The audit punch-bag: Where is the voice of industry?

Punchbag auditStorm clouds are gathering over the audit market. Government, politicians, media and regulators are all queueing up to condemn companies and auditors over the few, but well-publicised, failures of certain companies. Lack of knowledge about the audit process is no bar to these opinion-formers. Meanwhile industry bodies are supine in defending business and signally failing to provide the missing knowledge as to what actually happens and what went wrong.

Having attended some 200 Audit committee meetings across 10 companies of all sizes and ownerships over the last 25 years, I have seen how audits actually work for companies and shareholders.

Is there a fundamental problem with the audit process?

There are hundreds of thousands of audits completed every year in the UK. There has been a handful of, admittedly large, company failures in recent years. There are even fewer cases where an auditor has been found culpable, remembering that it is not an auditor’s job to stop a company failing. There certainly have been issues in auditing, like any business, but it is not legitimate to conclude that the system is fundamentally flawed based on a few examples.

Has greater regulation helped in the past?

In 1998, I along with many other Finance Directors pleaded with the then competition regulator, the Monopolies and Mergers Commission, not to allow the merger of Coopers & Lybrand with Price Waterhouse. This, coming soon after the demise of Arthur Anderson, would mean that we would be left with only four global auditing firms. Industry was ignored, as the regulator knew better and convinced itself that competition would be maintained. Move forward 20 years, and the current regulator, the Competition and Markets Authority, is without a single blush of shame, looking at whether the Big Four are too concentrated. Industry told them 20 years ago that this was a bad thing. What chance that the regulator will listen to industry this time?

The European Union decided in 2014 that the answer would be compulsory tenders and controls on non-audit work. This hasn’t increased competition between auditors and especially non-Big Four, who haven’t won more work. It has created an industry in pitching for new audits, which itself disadvantages the smaller players who cannot afford such expense and who are increasingly not bothering to pitch for larger company work. Moreover, the banning of a company’s auditors from doing non-audit work has actually reduced choice where other Big Four firms are already providing tax, advisory or internal audit services. The choice can end up between two firms, one of whom might then be ruled ineligible as a long-standing incumbent.

In the UK, audit quality is monitored by the Audit Quality Review team, part of the Financial Reporting Council. It reviews about 25 audits for each of the Big Four and a handful each for another four firms. The reviews are effectively an audit on the audit. Although the AQR says that it contacts each Audit Committee Chair at the start and sometimes at the end of each review, there is no evidence in the reports that any weight is attached to their views. For example, the typical Audit Committee concerns; responsiveness, clarity on technical issues and speed are not mentioned in these reports. It is clear that the regulator feels it knows best what makes a good audit.

In short, the evidence is that greater regulation and intervention have proved at best ineffective, largely counter-productive and have actually reduced competition in the audit market.

Is new regulation going to help?

The Government has asked the Kingman inquiry and the CMA to look at aspects of the audit process. There are two key themes; increasing competition in the audit market and looking at a regulator taking over the responsibility for appointing a company’s auditors.

Increasing competition in the audit market

Commentators often wonder why so many companies, especially large ones, principally use the Big Four. The answer is simple. Multinational companies need to be sure that they will get a high-quality audit in all their countries, and the Big Four have the best international networks. Coordinating different auditors in different countries with different technical outlooks and rules is an unwanted significant additional complexity for companies.

There are high quality people in all audit firms, but, from my experience, there is significantly less quality in depth in the non-Big 4. They don’t have the resources, attractiveness and career development that the largest players do. If the objective is higher quality audits, forcing companies to employ less well-suited auditors is a strange response.

Breaking up the Big Four would be very problematic. These are international alliances of companies, so breaking up the UK firms wouldn’t solve the issue the international issue. It is very difficult to imagine that a coordinated multilateral effort could successfully break up the alliances across the world. The Government could encourage or subsidise the non-Big Four to merge, invest, grow their expertise and better develop international partnerships, but this feels pretty tricky. The most plausible change would be to force UK firms to divest all their non-audit work. The auditors worry that this would make audit firms less attractive as employers, and that this would damage audit quality. They may well be right, but industries also have a habit of accommodating such change, not least by increasing salaries.

A regulator appointing auditors

Some believe that companies select auditors who are more malleable to management. However, I can find no suggestion that some auditors are too lenient in any of the AQR reviews of audits, nor indeed any other evidence of this anywhere else. My experience from seven tenders that I have participated in, is that auditors are chosen largely on how sharp, commercially-aware and technically-competent the lead partner and top team are. Never has an auditor even implied that they would allow management more leeway than others. Moreover, if this were the case, then our whole governance structure with independent non-executives and audit committees would be failing. The answer then would be in governance change, rather in imposing audit appointments.

On what basis would a regulator appoint an auditor to an individual company? Would they use sector expertise? This would inevitably lead to a greater concentration of audits as it would be self-reinforcing. Would it be a cab-rank principle like barristers? But this couldn’t cope with companies needing sector-expertise or international coverage. How would allocating audits on a ‘buggins’ turn basis contribute to effective competition between auditors? If a company were allocated a poor performing audit partner, what recourse could it have when the audit is imposed on them? And how would this enhance competition?

An audit does much more than simply agree a profit number. A good audit works closely with management in order to get under the skin of a business and use that knowledge to make judgements, challenge assumptions, identify risks and suggest improvements in processes. The Audit Committee, in consultation with management, is in a good position to assess an auditor’s success in achieving this. How would a regulator be better placed to make this call for an individual audit, along with thousands of other appointments that it would have to make?

There is a problem, but how do we get to a solution?

There are issues with the quality of some audits, but there is no evidence that this is widespread. In fact, the continued repetition of Carillion and BHS as evidence actually suggests that there are relatively few known examples. Clearly there were issues to investigate at Carillion, BHS, Patisserie Valerie, and Conviviality, but no-one is really trying to understand how the audit process contributed to those failures. The media, government, Select Committees and regulators have focussed on allocating blame to individuals. This is not the same as understanding what happened. In fact, searching for blame is pretty much guaranteed to block thoughtful impartial analysis.

It does make sense not to allow any company to become too important to an audit firm. It may well be helpful to separate out completely non-audit work from all audit firms. But making auditors more nervous and cautious about signing off a company’s going concern statement won’t save companies from going bust. In fact, it is likely to increase it, as companies that could perhaps have been saved, have to through in the towel after being unable to get their accounts signed off as a going concern.

The current pressure to increase audit regulation is likely, on past experience, to be counter-productive. It may buy some good headlines for a beleaguered government, but responsible regulation has to be built on evidence, clear thinking and understanding of all the consequences (whether intended or not). It also requires the humility that would come from accepting the failures of past measures and decisions.

The likelihood is that we will end up with more regulation proposed by the ‘great and the good’, few of whom have actual experience of company audits, based on little evidence, but genuflecting to politicians with little or no understanding of business.

And where is the voice of business? The trade bodies remain craven to the government and fearful of a political backlash. The accountancy bodies, dominated by auditors, keep their heads down. It is no wonder that companies are likely to end up being the punch bag for yet more political games.

 

Advertisements

Motherhood & apple pie – the latest corporate governance regulations for private companies

Wates cover

The FRC has set out new proposals for more corporate governance regulation (the Wates Report) for large private companies.

This is my response to the consultation.

 

 

 

Summary

High quality regulation should focus on outcomes and provide evidence to support new rules and principles. Both the government and the FRC seem to be impervious to either. The Wates proposals identify neither outcomes nor evidence. They require private companies to disclose more about governance, but don’t identify who will use this information nor what they will do with it.

The FRC has missed another opportunity to research and think deeply about why companies get into difficulties and how it can reduce the likelihood of this happening. Clear corporate governance is probably a ‘good’ thing for all companies, but there is little evidence that it actually leads to better outcomes. The corporate governance principles proposed for private companies are well-meaning and are hard to disagree with, but, as currently written, are not specific enough to be other than a gentle nudge to companies, and more likely a cause of more boiler-plate wording in annual reports. A few specific questions for companies to answer would give clearer disclosure. The Principles need also to be applied to the actual governance of companies, rather than their legal structures.

 

  1. What is the objective?

It is not clear what the objective is of this exercise. Paragraph 2 talks about a loss of public trust in big business. Paragraph 3 refers to the ‘privileges of limited liability status’ and lower reporting and accountability requirements than listed companies, highlighting public interest in whether companies ‘operate in a sustainable and responsible manner’. The Consultation Questions explain that ‘The Principles and the guidance are designed to improve corporate governance practice…’ Presumably, the assumption is that ‘good’ corporate governance will build public trust. Sadly, the evidence from the listed arena is that this is not true. Carillion, for example, complied very closely with the Corporate Governance Code.

The foreword explains that the Principles are intended to help companies comply with a new legislative requirement on governance. The FRC is simply responding to a government edict. Without a clear objective, it is not easy to test whether the principles meet their aim, other than to turn a vague statutory requirement into something that companies can comply with.

There is no estimate of how many companies will be caught by those provisions, nor how much it will cost to comply, and least of all any idea of what the benefit will be.

 

  1. Are the Principles sufficiently specific to achieve the objective?

The Principles themselves are a set of very high-level statements, with which it is difficult to disagree. It’s unclear how a company can realistically claim not to comply with them. Turn each of the sentences into the negative and see who would claim that this applies to them;

  1. The board does not promote the purposes of the company.
  2. The board does not have an effective chair. The size of the board is not guided by scale & complexity of the company.
  3. The board does not have a clear understanding of its accountability and terms of reference.
  4. The board does not promote the long-term success of the company.
  5. The board does not promote executive remuneration aligned to sustainable long-term success of the company.
  6. The board does not have meaningful engagement with material stakeholders.

 What status does the more specific “guidance for consideration” have? It appears to be largely discursive, so would not need to form part of a company’s assessment as to whether it complies with the principles.  It seems that the FRC has pulled back from being too prescriptive, but in doing so has ended up with principles that, whilst undoubtedly worthy, are largely motherhood and apple pie.

 

  1. Do the Principles and guidance take account of the various ownership structures of private companies?

The Companies (Miscellaneous Reporting) Regulations 2018 confuses legal structure and governance. Legislators appear to believe that every company has a board that manages that individual business on a day to day basis. This may be true of some independent companies, but it doesn’t take account of group structures. A number of subsidiary companies may together constitute a group, which is managed by a board at that level. The size tests apply at company, rather than consolidated level. Yet many holding companies do not directly employ significant numbers of employees, not have large revenue themselves. The Regulations will therefore miss some large groups that are presumably the principal intended target of this legislation. It may also cause subsidiaries to invent bogus governance to comply or have to explain why they don’t comply.

The FRC should make it clear that the Principles apply to the board that actually constitutes the main governance for each entity, irrespective of the legal structure, provided that this is explained and disclosed in each company annual report. A subsidiary could simply report that its main governance structure sits with a parent entity and that details will be found in that company’s report and accounts.

The FRC should also clarify that the tests for the need to comply (employee numbers, turnover and net assets) should apply to the consolidated accounts, rather than the parent company alone.

 

  1. What more could be done?

To make these proposals have any meaning, the FRC should consider making adequate disclosure a key part of the Code. I appreciate that this is implied, but it should be made explicit and specific. The proposals in the guidance could be backed by a small set of simple disclosure requirements;

Purpose

  1. Describe the values by which the Board and the Company operate.
  2. How does the Company promote behaviour in line with its values whilst discouraging misconduct and unethical practices?

Board composition

  1. How are board members appointed and what relationship does each have with the shareholders or parent group?
  2. What does each board member bring to the board?

Board responsibilities

  1. Describe how the board governs the company, including through use of subcommittees.
  2. How does the board ensure that the company systems and controls work effectively?

Opportunity and risk

  1. How does the board evaluate and manage risk?
  2. What is the board’s appetite for risk?

Remuneration

  1. How does the board set remuneration for directors and senior executives?

 

This list of disclosure questions should be kept short and high level. The risk is that everyone will want to add a question, but the longer the list the greater likelihood of a box ticking mentality and boiler plate answers. This should be the minimum number of questions that a company would need to answer to give adequate disclosure on the Principles.

 

 

 

How a bow-tie can smarten up corporate risks

BowtieImagine that you are worried about your infirm mother and want to make sure that you do everything to protect her. If you adopted typical corporate risk management practice, you would identify a risk that she falls over. You would then calculate the impact (maybe a broken bone) and then identify some mitigations, such as putting some cushions around her bed or installing a handrail. All sensible, but not very through. What if the consequence were a significant chance of her dying? Would you then want to do a more comprehensive risk analysis?

Understanding corporate and financial risks is becoming an increasingly important part of any board’s job. Most companies seem to use this same basic format. However, one of the biggest problems in traditional corporate risk analysis is the general, catch-all nature of ‘mitigations’. Anything you do to reduce the risk or ameliorate the impact is classed as a mitigation. This causes glib generalisations and sloppy thinking.

Good risk management has to be very specific and very clear. You won’t protect your mother from falling by saying that you’ll ‘keep an eye on her’. You would need to be very specific about who does what, when and why.

Typical risk analysis in an annual report

The Principal Risk section in an annual report typically has a description of the risk, its potential impact, mitigations and whether the risk is getting bigger or not. I’m not sure of the value of the trend, as it is surely more important to concentrate on size of the absolute risk. However, it’s the catch-all mitigations that are the key and these are usually high-level generalisations;

“Adoption of rigorous policies and processes…”

“Regular performance reviews…”

“Deployment of high quality people..”

These are real examples of ‘mitigations’ of a risk that actually brought down a multibillion pound listed company1. But they are also typical of most annual reports.

The bow-tie model

If you want to see best practice in risk management, look in industries where it is literally a matter of life and death, such as oil exploration, aviation, mining and maritime. They tend to use the ‘bow-tie’ model, which can also be applied to financial and corporate risks.

Hazard: The model starts by identifying a hazard. In our example, this would be your infirm mother moving around. She’s safe in bed, but the moment she gets up she opens herself up to a hazard. That hazard may lead to an event.

Event: This is the moment at which you lose control over the hazard. The hazard is her moving around, but the moment she loses control of her movement, ie she trips, it becomes an event. This is close to the typical corporate idea of a risk.

We now look at causation of events;

Threats: These are whatever might cause the event to happen. For example, the lady might have had a few drinks, or she might slip on some water, or she might have a funny turn.

Preventative barriers: These are things that might reduce or eradicate the threat. This would include some actions that would traditionally be called mitigations. In our example, it might include hiding the sherry bottle, or getting a carer to mop the floor or altering her medication.

And there are the results of an event happening;

Consequences: These are the outcomes from an event occurring. There can never be absolute certainty that barriers will work (ie prevent a threat causing an event). You can never be sure that your mother won’t ever fall over, despite your best efforts. It is important therefore to look at the results of such a failure. In this example, your mother might slip and break a leg or be left unable to call for help. These are not the risks themselves, but are possible results of the risk occurring.

Recovery barriers:  These are things that might reduce or eradicate the consequence. Again, these include traditional mitigations, but are sometimes overlooked as it is often assumed that mitigations will stop any event from happening. In this example, you could put an emergency button on your mother’s wrist or put in cushioned flooring.

And then there are escalation factors;

Escalation factors: Few barriers are perfect. There are likely to be reasons why the barrier might fail. These are called escalation factors and can weaken barriers to both threats and consequences.

This model forces a detailed think through of the risks and how to stop these risks form crystallising and if they do, how to mitigate the consequences. Think about the barriers as gates that stop bad things happening, but the escalation factors sometimes force the gates open.

An example of a corporate risk

Here is an example of a corporate risk, that of poor people management leading to resignations of key people, shown as a bow-tie model;

Bow tie diagram

This model shows the threats that might cause those resignations; uncompetitive remuneration, poor culture, inadequate career development and poor management practices. For each of those threats, the model shows what the company is doing to counter or prevent those threats. It also notes that there is an escalation factor, stress on people, that might exacerbate the threat of poor management, but this itself is offset by the use of in-house counselling.

If there were resignations of key people, the company could suffer the loss of key personnel, difficulty in day-to-day management, having to delay new projects, and putting more strain on remaining employees. To try to avoid or minimise these, the company will: conduct interviews to determine if a counter offer would retrieve the employee; use succession planning to identify replacement people who could be reallocated; use consultants if possible; and identify other personnel at risk who could be offered retention bonuses. The latter could be at risk of financial constraints, but the company addresses this by keeping a contingency budget ready for such an eventuality.

What emerges is a complete story of what dangers the company faces and how it is reacting to all of them. This is a much more powerful analysis than the traditional risk, impact and mitigation model.

This model can be used for any corporate risks and to build the risk register. Quantification could of course be added if required. This would be shown as the severity x likelihood of the risk happening without any barriers and then again with the barriers that are currently in force. In our example, the risk of key personnel resigning might be 80%, and this might be judged to cause £10m of damage, ie an unmitigated weighted risk of £8m. You might conclude that with the barriers in place, the residual risk would be 30% and a likely damage of £5m, giving a mitigated risk of £1.5m.

Annual Report

The full model would be too big to include in an annual report, but could be summarised in this way;bowtieannreport.jpg

This format is a useful summary, but the full model is better as a management tool in visualising and explaining the stages of risk management.

Summary

Planning for risks and risk management needs to be done on a detailed and specific level. Generalisations won’t work. Too much risk work that comes to boards is rife with generalisations and bland ‘mitigations’. The bowtie model, developed in industries that deal literally with life and death safety risks forces a proper step by step plan of risks, management processes and actions that either reduce the risk and ameliorate the impact if the risk crystallises, as well as understanding reasons why those actions might fail. This model has a great deal to offer companies in sharpening up their understanding and presentation of corporate risk management.

 

Simon Laffin

1 The risk was ‘Contract management’ and the company was Carillion plc. These quotes are from their last (2016) annual report.

 

 

Carillion – What can we learn?

Carillion vans

The collapse of Carillion was a tragedy, especially for its 45,000 employees and 25,000 pensioners. In an earlier article, I looked at its last Annual Report to see if there had been clues that could have tipped readers off to the impending catastrophe. Since then, we have had Select Committee hearings and their January 2018 turnaround Business Plan has been released. This now gives quite a bit more colour to understand better what happened and what lessons can be learned to improve corporate reporting.

This was a business with a yo-yo strategy and difficult execution

In 2009, Carillion had a strategy review, which concluded that it should halve the size of its UK construction business and double the size of its Middle East and Canada businesses. By 2013 however, Carillion changed its strategy again, and stopped bidding for work in Canada (other than PFI) and would no longer bid for traditional construction work in the Middle East (unless export finance was agreed). However, it seems that the die was cast and long-term contracts already signed in Canada and the Middle East proved fatal in 2018.

It wasn’t just a faulty strategy that was the problem. Its rescue Business Plan1 in Jan 2018, concluded; “The Group had become too complex with an overly short-term focus, weak operational risk management and too many distractions outside of our ‘core’”.

When things went wrong, they appear to have gone wrong quickly

Carillion signed off its Annual report in March 2017. At that time, cash was ‘…broadly in line with the budgeted position for the first couple of months of the year…” (recalled Keith Cochrane2, then a non-executive director, later Interim CEO from July 2017). At the AGM on 3 May 2017, Richard Howson, Cochrane’s predecessor as CEO, announced3 to the markets that; “trading conditions across the Group’s markets have remained largely unchanged since we announced our 2016 full-year results in March.”.

However, at ‘the beginning of May’2 the board learned that the internal reporting of contracts had been incorrect, with management accounts netting off receivables and payables, and therefore reducing the apparent cash risk. The board then commissioned the external auditors (KPMG) to conduct a review of the accounting. This concluded that the published accounts had correctly grossed up the amounts, but that the internal reporting was wrong. This, however, sufficiently unnerved the board that it then commissioned a second report from KPMG, initiated “around the end of May2, to examine the cash recoverability of its largest contracts.

This second KPMG review: “driven largely by a deterioration in cash flows on a number of major contracts, which occurred particularly as we went through Q2” (according to Keith Cochrane2) concluded that there needed to be an £845m provision made.

The provision was announced4 to the markets on 10 July 2017. The auditors5 concluded this some four months after signing off the original accounts.

The business had major risks that weren’t clear from their Annual Report

Zafar Khan, Carillion’s short-lived CFO from January to September 2017, told the Select Committee2;

If you look at the 2016 annual report, and if you look at the key risks identified within that, my view is that the setbacks and issues that we experienced in 2017 were largely related to the risks that we had set out in the 2016 annual report. What was not anticipated at the time was the number of risks that crystallised in the end, and also the quantum of the impact that we had to deal with.”

However, it seems that 6 to 8 long term contracts came to a scheduled end in 2017, but this had not been flagged in the 2016 annual report6. Khan explained2;

“Another factor that I do not think has been given enough attention is that, going into 2017, we had a number of large-ish contracts in our UK construction business that were coming towards completion…We had a good pipeline of opportunities…”

The top risks disclosed in the annual report were;

  1. Work winning
  2. Contract management
  3. Pension liability
  4. Brexit

But the risks that seem to have brought the company down were in fact;

  1. Contract management
  2. Working capital management
  3. Excessive cash outflow breaching debt facilities

All of these are of course linked, and stem from the fundamental problem of poor contract management. Carillion’s stated6 mitigations of the contract management risk were;

Adoption of rigorous policies and processes for mobilisation, monitoring and management of contract performance. Regular performance reviews…Independent peer reviews of contracts…and contract health checks undertaken by internal audit

These mitigations don’t sit easily with admissions now being made by directors.

Long term construction contracts are difficult to manage

Long-term contracts have many complexities and risks, not least as changes are made over several years with cash flow trailing. Keith Cochrane explained2: “If you take the Qatar job…this is a job that had doubled in size. It had 2,500 design variations to it, and essentially we were not paid for 18 months prior to the business failing.”

Richard Howson gave an example2 of Crossrail. The initial contract was for £30m, but by the end of 2014 costs were £90-£100m, with Carillion having been paid only £76m. The final revenue was eventually agreed at £100m and the rest of cash received at the end of the contract.

Zafar Khan put it bluntly2: “Carillion has some quite large contracts…and cash flows on those can change over a short period of time.”

Carillion had to finish long-term construction contracts as it got full payment only at the end, and on many contracts, if it walked away the client could appoint another contractor thereby also losing performance bonds. Carillion didn’t have the right to suspend work on the Qatar contract. The Qatari client, in dispute with Carillion, appointed another contractor in June 2017 to complete the works at Carillion’s cost, also jeopardising its £54m performance bond.

But Carillion contributed to the problems

Philip Green, the Chairman, admitted2; “There were some examples where negotiations around the contract itself were done too quickly, and the lesson learned was that if we had spent longer on the actual negotiations, some of the risks may well have been able to be mitigated.”

Carillion found it difficult to collect cash due on some of its contracts

Keith Cochrane said2; “…as it (the group) sought to exit from certain key markets and start to refocus itself on its core, that required us to take a different perspective on our ability to collect outstanding receivables in those markets.”

But then he suggested2 operational issues:

‘…there was a lot of focus on reported debt across the business. Was there the same focus on collecting cash, day in, day out…?”

There were concerns about the accounting

The new CFO, Emma Mercer, appointed in September 2017, told the Select Committee2 that she saw: “slightly more aggressive trading of the contracts” than in her previous experience.

“As part of Keith’s strategic review, we had changed the way we were looking at some of the services contracts, and that resulted in an increased position at the end of September, in terms of an additional £200m of provision.” Confusingly, the interim results7 published that month, described this provision as having “minimal impact on cash

Emma Mercer explained2 about contract accounting;

“…you have to exercise judgement over all sorts of things: when the contract is going to get finished; how much we are going to receive; if we are claiming against anybody; what entitlement we may have…both the number of contracts we were taking judgement on and the size of those judgements had increased….when we saw the deterioration…because we were already at a more aggressive position, it was very difficult to withstand those deteriorations on those projects.”

The numbers were huge

The May 2017 contract review led to an £845m provision being made. Of this, £375m related to the UK and £400m related to Canada and Middle East, particularly in Oman and Qatar. The Qatar contract alone owed £200m.

In total Carillion wrote £1.1bn off against its contracts, including £215m related to service contracts. In 2017, net debt increased by £850m, £1.1bn higher than expected. It used £834m working capital (of which £371m related to 9 construction contracts). Average net debt was £886m. It then projected1 to use another £234m working capital in 2018 and 2019, including £325m related to nine construction contracts. On top of this, it planned for another £131m cash restructuring cash costs in 2017-19.

Carillion ran out of cash and debt facilities

Carillion tended to focus on ‘cash conversion’, ie underlying cash inflow from operations divided by underlying cash from operations. This seems a strangely static snapshot view for a business based around long-term contracts with complex cash flows. The ‘cash conversion’ over the three years to 2016 was 119%, 104% and 117%, appearing to show a healthy cash generation. But year-end net debt was actually flat over that period at £219m. Underlying cash from operations of course excludes all the bad news; pension top-ups, non-recurring items, interest, tax and capital expenditure.

Reducing net debt was stated as being a key objective in the 2016 annual report, but the amount of net debt wasn’t then given as one of its 14 key performance indicators. Furthermore, focusing on year-end net debt was of little value when you realise that average net debt was more than double this.

In the 2016 annual report, debt facilities were stated as £1.4bn. With only £85m to mature in 2017 and additional funding secured after the start of the year, facilities should have been still around £1.4bn when Carillion went into compulsory liquidation. On 30 June 2017, Carillion had net debt of £571m. We now know1 that average net debt during 2017 was £886m. In December 2017, it announced8 that it had got agreement to defer covenant testing (probably net debt to Ebitda) until April 2018, suggesting that it was at least close to breaching them. Net debt actually rose by £791m in 2017, driven by £834m of working capital outflow.

Using nearly £800m of cash on top of a year start net debt of £200m, would imply a year-end net borrowing of about £1bn, against £1.4bn of facilities. If you add the cash outflow to the 2016 average net debt of £587m, this suggests a pro-forma average debt of £1.4bn. It therefore is easy to imagine that their peak debt outran their facilities of £1.4bn. The fact that the average net debt at £886m was so much lower than this implies that there was a serious ‘run’ on working capital towards the end of the year.

So what lessons are there for reporting from the collapse of Carillion?

Companies should be more balanced in writing about themselves

The Strategic Report must, by law, contain a fair, balanced and comprehensive analysis of the company’s development, performance and financial position.

I suspect that there is a growing practice of annual reports being written by professional writers, thereby becoming increasingly an arm of the PR/communication industry. Carillion’s text in its annual report boasts about pretty much every aspect of their business. This is little different to most annual reports. But in Carillion’s case, ex-directors are now making statements that do not sit comfortably with what the board wrote so recently in the annual report.

An annual report is never going to be an impartial review. What organisations, including regulators and politicians, ever write impartial reviews of their own performance? This is difficult to legislate for, but it may be appropriate to hold directors to account if something goes seriously wrong that is not discussed as a risk in the annual report.

Discussion of risks needs to be integrated into the whole report

The risk section in the annual report is of little use. Carillion is typical in that it lists ‘top’ risks and then gives mere platitudes about mitigation. The mitigation section gives no feel of the real risk, or the ability to avoid or reduce the impact of the risk occurrence. As is standard practice, its declared risks are listed together in a few tedious pages. There is insufficient information for the reader to become better informed, even if bothered to read the whole thing.

The key to risk management is to integrate it into decision-making, not ghettoised as a separate activity or schedule. Annual reports would be much more informative if they tackled each risk together with the relevant business activity or segment. For example, the section on construction contracts could have had a discussion of their inherent risks. At the very least, every risk should have a discussion of how the company reduces the chance of the risk happening (“avoidance”), how it will know when things are going wrong (“detection”); and how it would react if the risk did crystallise (“mitigation”)9. Risks also require numeric quantification as well as words.

Cash needs to be taken even more seriously

Carillion’s use of cash conversion (underlying operating cash flow/underlying operating profit) was not fit for purpose. It excluded too many cash items and did not reflect the complex cash flows of its long-term contracts. It’s impossible to define a single cash metric for all businesses, but companies should think hard about how to communicate cash effects. Carillion could have shown segmental cash flow and return on capital. This might have provided some warning about the cash flow characteristics that eventually proved fatal.

There is far too much emphasis on year-end cash. Businesses fail when their peak cash usage breaks through facilities. Companies should be more explicit about average and peak debt, and explain why if this differs significantly from year-end levels.

The viability statement was introduced to give some comfort on future cash flows and debt over a period longer than a year. Regulators have tended to fixate on the length of the look forward, but actually this misses the point. As a result, half of Carillion’s viability statement6 is justifying its looking forward only three years. But this business didn’t start to deteriorate years later. It apparently started the month after annual report stated6;

“On the basis of both reasonably probable and more extreme downside scenarios, the Directors believe that they have a reasonable expectation that the Company will be able to continue in operation and meet its liabilities as they fall due over the three-year period of their assessment.”

It’s clear that without some quantification of the assumptions made and scenarios tested, the viability statement assurance is of very limited value.

Conclusion

The Carillion annual report is a very typical one, glossy smooth talk and adhering to the rules, regulations and corporate governance requirements. However, it is also an example of the inadequacies of such reports. It fails to convey adequately the risks that the business was running, its volatile working capital and long-term working cash flows.

Some changes that would help in reporting are;

  1. Companies need to more balanced about their company, talking about downsides as well as the wonders. Boards should take back writing and editorial rights from copywriters.
  2. Strategy and segmental performance sections should discuss risks, cash flow, and capital employed. The current risk section should be broken up and risks tackled in the relevant section of the body of the report.
  3. Discussion of the risk appetite should be integrated into the strategy section.
  4. Discussions of risks need to be more detailed, covering at least avoidance, detection and mitigation, with numeric quantification.
  5. The going concern and viability reviews should require more detail and quantification of how they have been stress tested.

This isn’t just about the annual report. This would also help to focus board discussions and potentially alert directors to looming issues. Risk management has to be a major part of every management and board discussion, not just a periodic review by a committee and internal audit.

 


1 Carillion Business Plan January 2018

2 Business, Energy and Industrial Strategy and Work and Pensions Committees; Oral evidence: Carillion, HC 769, Tuesday 6 February 2017

3 RNS issued 3 May 2017

4 Trading Statement 10 July 2017

5 The FRC has opened an investigation in relation to KPMG’s audit of the financial statements of Carillion plc. The investigation will cover the years ended 31 December 2014, 2015 and 2016, and additional audit work carried out during 2017.

6 Carillion Annual Report 2016, published March 2017

7 Carillion Interim Results 29 September 2017

8 Carillion RNS statement 22 December 2017

9 This methodology for reviewing risks is discussed in my blog

Carillion – a salutary reminder on due diligence

Carillion Annual Report cover

Carillion has entered the pantheon of cursed companies following its recent failure. Politicians and the media have worked themselves in another fit of righteous indignation about greedy management and incompetent boards. The search is out for people to blame, shame and even prosecute. Regulators, sensing the flow of the political wind, are climbing on the bandwagon and looking for blood.

Non-executive directors are reasonably enough feeling nervous. They are at the centre of corporate crises such as this. Already some Carillion directors have had to resign from other roles and the non-execs will be contemplating an enormous black mark on their CV’s. Being a non-exec in this form of collapse can be terminal for any career.

Do your due diligence

One lesson for non-executives is to do careful due diligence before you contemplate joining a board. Another lesson is that non-executives need to be sceptical of what they are told around a board room table, applying due diligence principles to what they see and read.

Most candidates take the financial health of a company, especially a well-known or large one, for granted. This is a dangerous assumption. Two companies that I joined as a non-exec proved to have potentially fatal toxic derivatives. Carillion recruited two new non-execs onto its Audit Committee in the couple of months before going bust.

Read the Annual Report

Although full of guff and regulatory noise, the Annual Report generally should tip you off to issues. In my experience with the toxic derivatives, they were indeed listed in the Annual Reports, but were so surrounded by reassuring jargon that it took several interrogations of the CFOs to confirm their real nature. In fact, the words in the Annual Report are very unlikely to warn you. Despite the regulators attempts to ensure that reports are balanced and fair, they are still largely promotional documents.

I am not attempting here a technical analysis of the Carillion Annual Report. Nor do I wish to criticise the directors (there are many others only too keen to do that). My objective here is to use 20:20 hindsight to look at whether there were clues even in the 2016 Annual Report that could at least have raised questions in non-execs minds, and to offer these as lessons for other non-execs doing due diligence.

The words

Virtually all the text is confident and devoid of doubt, as is pretty standard for most annual reports. However, amongst all the good news, there was one clue: “In 2016, we made good progress in a number of our markets, while managing and mitigating the effects of more difficult trading conditions in others.” Given companies natural reluctance to air their problems, a reader should highlight any cautionary statement like this. The Board will have had a very good reason to include such a comment.

Overall however, you wouldn’t have got much balanced information from the words. Most of the clues lie in the numbers, particularly those that are not discussed in the text.

Revenue

There had been two years of decline in ‘secured and profitable’ orders from £18.6bn to £16.0bn, which possibly was an early sign of slowing growth. Of this £12.2bn was support services. Given that support services annual revenue was £2.7bn, the ‘order book’ looks as if it is adding up all future contracted service revenues. This is therefore not as impressive as it looks. Furthermore, the reader should ask if this future revenue is actually all unconditional or subject to performance conditions.

 Profitability

Underlying operating margin had fallen for two successive years from 5.6% to 4.9%. This should have been of concern. However, given the revenue growth, the business recorded two years of underlying EPS growth from 33.7p to 35.3p. The question therefore is whether Carillion was buying less profitable business, just to keep its growth going.

Long term contracts can be inherently volatile. Costs are generally booked as incurred and revenue – and hence profit – are, broadly speaking, booked on a pro rata staged basis. This is calculated using % contract costs incurred so far against forecast total contract costs times the full contract revenue. If individual contract costs run to plan, there is little problem, but if costs start to escalate, then there can be a big swing from pro-rata profit to whole contract loss. There isn’t much discussion of this in the Annual Report, other than noting the accounting policy and that the Audit Committee had reviewed the accounting and found it ‘reasonable’. There is no way of knowing whether the Committee deliberately used such a mild word to suggest that they were not very enthusiastic about the accounting or whether this was a synonym for ‘true and fair’. Either way, a reader might have queried it. For all the length of the new external auditor’s report, it simply lists all the work they did, without drawing a specific conclusion on this issue.

There was a big increase in non-operating costs from £5m to £40m, excluded from ‘underlying profit’. These were largely redundancy and closure costs. Costs excluded from underlying are always of interest.

Net debt and cash flow

On the one hand, the company seemed happy with its cash flow and debt;

“Cash flow from operations represented 117 per cent of profit from operations.”

“The Group continues to have substantial liquidity with some £1.5 billion of available funding…The vast majority of the Group’s £1.5 billion of funding matures in November 2020 and beyond.”

On the other hand, there is a clue that they are not as happy as they appear to be;

“We will also begin reducing average net borrowing by stepping up our ongoing cost reduction programmes and our focus on managing working capital.”

The year-end net debt ratio to EBITDAR rose from 0.6x to 0.8x. But average net debt was 2.7x bigger than the year-end debt, implying an average net debt to EBITDAR of 2.2x, a very different picture. There is no explanation in the annual report why year-end net debt is so much lower than the average. Maybe there was a consistent big seasonal swing, but this seems unlikely in this industry. In its absence, a sceptical reader might draw the conclusion that the year-end balance sheet was being managed aggressively.

There is evidence of working capital issues as the construction contracts receivables increased by 60% to £615m, perhaps indicative of cash flow problems with such contracts. Other receivables and prepayments also rose by 36% to £750m. Finally, Carillion was having a little trouble in getting paid, with trade receivables that were over 3 months old more than doubled from £25m to £55m. Carillion had managed its working capital by lengthening many payment terms to 120 days. As a result, its trade payables were rising and suppliers were being encouraged to use an Early Payment Facility, whereby they would borrow against their receivable from Carillion to keep their own business going despite such slow payments.

The group’s net debt was growing. Both year-end and average net debt rose by just under £50m, although £68m was due to foreign exchange offset by £34m from selling shares in PPP joint ventures. The report was a little dismissive of the foreign exchange loss, half of which was ascribed to a US dollar private placement debt. This latter was apparently fully hedged, but it is not clear where the corresponding hedging benefit appeared.

However, the group claimed to have ‘a strong funding position’. £1.4bn of funding was available at Dec 2016 (of which £0.7m was undrawn), plus additional funding then secured the following month, gave a total of £1.5bn. The only mention of any debt covenants in the report is in the going concern section, where the board confirms ‘comfort that funding covenants will continue to be met’. In retrospect, a reader might have wished for the details  of those covenants.

The Group therefore continues to have substantial funding…over the medium term’, with only £85m of facilities maturing in 2017. When Carillion went bust, with a reported only £29m in cash, you would have assumed that it had at least £1.4m in debt facilities. It looks as if failure to meet the undisclosed covenant conditions caused facilities to be withdrawn, triggering the eventual liquidation.

Customers

Net promoter score (a measure of customer satisfaction) fell dramatically from +36 to +22, which the company ascribed to ‘challenges of mobilising new contracts’, although there was no evidence that new contracts were growing in number. Anecdotal reports suggested that there was a growing unhappiness with customers and a few high-profile disputes had surfaced.

Segmental profitability

“…the wider outlook for volumes and margins across the (Middle East) region is expected to remain challenging…”

Middle East construction services revenue grew by 19% to £428m, but at a tiny net margin of 1.9%. The commentary recognises the low margin, but point to a further £15bn of contract opportunities, without discussing whether these would be at a higher margin. The segmental analysis reveals year-end net assets employed of £206m, which with an operating profit of £8m, suggest a return on capital of only 3.9%. This assumes of course that the year-end net assets are representative, yet we know that the group’s average net debt is 2.7x higher, so the real return on capital was likely to be lower. It wouldn’t have taken much of a cost overrun for this return to be wiped out. There is no discussion of segmental capital returns in the Annual Report.

Other construction services also grew fast by 21% but at a net margin of only 2.1%, down from 2.9% the previous year. A margin target margin is given here as 2.5% to 3.0%. The Company is able to claim that it satisfies this target by adding in joint ventures where the £9.0m profit share exceeds its £8.9m revenue share. There is nothing like a 100% net margin joint venture to improve reported performance. Mention is made of ‘managing risks in order to deliver our target margins and cash flows’, although there is no further discussion of cash flows. The segmental reporting reveals year-end net assets of £190m. With a profit of £32m, this suggests a decent return on capital of 17%, although this is probably flattered by year-end working capital being below the average.

Recent acquisitions were underperforming. There isn’t any reference to this in the commentary, but buried in the financial review is £15.6m of non-recurring credit. This would seem to be good news, but is in fact a reduction in consideration to be paid for two acquisitions whose EBITDA is ‘lower than the stretching targets agreed’. ‘Nevertheless, these businesses have performed well…’. The report does not define what it means by ‘well’.

The pension scheme

£47m cash pa was being put into the defined benefit pension scheme, whose IAS9 deficit had ballooned to £805m from £394m the previous year. The deficit payments look light, being based on a 15-year recovery period, as a rule of thumb is more like a 10-year period. This was a warning sign that cash payments would be likely to rise significantly at the next triennial valuation (due in 2017). The absurdity of pension accounting rules is that the P&L was actually being charged only £6m (the rest effectively goes through reserves). Unlike many companies that have closed their increasingly expensive defined benefit pension schemes, Carillion kept theirs open for employees when necessary ‘to meet the requirements of work winning’. A reader might ask whether the costs and risks of this were fully built into those contracts.

Goodwill & deferred tax

Carillion had a lot of goodwill on its balance sheet – £1.6bn compared to £0.1bn of fixed assets. The rules say that goodwill has to be justified on whether it can be backed by prospective profit flows. This is a potential double whammy. The reader should note that if performance falters, large potential write-offs in goodwill become necessary, exacerbating the financial pain.

A similar problem exists with deferred tax assets, which were £164m. These can only exist where you are forecasting sufficient forward profits to justify them. Poor performance can lead to these being run down quickly.

Corporate Governance

Carillion appears to have been exemplary in its corporate governance, as described in the annual report. The board fully complied with the governance code. Employee engagement rose from 68% to 73%; employee volunteering increased from 18% to 30%; and the gender balance improved, with 38% of employees being female. The board had an external review of its effectiveness and 29% of the board were female. The previous Remuneration Committee was approved by 80.6% of the votes.

Regulators might note this. If Carillion obeyed all the rules, then maybe the rules are not really the be all and end all to company performance after all. Perhaps Regulators could focus on understanding why companies fail, rather than grandstanding the latest governance flavour of the month.

Risk

The Annual Report boasts that; ‘Rigorous risk management processes that identify, manage and mitigate risk are fundamental to the success of our centralised operating model.

However, this rigorous process did not identify liquidity as one of the top ten Group risks (although the pension liability was regarded as high impact/high risk). The top risk was winning new work, but it didn’t mention the risk that new work might be loss-making or cash consuming.

The new requirement for a Viability Statement was intended to highlight precisely such looming cash crises as Carillion, but stakeholders were reassured;

“On the basis of both reasonably probable and more extreme downside scenarios, the Directors believe that they have a reasonable expectation that the Company will be able to continue in operation and meet its liabilities as they fall due over the three-year period of their assessment.”

 In fact, there was insufficient information in the Annual Report to give a reader comfort on liquidity and viability. Perhaps the regulators need to study this again.

 

Conclusions

There are many cautionary lessons here for a non-exec in using an annual report as part of their due diligence on any company;

  1. Pay limited attention to the words, except where there is any hint of caution or bad news. Accept that boards will naturally enough always accentuate the positive in writing about their business, but apply scepticism yourself.
  2. Always question whether numbers are unconditional. Future revenue and pipeline numbers are unlikely to be guaranteed. Banking facilities can often be withdrawn.
  3. Watch out for specialised accounting, such as long-term contracts. Some rules say that profit must be booked before it becomes unconditional. Do not assume that the accounting rules are designed to protect the investor.
  4. Take a close look at non-underlying costs. They may well be genuinely one-off or technical, but they may still be important.
  5. Cash is king. Businesses don’t go bust because they make a loss, but because they run out of cash, sometimes even when profitable.
  6. To understand the usefulness of borrowing facilities requires you to know not just the amount and maturity but also any conditions under which facilities might be withdrawn. This includes covenants, but there may also be other conditions too.
  7. Study working capital seriously. It is the most likely source of cash problems in a profitable business. If the company is making strenuous efforts to manage working capital, it may be under strain.
  8. Year-end quoted cash numbers are of limited value. Focus on the average balances and try to find out the peak numbers too.
  9. If there is evidence of general or growing customer discontent, treat this as potentially serious.
  10. Segmental profitability matters, but you will probably need to look at the numbers rather than rely on the commentary. Try to understand revenue trend, net margins, net capital employed and cash flows by segment. Check that the business is growing the high margin/return segments.
  11. Underperforming acquisitions are an amber light. Businesses under pressure may seek to alleviate this by acquiring other companies.
  12. Defined benefit pension schemes are now commonly in deficit, not because company contributions have fallen, but because monetary policy has led to very low interest/discount rates. However, higher cash contributions will follow and these are not reflected in profit.
  13. Good corporate governance is very important, but more important is high quality, experienced directors doing a diligent job in the board room. Box ticking governance codes in reality provides little reassurance on company performance.
  14. Risks and mitigations disclosed in the annual report are generally fairly meaningless, and provide no real reassurance. As in Carillion’s case, it’s often the risks that are not mentioned that prove fatal.

 

Simon Laffin

 

NB. All quotes are from 2016 Carillion Annual Report

Escape from the Rock

Northern_Rock_Customers,_September_14,_2007

I gave a nervous laugh. The headhunter asked me if I would like my first non-executive director role, joining the board of Northern Rock. It was October 2007, a few weeks since the first run on a UK bank for 150 years. Struck by an uncharacteristic sense of adventure, I did indeed agree to serve on the Northern Rock board for the next year, becoming Chair of the Audit Committee, through the various bids, nationalisation and the rebuilding of its business model.

Northern Rock was a highly successful and fast growing UK bank that predominantly offered domestic mortgages. It financed itself by a mix of retail deposits, wholesale borrowing, asset-backed bonds and securitisation of mortgage portfolios. In September 2007, as the credit markets tightened, it found itself unable to raise enough on the wholesale and securitisation markets to cover the mortgages that it had already issued, and so turned to the Bank of England for support. This was leaked to the BBC, who reported it in such a fashion that a run developed almost immediately. The subsequent £12bn cash outflow ensured that the bank would need long term help, becoming nationalised four months later.

Much has been written what went wrong at Northern Rock, particularly now that we are at the 10 year anniversary. Very little, perhaps understandably, has been heard from those inside the business. So with the benefit of 10 years distance, I thought I would list the lessons I learnt from the sad demise of Northern Rock.

1. Retail banks lend long and borrow short

Some say that this was Northern Rock’s problem. It relied too heavily on wholesale market funding, and not enough using retail deposits from savers. However it is not as simple as this. Half of the wholesale funding was more than 1 year maturity, whereas the bulk of the retail deposits were effectively on demand (hence the £12bn cash outflow in the run). Few banks could withstand the liquidity drain from a run, however well funded they are.

 2. Don’t rely on the Regulator

There was a lot of fuss at the time about relative blames of the Tripartite regulation of the Treasury, Bank of England and Financial Services Authority (FSA), but in practice they all missed the systemic risk incurred by the credit crunch on Northern Rock. The FSA even wrote1 on 14 September 2007 (the day the run started);

Northern Rock is solvent, exceeds its regulatory capital requirement and has a good quality loan book.”

The Bank of England, under the academic Mervyn King was still worrying about the ‘moral hazard’ of bailing out Northern Rock as the bank was failing. That was a bit like calling off the fire fighters because the householders shouldn’t have let their house catch fire in the first place.

In my experience on the board, after the run, the FSA was still singled-mindedly pursuing its ‘Treating Customers Fairly” campaign with the bank even as those customers were fleeing out the doors with all their savings. The FSA gave me an exit interview as I was stepping down from the board, but didn’t ask a single question about the run and its lessons.2

Regulators like to establish rules and processes and then operate within these limits. They are not generally blessed with great insight or entrepreneurial understanding, so they cannot be relied on to protect their target industries or customers. They do however have a knack of closing the door shortly after all the horses have bolted.

3. Don’t rely on the auditors

Why didn’t the auditors identify the risks in the Northern Rock business model? In practice, auditors very rarely find the ‘big holes’ in the accounts. These are usually found by management eventually, or events reveal them as here. This is true from Enron to Northern Rock to Tesco.

Auditors review the accounts. Their job is not to challenge the business model. They reviewed the Going Concern statement, but they failed to challenge the underlying assumptions in Northern Rock as, just like others, they saw an extreme credit crunch as highly unlikely. Even if they had, it’s hard to imagine that they would have qualified the accounts for what seemed such an unlikely risk. This is why auditors hardly ever get sued for their role in business collapses.

4. Sometimes the risk is hidden in plain sight

The 2006 Northern Rock Annual Report stated that, whilst it had £8bn of assets maturing in the next 3 months, it had £33bn of liabilities maturing, giving a liquidity gap to be filled of £25bn. An ING analyst report3 in 2006 noted;

“The inability to fund cheap wholesale funding given its huge reliance on the market to fund its expansion would impact our outlook negatively.”

In 2007, the Bank of England admitted4 that most banks’ reliance on wholesale funding had risen in recent years.

It may have taken hindsight to spot it, but Northern Rock’s liquidity risk was clearly and publically stated. I have since gone into two companies that had massive derivative black holes that were clearly laid out in their Annual Reports, but no-one noticed them.

5. Think the unthinkable

All the risk models in the world are useless if what happens was not envisaged to be possible. Nobody in Northern Rock, nor anywhere else in authority, seems to have believed that a credit crunch would lead to an implausible freeze, where even banks wouldn’t lend to each other. The repeated mantra was that a crunch would instead lead to a ‘flight to quality’, and that would be fine as Northern Rock’s paper was rated highly.

In 2006, the FSA was explicit5, asking that management; “takes severe but plausible scenarios into account…”.

Hector Sants, then CEO of the FSA, said1 later;

No reasonable professional would have anticipated the complete closure to them of all reasonable funding mechanisms…I think that the set of circumstances …were highly unusual…”

Academics call this underestimation of ‘thick tailed’ – or ‘black swan’ – events. A 1 in 100 year event has a high probability of happening once in your lifetime. There have even been two world wars in the last hundred years. It is too easy to dismiss a risk as implausible or a very rare event. Rare events do happen and usually more frequently than people expect. Every risk model should work through how the business would react and survive every highly, unusual and implausible, event.

When evaluating a company’s ‘risk appetite’, it is worth asking the question whether there is a 1 in 100 year event that could destroy the company. As an investor you would need to accumulate your share of those risks. Say you invest for a pension over 20 years in 10 companies that are willing to tolerate a 1 in 100 chance of a terminal threat. You, as an investor, would then have the likelihood of two of those companies suffering a catastrophic event in your pension pot.

Of course, hindsight gifted politicians and media with the clear knowledge that it should have been obvious to the Northern Rock Board that its model was fatally flawed. It wasn’t however obvious to the participants at the time because they, like almost everyone-else, blinded themselves to the extreme risks.

6. Risks are multiplicative not individual

People have a tendency to think about risks in isolation. However, this assumes that the risks are completely independent, whereas in practice the worst events happen when two risks crystallise at once, either randomly or because one risk tends to increase the likelihood of another.

In Northern Rock’s case the freezing of the wholesale markets caused a liquidity problem, but this could possibly have been handled by the Bank of England support facilities. However the proposed use of these led to a leak that caused a loss of confidence among savers. The former problem became multiplied by the second.

The typical business risk model has one axis for probability of a risk happening and one axis for resulting financial impact. But this static model is woefully inadequate if more than one risk can occur at a time, particularly as the result may well be multiplicative – much more dramatic even than the sum of the two independent risks.

7. The reassuring herd

Northern Rock was an outlier. It did things differently to other banks. Its retail deposits in 2006 were 27% of its total funding, against 49% at Bradford & Bingley and 43% at Alliance & Leicester. Northern Rock was taking a 25% market share in new mortgages and growing its balance sheet much faster than others.

Instead of querying how its model was so uniquely successful, Northern Rock argued that its excess reliance on such funding would only be appropriate for a growing bank and so that’s why others didn’t follow. There doesn’t seem to have been much challenge to this circular thinking.

I’m not arguing for businesses to follow the herd all the time. However, it ought to be an immediate amber light for risk when one business is doing things radically different to others, even if that appears highly successful for a long period.

8. Success is intoxicating

Northern Rock was growing rapidly and its share price reflected this. Large salaries and bonuses were being awarded to executives. Who would be a Cassandra against this success? Businesses need a certain paranoia when they are very successful to ensure that this performance doesn’t contain the seeds of its own destruction. When very successful businesses falter, it can happen very quickly, as shown by the whole banking system, Enron, Worldcom, Polly Peck and so on.

9. Group-think is a powerful drug

The Board considers that Northern Rock is a well-controlled, risk-averse business that continues to adopt a prudent stance in the management of risk.” 6

Although Northern Rock did have reasonable business controls, it was in fact taking on massively more risk than it appreciated at the time. But management believed what they were saying at the time.

You can’t underestimate the tendency of people to adopt group-think, and accept conventional wisdom. This is particularly true when things are going well. There was no evidence to prove that a severe credit crunch was very unlikely. The fact that there hadn’t been such a credit crunch since the 1930’s meant that people believed it couldn’t happen (as opposed to believing that it was a 1 in 80 year event). There was no evidence that a credit crunch would lead solely to a flight to quality. It’s just that the more people said it, the more it was believed.

The Treasury Select Committee report1 made much of the Northern Rock CEO not being a ‘qualified’ banker. This was irrelevant as the CEO understood banking very well. There is no evidence that having taken some exams twenty years previously would have made him address risk differently. The issue was that there was too much conventional wisdom being accepted as proven fact in mass group-think, and far too few people anywhere were ever sceptical or open minded enough to challenge it.

10. A very powerful Chief Executive is dangerous

This is pretty well acknowledged in corporate governance now, but it needs reiterating. It is not just that you end up with too much power in one person, but that it tends also to attract ‘yes men’ to the business, who may not be of the highest quality. If you then layer on great success and high rewards to this, group-think and lack of challenge is almost guaranteed.

11. Don’t always believe the answer, especially if you don’t ask the right question

I have lost count of the times in my life that I have received a reassuring answer to a question, only to later realise that the answer was misleading because the question wasn’t quite right or too vague. When I tried to understand the liquidity position at Northern Rock, I was told that the average mortgage lasted only three years. It seemed a little low, but I accepted that. It was only much later that I realised that this referred to the average length of a mortgage package. In reality, an average mortgage lasts something like seven years, but during this period it may be switched between deals (such as a particular rate fix), so the answer I got was very misleading even if technically accurate.

Sometimes it takes the same question asked several times in different ways to be sure that you have got the whole truth. Sometimes you are just not told the whole story. Northern Rock underreported its mortgage arrears, claiming them to be half that of the industry. In fact it was treating many arrears as being rescheduled over the remaining life of the mortgage, effectively increasing the size of the mortgage rather than being classified as being in arrears7.

12. Organisation matters

Internal audit and risk teams are major protections for a company in understanding their risks. However, reporting lines can frustrate this. One of the major governance improvements over the last few years has been raising the profile and importance of such teams. But they must be heard at the right level (usually the Audit Committee) and without operational management acting as a filter. At Northern Rock, the Treasury Risk team reported into the Treasury function, not Group Risk. This meant that the Group Risk team was not in a position to offer a robust challenge to Treasury.

13. Once public, stories have a life of their own

The run started after the BBC ran a high profile story about the Bank of England’s support for Northern Rock. Robert Peston, the journalist, claims that he handled it in a responsible way. This may be true, but the prominence of the story on the BBC was such that it emphasised to the public that this was a major event, much more so than anything he actually said. He got the story from a leak. It’s difficult to imagine anyone benefited from this leak. Some think that it came from the Labour government itself, anxious to show the country how it was having to bail out irresponsible bankers. If so, it back fired, because once out, the leaker couldn’t control how it would be reported, and it became almost certainly a much more dramatic event than anticipated.

14. Get it in writing

This is advice more for executives that are involved in difficult situations. When asked to do something that you are not sure is right, somehow make sure that there is a written/email reference to it, even if you do the writing. If something is not quite right, the instructions are far more likely to be given verbally than in writing. When Northern Rock had been underreporting its mortgage arrears, on investigation there was nothing in writing confirming that senior management knew about it.

My conclusion

There are many lessons from any corporate failure, but the best ones are not generally those identified by politicians and the media. Sadly, the real lessons are also rarely understood by corporate regulators either, as they tend to be most sensitive to the clarion calls for action from those politicians and commentators. Rarely do you see corporate failures analysed to provide governance insights. I have listed some cultural and practical lessons I learnt from what really happened.

Ten years on, I have kept to another, more personal, lesson. Being a non-executive director on a bank is an extremely difficult, detailed and risk-prone job. I escaped from the Rock, vowing that I wouldn’t ever serve again on the board of a bank. There are easier ways to earn a living.

___________________________________________________

1 ‘The run on the Rock’ – Treasury Select Committee, January 2008

2 The FSA did in fact hold an Internal Audit inquiry into its own conduct, which looked at its own internal processes rather than understanding why the bank failed.

3 ‘Northern Rock. The train has left the station’ – ING September 2006

4 Bank of England Financial Stability Report – April 2007 Issue No 21

5 Letter from the FSA to Northern Rock – 9 October 2006

6 Annual Report Northern Rock 2006

7 Two Northern Rock directors were subsequently fined by the FSA for this.

Image by Alex Gunningham from London, Perfidious Albion (UK plc)

To buy or not to buy, that is the question

Money scales

 

Whether ‘tis nobler to buy back

shares or pay a dividend?

 

 

Introduction

Maybe Hamlet was not so concerned with shareholder distribution, but most modern company directors certainly are. In an earlier article I reviewed why and how companies make shareholder distributions and in particular pay dividends. However there is another form of distribution, the share buy-back.

Share buy-backs

Companies can purchase their own shares, using cash that otherwise could have been used to pay a dividend. This requires shareholder permission, and it is common for an AGM resolution to be put routinely annually to give boards the power to undertake share buybacks. The company also has to comply with the same rules about having distributable reserves as when paying a dividend.

Why do a share buy-back?

If a company buys back its own shares, this will reduce the issued share capital. In the first instance this shouldn’t have any effect on the share price, as the company loses the cash, and thus value, proportionate to the reduction in the number of shares. However any further gain in the value of the company would be spread over fewer shares, boosting earnings per share (EPS) or net asset value per share growth.

The buy-back, like any distribution, also signals management confidence in the future, which may boost the company valuation and thus share price. This is particularly true if the buy back is part of an established ongoing programme of repurchases. A buy back may also be initiated as a one-off, if for example a significant part of the business has been sold off or the company gets a one-off receipt of cash. In this case the benefit is likely to be one-off as well.

Share buy-backs or dividends?

Share buy-backs fundamentally offer capital gains in place of dividend income. Some shareholders (such as growth funds) may prefer capital gains and others (such as private shareholders or income funds) may favour income. Most tax authorities levy lower rates of tax on capital gains than income, so there may be tax advantages to buy backs over dividends. Buy backs also enable shareholders to defer tax paid as it is charged only when shares are subsequently sold.

On the other hand, some shareholders may favour cash in hand, so they may prefer dividends to buy backs.

Dividends tend to be ‘sticky’. Shareholders don’t like the dividend being cut, so management is reluctant to reduce the rate of pay out unless there is a lasting downturn in profit expected. Buy backs, on the other hand, can be more flexible, as there isn’t necessarily the expectation that they will be repeated at the same level.

Share buybacks are more likely to benefit earnings per share. This is because, although the company loses interest from paying cash out in any form, the buyback offsets this by reducing the number of shares in issue. Management may be incentivised to grow EPS, and so may prefer buybacks.

Is there evidence that favours either buybacks or dividends?

Any evidence is difficult to assess as it’s a bit circular. If a company is doing well, it is more likely to pay higher distributions. Separating out the underlying cash flow performance from the impact of the subsequent distribution is difficult. However the best data comes from the US, where buy backs are fairly common.

Shareholder distributions are a large factor in total shareholder return (TSR – the sum of shareholder distributions and share price appreciation). Over the last 80 years, 44% of the TSR of Standard & Poors 500 companies came from distributions1.

Buybacks have become a more popular form of distribution in recent years. Until the early ‘80s, less than 10% of shareholder distributions in the US were buy-backs, but nowadays they are 50-60%2.

McKinsey2 found that there was no significant relationship between growth in TSR and whether the company paid dividends or bought back shares. It did conclude that companies that did frequent buy backs did best. However this seems a little circular. Only very successful, cash generative companies can afford to do frequent buy backs and they are likely to be companies whose share price is likely to reflect that performance!

Some argue that companies should buy back shares when the board feels that the company is undervalued. However, this would suggest that the board must have a better understanding of market value than the market. McKinsey2 concludes that they have ‘rarely seen companies with a good track record of repurchasing shares when they were undervalued; more often than not, we see companies repurchasing shares when prices are high.’

Conclusion

The theory is that, unless shareholders put a significant weight on the tax benefits of buybacks, they should be indifferent to share repurchases compared to dividends. The statistics, such as they are, back this. The form of distribution has no significant impact of shareholder returns.

The underlying financial performance plus the decision to pass some of the success on in shareholder distributions, in whatever form, are the key drivers of shareholder return. It is strong financial returns plus the determination of the board to reward shareholders that delivers total shareholder return.

Managements who don’t take account of shareholders’ interests in this way risk getting punished. Or as Hamlet put it;

And enterprises of great pith and moment

With this regard their currents turn awry

And lose the name of action.

 

 _____________________________________________________________________________________

 1 CFA magazine http://www.cfapubs.org/doi/pdf/10.2469/cfm.v21.n6.3

2 McKinsey http://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/paying-back-your-shareholders