third party compliance: issues and strategies to mitigate corruption related risk
Post on 14-Apr-2017
458 Views
Preview:
TRANSCRIPT
THIRD PARTY COMPLIANCE: ISSUES AND STRATEGIES TO MITIGATE CORRUPTION-RELATED RISKMATTHEW RUBLE, SENIOR MANAGERDAN REYNOLDS, MANAGERGRANT THORNTON, LLPInstitute of Internal Auditors- Philadelphia Chapter2015 Spring Conference – Internal Audit 2020APRIL 20, 2015
The Philadelphia Chapter was established in 1943, and is the 5th affiliate chapter of The Institute of Internal Auditors (IIA). The Philadelphia Chapter, its board of governors, its officers, The IIA , and today’s presenters are not responsible or liable for any acts or omissions and specifically disclaim any and all responsibility or liability for acts or omissions.
The material contained herein or communicated is for informational purposes only and should not be construed as accounting, financial, tax, or legal advice. Please seek guidance specific to your questions or concerns from qualified advisors.
All content including graphics or art work is protected by law and may not be duplicated in any form with out the express written permission from the Philadelphia Chapter.
© 2014 Philadelphia Chapter of the IIA
Disclaimer, Trademark, and Copyright NoticePhiladelphia Chapter of the IIA
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
AGENDA
3
• Corruption and Bribery• Foreign Corrupt Practices Act• Third Parties• Key Components of an Effective Third Party Program• Role of Internal Audit
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
4
CORRUPTION:• Abuse of entrusted power for private gain
BRIBE:• Something valuable (such as money) that is given in order to
get someone to do something
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
BRIBERY AND CORRUPTION ARE GLOBAL CHALLENGES
5Source: 2014 Corruption Perception Index
(Transparency International)
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
BRIBERY AND CORRUPTION ARE GLOBAL CHALLENGES
6
Source: 2013 Global Corruption Barometer
(Transparency International)
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
FOREIGN CORRUPT PRACTICES ACT (FCPA)
10
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Anti-Bribery Provision• Prohibit offering or promising anything of value to a
foreign government official to obtain or retain business.
Books and Records Provision• Must maintain books and records that accurately and
fairly reflect the entities transactions.• Must maintain a system of internal accounting controls.
FCPA APPLIES TO:
11
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Issuers Individuals in U.S. U.S. Citizens
Entities with U.S. Presence
Traded on U.S. Exchange
FLIR SYSTEMS, INC.
14
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Casablanca
Paris
Dubai
Beirut
New York City
20 Days 12 Hours
$7 Million
LARGEST FCPA ENFORCEMENT ACTIONSCOMPANY COUNTRY PENALTY
(Millions)YEAR
Siemens Germany $800 2008Alstom France $772 2014KBR/Halliburton USA $579 2009BAE UK $400 2010Total SA France $398 2013Alcoa USA $384 2014Snamprogetti Netherlands B.V/ ENI S.p.A
Netherlands/Italy
$365 2010
Technip SA France $338 2010JGC Corporation Japan $219 2011Daimler AG Germany $185 2010
15
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
16
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Reported FCPA cases involve third parties
Companies that do not perform due diligence on their third parties
Source: 12th Global Fraud Survey - 2013
THIRD PARTY RISK
THIRD PARTY RISK
18
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Third Party Population
Third Party Representatives
A third party is any entity or person providing goods and/or services to anorganization.
A third party representative is any entity or person that acts on behalf of an organization.
20
IIA PHILADELPHIA CHAPTER 20134 SPRING CONFERENCE
OPERATING MODEL
COMPONENTS
CORPORATE OBJECTIVES
KEY RISK DOMAINS
THIRD PARTY RISK LIFECYCLE
Text
Text
Third Party Risk Framework
Governance Policies & standards
Business processes
Tools & technology
Risk metrics & dashboard
Risk culture
Contractual risk
Continuity of service/product risk
Financial viability risk
Transactional / Operational risk
Credit risk
Reputational risk
Legal / regulatory risk
Geo-political risk
Information security risk
Strategic risk
Planning, risk identification
Due, diligence, 3rd party selection
Contract negotiation& on boarding
Termination &off-boarding
Growth/innovation(products/services)
Improved client experience
Cost optimization
Improved time to market
Risk & compliance mgmt
On-going monitoring & mitigation
Continuous improvement
THIRD PARTY MANAGEMENT LIFECYCLE
21
• Develop and implement a new, well-governed process to manage on-boarding of third parties– Confirm to whom/where they are doing
business, and the means by which they conduct business, etc.
• Conduct due diligence on third parties to assign levels of risk which determine the level of monitoring required
• Train the workforce and third parties on the rules and risk of fraud and corruption
• Monitor and detect transactions identify and act upon potential threats
Risk Model
Certification & Training
Verification & Updates
Reporting & Analytics
Financial Controls
Transaction Monitoring
Onboarding
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
22
Services to be provided
Transaction Level Geographic
RiskInteractions with govt. officials
Input From Business
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
RISK MODEL DEVELOPMENT
High Risk
Low RiskModerate Risk
23
IIA PHILADELPHIA CHAPTER 20134 SPRING CONFERENCE
STRONG TONE AT THE TOP
SUPPORTING TONE
AT THE MIDDLE
PROPER STRATEGY &
GOVERNANCE
NETWORK OF SUPPPORT
UTILIZE REPORTING AND
ANALYTICS
COMPREHENSIVE TRAINING
THIRD PARTY MANAGEMENT: KEYS TO SUCCESS
• Build and drive culture of compliance
• Communicate often
• Reinforce culture set forth by leaders
• Conduct discussion-based programs
• Don’t boil the ocean – take a risk based approach
• Make training relevant
• Train third parties on what is expected of them
• Identify critical influencers across the globe
• Develop regional/location champions
• Develop robust reporting
• Dashboards by region or business
THIRD PARTY DUE DILIGENCE
25
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Due Diligence Process
Third Party Recommendation
DUE DILIGENCE PROCEDURES
26
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Third Party Questionnaire
Background/ Ownership
Policies
Business References
Open Source Investigations
Enforcement Action Databases
Sanctions/ Watchlists
Civil and Criminal Prosecutions
Due Diligence Reports
Negative Media (Local Language)
Political Exposure
State-Owned Entities
27
THIRD PARTY DUE DILIGENCE: MITIGATING RISK
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Contract Terms
• Anti-bribery language
• Right to audit clause
Anti-Corruption/Anti-Bribery Training
• Local language
Transaction Testing
• Review internal books and records for transactions with third party
Exercising Audit Rights
• Review third party's books and records.
Review Third Party's Compliance
Program
• Code of Conduct• Policies• Training
COLLABORATION BETWEEN COMPLIANCE AND INTERNAL AUDIT
28
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
29
IIA PHILADELPHIA CHAPTER 20134 SPRING CONFERENCE
Third Party
ProgramAudit
Third Party Program can :- provide "of interest" third
parties by region/country- share investigation findings and
recommendations for "of interest" third parties
- provide a random sample third parties
Audit can:- share audit findings of third party
investigations- gather and provide contracts,
written agreements, other relevant data
- request investigations on thirdparties
COLLABORATION BETWEEN AUDIT AND COMPLIANCE
• To maintain independence, Audit should not be part of day-to-day management of the program• Audit can provide an opinion on the compliance program
THIRD PARTY AUDITS
30
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
Review due diligence performed by compliance
Level 1: Internal Books and Records Review
Level 2: Third Party Books and Records Review (Exercise Right to Audit Clause)
Level 3: Third Party Compliance Program Review
CORRUPTION OUTLOOK
32
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
• Prosecution of individuals (FCPA)• DOJ tripled their task force 10 to 30• Continued Industry sweeps• More countries developing similar
legislation– Brazilian clean company act January 2014
RESOURCES
33
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
• FCPA (legislation): http://www.justice.gov/criminal/fraud/fcpa/
• "A Resource Guide to the U.S. Foreign Corrupt Practices Act"http://www.justice.gov/criminal/fraud/fcpa/guidance/guide.pdf
• Transparency Internationalhttp://www.transparency.org/
LET'S KEEP THE CONVERSATION GOING
34
IIA PHILADELPHIA CHAPTER 2015 SPRING CONFERENCE
• Matthew Ruble– Matthew.Ruble@us.gt.com– linkedin.com/in/matthewruble
• Dan Reynolds– Dan.Reynolds@us.gt.com– Twitter: @DanReynoldsCFE– linkedin.com/in/dreynoldscfe
top related