How should you assess your internal control regime for international operations? It is your responsibility to review as much information as possible to understand the financial and operating structure of an entity and how it is integrated into the head office, or the financial and operating structure of the U.S. business unit, if the foreign operation is part of an American business unit.
You can start with the TI-CPI to get an idea of the reputation of the country in which your business unit is located, as well as the CPI for any other countries in which the location does business or has current customers. Another area of investigation or examination is the scope of your overseas operations. This means that you will need to consider your sales model, whether it is employee-based or primarily using third-party representatives. You will also need to determine if these third-party representatives enter into a business relationship with your company through your supply chain.
Other areas of investigation should include whether your company’s finance and accounting staff produce financial statements that are integrated into the parent company’s financial statements; if your international business sites use a local bank account for local sales receipts as well as money transfers from the United States and if the account has local check signatories and a double signature is required on checks. You might also want to look at the extent to which disbursements are made in local currency and, of course, is there a local petty cash fund.
As with many other areas around internal controls, it’s important to consider the local DOA and whether it’s consistent with your corporate DOA. Some local DOA considerations should extend to what extent US company or business unit approvals are required for locally initiated transactions, such as: 1) approval of supplier invoices, 2 ) disbursements of funds, including wire transfers; 3) execution of facility leases; 4) execution of contracts with agents; and 5) approval of prices and credit terms to customers and distributors. You should also check if the local DOA provides appropriate SODs at the local business unit level.
You need to consider how product sales are conducted. For example, is an inventory maintained at the local operation for shipment to customers; Are products shipped directly from the United States to local operation customers or are they shipped directly to distributors for delivery to the end customer?
Hope you already do the above, but you should take a look at what is being done to determine whether local employees or contractors who are local nationals have gone through your due diligence process so that they have been properly vetted to determine whether they are government officials in any capacity or are relatives of government officials. Similar to a more formal FCPA analysis, you should check to see if there has been an investigation of suspected fraud, including FCPA violations, on the site and, if so, what the results were. ‘investigation ? Around customers, you need to look at who each international site does business with to determine the extent to which their current customers are local government entities as well as the extent to which the location is pursuing sales activities for other local government entities.
If there has not been a sufficient assessment of the controls, then the compliance professional must decide how best to determine whether the local controls are sufficient to meet FCPA requirements and accurately reflect all transactions and prevent concealment of inappropriate transactions. Some of these considerations would be inadequate SODs, as the separation of the responsibility for the physical custody of an asset from the related record keeping is a critical control. In practice, this means that people with the authority to authorize purchase orders should not be able to process accounts payable transactions. In addition, the employee who prepares the deposit should not post receipts on customer accounts.
You should check if there is inappropriate access to the assets. Where appropriate, internal controls should be created to provide safeguards for physical objects such as inventory and cash, restricted information, critical forms, and updating applications. This means that an employee who only needs to view information on the computer should be restricted to “read and scan files” access and should not be granted “write and create” access. . In addition, controls should prevent the unauthorized removal of resale inventory and fixed assets from premises.
It is not necessary to prove that a bribe was paid in order to take enforcement action against a company for violating the internal control provisions of the FCPA. This was the situation in SEC 2018 FCPA enforcement action involving Kinross Gold Corporation. It was this lack of effective internal controls, and not the payment of a bribe, that was the basis of the civil action. This means that you need to make sure that the situation is not a formal situation rather than a substantive one, where the controls may seem well designed but still lack substance, as is often the case with required approvals.
Such a situation could arise in several different scenarios. The first is when an account manager’s signature certifies the accuracy of the payroll voucher information, but if the account manager does not have assurance that the supporting time records are correct, the process of paying vouchers is correct. endorsement lacks substance. Other examples are when a supervisor who approves expense reports but does not regularly review supporting documents; a country manager ensures real control as an approver; or when the national manager or the local CFO has the ability to conceal the true nature of transactions without being detected by someone else.
Another important area is the sales and remuneration of a foreign business unit. On the sales side of the equation, you review historical three-year sales for the location and budgeted sales for the coming year. This can provide insight into the relative pressure on employees to grow the business and, therefore, the possibility that an employee will view a bribe as a good way to grow the business. Inquiries can lead to compensation questions such as: What is the sales incentive compensation plan for local sales staff? For the country director? Such an investigation provides insight into the possibility of a personal benefit that could result from a person paying a bribe to win a contract, which translates into a significant incentive-to-sell fee for the employee.
These reviews, questions, inquiries and analyzes are designed to locate the pressure points involved in the sales processes of any business. Indeed, pressure is a key element of professional fraud and the risk of fraud, including corruption, increases as the pressure increases. Since corruption is seen as a subset of fraud, perhaps now is the time to revisit the ‘fraud triangle’, which provides fertile ground for fraud in the context of corruption:
- Pressure that has financial implications, whether it’s unmet personal financial needs or pressures to meet sales goals;
- Rationalization. A perpetrator always rationalizes that he is not a criminal and when he commits fraud for his personal benefit, the perpetrator intends to refund the money; when he commits fraud for the benefit of the company, the author justifies that the company really wants to achieve its objectives and that the perpetrator’s actions are in line with the objectives of the company; and
- Opportunity. The perpetrator must be in a situation where internal controls do not prevent fraud and its necessary concealment