Next, I consider some ways in which a compliance professional can work to implement internal controls in a multi-national organization. The first step is to convert your company’s compliance risks into internal control objectives. The internal control objectives are then given to each business unit with instructions to develop controls, which meet the objectives. This process should allow more of a fine-tuning approach within existing systems than the development of specific controls by corporate which all business units must adopt and will give the business unit a sense of buy-in and participation in the process.
Good compliance internal controls are not some standalone protective measure. They can help to make a company run more efficiently as the internal controls that prevent FCPA violations are the same ones that prevent fraud in the workplace. The presence of good internal controls saves money by preventing fraud. It is a business best practice to prevent fraud, which includes preventing corruption. One need only consider Ethisphere and its annual survey of the world’s most ethical companies because they exceed the Standard & Poor’s index of average profits and growth by a factor of 4X. A key reason such companies have better than average profitability is that they have better internal controls.
Three key takeaways:
- Convert your compliance risks into internal control objectives.
- As with many components of a best practices compliance program, tone at the top is critical.
- If you receive pushback from the business folks, always remember, good internal controls make for a better, more efficient and more profitable business.