Professional Documents
Culture Documents
Countering Corruption
Countering Corruption
n late April, an investigative report in The New York Tiw alleged systematic bribery totaling more than US $24 million "played a persistent
and significant role" in the rapid grovwh of the Mexico subsidiary of
Wal-Mart Stores Inc. The article is replete with allegations of accounting
fraud, inadequate internal controls, inappropriate internal investigations,
cover ups, and even rewritten internal audit reports. Wal-Mart imrnediately expressed its deep concern about the allegations, announced it had
launched an aggressive investigation of the matter, and said it was taking
steps in Mexico and elsewhere to strengthen compliance with the U.S. Foreign
Corrupt Practices Act of 1977 (FCPA).
An effective
FCPA compliance
program can help
the organization
avoid severe
financial penalties
and prevent
reputational harm
Mexican authorities, the U.S. Securities and Exchange Commission (SEC), the
U.S. Department of Justice (DOJ), and even the U.S. Congress also quickly began
looking into the matter. And although these investigations still are proceeding, the
Reuters news service reported in July that other retailers have since reported to the
U ^ . government suspicions of their own potential violations, which in turn have
prompted the Justice Department and the SEC to consider a wholesale compliance
sweep of the industry. Corruption, however, is much more than a one company or
Albert G. Holzinger
Counterin
OCTOBER 2012
INTERNAL AUDITOR
47
COUNTERING CORRUPTION
48
INTERNAL AUDITOR
OCTOBER 2012
m
and other resources. "While everyone
owns compliance, there should be a
designated member of senior management who is responsible for overseeing the anti-corruption compliance
program and making sure it is evolving
and working the way it is designed to
work," Harrington says.
Risk Assessment Bill Pollard, a
leader of the FCPA consulting practice
of Deloitte Financial Advisory Services LLP, says organizations cannot
put effective compliance policies and
procedures in place until they conduct
a formal corruption risk assessment.
Although this assessrhent must be
thoughtful and comprehensive, it does
not have to be an expensive and
n July 17,2012, the Nordam Group Inc. agreed to pay a US $2 million penalty for violating the U.S. Foreign Corrupt Practices Act of 1977 (FCPA). Terms of this nonprosecution agreement with the U.S. Department of Justice (DOJ) reflect the agency's current thoughts about the best practices an FCPA compliance program should
address. These practices, derived from the Good Practice Guidance on Internal Controls, Ethics, and Compliance
issued in February 2010 by the Paris-based Organisation for Economic Co-operation and Development, are:
1. A clearly written code of conduct that prohibits violations of the FCPA and other global anti-corruption laws.
2. Strong, explicit, and visible senior management support of the conduct code.
3. Policies and procedures "designed to reduce the prospect of violations of anti-corruption laws and the organization's compliance code."
4. A risk assessment that takes into account factors such as where the organization operates and its use of thirdparty business partners.
5. Annual or more frequent review and update of the organization's compliance program and corruption risks.
6. Autonomous senior management oversight of the organization's anti-corruption program.
7. Financial and accounting procedures, including a system of internal control, "reasonably designed to ensure the
maintenance of fair and accurate books, records, and accounts."
8. Effective methods for communicating about the organization's anti-corruption program.
9. Ongoing compliance advice and guidance organizationwide and to third parties.
10. Disciplinary procedures that ensure, when misconduct is discovered, "reasonable steps" are taken to remedy the
violation and prevent reoccurrences.
11. Due diligence of agents and other business partners.
12. Third-party contract terms and conditions that are "reasonably calculated to prevent violations of anticorruption laws."
13. Merger and acquisition policies and procedures for conducting risk-based due diligence on potential new business
entities before reaching an agreement or reporting to the DOJ any corruption uncovered during this process.
14. Ongoing assessments and testing of the anti-corruption code of conduct, policies, and procedures.
OCTOBER 2012
INTERNAL AUDITOR
49
COUNTERING CORRUPTION
VISIT OUR
MOBILE APP
to see a video
of Deloitte
Forensic Center's
Toby Bishop
discussing trends
in fraud and
corruption.
50
INTERNAL AUDITOR
OCTOBER 2012
OCTOBER 2012
Doug Anderson, global finance director and former CAE of Dow Chemical
Co. in Midland, Mich. "And every time
there is suspicion of a bribery incident,
it is always a surprise, so you need to
prepare for the unexpected."
Anderson maintains internal
audit is positioned to be a key driver
of bribery investigations, but he says it
is important to prepare to assume this
role if needed by knowing in advance
of a suspected incident who in internal
audit will lead, execute, and oversee
the investigation. He adds that CAEs
aljo need to determine in advance what
processes staff will follow and how
investigation results will be documented
and reported. "If you don't know this
today, if you cannot tell your audit committee chair how an investigation would
be done and what the process would
be," he says, "you have some work to do
to prepare for that eventuality."
Internal audit's plan for responding to a suspected violation should
include how and when to escalate the
issue to those who need to know about
it, Anderson says. These parties likely
will include the audit committee chair,
general counsel, the chief financial officer, and the CEO. Timely investigation
and escalation are essential to achieving
good otitcomes.
"An effective response to a potential FCPA violation can help save
the company in a number of ways,"
Anderson says. "The quality of the
organization's compliance program
and violation remediation efforts can
have a substantial impact on how it is
treated by the federal government, if it
comes to that." In addition, Anderson
says dealing with a potential problem
quickly and decisively can forestall
some of the negative impact on the
organization's image, brand, and trading partners.
Conversely, internal auditors who
do not discharge their corruptionrelated duties may find themselves in
jeopardy. "The internal audit function
has been elevated in stature in recent
yearsnow we report to the CEO
and we report to the board, and they
have an expectation internal audit
is going to be actively Involved in
helping the organization develop and
maintain an effective FCPA compliance program," Harrington says. "If
there's an issue and internal audit
has not done this job effectively or
internal auditors are found to be part
of the problem, they can be judged
personally liable and be at grave professional risk." lEI
ALBERT G. HOLZINGER is a freelance
writer based in Savannati, Ca.
INTERNAL AUDITOR
51
Copyright of Internal Auditor is the property of Internal Auditor and its content may not be copied or emailed to
multiple sites or posted to a listserv without the copyright holder's express written permission. However, users
may print, download, or email articles for individual use.