By Peter Miller
Recent indications are that the U.S. Department of Justice and the SEC are on a bit of war path with respect to ensuring that organizations comply with the Foreign Corrupt Practices Act (FCPA). This trend isn’t restricted to the USA either. Many other countries are turning their efforts on how to address corruption. Perhaps the recent financial crisis has caused regulators to lose faith in the way certain businesses are run…
FCPA legislation has been around for a while. It dates back to 1977 and makes it illegal for a US issuer of securities, and certain others, to directly or indirectly bribe foreign government to obtain or retain business or gain business advantage. It also includes certain accounting transparency requirements. FCPA and its counterparts from other countries around the world also have some teeth, with a number of senior executives cooling their heels in jail for engaging in bribery to land lucrative contracts. Have you assessed your FCPA compliance risk? Maybe it’s time you added this to your audit risk assessment and where appropriate to your next audit plan. And whether you have or have not, can you do so cost effectively?
One excellent practice is to establish a continuous auditing or continuous monitoring approach to FCPA compliance. With the adage, “the truth is in the transactions,” you can automate the process of examining all payments being made to high risk vendors, such as government contractors or those on government watch lists. You can also flag any other payments that appear to be suspect. With the right analytical approach, you can provide assurance to your organization without “getting in the way” of efficient business processes or becoming an unsustainable burden on your staff. With ACL technology, you will be able to provide a credible body of evidence of your compliance analytics and support your obligation to provide accounting transparency in this area. Continuous analysis will also streamline internal audit activities, in addition to standing up to scrutiny from regulators or external audit firms.
The IPPF standards are clear and unambiguous. There’s lots of “must do’s” for Internal Audit with respect to evaluating the risk management process, and being alert to and reporting of the existence of other significant risks. So why is it that a third of respondents perceive that assessing risk management is is beyond the scope of Internal Audit?
My theory is that too many audit shops have had “tick-the-SOX-check-box-itis,” and that operational auditing activities such as risk assessment have fallen to the wayside. With the economic downturn causing a swift and dramatic shift in what is expected from Internal Audit departments, new challenges are surfacing.
Find out more: ACL Blog