Categories
Blog

PCAOB Proposed Rule on Compliance Audits

In the realm of auditors intersecting compliance and fraud risk audits, a fierce battle of perspectives rages on. Compliance professionals yearn for a bigger role, a seat at the table to tackle potential compliance violations. Yet, as the storm brews, the audit community hesitates, fearing the unfamiliar waters of becoming compliance and legal violation experts. Brace yourselves, for the unexpected outcome lies just beyond the horizon.

Compliance professionals are generally accepting of the idea that audit firms might look for compliance violations, as long as the proposal includes meeting with the chief ethics and compliance officer and reviewing the state of the compliance program with the audit committee. Many auditors do not want the additional responsibility, claiming it is outside their area of expertise and the requirement will increase audit costs.

Other trade and industry groups have weighed in as well. The American Bankers Association said in a letter “With respect to the legal function, auditors may be put into a position to second-guess a company’s own legal counsel regarding whether noncompliance may have occurred.  “With respect to the management function, the requirement that auditors perform ‘enhanced risk assessment procedures’ could result in auditors second-guessing how management allocates the company’s financial and human resources. This would not only blur responsibility between the legal, management and audit functions, but would also divert auditors’ time, attention and resources away from auditing financial statements.”

The group went on to note that  “Various federal and state regulatory authorities in the United States have a responsibility to examine, monitor and, where appropriate, bring enforcement actions against companies that do not adhere to laws and regulations. Moreover, given the many and varied private rights of action available against corporations in the United States, companies are subject to even further scrutiny and liability for noncompliance.”

Stephen Foley, writing in the Financial Times, said that some companies have objected that the implementation of the proposal might negatively impact the attorney/client privilege. He wrote “companies said the new rules could mean more correspondence with their lawyers would have to be shared with auditors, with the result that it loses its legal privilege and could become evidence in litigation.” He cited to Ronald Edmonds, controller at the chemicals group Dow, that “Company personnel could be more hesitant to disclose legal violations to their counsel if they fear that the communication will not be privileged. Attorneys may also hesitate to prepare written analysis for their clients for fear that it would end up non-privileged and ultimately in the hands of a legal adversary.”  Amy Johnson, controller at RTX said “The broad scope and volume of information that would be required to be shared with auditors is likely to encompass sensitive attorney advice.”

Conversely, PCAOB Chair Erica Williams told the FT, “Companies’ non-compliance with laws and regulations, including fraud, can really have devastating consequences for investors. This proposal is simply making sure that the protection investors think they’re getting today matches what the standard requires.” Foley cited to Brandon Rees, the AFL-CIO deputy director who said “All too often when a fraud is exposed, it rarely comes to light from the auditors. Auditing standards should require auditors to have uncomfortable conversations with management.”

The PCAOB will have to consider this feedback from its consultation period before deciding whether to push ahead with the proposal, or to amend or scrap it. Two of the five board members have said they are opposed to the new rules, but a simple majority is all that is needed. What are some of the issues that auditors may face if the proposed rule is enacted?

If auditors are mandated to assume more compliance responsibilities as per the proposal, there may be several challenges to address. One of the primary concerns is whether auditors have the requisite knowledge and training to identify and manage compliance violations efficiently. Furthermore, the elevated costs associated with hiring legal experts, coupled with the increased liability facing auditors can potentially create a barrier to the rule’s successful implementation.

The proposal has the potential to shape how audit firms approach their investigations into client companies, particularly with regard to compliance and legal violations. By requiring auditors to look more closely at non-compliance with laws and regulations, the proposal is intended to deliver more comprehensive audits and prevent financial fraud. However, the incorporation of duties usually performed by legal professionals into the auditing process could complicate the auditors’ role, potentially raising costs and increasing liability.

The proposed rule generates divided opinions between compliance professionals and the audit community. Compliance executives generally support the proposal, provided it includes engagement with the chief ethics and compliance officer, and necessitates a comprehensive review of the compliance program with the audit committee. On the contrary, most auditors, represented by the PCAOB, argue against the implementation of this rule, citing a lack of necessary expertise to identify compliance violations, and increased burden of audit fees.

If auditors are mandated to assume more compliance responsibilities as per the proposal, there may be several challenges to address. One of the primary concerns is whether auditors have the requisite knowledge and training to identify and manage compliance violations efficiently. Furthermore, the elevated costs associated with hiring legal experts, coupled with the increased liability facing auditors can potentially create a barrier to the rule’s successful implementation.

Compliance professionals and the audit community clash over a proposed rule on auditors reporting compliance violations. As tensions rise and perspectives collide, can these two groups find common ground or will they remain at odds, leaving the fate of the proposal uncertain?

Categories
Corruption, Crime and Compliance

The Importance of a Consequence Management System

Transparency, ethics, and compliance are more than just corporate buzzwords; they’re foundational to building trust in today’s global organizations. Consequence management systems encompass elements like transparency, robust employee reporting, protective measures for whistleblowers, and effective internal investigations. These are all essential for maintaining organizational justice, trust, and integrity. In this episode of Corruption, Crime and Compliance, Michael Volkov underscores the value of collecting and analyzing employee reports, the pivotal role of Chief Compliance Officers, and the integration of compliance compensation with consequence management.

You’ll hear Michael talk about:

  • Global companies now recognize the significance of robust consequence management systems, which encompass vital processes from internal investigations to disciplinary actions. A pivotal aspect of these systems is transparency, especially when designing and implementing employee reporting.
  • When it comes to effective employee reporting, a system is more than just a hotline; it involves tracking and addressing concerns in real-time. To foster trust, such systems must operate promptly, fairly, and consistently, ensuring that reporters are protected against obstruction and/or retaliation.
  • Key components of an effective reporting system include:
    • Clear internal communication, which ensures employees feel heard.
    • Foundational support, which bolsters efficiency.
    • Collated reports from diverse sources, which offers insights into the company’s culture and potential risks.
    • Transparency and consistency, as sporadic disclosure can negatively influence employees’ perceptions of a company’s intentions.
  • A CCO’s commitment is reflected when issues are investigated and addressed swiftly and justly. They play a crucial role in collecting and analyzing employee reporting data, as well as educating senior management and boards on the significance of employee reports.
  • Companies need to establish written protocols for internal investigations to ensure that they are conducted fairly and impartially. These protocols should outline the steps that will be taken during an investigation, as well as the rights of the employees involved. The protection of employees and whistleblowers is paramount.
  • An internal oversight committee should be responsible for overseeing internal investigations. Regular reviews ensure that procedures are followed consistently and that there is a focus on quality. Additionally, all investigations should be properly documented and resolved in order to maintain integrity.
  • Compliance and consequence management systems should work together to meet the expectations of the DOJ, promoting corporate citizenship and financial success. 

 

KEY QUOTES

“A true employee reporting system includes reports to supervisors, walk-ins to human resources, walk-ins to legal and compliance, and an automated reporting system.” – Michael Volkov

 

“The real question is whether the company backs up its statement through specific actions. This cannot be accomplished through words, but really only through deeds, through actions. All too often, companies get ahead of themselves. They make these broad pronouncements. They sound good, they pat each other on the back, and they don’t build the essential foundations and infrastructure needed to establish an effective employee reporting system.” – Michael Volkov

 

“As a basic initial requirement, every company should adopt a written internal investigation protocol that is published internally, promoted internally to demonstrate a commitment to transparency, and those protocols and procedures should be followed to the T.” – Michael Volkov

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
FCPA Compliance Report

FCPA Compliance Report – Mike DeBernardis on the Cognizant Investigation Ruling

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back fan favorite Mike DeBernardis, partner at Hughes Hubbard Reed. We take a deep dive into the trial court ruling in the Coburn and Schwartz claim that the Cognizant internal investigation which identified them was run by the DOJ and should be tossed for the lack of federal criminal procedural protections.

A recent district court decision on an FCPA case has significant implications for future investigations. The trial court emphasized the importance of a fully developed record and provided guidance for companies conducting internal investigations while cooperating with the government. The episode emphasizes the need for independent investigations, the distinction between government-directed investigations and cooperation with the DOJ, and the timeline of events that shows the importance of self-disclosure by the company. It also discusses the significance of independent decision-making in corporate investigations and the importance of documenting investigations to build a strong record. The restrictions placed on employee interviews during investigations are also addressed, with a suggestion for clear guidelines and procedures to ensure fair and effective interviews. Overall, the episode highlights the practical implications of the court decision and sets a standard for future investigations in FCPA cases.

 Key Highlights

·      FCPA Pretrial Work

·      Importance of Independent Decision-Making

·      Importance of Documenting Investigations

·      Restrictions on Employee Interviews

·      Investigation world cases

Resources

Mike DeBernardis

Hughes Hubbard Reed

Court Opinion in US v. Coburn

Tom Fox

Instagram

Facebook

YouTube

Twitter

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 10 – Sales Incentives and Compliance

In the DOJ’s 2023 ECCP, Incentives and Disciplinary Measures it stated:
Incentive System – Has the company considered the implications of its incentives and rewards on compliance? How does the company incentivize compliance and ethical behavior? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?
When considering how a company could use incentives to further a compliance program and the role of HR in this process, we should also consider how incentives might lead to the converse, as they did in the now-infamous Wells Fargo fraudulent-accounts scandal. When you misalign these two concepts with a faulty sales strategy it can lead to a catastrophic failure, literally costing the company millions of dollars in fines, loss of business and depreciation of shareholder value. Whatever your incentive structure, there will be employees who try to game the system. Some will do it with the tacit or explicit approval of management. You, as the CCO, may be required to act.

Three key takeaways:

  1. Even a benign sales incentive program came become skewed.
  2. A sales incentive program can become high risk or illegal if not properly monitored.
  3. If there is alignment between the strategy, purpose and structure of an incentive system, it often makes the difference between a good and a bad one.

For more information, check out The Compliance Handbook, 4th edition here.

Categories
Daily Compliance News

Daily Compliance News: August 14, 2023 – The Odebrecht Strikes Again Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Grupo Aval settles FCPA enforcement action. (WSJ)
  • What does SCt grant of cert mean? (NYT)
  • Health care corruption sweep in China. (South China Morning Post)
  • SBF headed to jail for witness tampering. Who is next? (Reuters)
Categories
Adventures in Compliance

Adventures in Compliance – Leadership Lessons from The Adventure of the Blue Carbuncle

Welcome to a review of all the Sherlock Holmes stories which are collected in the work, “The Adventures of Sherlock Holmes.” The appeared in the Strand Magazine from July 1891 to June 1892. Over 12 episodes, I will be reviewing each story and mine them for leadership, compliance and ethical lessons. “The Adventure of the Blue Carbuncle” was first published in the Strand Magazine in January 1892 and is included in the collection ‘The Adventures of Sherlock Holmes’.

Summary

The story begins on Boxing Day, when Holmes receives a peculiar old hat from Peterson, the commissionaire. The hat was found next to a Christmas goose, abandoned after its owner had a skirmish with some ruffians. Peterson also found a blue gem in the goose’s crop which turns out to be the “Blue Carbuncle,” a precious stone which was reported missing a few days earlier.

Intrigued by this series of events, Holmes and Watson embark on an investigative adventure. They start by tracing the goose back to a local poultry shop, which leads them to the supplier, who had given the goose as part of a group to a hotel. The hotel staff recognizes the goose and tells Holmes it was given to a Mr. Henry Baker.

When Henry Baker arrives to claim his hat and goose at Baker Street, Holmes realizes that Baker knows nothing about the Carbuncle. Further investigations lead Holmes to James Ryder, a hotel attendant, who confesses his crime after being confronted.

Ryder had persuaded a maid at the Countess of Morcar’s hotel to let him steal the Blue Carbuncle. Fearing detection, he had hidden the gem inside a goose at his sister’s poultry shop, but the bird had gotten mixed up with others, thus ending up with Baker.

At the end of the story, Holmes lets Ryder go, considering him a small, terrified man who will likely not survive a prison sentence. The Blue Carbuncle, a jewel of great value, is recovered, but the story concludes without stating whether it was returned to its rightful owner.

Leadership Lessons

  1. Attention to detail: Sherlock Holmes is known for his attention to detail, and this is evident in “The Adventure of the Blue Carbuncle.” He can solve the mystery by paying close attention to small details that others have overlooked. Leaders can learn from this by focusing on the details and not overlooking anything that could be important.
  2. Problem-solving skills: Holmes is a master of problem-solving, and this is demonstrated in the story as he unravels the mystery of the missing gemstone. Leaders can learn from this by developing their problem-solving skills and approaching challenges with a creative and analytical mindset.
  3. Teamwork: Although Holmes is the main detective in the story, he works with others, including Dr. John Watson, to solve the case. Leaders can learn from this by recognizing the importance of teamwork and building strong relationships with their colleagues.
  4. Adaptability: Throughout the story, Holmes demonstrates his ability to adapt to changing circumstances and adjust his approach as needed. Leaders can learn from this by being flexible and open-minded, and by recognizing that there may be multiple solutions to a problem.
  5. Honesty and integrity: Despite the temptation to keep the valuable gemstone for himself, Holmes returns it to its rightful owner, demonstrating his honesty and integrity. Leaders can learn from this by being honest and transparent in their dealings with others and by upholding their ethical principles.

Resource

The New Annotated Sherlock Holmes

Categories
The Ethics Experts

Episode 154 – Joey Price

In this episode of The Ethics Experts, Nick welcomes Joey Price. Joey V. Price is an award-winning Human Resources Executive, thought leader, and the Founder and CEO of Jumpstart:HR. The company offers HR outsourcing and consulting for startups and small businesses. Joey also co-hosts the “While We Were Working” weekly podcast for leaders in the workplace who wish to be better at handling people issues.
LinkedIn: JoeyVPrice
Instagram: Joeyvpricehr
Twitter: Joeyvpricehr
YouTube: @Jumpstarthr
TikTok:Joeyvpricehr
Facebook: Jumpstarthr