Audit Procedures for FCPA Testing



FCPA compliance programs that require periodic testing of the anti-bribery controls are useful for revealing issues or areas of vulnerability. In this post, I detailed some common audit procedures for FCPA testing.

High Level Controls

Review the existence of:
1. clearly articulated FCPA policies and procedures for company personnel, directors, and intermediaries,
2. proper FCPA policy communication to all levels of employees including translations for overseas employees,
3. mandatory training for FCPA awareness (especially to sales, legal, internal auditing, accounting, and management teams; when necessary also to agents, sub-agents and business partners),
4. a compliance hotline or other effective whistleblower process,
5. assignment of responsibility to one or more senior corporate executives with responsibility to monitor FCPA compliance,
6. appropriate disciplinary procedures to address violations, and
7. a facilitation payments account.

Work with legal advisors and business managers to indentify international business agreements, contracts are not competitively offered, governmental disputes, tax deficiencies, or any commercial litigation in foreign courts.

Commercial Cycle

Indentify and audit transactions with customers, suppliers and distributors which are public companies or involve an one-time payment.

Review discounts, rebates, refunds, promotional programs or other invoice “adjustments.”

Perform audits for key agents or distributors.

Analyze commission and finder’s fee payments.

Audit government contracts.

Review standard provisions in agreements, contracts, and renewals for compliance with the company’s policies and the requirements of the FCPA.

Evaluate favorable or abnormal credit terms or lower than fair market prices.

Indentify unusual duties taxes or involving excessive processing or shipping charges.

Services and Fees Cycle

Scrutinize payments made to consultants, sales representatives, agents, attorneys, lobbyists, marketers (red flag unspecified services and lack of deliveries). Ensure they are fulfilling a legitimate business need and there is a written rationale for their use. Check if their qualifications and resources allow performing the services billed.

Confirm that commissions and bonuses are in expected and reasonable ranges.

Audit accounts related to FCPA risks: gifts, hospitality, entertainment, travel, rebates, refunds, commissions, donations, professional fees, event expenses, credit card advances, logistics and shipping expenses, and so forth.

Query transactions with related keywords in different languages (eg. commission, fee, discount, charitable, bonus, pay to play, comps, expedite).

Treasury Cycle

Flag unusual payments or financial arrangements (eg, involving consultants, to offshore holding companies, to countries where the company does not operate).

Review cash payments and back transactions with rounded values.

Monitor charitable and political contributions.

Review employee expense reports and track high risk expenses (eg. entretaiment) for government employees. Check that expense reports or direct invoices are submitted to A/P.

Risk Mapping Indicators

FCPA risk by country (history of corruption, Corruption Perceptions Index by Transparency International).

Nature of company products (higher risks in oil & gas, energy, infrastructure, communications, medical equipment and relating to regulated markets).

Known red flags

Joint ventures, partial ownership, and collaborative arrangements with governmental entities.

Sales channels involving contacting with government officials or requiring to use third Parties (before and after sales).

Transactions involving regulators.

Useful Reference for a FCPA Audit Program

Get the latest in corporate governance, risk, and compliance on  Twitter