Internal auditors must up game over new anti-corruption rules

THE NEW attorney-general announced last month details of ‘the first national anti-corruption plan’ – putting the onus very much on companies to report economic crime or face huge fines.

Jeremy Wright QC MP told the Cambridge International Symposium on Economic Crime that the government will shortly publish the first national anti-corruption plan; reflecting growing concern in Westminster that numerous scandals, particularly in banking, have resulted in no individual or company being punished.

Certainly the accountants and internal audit departments to whom the task of compliance inevitably falls do not feel that the situation has improved. As late as November 2013, more than half the accountants surveyed in the UK and abroad in an ACCA poll said they were no more confident in tackling fraud than they were before the act came in.

With the new attorney general cracking the whip, companies and their accountants will now need to brush up on the compliance requirements and stiffen up their internal checks and controls considerably, to mitigate the risk of huge potential fines. The overseas precedents of the $800m (£640m) Siemens (2008) or KBR/Halliburton $579m (2009) should serve as sufficient evidence of what can happen when organisations fall foul of anti-bribery laws.

A starting (or revisiting point) for any compliance plan is the government’s guidance document. This states that procedures put in place by commercial organisations wishing to prevent bribery should be informed by six guiding principles:

– Proportionate procedures
– Top level commitment
– Risk Assessment
– Due diligence
– Communication (including training)
– Monitoring and review

While implementing a compliance plan is an organisation-wide undertaking, internal audit departments and accountants ultimately have responsibility for the day-to-day monitoring of transactions. Key to this being effective and efficient is to have a data analytics strategy, which can help assure compliance with the UK Bribery Act in the following ways:

– Look for ‘red flags’
– Develop an early warning system
– 100% transaction testing to validate completeness and accuracy of books and records
– Continuous monitoring of key internal controls

This contributes to creating a culture where employees know they will be questioned – a proven method for strengthening internal compliance.

Over time, use of data analysis combined with a process to follow-up and resolution of red flags may itself become a control and provide evidence of having “adequate procedures” in place.

It is important to not only deploy the right tools but also to have trained personnel who can interpret and recognize trends and anomalies in the data.

Data analytics proven

For evidence of the value of data analytics we can look outside of the UK to two countries which score more highly than the UK in the corruptions perceptions index 2013 (the UK is 14th).

The National Audit Office in Finland has been using analytics to enable its auditors to quickly test individual accounts and budget lines with multi-annual expenditure rules and to verify the accuracy and transparency of index corrections. The NAO also uses technology to test payroll, accounts payable data and supplier transactions for anomalies and high-risk areas that require deeper investigation.

In British Columbia, the Corporate Compliance & Controls Monitoring Branch of the B.C. Government’s Ministry of Finance (3CMB) monitors internal controls and provides a “threat of detection” to ensure employees are complying with government-wide procurement and financial policies. The efficiency of automated software has helped them save an estimated $21m.

Talking of cost savings, The Association of Certified Fraud Examiners estimates that the average organisation loses about 5% of annual revenues to fraud – a potential fraud loss of more than £1.7trn of the estimated 2009 Gross World Product. How much might that translate to for your organisation?

Chris Stewart-Smith is director, global solutions consulting, ACL


Related reading

BAA logo _360x270