The post originally appeared on Robin Singh’s Blog,whitecollarinvestigator.com.
Building an effective anti-bribery framework requires precision and a thorough understanding of both FCPA and UKBA. The top six elements of any effective anti-bribery framework should include:
- Development of an anti-corruption policy
- Preparation of an initial risk assessment
- Devising a reporting and control mechanism
- Preparation of employee training
- An integrity system flowchart
- Policies, procedures, and guidelines
WHAT ARE THE 3 TOP TESTS THAT AN INTERNAL AUDITOR SHOULD FOLLOW?
For most organizations, audits are among the most effective and comprehensive methods for conducting anti-bribery and anti-corruption monitoring. When conducting anti-corruption audits, it is important to focus on two primary areas. Those areas are auditing for compliance and testing for substantive compliance.
Conducting an anti-corruption audit can be an incredibly effective way to promote compliance within an organization while also helping deter possible improper behaviour. The simple fact is that although for some individuals it does suffice, knowing someone may be looking isn’t enough to deter some from acting illegally. A lack of monitoring, however, can provide a clear opportunity for improper activity and exploitation so such audits are necessary.
When an organization elects to conduct anti-corruption audits, management is able to send a clear message that corruption will not be tolerated. In addition to helping raise awareness, anti-corruption audits provide constructive feedback regarding how effectively the program is functioning while identifying potential new risks. Conducting an internal audit is simply not enough, however. It is also vital for organizations to ensure remedial action is provided to help mitigate any potential risk.
In order for an anti-corruption audit program to be effective, it is necessary to have the right testing processes in place. It should be noted that anti-corruption audits differ from other types of internal audits that are typically conducted by an internal team.
The fieldwork process for an anti-corruption audit is typically conducted within a one- to two-week timespan. This procedure involves two primary points of focus, which are testing for compliance using the various elements of the compliance program and conducting substantive compliance testing to identify potential red flags or possible violations. In addition, it is necessary to conduct follow-up testing to identify other areas of possible concern.
Regardless of industry, it is important for organizations to take the time to test all of the controls while analysing potential risk areas and weaknesses.
WHAT ARE THE TOP 3 CLAUSES TO INCLUDE IN A CONTRACT TO KEEP VENDORS AND CONTRACTORS OF A LARGE CORPORATION IN COMPLIANCE WITH FCPA & UKBA?
Providing a code of conduct and even guidance materials are certainly an important start in ensuring compliance, but even that is not enough. When drafting contracts, it is vital for organizations to ensure that standard contract clauses are included in order to communicate expectations regarding compliance to vendors and contractors.
WHAT ARE THE TOP 5 TESTS TO LOOK AT?
The UK Bribery Act prohibits bribery of both private individuals and companies, in addition to being limited to foreign officials as per de facto standards set by the FCPA. This means that companies operating in problematic Middle East countries will now have to cast a wider net in reviewing how they conduct business with their clients, customers, vendors, suppliers and other third parties. Companies will also have to review their relationships with private companies and individuals in addition to government officials to minimize all aspects of compliance risk.
The tests should focus a 5-phase approach where they can use Data analytics as and where needed.
FIRST PHASE: LOOK AT GIFTS AND ENTERTAINMENT
- Identification of multiple gifts to a single individual (This is only possible if you have electronic declarations forms in place; ensure everyone makes a proper declaration)
- Identification of entertainment of government affiliated individuals.
- Identification of Segregation of Duties violations: E.g., Maker vs. Checker (Travel & Entertainment) (Your ERP system will have the data for this)
- Identification of unauthorized Travel & Expense cards (Travel desk data or corporate communication department – focus on the people involved in the sales or front line selling)
- Identification of charitable contributions to organizations affiliated with the government (This is big in health care domain from the vendors, it goes into a hospitals fund. It is not easy to track. Build your inside business intelligence to track such payments)
SECOND PHASE: VENDOR TESTS
- Identification of bonuses or commissions of unusual quantity or timing (See for pre-year end bonus, generally fraudsters try to club such payments with the regular bonus dispensed by an organization)
- Carry out data analytics on vendor and employee names mismatch. You would be surprised how many of them are related and all of them are clueless about the same… The expression I get is “Ooh is it?!”
- Identification of vendors where alternate payee names have been flip-flopped within X days ( Look at your ERP system with same vendor code but different payee names)
- One-time vendor analysis: Identification of payment more than the threshold value (ERP system whether SAP or Oracle Financial have tedious processes to set up permanent vendors while a one time vendor is easy to set up and difficult to track. Look at the delivery and payments)
THIRD PHASE: GENERAL INDICATORS
- Identification of payments to “Risky” vendors / partners in high risk jurisdictions (this sort of test depends on your ERP system and the process followed to maintain its ratings. However, you can look at jurisdiction and try to see what payments have gone to high-risk countries.)
- Some parameters to identify risky vendor may be:
- Parties on government watch lists
- Government contractors
- One-time vendors
- Vendor master file information flips
- Identification of checks made to “cash” ( Some vendors go for up-front payments and they are cash to naturally sustain their business, you would receive a lot of false positive results in this test. A higher scrutiny is required)
- Identification of high volume of cash transactions
- Identification of payments made from out of country bank accounts or sent outside the country of operation
- Identify vendors where bank accounts have been flip-flopped within X days (i.e. One vendor and multiple accounts. You would find that one main account would have 90% of the payment outflow, which the other one would have the 10%, ask, why?)
FORTH PHASE: PAYMENTS TO AGENTS, CONSULTANTS, AND OTHER PAYMENTS
- Use of new attorney / accountant / agent / consultant with no prior relationship (Look at employee to employee relationship on a relation towards bank account, phone number or address)
- Identification of payments made following manual overrides in the system
- Identification of payments classified as government expenses
- Identification of frequent use of one-time vendor arrangements
- Detect payments made without reference documents
FIFTH PHASE: GL
- Payments made following manual override in the system, such as direct manual postings to the GL (In SAP ask for a list of parked payment and Miscellaneous account)
- Identify invalid or suspicious journal entries to temporary accounts ( look at notes section of the GLs)
- Look at keywords such as:
- For services rendered
- Bribe (Yes! You might be surprised as I was when I came across this keyword)
- Identify suspicious journal entry bookings at unusual times or flip-flopping
- Identify adjustments to accounts inactive for more than X days
Knowledge of the following common red flags will definitely come in handy:
- Check for excessive commissions to third-party agents or consultants
- Check for unreasonably large discounts to third-party distributors
- Check for vaguely described services
- Check for third-party consultant in different line of business than for that engaged
- Check for familial relationship to foreign official
- Check for third party became part of the transaction at the request of a foreign official
- Check for third party is a shell company
- Check for third party asks for payments to offshore bank accounts.
- Check for A modest cash payment to a high-ranking government official
- Any facilitation payments / Greece payments
- Questionable or incomplete invoices and/ other documents
- Familial relations with foreign official or royal family
- Industry has a reputation for corruption
- Country or region has historical bribery problem
- Improperly executed authorizations and approvals
- Unusual cash disbursements, e.g., round figures
- Little guidance on how to manage third-party risk.
ALWAYS ASK YOUR SELF THE FOLLOWING QUESTIONS:
- Does the total amount to be paid for goods and services appear to be unreasonably high or above the customary or arms-length amount?
- Are unusual upfront or excessive payments required (high commissions, substantial bonuses, etc.), or is the compensation to be based on performance (success fees)?
- Are indirect or unusual payments or billing procedures being requested, such as:
- Payments through bank accounts in a foreign country outside of the one where the services are being provided
- Payments to anonymous (numbered) bank accounts
- Payments to bank accounts containing corporate funds but held in names of individuals
- Payments to third persons for goods or services provided by the Third Party
- Payments through shell companies created to receive revenues and facilitate transactions
- Payments in cash rather than by cheque or wire transfer
- Cheques made out to “bearer” or “cash”
- Will the Third Party be exposed and/or have interactions with public officials on behalf of our organization
- Will the Third Party be dealing with customers, suppliers and agents of our organization on behalf of our organization?
The most important test for any anti-corruption program is to ensure it is designed with the risks facing that particular organization in mind. Any effective anti-corruption program should include the following characteristics:
ACCOUNTABILITY AND EXECUTIVE LEADERSHIP
It is essential that compliance begins at the top of the organization’s chain and carry forward. This is vital to set the proper tone and pattern of behaviour for the rest of the company to follow.
Responsibility for ensuring compliance is carried out must be assigned to senior executives who have the right blend of authority and experience. In order to ensure there is no undue influence, the anti-bribery program must be able to function with complete independence and autonomy. Furthermore, it is imperative to ensure that sufficient resources are provided to implement the program effectively.
Companies must always identify and assess any potential risks for corruption. This includes risks presented by geographic locations, business partners, business sectors, and the very nature of the company’s transactions. Any interactions of the company with government officials should also be analysed.
IMPACT OF DATA ANALYTICS ON CARRYING OUT PROACTIVE ANTI-BRIBERY REVIEWS?
Data analytics can actually provide a wealth of information and potential to be proactive during an anti-bribery review by providing the opportunity to analyse large sets of data to uncover patterns.
For more information, please refer yourself to this wonderful website I found which can be of help: http://www.journalofaccountancy.com/issues/2012/feb/20114686.htmlKey Elements of an Anti-Bribery/Anti-Corruption Framework Click To Tweet