I thank the Chairman and members of the committee. I am head of the internal audit function in Anglo Irish Bank. I was appointed to that function in 2005 and prior to that I was head of Anglo Irish Assurance Company. I have been with Anglo Irish Bank for 12 years. I am accompanied by Ms Siobhan Whiston. Siobhan joined the internal audit function in 2007. Prior to that she was head of treasury operations in Anglo Irish Bank. I am also accompanied by Mr. Frank Daly, who was appointed non-executive director to Anglo Irish Bank in December 2008. He was appointed chairman of the audit committee of Anglo Irish Bank in January 2009. Mr. Daly might be known to some of the members of the committee. He is the former chairman of the Revenue Commissioners.
I will give the committee a brief overview of the reporting structure and the role of the internal audit function in Anglo Irish Bank. I will cover our plan and how we approach our work. I will also cover certain aspects of directors' loans and give an overview of the investigations currently taking place within the bank by outside agencies. Unfortunately, there are limitations as to what I can cover. I can cover the remit of the internal audit but not the remit of the external audit. I also cannot give any details of the investigations that are currently ongoing. In addition, from a confidentiality perspective I am not permitted to discuss individual customer, shareholder or employee details.
First, I will outline the reporting structure of the internal audit function in Anglo Irish Bank. I head the function. Until December 2008 I reported to the then chief executive, Mr. David Drumm; I now report to the chairman of Anglo Irish Bank, Mr. Donal O'Connor. I also report independently to the audit committee of the bank, which is currently chaired by Mr. Frank Daly. Until January 2009 that committee was chaired by Mr. Gary McGann. The committee comprises non-executive directors and meets formally seven times per year on average.
The role and resources of the internal audit department of Anglo Irish Bank are similar to those of internal audit departments of most large banks. The internal audit function of our bank provides assurance to the board with regard to the day-to-day operational risks faced by the bank. There are 17 staff in the internal audit function of the bank and all staff, including me, were recruited to the department since 2005. Of those staff, 11 were recruited externally from either other banks or other professional firms. My team comprises a diverse range of professionals ranging through IT security, IT audit, accountancy and investment. We also engage the services of external professionals where appropriate.
We cover all the offices of Anglo Irish Bank, of which there are 21 split between Ireland, the UK, the United States and Europe. We cover all the activities of Anglo Irish Bank, which is well known to the market. Our loan book was €73 billion at the end of September 2008. We also cover the treasury functions of the bank. We raise money on the corporate deposit market and on the retail deposit market. We have an extensive liquidity management team. We offer our customers interest rate and foreign exchange rate products and we have a private banking unit based in Burlington Road in Dublin.
The support functions we cover are, again, typical of any internal audit function of a bank such as ours. We cover the IT, operations, HR and facilities functions. We also work alongside the other independent functions in the bank, namely, the group finance, risk, compliance and company secretarial functions.
Regarding how we approach our work on an annual basis, our annual plan is approved each year by the audit committee, typically in November, as was the case in 2008. It is a risk-based approach based on a hierarchy of risks based on, first, the impact they will have on the bank and, second, their likelihood of occurrence. This conforms with Institute of Internal Auditors guidance and accepted best practice. We complete, on average, 70 to 90 audited reports per annum and an essential part of our work is to follow up on the recommendations made in each of these reports.
I will give six examples of the work we carry out. From a lending perspective, we examine the loan approval process, the obtaining of loan security through our legal panel, the loan drawdown procedures and the insurance on property that may be held as security for our borrowings. From a dealing room perspective, we examine trader fraud, a common focus and concern for an internal auditor such as me. This time last year Société Générale announced a €4.8 billion fraud in its dealing room and this would focus our attention on an ongoing basis. In the dealing room we examine the segregation of duties between the back and front offices and the independent risk management function.
We examine payments going out of the bank. On average, 2,500 payments leave the bank daily which, on average, total between €2.5 billion and €4 billion. Our key focus is to ensure each of these payments goes to the correct payee account and no fraudster can get in the way and divert payments to an incorrect account. We examine the private banking unit and the asset valuation methodology in the unit and possible mis-selling practices and ensure there are controls in place to prevent it. We also examine the customer report within our private banking unit.
We have an extensive IT function in Anglo Irish Bank and a comprehensive IT unit in the internal audit function. We examine systems security, intruder prevention, hacker prevention, data loss and laptop theft which was mentioned in the press extensively in 2008. We look at access, system permission control and data encryption, particularly when transferring data between the bank and a customer. We examine business continuity and instant recovery. We have a number of data centres in the bank and a number of backup centres. We continually test the backup procedures in the bank.
In terms of our being reviewed in the internal audit function, in 2004 a big four audit and advisory firm conducted a review of the internal audit function at the behest of the then audit committee. Its conclusion is listed in the fourth bullet point on slide No. 11. In addition, we meet the regulators on an ongoing basis. Our two main regulators are the Financial Regulator in Dublin and the Financial Services Authority in the United Kingdom. They receive copies of our reports, where relevant. While we meet the Financial Regulator more often than we meet the FSA, there is good communication.
I have set out the difference between internal and external audit on slide No. 12. Our focus is to test the operational risks and controls in the bank and report to the audit committee with recommendations for improvement. We are not involved in the audit of the financial statements. The external auditors' primary focus is on testing the financial reporting and internal controls on which they wish to place reliance. They also perform other audit procedures on significant figures in the annual financial statements. They give an opinion on whether the financial statements give a true and fair view in accordance with the appropriate standards and companies Acts.
On slide No. 13 I have set out our basis for the auditing of the loan book. In Anglo Irish Bank internal audit, in carrying out a review of the loan book, we use a statistical sampling basis to select loans throughout the book. This is in line with best practice. It is a robust process and we have specialist software to assist us. Directors' loans were included with all other loans within the population for view. Several directors' loans have been identified in the test samples in the years since I took over as head of internal audit. The statistical sampling did not select Mr. FitzPatrick's loans; however, in 2008 a loan in which he was a partner investor was selected and reviewed in full by us.
The loans of Mr. FitzPatrick, the former chairman of Anglo Irish Bank, were temporarily refinanced with another financial institution before the bank's year end. This refinancing impacted on the disclosures regarding Mr. FitzPatrick's loans. As the chairman stated at the EGM on 16 January, this practice was wrong and unacceptable. An initial statement on Mr. FitzPatrick's loans was issued to the market on 18 December 2008 which gave initial details of the loans involved and a governance review chaired by Mr. Daly which had been initiated by the bank. We made further releases to the market and the public on 16 January through the chairman when he made his EGM statement. We intend to make a more comprehensive and fuller disclosure on directors' loans and all other instances of interest to the reader of the accounts when our financial statements for the year ended September 2008 are published. We expect this to happen towards the end of the month.
How did Mr. FitzPatrick's loans operate? They were in the ordinary course of business and all the facilities were secured. Mr. FitzPatrick is and was personally liable for them. They are on normal commercial terms, have been approved by the credit committee and are and have been reviewed in line with the bank's credit risk policy twice every year from a credit perspective. That review is carried out by an independent credit risk function in the bank.
What did not work in the case of Mr. FitzPatrick's loans? There was a movement of funds around the balance sheet date. This temporary refinancing occurred with another financial institution. What is the issue with Mr. FitzPatrick's loans? There was no reporting of ongoing movements of directors' loans to the board. This was not identified as high risk by the bank. What has happened since the issue of Mr. FitzPatrick's loans became known to the bank? In January 2008 the Financial Regulator communicated with the then finance director. The bank sought legal advice on the company law aspect of Mr. FitzPatrick's loans and that advice was passed to the regulator. Mr. FitzPatrick reported the matter to board members on 16 and 17 December 2008 and resigned as chairman of the bank on 18 December. Mr. Lar Bradshaw, another director, resigned on the same day, and Mr. David Drumm, chief executive officer, resigned on the following day. Mr. Willie McAteer, finance and risk director, resigned on 17 January this year. Following nationalisation after the EGM, five other non-executive directors resigned on 19 January.
What is being done about this issue? As I stated, the board has initiated an independent governance review, to be completed by Mason, Hayes and Curran, on which I will touch. External parties to the bank have initiated their own reviews, namely, the Office of the Director of Corporate Enforcement, the Financial Regulator and the Institute of Chartered Accountants. Their reviews will be conducted through the Irish Audit and Accounting Supervisory Authority. The independent review, to be carried out by Mason, Hayes and Curran, will be led by Mr. Declan Moylan, chairman of that firm. It will be overseen by a new, independent board committee in the bank chaired by Mr. Frank Daly. All aspects of Mr. FitzPatrick's loans and other directors' loans will be covered in the review, the aim of which is to establish the facts, set out the lessons that need to be learned and recommend best practice for the bank. Its recommendations will be acted on and published in due course.