FCPA Compliance and Ethics Blog

May 20, 2011

Jonathan Marks Tweets and Why You Should Be On Twitter

Yesterday my Fraud Examiner colleague Tracy Coenen posted a blog entitled, “Why I’m quitting Twitter (and you should too)”. My blog today will set forth the reasons why the compliance practitioner should refrain from quitting Twitter, actively participate and why the greater compliance world benefits from participation from experts like Tracy Coenen. So Tracy, do not quit!

Twitter is an excellent resource for anyone in the compliance community. It provides real time reporting and more importantly excellent resources for the compliance practitioner. AND BEST OF ALL IT IS FREE!

Why should you participate on Twitter? My experience is that it is one of the most efficient ways to get your name out in the field you practice. Whether it is law, forensic accounting, finance or selling flowers, it does not matter. The key is to stay focused on your area of specialty. If you tweet about where you are or that you are the Mayor of some such place it will not assist you professionally.

What did I do? I began my social media journey focusing on Twitter. Beginning in January, 2010, I reposted every tweet I could find on the Foreign Corrupt Practices Act (FCPA). I did not post original content because I was learning the Twitter ropes and was not sure what to do. I stayed focused on the area of the FCPA which led to me being named in February as one of the Top 15 “Must Follows” in the area of Securities Law (FCPA) by Bruce Carton, author of the Securities Docket Blog and his list was posted in Compliance Week.

I then decided to see if I could begin to send articles to different blogs and websites for posting. I always send an email introducing myself and they all come back with something along the lines of the following, “We know who are and thanks for re-tweeting our tweets.” To date they have all said yes to me sending in a contribution for consideration. So I was able to make a name for myself through Twitter. Of course I had to follow up with substantive content and perhaps I could have sent blind submissions but Twitter was the tool which introduced me to the wider compliance world.

How else can one use Twitter to meet and develop substantive business? In December 2010, I noticed a tweet by Jonathan Marks where he mentioned that he had developed a 13-step action plan for FCPA compliance programs. I thought that this was an interesting item but there was no link to the document or information, so I took the direct approach and Direct Messaged Jonathan, on Twitter, to ask if he would be willing to share with us the 13-step action plan, which he was willing to do.

I met Jonathan (virtually) through LinkedIn and his hosting of the LinkedIn group ‘Fraud Pentagon.’ Through his profile I was able to discover Jonathan’s interesting professional journey, he is the Partner In-Charge of the Fraud, Ethics and Anti-Corruption practice at Crowe Horwath and has worked with the US Attorney’s office, the FBI, the IRS Criminal Investigation Division and US Customs officials during his career. Jonathan has also served as the Chief Audit Executive at several public companies and is a Certified Public Accountant, Certified Fraud Examiner and is certified in financial forensics.

I spoke to Jonathan to find out how he developed this plan and he told me that from his meetings with clients, on the issue of compliance over the years, he wanted to develop a non-legalistic approach that he could easily convey to clients. After the interview and his sharing of his 13-step program I wrote a blog about the program by which a company could review its FCPA compliance program, assess where the program is in terms of best practices, and then use the same action plan as a guide for implementing some or all of the best practices.

The response to the blog posting was so great that Jonathan wrote a White Paper on his 13-step program which I assisted him with some of the drafting. All of this happened because he tweeted about his 13-step program. In other words, one little tweet led to all of the above.

How does all of this relate to Ms. Coenen and her pronouncement? I say to Tracy, do not stop tweeting – WE NEED YOU. One other reason to continue to participate in Twitter is the absolute wealth of information that is available to any chosen profession. However, I can speak only to the compliance world and in that world there is significant information available to all AT NO COST. If you are in a company on a budget, and who is not, you can obtain the best practices of FCPA compliance, Bribery Act compliance, fraud and forensic accounting compliance by participating on Twitter. Tracy’s tweets are substantive and if she retweets someone else’s tweets, I am confident that it is substantive as well.

Twitter is but one tool and to any professionals a quiver of tools it is a significant and useful tool (did I mention that it is FREE?) for both marketing and research. I do agree with Tracy that I cannot point to one client I have obtained exclusively from Twitter. It is always some combination of Twitter/LinkedIn/Blogging/Speaking/White Papers and word of mouth. But it is a significant tool and, in my opinion, a tool that you should not forsake.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

December 15, 2010

The FCPA Audit For Supply Chain Vendors

Filed under: Audit,FCPA,Supply Chain — tfoxlaw @ 6:10 pm
Tags: , , ,

An audit for adherence to Foreign Corrupt Practices Act (FCPA) compliance requirements is becoming more standard as a best practice in the management of business relationships with third party vendors which work with a company through the supply chain. In several recent settlements of enforcement actions through both Deferred Prosecution Agreements (e.g. Panalpina) and Non-Prosecution Agreements (e.g. RAE Systems Inc.), the Department of Justice (DOJ) has stated that one of the current best practices of a FCPA compliance program includes the right to conduct audits of the books and records of the agents, business partners and supplier or contractors to ensure compliance with the foregoing. Many companies have yet to begin their audit process for FCPA compliance on vendors in their supply chain. This posting will explore some of the issues involved in auditing such business partners. 

I.                   Right to Audit  

Initially it should be noted that a company must obtain the right to audit for FCPA compliance in its contract with any third party vendor in the supply chain. Such an audit right should be a part of a company’s standard terms and conditions. A sample clause could include language such as the following: 

Vendor shall permit, upon the request of and at the sole discretion of the Company, audits by independent auditors acceptable to Company, and agree that such auditors shall have full and unrestricted access to, and to conduct reviews of, all records related to the work performed for, or services or equipment provided to, Company, and to report any violation of any of the United States Foreign Corrupt Practices Act, UK Bribery Act or any other applicable laws and regulations, with respect to:

a.         the effectiveness of existing compliance programs and codes of conduct;

b.         the origin and legitimacy of any funds paid to Company;

c.         its books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;

d.         all disbursements made for or on behalf of Company; and

e.         all funds received from Company in connection with work performed for, or services or equipment provided to, Company. 

II.                Structure of the Audit 

In the December 2010 issue of the Industrial Engineer Magazine, authors Aldowaisan and Ashkanai discussed the audit program utilized by the Kuwait National Petroleum Company for its supply chain vendors. Although the focus of these audits is not to review FCPA compliance, the referenced audits are designed to detect and report incidents of non-compliance, which would also be the goal of a FCPA compliance audit. Utilizing ISO 19011 as the basis to set the parameters of an audit, the authors define an audit as a “systematic, independent and documented process for obtaining audit t evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” The authors list three factors, which they believe contribute to a successful audit: (1) an effective audit program which specifies all necessary activities for the audit; (2) having competent auditors in place; and (3) an organization that is committed to being audited. In a webinar hosted by Securities Docket, entitled, “Follow the Money: Using Technology to Find Fraud or Defend Financial Investigations” noted fraud examiner expert Tracy Coenen described the process as one to (1) capture the data; (2) analyze the data; and (3) report on the data. 

There is no one specific list of transactions or other items which should be audited. However some of the audit best practices would suggest the following: 

  • Review of contracts with supply chain vendors to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party vendor.
  • Review FCPA compliance training program; both the substance of the program and attendance records.
  • Does the third party vendor have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained. Review any reports of compliance violations or issues that arose through anonymous reporting, hotline or any other reporting mechanism.
  • Does the third party vendor have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review employee expense reports for employees in high risk positions or high risk countries.
  • Testing for gifts, travel and entertainment which were provided to, or for, foreign governmental officials.
  • Review the overall structure of the third party vendor’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report? How is the third party vendor’s compliance program designed to identify risks and what has been the result of any so identified.
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party vendor.
  • With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing. 

III.             Conclusion 

As noted the above list is not exhaustive. For instance, there could be an audit focus on internal controls or segregation of duties. Any organization which audits a business partner in its supply chain should consult with legal, audit, financial and supply chain professionals to determine the full scope of the audit and a thorough and complete work plan should be created based upon all these professional inputs. At the conclusion of an audit, an audit report should be issued. This audit report should detail incidents of non-compliance with the FCPA compliance program and recommendations for improvements. Any reported incidents of non-compliance should reference the basis of any incidents of non-compliance such as contractual clauses, legal requirement or company policies. 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,655 other followers