Third parties still present the highest risk around FCPA compliance. It is therefore critical that you use monitoring and auditing when it comes to continuous improvement for this high-risk area. Today I want to consider three aspects of a company’s audit program for its compliance function: the types and purpose of third-party audits, planning for third-party audits and interviewing third parties.
You should generally plan your audit out four to six weeks in advance. It should be done in conjunction with your corporate legal department taking the lead to preserve the attorney/client privilege. You will need to work with the Business Sponsor to establish key business contacts and to facilitate the discussion of audit rights and the audit process with the third party. You should prepare initial document request lists for financial information queries, review findings from previous audits and their resolutions. If there are any opened or closed internal investigations, they should be similarly reviewed. Finally, if there are any related Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcement actions in your industry, take care to review and finally be cognizant of them.
Next consider the entry points of foreign government involvement; both direct and indirect. In the direct category, there are the following areas: customs and duties, corporate taxes and penalties, social security or national insurance issues for employees, obtaining in-country visas and work permits, public official gifts and entertainment, training of and attendant travel for employees of government owned entities, procurement of business licenses and permits to perform work and, finally, areas around police escort and security. In the indirect category, some of the key areas to review are: customs agents and freight forwarders, visa processors, commercial sales agents, including distributors and, finally, those who might be consultants or other channel partners.
Document review and selection is important for this process. You should ask for as much electronic information as possible well in advance of your audit. You should ask for some of the following categories of documents; trial balance, chart of accounts, journal entry line items, financial and compliance policies, prior audited financial statements, bank records and statements, a complete list of agents or intermediaries and revenue by country and customer. It is important to try and obtain records in database or excel format and not simply in .pdf.
When you are ready to commence your interviews, the lead interviewer needs to be culturally sensitive, patient and must negotiate a good working relationship with auditors on your team, who will be reviewing the documents from the forensic perspective. You should focus on potential interviewees who interact with government entities, foreign government officials or third parties, including those personnel involved with:
- Business Leadership;
- Sales/Marketing/Business Development;
- Logistics; and
- Corporate Functions: Human Resources, Finance, Health, Safety and Environmental, Real Estate and Legal.
It is important that you conduct the audit interview as precisely that, an audit interview and not an investigative interview. This is not the time to play ‘got-cha’. The audit interview process also affords the opportunity to engage in training while you are interviewing people. For the interview topics, I suggest some or all of the following:
- General policies and procedures;
- Books and records pertaining to FCPA risks;
- Test knowledge of FCPA and UK Bribery Act including facilitating payments and their understanding of your company’s prohibitions;
- Regulatory challenges they may face;
- Any payments of taxes, fees or fines;
- Government interactions they have on your behalf; and
- Other compliance areas you may be concerned about or that would impact your company, including: trade, anti-boycott, anti-money laundering, anti-trust.
Particular care should be given to the review you make around the General Ledger (GL) accounts. Here you need to review commission payments to agents and representatives, any facilitation payments, all payments around travel, meals and entertainment, payments made around training, gifts, charitable contributions, political donations and sales and promotional expenses. If there were payments made for customs or freight forwarders and other processing agents, permits, licenses, taxes and other regulatory expenses should be reviewed. Additionally, any entries pertaining to community contributions and social responsibility payments should be assessed and, finally, they a review of any security payments, extortion payments, payments to legal consultants or tax advisors or fines and penalties should be considered.
Regarding bank accounts and cash disbursement controls, you should review the following:
- Review controls around bank accounts and cash disbursements;
- Identify and review authorized signers, approval levels, and bank reconciliations;
- Ensure all bank accounts are included in the General Ledger;
- Identify and review certain bank and cash disbursement transactions;
- Identify offshore bank accounts.
In the area of cash funds review the following:
- Review controls around petty cash funds;
- Ascertain processes in place regarding disbursement and reconciliation of cash funds;
- Identify and review payments to government officials, agents, or any unusual or suspicious activities; and
- Identify and review certain bank transactions and test for any improper payments.
For gifts, travel and entertainment, you should explore payments made through employee-reimbursed expenses, scrutinize for any suspicious expenses submitted, expenses lacking adequate documentation, incorrect posting; and identify and review accounts associated with gifts, meals, entertainment, travel, or promotion. Around payroll, consider the risks around the use of ghost employees, hiring of relatives of government employees, and the use of bonus payments and be sure to request a payroll listing and review for any such persons.
Around training you should determine whether your company provides industry specific training to government entities, and review GL accounts and expenses for related items. In looking at payments under local law, you should obtain list of payments to the government required by local laws and identify and review payments to government authorities or employees, customs authorities or agents, income taxes authorities or license requirements. For payments made to third parties, you should review commission and expense payments for compliance with company policy and trace payments to the third party’s bank account.
Three Key Takeaways
- Start planning your third-party audit 4-6 weeks in advance of the actual audit.
- Use your business sponsor to help facilitate the process with the third-party.
- This is not a ‘got-cha’ interview but an open question and answer process where you have a golden opportunity to educate as you ask questions.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at www.affiliatedmonitors.com.