Categories
31 Days to More Effective Compliance Programs

Internal audit and continuous improvement


Next, we consider how the internal audit (IA) function can be used to facilitate more effective continuous improvement. According to the Institute of Internal Auditors’ own definition, internal audit is “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Some of the key compliance activities of IA are to maintain its independence; to conduct auditing activity of awareness and adherence to policies, procedures, internal controls and corporate governance, including those relating to legal, compliance and ethics risks; to ensure there is follow up of recommendations made in IA reports, including those relating to compliance and ethics risks, including to track and report on management follow up; assist and collaborate on internal investigations, including having IA provide audit expertise in dealing with internal controls and financial data; assist in both design and auditing of internal controls and follow up as required. Clearly this is a function which is and should be integrated into compliance.
For its part, the compliance function can leverage IA resources and professionals on audit techniques and analysis of internal controls and such integration extends the corporate compliance influence through the company’s IA network. Finally, it allows the corporate compliance function to be made aware of relevant concerns uncovered during audits, so compliance is more fully able to participate in recommendations and follow up.
Three key takeaways:

  1. Internal audit can be used to provide continuous improvement to and for compliance.
  2. Internal audit can also fill a gatekeeper role in your compliance regime.
  3. Compliance should leverage IA resources and professionals, on audit techniques and analysis of internal controls.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties-Introduction and Key 2022 Enforcement Actions Involving 3rd Parties

Over the month of April, I will consider the risk management of third-parties in an operationalized compliance program. As every compliance practitioner is aware, third-parties still present the highest risk under the FCPA. You must assess whether the company has a business rationale for needing the third party in the transaction, and the risks posed by third-parties, including their reputations and relationships, if any, with foreign government officials. You should ensure that contract terms with third parties specifically describe the services to be performed, the third party is actually performing the work, and that its compensation is commensurate with the work being provided in that industry and geographical region.   Finally you must engage in ongoing monitoring of the third-party relationships, through updated due diligence, training, audits, and/or annual compliance certifications by the third party.

In this introduction, I visit with Alexander Cotoia, a Regulatory and Compliance Attorney at the Volkov Law Group to consider how recent FCPA enforcement actions point towards the use cases for a robust third-party risk management system. In 2022, the overwhelming majority of FCPA related enforcement actions involved third parties and required organizations to reprioritize third party risk management. In this episode, we consider case studies involving ABB Limited, GOL Airlines and Oracle which all demonstrated the importance of understanding bribery and corruption schemes, making voluntary disclosures, and reassessing third party risk management.

3 Key Takeaways

1. How can organizations reprioritize third-party risk management as a core compliance function?

2. What strategies can organizations use to avoid FCPA violations and maximize cooperation credit?

3.How can organizations effectively assess the risks posed by potential business partners?

Check out The Compliance Handbook, 3rd edition here

Categories
This Week in FCPA

Episode 199, week ending April 3, 2020 – the (mostly) Non-Coronavirus edition


Searching for non-coronavirus related stories, self-distancing Tom and Jay are back to consider some of the top compliance articles and stories which caught their eye this week.

  1. What were the FCPA enforcement highlights from Q1? Harry Cassin reports in the FCPA Blog.
  2. Instilling trust in uncertain times. Bob Conlin in Navex Global’s Ethics and Compliance Matters
  3. Can 2008 be used as a guide for Boards in this economic downturn? Mark Gerstein and Christopher Drewery in the Harvard Law School Forum on Corporate Goverance.
  4. Why must you be ever vigilent about fraud during an economic downturn. Jonathan Marks on Board and Fraud.
  5. Managing digital disruption, part 2. Jim DeLoach in CCI.
  6. Morrisons skates massive data breach liability in UK. Cordery Compliance Client Alert.
  7. Trump evisceration of EPA puts companies in ethical dililemma. Jaclyn Jaeger in Compliance Week.
  8. Marriott has data breach of 5.2MM guests. Aaron Nicodemus in Compliance Week.
  9. A whistleblower award goes to a compliance professional. Matt Kelly in Radical Compliance.
  10. On the Compliance Podcast Network, Tom concludes a month of looking at the role of innovation in compliance And opens a month of exploring continuous improvement, all on 31 Days to a More Effective Compliance Program. This week saw the following offerings: Monday-Innovation in Compliance Leadership; Tuesday-What Does Innovation in Compliance Look Like?; Wednesday-Continuous Improvement in Compliance; Thursday-the Compliance Audit; Friday-Internal Audit and Continuous Improvement. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here. This month’s sponsor is Affiliated Monitors, Inc.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Daily Compliance News

April 3, 2020-the Trump Companies Bailout Edition


In today’s edition of Daily Compliance News:

  • Trump companies seek bailout? (NYT)
  • Jay Clayton favors private equity. (WSJ)
  • US sues to unwind Big Tobacco investment in Vaping. (WSJ)
  • Families of Citgo Executives Jailed in Venezuela Fear Coronavirus Threat (WSJ)