Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor

FCPA Blog Daily News

« Solving The Problem of Gifts, Meals, and Entertainment Expenses | Main | Breuer Defends The FCPA, As Is »

Audit Analytics For Bribery Act Compliance

While the Foreign Corrupt Practices Act has been around for decades, the newly enacted U.K. Bribery Act (July 1, 2011) enforces even more far-reaching and stricter penalties. If you’re involved in audit, finance, legal, risk management or compliance in an organization doing any business in the U.K., be it directly or via subsidiaries, agents or branches, you’re probably already under pressure to address Bribery Act compliance.

You may already know that you need to establish a Bribery Act compliance program. Maybe you’ve started monitoring Bribery Act regulations manually, and are realizing that emailing spreadsheets isn’t cutting it as a sustainable compliance program.

So, how do you become efficient and effective at addressing Bribery Act requirements? The direct answer: develop an audit analytics strategy for Bribery Act testing as an integral part of your compliance program.

A technology-enabled strategy using audit analytics is a keystone of an effective and efficient Bribery Act compliance program. It’s risky to rely on “policies” alone – companies need to actively monitor transactions to ensure compliance with policies and ensure potential issues can be quickly identified without relying on a lot of additional manual effort.

An audit analytics strategy can help assure compliance with the UK Bribery Act in the following ways:

  •        Look for ‘red flags’
  •        Develop an early warning system
  •        Continuously monitor key internal controls
  •        Create instant notification of potential problem areas

This contributes to creating a culture where employees know that their actions are being reviewed -- a proven deterrent to non-compliance.

Over time, use of audit analytics combined with a process to follow-up and resolution of red flags may itself become a control and provide evidence of having “adequate procedures” in place.

Audit analytics will allow you to perform detailed analysis of your business transaction data against red flag scenarios and enables repeatable testing -- essential steps in creating an effective compliance program.

To learn more about how to use audit analytics as part of a comprehensive UK Bribery Act compliance strategy, download the free eBook: Don’t Get Stung by the UK Bribery Act: Leveraging audit analytics for compliance testing.


Steve Biskie, CPA, CITP, CISA, is the Director of Customer Solutions, ACL Services.

Reader Comments (2)

Steve, sorry but the emphasis in the UK law is on prevention. Detection simply is not enough. If you detect a violation, even right after it happens and you take prompt action, you may still be liable for failing to prevent the bribe.
November 9, 2011 | Unregistered CommenterNorman Marks
Always good to hear from you, Norman -

I agree that the UK Law and FCPA are both about prevention. In an ideal world, an organization would have controls to prevent bribery. There would be perfect hiring practices that ensure no unethical employee ever gets hired. There would be perfect training programs to ensure everyone understands their responsibilities even given language and cultural differences. Managers would have instant and advance visibility to all of their employee activities regardless of location and be capable of questioning and even stopping suspect behavior. There would even be fantastic system checks in place that can interpret the intent of user activity and stop potential bribes before they happen (which of course would now be accidental because of our perfect hiring, perfect training, and perfect real-time advance monitoring).

Of course, we don’t live in that ideal world (at least I don’t), so we need to help balance our imperfect hiring, training, monitoring, and automated control practices with detective procedures to make sure something doesn’t slip through the cracks. And while we may still be liable for activity we fail to prevent, hopefully timely detection and correction can ensure we establish an internal precedent, which itself impacts our future control environment.
November 10, 2011 | Unregistered CommenterSteve Biskie

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.