As the world changes, we have to find new ways of doing things … and this is definitely true of #internalaudit that has been operating relatively unchanged using a traditional approach for decades. What will our relationship with the board, management, and the #chiefauditexecutive be like in this new brave world?
I’m joined by Mike Smith to discuss finding new ways to thrive in this #jammingwithjason #internalauditpodcast. We discuss this as well as how to be your whole self at work.
Listen in at: http://www.jasonmefford.com/jammingwithjason/
Mike Smith is the U.S. Intelligent Automation and Solution Lead for Internal Audit at KPMG.
New York Times columnist David Brooks’ thoughts on building and maintaining order inform the discussion on rigor in your internal controls. In internal controls, I believe it is incumbent to consider not only the most obvious risk areas for your internal controls but also the universe of potential transactions within the operations of a company. There is a clear need for rigor in your internal controls protocols and adherence to that rigor can increase operationalization around the internal controls a company should consider including gifts, travel and entertainment expenses.
Brooks said, “Building and maintaining order…requires toughness of mind and rigid discipline to properly serve your own work.” By having the rigor to institute and enforce the types of internal controls Howell has identified, you can go a long way towards detecting and, more importantly, preventing a FCPA violation from occurring.
Three key takeaways:
- You must maintain rigor around your internal controls.
- Controls against fraud can also help to prevent corruption.
- Building and maintaining good internal controls requires rigor.
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over this week, we are reviewing the current Governance, Risk, and Compliance (GRC) landscape, GRC at work, GRC and the investment community, GRC and K2 Intelligence FIN and will conclude with a look at GRC then and now. In Part 3, we consider GRC and the investment community.
It turns out that the investment community should be one of the biggest users of GRC platforms and technologies, particularly when we examine recent events around risk exposure in anti-money laundering (AML) and other illicit activity. Private equity is built to grow businesses and GRC is a key component as a solutions system. One regulatory area that Jeremy Kroll pointed to was AML, “AML was something you might hear about because of narco-traffickers and that some of the big money center banks were in trouble because they were banking drug dealers. After September 11th, everything changed. There was a wellspring of professionals entering the field, either they entered it because they wanted to serve in government or they wanted to pivot in their careers and go from being an auditor, a lawyer, an in-house risk manager into this whole area of fighting terrorism, through tracking, tracing, and reducing the threat of illicit finance. It only picked up steam and in part because of the whole financial collapse and crisis in 2008. Even beyond that, I think what happened was that the regulatory and enforcement bodies both in the United States and Europe have really committed to cracking down because there is money laundering going on.”
All of this has led Jeremy Kroll to conclude that investment firms are looking to invest in companies that can help mitigate these risks more than ever in a post-COVID 19 environment and that an increased innovation and growing number of solutions emerging. Please join us tomorrow where we look at GRC and K2 Intelligence FIN.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
EMBARGOED! is back! After a brief, socially-distanced summer vacation, Brian and Tim return to tackle the messy, unprecedented U.S. government actions targeting TikTok and WeChat. Next, we return to one of our favorite topics, Huawei, to analyze the impact of the BIS final rule, which makes another attempt to disrupt the company’s supply chain by further expanding the foreign direct product rule. We also discuss the first wave of sanctions targeting Hong Kong and its top officials and ponder whether this was anything more than a symbolic gesture. Plus, in the Lightning Round we share some thoughts on recent Entity List additions targeting, for the first time, activities in the South China Sea, a Xinjiang-related addition to the SDN List causing significant due diligence headaches, and, at long last, the publication of the Advance Notice of Proposed Rulemaking regarding “foundational technologies.”
Like what you hear? Please subscribe! * Apple Podcasts * Spotify * Amazon Music * Google Podcasts * Stitcher
Questions? Contact us at podcasts@milchev.com.
EMBARGOED! is not intended and cannot be relied on as legal advice; the content only reflects the thoughts and opinions of its hosts.
EMBARGOED! is intelligent talk about sanctions, export controls, and all things international trade for trade nerds and normal human beings alike, hosted by Miller & Chevalier Members Brian Fleming and Tim O’Toole. Each episode will feature deep thoughts and hot takes about the latest headline-grabbing developments in this area of the law, as well as some below-the-radar items to keep an eye on. Subscribe for new bi-weekly episodes so you don’t miss out!
Timestamps:
0:10 Introduction and Roadmap
The Rundown
5:36 TikTok and WeChat
30:00 Final BIS Rule re: Huawei and Foreign Direct Product Rule
42:52 First Hong Kong Sanctions
51:40 Lightning Round
52:00 BIS Addition of 24 Chinese Companies to the Entity List re: South China Sea
56:56 Xinjiang-related Additions to the SDN List 1:02:00 Commerce (Finally) Issues ANPRM re: Foundational Technologies
1:09:00 Final Thoughts
***Stay sanctions free.***
What specifically are internal controls in a compliance program? Internal controls are not only the foundation of a company but are also the foundation of any effective anti-corruption compliance program. Internal controls expert Joe Howell, former Executive Vice President (EVP) at Workiva, Inc., has said that internal controls are systematic measures, such as reviews, checks and balances, methods and procedures, instituted by an organization that performs several different functions. These functions include allowing a company to conduct its business in an orderly and efficient manner; to safeguard its assets and resources, to detect and deter errors, fraud, and theft; to assist an organization ensuring the accuracy and completeness of its accounting data; to enable a business to produce reliable and timely financial and management information; and to help an entity to ensure there is adherence to its policies and plans by its employees, applicable third parties and others. Howell adds that internal controls are entity wide; that is, they are not just limited to the accountants and auditors. Howell also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes diversion of company assets, such as by unauthorized sales discounts or receivables write-offs as well as the distribution of assets.
Three key takeaways:
- Effective internal controls are required under the FCPA.
- Internal controls are a critical part of any best practices compliance program.
- There are multiple FCPA enforcement actions that demonstrate the enforcement spotlight on internal controls.
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over the week, we will review the current Governance, Risk, and Compliance (GRC) landscape, look at GRC at work, consider GRC and the investment community, review GRC and K2 Intelligence FIN and conclude with a look at GRC then and now. In Part 2, we consider some examples of GRC at work.
From the Foreign Corrupt Practices Act (FCPA) world, there is Siemens, which sustained a $1.6bn fine from both US regulators and German regulators for its institutional corruption. The case still remains a landmark settlement and clear failure of a GRC framework. While the company had the rules, policies, and procedures written down, their GRC controls ultimately failed because of a lack of adequate leadership and a culture that enabled corrupt behavior. Following the enforcement action, it became clear they had to reinforce their compliance controls and corporate governance framework.
We ended with some of the biggest takeaways. First, mitigate risk on an ongoing basis. Next, be proactive, not reactive. Finally, it is all about culture. Please join us as we explore this and other GRC-related issues over this podcast series. Tomorrow we examine GRC and the investment community.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
Lisa Beth Lentini Walker says that there was something missing in the compliance and ethics space. Very often, compliance officers find it an isolating profession. She and her partner founded MentorCore as an avenue to improve the well-being of compliance professionals and to provide the guidance and support they wished they had at the start of their careers. Lisa Beth chats with Tom Fox about the services MentorCore provides.
Four Pillars
“We can come together and make sure that the profession is more sustainable, welcoming, accessible, and inclusive, and because of this MentorCore was born,” Lisa Beth says. She explains that MentorCore is founded on the four pillars of mentoring, learning, community, and development.
Reducing the Network Gap
LinkedIn reported that the three strongest factors that influence your network are your geography, the schools you attended, and the companies you worked for. One of MentorCore’s chief objectives is to reduce the network gap. Tom asks Lisa Beth what is a network gap. She explains that you would have significantly different opportunities based on your network. She argues, “I think that we have a real opportunity to try to find ways to reduce that network gap and break down barriers that prohibit really talented people from living to the utmost and being able to achieve the career successes that they want.”
5 Keys to Better Digital Health
Tom asks Lisa Beth to describe how we can improve our digital health. She shares five keys to improving digital well-being, including limiting screen time, focusing on your physical health, and finding a healthy balance. “You should be thinking about whether the digital part of your life is taking over everything and whether you’ve found what’s going to work for you from an overall holistic well-being standpoint,” she advises listeners.
Resources
MentorCore
MentorCore events
MentorCore on LinkedIn | Instagram | YouTube | Vimeo | Facebook | Twitter
Lisa Beth Lentini Walker on LinkedIn
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future.
Over the week, we will review the current Governance, Risk, and Compliance (GRC) landscape, look at GRC at work, consider GRC and the investment community, review GRC and K2 Intelligence FIN and conclude with a look at GRC then and now. In this Part 1, we consider the current GRC landscape.
GRC aims to synchronize information, processes and practices across the enterprise to help entities operate more efficiently by enabling effective information sharing about risk, aligning risk mitigation with organizational goals, allowing for more accurate and effective risk insights, while avoiding wasteful redundancies. Kroll related that a high-level explanation of GRC is “governance is at the top of an organization, literally the very tone from the top. So, at the end of the day, it’s, how can you share information, align your plans, to organize your goals and create an environment where you get more accurate, more effective insights to help you mitigate or manage risk”. GRC ensures that the people who are in the position to avoid risk and effectuate risk avoidance activities can effect that change, alter the course before things go wrong, based upon having the right information.
We turned to risk appetite. Jeremy Kroll believes “organizations have evolved and now there is precious little time to really experiment and figure out not whether something is going to go haywire”. This make is more about business resiliency. To be able to start or expand a business in this competitive world, you have to have a certain appetite for risk. GRC provides a framework to not only “have that appetite, but also be able to take certain decisions; whether that is a geographic expansion and going into a new market or going from investing in a people based businesses, and then starting to pivot into technology.” You can take certain risks as you either evolve or even transform the organization or team. Kroll pointed out that GRC can allow for an “organizational design that allows the highest levels of the business to listen and have the information flow to them and then react quickly that an organization does not lose its way.”
We next turned to the components of a strong GRC framework. They include: tone at the top governance; an effective method to identify, assess and quantify the risk; the ability to train and enforce compliance requirements; independent testing of mitigation measures and to close gaps and remediate deficiencies; audit programs focused on continual improvement and reporting; and the ability to communicate all of the above up the chain of command to the decisionmakers and change agents where decisions can be made and adjustments that cascade back down through the organization.
With these components in place, Jeremy Kroll then expanded out on how they are used. It begins with identifying the risks and then assessing them. From there you create a risk management plan and “once you have that plan in place, being able to monitor it, which leads to training and the constant reassessment, not just of the systems, but the people in your organization.” Moreover, if there is a failure, how quickly can you react and remediate? Jeremy Kroll concluded that it is actually “putting your plan into practice.” He provided the example that if you are a senior inhouse counsel and you are having a conversation with an engineer out in the field, you must, “feel their pain, to understand what it’s like to perform at a high-pressure environment.”
He concluded that GRC has become a much broader part of the conversation across the board. For example, this has become a larger part of the due diligence process for investors examining portfolio companies or acquisitions. Please join us as we explore this and other GRC-related issues over this podcast series. Tomorrow we examine GRC at work.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
Categories
Episode 026–Michael Bret Hood
On this episode of The Ethics Experts, Gio speaks with Bret hood about ethical behavior, how you see yourself, and the little lies we tell.
Check out more episodes, and don’t forget to subscribe on your favorite podcast platform!