Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals

FCPA Compliance: Practical Steps to E...
•

•
•
After participating in this event you will be able to:
•

Understand how to identify and mitigate FCPA risk exposures at y...
Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals

FCPA Compliance: Practical Steps to E...
Jeremy Clopton,Senior
Managing Consultant,
BKD, LLP

@j313

Phil Lim, Product
Manager, ACL
$70 Million

$1.9+ Billion
• Total Penalties 2010-2013
Penalties 2010-2013
• 20+ Organizations
Organizations

Personal Lia...
The Scenario
The Bribe
What’s the issue?

• You are part of an organization that manufactures and
sells trains.
• Governme...
The Scenario
The Bribe
What’s the issue?

•To obtain the business, government minister in charge is
told:

•$100K will be ...
The Scenario

•$100K went from the people of Meydupistan to the
Minister’s pocket.

The Bribe

•Not fair for competition:
...
The Need
• FCPA violation = need for
compliance plan
• 8 countries of interest

The Solution
• Monthly compliance monitori...
The Need

The Solution

• FCPA violation = need for
compliance plan

• Step 1: Assessment of control
environment (Internal...
Financial reporting controls are not
bribery controls.
More application system controls can be
ineffective.

One-off initi...
Financial reporting controls are not bribery
controls.
More application system controls can be
ineffective.

•One time don...
Financial reporting controls are not bribery
controls.
More application system controls can be
ineffective.

•Implementing...
Financial reporting controls are not bribery
controls.
More application system controls can be
ineffective.
One-off initia...
Financial reporting controls are not bribery
controls.
More application system controls can be
ineffective.
One-off initia...
Self-Assessment

Continuous Monitoring

Executive Visibility

• Internal Control
Reviews
• Policy Reviews
• Ad-hoc Analysi...
Conduct Internal Control Reviews

• Anti-Bribery Policies / Employee
Education / Reporting hotlines

Distribute and Track ...
Conduct Internal Control Reviews
• Management Recommendations

Distribute and Track Deliverables
Who should perform the
As...
Conduct Internal Control Reviews

• External assurance firm?

Distribute and Track Deliverables

• Internal audit team/com...
Implement Detective Controls
Where to Apply Bribery Analytics
Define the Remediation
Workflow

• Incorporate analytics to ...
Implement Detective Controls
• Where to apply data analytics

Where to Apply Bribery Analytics
Define the Remediation
Work...
Implement Detective Controls

• Document follow-up and
remediation

Where to Apply Bribery Analytics

• Identify trend of ...
•

–
–
•
–
–
–
Fictitious Merchants
• Area: TNE
• Area: TNE
Risk

• A fictitious merchant is is set up to channel funds tounauthorized th...
Manual Postings to System Accounts

• Area: TNE
Area: GL
Risk
• A fictitious journal entry isup to channelsystem account t...
New Vendor Monitoring

• Area: TNE
Area: P2P
Risk
• Vendors without a previous to channel funds tothe unauthorized third p...
Non-Vendor Cash Payments
• Area: TNE
• Area: P2P, GL
Risk
• Cash payments not recordedup to channel funds to an unauthoriz...
Invoices without Descriptions
• Area: TNE
• Area: P2P
Risk
• Improper payments, andset up to channel funds to an unauthori...
Sales Adjustments or Write-offs to Customers
• Area: O2C
• Area:TNE
Risk

• Adjustments or write-offs may be manipulatedun...
Payroll Employees without Deductions
• Area: Payroll
• Area: TNE
Risk

• Phantom employees mayup to channel funds to an un...
•

•
–

•
–
•
•
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe
Upcoming SlideShare
Loading in …5
×

FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe

726 views

Published on

Video & Slides: http://www.proformative.com/events/fcpa-compliance-practical-steps-establish-maintain-control-across-globe

Compliance with the Foreign Corruption Practices Act (FCPA) is one the greatest risk exposures companies face in doing business across the globe. There is more to FCPA than just legal conjecture and “what if” scenarios. There is a material impact being felt by many global companies as federal authorities step up their FCPA enforcement actions. Anti-bribery enforcement is on the rise and penalties are growing, with hefty fines being doled out by the millions. Data analytics are one of the most powerful ways to validate the completeness and accuracy of books and records, providing an invaluable early warning system against bribery and corruption. In this webinar, FCPA compliance and Data Analytics experts will outline best practices for incorporating analytics into your FCPA compliance program, and offer real-world success stories and key lessons learned. Attendees will also learn where and how to get started with common tests for identifying non-compliant activities, and how to prioritize and take a targeted approach to compliance.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
726
On SlideShare
0
From Embeds
0
Number of Embeds
73
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Ernie introduces Phil and Jeremy
  • Jeremy starts with The Stakes.Ends this slide with transition to “Moral Issue”…
  • Phil
  • Phil
  • Phil
  • Jeremy transitions topic to Case Studies
  • Jeremy Case Study
  • Phil Case Study
  • Phil
  • Phil
  • Phil
  • Phil
  • Phil
  • Phil
  • Phil
  • Phil
  • Phil
  • Phil
  • Phil
  • Phil
  • Jeremy
  • Phil
  • *HALFWAY POINT of our 40 minutes. We should be at around 11:25am or so by now*Phil
  • Phil-Jeremy adds Keyword search tip (Accounting Provision)
  • Phil
  • Phil
  • Phil
  • Jeremy
  • JeremyPhil adds 2 points- self-assessment and key challenge of implementing further controls
  • Jeremy
  • Jeremy
  • Jeremy
  • Jeremy
  • Jeremy- simple data visualization techniques
  • Jeremy
  • Jeremy
  • Ernie- ACL has a number of whitepapers, videos, case studies and other resources in their Proformative Exchange listing, including an eBook called “Don’t Get Bitten by the FCPA.”-There’s also a link listed from BKD to learn more about their advisory services in the area of investigation and public response
  • FCPA Compliance: Practical Steps to Establish and Maintain Control across the Globe

    1. 1. Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals FCPA Compliance: Practical Steps to Establish and Maintain Control Across the Globe Jeremy Clopton, Senior Managing Consultant, BKD, LLP Phil Lim, Product Manager, ACL
    2. 2. • • •
    3. 3. After participating in this event you will be able to: • Understand how to identify and mitigate FCPA risk exposures at your company • Discover current and emerging trends in technology that allow pro-active risk exposure management • Understand how to continuously monitor company data for suspicious FCPA activities
    4. 4. Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals FCPA Compliance: Practical Steps to Establish and Maintain Control Across the Globe Jeremy Clopton, Senior Managing Consultant, BKD, LLP Phil Lim, Product Manager, ACL
    5. 5. Jeremy Clopton,Senior Managing Consultant, BKD, LLP @j313 Phil Lim, Product Manager, ACL
    6. 6. $70 Million $1.9+ Billion • Total Penalties 2010-2013 Penalties 2010-2013 • 20+ Organizations Organizations Personal Liability Johnson & Johnson $95 Million 2011 $398 Million Magyar Telecom 2011 Total S.A. 2013 • Personal fines fines • Incarceration • Incarceration Reputational Damage $45 Million Pfizer $29 Million Eli Lily 2012 2012
    7. 7. The Scenario The Bribe What’s the issue? • You are part of an organization that manufactures and sells trains. • Government of Meydupistan needs to purchase new trains for its national railroad. • Budget of ~$100 Million.
    8. 8. The Scenario The Bribe What’s the issue? •To obtain the business, government minister in charge is told: •$100K will be directed to his “favorite charity”
    9. 9. The Scenario •$100K went from the people of Meydupistan to the Minister’s pocket. The Bribe •Not fair for competition: •What if a competitor had better trains for less? What’s the issue?
    10. 10. The Need • FCPA violation = need for compliance plan • 8 countries of interest The Solution • Monthly compliance monitoring: • Dashboard for management review (8 – 10 analytics in one page) • Multiple accounting systems • Accompanying details for compliance and internal audit review • Increase in effectiveness and efficiency in testing
    11. 11. The Need The Solution • FCPA violation = need for compliance plan • Step 1: Assessment of control environment (Internal Audit) • Lots of Joint Ventures/Acquisitions in worldwide markets • Step 2: Implement continuous monitoring data analytics • Step 3: Follow-up and report on findings and management remediation • Step 4: Repeat
    12. 12. Financial reporting controls are not bribery controls. More application system controls can be ineffective. One-off initiatives are not sustainable. Stakeholders (internal and external) need visibility.
    13. 13. Financial reporting controls are not bribery controls. More application system controls can be ineffective. •One time donation to a foreign official’s favourite charity? Not an issue for SOX, but for FCPA… One-off initiatives are not sustainable. •What do we need to test for? Stakeholders (internal and external) need visibility.
    14. 14. Financial reporting controls are not bribery controls. More application system controls can be ineffective. •Implementing further application system controls can lead to inflexibility, rejection, and ultimately, workarounds. One-off initiatives are not sustainable. Stakeholders (internal and external) need visibility. •How do we maintain business agility while addressing the issue?
    15. 15. Financial reporting controls are not bribery controls. More application system controls can be ineffective. One-off initiatives are not sustainable. Stakeholders (internal and external) need visibility. •One-off initiatives to produce a “report” don’t affect culture nor promote transparency. •How do we ensure lasting impact of our mitigation efforts?
    16. 16. Financial reporting controls are not bribery controls. More application system controls can be ineffective. One-off initiatives are not sustainable. Stakeholders (internal and external) need visibility. •How does the executive team keep informed about ongoing bribery and corruption risk? •What about demonstrating to authorities that an effective program is in place?
    17. 17. Self-Assessment Continuous Monitoring Executive Visibility • Internal Control Reviews • Policy Reviews • Ad-hoc Analysis and Sampling • Timely Alerts of Suspicious Activities • Exception Management Workflow • Maintain Business Agility • Dashboard for Senior Leadership to action • External Stakeholders
    18. 18. Conduct Internal Control Reviews • Anti-Bribery Policies / Employee Education / Reporting hotlines Distribute and Track Deliverables • Document sources of revenue (party planning?) Who should perform the Assessment? • Business Partner/Joint Venture/Third party due diligence
    19. 19. Conduct Internal Control Reviews • Management Recommendations Distribute and Track Deliverables Who should perform the Assessment? • Control Deficiencies
    20. 20. Conduct Internal Control Reviews • External assurance firm? Distribute and Track Deliverables • Internal audit team/compliance team? Who should perform the Assessment? • Can better follow-up with findings, know the business
    21. 21. Implement Detective Controls Where to Apply Bribery Analytics Define the Remediation Workflow • Incorporate analytics to increase effectiveness • Maintain Business Agility • Create a common data model to deal with disparate systems
    22. 22. Implement Detective Controls • Where to apply data analytics Where to Apply Bribery Analytics Define the Remediation Workflow • Multiple business processes – Vendor Management, P2P, GL, Payroll, TNE
    23. 23. Implement Detective Controls • Document follow-up and remediation Where to Apply Bribery Analytics • Identify trend of control effectiveness Define the Remediation Workflow • Further refine analytic logic and parameters, and processes
    24. 24. • – – • – – –
    25. 25. Fictitious Merchants • Area: TNE • Area: TNE Risk • A fictitious merchant is is set up to channel funds tounauthorized third party. • A fictitious merchant set up to channel funds to an an unauthorized third party. Control • Management should be notified when a merchant is used by very few • Management shouldaverage transactiona merchant is used by very few individuals but whose be notified when size is large. • individuals but whose average remediate exceptions on a timely basis. Management should review and transaction size is large. • Management should review and remediate exceptions on a timely basis.
    26. 26. Manual Postings to System Accounts • Area: TNE Area: GL Risk • A fictitious journal entry isup to channelsystem account to hide athird party. manual merchant is set posted to a funds to an unauthorized transaction to an unauthorized third party Control • Management should be notified when a merchant is used by very few individuals but whose be notified of manual journal • Management shouldaverage transaction size is large. entries to GL accounts • typically reserved for application system exceptions on a timely basis. Management should review and remediate use. • Management should review and remediate exceptions on a timely basis.
    27. 27. New Vendor Monitoring • Area: TNE Area: P2P Risk • Vendors without a previous to channel funds tothe unauthorized third party. A fictitious merchant is set up relationship with an organization may be used to channel funds to an unauthorized third party. Control • Management should be notified when a merchant is used by very few individuals but whose be notified when size is large. • Management shouldaverage transactionthere are new vendors with • significant transaction values. remediate exceptions on a timely basis. Management should review and • Management should review and remediate identified transactions on a timely basis.
    28. 28. Non-Vendor Cash Payments • Area: TNE • Area: P2P, GL Risk • Cash payments not recordedup to channel funds to an unauthorized third party. A fictitious merchant is set in the accounts payable detail are not linked to a vendor and may not contain sufficient detail to analyze propriety of payment. Control • Management should be notified when payment is is used by very few • Management should be notified when a a merchantmade through any system individuals but whose average other than accounts payable. transaction size is large. • Management should review and remediate identified transactions on basis. Management should review and remediate exceptions on a timely a timely basis.
    29. 29. Invoices without Descriptions • Area: TNE • Area: P2P Risk • Improper payments, andset up to channel funds to an unauthorized third party. A fictitious merchant is improper recording of these payments, through the accounts payable system by entering invoices without proper descriptions. Control • Management should be notified when a merchant is used by very few • Management should be notified when payments are made on invoices without an individuals but whose average transaction size is large. description. • Management should review and remediate exceptions on a timely a timely • Management should review and remediate identified transactions on basis. basis.
    30. 30. Sales Adjustments or Write-offs to Customers • Area: O2C • Area:TNE Risk • Adjustments or write-offs may be manipulatedunauthorized third party. • A fictitious merchant is set up to channel funds to an in a kick-back or bribery scheme. Control • Management should be notified when a merchant is used by very few • Management should be notified of repetitive, significant adjustments individuals but whose average transaction size is large. and write-offs to the same customer. • Management should review and remediate exceptions on a timely basis. • Management should review and remediate exceptions on a timely basis.
    31. 31. Payroll Employees without Deductions • Area: Payroll • Area: TNE Risk • Phantom employees mayup to channel funds to an unauthorized third party. A fictitious merchant is set be used to channel funds to an inappropriate third party. Control • Management should be notified when a merchant is used by very few • Management shouldaverage transaction size is large. individuals but whose be notified of any payroll transactions without • appropriate deductions. and remediate exceptions on a timely basis. Management should review • Management should review and remediate exceptions on a timely basis.
    32. 32. • • – • –
    33. 33. • •

    ×