One of the specific requirements in the 2020 Update is around internal controls and, more specifically, control testing. It stated:
Control Testing – Has the company reviewed and audited its compliance program relating to the misconduct? More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third parties does the company undertake? How are the results reported and action items tracked?
Fortunately, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 Internal Controls Framework considers assessing compliance with internal controls. In “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls,” COSO laid out its views on assessing the effectiveness of internal controls. It noted that an effective system of internal controls provides “reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting, and compliance.” Moreover, such a structured protocol can only meet two over-arching requirements. First, each of the five components is present and functioning. Second, the five components operate in an integrated fashion with each other. One of the most critical components of the COSO Framework is that it sets internal control standards against those you can audit to assess the strength of your compliance with internal controls.
Three key takeaways:
- An effective system of internal controls provides reasonable assurance of achieving the company’s objectives relating to operations, reporting, and compliance.
- There are two over-arching requirements for effective internal controls. First, each of the five components is present and functional. Second are the five components operating together in an integrated approach.
- For an anti-corruption compliance program, you can use the Hallmarks of an Effective Compliance Program as your guide to testing against.