I am in the UK this week. Today I have a presentation with thebriberyact.com guys, Barry Vitou and Richard Kovalevsky, QC. So this week, my blog posts will have an English theme.
Today, we begin with a melancholy tribute to the Liverpool Football Club, which advanced into the FA Cup final by beating Everton on Saturday. The tribute is melancholy as Sunday, April 15 was the 23rd anniversary of the worst sporting disaster in UK history, the Hillsborough disaster which occurred during the semi-final FA Cup tie between Liverpool and Nottingham Forest football clubs on April 15, 1989 at the Hillsborough Stadium in Sheffield, England. The crush resulted in the deaths of 96 people, with a total of 766 other persons being injured. All of them were fans of Liverpool Football Club. The official inquiry into the disaster, the Taylor Report, concluded that “the main reason for the disaster was the failure of police control.” May you never walk alone.
In today’s post we revisit the Biomet Deferred Prosecution Agreement. As you may recall, one of the major failings of the company, which led to the violations of the Foreign Corrupt Practices Act were those of the company’s Internal Audit Department. I asked my colleague Henry Mixon, CPA and FCPA internal controls specialist, for his reaction to the recent posting regarding lessons for Internal Audit in the recent Biomet matter. The following is his response.
While I agree there is a lesson for Internal Audit in the SEC Complaint in the Biomet matter, I also believe there is an even more important a lesson for management.
In the Biomet matter, the SEC was critical of the manner in which Internal Audit dealt with certain transactions which involved payments to customers and potential customers of Biomet.
For sure, Internal Audit should have investigated the payments further. Without more facts, what Internal Audit did, and the possible alternative scenarios, is speculative.
However, the problem I see is this. Even if Internal Audit had pursued the Red Flags to a different resolution, their findings would not have had the desired result of an effective Compliance Program — the prevention of bribes, not the detection of bribes.
The SEC focuses on correct accounting and disclosure. Controls to detect and correct errors and irregularities before they impact published financial statements have been the mainstay of controls over financial reporting for many years. Had Internal Audit thoroughly pursued the transactions at issue, the correct accounting would likely have been determined and the impropriety of the true nature of the payments would have been confirmed and possibly corrected before the financial statements were published.
What would have remained was the need for an expensive independent investigation to quantify the magnitude of the issue and a management decision what to do after the magnitude has been determined, i.e. e., whether to self report to the DOJ.
However, no amount of investigation and documentation by Internal Audit would have changed the primary issue – the bribes had not been prevented.
In the author’s, management of all companies should be more proactive in developing measures to prevent bribes, rather than relying on measures to detect them.
Well-designed prevention controls do not need to be more expensive or time consuming than detective controls. In any event, the cost of such prevention will most surely be less than the total cost of failure to prevent bribes.
In the author’s opinion, when it comes to compliance with anti-bribery laws, the conventional model of detection and correction will not get the job done.
Henry Mixon can be contacted at hmixon@mixon-consulting.com
———————————————————————————————————————————————————————-
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.
FCPA Compliance and Ethics Blog 