1. The vast majority of corruption enforcement actions involve bribe payments made by third parties, as opposed to those made
directly by employees or officers. Given this fact, a company’s ability to readily identify which of its third-party business partners
represent heightened risk and then hold those high-risk third parties to a higher standard of care, is a critically important
component of an overall anti-corruption program.
Having a strong, thoughtfully conceived anti-corruption policy is an important
starting point but it is not enough. Organizations need to implement the
underlying procedures and align them with internal controls and their audit
program to operationalize an anti-corruption program. Having a combination
of the right resources with the right skills to collect and parse large volumes of
data regarding third-party business partners – and perform escalating levels
of due diligence investigation for those that represent a disproportionate
degree of risk – as well as a technology solution to manage this overall program,
is often the difference between high-performing programs and those deemed
to be ineffective.
Leading organizations work smart by utilizing the Governance Portal as the
backbone of their anti-corruption program to manage the corruption risk within
their third-party population.
Sustainable Third-Party Anti-Corruption Program
The Governance Portal for Third-Party Anti-Corruption enables companies to
apply a risk-based approach to the third parties with whom and through whom
they do business. The system features the ability to gather third-party data,
analyze and score corruption and other types of risk based on a proprietary
scale, manage work flows, approvals and due diligence investigations, as
well as to continuously monitor these relationships.
Protiviti’s Governance Portal for Third-Party Anti-Corruption
Scope, Sponsor, Justify
CollectandCertify
TrainandCommunicate
Score and Contract
Scope Collect
Measure and ReportTrain
• Establish a framework of third-party
business partners, automated risk
scoring and detailed due diligence.
• Identify “in-scope” third-party entities.
• Match key sponsors within your
organization to create accountability.
• Develop a set of standard questions to
create a consistent program applied
across your entire organization.
• Automate the data collection process
by deploying surveys to collect information
anddatafromthird-partybusinesspartners.
• Obtain“certification”toyouranti-corruption
program via an annual survey.
• Train your executives, employees, agents
and business partners regarding your
anti-corruption program.
• Communicate changes to your policies
and procedures with existing vendors and
obtain acknowledgement and certification
regarding your anti-corruption program.
• Developastandardrisk-scoringmodel
andevaluatethird-partysurveyresponses.
• Analyze survey responses and create a
risk scorecard for each third party.
• Identify “red flags” that require further
investigation
1
A Resource Guide to the U.S. Foreign Corrupt
Practices Act (“the Guide”), www.sec.gov/spotlight/
fcpa/fcpa-resource-guide.pdf.
The Governance Portal is a market-leading
governance risk and compliance (GRC)
software solution used by hundreds
of clients around the world, providing
visibility and insight needed to manage
and mitigate critical risk and compliance
issues today and in the future.
The Governance Portal:
• Enhances project team efficiency
• Promotes enterprise accountability
• Produces business intelligence
• Optimizes your GRC platform
investment
Protiviti has been positioned as a “Challenger”
by Gartner, Inc. in the September 2013
Magic Quadrant for Enterprise Governance,
Risk, and Compliance Platforms.
“DOJ’s and SEC’s FCPA enforcement actions
demonstrate that third parties, including
agents, consultants, and distributors, are
commonly used to conceal the payment of
bribes to foreign officials in international
business transactions. Risk-based due diligence
is particularly important with third parties
and will also be considered by DOJ and SEC
in assessing the effectiveness of a company’s
compliance program.”1
Gartner does not endorse any vendor, product or service depicted
in its research publications, and does not advise technology users
to select only those vendors with the highest ratings. Gartner
research publications consist of the opinions of Gartner’s research
organization and should not be construed as statements of fact.
Gartner disclaims all warranties, expressed or implied, with respect
to this research, including any warranties of merchantability or
fitness for a particular purpose.

2. Proactively Manage Your Corruption Risk
The system helps you create a sustainable, consistent process to evaluate
the risks associated with your agents and third-party business partners. It
facilitates efficient data collection from third parties, and provides a standard
risk-scoring methodology based on your requirements and risk scorecards to
identify high-risk entities and take additional action.
It enables continuous assessment of vendors based on your anti-corruption
policy and provides the means to drive regulatory compliance accountability
and maintain ongoing communication with internal and external parties.
All referenced trademarks are the property of their respective owners.
© 2014 Protiviti Inc. An Equal Opportunity Employer M/F/D/V. PRO-0514-104217
Protiviti is not licensed or registered as a public accounting firm and does
not issue opinions on financial statements or offer attestation services.
The Governance Portal for Third-Party
Anti-Corruption enables you to:
• Gather responses to third-party anti-
corruption questionnaires prior to
contract approval.
• Establish a risk-scoring model that
aligns with your overall anti-corruption
policy.
• Identify third parties with heightened
risk, allowing you to allocate resources
on a risk basis for additional investigation
and follow-up.
• Manage overall workflow, investigative
cases and approvals.
• Provide complete audit trail and serve
as overall data repository for program
activity.
• Continuously monitor third parties
against watch lists and optional
integration with accounting systems.
To schedule a demo for the Governance
Portal for Third-Party Anti-Corruption, visit
us at protiviti.com/grc-software.
About Protiviti
Protiviti (protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations,
governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000®
and FORTUNE Global 500®
companies.
Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries.
The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.
Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the SP 500 index.
0 100 200 300
Swift Report Research
Compliance Review
Onboarding Complete
Risk Scorecard Review
Business Sponsor Review
Third-Party Response
Initiate Onboarding
Low
Medium
High
Action Steps
Approve
Request Due Diligence
Demote to Business Sponsor
Exit Relationship
Onboarding Status
Risk Scorecard