Day: September 3, 2020

Categories
31 Days to More Effective Compliance Programs

The four key internal controls for compliance

 
There are four significant controls that I would suggest the compliance practitioner implement initially. They are: 1) DOA; 2) maintenance of the vendor master file; 3) contracts with third parties; and 4) movement of cash/currency.
Your DOA should reflect the impact of compliance risk including both transactions and geographic location so that a higher level of approval for matters involving third parties, for fund transfers and invoice payments to countries outside the U.S. would be required inside your company. The vendor master file, can be one of the most powerful preventative control tools largely because payments to fictitious vendors are one of the most common occupational frauds. Near and dear to my heart as a lawyer are contracts with third parties. These can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. The Hewlett-Packard (HP) FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a Polish government official to obtain or retain business. All situations where funds can be sent outside the U.S., including such methods accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans or advances, should all be reviewed from the compliance risk standpoint. This means you need to identify the ways in which a country manager or a sales manager could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.
To prevent these types of activities internal controls, need to be in place. This means all wire transfers outside the U.S. should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the U.S. should always require dual approvals. Lastly, wire transfer requests going outside the U.S. should be required to include a description of proper business purpose.
The bottom line is that internal controls are just good financial controls. The internal controls that detail requirements for third party representatives in the compliance context will help to detect fraud, which could well lead to bribery and corruption.
 Three key takeaways:

  1. Remember the top four internal controls for an effective compliance program.
  2. Effective internal controls should do more than protect but also prevent internal program violations.
  3. Effective internal compliance controls are good financial controls.
Categories
Innovation in Compliance

In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future – Part 4: GRC and K2 FIN


Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week am visiting with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over the week, we have reviewed the current Governance, Risk, and Compliance (GRC) landscape, looked at GRC at work, considered GRC and the investment community. In Part 4, we consider GRC and K2 Intelligence FIN and will conclude tomorrow with a look at GRC then and now.
Jeremy Kroll counseled that you must “start with an investigative mindset and understanding what the core risks are. Where is that inflection point? Sometimes you might find out a little bit late, but so long as you are quick to react and pivot, you can change the calculus. That means you have to be ready with enough resources internally. You need to make sure that you have a couple of key crisis response or organizations on speed dial because you can’t do everything yourself and your team is usually focused on doing business as usual.” He ended with “how do you be prepared and be in a position to make sure it is a normalized environment when you are dealing with a significant risk to your organization?”
A growing area is outsourced compliance, which was once again recognized in the 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs. Jeremy Kroll noted, “For entities of any size, it’s important to have the ability to constantly monitor and update compliance procedures and protocols as risk profiles change. However, we also know compliance budgets are under tremendous pressure to adhere to budget cuts and to create greater efficiencies. As a result, our third-party managed services offer outsourced technology and manpower service that enables these organizations to meet regulatory requirements and control costs. We leverage flexibility and scalability across areas including coping with a shortage of experienced employees; improving compliance processes; developing and maintaining a robust technology infrastructure; and tackling global compliance demands.” Jeremy Kroll concluded, “This way, for entities who don’t know where to begin or simply do not have the internal resources, they can rely on organizations like ours to help.”
Please join us for our final episode of this podcast series where we examine GRC: then and now.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.