control, and governance
Could a case of nepotism threaten key company initiatives, or pose other threats to organizational well-being?
The internal audit team for Bluetile Financial Services performs the company’s annual conflicts of interest (COI) review as part of its U.S. Sarbanes-Oxley Act of 2002/corporate governance procedures. The review’s scope encompasses a COI survey process executed by Bluetile’s Human Resources department for its nearly 5,000 employees throughout the U.S.
This year’s review has gone very smoothly, which the vice president of Human Resources, Bill Peoples, attributes to the new workflow system used to collect annual COI certifications from company employees. “You know, the new COI workflow system that Blake Swanson’s firm developed has not only saved us a lot this year in terms of labor, but the reporting it produces is incredible,” Bill told the internal audit team. “I’m excited to see what the next phase of implementation can do for the new employee wellness portal on our website.”
Aaron Bird, the vice president of Internal Audit, thought the workflow-system contractor’s name sounded familiar and asked his team to obtain the contract and related correspondence for review. “Just what I thought,” he told the audit team. “Our new system contractor is the son of the company’s president and chief operating officer.”
A quick check of the team’s workpapers found no disclosure of any such relationship on any of the executives’ annual certifications. “This is such a high profile project that surely those who need to know have been made aware of this and have approved it even if it’s not on the certifications,” Aaron said. He and his team then performed a detailed analysis of the relationship, and everything seemed to be in order:
Aaron doesn’t want to create problems with these high-profile initiatives, and he always tries to use good judgment to avoid unnecessary nit picking. Sill, he also knows the audit committee is always interested in the results from the COI project.
Should Aaron risk slowing down work on these important projects — and potentially creating ill will among some of the company’s executives — by digging into this relationship further? The chief operating officer will likely just add the disclosure to a new certification form and sign it if asked about the oversight. What will that accomplish? Is anyone likely to reach a different conclusion on the arrangement just because a new certification form is signed and filed?
Share your comments below.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.