31 Days to More Effective Compliance Programs - Day 23 - Assessing Compliance Internal Controls

Thomas Fox - Compliance Evangelist
Contact
What happens when controls are continually overridden? Does that necessarily mean that companies engage in activities that violate the FCPA or some other law such as Sarbanes-Oxley (SOX)? Cristina Revelo said she would start with some basic questions such as “How often would something be manually approved? How often are controls skipped, what is the level of approvals you have, and your documentation? What are the reasons, and are you documenting how often a certain department requires those overrides?” While it could indicate a See more +
What happens when controls are continually overridden? Does that necessarily mean that companies engage in activities that violate the FCPA or some other law such as Sarbanes-Oxley (SOX)? Cristina Revelo said she would start with some basic questions such as “How often would something be manually approved? How often are controls skipped, what is the level of approvals you have, and your documentation? What are the reasons, and are you documenting how often a certain department requires those overrides?” While it could indicate a company lacks a culture of compliance or everything is an emergency, it might mean something else. It might tell that your internal controls need to be evaluated and then recalibrated. The Department of Justice calls this continuous monitoring leading to constant improvement. Joe Oringel, a co-founder of Visual Risk IQ, calls it continuous controls monitoring.

Three key takeaways:

1. An internal control override is not necessarily bad if proper procedure is followed.

2. Internal controls are not set in stone.

3. The key is to have a process for monitoring the controls, taking input literally from each line of defense. See less -

Embed
Copy

Other MultiMedia by Thomas Fox - Compliance Evangelist

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox - Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox - Compliance Evangelist
Contact
more
less

Thomas Fox - Compliance Evangelist on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.