BRIBERY AND CORRUPTION

Transcription

1 ACL EBOOK BRIBERY AND CORRUPTION THE ESSENTIAL GUIDE TO MANAGING THE RISKS

2

3 CONTENTS Failing to Manage Bribery and Corruption Risks Can Be Very Expensive 4 A Global Risk 8 So Why is Bribery Still Commonplace and Such a Risk? 9 What Can Be Done to Address the Risks Associated with Bribery and Corruption? 10 Whose Job is it Anyway? Start by Defining Roles and Responsibilities 12 A Fork in the Process Roadmap: Choose a Standalone or an Integrated Process 13 Build an Anti-Bribery & Anti-Corruption Program: 5 Step Process 14 Identify and Assess Risks 14 Identify Mitigation Procedures to Reduce the Risks and Their Impact 16 Monitor 18 Manage Exceptions 20 Reporting and Ongoing Assessment 22 Anti-Bribery & Anti-Corruption Compliance Process Flow 24 How Does Your Organization Rank? 25 Anti-Bribery and Anti-Corruption Technology Buying Checklist 26 Bribery & Corruption: The essential guide to managing the risks - 3

4 FAILING TO MANAGE BRIBERY AND CORRUPTION RISKS CAN BE VERY EXPENSIVE 4 - Bribery & Corruption: The essential guide to managing the risks

5 For many corporations, the risks related to bribery and other forms of corrupt payments rank among the most serious risks that must be managed. The direct impact of financial penalties is not the only problem for businesses, as the damage to brand and reputation from negative publicity can have an even greater and more long-term impact. Some organizations, such as multinationals and those in specific industries, including defense, major construction and resources, are particularly at risk, but it typically extends to any organization competing for contracts across the globe. Virtually no business is completely free of the risks associated with some form of corrupt payments. Many people in the world of audit, compliance, legal, and risk management will be well aware of high profile instances in which organizations had to pay many hundreds of millions of dollars in fines and penalties to U.S. and other national authorities for failing to comply with anti-bribery and corruption regulations. This e-book outlines the key aspects of an effective process framework for managing the risks of bribery and corrupt payments. Many of you are familiar with our pending litigation against various executives of Magyar Telekom, Siemens, and Noble. Litigation is ongoing against individuals in all three matters, and these cases have sent an unambiguous message that we will vigorously pursue cases to hold individual accountable for FCPA violations including executives at the highest rungs of the corporate ladder. In fact, this April, we obtained the second highest penalty ever assessed against an individual in an FCPA case, when one of the Siemens executives agreed to pay $275,000. Andrew Ceresney Co-Director of the Division of Enforcement, U.S. Securities and Exchange Commission Bribery & Corruption: The essential guide to managing the risks - 5

6 FAILING TO MANAGE BRIBERY AND CORRUPTION RISKS CAN BE VERY EXPENSIVE Bribery is a specific offence which concerns the practice of offering something, usually money, to gain an illicit advantage and corruption is an abuse of a position of trust in order to gain an undue advantage. Government of Ireland definition By its nature corruption can be difficult to detect as it usually involves two or more people entering into a secret agreement. The agreement can be to pay a financial inducement to a public official for securing favor of some description in return. In overseas corruption this can manifest itself in a company paying a bribe for the benefit of an overseas public official in order to win a contract. This can be done through a third party commonly known as an agent or advisor who then passes the bribe on to the public official or directly by the company to the public official. Ingenious methods of making the payments are used by those involved, including moving the money through a number of offshore companies (which, on the face of it, have nothing to do with the intended recipient) registered in various jurisdictions. UK Serious Fraud Office 6 - Bribery & Corruption: The essential guide to managing the risks

7 The Foreign Corrupt Practices Act (FCPA), enacted in 1977, generally prohibits the payment of bribes to foreign officials to assist in obtaining or retaining business. The FCPA can apply to prohibited conduct anywhere in the world and extends to publicly traded companies and their officers, directors, employees, stockholders, and agents. Agents can include third party agents, consultants, distributors, joint-venture partners, and others. The FCPA also requires issuers to maintain accurate books and records and have a system of internal controls sufficient to, among other things, provide reasonable assurances that transactions are executed and assets are accessed and accounted for in accordance with management s authorization. The sanctions for FCPA violations can be significant. The SEC may bring civil enforcement actions against issuers and their officers, directors, employees, stockholders, and agents for violations of the anti-bribery or accounting provisions of the FCPA. Companies and individuals that have committed violations of the FCPA may have to disgorge their ill-gotten gains plus pay prejudgment interest and substantial civil penalties. Companies may also be subject to oversight by an independent consultant. The U.S. Securities and Exchange Commission Bribery & Corruption: The essential guide to managing the risks - 7

8 A GLOBAL RISK The U.S. Foreign Corrupt Practices Act (FCPA) and the U.K. Bribery Act are just two examples of government legislation that aim to address the problem by levying massive fines and other penalties against organizations and individuals involved in bribery. The specifics of regulations vary by region and applicable laws. The FCPA, for example, is only applicable to public companies whose shares are traded in U.S. exchanges and only relates to corrupt payments to government officials. The U.K. Bribery Act is more wide-ranging and also applies to corrupt payments to non-government officials. Other national legislation, such as the Chinese Article 164, the Brazilian Clean Company Act and the Canadian Corruption of Foreign Public Officials Act, among many others, all seek to do essentially the same thing and impose very severe penalties on corporations that resort to bribery. 8 - Bribery & Corruption: The essential guide to managing the risks Despite increasing global legislation and enforcement, the extent of bribery and corrupt payments does not appear to be in decline. PwC s 2014 Global Economic Crime Survey reported that most organizations have actually seen an increase in the problem. Bribery and corruption, along with other forms of fraud and economic crime, continue to be a major concern for companies of all sizes across all regions and in virtually every sector. More than 40 countries have adopted the OECD Anti-Bribery Convention, which establishes legally binding standards to criminalize bribery of foreign public officials in international business transactions.

9 SO WHY IS BRIBERY STILL COMMONPLACE AND SUCH A RISK? Dealing with the problem of bribery and corrupt payments is not always easy. Formal policies in most large companies clearly forbid such practices, but this does not mean they will not occur. Behavioral education and compliance training is simply not enough to mitigate the risk. Payment and receipt of bribes, as well as other forms of facilitation and consulting fees, gifts, entertainment, travel and other benefits, are a well-established part of business and government culture in many parts of the world. Until relatively recently, these practices were widely accepted by large, global companies as simply a part of the cost of doing business. The reality for many business managers is that it can be extremely difficult to remain competitive and win new business in foreign markets without resorting to some form of activity that may be illegal or, at best, in a grey area. As a result, in spite of the implementation of increasingly stringent corporate policies, the temptation is to do whatever is necessary to close a deal and then find a way to avoid getting caught. This often means that large payments manage to make their way into the bank accounts of influential individuals in governments or corporations in order to win a contract, but are carefully disguised in a way that makes them difficult to detect through normal control mechanisms. Bribery & Corruption: The essential guide to managing the risks - 9

10 WHAT CAN BE DONE TO ADDRESS THE RISKS ASSOCIATED WITH BRIBERY AND CORRUPTION? We encourage companies to maintain robust compliance programs, to voluntarily disclose and eradicate misconduct when it is detected, and to cooperate in the government s investigation. But we will not wait for companies to act responsibly. With cooperation or without it, the department will identify criminal activity at corporations and investigate the conduct ourselves, using all of our resources, employing every law enforcement tool, and considering all possible actions, including charges against both corporations and individuals. Assistant Attorney General Caldwell, Department of Justice 10 - Bribery & Corruption: The essential guide to managing the risks

11 As with many different forms of risks faced by corporations and other large organizations, there are ways to manage the risks associated with bribery and corruption so that the extent of risk is reduced to a level that is acceptable to the organization. Effective enterprise risk management (ERM) involves a process that, in principle, can be applied to any type of risk. Some organizations develop a comprehensive framework for ERM, where strategic risks are assessed and holistic programs put in place to monitor and mitigate risks organization-wide, while others have far more rudimentary approaches. Most research indicates that those businesses with capable risk management processes outperform those with ad hoc, disparate or informal systems. Let s look at the key aspects of an effective process framework for managing the risks of bribery and corrupt payments. While the specific risks and best response will always vary to some extent from one organization to another, as well as from one part of an organization to another, there are key factors and steps that should be considered in any risk management process for bribery and corruption. These are all part of what we refer to in this publication as the ABAC Program (Anti-Bribery and Anti-Corruption). The U.S. Department of Justice has indicated that if a company has performed proactive automated monitoring of payments, then it will take this into account when instances of bribery still occur and will consider reducing penalties accordingly Bribery & Corruption: The essential guide to managing the risks - 11

12 WHOSE JOB IS IT ANYWAY? START BY DEFINING ROLES AND RESPONSIBILITIES Ideally, the organizational structure for dealing with the risks of bribery and corruption should reflect that of risk management responsibilities overall. This means there are several stakeholders and levels of responsibility: THE BOARD, RISK AND AUDIT COMMITTEES Various executives have overall responsibility for ensuring that risks are effectively managed within the organization, with the CEO holding the ultimate job: Chief Compliance Officer General Counsel Chief Risk Officer Chief Financial Officer Internal Audit The CCO role owns overall responsibility for protecting the organization from compliance risk and enforcement actions and often directly leads the creation and management of an ABAC program. General Counsel usually plays an active role in regulatory compliance and establishment of levels of risk appetite around specific activities. Many organizations now have a formal role of Chief Risk Officer that focuses on facilitation and coordination of overall enterprise risk management (ERM) processes, ensuring that appropriate procedures are implemented by those with more direct responsibilities for avoiding potentially corrupt payments. The CRO is usually responsible for identifying and prioritizing material risks and discussing them with senior management and the Board. The CFO bears responsibility for financial controls, while line and regional executives are directly responsible for the appropriateness of payments that take place within their area of budgetary and business control. As with most areas of risk, internal audit needs to consider the risks and controls related to ABAC as they develop and execute their audit plan. Internal audit s procedures provide assurance that ABAC processes and controls are effective and working as intended. It is of course the job of business management to actually implement and maintain the ABAC processes and controls. TIP >> As there are various stakeholders in the ABAC Program process, the important thing is that all are aware of their respective roles and how they fit within the process. In order to achieve this there needs to be an effective central system that can be accessed in order to clearly communicate and share information on the process and its current status Bribery & Corruption: The essential guide to managing the risks

13 A FORK IN THE PROCESS ROADMAP: CHOOSE A STANDALONE OR AN INTEGRATED PROCESS Although it is preferable that the processes for managing the risks of bribery and corruption are integrated into an overall enterprise risk management ERM process, this is not always feasible within some organizations. The benefits of integration are that a full range of risks can be assessed and compared with a consistent approach and within one system. This allows specific bribery risks to be evaluated within the overall business context of organizational objectives. Appropriate resources can then be allocated for management and mitigation of a range of different risks, based on the organization s tolerance for different types of risk. If an integrated ERM approach is not practical, the specific processes for managing an ABAC program remain essentially the same, except without the element of comparison of the relative impact of different risks. As noted, if a formalized ERM process exists within an organization, then the anti-bribery and anti-corruption (ABAC) risk assessment process should ideally be carried out within the corporate ERM framework. However, in some organizations the overall risk management process is fragmented and the reality is that risks of bribery and corruption are considered in relative isolation. Whichever approach is taken within an organization, the process of defining the risks should involve individuals with sufficient knowledge of regulations and the ways that the business actually works. Bribery & Corruption: The essential guide to managing the risks - 13

14 BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS 1IDENTIFY AND ASSESS RISKS The first thing to do is fully understand the nature of the risks of bribery and corrupt payments across the organization. The specific risks can vary considerably according to factors such as: Applicable legislation Types of business carried out Geographical locations in which business takes place Types of customers The purpose of any enterprise risk management (ERM) process is to identify and assess those risks that may negatively impact the organization s ability to achieve its corporate objectives, and then determine what can be done to mitigate those risks and reduce them to a level that is acceptable. This acceptable level is based on the risk appetite that is usually defined by the board and risk committees. It is often desirable to have a variety of individuals involved in the assessment and ranking process, including those who have different perspectives based on their background and understanding of the way the organization works (e.g., auditors, legal and compliance specialists, business managers, accountants, controllers). The usual desired outcome is to have a heat-map type report that ranks the risks by likelihood and extent of impact, as well as an estimate of the costs of managing the risks to an acceptable level. It often makes sense to identify the residual risk the extent of risk that remains after taking account of risk mitigation efforts such as internal controls Bribery & Corruption: The essential guide to managing the risks

15 Clear all Org Heatmap Risk Heat Map Download PDF US- Generation US- Utilities Andes - Generation Brazil - Generation Brazil - Utilities MCAC - Generation MCAC - Utilities EMEA - Generation EMEA - Utilities Asia Generation Sales & Marketing Business Development Interest Rate Risk Associated Risks 9 Inadequate Financial Reporting Operations Budgeting 9 Safety 9 Anti-Bribery/Corruption 6 Indebtedness 2 Environment Matters Treasury Accounts payable Accounts Receivable The use of a heat map enables the different types of specific ABAC risks to be put into context against each other, as well as other risks across the organization. The end result of this heat map ABAC risk evaluation can vary considerably. So, for example, a business unit of a U.S. publicly traded company that bids competitively for major government contracts in a region where corruption is commonplace is likely to rank the likelihood and size of risk as high. On the other hand, a privately held corporation that sells primarily into the retail market may rank the risk as relatively very low. ABAC TECHNOLOGY REQUIREMENTS: o o Ability to record, assess, and rank a range of risks in a structured and consistent way that provides sufficient detailed information for comparison and reference purposes. The use of spreadsheet technology for risk identification and assessment can itself be risky, due to the inherent problems of maintaining control over the integrity of information recorded, avoiding errors and accidental changes and being able to share information in an efficient way. << TIP Bribery & Corruption: The essential guide to managing the risks - 15

16 BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS 2IDENTIFY MITIGATION PROCEDURES TO REDUCE THE RISKS AND THEIR IMPACT Risks are a normal part of business. Some, such as investing in new products and markets, are very desirable for any healthy, growing, innovative company. Other types of risks, such as those related to bribery and corrupt payments are clearly not generally desirable. The issue is to weigh the negative aspects of risks against the cost of managing the risks. In some cases it may make good business sense to accept that a risk will sometimes turn into a negative event as the cost of managing and reducing the risk is simply too high. Once the nature of the types of bribery and corruption risk is properly understood, an important part of the risk management process is to identify the ways in which the risks can be monitored, reduced, or eliminated through mitigation efforts. In the case of ABAC, mitigation efforts could include examples such as: Corporate policies that are documented and expressly prohibit the payment of bribes or other forms of corrupt payments. Compliance training programs for those most likely to be exposed to bribery and corrupt activities, designed to increase awareness and educate on what constitutes illegal or grey area activities. Specific controls, such as approval, authorization, and review processes, for payments that take place through systems for vendor payables, purchasing cards, travel & entertainment expenses. Systematic monitoring of payments to look for suspect outliers, unusual patterns and other indicators of potential cases of bribery and corruption. For each type of mitigation procedure, whether policy, specific control, or program, it is important to consider at a detailed level all the things that could go wrong and reduce make the process or program ineffective Bribery & Corruption: The essential guide to managing the risks

17 ABAC TECHNOLOGY REQUIREMENTS: o o Ability to clearly identify the relevant mitigation procedures and controls for specific bribery and corruption risks. o o Ability to assess the effectiveness of each mitigation procedure or control. Bribery & Corruption: The essential guide to managing the risks - 17

18 BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS 3MONITOR The ABAC risks have been defined, assessed, and ranked and decisions made about the risk mitigation processes that need to be in place. What s left to do? Quite a lot. None of these efforts are worth much if the process, policy, or control, however carefully planned, is not actually working as intended. One of the most critical phases of the ABAC Program is to monitor the process to determine: (a) whether or not the controls and procedures are working as intended, and (b) whether there are indicators of new risks for which no specific controls were developed. Monitoring of policies and controls can take place across the range of business process areas that are subject to bribery and corruption risks, including purchase-topayment, vendor transactions, expense reporting, and general ledger. Human behavior can be monitored as well through human analytics, such as querying employees if they have completed ABAC compliance training, or to provide their response as to whether they followed the protocol when providing any benefit, such as entertainment, within a foreign jurisdiction. Based on employee responses to these surveys, triggers can be setup to automatically assess their responses and flag, notify or escalate as required Bribery & Corruption: The essential guide to managing the risks CLICK TO LEARN MORE, ON THE ACL BLOG >> What is Human Analytics? In its simplest of forms, surveys or questionnaires are forms of human analytics. But the possibilities of solving significant problems and adding strategic value are endless with human analytics.

19 DOWNLOAD ACL S LIST OF THE TOP 10 ANTI-BRIBERY ANALYTICS The single most effective method of monitoring is to examine every payment transaction and every benefit provided by the organization in order to determine if there are signs that non-compliant activities occurred, in spite of the policies and controls that are meant to be in place. This form of detailed testing of transactions and controls, based on data analysis, is used widely by internal auditors in many of their assurance activities. This approach is even more effective when used by those directly responsible for maintaining effective payment control systems, including the financial, business, and operational managers of an organization, as well as those in specific compliance functions. Entire populations of payment transactions, across disparate business systems, are examined in detail to look for indicators of problems such as some of the following: Payments made to individuals on the Politically Exposed Persons (PEP) database of foreign government officials Expenses in high risk regions described using suspect keywords such as facilitation, consulting, donation, training Payments made in high risk regions to one time or new vendors that do not fit the typical vendor profile High value transaction amounts that have not been subject to required approvals Payments made through and to unusual offshore bank accounts ABAC TECHNOLOGY REQUIREMENTS: o o Links between individual controls and the tests used to examine transactions and other data. o o Ability to perform a wide range of data analysis tests on an automatic basis and link the results back to the description of the control. o o Visual analysis of testing results. Bribery & Corruption: The essential guide to managing the risks - 19

20 BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS 4MANAGE EXCEPTIONS The transaction monitoring process can produce a high or low number of exceptions, depending on the thresholds and parameters used in the data analysis tests. In order to determine whether the ABAC Program is working effectively, it is important to have a strong process for dealing with exceptions. Not all exceptions necessarily mean that a bribe has been paid. Depending on the exact nature of the test and the way the monitoring system is implemented, an exception should mean that there is a reasonable probability that there is a problem that needs investigation and follow up. The result of the follow up may be an understanding that the exception was a false positive in which case the test can be modified to reduce the chances of future false positives. The result could also be a conclusion that a control, such as an approval process where the controller needs to review all high dollar transactions to one time vendors, is not working as intended in which case the situation must be addressed. Of course, the exception could turn out to be an actual corrupt payment in which case, depending on the circumstances, a series of critical notifications and actions may need to be performed. Typically, the exception management process involves specific workflow that will vary considerably from one organization to another and will also vary depending on the nature of the exception that is identified. For example, certain high risk exceptions may always be routed directly to a senior manager. In the event that there is no satisfactory resolution within a given timeframe, a notification would be sent to the CFO and CRO Bribery & Corruption: The essential guide to managing the risks

21 ABAC TECHNOLOGY REQUIREMENTS: o o Flexible workflow capabilities that can accommodate a range of alternate actions depending on the nature of exceptions generated. o o Comprehensive visual reporting on the status of exception management activities, in summary and at a detailed level. o o Ability to collaborate with any stakeholder of the organization including vendors, partners, contractors, clients and employees and request confirmation or evidence for the validity of a transaction or payment. o o Human analytic capabilities, meaning the ability to assess and combine responses that individuals provide when following up on exceptions. Bribery & Corruption: The essential guide to managing the risks - 21

22 BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS 5 REPORTING AND ONGOING ASSESSMENT Reporting is one of the most important and valuable steps in the ABAC Program process. This is where risk managers, compliance officers, auditors, C-suite executives, and other stakeholders can really get visibility into how effectively the ABAC program is working. Ideally, the reporting system should be able to go from a top level overview of overall risk trends, all the way down to the detail of specific red flags of potential violations, including the resolution of each issue that was identified. It is a critical part of the ongoing risk assessment process. One of the great benefits of using data analysis in the ABAC Program process is that the monitoring and assessment process can be accurately quantified. This could mean, just as an example, that a report or visual dashboard shows SAMPLE VISUALIZATION TO COMMUNICATE TO EXECUTIVES: that a total equivalent of US$3.542B of payments across 15 BUSINESS units and 10 REGIONS 22 - Bribery & Corruption: The essential guide to managing the risks were analyzed and tested for Of these payments, 12 KEY INDICATORS 384, of potential corrupt payments totaling US$45.7M, in two regions, were flagged as exceptions but 75% 10 TRANSACTIONS, of these were satisfactorily resolved totaling US$11 MILLION, are in the process of investigation and appear to be very high-risk items

23 ABAC TECHNOLOGY REQUIREMENTS: oo T he ability to quickly and easily get an overview of the status of the entire ABAC process and move down to whatever detailed level is appropriate. oo P rovide an executive storyboard that shows all material issues identified in the organization, across all risk mitigation programs, as it relates specifically to ABAC. oo M ultiple levels of access control and security in order to ensure that sensitive data is only available to those who should be involved in a particular part of the process. Effective reporting means that you can see both the forest and, where necessary, all of the trees. oo V isual reporting capabilities that, where needed, are fully integrated into an overall risk management dashboard. oo R eporting that can be accessed from a range of technologies, including smart phones, tablets and laptops. By reviewing the results of the analysis and monitoring process over time, it is easy to see whether and where there is an increasing or an improving risk problem. Bribery & Corruption: The essential guide to managing the risks - 23

24 ANTI-BRIBERY & ANTI-CORRUPTION COMPLIANCE PROCESS FLOW Identify & Assess Controls Identify & Assess Risks Design & Configure Tests Run Tests & Monitor Risk & Controls Database Tests Payment/Benefits Transactions Respond & Resolve Manage Exceptions Report 24 - Bribery & Corruption: The essential guide to managing the risks

25 IS YOUR ORGANIZATION AT RISK OF HAVING TO PLEAD GUILTY? HOW DOES YOUR ORGANIZATION RANK? Take the Anti-Bribery Self-Assessment Quiz The business media regularly reports news showing the increasing magnitude of threats posed from failing to comply with anti-bribery and anti-corruption legislation. We know that some organizations are well down the path of implementing effective programs to manage these risks, while others still have a very long way to go. Where does your organization fit in this spectrum? We hope that this ebook has provided you with some helpful information on how to best manage the risks associated with bribery and corrupt payments, using technology including data-centric compliance management as a key driver. We are here to help. WE RE HERE TO HELP ACL has drawn upon its two decades of experience working with thousands of customers worldwide to develop detailed methodologies and best practices for managing anti-bribery and anti-corruption compliance. For a free assessment of how your organization can best integrate technology into your compliance program, call or info@acl.com Bribery & Corruption: The essential guide to managing the risks - 25

26 # # ANTI-BRIBERY AND ANTI-CORRUPTION TECHNOLOGY BUYING CHECKLIST Make sure your ABAC compliance software platform has the following capabilities: 1. IDENTIFY AND ASSESS RISKS o o Ability to record, assess, and rank a range of risks in a structured and consistent way that provides sufficient detailed information for comparison and reference purposes 2. IDENTIFY MITIGATION PROCEDURES TO REDUCE THE RISKS AND THEIR IMPACT o o Ability to clearly identify the relevant mitigation procedures and controls for specific bribery and corruption risks o o Ability to assess the effectiveness of each mitigation procedure or control 3. MONITOR o o Links between individual controls and the tests used to examine transactions and other data o o Ability to perform a wide range of data analysis tests on an automatic basis and link the results back to the description of the control o o Visual analysis of testing results 4. MANAGE EXCEPTIONS o o Flexible workflow capabilities that can accommodate a range of alternate actions depending on the nature of exceptions generated o o Comprehensive visual reporting on the status of exception management activities, in summary and at a detailed level o o Ability to collaborate with any stakeholder of the organization including vendors, partners, contractors, clients and employees and request confirmation or evidence for the validity of a transaction or payment o o Human analytic capabilities, meaning the ability to assess and combine responses that individuals provide when following up on exceptions 5. GENERAL CAPABILITIES o o Designed for rapid configuration and implementation oo Software runs on a range of mobile devices o o Seamless integration across functional capabilities, including data analysis oo Modern, simple design and best practices user interface 6. REPORTING AND ONGOING ASSESSMENT o o The ability to quickly and easily get an overview of the status of the entire ABAC process and move down to whatever detailed level is appropriate o o Provide an executive storyboard that shows all material issues identified in the organization, across all risk mitigation programs, as it relates specifically to ABAC o o Multiple levels of access control and security in order to ensure that sensitive data is only available to those who should be involved in a particular part of the process o o Visual reporting capabilities that, where needed, are fully integrated into an overall risk management dashboard o o Reporting that can be accessed from a range of technologies, including smart phones, tablets and laptops 26 - Bribery & Corruption: The essential guide to managing the risks

27 # # Bribery & Corruption: The essential guide to managing the risks - 27

28 ABOUT ACL ABOUT THE AUTHOR: JOHN VERVER John Verver, CPA, CISA, CMC is an acknowledged thought leader, writer and speaker on the application of technology, particularly, data analysis, in audit, fraud detection, risk management and compliance. He is recognized internationally as a leading innovator in continuous controls monitoring and continuous auditing and as a contributor to professional publications. He is currently a strategic advisor to ACL, where he has also held vice president responsibilities for product strategy, as well as ACL s professional services organization. Previously, John was a principal with Deloitte in Canada ACL delivers technology solutions that are transforming audit, compliance, and risk management. Through a combination of software and expert content, ACL enables powerful internal controls that identify and mitigate risk, protect profits, and accelerate performance. Driven by a desire to expand the horizons of audit and risk management so they can deliver greater strategic business value, we develop and advocate technology that strengthens results, simplifies adoption, and improves usability. ACL s integrated family of products including our cloud-based governance, risk management, and compliance (GRC) solution and flagship data analytics products combine all vital components of audit and risk, and are used seamlessly at all levels of the organization, from the C-suite to front line audit and risk professionals and the business managers they interface with. Enhanced reporting and dashboards provide transparency and business context that allows organizations to focus on what matters. And, thanks to 25 years of experience and our consultative approach, we ensure fast, effective implementation, so customers realize concrete business results fast at low risk. Our actively engaged community of more than 14,000 customers around the globe including 89% of the Fortune 500 tells our story best. Here are just a few. Visit us online at ACL Services Ltd. ACL and the ACL logo are trademarks or registered trademarks Bribery of ACL & Services Corruption: Ltd. All The other essential trademarks guide are the to property managing of their the respective risks - owners. 28