Here we outline why it is so stunning that due diligence, risk analysis and corporate governance rules would fail to spot Madoff's danger. Is the world only paying lip service? Gerry O'Kane comments.

I have heard of no investor who has reported how their due diligence, their risk analysis or a good honest look at how a business runs, was misled by Madoff's operations.

In the first place there should be an analysis of the investment strategy. The methodology and form of investment is critical within any pension or fund: knowing correct risk levels, whether geographic, type of security, form of access to that security (securities lending, futures, options etc) is critical to an investment policy. If you didn't do that, it is not unfeasible that all your investment managers could be holding sizeable amounts of the same security: how about Northern Rock equities?

Does the risk of holding this form of security fit in with the profile of risk across the portfolio or does it skew it? Are liabilities covered? Indeed does the type of investment fall within the parameters of the legal licensing of your own fund?

Secondly, you have to assess the risk profile of the company itself and those along the critical supply chain; the service providers, those executing critical parts of the process. While Madoff may have been the former chairman of the Nasdaq Stock Market, it is not enough as an assurance, after all Jeffrey Archer is a peer of the realm.

What is worse is that only a little digging has shown critical flaws in his corporate structure that even the mildest form of due diligence would have revealed.

The head of compliance was his brother. This is not in itself illegal but should raise a question.

As an investment company I should also be concerned that the fund's administration and custodial services will make sure I get paid my dividends, is aware of the size of my holdings, move on corporate actions, make sure the shares Madoff's company has bought arrive in the account and counterparties settle.

It is unheard of for a company of the size of Madoff's to do its own custody. The largest players in the custodial market: JP Morgan, Bank of New York Mellon, State Street, Northern Trust, Citi are dominated by trust banks rather than retail (Citi) and investment (JP Morgan) banks and even within their own hallowed halls many custodial contracts go to their competitors.

It goes further. A prime broker has transparency into the books of hedge funds, contributing valuations that enable administrators to calculate net asset value (NAV). They also have to assess counterparty risk: in other words should the fund default on loans or purchases or paying margins on over-the-counter securities, prime brokers have to step up and pay up.

Madoff had no independent prime broker. It was his own firm.

And all of this was audited by a three-man sun-lounging team who went for their McDonalds in golf carts somewhere around Disney World. Mickey Mouse - you bet!

Just one of these issues should have raised eyebrows for even the most junior paralegal in the due diligence team or the secretary to the head of risk analysis. The fact that so many were caught for so long, proffers the question (as did the subprime debacle), do any firms carry out any intelligent risk analysis, does governance truly reach the boardroom?