The Cutting Edge Of Anti-Corruption Compliance: Proactive Audits


imagesCANZAEANThe FCPA world is fast-becoming the leader in new compliance strategies.  The Justice Department and the SEC have embraced the requirement for conducting “proactive audits.”

Recent settlements have included new compliance program requirements for a company to conduct proactive audits of high-risk areas.  It is a new and growing area for anti-corruption compliance.

The concept of a “proactive” audit, however, is nothing new.  The strategy has been employed for years in other contexts but now has gained traction in the anti-corruption area.

The importance of proactive audits is even more significant in the anti-corruption context.  As everyone knows, financial audits are not designed to identify illegal bribes because they hinge on “materiality.”  Numerous bribery schemes have been carried out underneath the “materiality” radar screen because they do not involve significant amounts of money.  On the other hand, “forensic audits” are designed to identify illegal bribes, and often incorporate transaction testing and other techniques.

A proactive audit is akin to transaction testing but with a big difference – it is focused on a high-risk operation.imagesCAP4NZ9V

The first step in the proactive audit is to identify those “high-risk” operations.  It is easy to rely on the annual Corruption Perceptions Index to identify those high risk operations but a broader focus is needed.

For each “high-risk” country of operation, it is important to consider:

  • how much business is conducted in the country;
  • the nature and extent of government interactions;
  • the business and compliance history of the company’s operations in the area;
  • local business regulation and enforcement in the country; and
  • the compliance and ethics reputation and performance of key personnel in each country.

imagesCAV7G3R3A risk-ranking matrix based on all of these factors should be developed to prioritize those operations for audits.

While it may be desirable to audit almost every office, the available resources (time and money) will dictate how many offices can be audited.  It is unlikely that a company will be able to audit every “high-risk” operation.

The high risk audit program has to be dynamic.  It has to adjust as new risks and factors are identified.  New information has to be incorporated into the analysis.  As audits are completed, new information will be learned and factors may be re-assessed.

Proactive audits require a team approach – lawyers, auditors and compliance personnel need to be included in each audit team.  A coordinated audit requires careful coordination among these personnel.  A detailed protocol needs to be adopted and followed in each audit.

The process needs to be supervised from the top down in the company.  The Compliance Committee needs to sign off on the program, the compliance office needs to manage and design the process with the assistance of the legal and auditing offices.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Michael Volkov, The Volkov Law Group | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.