It is reasonable to expect that internal controls over gifts, travel and entertainment be designed to ensure that they satisfy the criteria as defined in company policies. These are narrow, including a definition of the dollar limit, which must not be exceeded for gifts to be permissible, coupled with some subjective criteria such as the legality of the gifts for the recipient and whether the practice is customary within the country where the gift is delivered. The question I focus on is how to enforce the policies so that employees are not free to disregard them at will?

The key analysis is whether there are controls in place to enforce the policies and whether those controls are documented. There are four issues to evaluate:

  1. Is the correct level of person approving the payment/reimbursement for the gift?
  2. Are there specific controls, including signoffs, to demonstrate that the gift had a proper business purpose?
  3. Are the controls regarding gifts sufficiently preventative, rather than relying on detect controls?
  4. If controls are not followed, is that failure detected by other internal controls or the compliance protocols?

Internal controls around gifts can be used in a variety of ways in your best practices compliance program. They can certainly be used to detect an issue and perhaps even prevent an issue from becoming a full-blown FCPA violation, however, by using some of the techniques that Howell has suggested you can move your compliance program to a proscriptive phase where you not only stop an issue from becoming a violation but through identification, you can move towards remediation as a part of your ongoing compliance efforts. The bottom line is good internal controls make for good business processes; if you can move your compliance program’s internal controls forward, you can help make them a part of your financial controls and thereby have a better run company. 

Three key takeaways:

  1. Gifts, travel and entertainment compliance internal controls are low hanging fruit, pick them.
  2. Compliance internal controls can be both detect and prevent controls.
  3. Good compliance internal controls are good for business.