Tag: compliance

Categories
Shakespeare on Compliance

Shakespeare on Compliance – Engaging Your Audience

I recently saw the performance of King Lear with Glenda Jackson as the mad king. It was a magnificent production and if you have the chance to see, I would certainly urge you to do so. The production had many interesting features and interpretations which seemed to be great entrees into several compliance topics. The play was directed by Sam Gold and it was scored by Phillip Glass but the star power was derived from Jackson as King Lear. It was a fabulous take on the story and one that will resonate directly to our turbulent times. Therefore, inspired by octogenarian Jackson and her performance, I am going to use King Lear as a deep dive into several compliance topics this week. In this episode, I want to discuss the opening scene where Lear bids his daughters express the breadth and scope of their love for him.

Lear has called a conference to divide his kingdom between his three daughters, Goneril, Regan and Cordelia, his youngest who is clearly is favorite. Goneril professes her love is more than words alone can convey, saying “A love that makes . . . speech unable / Beyond all manner of so much I love you”. Regan professes, “Myself an enemy to all other joys, Which the most precious square of sense possesses, And find I am alone felicitate in your dear Highness’ love.” However, Cordelia refuses to play the flattering fool. Her father twice gives her the opportunity to redress this decision but she holds firm saying “Nothing, my lord”. This leads to the break in the family, the deaths of the sisters and the fullest scope of tragedy.
Why do you need to engage your audience? I thought about this in the context of the Foreign Corrupt Practices Act, compliance and regime change. This is not Saddam Hussain regime change where the US government invades a country to throw out the old boss. This is a democratically elected-peaceful transfer of power. However, it now appears that regime change now means corruption investigations which impact not only the FCPA but also US companies. Every compliance officer needs to aware of this new reality. Take three recent regime changes, together with what they have meant; and perhaps one to come.

  1. South Africa
  2. Malaysia
  3. Brazil
  4. Venezuela

The bottom line is that every Chief Compliance Officer (CCO) must now watch local politics much more closely. If you are doing business in a high-risk country and there are new leaders brought in through democratically elected regime change, your company had better be ready for a robust corruption investigation. Certainly if Malaysia, South Africa and Brazil are any indication, prosecutors from nations with new regimes may well share their findings with the US Department of Justice (DOJ). This means that regime change could lead directly to a FCPA investigation, where the disclosure was by a foreign government and not the company self-disclosing. If there is no self-disclosure, a company is not eligible for the declination under the 2017 FCPA Corporate Enforcement Policy.

Categories
Shakespeare on Compliance

Shakespeare on Compliance – Changing Your Focus

I recently saw the performance of King Lear with Glenda Jackson as the mad king. It was a magnificent production and if you have the chance to see, I would certainly urge you to do so. The production had many interesting features and interpretations which seemed to be great entrees into several compliance topics. The play was directed by Sam Gold and it was scored by Phillip Glass but the star power was derived from Jackson as King Lear. It was a fabulous take on the story and one that will resonate directly to our turbulent times. Therefore, inspired by octogenarian Jackson and her performance, I am going to use King Lear as a deep dive into several compliance topics this week.  In this episode, I want to discuss how this production changed the focus of the play, away from the madness of the king to the actions of the three daughters.

Perhaps it was my perception of the play or perhaps it was the director’s intention but the focus in the first half of the play was clearly on the daughters and their families. Both Goneril and Regan played much more prominent roles throughout the first scene and their joint liaisons with Edmund, later the Earl of Gloucester, were key components of this production. Moreover, their husbands, the Duke of Cornwall and the Duke of Albany, also played prominent roles. The Duke of Cornwall, for instance his role in this production was more than the traditional highlight for him, which is the blinding of the original Earl of Gloucester. (Even in this production it still elicited gasps from the audience.)
Even after the intermission, where some of the most powerful scenes in all of Shakespeare playout, including the blinded Earl of Gloucester and the mad Lear wandering the moor, this production held a distinct focus on Lear’s daughters and their families, adding in the complexity of Edmund, the new Earl of Gloucester, having an affair with Goneril while secretly pledged to wed Regan.
In the most recent Harvard Business Review (HBR), Scott Berinato writes, in an article entitled “Data Science and the Art of Persuasion”, that most companies are not getting the value from data science initiatives and prescribes ways to remedy this phenomenon. Last year, at Compliance Week 2018, Hui Chen said on a panel that she expected the compliance team of the not-so-distant future would have a data scientist. As with most of her pronouncements, she was way ahead of the crowd.
You must start with the premise that most CCOs and compliance professionals are legally trained, usually without any data analytics classes in law schools still operating under the Socratic Method. Even if a stat class is thrown in somewhere along the way in undergrad, grad school or even through some business school outreach to law students, that does not begin to prepare someone to understand the insights available through advanced data analytics. The key is to build a better data science operation. There are four suggestions, with the over-arching theme of defining the talents you need to understand and communicate the data.

  1. The unpacking of data and creation of insights is a skill.
  2. Data wrangling.
  3. Expertise.
  4. How to communicate the information.
Categories
Shakespeare on Compliance

Shakespeare On Compliance – Innovation

I recently saw the performance of King Lear with Glenda Jackson as the mad king. It was a magnificent production and if you have the chance to see, I would certainly urge you to do so. The production had many interesting features and interpretations which seemed to be great entrees into several compliance topics. The play was directed by Sam Gold and it was scored by Phillip Glass but the star power was derived from Jackson as King Lear. It was a fabulous take on the story and one that will resonate directly to our turbulent times. Therefore, inspired by octogenarian Jackson and her performance, I am going to use King Lear as a deep dive into several compliance topics this week. Today, I want to use the nature of the production, to introduce the day’s topic of innovation in compliance.

Gold’s Lear production was both unique and innovative. It was quite a large stage but the lightening was used to great effect. When the director wanted to shift the action, to another group of actors or topic, the lights were simply shut off to the actors not involved. They did not have to exit the stage and then return. This allowed them to remain on stage and the action could move back and forth without disruption.
The second innovation was in the use of music. While I am generally not a fan of music in Shakespeare, unless used in the original show notes, such as bugles blaring; I am not a fan of music in the performances. However there was a classical quartet which played throughout the performance that I felt truly enhanced the entire production. Finally, I normally revolt at any singing in a Shakespearian production. There were a couple of singing scenes which almost worked for me but at least they did not detract from the overall performance.
I thought about this in the context of how to move compliance innovation into the corporate pantheon of greater business process efficiency when I read a recent MIT Sloan Management Review article, entitled “Grow Faster By Changing Your Innovation Narrative”, by George S. Day and Gregory P. Shea. In the article they discussed their findings that organizations that sustain growth “faster than industry rivals articulate a coherent, compelling innovation narrative and rely on four powerful levers to make it a reality.” They posited four key levers for doing so which I believe would work well for a compliance function to sustain innovative growth within an organization and with its customer base, i.e. employees. I have adapted their piece for such an exercise.
The first lever is to invest in compliance talent.
The second lever is encouraging prudent risk taking.
The third lever is to adopt a customer centric process.
The fourth lever is aligning metrics and incentives with innovation activity.
The bottom line is that senior management is well-versed in the need for innovative and effective compliance. By using these four levers, a compliance practitioner can help senior managers to focus the organizations compliance efforts. The authors conclude by stating, “A growth-affirming  innovation narrative and the four levers that make it manifest within a company can help leaders focus and prioritize their innovation efforts. The process of identifying and articulating the narrative is essential to understanding the culture of innovation within a company and envisioning what it can achieve. The levers bring that narrative to life. Without them, organic growth leadership in any industry is a hit-or-miss endeavor.”

Categories
Modern Medium

Welcome Modern Medium to the Compliance Podcast Network

I am pleased to welcome to the Modern Medium Podcast to the Compliance Podcast Network! In this new podcast Paris Fox leads a discussion on about the tools, strategies, tactics, and possibilities in modern medium design. In our first episode, we’re exploring ideas: how they form, how they change, and how we might incorporate those ideas into graphic design. Every compliance practitioner should listen to this podcast to help improve their messaging with a sharp millennial point of view.
Episode 1-Introduction
The creative process and coming up with ideas
When you’re stuck in a creative rut, it’s difficult to know where to begin with an idea. Even when you dohave an idea, it’s easy to get caught up in what you think something is supposed to be or what it’s supposed to look like. So it’s an important part of the process to learn how to let go. Ideas can come from anywhere. You can think of anything as a base point and go from there with it. Think about what you knew before, think about what you know now, and think about how things have changed. This doesn’t have to go anywhere tangible; you can use this as a brainstorming exercise or mind map and take off from it.

Episode 2-Incorporating Time into Art

Thinking about time
Pick a sense, and spend 24 hours being fully aware of it. For example, what are the sounds that you experience when you go to class? As you go home? Or commute to work? Just begin to acknowledge the way you’re moving through time, because it’s easy not to think about. Documentation is also critical: it’s easy to experience and acknowledge these things, but how are you going to see how they’ve changed over time if you don’t document it?
Episode 3-Making Art a Sensory Experience
On this episode of the Modern Medium Podcast, we’re exploring our senses: while it’s common for art to have visual and aural components, we don’t normally think about art in terms of smell, taste, or touch. But art is supposed to imitate life, and within life, we experience these all at once. How then can we make art a sensory experience?
Episode 4-Are You Creating Barriers to Your Art
Barriers
On this episode of the Modern Medium Podcast, we are exploring barriers: might artists inadvertently create these barriers to their art? And how does this affect its experience? Barriers can be anything: a blind person who can’t see the art, or someone with a learning disability who might not understand the art in the way that it was intended. But they can still experience art in other ways that you might not expect, and so in this way, art can be accessible to anybody. It’s just a matter of creating that space.
Categories
Innovation in Compliance

Innovation in Compliance-Part 3: Third Party Expansion

We are on Episode III of special five-part podcast series on an innovative approach to managing third party risk. This week I am joined by James H. Gellert, the Chairman and Chief Executive Officer (CEO) of RapidRatings International Inc. (RapidRatings), the sponsor of this special series. Our conversation is about helping companies manage their third-party supply chains through financial health. The RapidRating approach is incredibly innovative, with a series of products and services that should be considered by the compliance practitioner. In today’ episode, we discuss the issue of third-party expansion.

We began with a consider of the definition of third-party. Gellert related, “Historically, people talked about simply an entity outside of your organization as a third party. However, that definition is broadening, to mean really that entity with which your company works.” Obviously, this can be a supplier or vendor, it can be a service provider, a customer, a joint-venture (JV) partner and/or an intercompany affiliate. A broader view could include intercompany affiliates as third parties, even though many people would see them as just being another entity inside of a business. Gellert said, “the definition of third parties is expanding, which only makes life more complicated for anyone trying to do third party risk assessments and then the tiering just creates an exponential change.”
Specifically, “in supply chain, a tier one supplier is one of the suppliers your organization is directly purchasing from. Next a tier two is one that your company’s tier one is buying directly from. This means for risk managers assessing the various risks of their supply chain have to go deeper and deeper. One way to do so is through trying to understand the connection between tiers one, two, three, four and so on. The problem is there are many risks that companies do not manage because they cannot identify which companies are taking risks.” Gellert further noted, “one of the hottest topics in 2019 for a supply chain and risk managers is trying to get their arms around how to handle this particular question.”
I asked Gellert how would he suggest a supply chain professional began to think through some of these issues articulated but in the context of a global supply chain? He began by stating, “anyone who is involved in third party or supply chain risk management needs to try to map out and understand the suppliers whose exposure they need to assess for their organization.  Obviously, this includes both direct and indirect suppliers but in terms of the tiering, the best way for anyone to understand the supply chain risk is to have really good communication with their tier one suppliers to be able to discuss the risks to both businesses.”
Moreover, “this means communicating with a tier one supplier about who their tier ones are that are providing product or service that are coming to that client. Only with that type of transparency and communication can businesses look through the tier one into the sub tiers to understand the risk your organization has and where there may be a risk concentration. Without effect communication and dialogue, created and fostered as part of the relationship, people are going to fly blind.” Finally, in this global economy with such internationalization and diversification of supply chains, organizations you “really do need to pull out all the stops to try to manage risk. Communication is one of the first places to start.”
Gellert concluded with some thoughts on transparency, which he believes is not only important but “should be applied everywhere.” He said you should begin with your tier ones but the ability “to look deeper into the supply chain is also really important.” Further, Gellert said, “a lot of supply chain risk professionals can go wrong if they use transparency as a bludgeon as opposed to as an opportunity. Then the company they are asking for information from only sees risks in disclosing information as opposed to seeing commercial value and we promote transparency as a means to commercial value.” But it is more about fostering the relationship so that you can adequately assess and then manage the risk. Gellert noted, “that’s the key part, that people have to embrace if they’re going to be able to look deeper into their supply chains.”
Please join us tomorrow when we consider some of the challenges Gellert is seeing in supply chain risk management for 2019 and going forward.
This podcast series is sponsored by Rapid Ratings International, Inc. For more information, check out their website at www.rapidratings.com.

Categories
This Week in FCPA

This Week in FCPA-Episode 148 – the Hope Springs Eternal edition

As Opening Day near and the Astros are predicted to unseat Jay’s Red Sox to win the 2019 World Series, both lads are eternally hopeful for their hometown heroes. While debating this issue, they also take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.

  1. Former Hong Kong official sentenced for FCPA violations. Harry Cassin reports in the FCPA Blog. Matthew Goldstein reports on how to reduce your FCPA sentence in the New York Times.
  2. SEC awards two whistleblowers $50MM. Kristin Broughton in the WSJ Risk and Compliance Journal. Matt Kelly takes a deep dive in Radical Compliance. Doug Cornelius gets snarky in Compliance Building. Jonathan Marks weighs in on Board and Fraud.
  3. Jonathan Ruschand William Weaver debate whether corruption can be measured. Both on the FCPA Blog.
  4. Was it fraud or was it incompetency? The HP v. Autonomy civil trial begins in London. The BBC
  5. What is the difference in whistleblowing and extortion? Joe Mont explains in Compliance Week. (sub req’d)
  6. What are your supply chain risks? Russ Berland explores in Part 1 of a two-part blog post series on Corporate Compliance Insights.
  7. Looking at enforcement of financial market crimes in Canada and UK. Anita Anand reports in NYU’s Compliance and Enforcement Blog.
  8. What steps can you take to reduce whistleblower retaliation? Matt Kelly opines in Navex Global’s Ethics and Compliance Matters
  9. OECD slams Canadian government for interfering in SNC-Lavalin corruption investigation. Jonathan Rausch reports in Dipping Through Geometries.
  10. Join Tom and AMI’s Jesse Caplan for a 5-part exploration of emerging issues in healthcare compliance and monitoring. Check out the following: Part 1-Opioid Crisis-Legal issue; Part 2– Opioid Crisis-compliance solution; Part 3– the regulators; Part 4-the monitoring healthcare organizations; and Part 5-proactive monitoring. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotifyand Corporate Compliance Insights.
  11. In Houston on April 11? Join the Greater Houston Business and Ethics Roundtable for a presentation for one year look back on GDPR. Registration and information are here.
  12. Check out the latest edition of Great Women in Compliance where Mary Shirley visits with Marianne Ibrahim.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
Popcorn and Compliance

Popcorn and Compliance: Captain Marvel

In this podcast series, recovering screenwriter (and Mr. Monitor) Jay Rosen and myself will indulge in passion for the movies by looking at them through the lens of compliance. Jay is a contemporary movie fan and I am more of a classic movie maven so we present a well-rounded view of the movie fandom. If you want to indulge in your love for the movies with two guys who are passionate about Hollywood and get some ideas for your compliance program, this is the podcast series for you.For this week’s offering, today we look at the Marvel-universe hero, Captain Marvel.

Some of the highlights include:

  • What is the backstory for Nick Fury and Phil Coulson?
  • How and why did internet trolls tried to sabotage the film?
  • What was the response of Rotten Tomatoes?
  • How were Eggs used to great effect?
  • The special effects and battle scenes were great.
  • Who was honored in different scenes in the movie?
  • Jay gives the movie not only a full bucket of popcorn but as second bucket as well. Tom joins with an overflow bucket of popcorn.

The Compliance takeaways:

  1. Understand where you come from, know your business inside and out.
  2. Nick Fury recognized a new risk-do you have a trip system for new risks in your organization? Do you have a seat at that table?
  3. How and why did Nick Fury lose his eye? How do you assess known strategies for unknown risks?
  4. Get out of the corporate office and into the field to meet your employees.
  5. Take action, when needed to change the balance.
  6. As a CCO you may have to take a stand.
Categories
This Week in FCPA

This Week in FCPA-Episode 145 – Conferencing in America edition

Tom and Jay were both conferencing this week, albeit in different disciplines. Tom at Podfest Expo and Jay at the ABA White Collar Crime conference. In between they discussed some of this week’s top compliance and ethics stories which caught their collective eyes.

  1. MTS has massive FCPA resolution. Harry Cassin breaks the story in the FCPA Blog. See DOJ Press Release. See SEC Cease and Desist Order.
  2. CTFT to follow DOJ lead on enforcement and SEC lead on Whistleblowers. Dick Cassin reports in the FCPA Blog. See CTFT Press Release.
  3. Hacienda Healthcare is one of the worst corporate governance failures ever. Matt Kelly writes about it in Radical Compliance. Tom and Matt take a deep dive in Episode 113 of Compliance into the Weeds.
  4. Gulnara Karimova charged with conspiracy to commit money laundering in the whooping amount of $866MM. Harry Cassin reports in the FCPA Blog. See DOJ Press Release.
  5. Are consumers the new regulators of global business practices? Richard Young explores in the Navex Global’s Ethics and Compliance Matters
  6. Are Boards getting sufficient information on risk? Kristin Broughton reports in the WSJ Risk and Compliance Journal. Matt Kelly says compliance professionals can help in Navex Global’s Ethics and Compliance Matters.
  7. Is Baker MacKenzie in deep trouble over JBF bribery settlement? Former partner to be deposed over hire of Brazilian prosecutor. Michael Macagnone reports in Law360. The same partner left the firm to join Peirce Bainbridge, Clara Hudson reports in GIR. (sub req’d on both)
  8. Dutch prosecutors have told Shell the company will be criminally indicted over its role in obtain drilling rights in Nigeria. Chloe Taylor reports in CNBC.com.
  9. Jay begins a new role as a Featured Columnist on Corporate Compliance Insights. Check out CCI’s cool new look. (Interview with CCI’s new EIC Sarah Haddon next week).
  10. Rod Rosenstein says farewell to the compliance community. Text of Rosenstein speech here.
  11. Tom returns his periodic podcast series the Opinion Release Papers, with a five-part offering this week. Check out the following: Part 1-Opinion Release 10-03 on charitable donations under the FCPA; Part 2-Opinion Release 10-02 on hiring foreign officials as agents; Part 3– Opinion Release 07-01, travel for foreign officials; Part 4-Opinion Release 07-02, travel for and entertainment of foreign officials; Part 5-Opinion Release 11-01, why should you use the process. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoplyand YouTube. The Compliance Podcast Network is now also on Spotify. It is now also on Corporate Compliance Insights.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
Blog

Day 22 of 30 Days to a Better Compliance Program, the Regional Compliance Committee

The Regional Compliance Committee operationalizes compliance into the Company’s Regional operations where the business operates. This approach follows the Department of Justice mandate, articulated in the Department’s FCPA Pilot Program for companies to move the doing of compliance down into the business of the organization. The make-up of the Regional Compliance Committee, while including legal and compliance representatives, is also populated by representatives from other disciplines within the global organization, which allows a fuller, richer and more holistic approach to compliance advice. It adds a dimension not often seen or even discussed in the compliance profession. The accountability and oversight down to the Regional level and the compliance monitoring, reviewing, assessing and recommending that is deemed to be necessary will provide additional endorsements up through the organization that it is actually doing compliance. The Regional Compliance Committee can provide a unique structure to perform these functions. Key Takeaways

  1. A regional compliance committee can work to drive more efficient and more robust compliance into the region.
  2. All regional leaders should be on the committee.
  3. The regional compliance committee should liaise with other compliance committees.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. The Regional Compliance Committee is uniquely suited to drive compliance down into the fabric and DNA of an organization.  ]]>

Categories
Blog

Day 21 of One Month to More Effective Internal Controls-Revenue Recognition, Internal Controls and Compliance

Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. The amendments become effective for public entities for annual reporting periods beginning after December 15, 2017. In other words, we are now less than six months away from a new Revenue Recognition (“new rev rec”) standard which may significantly impact the compliance profession, compliance programs and compliance practitioners going forward. I visited with Joe Howell, Executive Vice President (EVP) at Workiva Inc. and asked him if he could walk me through some of the key changes and how it might impact compliance going forward. FASB recognized that its revenue recognition requirements around U.S. generally accepted accounting principles (GAAP) differed from those in the International Financial Reporting Standards (IFRS) and that both sets of requirements needed improvement. This led to a project by FASB and the International Accounting Standards Board (IASB) to jointly clarify the principles for recognizing revenue and to develop a common converged revenue standard for GAAP and IFRS. Hence the new rev rec standard. The implementation will be a massive undertaking. According to Howell, “The accounting standard itself is 700 pages long, and in the US accounting literature it replaces over 200 other pieces of accounting guidance on revenue.” The official name is “Revenue from Contracts with Customers” and Howell noted there are “lot of surprises, and the things that is true for almost everybody is that they are going to be facing some level of change in the way they account and report revenue. They will most certainly have to change the way they disclose things related to their revenue. There are, included in the revenue standards, over six pages worth of new disclosure requirements.” One of the key differences in this new rev rec standard is that it requires companies to disclose new information beyond data a company might have been required to release in the past. Howell thinks this will put pressure on auditors “to get comfortable with what the company provided them and which they incorporated into their decision- making process in forming an opinion. For disclosure control this is something quite different, because the auditor’s typically not relying on those.” This will create risks for auditors adjusting to the new rev rec standard because as they learn more about the new standard and apply it going forward into 2018, they may have to revisit prior reporting and revise some of it. The reason this is important to the compliance profession and the compliance practitioner is internal controls over financial reporting involved in implementing this new standard are critical to the effective use of implementation and how you implement. The Securities and Exchange Commission (SEC) has said explicitly in several public statements and through their early comment letters on disclosures made in advance of implementation, that companies must inform the SEC about the accounting policies that they are changing, and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed. Howell believes “The SEC is making it perfectly clear that this is a real compliance issue.” Moreover, the SEC has indicated that these disclosures are central to the new rev rec standard. Howell said, “typically, if a company has some sort of failure in their disclosures for an accounting standard, they’re treated under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules, and that has a level of significance or liability, which is much lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting.” While disclosure of internal controls might not typically bring Section 404 scrutiny, under the new rev rec standard, they may now do so. Howell articulated that usually when performing a financial audit, an auditor would not rely on a disclosure control in the past. However under the new rev rec standard, if there is a change during the year in how an auditor views a disclosure control, it could require them “to go back and either figure out if the audit work that they did is tainted and they need to go back and do that work in the form of a substantive testing, or they need to go back to see if there were mitigating controls that were in place that still allowed them to rely on the internal control processes to get comfortable with what the company provided them and which they incorporated into their decision making process in forming an opinion. For disclosure control this is something quite different, because the auditor’s typically not relying on those.” Of course, this is overlaid on the requirements of effective internal controls under the Foreign Corrupt Practices Act (FCPA) and the lack of any materiality standard. One only need to consider the Wells Fargo fraudulent accounts scandal to see how a lack of materiality does not prevent the types of risk from moving forward to become huge public relations disasters, hundreds of millions of dollars in fines and costs estimated at over $1bn for failures of internal controls. Yet there are other tie-ins into compliance which the compliance practitioner needs to understand and prepare for going forward. The prior rev rec standard was rules based. As a lawyer, that was an approach I was quite comfortable with both from a learning stand point and communicating to business folks. But now the standard is much more judgment based and when a standard is more judgment based, there can be more room for manipulation. Howell explained the response by compliance is “making sure that you have changes in the business processes necessary to gather the information that has not previously been required to continue to monitor; how that information is factoring into the judgements that managers must make as they report their revenue under the new standard; and that those judgements themselves are properly documented.” This final point demonstrates the convergence and overlap between the compliance profession, compliance programs and compliance practitioners going forward. Compliance internal controls are in place to both detect and prevent. Now they can also be used to gather the information which will be presented to auditors under the new rev rec standard. Many professional are focused on the new rev rec from the auditing and implementation perspective. However, if you are a Chief Compliance Officer (CCO), you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.

Three Key Takeaways

  1. An effective system of internal controls provides reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting and compliance.
  2. There are two over-arching requirements for effective internal controls. First, each of the five components are present and function. Second, are the five components operating together in an integrated approach.
  3. For an anti-corruption compliance program you can use the Tem Hallmarks of an Effective Compliance Program as your guide to test against.

For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com. The new FASB rev rec standard has significant implications for the compliance practitioner going forward.]]>