control, and governance
Bloomberg reports that the former CEO of Canada-based SNC Lavalin Group Inc., who retired during a corruption scandal earlier this year, has been arrested and charged with fraud, fraud conspiracy, and forgery. On March 26 — the day the former CEO retired — SNC-Lavalin said a probe found that more than half a million dollars in expenses related to hiring construction contractors had been booked incorrectly. The company also alleged the former CEO failed to comply with the company’s code of ethics in approving some of the payments.
Internationally, there are diverse legislative, regulatory, and policy regimes, and among Western countries, there is an increasing trend in government enforcement of anti-bribery and corruption policies. Substantial fines and penalties also are heightening concerns among multinational corporations — well beyond those involved in engineering and construction like SNC-Lavalin. Adding to this is the increasing flow of capital funds into higher-risk countries and economies.Many companies have or are moving toward strengthening their compliance programs to mitigate the risk of business interruption and reputational damage arising from corruption and fraud scandals. Auditors, particularly those working within multinational corporations, need to stress the importance of planning and executing anti-fraud, corruption, and bribery-related audits as part of a top-down, bottom-up approach in a balanced compliance program.Internal auditors should focus on key business risk areas as well as the review and testing of particular internal controls (e.g., accounting) that often are used to record or disguise improper transactions and behavior, including:
This is by no means a complete list, and looking beyond the scope of what appears to be involved in the SNC-Lavalin case, an auditor also would need to examine contracting and tendering, receivables management, and technology controls.Overall, anti-corruption and fraud compliance testing should be included in general internal audit work plans and in systems and controls audits, as well as be adapted to the changing business operating environment. Because of the complexity of international environments, laws, and business arrangements, outside expertise should be leveraged to help assess the risk environment, when necessary.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.