Thursday, August 4, 2011
The Critical Compliance Gatekeeper -- The Internal Auditor
It is unfortunate but true – compliance actors in a company can sometimes engage in internal turf battles which undermine overall compliance efforts. Every organization suffers from internal inefficiencies caused by personalities, protecting spheres of influence and sometimes, even organizational insecurities.
Without trying to insult general counsels and even compliance officers, the internal auditor in a company is uniquely positioned to identify corruption risks. All too often, internal auditors clash with general counsels and compliance officers. This is where senior management comes in and the tone-at-the-top is critical. Everyone is working for the same goal – to minimize the risk of corruption. Each has a unique role and responsibility, and each constituency must work together to prevent corrupt conduct.
The internal auditor sits in the trenches with unique access to financial information which may indicate illegal financial schemes. This may seem obvious but the internal auditor follows the money and can smell, early on, potential abuses. This is especially true because the internal auditor employs data analysis techniques which can raise the visibility of potential violations and help management focus on the right offices where the risk may exist. Moreover, the internal auditor should implement a comprehensive monitoring program proven to help detect potential violations.
The internal auditor adheres to the concept of “material” transactions. This is where the tension arises among the internal auditor, general counsel and compliance officer – the general counsel and compliance officer are not just interested in “material” transactions since bribery schemes can be carried out with transactions which fall below the “material” standard (e.g. petty cash).
But this difference can be addressed in the design of a financial early warning system for a company. In general, an auditor, as the critical gatekeeper, can help to identify anti-bribery red flags, to implement an early warning financial system, so that employees know if a red flag pops up they will be questioned by the auditor, compliance officer and general counsel’s office.
The internal auditor’s financial system should include: transaction testing to validate completeness and accuracy of books and records; continuous monitoring of key internal accounting controls; and identification of high volume cash transactions, payments sent outside the country of operation; multiple gifts to a single individual; entertainment of government customers; bonuses of unusual quantity or timing; attempts to circumvent detection (e.g. multiple changes to vendor payment details in a short period of time; duplicate active vendors; payroll employees matching address/phone details of government officials; and charitable contributions to organizations affiliated with the government).
The internal auditor, as the critical gatekeeper, can help to design and implement a state-of-the art compliance and monitoring program. Compliance officers and general counsels need to put aside their egos, provincial politics, and coordinate among their offices to ensure that their client – the company – does everything in its power to promote compliance.