Categories
FCPA Compliance Report

FCPA Compliance Report – The Role of Internal Audit in Export Controls

Welcome to the award-winning FCPA Compliance Report, the longest-running compliance podcast. In this episode, Tom welcomes Jonathan Marks, who discusses the role of internal audit in export control compliance.

Jonathan starts by defining export controls and their significance: regulations governing the export, re-export, and transfer of goods, technology, and services across borders to protect national security and enforce foreign policy. As a Compliance Profession, you should recognize the severe impacts of operational disruptions, supply chain issues, and national security risks resulting from non-compliance, emphasizing the need for comprehensive compliance frameworks. Internal audit responsibilities are expanded, stressing the necessity of robust policies, clear responsibilities, consistent employee training, and thorough risk assessments.

Jonathan discusses practical internal audit strategies, including evaluating high-risk transactions, identifying compliance gaps, and regularly monitoring and testing compliance controls through transaction testing, data analytics, third-party due diligence, and incident response mechanisms. Jonathan underscores the importance of collaboration between internal audit, legal, compliance, and supply chain teams to ensure an integrated and proactive compliance approach, thereby mitigating risks and strengthening corporate governance.

Key highlights:

  • Understanding Export Controls and Compliance
  • Role of Internal Audit in Export Controls
  • Key Areas for Internal Audit Focus
  • Testing and Monitoring Controls

Resources:

Jonathan Marks on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

The Critical Role of Internal Audit in Export Controls Compliance

Export control compliance is a high-stakes area that many companies overlook until it is too late. With regulatory frameworks such as the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), and the Office of Foreign Assets Control (OFAC) sanctions programs, businesses must be vigilant. Internal audits have a key role in ensuring compliance and mitigating the significant risks of violations, ranging from hefty fines and reputational damage to potential debarment from government contracts.

Understanding Export Controls Compliance

Export controls govern the export, re-export, and transfer of goods, technology, and services across borders. They aim to protect national security, enforce foreign policy objectives, and prevent sensitive materials from reaching unauthorized parties.

Key U.S. Export Control Regulations

Several major regulatory frameworks govern export controls in the U.S.:

  • Export Administration Regulations (EAR) – Overseen by the Bureau of Industry and Security (BIS), the EAR covers dual-use goods items with both civilian and military applications.
  • International Traffic in Arms Regulations (ITAR) – Managed by the State Department, ITAR regulates defense-related exports.
  • Office of Foreign Assets Control (OFAC) – OFAC administers sanctions programs that restrict trade with specific countries, entities, and individuals.

Violating these regulations can cause severe legal, financial, and reputational consequences, including multi-billion-dollar penalties and exclusion from government contracting.

The Risks of Noncompliance

Export control noncompliance carries significant risks:

  • Legal and Financial Risks – Companies can face substantial fines, criminal charges, and debarment from government contracts. For some organizations, debarment can be a financial death sentence.
  • Reputational Risk – Failing to comply can lead to reputational damage, including negative press, loss of customer trust, and shareholder worries.
  • Operational Disruptions – Supply chain disruptions and market access restrictions can cripple a business, especially in industries such as aerospace, defense, and technology.
  • National Security Risks – The inadvertent transfer of technology with military applications to unauthorized parties can have serious geopolitical ramifications.
  • Cybersecurity Threats – Controlled data can be exploited to compromise national security if exposed to foreign adversaries.

Internal Audit’s Role in Export Controls Compliance

Given these risks, internal audits must proactively ensure robust compliance frameworks are in place. This includes:

1. Evaluating Compliance Frameworks

A strong compliance framework begins with clearly defined policies and procedures that align with export control regulations. Internal audits should assess whether these guidelines are well-documented, communicated, and consistently enforced across the organization. A key component of compliance is designated ownership, and organizations must assign clear responsibilities for managing export controls and ensuring accountability at every level. Without clear ownership, compliance efforts can become fragmented and ineffective. Additionally, internal audits should evaluate the effectiveness of training programs designed for employees who handle controlled items and data. Training should be comprehensive, regularly updated, and tailored to different roles within the company. Employees must understand their responsibilities, potential red flags, and the legal implications of noncompliance. An ongoing training program strengthens the organization’s culture of compliance and minimizes the risk of accidental violations.

2. Conducting Risk Assessments and Monitoring

Internal audit plays a critical role in identifying and mitigating risks associated with export controls. Auditors should conduct risk assessments to pinpoint high-risk transactions, products, and business units susceptible to violations. These assessments help organizations allocate resources effectively and focus on areas of greatest concern. Compliance gaps can expose organizations to significant risks, making it essential for auditors to assess whether existing controls are sufficient or improvements are needed. In addition, internal audits should monitor red flags that may show potential compliance breaches. Common red flags include shipments to embargoed countries, unusual customer requests related to product specifications or destinations, and sudden changes in routing or documentation. Proactive monitoring allows organizations to detect and address potential violations before they escalate into larger compliance issues.

3. Auditing and Testing Export Controls

Regular audits and testing of export controls are necessary to ensure regulatory compliance. Transaction testing is a fundamental internal audit practice verifying whether export licensing and classification rules are correctly followed. This process helps identify inconsistencies or errors that could lead to compliance failures. Another essential tool is data analytics, which can uncover anomalies in export transactions. Analyzing patterns, trends, and deviations allows auditors to flag suspicious activity and investigate further. However, data analytics is only effective if the organization understands the key risk indicators and integrates them into monitoring systems. Third-party due diligence is crucial in assessing compliance risks within supplier and distributor relationships. Auditors should evaluate whether third-party partners adhere to export regulations and implement adequate controls to prevent illicit activities. Failure to conduct due diligence can expose companies to liability for the actions of their business partners.

4. Strengthening Incident Response and Investigations

A strong incident response mechanism is a cornerstone of an effective export controls compliance program. Internal audits should evaluate whether the company has robust reporting mechanisms encouraging employees to report potential violations. A well-structured reporting system, such as an anonymous hotline, can help organizations detect issues early and address them promptly. Investigations must be handled efficiently, with a structured approach for triaging allegations and determining their severity. Internal audits should assess whether the organization follows best practices in conducting investigations and whether findings are documented appropriately. Corrective actions are another critical component—compliance gaps identified during investigations must be addressed promptly to prevent recurrence. Internal audits should ensure that corrective actions are implemented effectively and lead to lasting improvements in compliance practices.

5. Collaborating with Legal, Compliance, and Supply Chain Teams

Export compliance is a cross-functional responsibility, requiring collaboration between internal audit, legal, compliance, and supply chain teams. Internal audit should work closely with these departments to develop an integrated approach to managing export risks. Strong partnerships improve transparency and facilitate open communication, essential for identifying and addressing compliance challenges. Legal and compliance teams provide expertise on regulatory requirements, while supply chain teams play a crucial role in tracking the movement of controlled goods. Internal audits should ensure that all stakeholders are aligned in their efforts and that compliance initiatives are well-coordinated. Internal audits can enhance monitoring mechanisms by ensuring that information-sharing processes are efficient and potential compliance risks are escalated appropriately. A collaborative approach strengthens the organization’s overall compliance posture and minimizes regulatory exposure.

Red Flags That Demand Further Scrutiny

Export control violations often result from either negligence or intentional circumvention of regulations. Key warning signs include last-minute changes to product specifications, especially if such modifications appear designed to bypass regulatory restrictions. Altered shipment destinations should also raise concerns, particularly those involving high-risk or embargoed countries. Requests to route shipments through third countries may signal attempts to evade sanctions, while unusual payment methods or routing through non-traditional banks can indicate illicit activities. These red flags necessitate heightened due diligence and should be promptly escalated for further investigation. A proactive compliance approach that integrates continuous monitoring, effective auditing, and cross-department collaboration is essential in mitigating these risks and ensuring adherence to export control regulations.

Export control compliance is not just a regulatory obligation but a fundamental aspect of risk management and corporate integrity. Organizations that prioritize compliance through robust frameworks, continuous risk assessments, and proactive internal audit functions can avoid costly penalties and reputational damage. By fostering collaboration across departments and maintaining vigilance against red flags, companies can strengthen their compliance posture and build trust with regulators, partners, and customers. A proactive and integrated approach to export control compliance ensures business continuity and long-term success in an increasingly complex global trade environment.

Categories
Everything Compliance

Everything Compliance: Episode 150, The Musk On Edition

Welcome to this edition of the award-winning Everything Compliance. In this episode, Matt Kelly, Jonathan Armstrong, Jonathan Marks, Karen Woody, and Karen Moore join the full gang to examine various issues for compliance professionals under the incoming administration.

  1. Jonathan Armstrong looks at the car crash coming for DeepSeek in the EU. He shouts out to Peter Mandelson, the new UK Ambassador to the United States.
  2. Karen Moore looks at the reframing of DEI. She shouts out about the film on September 5.
  3. Matt Kelly considers the Bondi Memo on changes in DOJ enforcement focus and mentions Alexei Navalny’s memoir.
  4. Karen Woody examines the new SEC Crypto Taskforce and mentions the award-winning play Hadestown.
  5. Jonathan Marks provides a tutorial on the role of internal audit on export controls. He also shouts out to his hometown team, the Philadelphia Eagles (now the Super Bowl-winning Philadelphia Eagles).
  6. Tom Fox shouts out to (conspiracy) Bill Simmons for opining that the Dallas Maverick’s trade of Luka Doncic was a ploy to force the state of Texas to allow gambling in this state.

The members of Everything Compliance are:

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, by clicking here.

Categories
Blog

Auditors and Compliance: Part 2 – Ten Key Takeaways for Compliance Professionals

The PCAOB’s recent information release, SPOTLIGHT Auditor Responsibilities for Detecting, Evaluating, and Making  Communications About Illegal Acts, is a critical guide for compliance professionals. The SPOTLIGHT sets out the role of auditors in assessing a company’s compliance with laws and regulations, particularly how auditors must identify, evaluate, and communicate potential illegal acts. However, for compliance officers, the SPOTLIGHT highlights areas where compliance and audit functions intersect and emphasizes collaboration’s importance to maintaining regulatory adherence and upholding financial integrity. Yesterday, we reviewed the roles and duties assigned to auditors. Today, we will dive into the 10 key takeaways for compliance professionals, outlining what they need to know to align their efforts with audit processes and effectively support their organization’s commitment to compliance.

  • Understand the Auditor’s Role in Identifying Illegal Acts

Auditors have a duty to detect and evaluate illegal acts that could materially impact a company’s financial statements. This includes assessing the potential effect of any illegal activity on the company’s financials and reporting these issues to management, the audit committee, and sometimes to the SEC. Compliance professionals need to understand this role to support auditors in fulfilling these obligations, especially by maintaining a strong compliance program that actively monitors regulatory adherence. Compliance should ensure that internal policies align with PCAOB standards and legal requirements, helping auditors conduct a thorough risk assessment as part of their evaluation.

  • Maintain Transparent and Open Communication Channels

Transparency and open communication are vital for a successful compliance-audit relationship. Auditors depend on information from management, the audit committee, and legal counsel to identify and evaluate potential violations. Compliance professionals should facilitate open communication with auditors and provide timely access to relevant information. This includes documentation from internal investigations, responses to auditor inquiries, and any corrective actions taken to address potential illegal acts. Proactively sharing information about compliance efforts demonstrates a commitment to ethical practices and supports auditors’ work to provide an accurate assessment of the company’s financial statements.

  • Foster a Strong Internal Reporting Culture

Auditors must inquire about complaints and tips, including those from whistleblower programs. For compliance professionals, this highlights the importance of fostering an internal reporting culture where employees feel safe raising concerns. A robust whistleblower program and other internal reporting mechanisms help identify potential illegal acts early, allowing the company to take action before issues escalate. Compliance teams should ensure employees know how to report concerns confidentially and clearly communicate that the company prohibits retaliation against whistleblowers. This can help create a steady pipeline of information that aids both compliance and audit functions in proactively addressing potential issues.

  • Document Document Document

Thorough documentation is crucial in every compliance arena, whether regulatory reporting, high-value transactions, or industry-specific regulations. (The Tom Fox Mantra Document Document Document.) Compliance professionals should maintain clear records of all compliance activities, internal investigations, and responses to auditor inquiries. By providing auditors with well-documented information, companies can help auditors assess whether any potential illegal acts are isolated incidents or indicative of broader compliance concerns. Such documentation facilitates the audit process and demonstrates to regulators a serious commitment to compliance.

  • Prioritize High-Risk Areas with Targeted Monitoring

Auditors focus on high-risk areas in their evaluations, such as transactions or activities with greater potential for legal violations. Compliance professionals should proactively monitor these high-risk areas to detect and mitigate issues before they escalate. For instance, compliance in industries with high regulatory scrutiny should ensure that the organization adheres to all industry-specific legal requirements. Regularly evaluating high-risk areas through targeted monitoring helps create a solid foundation for internal and external financial statement audits, reducing the chance of undetected illegal acts.

  • Be Prepared to Act on Auditor Findings Promptly

When auditors identify potential illegal acts, it is essential for compliance to respond swiftly and decisively. This involves conducting a thorough internal investigation and determining any required disclosures or corrective actions. From there, you should perform a Root Cause Analysis and then proactively address any concerns from auditors to help the organization maintain transparency and avoid further regulatory scrutiny. A prompt response strengthens the relationship between the compliance and audit functions and demonstrates to auditors and regulators a proactive approach to managing and mitigating compliance risks.

  • Strengthen Leadership’s Commitment to Compliance

The PCAOB emphasizes the importance of a “tone at the top” in its guidance, noting that auditors consider a company’s commitment to compliance when assessing potential illegal acts. Compliance teams should work with executive leadership to promote a strong culture of ethics and compliance, as this can significantly impact employee behavior and organizational practices. A commitment to compliance at the leadership level signals to employees that ethical conduct is a priority, supporting the organization’s overall compliance efforts. When leadership promotes compliance, employees are more likely to report concerns, and auditors can rely on the company’s internal controls and integrity.

  • Prepare for Potential Notification

If auditors discover a material illegal act and management fails to take appropriate action, the auditor may be required to notify the SEC or DOJ. For compliance professionals, this highlights the importance of swift and transparent responses to any findings of illegal activity. Working closely with auditors to address material findings and avoid potential SEC/DOJ notification is crucial. When the compliance function demonstrates a proactive approach to addressing auditor findings, it helps maintain the organization’s reputation, strengthens auditor relationships, and reduces the likelihood of regulatory intervention.

  • Regularly Review and Update Compliance Training

Auditors also assess a company’s internal compliance functions, including how well employees understand and adhere to compliance obligations. Regular compliance training ensures that employees are informed about identifying and reporting illegal acts, understand whistleblower protections, and know the resources available to them. Compliance professionals should review and update training programs frequently to address any changes in laws or regulations and any emerging risks specific to the company’s industry. Effective training reinforces employees’ commitment to ethical behavior and supports the company’s internal controls, bolstering the compliance-audit relationship.

  • Emphasize Materiality Assessments in Compliance Evaluations

When auditors evaluate the impact of illegal acts, they consider both quantitative and qualitative materiality. Compliance teams should adopt a similar approach when assessing potential violations. For instance, even a small illegal payment could be material if it raises ethical concerns or results in contingent liabilities. By considering potential violations’ financial and reputational implications, compliance teams can better assess the materiality of issues and take appropriate corrective action. This approach aligns with auditor standards and helps create a thorough and effective compliance environment.

Strengthening Compliance and Audit Collaboration

The PCAOB’s guidance reminds compliance professionals that a proactive approach to detecting, evaluating, and addressing potential illegal acts is essential. By understanding the auditor’s role and aligning compliance practices with PCAOB and SEC standards, compliance teams can effectively support auditors and contribute to a thorough evaluation of the organization’s adherence to laws and regulations.

A corporate compliance function plays a crucial role in creating a transparent, accountable organization where employees feel empowered to raise concerns and management responds promptly to address potential issues. Strong compliance-audit collaboration enables companies to build trust with regulators and stakeholders, demonstrating a commitment to ethical business practices. By implementing these takeaways and fostering a culture of compliance, companies can better navigate regulatory requirements and mitigate the risk of material misstatements or regulatory penalties, upholding the integrity of their financial statements and safeguarding their reputation in an increasingly scrutinized environment.

Categories
Blog

Auditors and Compliance: Part 1 – Auditors and Illegal Acts

Regarding compliance, one area that requires heightened attention is the role of auditors in detecting, evaluating, and communicating illegal acts. Recently, the PCAOB issued a document entitled SPOTLIGHT Auditor Responsibilities for Detecting, Evaluating, and Making  Communications About Illegal Acts. It outlines public auditors’ responsibilities when assessing a company’s compliance with laws and regulations. These responsibilities have far-reaching implications for corporate compliance professionals, as they directly influence how auditors evaluate and report on potential illegal acts that can impact financial statements and overall corporate integrity.

Over the next couple of blog posts, I will review this  SPOTLIGHT. In today’s blog post, we will unpack the auditor’s responsibilities for a compliance program, including the steps for identifying illegal acts, the evaluation process, and the requirements for reporting findings to management, audit committees, and possibly the SEC. Tomorrow, I will set out 10 key takeaways for the compliance professional regarding their role in interacting with auditors for compliance regimes.

Detecting Illegal Acts: A Critical Component of the Audit Process

Auditors must design and execute procedures that ensure reasonable assurance of detecting illegal acts that could materially affect a company’s financial statements. This duty is rooted in federal securities laws, specifically Section 10A of the Securities Exchange Act of 1934, which mandates that auditors remain vigilant to possible violations of laws and regulations during audits.

Detecting illegal acts is more than due diligence—it’s essential to safeguarding shareholder interests and preserving the integrity of financial markets. This underscores the importance of robust systems that actively monitor and report on regulatory adherence across business operations for compliance officers.

Auditors rely on multiple techniques and resources to identify potential illegal acts, such as:

  • Inquiries-They often begin by questioning management, the audit committee, and internal or external legal counsel.
  • Document Review-Auditors frequently review board minutes, regulatory correspondence, SEC filings, legal counsel letters, and other corporate documents that could reveal legal non-compliance.
  • Risk Assessments-Auditors must understand the company’s industry, regulatory environment, and external factors that could signal legal risks. This assessment helps them target high-risk areas where violations are more likely.

Auditors also investigate complaints and tips, including those from internal whistleblower programs. They may examine unusual transactions or related-party dealings that could indicate red flags. For compliance professionals, it’s crucial to maintain open channels for employees to report concerns without fear of retaliation and promptly address any issues flagged by auditors or internal investigations.

Evaluating Potential Illegal Acts: Procedures and Standards

Once an auditor becomes aware of a possible illegal act, they must determine whether it could materially impact the company’s financial statements. This evaluation requires auditors to understand the incident’s nature and context, often involving management and sometimes higher-level personnel who can provide insight into the situation.

The PCAOB standards and Section 10A mandate that auditors not only detect but also evaluate the likelihood that an illegal act has occurred. Here’s how they proceed:

  1. Gathering Evidence. Auditors may examine relevant documents—such as invoices, contracts, and payment records—to verify the facts surrounding the incident. They might also consult the auditing firm’s legal counsel or senior personnel for additional perspectives.
  2. Materiality Assessment. Materiality is a cornerstone of evaluating illegal acts. Auditors assess whether the potential violation is significant enough to warrant disclosure, focusing on quantitative and qualitative factors. For example, a small illegal payment may be deemed material if it could result in contingent liabilities or raise ethical concerns that affect the company’s reputation.
  3. Assessing Impact on Financial Statements. Auditors must evaluate how the illegal act impacts financial statement amounts, including the need for possible contingent liabilities, fines, or penalties. If senior management is implicated, this raises additional questions about the reliability of other information provided by the company.

This underscores the importance for compliance teams to maintain clear documentation and open communication channels with auditors. Keeping a well-documented trail of internal investigations, responses to auditor inquiries, and corrective actions can help ensure that potential illegal acts are evaluated accurately and comprehensively.

Communicating Illegal Acts: Auditor Obligations for Disclosure

Auditors have specific obligations to communicate illegal acts that come to their attention. The PCAOB and Section 10A set out requirements for notifying management, the audit committee, and, in some cases, the SEC. Here is what companies need to know:

  • Communication with Management and the Audit Committee. If an auditor identifies an illegal act, they must inform the appropriate management level and ensure that the audit committee is aware. This notification must occur as soon as possible before issuing the auditor’s report. The goal is to allow management and the audit committee to take corrective action and disclose any potential impacts to shareholders.
  • Reporting to the Board and the SEC. If the illegal act is deemed material and management fails to take timely and appropriate action, the auditor has a duty to report to the company’s board of directors. Under Section 10A, the auditor must notify the SEC if the board fails to remedy the situation within a specified timeframe. This step underscores the importance of accountability in corporate governance and compliance, as it introduces potential regulatory consequences for inaction.
  • Impact on Auditor Opinion. The auditor may issue a qualified or adverse opinion if the illegal act materially affects the financial statements and is not adequately disclosed or corrected. In cases where the auditor cannot obtain sufficient evidence to assess the impact of the illegal act, they may even disclaim an opinion. In extreme cases, the auditor may consider resigning from the engagement if the company does not take appropriate remedial actions.

This means that prompt and transparent responses to potential illegal acts are crucial for companies. Failing to address issues raised by auditors can lead to negative audit opinions, regulatory investigations, and significant reputational damage.

Strengthening Compliance Programs to Address Auditor Requirements

The PCAOB’s recent guidance emphasizes robust compliance programs’ role in facilitating audits and managing risks related to illegal acts. Compliance professionals should take the following steps to align their programs with PCAOB and SEC expectations:

  1. Develop Clear Policies and Reporting Mechanisms. Ensure that your compliance policies explicitly address legal requirements relevant to your industry and geographic region. Implement reporting mechanisms that allow employees to raise concerns anonymously, fostering a culture of transparency and accountability.
  2. Conduct Regular Risk Assessments. Just as auditors assess risk during their engagements, compliance teams should regularly evaluate areas prone to legal violations. High-risk areas like financial transactions, related-party dealings, and regulatory filings should be monitored closely.
  3. Provide Comprehensive Training. Equip employees with the knowledge to identify and report illegal acts. Include training on whistleblower protections and internal reporting mechanisms, ensuring all employees understand their role in upholding legal and ethical standards.
  4. Enhance Documentation and Transparency. Documenting compliance efforts is crucial, especially for areas that could attract auditor scrutiny. Keep detailed records of internal investigations, management’s responses to auditor inquiries, and any corrective actions to address potential violations.
  5. Establish a Strong Tone at the Top. Finally, fostering a culture of compliance begins with leadership. Management should demonstrate a clear commitment to legal and ethical standards, providing resources and support to compliance teams. When leadership prioritizes compliance, employees are more likely to report concerns, which can ultimately prevent illegal acts from going undetected.

The Path Forward

The PCAOB’s SPOTLIGHT is a valuable checkpoint for companies to evaluate their internal controls and compliance programs. Auditors play a vital role in identifying illegal acts, but the responsibility for maintaining legal compliance ultimately rests with the company. Companies can navigate this complex landscape and mitigate the risk of material misstatements or regulatory penalties by implementing a strong compliance program, fostering transparency, and responding promptly to auditor inquiries.

The bottom line? Even under the incoming second Trump Administration, a proactive approach to compliance is not simply best practice; it is an essential core of doing business ethically and in compliance. Compliance professionals should work closely with auditors, ensuring the company is prepared to detect, evaluate, and address any potential legal issues that could impact financial reporting. The goal is a collaborative effort where compliance and audit functions work together to uphold the integrity of the financial statements and the trust of stakeholders.

Join us tomorrow, where we will consider the 10 key takeaways for compliance professionals from SPOTLIGHT.

Categories
Blog

Leveraging Machine Learning with the Right Internal Audit Solution

Visitors face an ever-expanding landscape of challenges and opportunities in today’s world. Machine learning (ML) represents a transformative force, offering new ways to enhance audit quality, efficiency, and insight. But how can internal auditors effectively integrate this technology into their workflows? The key lies in choosing the right internal audit solution that seamlessly incorporates ML capabilities, ensuring auditors are equipped to tackle today’s complexities while preparing for tomorrow’s challenges.

Machine learning (ML) is a subset of artificial intelligence that focuses on developing systems that can learn from and make decisions based on data. In internal auditing, ML can automate repetitive tasks, identify patterns in large datasets, and even predict future trends. This not only speeds up the audit process but also enhances the accuracy and depth of audit insights.

Key Applications of Machine Learning in Internal Audits:

  • Risk Assessment: ML algorithms can analyze vast amounts of data to identify risk patterns and anomalies, helping auditors focus on areas with the highest risk.
  • Control Testing: Automated ML tools can test controls more frequently and thoroughly than manual processes, increasing the likelihood of detecting control failures.
  • Fraud Detection: ML can help predict and identify fraudulent activities based on historical audit data, thereby reducing potential losses.
  • Predictive Analytics: ML can forecast potential non-compliances or areas where controls might fail, allowing auditors to be proactive rather than reactive.

Selecting the right software solution is crucial when integrating ML into internal auditing. There are some critical factors to consider. The ML-powered audit solution must seamlessly integrate with IT infrastructure and data systems. This integration ensures auditors can leverage ML capabilities without disrupting existing workflows or data integrity. As organizations grow and data volumes increase, the ML solution should be able to scale accordingly. This includes handling more extensive datasets and adapting to new audits and compliance requirements.

ML can be complex, but the user interface of the audit solution should be different. A user-friendly interface that simplifies complex processes allows auditors to utilize ML features effectively without needing specialized training. Your chosen solution should offer advanced data analytics features, including data visualization tools, which help auditors make sense of the patterns and anomalies detected by ML algorithms. These tools are crucial for translating ML insights into actionable audit decisions. Any ML solution must comply with relevant data protection regulations, such as GDPR in the European Union or HIPAA in the United States. Additionally, the solution should have robust security measures to protect sensitive audit data from unauthorized access or breaches.

If there is one overlap between ML and traditional internal audit, it is that solutions for internal audit are not static, and ML is no different. ML continuously learns from new data and auditing experiences. This capability ensures that the system evolves and improves its accuracy and effectiveness. Finally, tech support is critical, especially when deploying complex technologies like ML. The right solution provider should offer comprehensive support and training, helping audit teams fully understand and leverage ML capabilities.

Successfully implementing an ML-powered audit solution involves more than just selecting the right software; you should have a planned strategy for an effective implementation. Some strategies for effective implementation include engaging relevant stakeholders early in the process, including IT, compliance, and executive teams, to ensure alignment and address any concerns. Test before implementation so that pilot tests of the ML solution can be conducted in specific audit areas before a full rollout. This helps identify any issues and refine the system for better performance. Training on any new system is critical, especially with an advanced ML solution. You should provide extensive training and support to audit staff to help them adapt to the latest tools and processes.  But as with any new rollout, it does not stop with implementation, as there should be continuous monitoring and continuous improvement as warranted.  Change management practices can facilitate a smoother transition and higher adoption rates.

As the complexity of business environments and regulations continues to grow, the role of internal audit becomes increasingly critical. Leveraging machine learning within audit solutions offers a path forward to keep pace with these changes and stay ahead of them. By choosing the right ML-powered internal audit solution and implementing it thoughtfully, audit departments can transform operations, delivering more value and stronger organizational compliance. The future of internal auditing is not just about adapting to changes—it’s about leading the charge with innovation and insight.

Categories
FCPA Compliance Report

FCPA Compliance Report: Adrienne Bellehumeur on Design – Centric Approaches to Internal Controls

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.

In this edition of the FCPA Compliance Report, Tom Fox welcomes back Adrienne Bellehumeur, a chartered accountant and expert in internal controls and documentation.

Adrienne discusses her recent article on design-centric internal control and emphasizes the importance of focusing on design as the foundation for effective control programs. She outlines five key principles for improving control design and details her approach to challenging processes and governance systems. The conversation also touches on the necessity of continuously updating controls to adapt to evolving business and regulatory environments.

Adrienne shares tips on fostering better design through workshops, effective interviewing, and continuous improvement, while also addressing new developments such as AI and ESG. The episode finishes with insights into how internal controls can support whistleblower programs and the importance of back-to-basics documentation and information management.

Highlights in this Episode:

  • Professional Background
  • Design-Centric Approach to Internal Controls
  • Challenges and Importance of Good Design
  • Principles for Improving Control Design
  • Back to Basics: Adapting to New Business Developments
  • Whistleblower Programs and Internal Controls

 Resources:

Adrienne Bellehumeur on LinkedIn

Risk Oversight

New Approaches to Control Design

Tom Fox

Instagram

Facebook

YouTube

Categories
Compliance Into the Weeds

Compliance Into The Weeds: The SAP Foreign Corrupt Practices Act Enforcement Action

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the recent Foreign Corrupt Practices Act (FCPA) enforcement action involving the ERP software giant SAP.

The recent $220 million fine imposed on German software giant SAP for violations of the FCPA underscores the critical role of internal audits in maintaining corporate compliance. Despite having a comprehensive FCPA compliance program, SAP’s lack of control over its subsidiaries led to bribery activities, a situation that Tom and Matt believe could have been prevented with a robust internal audit function. Fox emphasized the need for strong internal audits to identify and address issues within different parts of an organization. Similarly, Kelly underscored the importance of internal audits in identifying and rectifying control lapses. To delve deeper into this topic and understand the implications of the SAP case, join Tom Fox and Matt Kelly on this episode of Compliance into the Weeds. 

Key Highlights:

  • The bribery schemes and geographic scope
  • What is culture?
  • Third parties and corruption risks
  • The fine and penalty
  • The comeback
  • Lessons learned for the compliance professional

Resources:

Matt on Radical Compliance

Tom 

Tom on the FCPA Compliance and Ethics Blog

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
FCPA Compliance Report

FCPA Compliance Report – Frank Orlowski on Navigating Challenges in Operating in Emerging Markets

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Frank Orlowski.

Frank Orlowski is a seasoned professional with a wealth of experience in managing emerging markets in the pharmaceutical industry, having spent over 25 years at Pfizer Pharmaceuticals. His extensive knowledge, particularly in South America, Middle East Asia, and Eastern Europe, where he faced difficulties in compliance, controls, and adhering to US accounting regulations, has shaped his perspective on managing emerging markets. Orlowski emphasizes the importance of understanding different cultures, regulations, and geopolitical issues when working in these markets. After retiring from Pfizer, he founded the Ation Advisory Group, where he leverages his expertise to assist companies in commercializing products in the life science industry. Join Tom Fox and Frank Orlowski on this episode of the FCPA Compliance Report podcast to gain more insights into managing emerging markets in the pharmaceutical industry.

Key Highlight:

  • Frank Orlowski’s Global Financial Expertise
  • Navigating Unique Obstacles in Emerging Markets
  • Navigating Cultural Differences in Emerging Market Compliance
  • Creative Employee Rewards and Engagement Strategies
  • Enhancing Healthcare Through Medtech Innovations
  • The Integrated Legal Division at Pfizer

Resources:

Frank Orlowski on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Sunday Book Review

Sunday Book Review: August 27, 2023 The Internal Audit Edition

In the Sunday Book Review, I consider books that would interest the compliance professional, the business executive or anyone who might be curious. It could be books about business, compliance, history, leadership, current events or anything else that might interest me. In today’s edition of the Sunday Book Review, I continue my summer exploration of books on crime. Today, look at some of the top books on auditing, both for the audit professional and the compliance professional.