The Anti-Corruption Report

The definitive source of actionable intelligence covering anti-corruption laws around the globe

Articles By Topic

By Topic: Audits

  • From Vol. 6 No.23 (Nov. 29, 2017)

    Auditing Third Parties: A Ten-Step Checklist

    A successful third-party risk-management program requires regularly conducting third-party audits. While some companies have active third-party audit programs, others are still developing this component of their compliance program. This checklist guides a party through the audit process, from drafting policies and procedures to documenting and remediating after an audit is completed. For a more in-depth look at enforcing audit rights, the next third-party management frontier, see our three-party series: “What to Do Before an Audit” (Nov. 9, 2016); “Conducting an Onsite Audit” (Dec. 7, 2016); “Forestalling Problems, Documenting the Audit and Responding Appropriately” (Mar. 1, 2017).

    Read Full Article …
  • From Vol. 6 No.19 (Oct. 4, 2017)

    Remediating Corruption Issues Uncovered During Third-Party Audits

    Auditing a third party will almost certainly lead to the discovery of anti-corruption red flags. Before embarking on an audit, a company must both understand what red flags it is looking for and have a plan for how to address problems when they are uncovered. Companies and their lawyers can learn from the experiences of others caught in the glare of the anti-corruption spotlight as to what to do – or not do – when a red flag has surfaced. Drawing on advice from anti-corruption audit veterans and lessons from FCPA settlements, this article provides a starting point for creating such a plan. See our three-part series on enforcing audit rights, the next third-party management frontier: “What to Do Before an Audit” (Nov. 9, 2016); “Conducting an Onsite Audit” (Dec. 7, 2016); “Forestalling Problems, Documenting the Audit and Responding Appropriately” (Mar. 1, 2017).

    Read Full Article …
  • From Vol. 6 No.9 (May 10, 2017)

    Responding to Auditors’ Requests When Facing FCPA Allegations

    One of the issues that a company investigating an FCPA matter must face is whether and how to disclose the investigation in its financial statements. This challenge will often arise in the context of the company’s annual audit, when the company’s attorneys are asked about pending and threatened claims. A recent Strafford program provided an in-depth treatment of requests by auditors for information about potential claims and liabilities and best practices for attorneys responding to those requests. The program featured Maryann A. Waryjas, senior vice president, chief legal officer and secretary of Herc Rentals; Stanley Keller, of counsel at Locke Lord; Brian E. Kowalski, a partner at Latham & Watkins; and Alan J. Wilson, an associate at WilmerHale. See also “Experts from PwC Discuss Compliance Audits and Common Missteps” (Sep. 28, 2016).

    Read Full Article …
  • From Vol. 6 No.4 (Mar. 1, 2017)

    A Guide to Enforcing Audit Rights, the Next Third-Party Frontier: Forestalling Problems, Documenting the Audit and Responding Appropriately (Part Three of Three)

    Although third-party audit rights are only effective if the company designs and implements a solid plan for exercising them on a periodic basis, many companies still struggle with enforcing those rights and how, once an audit cycle is concluded, to respond to information the audit uncovered. The FCPA Report’s Guide to Enforcing Audit Rights provides practical guidance for every step of the audit-right enforcement process, from drafting a policy to remediation. This, the third article in our three-part series, discusses how companies can address common auditing challenges, how they should document the audit process and how they might respond to an audit’s results. The first article in the series discussed, in detail, drafting the company’s policy and outlined six steps a company should take prior to conducting an onsite audit of a third party. The second laid out a plan for conducting the actual onsite audit. See also “When and How Should Companies Include Audit Rights in Third-Party Contracts? (Part One of Three)” (Jul. 23, 2014); Part Two (Aug. 6, 2014); and Part Three (Aug. 20, 2014).

    Read Full Article …
  • From Vol. 5 No.24 (Dec. 7, 2016)

    A Guide to Enforcing Audit Rights, the Next Third-Party Management Frontier: Conducting an Onsite Audit (Part Two of Three)

    To protect themselves from anti-corruption violations caused by third-party partners, more and more companies are including audit rights in their third-party contracts. Those rights, however, are useless – and even potentially dangerous – if a company does not regularly enforce them. The FCPA Report’s three-part guide to enforcing audit rights is designed to assist companies in building and implementing effective third-party audit policies and procedures. The first article in the series discussed drafting the company’s policy and outlined six additional steps a company should take prior to conducting any onsite audits of third parties. This article lays out a plan for conducting the actual onsite audits, including 10 specific areas the audit should address. The third article in the series will tackle some of the challenges companies will face while auditing and outline measures companies should take after an audit is complete. See “EY’s Rick Sibery Outlines a Seven-Step Process for Monitoring Third Parties” (Oct. 20, 2016).

    Read Full Article …
  • From Vol. 5 No.22 (Nov. 9, 2016)

    A Guide to Enforcing Audit Rights, the Next Third-Party Management Frontier: What to Do Before an Audit (Part One of Three)

    While companies, recognizing the significance of third-party risk, have become increasingly sophisticated about vetting their business partners before an engagement, many still struggle with monitoring those relationships. Ongoing third-party management, including conducting regular third-party audits, is the next frontier in anti-corruption compliance. The FCPA Report’s three-part guide to enforcing audit rights is designed to meet companies where they are, helping them to tackle third-party audits while being mindful of the potential landmines inherent in the process. In this, the first article in the series, we discuss drafting third-party audit procedures and policies and outline seven steps a company should take prior to conducting an onsite audit of a third party. Upcoming installments of the series will discuss how to perform an onsite audit of a third party, address some of the challenges companies will face while auditing and outline measures companies should take after an audit is complete. See “EY’s Rick Sibery Outlines a Seven-Step Process for Monitoring Third Parties” (Oct. 20, 2016.) 

    Read Full Article …
  • From Vol. 5 No.19 (Sep. 28, 2016)

    Experts from PwC Discuss Compliance Audits and Common Missteps

    Compliance auditing is a critical component of an effective anti-corruption compliance program, recognized both by the U.S. Sentencing Guidelines and the government’s FCPA Resource Guide. A recent Strafford program, “FCPA Compliance Audits: Lessons From Recent Investigations,” discussed regulators’ expectations regarding compliance auditing, the process for scoping and conducting a compliance audit and common audit pitfalls. David A. Wilson, a partner at Thompson Hine, led the discussion, which featured Sulaksh Shah, a partner at PwC, and James Gargas, a director at that firm. This article discusses some of the key takeaways from the program. See also our interview series, “Best Practices for Performing Compliance Program Assessments: Pamela Passman of CREATe.org” (Apr. 6, 2016); “Susan Markel of AlixPartners” (Feb. 24, 2016); and “Jeffrey Kaplan of Kaplan & Walker” (Nov. 4, 2015).

    Read Full Article …
  • From Vol. 5 No.5 (Mar. 9, 2016)

    Qualcomm’s $7.5 Million Settlement for Princeling Hirings Enabled by Three Key Compliance Failures

    Qualcomm Inc., a major designer of wireless telecommunications products, has agreed to pay a civil monetary penalty of $7.5 million to the SEC to settle FCPA charges. According to the SEC, Qualcomm hired the relatives of Chinese government officials and also provided extensive gifts, travel and entertainment to the foreign officials and their families to influence those officials’ purchasing decisions. The case shows that hiring family members of foreign officials “clearly needs to be on companies’ risk assessment radar,” asserted Jeffrey Kaplan, a partner at Kaplan & Walker. The case is also a reminder that companies still need to be mindful of more traditional corruption risks such as gifts, travel and entertainment and a weak compliance program. See “Hiring Practices and FCPA Compliance in the Wake of the BNY Settlement (Part One of Two)” (Jan. 13, 2016); Part Two (Jan. 27, 2016).

    Read Full Article …
  • From Vol. 4 No.5 (Mar. 4, 2015)

    Checklist of Issues to Consider When Negotiating, Drafting and Enforcing Audit Clauses in Third-Party Contracts

    Securing audit rights in contracts with third parties is one specific way to mitigate the corruption risk that doing business with third parties poses.  Audit rights allow a company to monitor third parties’ activities – activities which could result in FCPA charges for the company.  These rights can be challenging to obtain and enforce, and may not be appropriate for all third parties.  This checklist assists companies with structuring negotiations, drafting audit clauses and enforcing agreements.  See “When and How Should Companies Include Audit Rights in Third-Party Contracts? (Part One of Three),” The FCPA Report, Vol. 3, No. 15 (Jul. 23, 2014); Part Two and Part Three

    Read Full Article …
  • From Vol. 3 No.21 (Oct. 22, 2014)

    Qui Facit Per Alium, Facit Per Se: Best Practices for Third-Party Due Diligence

    Intermediaries are a critical part of most business operations, and, as recent DOJ and SEC FCPA enforcement actions – nearly all of which involved intermediaries – demonstrate, they pose significant corruption risk.  In a guest article, Dechert partners Mauricio A. España and Hector Gonzalez detail best practices for mitigating and managing third-party corruption risk before and after an intermediary is hired.  See also The FCPA Report’s two-part series on representations in third-party contracts, “Nine Clauses to Include (Part One of Two),” The FCPA Report, Vol. 3, No. 13 (Jun. 25, 2014); “Clauses for High-Risk Situations and Enforcement Strategies (Part Two of Two),” Vol. 3, No. 14 (Jul. 9, 2014).

    Read Full Article …
  • From Vol. 3 No.17 (Aug. 20, 2014)

    When and How Should Companies Include Audit Rights in Third-Party Contracts? (Part Three of Three)

    Significant corruption risks continue to stem from the actions of third parties that companies hire.  As detailed in our series about anti-corruption reps and warranties in third-party contracts (Part One and Part Two), appropriate reps and warranties help to mitigate those risks.  Clauses pertaining to audit rights are some of the most difficult to get right, and can be some of the most important.  Our three-part series provides guidance on when and how companies should include audit rights in their third-party contracts.  This third and final article in the series discusses when conditions are ripe for a third-party audit; best practices to use when performing the audit; and what to do about issues uncovered by the audit.  The first article discussed how companies should determine which third-party relationships require audit rights and outlined the benefits and drawbacks of including audit rights provisions in contracts.  The second article provided strategies for securing audit rights during negotiations; discussed situations where companies should or should not proceed without audit rights; and provided advice regarding drafting audit rights provisions. 

    Read Full Article …
  • From Vol. 3 No.17 (Aug. 20, 2014)

    Compliance Experts from AT&T and Southern Co. Share Anti-Corruption Auditing and Assessment Best Practices

    Key compliance personnel at two major public companies recently shared their insights on the best ways to monitor and assess compliance programs.  At a panel at PLI's 2014 Corporate Compliance and Ethics Institute, James R. Turner, compliance director at Alabama Power Company, a subsidiary of Southern Company, and Kathy Rehmer, Vice President of Corporate Compliance at AT&T, discussed how their companies perform audits and routine testing of their compliance programs. See also The FCPA Report’s three-part series, “Best Practices for Reviewing Anti-Corruption Compliance Programs”: Government Expectations, Scheduling and Staffing; Challenges, Preparation and Risk Evaluation; and Implementation, Remediation and Documentation.

    Read Full Article …
  • From Vol. 3 No.16 (Aug. 6, 2014)

    When and How Should Companies Include Audit Rights in Third-Party Contracts? (Part Two of Three)

    Lawyers, accountants, customs brokers, sales agents and distributors are just a few of many third parties an organization typically retains that can cause serious FCPA problems.  Regularly auditing appropriate third parties is a key tool for decreasing third-party corruption risk.  To assist companies in drafting and using audit rights clauses in third-party contracts, The FCPA Report is publishing a three-part series. This, the second article in the series, provides strategies for securing audit rights during negotiations; discusses situations where companies should or should not proceed without audit rights; and provides advice regarding drafting audit rights provisions.  The first article discussed how companies should determine which third-party relationships require audit rights and outlined the benefits and drawbacks of including audit rights provisions in contracts.  The final article will explore when a company should conduct a third-party audit; provide advice on performing a third-party audit; and discuss what a company should do about issues raised during an audit.

    Read Full Article …
  • From Vol. 3 No.15 (Jul. 23, 2014)

    When and How Should Companies Include Audit Rights in Third-Party Contracts? (Part One of Three)

    In November 2013, Kara Brockmeyer, Chief of the SEC's FCPA Unit, reported that 60%-70% of the SEC's FCPA cases in the past two years have involved third-party intermediaries.  As detailed in our series about anti-corruption reps and warranties in third-party contracts (Part One and Part Two), including the appropriate reps and warranties in contracts can be a key tool to mitigate the risks caused by employing third parties.  Clauses pertaining to audit rights are some of the most difficult to get right, and can be some of the most important.  To assist companies in optimizing this compliance tool, The FCPA Report is publishing a three-part series on when and how companies should include audit rights in their third-party contracts.  This, the first article in the series, discusses how companies should determine which third-party relationships require audit rights and outlines the benefits and drawbacks of including audit rights provisions in contracts.

    Read Full Article …
  • From Vol. 2 No.18 (Sep. 11, 2013)

    Fighting Corruption with Creative Data Mining: Five Forensic Accounting Techniques for Development Program Investigations

    The World Economic Forum estimates that the cost of corruption amounts to more than 5% of global GDP ($2.6 trillion), with more than $1 trillion paid in bribes each year.  Creative data mining is one of the most effective tools in identifying transactions connected to this illicit behavior.  It is commonplace in most every fraud and corruption investigation nowadays to pull raw data from ERP systems, identify relevant pools of data and design queries to find anomalies.  What happens, though, when an organization is faced with a situation where such raw data is unreliable, incomplete, or not available at all?  More often than not, the robust data sets that one would likely have access to in corporate investigations are not available in the case of development projects financed by institutions such as the United Nations and the World Bank.  Such projects are often plagued by inadequate accounting systems, archaic banking practices and a general lack of management and fiduciary controls.  In a guest article based on dozens of global corruption investigations, Jean-Michel Ferat, Managing Director at The Claro Group, describes the primary corruption risks inherent in development projects and – using slides taken directly from his investigative experience – details five workable methods for mitigating those risks.  See also “How Forensic Accountants Help Identify Corruption Risk and Delve into the Details of Books and Records,” The FCPA Report, Vol. 2, No. 12 (Jun. 12, 2013).

    Read Full Article …
  • From Vol. 2 No.12 (Jun. 12, 2013)

    How Forensic Accountants Help Identify Corruption Risk and Delve into the Details of Books and Records

    Forensic accountants are an integral part of anti-corruption compliance.  From proactive risk assessments to reactive investigations, forensic accountants can probe the details of a company’s books and records, assisting compliance officers and in-house and outside counsel.  This guest article by Lindi Jarvis and Javier Alvarez of FTI Consulting provides insight on the steps forensic accountants can take to prevent, detect and remediate corruption, highlighting best practices and including examples such as a “heat map” to help focus resources in high-risk areas.  See also “SEC’s FCPA Unit Chief and Top Practitioners Address the Role of Financial Controls in FCPA Compliance Policies, Internal Investigations, Self-Reporting and Related Topics,” The FCPA Report, Vol. 2, No. 7 (Apr. 3, 2013).

    Read Full Article …
  • From Vol. 2 No.4 (Feb. 20, 2013)

    How FCPA Transaction Monitoring Software Works

    To comply with the FCPA and other anti-corruption laws, companies operating multi-nationally must closely monitor the actions of their employees, agents and third-party partners for indications of potential bribery.  This is a costly proposition for any company, but especially for smaller companies that lack the human resources necessary to perform comprehensive anti-corruption reviews.  Enter technology.  Relatively recent software innovations allow companies to perform automated FCPA transaction monitoring, thereby enabling companies to track substantially the same number of transactions with fewer people and equal or greater effectiveness.  The FCPA Report recently had an extensive conversation regarding automated transaction monitoring with Patrick Taylor, CEO of Oversight Systems, a company that provides automated transaction monitoring solutions.  In our interview, Taylor explained the fundamentals of automated transaction monitoring; outlined what types of companies should consider transaction monitoring; and explained the benefits of implementing an automated system.

    Read Full Article …
  • From Vol. 1 No.14 (Dec. 12, 2012)

    Integral Elements of Proactive and Pre-Merger Anti-Corruption Forensic Audits

    The last five years of FCPA enforcement have increased the need for comprehensive and effective compliance programs and controls designed to detect, deter and remediate instances of bribery and corruption.  A hidden jewel for some organizations is the use of the forensic audit function to help achieve these objectives.  A properly staffed and well-trained forensic audit team can provide a positive return on investment if used appropriately to satisfy the new imperative of a well-functioning compliance program.  Conducted competently, forensic audits can go a long way toward preventing violations, detecting violations (including in the merger and acquisition process), aiding the investigative and remedial process, substantiating the existence, amounts and recipients of payments and ultimately helping a company earn credit when negotiating with the government or self-reporting discovered violations.  See “When and How Should Companies Self-Report FCPA Violations? (Part Two of Two),” The FCPA Report, Vol. 1, No. 2 (Jun. 20, 2012).  In a guest article, Paul E. Zikmund, Global Director, Ethics and Compliance, at Bunge Limited, discusses the core elements of proactive FCPA audits, as well as the key mechanics of pre-merger anti-corruption forensic audits.

    Read Full Article …
  • From Vol. 1 No.12 (Nov. 14, 2012)

    Managing FCPA and Other Risks After Onboarding a Third Party

    A November 7, 2012 webinar sponsored by compliance and investigative software provider Catelas Inc. (Catelas) addressed steps that companies can take to manage FCPA and other compliance risks after they have “onboarded” a third party, i.e., conducted due diligence and formalized a business relationship with that party.  The webinar was moderated by Eddie Cogan, CEO & founder of Catelas.  The other speakers were Alan Morley, president of compliance risk consulting firm Adsideo LLC, and Michael Volkov, a shareholder at LeClairRyan.  This article summarizes the key points from that presentation.

    Read Full Article …