years after its first publication, the IIA has published an updated and revised version of its "What Every Director Should Know" guide. So what's changed and who should read it?

A global future

Our recent announcement of our agreement with IIA Global to introduce the CIA certification and the new Qualification in Internal Audit Leadership (QIAL) has benefits for all members. It’s a step that will not only provide student members with a more flexible exam system and a globally recognised certificate, but will also add a new senior-level qualification for heads of internal audit. So what will this mean for you?

Training: drivers of positive change

I need to be sure that everyone works to the same standard, no matter what other qualifications they hold or what professional field or country they come from, says
Mark Carawan, chief auditor, Citigroup


Join the dots

In the kingdom of the blind the one-eyed man might be king, but today’s technology means that any one-eyed – or blinkered – internal audit team will be falling well behind the leaders and missing out on huge opportunities for their own roles, their function and for their businesses. If you are spending too much time doing admin, yet still lack the data and oversight you require, you need to think seriously about your future, according to technology solutions provider ACL.

How to prevent internal data breaches

While organisations pour millions into protecting themselves from external cyber attacks, few spend much time considering the effect of an attack by a disgruntled employee, who already has authorised access to the corporate network. Yet such attacks can be deadly. T K Keanini, CTO at Lancope, explains what organisations can do to ensure they are better protected.

What every director should know

Two years after its first publication, the IIA has published an updated and revised version of its "What Every Director Should Know" guide. So what's changed and who should read it?