
Great Structures Week III – The Roman Arch and Resourcing Your Compliance Program

I continue my Great Structures Week with focus on structural engineering innovations from ancient Rome. I am drawing these posts from The Teaching Company course, “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler who said “When I think of Rome, the first image that comes to mind is an arch.” It is present in aqueducts, in the triumphal arches that adorn the city of Rome, in the city gates and even in the Coliseum.

The arch was a major engineering advancement because the prior method for traversing horizontal distance was the beam, which was limited in its use. Ressler notes “because the arch carries its load entirely in compression, its span isn’t limited by the tensile strength of the material, the size of its stones, and it can span greater distances which might be conceived of with stone beams”. The arch itself has two essential characteristics. First it carries an entire load in compression, that is it counter-balances against itself, which allows for construction using the most basic building materials known in the ancient world: stone, brick and concrete.

Yet the second characteristic of the arch is equally significant. An arch requires “both vertical and horizontal reactions to carry a load. The downward load of the arch is balanced by an upward reaction from the base”. Both the Arch of Titus and Pont du Gard aqueduct are still standing and can be seen today as magnificent examples of this Roman innovation.

I wanted to use the dual load system whereby an arch supports not only great weight but also esthetic engineering designs to discuss how a Chief Compliance Officer (CCO) or compliance practitioner might develop resources to implement a best practice anti-corruption compliance program under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery law. Funding of a compliance program is always one of the biggest challenges. Short of being in the middle of a worldwide FCPA, UK Bribery Act or other anti-corruption investigation, you are never going to receive all the funding you want or even think that you are going to need.

However, this corporate reality is not going to save you if the government comes knocking. The FCPA Resource Guide 2nd edition, provides the following, “Moreover, the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

Stephen Martin, CCO at  Skillsoft, often says that an inquiry a prosecutor might make is along the lines of the following. First what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), the next inquiry would be, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. Then the KO punch question would be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, most companies spent far more on Post-It Notes than they were willing to invest into their compliance program.

However this corporate reality will allow you to look to other areas to assist the compliance function. An obvious starting place is Human Resources (HR). There are several areas in which HR can bring expertise and, in my experience, enthusiasm to the compliance function. Some of the reasons include the fact that HR is physically located at or touches every site in the company, globally. HR is generally seen as more approachable than many other departments in a company, unfortunately including compliance. A person’s first touch point with a company is often HR in the interview process. If not in the interview process, it is certainly true after a hire is made. Use this approachability.

HR has several key areas of expertise, such as in discrimination and harassment. But beyond this expertise, HR also has direct accountability for these areas. It does not take a very long or large step to expand this expertise into assistance for compliance. HR often is on the front line for hotline intake and responses. These initial responses may include triage of the compliant and investigations. With some additional training, you can create a supplemental investigation team for the compliance department.

Clearly HR puts on training. By ‘training the trainers’ on compliance you may well create an additional training force for your compliance department. HR can also give compliance advice on the style and tone of training. This is where the things that might work and even be legally mandated in Texas may not work in other areas of the globe; advice can be of great assistance. But more than just putting on the training, HR often maintains employee records of training certifications, certifications to your company’s Code of Conduct and compliance requirements. This can be the document repository for the Document, Document, and Document portion of your compliance program.

Internal Audit is another function that you may want to look at for assistance. Obviously, Internal Audit should have access to your company’s accounting systems. This can enable them to pull data for ongoing monitoring. This may allow you to move towards continuous controls monitoring, on an internal basis. Similarly, one of the areas of core competency of Internal Audit should also be internal controls. You can have Internal Audit assist in a gap analysis to understand what internal controls your company might be missing.

Just as this corporate function’s name implies, Internal Audit routinely performs internal audits of a company. You can use this routine job duty to assist compliance. There will be an existing audit schedule and you can provide some standard compliance issues to be on each audit. Further, compliance risks can also be evaluated in this process. Similar to the audit function are investigations. With some additional training, Internal Audit should be able to assist the compliance function to carry out or participate in internal compliance investigations. Lastly, Internal Audit should be able to assist the compliance function to improve controls following investigations.

A corporate IT department has several functions that can assist compliance. First and foremost, IT controls IT equipment and access to data. This can help you to facilitate investigations by giving you (1) access to email and (2) access to databases within the company. Similar to the above functions, IT will be a policy owner as the subject matter expert (SME) so you can turn to them for any of your compliance program requirements, which may need a policy that touches on these areas. The final consideration for IT assistance is in the area of internal corporate communication. IT enables communications within a company. You can use IT to aid in your internal company intranet, online training, newsletters or the often mentioned ‘compliance reminders’ discussed in the Morgan Stanley Declination.

Finally, do not forget your business teams. You can embed a compliance champion in all divisions and functions around the company. You can take this a step further by placing a Facility Compliance Officer at every site or location where you might have a large facility or corporate presence. Such local assets can provide feedback for new policies to let you know if they do not they make sense. In some new environments, a policy may not work. If your company uses SAP and you make an acquisition of an entity which does not use this ERP system, your internal policy may need to be modified or amended. A business unit asset can also help to provide a push for training and communications to others similarly situated. One thing that local compliance champions can assist with is helping to set up and coordinate personnel for interviews of employees. This is an often over-looked function but it facilitates local coordination, which is always easier than from the corporate office.

All of these other corporate functions can greatly assist you in the actual doing of compliance. Moreover, in a resource-constrained environment, these other corporate disciplines can be used to strengthen your compliance program, in a manner similar to vertical and transverse integration of structural integrity presented in an arch. Finally, just as the arch utilized some of the most basic construction elements in existence, by using the other corporate disciplines, engaging in precisely their corporate functions, you can create a strong foundation in your compliance program going forward.

Join us tomorrow where we look at the intersection of Gothic Cathedrals and compliance incentives.

Everything Compliance

Episode 104 – the Back to School Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In 2021, Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jonathan Marks, Jonathan Armstrong, Jay Rosen and Matt Kelly on a variety of topics. We conclude with our fan Shout Outs and Rants section.

1. Jay Rosen looks at a recent report about the number and quality of SEC whistleblower awards.  Rosen shouts out to scientists who are trying to create Oxygen from CO2 so that life can exist on Mars.

2. Matt Kelly discusses the Mudge whistleblower allegations regarding Twitter.  Kelly shouts out to NASA engineers who scrubbed the space shuttle launch due to safety concerns.

3. Jonathan Marks considers the role of internal audit in M&A work specifically and how the Board should utilize internal audit more generally. Marks shouts out the 30the anniversary of the US Sentencing Guidelines.

4. Tom Fox shouts out the American League leading Houston Astros.

5. Jonathan Armstrong looks at the newly released Lloyd’s regulations around denial of coverage for cyber-attacks made by foreign governments and state actors. He shouts out to the British television show “Have I Got News” for skewering Boris Johnson with his own words.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at Everything Compliance is a part of the Compliance Podcast Network.

FCPA Compliance Report

Claire Worledge on Data Analytic Secrets

In this episode of the FCPA Compliance Report I visit with Claire Worledge. Claire is an internal auditor by professional training. She is the author of Data Analytic Secrets. We visit about her book and her work to bring greater visibility to data analytics to the internal audit profession and the wider compliance profession. Some of the highlights include:
What is data visualization?
What do you see as the role of data analytics in internal audit?
Why Claire wrote Data Analytic Secrets  and the audience for the book.
How can data analytics and visualization be used in fraud prevention?
How about anti-corruption/anti-bribery programs?
How can internal audit be best used in an anti-corruption/anti-bribery program?
What is the intersection of internal audit and internal control?
Claire Worledge on LinkedIn
Aufinia website

Innovation in Compliance

The Data Confident Internal Auditor with Yusuf Moolla

Tom Fox welcomes Yusuf Moolla on this episode of the Innovation in Compliance Podcast. Yusuf is a Director at Risk Insights, co-cost of The Assurance Show Podcast, and co-author of The Data Confident Internal Auditor. He joins Tom to talk about how compliance professionals can utilize data analytics, data governance, and internal auditing.

Best Approaches To Data
The easiest way to approach data, Yusuf suggests, is to think about it as another form of evidence. “Over the years we’ve collected lots of manual documents as evidence…Data is just another piece of evidence,” he tells Tom. Data can be used by anybody, and it is very simple to do so. Currently, there has been an emergence of open-source tools to process data which has made it easier and cheaper for individuals. These open source tools have made it safer as well, as there are options to look into the source code for digital traps. Visualization is another approach to data that individuals can utilize. While relatively new, being able to visualize techniques both in terms of exploring and explaining data is becoming something that is gaining traction in the data analytics world. 
Internal Auditing Approaches
Yusuf explains to Tom that there are four main data approaches to consider when doing internal audits:

  • Data being used purely for reporting
  • The data-driven approach where the data does the talking
  • The process-focused approach
  • The hypothesis-focused approach

There are similarities between the process and hypothesis approaches. The process-focused approach has been the traditional way of doing audits. Over the years, however, it’s become less about how the process is done to achieve the intended result; it’s now about what the auditing result is. “So it’s not about looking at whether a process actually works the way that it’s been designed, it’s about looking at whether the process is working in the way in which it’s intended to be able to achieve its outcome,” Yusuf adds. 
Data Governance in Auditing
Making sure that data doesn’t fall into the wrong hands as an auditor is one of the main facets of data governance. It is a very basic and traditional approach, but over the years professionals have been implementing it in an overzealous way. This can hinder the ability to create value through data. Yusuf suggests a slight reverse approach where everyone has access to data unless there is a specific reason for them not to. “We want to keep a range of data elements secure, but others we want to open up,” Yusuf tells Tom. 
A Look Ahead
Tom asks Yusuf what the future of data analytics, data governance, and internal auditing will look like in the coming years. Yusuf explains that there will be a greater use of data science, and a greater use of data within internal audit without the need for data scientists and specialists. More practitioners will be getting into, and understanding IT, and more people will be using data for themselves. This will free the data scientists from the more mundane tasks, so they will have time to dedicate to the more advanced techniques. The same would apply for compliance as well. 
Yusuf Moolla | LinkedIn
Risk Insights
The Assurance Show
The Data Confident Internal Auditor

Jamming with Jason

Tools of the Trade

In this #jammingwithjason #podcast episode we are talking tools, and even Tim “the Tool Man” Taylor from Home Improvement would be proud of all the tool references.
But the tools you need to be successful now are not circular saws, hammers, or screwdrivers. They are the mental, emotional, and even spiritual tools to help you navigate the ups and downs of life and keep you from experiencing the fear, anxiety and stress so many people feel since they don’t have these tools in their tool box.
If you are an audit leader, you should seriously consider joining the Audit Leader Forum, so you have access to tools of the trade to help you in any challenging situation. The ONLY program to give you the tools to become a successful, confident leader for a modern audit team. Learn more at:
#internalaudit #leadership
Listen in at:

Jamming with Jason

Modern Leader Skills

You probably already know how much harder it is now to be a leader. What used to work, doesn’t work so well now, and you may find yourself feeling more isolated, having difficult conversations with your peers and co-workers, and feeling a lot more stressed.
Chances are you may be still using traditional leader skills and haven’t switched yet to more effective modern skills.
In this #jammingwithjason #podcast episode we discuss some of the new skills you need to be successful in this brave new world of working remotely under a new workplace culture, so you don’t risk becoming a burned out dinosaur.
If you are an audit leader, you should seriously consider joining the Audit Leader Forum, so you have access to these modern skills. The ONLY program to give you the tools to become a successful, confident leader for a modern audit team. Learn more at:
#internalaudit #leadership
Listen in at:

Jamming with Jason

Taking the Opportunity of a Lifetime with Rashelle Herrera

What can happen when you are committed to investing in your growth, and you have a fire to learn? You can speed up your career by years.
But don’t take my word for it, listen to this #jammingwithjason #podcast episode and hear a real life case study of what Rashelle Herrera has been able to accomplish in less than a year.
You will hear about the importance of establishing, maintaining and sustaining relationships, being what your organization needs when it needs it, taking the opportunity of a lifetime even though it’s scary, and what you can accomplish when you aren’t afraid and keep learning.
And when you have access to the tools and resources you need and deserve, the sky is the limit on what you can accomplish.
Discover if the Audit Leader Forum and Certified Chief Audit Executive (cCAE) programs discussed in this episode are right for you by visiting these websites so you can take your own opportunity of a lifetime. #internalaudit
Audit Leader Forum:
Certified Chief Audit Executive (cCAE):
Listen in at:

Jamming with Jason

Living Aligned Lights Me Up with Chenise Iwamasa

Have you ever got up from bed and wondered “what am I doing?”, “why am I doing this?”, or “am I doing the right thing?”
Our guest Chenise Iwamasa is a lawyer based in Hawaii that has a great story on how she was able to find meaning within her career.
If you have ever felt a little lost on why you are where you are, or frustrated with your current job, then today’s episode is a great listen for you!
Connect with Chenise at or on Instagram
Listen in at:

Jamming with Jason

Professional Success and Personal Happiness with Brian Ahearn

Influence is a big part professional success, and many people conflate it with manipulation. Because Influence is not a negative thing, becoming an influential person comes from a place of goodness within ourselves.
Building success and happiness is rooted in influence. Whether it be you influencing others, or others influencing you.
So tune in to today’s episode with our special guest Brian Ahearn and learn how to build more fulfilling connections with others.
Learn more and contact Brian at: where you will also be able to find details about his new book “The Influencer: Secrets to Success and Happiness” discussed in this episode, or you can find it through Amazon.
Listen in at:

Jamming with Jason

Grief and Loss is a Gift with Debbie Wood

A little out of the ordinary for this podcast, but today we will be talking about grief and loss. Something that all of us either have felt or will feel in our lives.
It may be hard to stay on the positive side during situations like these, but we have Debbie here with us to discuss how we can turn these emotions around for the better.
Reach out to Debbie at:
and for some of the yummy maple syrup mentioned in this episode go to:
Listen in at: