By Matt Kelly …
Ethics and compliance officers talk constantly about the importance of corporate culture, ethical values, and a strong tone at the top; and we should. You can’t have an effective corporate compliance program without them. Still, despite all the uplifting and urgent talk about ethics, we’d be remiss if we didn’t also stress the other indispensable element of effective compliance: financial controls.
Unsexy as they may seem, financial controls have been on my mind lately because we’ve seen a wave of FCPA enforcement actions and scandals over illicit payments. Time and again, companies suffer compliance failures because money somehow got out the door when it should have stayed put.
POOR FINANCIAL CONTROLS CAN ALLOW AN EMPLOYEE TO WORK WITH A THIRD PARTY ON AN IMPROPER TRANSACTION – AND THAT IS VERY MUCH WITHIN THE COMPLIANCE OFFICER’S PURVIEW.
This requires some skillful juggling from compliance officers. On one side, we must nurture a strong ethical culture so people aren’t tempted to send bribes or other illicit payments out the door. On the other, we must enforce strong financial controls so that the door stays closed, even when someone tries to sneak an improper payment through it.
Compliance officers from a legal background might feel a bit uneasy delving into financial controls – isn’t that something the audit team does for SOX compliance? On the contrary, financial controls are hugely relevant to compliance officers when considering their third-party oversight responsibilities. Poor financial controls can allow an employee to work with a third party on an improper transaction – and that is very much within the compliance officer’s purview.
Make Sure Your Compliance Efforts Meet Justice Department Expectations
The Guidelines for Evaluating Compliance Programs (February 2017) mention accounting controls and payment systems, and their connection to third-party risk, several times. The questions center on three points:
- Documentation: Why was a certain third party hired, and why did your company pay the amount it did?
- Processes: What specific method did someone use to make an improper payment, and could other controls or processes have prevented it?
- Approvals: Did managers who allowed the payment understand their anti-bribery duties and have a means to speak up?
The trickiest part for compliance officers will be the right mix of “hard controls” embedded in accounting procedures, versus “human controls” rooted in the approvals that managers must give (or withhold, or even report to the audit committee).
The simple answer, of course, is to say “it depends on the risk.” Are several solid accounting controls, coded directly into your accounts payable system, better than one well-trained ethical supervisor who knows a bogus payment when he or she sees it?
The answer, of course, is an organization should have both – but those controls don’t have to, or even should, reside with the compliance function. Financial controls are organization-wide concerns and should rely on the expertise and efficiencies of surrounding departments.
Read full article here …