A formalized risk assessment should be completed to identify the areas where the Company is exposed under the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act (UKBA). Subsequent to this identification, specific and detailed questions should be asked of relevant risk area management/employees to determine if “Best Practice” controls are in place.
Interviews should be scheduled between responsible parties and an objective interviewer. A tool that can be used by the interviewer to track responses would be a document containing the following:
• Area Being Investigated
• Model Control Description
• Control Risk
• Actual Control
• Individual Responsible
• Deficiencies Identified
The deficiencies identified should be accumulated in a “Gap Analysis” document. This document should contain the following:
• Area Being Investigated
• Description of Deficiency
• Action Plan to Remediate Deficiency
• Individual Responsible
• Action Plan Due Date
The Gap Analysis document can then be used to track status of deficiencies and used as a source to update Executive Management as necessary. It also can expose bottlenecks and identify potential revisions for controls that need additional tailoring to fit in with the Company’s operational environment.
Accumulating deficiencies in this manner keeps all parties up-to-date on remediation progress so overall compliance efforts can move along at an acceptable rate.
Micheal Potorti can be reached at mpotorti@mp-audit.com.
=============================================================================================
Episode 9 of This Week in the FCPA is now up and available for viewing. Check out Howard Sklar and myself with our weekly commentary on all things FCPA.
This Week’s Show Notes include the following topics:
1. Three Articles on FCPA and International Rule of Law issues
2. Tyson Foods case (one of the three articles)
3. Private Equity and the UK Bribery Act
4. Niko Resources
FCPA Compliance and Ethics Blog 
Leave a Reply