Could the internal audit team at News Corp have identified and clamped down on the illegal activities of their journalists? Todd Davies doesn’t think so.
The News of the World scandal is causing ripple effects around the world, with commentators in Australia and abroad beginning to ask questions about News Corp’s corporate governance. They are also starting to ask questions on the role of independent directors, audit committees, risk management and internal audit which could have broader implications outside the media sector.
It’s no secret in Australia that News Corp’s governance has been controversial for some time, although usually for the likes of poison pills rather than risk and assurance.
However, now in light of the phone hacking scandal, international commentators are beginning to ask about News Corp’s audit committee, the composition of it and whether internal audit was truly independent of management. While these are all important issues for any director to consider, in our view, the focus needs to be on the newsroom itself.
People might be surprised to hear this – in fact, I’m surprised to hear myself saying it – but I’m standing behind News Corp on this. Well, I’m standing behind their internal audit team anyway. I’ve met many of their people. I like them all. I trust them and respect them and a lot of what they do. Many of their practices are upper quartile and are an exemplar of modern practice. So the reality is, if they’ve got problems, we’ve probably all got problems.
The bigger issue is how you audit a newsroom. It’s very different to the usual audit procedures. We can audit back office functions – accounts payable, accounts receivable, treasury. We can chase the money trails and see where they lead. We can audit logistics, distribution and supply chain. We can audit IT systems, business continuity and the like. But auditing a newsroom is hard.
The challenge with newsrooms is that journalists need to protect their sources, in the same way that auditors need to protect their whistle blowers. They have a long-established culture, a code of ethics that looks very much like the code of ethics of an accountant – and a barrage of case law to support it.
There’s been no shortage of controversial cases on this in Australia where media companies have stood side by side to allow journalists to protect their sources. It’s a place where confidentiality is everything. As such, it’s really hard to get to the heart of the matter as an outsider. Or even as the editor.
You may be able to get a sense of the culture by spending time in the newsrooms. Some titles are methodical and measured. Some are like lunatic asylums with people hanging from the rafters. You might be able to let the people upstairs know that you don’t like the culture in the lunatic asylum and that the editor of a certain title may need some coaching in management 101. We’ve all done this.
The reality is that in a newsroom you end up auditing their payroll, overtime and contributors. You also go through their expenses so that they know someone is watching. You check a sample of them, ask a few probing questions, make sure they were authorised by the right people. The reality however this is about as effective as having the occasional patrol car drive down a troubled street. It’s a deterrent at best, but unlikely to find much.
In other words you do the normal stuff and if there was a scandal like this happening, it’s almost impossible to know unless you already suspect something and go looking for it specifically. No doubt all media companies will go looking for this specific circumstance now, but it will be after the fact. If anything was an issue you can almost guarantee it’s now been shut down.
So, the big issue in a lot of organisations is that while internal audit capabilities keep on evolving, their capabilities are still focused on back office functions. While they understand the core business, they struggle to get at the heart of it.
Internal audit functions in news organisations spend a lot of time auditing in the newsrooms, but they don’t always get to the heart of what’s happening in those newsrooms. Internal audit functions in health organisations spend a lot of time auditing in hospitals and wards, but they don’t get to the heart of what’s happening in clinical governance, in patient care or the culture in those wards. Internal audit functions in manufacturing companies spend a lot of time auditing at mine sites, but it’s hard to get to the heart of what’s happening in the culture of what’s happening on the shop floor. In short, even being on the floor most of the time, things pass right by us.
These are not isolated examples. Every company has it’s equivalent of a newsroom – something we audit, but only scratch the surface. From my perspective the big question for audit committees and heads of internal audit coming out of the News Corp scandal is around the scope and capabilities of the internal audit activity and whether they’re getting to the heart of matters or just doing a superficial patrol.
This article first appeared in Issue 87 of Risk Magazine, August 2011. Todd Davies was formerly head of audit and risk of Fairfax Media – Newscorp’s main newspaper rival in Australia – and a member of the ASX Corporate Governance Council. A summary of the News Corp scandal can be found here.