FCPA Compliance and Ethics Blog

June 2, 2011

The Auditor’s Role in FCPA and UK Bribery Act Compliance

Ed. Note-today we have a guest post from Michael Potorti, CPA of MP Audit

Executive Management is increasingly turning to their Internal Audit Department to assess the risk of FCPA and UK Bribery Act non-compliance on their business and develop ways to mitigate those risks. In the absence of an Internal Audit function, companies are turning to outside counsel and CPAs to provide a roadmap to compliance. 

Counsel can interpret the law, update Management on Government cases/trends and identify high areas of risk within an organization. In addition to the legal advice, companies need experienced auditors to design the controls necessary to target these risk areas. Auditors are also needed to test the design and effectiveness of controls implemented as well as periodically monitor these controls to determine the sustainability of an effective internal control environment.

OK, we now know what we have to accomplish but how do we get there? Here are a couple of recommended steps:

1. Perform a Risk Assessment – look at the company as a whole using a Risk Based Approach – interview Executive Management, local management, etc. to get their views on where the risks lie – we don’t want to flood the organization with controls that have little value

2. Setting the “Tone at the Top” – Executive Management must be on-board with the effort and issue a company-wide communication stressing the importance of compliance and full cooperation with counsel/auditors

3. Create a “Gap” Analysis – target the risk areas identified and interview related employees to determine current control procedures (if any) – detail deficiencies so we can create specific controls to mitigate risk

4. Share Deficiencies with Management- it is important to establish and confirm existence of these deficiencies and develop Action Plans to remediate – management should stress importance of remediation with employees

5. Assign Ownership for Deficiency Remediation – local management and employees close to the deficiency should be responsible for developing controls (with auditor assistance) and implementing them within a certain pre-determined timeframe

6. Test Newly Created Controls for Effectiveness – auditors should perform a walkthrough of activity to ensure the control is designed and operating properly – adjustments should be made if necessary

7. Develop Standard Operating Procedures (SOPs) – controls should be aggregated and documented in SOPs which must be reviewed/signed off on by management and should be mandatory reading for related employees and new hires

8.  Monitor – perform periodic testing on the related controls to determine if they are still operating effectively – adjustments should be made if necessary to conform to any changes to the business environment (i.e. job descriptions and/or structure of company changes).

This preventive effort and the related controls implemented could save the organization from millions in fines, shareholder lawsuits and damage of reputation.

Micheal Potorti can be reached at mpotorti@mp-audit.com. 


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.  

1 Comment »

  1. I find many of my clients are now baffled by the UKBA and the grey areas surrounding it, regarding hospitaity vs Bribery. Also the repurcussions that Senior Counsels will face if an employee steps out of line and the fines that the company will face as well for anything usually relating to ‘hospitality’ that will now be counted as bribery. Sound advisory is needed by senior GC’s on this area of law.
    These steps outlines may prove useful, but will need to be administered by a specially trained person within companies, especially if the Senior Counsel is not an expert in this area of law.

    Comment by K Powell — August 14, 2011 @ 8:17 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: