Categories
Blog

Monitoring and Improvement of Internal Controls

What happens when controls are continually overridden? Does that necessarily mean that companies are engaging in activities that violate the FCPA or some other law such as Sarbanes-Oxley (SOX). Cristina Revelo said she would start out with some basic questions, such as “How often would something be manually approved? How often are controls skipped, what are the level of approvals that you have and what is your documentation? What are the reasons, and are you documenting how often a certain department is requiring those overrides?” While it could indicate that a company lacks a culture of compliance or that everything is an emergency, it might mean something else. It might mean that your internal controls need to be evaluated and then recalibrated. The Department of Justice calls this continuous monitoring leading to continuous improvement. Joe Oringel, co-founder of Visual Risk IQ, calls it continuous controls monitoring.

However, many compliance professionals, and particularly lawyers, think once a control is in place, it’s set in stone, and it’s there forever. This derives from the unfortunate fact that once again many compliance professionals and most lawyers do not understand internal controls. Yet, internal controls, much like the rest of a compliance program can and should be continually monitored and continually improved based on the information about such things as the number of overrides. Such a review can be evidence of a management problem or a culture of non-compliance at the organization. However, it could be that perhaps the controls need to be adjusted.

How do you assess and then update your internal controls? Companies should also think about updating and reviewing their controls at least annually. In this manner, they can identify any violations of their internal controls. It also allows a deep dive into any specific areas of control failures. Another approach would be more robust controls through greater monitoring of your controls. For example, you could review your controls quarterly to allow you to spot any trends that are moving in the wrong direction. You can even start out by having your compliance function perform a self-review of its controls and test exemplar transactions. This is not a full-blown audit but simply desktop testing to make sure controls are being properly followed. Once again, simply because there is a control override or excessive use of a compensating control does not mean something is illegal. It may mean that the control is not working as it was designed.

Revelo said it could be an instance of “too short an approval time period and employees need a little bit longer because depending on their industry or how business works. This also helps to both identify frustrations from employees where there is a control, but every time it needs to be executed, it is impossible for me to do, or it’s impossible for me to comply with it a hundred percent.” These quarterly reviews can then be collated into an annual report for review and assessment and the report can form the basis of an annual report to the Compliance Committee of the Board of Directors or even the full Board.

The key is to have a process for monitoring the controls and taking input, literally from each line of defense. If a control is overridden too often, you need to change it. If a control is ineffective, you can use that information to craft a new internal control. Internal controls are not static, but dynamic and, with proper oversight, you can set up internal controls and literally improve them with appropriate documentation. (Hint-Document, Document, and Document.)

Revelo emphasized that it is not simply identifying the issues but remedying them as well “because that actually might look worse if you identify a lot of issues, but do not fix them. You are better off by remediating everything you are identifying.” From there you can conduct a root cause in that analysis as to why there was failure in a control or violation of a compliance procedure. Revelo concluded, “you need to really do that in an in-depth manner and then remediate.”

Categories
Compliance Into the Weeds

Compliance into the Weeds: A Material Weaknesses Catastrophe

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds!

In this episode, co-hosts Tom Fox and Matt Kelly dissect a disastrous 10k report filed by Ammo Incorporated, exposing the company’s shocking governance and compliance breakdown. The lack of personnel, internal control processes, and proper segregation of duties are just some of the material weaknesses that led to this corporate disaster. The hosts provide insightful lessons on what companies should avoid to maintain internal governance, share tips on approaching remediation, and emphasize the importance of self-awareness among senior management and the board. Tune in to hear how this niche investigative story was uncovered, and how Twitter played a crucial role in the investigation. Don’t miss Compliance into the Weeds – the podcast that will change the way you think about governance and compliance!

 Key Highlights 

·      Material weaknesses in internal governance practices

·      Material weaknesses in operations at Ammo

·      Challenges with Ammo Inc.’s strategic shift and internal controls

·      Remediating Company Failures: Story’s Disclosure

 Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Everything Compliance

Episode 102 – the Technical Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In 2021, Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jonathan Marks, Jay Rosen, Tom Fox, and Matt Kelly. In this episode, we discuss some technical issues which have all been thinking about. We conclude with our fan-favorite Shout Outs and Rants.

1. Matt Kelly takes a deep dive into the CCO certification issue focusing on the term ‘reasonable.’ He rants about the LIV exhibit golf tour and the insane amount of money being spent by Saudi Arabia to rehabilitate its reputation through sports.

2. Jonathan Marks explores auditing business segments and what it means for auditors and investors. He shouts out SEC Chairman Gary Gensler on the 20th anniversary of the enactment of SOX.

3. Tom Fox looks at the bribery schemes used in the Biotronik FCA action and mines them for lessons learned for the anti-corruption compliance professional. He shouts out to Vin Scully, the former play-by-play announcer for the Los Angeles Dodgers.

4. Jay Rosen explores FCA USA LLC’s fraudulent emissions criminal action. He shouts out to Celtic great Bill Russell, who died this week.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –our UK colleague is an experienced data privacy/protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance-Shout Outs and Rants from Episode 102

Welcome to our fan-favorite Shout Outs and Rants.

  1. Matt Kelly rants about the LIV exhibit golf tour and the insane amount of money being spent by Saudi Arabia to rehabilitate its reputation through sports.
  2. Jonathan Marks shouts out SEC Chairman Gary Gensler on the 20th anniversary of the enactment of SOX.
  3. Tom Fox shouts out to Vin Scully, the former play-by-play announcer for the Los Angeles Dodgers.
  4. Jay Rosen shouts out to Celtic great Bill Russell, who died this week.

The members of Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com.
  • Jonathan Armstrong is our UK colleague, an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com.
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com.

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
FCPA Compliance Report

Mary Inman on the Current State of Whistleblowing


In this episode of the FCPA Compliance Report, I am joined by Mary Inman, partner at Constatine Cannon. We look at recent developments in whistleblowing and how the Ukraine War has increased the visibility of whistleblowers. Highlights of this podcast include:

  1. Whistleblower Reward Program at the US Treasury Department/FinCEN – what is its relevance to corruption, anti-money laundering and the Ukraine conflict.
  2. The House Committee on Financial Services voted to strengthen the U.S. Treasury’s Anti-Money Laundering (AML) whistleblower program.  What does this mean for this  nascent program?
  3. How does a minimum whistleblower reward threshold, whistleblower incentives and injects more certainty into the Anti-Money Laundering whistleblower program.
  4. How does expanding AML whistleblower rewards to cover laws applicable to Russian sanctions, Congress is enlisting the help of the private citizenry.
  5. Lisa Monaco recently spoke about the government relying on corporations to ID instancesof money-laundering and other activities to help enforcement Russia economic sanctions and broader trade sanctions. Do you see private citizen or other whistleblowers as a key component of this fight?
  6. How has the Ukraine War raised the profile of whistleblowers and whistleblowing?
  7. Starting with SOX, then Dodd-Frank and the AML Law of 2020 has the US government began to understand whistleblowers as a key component in the fight against fraud, waste and abuse.
  8. Has the government embraced these same strategies and tactics in the wider fight against corruption?
  9. Tribute to Chuck Grassley for his advocacy of whistleblowers.

 Resources
Mary Inman on Constantine Cannon website

Categories
Compliance Into the Weeds

JPMorgan Responds to Whistleblower Claims


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into the recent response of JPMorgan to the whistleblower termination allegations of Shaqualla Williams. Highlights include:

  • What does whistleblower protection actually mean?
  • Can a company fire an employee for other conduct if they have filed a whistleblower report?
  • Will this become the template for getting rid of whistleblowers?
  • Do the substance of whistleblower reports matter?

Resources
Matt in Radical Compliance

Categories
Daily Compliance News

March 8, 2022 the Turbocharged Edition


In today’s edition of Daily Compliance News:

  • Putin’s war has turbocharged anti-corruption. (Politico)
  • Lawyers as gatekeepers.  (Radical Compliance)
  • Was it a culture change or just messaging? (NYT)
  • NFL Nightmare comes true. (ESPN)
Categories
Compliance Into the Weeds

Compliance into the Weeds – Episode 47

SEC Chair Clayton Talks Compliance Costs. Will the new administration gut SOX and Dodd-Frank compliance requirements?