Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Anti-Corruption Anti-Bribery
Risk Assessment
Diana Lutz, Principal
Diana Lutz, LLC
lutzglobal@gmail.com
303 565 9099 direc...
Topics for Discussion
 Corruption & bribery risk identification and
assessment approach
 Risk inquiry matrix
 Risk miti...
Introduction – Current State
 Across industries, compliance risk assessments continue to
trend up in priority, frequency,...
Corruption and Bribery Risk
Assessment
 Recent standards of practice and guidelines increasingly
reference importance of ...
Risk
Identification
Risk
Prioritization
Control
Evaluation
Gap Analysis
Mitigation
Plan
Compliance Risk Cycle
Risk
5
Compliance Audit, Risk Assessment,
Program Assessment?
 Do they overlap, how? What about frequency of each?
 Compliance ...
Risk Assessment Approach
 Not every assessment process will look the same,
 no culture and business or historical contex...
Risk Assessment Approach Continued
 Cover risk and controls with each subject. Separate in
the report.
 Key assessment c...
Anticorruption Risk Assessment
High level goal is to discover:
 What businesses, locations, employees, decisions, transac...
Planning
 Organize the approach so the results can be
interpreted to focus risk related to discrete products,
businesses,...
Document Review and Interview Prep
 Before rolling on to interviews where you will conduct most
of your inquiry, review a...
Interviews Continued
 Summarize your notes immediately after taking to
ensure you captured the essential points. Clarify ...
Gifts and Entertainment
 Does your division entertain clients, regulators or other business partners?
 Describe a few si...
Third Parties
 How do you control the use of:
 subcontracts, purchase orders, cash payments, marketing funds,
multiple o...
Internal Employee Compliance
 How many third parties have paid bribes completely without the
knowledge, intentional ignor...
What else?
 Other keys areas of inquiry you are checking?
16
Mitigating Corruption and Bribery Risk
• Risk awareness throughout the business leadership and those
interacting with the ...
Q&A
18
Nächste SlideShare
Wird geladen in …5
×

[101] Anti-Corruption Anti-Bribery Risk Assessment SCCE Compliance & Ethics Institute 2012

1.110 Aufrufe

Veröffentlicht am

[101] Anti-Corruption Anti-Bribery Risk Assessment SCCE Compliance & Ethics Institute 2012

Veröffentlicht in: Bildung
  • Als Erste(r) kommentieren

[101] Anti-Corruption Anti-Bribery Risk Assessment SCCE Compliance & Ethics Institute 2012

  1. 1. Anti-Corruption Anti-Bribery Risk Assessment Diana Lutz, Principal Diana Lutz, LLC lutzglobal@gmail.com 303 565 9099 direct 1
  2. 2. Topics for Discussion  Corruption & bribery risk identification and assessment approach  Risk inquiry matrix  Risk mitigation practices  Implementation 2
  3. 3. Introduction – Current State  Across industries, compliance risk assessments continue to trend up in priority, frequency, scope and sophistication.  Companies are equally conducting the work internally as outsourcing, depending on mandates and staffing.  Bribery and corruption are often and can be more manageable when covered as a stand alone risk, blended to other risk projects, assessments and tools later.  In prior years, global E&C or legal depts may have felt a distinct anti-corruption risk assessment wasn’t needed.  existence of the risk was known  understanding of the risk could be had by staying aware of investigations and cases 3
  4. 4. Corruption and Bribery Risk Assessment  Recent standards of practice and guidelines increasingly reference importance of conducting periodic risk assessment as foundational to designing ethics and compliance program controls.  Participating in or conducing risk assessment allows for the business units and the service units to make a greater connection.  The execution of the process reinforces understanding of how business decisions impact risk profile and how compliance program can mitigate business risk.  Risk assessment is a pre-curser to integrating compliance processes. 4
  5. 5. Risk Identification Risk Prioritization Control Evaluation Gap Analysis Mitigation Plan Compliance Risk Cycle Risk 5
  6. 6. Compliance Audit, Risk Assessment, Program Assessment?  Do they overlap, how? What about frequency of each?  Compliance audit – review of data to test compliance with approvals, limits, more transactional in nature. Frequency is ongoing with certain annual priorities.  Compliance Risk Assessment – process of reviewing specific conditions and events that may impact ability to met compliance obligations.  Program Assessment – review of E&C program components for completeness, best practices, implementation and effectiveness.  Set frequency of the above together and leverage the work done. 6
  7. 7. Risk Assessment Approach  Not every assessment process will look the same,  no culture and business or historical context is the same.  Focus on effectiveness, review / interview:  audit reports, hotline calls, investigations  Multiple employee per business and service unit.  Design and pilot a repeatable process that works. Memorialize the final process and create templates for future use.  Assess program effectiveness / relevant controls simultaneously – for efficiency and completeness. Don’t go back twice. 7
  8. 8. Risk Assessment Approach Continued  Cover risk and controls with each subject. Separate in the report.  Key assessment component: Interviews – roll by business organizational structure, region, product line business unit  Talk with - Compliance, Legal, hr, audit, IT, Risk, Finance, Procurement, Sales, Marketing, Sr. Leadership? then business leaders for each unit. 8
  9. 9. Anticorruption Risk Assessment High level goal is to discover:  What businesses, locations, employees, decisions, transactions… offer greatest risk for violations of anti-corruption and anti- bribery laws and other requirements.  Not necessarily always ranking this risk against other risks, but ranking the risk in a way that allows you to apply controls in a targeted manner  What steps should the company take to prevent employees or third parties from directly or indirectly, offering, promising, giving or demanding to obtain or retain business or other improper advantage?  Whether culture, policies, controls and actions make it clear that corruption and bribery will not be tolerated and are effectively designed and implemented. 9
  10. 10. Planning  Organize the approach so the results can be interpreted to focus risk related to discrete products, businesses, regions and job functions.  Maintain inquiry / assessment results sorted by the above and output in the same fashion.  Consider external pressures per region and industry in addition to information gained internally 10
  11. 11. Document Review and Interview Prep  Before rolling on to interviews where you will conduct most of your inquiry, review as needed: company public filing (yes, even on your own company), press releases, policies, recent audits, relevant investigations reports, recent enforcement actions in the risk area particularly if in your industry, laws and proposed changes in law.  Customize interviews (as you go) for position level and for business versus service units. Follow leads and items of interest that develop in the interview. Always come back and make sure your planned interview items have been covered.  Schedule a follow up interview if more time is needed. Take detailed notes or better yet bring a note taker or second interviewer if at all possible. 11
  12. 12. Interviews Continued  Summarize your notes immediately after taking to ensure you captured the essential points. Clarify as needed with the interviewee via follow up.  Be prepared if you receive information that could amount to an allegation that should be referred for further review.  Make and verify initial findings as you go along. Build your report incrementally. Fact check.  Inquire not only about (perceived) gaps but ideas on how to better close them. 12
  13. 13. Gifts and Entertainment  Does your division entertain clients, regulators or other business partners?  Describe a few situations where your division provided gifts and entertainment.  Any interaction with sponsorships and charitable gifts?  Is event funding 100% internal? What budget does it come from? How are funds paid or reimbursed? Who has approval authority. Are you aware if these area have been audited?  In your area of operations are there cultural considerations that impact entertainment and gifts? Describe and what are a couple of examples?  What is the purpose of gifts and entertaining in a business context?  Do you ask about the recipient’s gift restrictions if any?  Do you have a gifts and entertainment policy? What does it cover? Does the code of conduct also address gifts and entertainment?  Are the rules the same for making gifts to or entertaining government officials?  Have you received training on the policy - what kind and when?  How would you know if someone was a government official?  Is third party travel for business and educational purposes addressed in these policies? Who is responsible for compliance with these policies?  Is approval required for any gifts or entertainment, how do you obtain any approvals? 13
  14. 14. Third Parties  How do you control the use of:  subcontracts, purchase orders, cash payments, marketing funds, multiple or offshore entities and consulting agreements as a potential means of channeling payments to public officials, to employees of business partners or to their relatives or business associations?  How do you ensure that payment amount is appropriate for value of services rendered?  Do you review the background of your intermediaries?  Are you able to determine if an intermediary is a government official?  At what point in the relationship and at what frequency do you review third parties?  Which third parties do you review and what do you look at / for? 14
  15. 15. Internal Employee Compliance  How many third parties have paid bribes completely without the knowledge, intentional ignorance or funds of the company that they ultimately represented?  Never forget the first line of defense is the strength of your program and culture within your own employee base.  Ask what is the background and qualification of key roles in high risk business or regions? Review compliance performance and commitment at appointment, annual performance view time and consider this information during risk assessment. If controls are in place regarding high risk appointment, be sure to note their existence.  Controls should have address tenure with company, reputation, training, leadership qualities and legal and compliance support.  Can the key roles perform as needed in the environment assigned, have you addressed specific challenges hat corruption will present in their role and give hem tools to manage? Will the Sr. team walk away from a deal if I cannot be done properly? 15
  16. 16. What else?  Other keys areas of inquiry you are checking? 16
  17. 17. Mitigating Corruption and Bribery Risk • Risk awareness throughout the business leadership and those interacting with the risk on the job • Clear anti-corruption position and policies, supported by targeted, relevant live and online training and supporting communication and tools • Business purpose required for engagement of third parties with due diligence of third parties, periodically refreshed • Sound contracting and enforcement of contractual legal and compliance obligations • Audit and oversight, communication and monitoring • Setting expectations, walking the talk, qualified staff in high risk regions • Understanding the risks, local support and ownership of the risk and mitigation through joint risk assessment and mitigation planning and tracking 17
  18. 18. Q&A 18

×