Welcome to CCI Magazine_March
operations • ÕĆõ²ÊõĆõļŘ�Ĕê�ţč²čËõ²Ć�İÕĭĔİļõčë • Compliance with applicable laws and regulations \²İăĴʿ�ÑÕţčõļõĔč�ËĆÕ²İĆŘ�ÑÕĴËÕčÑĴ� from COSO’s concept. COSO’s ÑÕţčõļõĔč�õĴ�ČĔİÕ�ŕÕİĴ²ļõĆÕ�ļñ²č�ļñÕ� Ĵļ²ļŁļĔİŘ�ÑÕţčõļõĔč�õč�ļñÕ�&ŗËñ²čëÕ� Act. Still … Useful elements ¥ñ²ļ�E�ĆõăÕ�²ÊĔŁļ�\²İăĴʿ�ÑÕţčõļõĔč� is that it frames internal control as interlocking activities — that is, multiple steps the company takes, all reinforcing each other to reduce a risk to some acceptable level. That’s something compliance ĔêţËÕİĴ�˲č�Õ²ĴõĆŘ�ëݲĴĭʣ�&ĴĭÕËõ²ĆĆŘ� if you are, say, rolling out a new policy stressing ethical values, while implementing new documentation requirements for approval of overseas intermediaries and training employees on the importance of using the whistleblower hotline. All of those things are supposed to work together ļĔŖ²İÑ�²�ĴõčëĆÕ�ëĔ²Ćʝ�İÕÑŁËõčë�ŘĔŁİ� company’s FCPA risk. Marks also stresses the importance of properly designed policies and procedures. That point matters, ÕĴĭÕËõ²ĆĆŘ�ļĔ�ËĔČĭĆõ²čËÕ�ĔêţËÕİĴ�ŖñĔ� come from a legal background and might not be as versed in control design as someone from an audit background. We use shorthand phrases in ethics and compliance all the time, “internal control” perhaps more than any other. It’s good to know what that phrase actually means before we go putting it to use in organizations all over the place.
ĴĭÕËõţË�²ŁļñĔİõş²ļõĔčʣ • Transactions are recorded as necessary (i) to permit preparation Ĕê�ţč²čËõ²Ć�Ĵļ²ļÕČÕčļĴ�õč� conformity with generally accepted accounting principles or any other criteria applicable to such statements and (ii) to maintain accountability for assets. Access to assets is permitted only in accordance with management’s ëÕčÕݲĆ�Ĕİ�ĴĭÕËõţË�²ŁļñĔİõş²ļõĔčʣ The recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences. Those four elements are good as far as they go, but they pertain only ļĔ�ţč²čËõ²Ć�İÕĭĔİļõčë�²čÑ�²ËËĔŁčļõčë� êݲŁÑʣ�"Ĕ�ļñÕŘ�ŖĔİă�êĔİ�ÊĔĔăĴʴ²čÑʴ records expectations around the Foreign Corrupt Practices Act? Yes, although you have to beware of Č²ļÕİõ²ĆõļŘ�ļñİÕĴñĔĆÑĴʝ�¥ñ²ļʿĴ�Č²ļÕİõ²Ć� êĔİ�ËĔİĭĔݲļÕ�ţč²čËõ²Ć�Ĵļ²ļÕČÕčļĴ�ʰ²� few percentage points of a line item’s total value) will generally be much larger than a bribe that could lead to FCPA enforcement. The greater problem with the &�ʿĴ�ÑÕţčõļõĔč�õĴ�ļñ²ļ�õļ�²ĭĭĆõÕĴ�ļĔ� ţč²čËõ²Ć�ËĔčËÕİčĴ� only . It won’t be ČŁËñ�ñÕĆĭ�ļĔ�ÑÕţčÕ�õčļÕİč²Ć�ËĔčļİĔĆ� for, say, cybersecurity, harassment or reputation risk — although effective internal control is crucial for all three. COSO, meanwhile, has this ÑÕţčõļõĔč�êİĔČ�õļĴ�õčļÕİč²Ć�ËĔčļİĔĆ� êݲČÕŖĔİă ʝ A process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the êĔĆĆĔŖõčë�˲ļÕëĔİõÕĴʝ • &êêÕËļõŕÕčÕĴĴ�²čÑ�ÕêţËõÕčËŘ�Ĕê�
Control: Noun or Verb?
corporatecomplianceinsights.com | 11
Made with FlippingBook Ebook Creator