bribery and corruption · elements of an anti-corruption program use of risk assessments: • an...

© 2019 Association of Certified Fraud Examiners, Inc.

Bribery and Corruption

Anti-Corruption Programs


Discussion Questions

1. What companywide policies does your

organization have in place to address the

risks of corruption? How are these policies

disseminated to employees? Who is

responsible for ensuring compliance with

these policies?



2. What information is communicated to

employees in your organization regarding

corruption risks and procedures for reporting

suspected fraud? What methods are used to

disseminate this information?



3. Does your organization use continuous or

automated monitoring to address fraud

risks? If so, how successful has it been in

identifying potential frauds?


Introduction

▪ Anti-corruption programs:

• Communicate management’s philosophy toward

fraud and ethical behavior.

• Harness the efforts of the full staff.

▪ The FCPA and the UK Bribery Act encourage

regulated organizations to implement anti-

corruption programs.


Introduction

▪ This section is

divided into four

parts:

• Questions to expect

from regulators

• Elements of an anti-

corruption program

• Standards and tools

• Other guidance


Questions to Expect from Regulators

▪ Is the program well designed?

▪ Is the program being applied in good faith?

▪ Does the program work?


Anti-corruption

policies and procedures

Ethical tone at the top

Training

Risk assessment

Management oversight

A reporting system

Internal controls

Continuous monitoring

Disciplinary procedures

Due diligence

Periodic testing and

review

Elements of an

Anti-Corruption

Program


Elements of an Anti-Corruption Program

▪ Code of conduct and anti-corruption policies

and procedures that:

• Are clear, practical, accessible, and enforceable

• Are proportionate to the organization

• Include a formal code of conduct

• Apply to all relevant individuals and entities

• Include a number of items



▪ Ethical tone at the top:

• The tone at the top is the ethical (or unethical)

atmosphere in the workplace.

• Management must be committed to preventing

corruption, and it must build an ethical

environment.

• To set the right tone, management can:

• Make a statement of commitment.

• Lead by example.

• Provide a safe reporting mechanism.

• Reward integrity.



▪ Training and continuing advice:

• Offer employees training on common issues and

red flags.

• The training should be based on the organization’s

operations and needs.

• Training must be user-friendly and appropriate.

• Training must be an ongoing process.



▪ Use of risk assessments:

• An organization’s anti-corruption program should

change as its risks change.

• Risk assessments should be periodic, informed,

and documented.

• Risk assessments should consider both internal

and external risks.



▪ Management oversight, autonomy, and

resources:

• One or more senior corporate executives should

be assigned to implement and oversee the

company’s anti-corruption policies, standards, and

procedures.

• Those assigned responsibility must have the

autonomy, authority, and resources to manage

and enforce the program and react to issues that

arise under it.



▪ Reporting system (hotline) and response

plan:

• Establish a system whereby employees and other

agents can confidentially report, or seek guidance

regarding, actual or potential criminal conduct

without fear of retribution.

• Include a response plan that establishes a

process for investigating reported allegations and

documenting the response.



▪ Internal controls:

• Implement internal controls reasonably designed

to deter, detect, and investigate corruption.

• Management must:

• Ensure that assets are properly reflected.

• Require authorization to access the assets.

• Maintain control of transactions.

• Properly book transactions.

• Controls should identify red flags.



▪ Continuous monitoring:

• A control involving the use of data analysis on a

continuous basis to test for fraud

• Based on the risk assessment and includes tests

of the types of transactions that pose the greatest

risks



▪ Incentives and disciplinary procedures:

• Establish and adhere to a system of disciplinary

measures for rule breakers and incentives for

those who demonstrate good behavior.

• The program should identify the range of possible

disciplinary measures for violations.

• Promote the program with suitable incentives

(e.g., promotions, rewards, recognition).



▪ Due diligence:

• Management should exercise due diligence in

seeking to prevent and detect criminal conduct by

its employees and other associates.

• Companies should implement due diligence for

employees.

• Companies should implement due diligence for

third parties.



▪ Periodic testing and

review:

• An organization’s program

should evolve as its

practices and risks change

over time.

• Management should review

and improve the company’s

anti-corruption programs

on a regular basis.


Standards and Tools

▪ The Open Compliance and Ethics Group

▪ International Organization for Standardization

▪ Business Principles for Countering Bribery

▪ COSO/ACFE Fraud Risk Management Guide

▪ UHY Advisors compliance risk calculator tool

▪ PEP screening services

▪ Watch lists

▪ Risk maps

▪ Procurement fraud checklists


Other Guidance

▪ Business Ethics: A Manual for Managing a

Responsible Business Enterprise in

Emerging Market Economies

▪ Fighting Global Corruption: Business Risk

Management

▪ The Bribery Act 2010—Guidance

▪ Good Practice Guidance on Internal

Controls, Ethics, and Compliance


Other Guidance

▪ Anti-Corruption Code of Conduct for Business

▪ Rules on Combating Corruption

▪ Business Principles for Countering Bribery:

Small and Medium Enterprise (SME), Edition 5

▪ Integrity Compliance Guidelines

▪ Partnering Against Corruption: Principles for

Countering Corruption

bribery and corruption · elements of an anti-corruption program use of risk assessments: • an...

Documents