One of the specific requirements laid out in the 2020 Update, is around internal controls and more specifically control testing. It stated:
Control Testing – Has the company reviewed and audited its compliance program in the area relating to the misconduct? More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third-parties does the company undertake? How are the results reported and action items tracked?
Fortunately, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 Internal Controls Framework considers assessing compliance internal controls. In “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls”, COSO laid out its views on assessing the effectiveness of internal controls. It noted that an effective system of internal controls provides “reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting and compliance.” Moreover, there are two over-arching requirements that can only be met through such a structured protocol. First, each of the five components are present and functioning. Second, that the five components operate in an integrated fashion with each other. One of the most critical components of the COSO Framework is that it sets internal control standards against those which you can audit to assess the strength of your compliance internal controls.
Three key takeaways:
- An effective system of internal controls provides reasonable assurance of achievement of the company’s objectives, relating to operations, reporting and compliance.
- There are two over-arching requirements for effective internal controls. First, each of the five components are present and function. Second, are the five components operating together in an integrated approach.
- For an anti-corruption compliance program, you can use the Hallmarks of an Effective Compliance Program as your guide to test against.