Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to Assess Integrity Risks for a Company ?


Published on

Business Integrity Training delivered on behalf of the OECD in Kuwait in April 2013

  • Be the first to comment

  • Be the first to like this

How to Assess Integrity Risks for a Company ?

  1. 1. Organized by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance Kuweit April 22, 2013
  2. 2. Iohann Le Frapper As Vice-chair of ICC Corporate Responsibility and Anti- corruption Commission
  3. 3. 1.- Interactive session  We all have part of the truth in matters of integrity  My contribution to this Training is based on compliance practice and integrity standards  I am here to speak, to listen and to share: please interrupt me for questions  There are the national and the international standards  There are worldwide norms (OECD and United Nations Convention) which are recognized everywhere and good corporate practice which is based on a vast experience  The anti-corruption standards are universal and each company has to choose its prevention measures according to its culture, its size, its resources, its industry, its business model, etc..
  4. 4. 2.- The Basics  The basic rules  a.- UNCAC, OECD, FCPA, UK Bribery Act  b.- The basic terminology:  economic fraud,  bribery and corruption,  various forms of corruption (national and international/public and private/direct and indirect/mother company, subsidiaries and affiliates/trading in influence),  Gifts, entertainment and hospitality, and  money laundering
  5. 5. 3.- Definitions  The term “corruption” covers many aspects of economic fraud  You can have  large and small corruption  “street corruption” and “office corruption”  corruption with money or other undue advantages  corruption with laundered money or clean money  corruption from a slush fund or from a regular stream  national/international, public/private, direct from a company or indirect through an intermediary, mother company or subsidiary and affiliates  active v. passive  trading in influence
  6. 6. 4.- Risk Assessment I  A company starts with a Risk Profile/Risk Assessment to identify and prioritize its risks, esp. corruption.  Pro-active or crisis mode.  Risk assessment: cornerstone and critical initial step in designing an effective compliance program.  It is the task of the highest body of the corporation (the Board or the owner) to define the risks the corporation is ready to take on.  The basic approach of a risk assessment exercise:  identifying risks : scoping  measuring them, and  managing them.  Oversight by top-level management : from kick-off to final report  Prioritization of areas of highest risks: likelihood/frequency ? Potential impact?  As a result of such assessment, the company avoids focusing on false or minor problems.
  7. 7. 5.- Risk Assessment II  Appropriate resources :Risk assessment with internal/external information sources and resources.  Work plan : need to plan budget, level of activity (eg. interview list, document review?) and timing.  Call upon operational people and experts: insurance people, Health, Safety, Environment &Quality (“HSEQ”) people and lawyers  Typical risks to review : country, industry-specificities, transactions, business opportunities, business partnership/joint venture ?  Identify precisely weak points/processes in the organization (e.g. where are you dealing the most with cash?)  In which countries do you have business operations where the risk for fraudulent activity is the highest?  Degree of business with government entities ?  Level of regulation of relevant industry ?  Which supply/marketing channel presents the most challenges?  Are your intermediaries/business partners a low or high risk for your company?  Gifts, hospitality and entertainment activities ?
  8. 8. 6.- Risk Assessment III  Gap analysis :address whether existing compliance program address identified risks ?  Consider ethical awareness survey or interviews to gather data from employees about high-risks and knowledge of values and policies of the organisation.  Next stage : recommendations for design or improvement of internal controls (remediation measures);  Strength of internal controls : ascertain how compliance program operates in practice.  Purpose of risk-assessment is to educate senior managers, seek their input on findings/report and get their buy-in for anti-corruption program (sponsor must be one senior executive).  The risk assessment must be documented (to evidence, if needed, the bona fide of anti-corruption program) and monitored;  Dynamic risk-assessment :regular reviews and updates needed to reflect external developments, risk profile changes and lessons learned through action plan’s implementation
  9. 9. 7.- Due Diligence  Before joining forces with a new partner, agent, associate or even executive, you should make checks on integrity, competence, reputation  You can do this in very different ways but it should be  a continuous and sustainable method  leaving behind a paper trail, and  no “box ticking”
  10. 10. 8.-Adequate Procedures Guidance- UK Bribery Act.  Principle 3 :Risk Assessment  “The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented”. ation/bribery-act-2010-guidance.pdf
  11. 11. 9.-Adequate Procedures Guidance- UK Bribery Act.  Commentary on Principle 3  “3.1 For many commercial organisations , this principle will manifest itself as part of a more general risk assessment carried out in relation to business objectives. For others, its application may produce a more specific stand alone bribery risk assessment. The purpose of this principle is to promote the adoption of risk assessment procedures that are proportionate to the organisation’s size and structure and to the nature, scale and location of its activities. But whatever approach is adopted the fuller the understanding of the bribery risks an organisation faces, the more effective its efforts to prevent bribery are likely to be.  3.2 Some aspects of risk assessment involve procedures that fall within the generally accepted meaning of the term ‘due diligence’. The role of due diligence as a risk mitigation tool is separately dealt with under Principle 4.”
  12. 12. 10.-Adequate Procedures Guidance-UK Bribery Act.  Procedures for Principle 3  “3.3 Risk assessment procedures that enable the commercial organisation accurately to identify and prioritise the risks it faces will, whatever its size, activities, customers or markets, usually reflect a few basic characteristics. These are:  • Oversight of the risk assessment by top level management.  • Appropriate resourcing – this should reflect the scale of the organisation’s business and the need to identify and prioritise all relevant risks.  • Identification of the internal and external information sources that will enable risk to be assessed and reviewed.  • Due diligence enquiries(see Principle 4).  • Accurate and appropriate documentation of the risk assessment and its conclusions.  3.4 As a commercial organisation’s business evolves, so will the bribery risks it faces and hence so should its risk assessment. For example, the risk assessment that applies to a commercial organisation’s domestic operations might not apply when it enters a new market in a part of the world in which it has not done business before(see Principle 6 for more on this).”