1
GAIN
–
The IIA’s Premier Benchmarking Program
Copyright © 2010 The Institute of Internal Auditors
The U.S. Foreign Corrupt Practices Act:Current internal audit and compliance practices
Type
: Executive Summary Report
Date
: 3/22/2010
Number of Responses Analyzed
: 129
Total number of invitations
: 1802 (7.2% response rate)
1:
Does your organization perform business transactions outside the United States?
(Respondents could only choose a
single
response)
Response Chart Frequency Count
Yes 63.6% 82
No 36.4% 47
Valid Responses 129Total Responses 129
2:
How does your organization approach compliance with the FCPA?
(Respondents could only choose a
single
response)
Response Chart Frequency Count
We have a robust, formalprogram including policies,procedures, monitoring, andtraining46.3% 38
We have an informal programincluding some of the elements notedabove, but no plans to move to aformal program18.3% 15We have an informal program andare planning on, or in the process of,implementing a more formal program24.4% 20We do not have a companywideprogram for FCPA compliance; pleaseexplain why not
(below):
11.0% 9
Valid Responses 82Total Responses 82
2
GAIN
–
The IIA’s Premier Benchmark
ing ProgramCopyright © 2010 The Institute of Internal Auditors
2-1:
Why does your organization not have a companywide program for FCPA compliance?
Response
We are a Canadian company.Does not apply as we are a German company.FCPA is covered in our Code of Conduct and discussed occasionally. We are planning a more formalapproach.We have minimal international presence; provide services not financial transactions.No foreign locations; transactions with entities outside the U.S. are highly structured when they dooccur.Our activity is only outside the U.S.; non-U.S. company.Senior management has never seen it as a priority. Very limited exposure.We never thought about it.
Responses 9
3
GAIN
–
The IIA’s Premier Benchmark
ing ProgramCopyright © 2010 The Institute of Internal Auditors
3:
Please state what you believe to be the top three organizational practices to ensure
compliance with the FCPA as stated in your organization’s policies and procedures:
Response Count
Employee, vendor, and stakeholder awareness activities and training (e.g., annual training on FCPAcompliance, mandatory training, communication of policy, direct communication from the legaldepartment, code of conduct training)57
Implementation of internal processes and controls to ensure compliance in addition to the organization’s
code of conduct or ethics (e.g., the department, officer, employee, or agent acting on behalf of thecompany are responsible for maintaining accurate, detailed records of foreign transactions for threeyears; segregation of duties; properly recording facilitation pay
ments in books and records; procedures’
documentation, implementation of an FCPA policy; implementation of a conflict of interest policy; legalpolicy, approval processes and cash controls; due diligence processes, discouraging and/or requiringlegal oversight for higher risk disbursements to government officials and related parties; contractualsafeguards, due diligence on any government interaction activity; ensuring authority for foreignexpenditures resides with the business unit leader after a review by the legal department; increasedoversight and approvals required before entering into business relationships with foreign governmentofficials and related parties; legal division's continuous interaction with business development function)40Compliance audits and monitoring (e.g., testing of controls; scrutiny of gifts and payments; reviews ofbooks and records to ensure no issues appear to have occurred; quarterly certifications attesting tocompliance; periodic/ongoing reviews of established protocols; independent monitoring on internalcontrols; follow-up monitoring and internal audit verification; including FCPA audit steps in every foreignaudit; audit reviews of vendor master records and disbursements at foreign offices; performing audits onantitrust and corruption activities and insider trading, monitoring of disbursements by foreign subsidiaries,monitoring via surveys)37Implementation of and annual certification of compliance with business conduct policies (e.g., third-partycertification of compliance employee and third-
party compliance certification with the organization’s code
of conduct or ethics policies and procedures)33Implementing formal guidelines pertaining to the use of third-party (e.g., written agreements withbusiness partners; third-party certification of compliance; proper due diligence when hiring agents andother third parties; using sales intermediaries such as distributors, having formal agent and distributorguidelines, implementing contractual safeguards and payment and documentation requirements whencontracting with third parties who have interactions with foreign government officials; ensuring FCPAcompliance is part of all contractual agreements, such as drafting FCPA compliance wording in selectcontracts with suppliers and/or independent contractors; no facilitation or grease payments withoutapproval by the compliance function)12Tone at the Top and management involvement/support (e.g., oversight, executive-level emphasis oncompliance)11Implementing a confidential reporting mechanism for compliance breaches 6
Stating and enforcing clear penalties under the organization’s code of conduct for not complying with the
FCPA policy4Audits of accounts payable activities 2Performing a risk assessment that detects areas of compliance concerns (e.g., risk definition) 2Performing a background check on key players 1Use of IT controls (e.g., use of an automated system to run data through) 1Dealing exclusively with publicly traded foreign companies 1Ensuring a fair market value for fees and services 1Implementing an FCPA oversight body (e.g., FCPA steering committee) 1Translation of policies into all languages the company operates in 1Organization incentives 1Not applicable 1
Search History:
Result 00 of 00
00 results for result for
p.
Institute of Internal Auditors - Audit and Internal Controls Survey - March 2010
Uploaded from Google Docs
1.1K
Reads
1
Readcasts
2
Embed Views
More From This User
Notes
Load more
