FCPA WP - Final

By Eric Hudson,2014-03-08 22:05
10 views 0
FCPA WP - Final

    Foreign Corrupt Practices Act (FCPA) Review

Introduction & Background:

    The Foreign Corrupt Practices Act of 1977 (FCPA) was created in response to both global expansion and apparent corruption permeating US businesses including all entities listed on American exchanges. FCPA addresses specific elements of internal controls related to administration and management dealings. In the early 1970’s Watergate Affair investigators identified many questionable practices including bribes and other suspect dealings that were not directly addressed under the law. The SEC delivered a report in 1976 to the Senate Banking Committee regarding possible corporate payments and practices that were potentially illegal.

    Federal legislation, the FCPA, was enacted the following year to address:

    ; Prohibitions on bribes and questionable payments

    ; Establishment of a system of internal accounting controls

    ; Development and maintenance of an accurate set of books and records

    These provisions were very significant since they directly addressed illegal payments that were presumed hidden through accounting tactics. For example, companies would participate in bribes and payments and falsify records or purposely keep incomplete records. Further, the law adopted the specific wording of the AICPA’s definition of

    internal controls to create a solid linkage between business practices that are often vague. For the first time, management was responsible for accounting internal controls.

    make and keep books, records and accounts, which in reasonable detail,

    accurately and fairly reflect the transactions and dispositions of the assets of the


    Established well before the Sarbanes-Oxley Act of 2002 (SOA), the FCPA required management to maintain a system of internal controls that provided ‘reasonable

    assurances’ that transactions were authorized and in accordance with General Audit and Accounting Principles (GAAP).

    The penalty for violation of FCPA bribery provisions, which applies to both listed companies and all other US entities, is up to $1M and/or 5 years imprisonment for influencing significant foreign officials to misuse position for gain. Although many organizations started to document internal controls subsequent to the law’s passage, litigation was minimal.

    Internal audit should be aware of the FCPA as it is still applicable and a baseline to understanding the evolution of internal controls. Many reports and studies followed the FCPA to evaluate, define, and mediate possible mandates concerning internal controls through the 70s and 80s along with several AICPA Statements on Auditing Standards (SAS 30, 43, 48, 55, 78) and SEC commissioned studies (Cohen & Treadway Commission Reports). COSO subsequently set out to define internal control.



Review Scope

    The following work program focuses upon the internal responsibilities of corporate compliance with the FCPA. Controls will span several internal functions and external organization’s (especially subsidiaries’) international dealings, related cash payments, vendor arrangements, and ethics programs.

    This work program includes some general and specific tests that can be modified to reflect the specific plans and the special administration attributes of your organization. SEC regulated entities must ensure compliance that includes (wording directly from Act):

    ; Make and keep books, records, and accounts, which, in reasonable detail,

    accurately and fairly reflect the transactions and dispositions of the assets of the


    ; Devise and maintain a system of internal accounting controls sufficient to

    provide reasonable assurances that:

    o Access to assets is permitted only in accordance with management’s

    general or specific authorization

    o Transactions are executed in accordance with management’s general of

    specific authorization

    o Transactions are recorded as necessary both to permit the preparation

    of financial statements in conformity with generally accepted accounting

    principles or an other criteria applicable to such statements, and also to

    maintain accountability for assets

    o The recorded accountability for assets is compared with the existing

    assets at reasonable intervals, and appropriate action is taken with

    respect to any differences

    The following control areas are considerations for auditors in customizing this work program.

    Administrative Controls: During the course of the audit, the auditor should gain an understanding of the company's systems for collecting and reporting time worked, processing payroll, and distributing labor charges to cost objectives.

Organizational Controls: These controls ensure that functions and activities are

    established in accordance with management objectives, authority delegated to management is commensurate with their responsibility, and staffing and supervision is adequate. Effective organization controls rely upon a logical organizational structure with adequate segregation of duties.

    Information System Controls: These controls assure that the accounting information system provides management with an awareness of operational efficiency and adhere to prescribed managerial policies. During the course of the audit the auditor should remain alert for weaknesses in the information systems that could lead to errors.




    The audit will assess the current status of training and agreements along with a 12 month period of financial statements and petty cash disbursements. The following areas and audit steps will be included in the scope:

    A. Policies and procedures

    B. Foreign bank accounts and bank reconciliations

    C. Distributor, agent, and rep agreements

    D. Internal training

    E. Payments to foreign government officials

    F. Foreign financial statements

    G. Petty Cash funds and disbursement

Areas of Concern:

    Describe any known issues that possibly led to this audit being included in the annual audit plan along with general areas in which the entity might have unique vulnerabilities to the FCPA or where compliance might be weak or suspect.

    Note: the accounting requirements of the FCPA only apply to publicly traded companies; however, the requirements reflect sound business practices that any company would need to follow in order to be successful. The bribery provisions prohibiting bribes to foreign officials apply to all US companies.



Project Team (list members):

    Project Timing: Date Comments: Planning


    Report Issuance (Local)

    Report Issuance (Worldwide)

    Unit: Unit Contact:

    Initials Comments/Reference Item Work Step

     Planning ~ Audit Objectives

    A Evaluate the Company's policies, procedures, and

    training relating to the FCPA.

    B Devise and perform compliance tests to provide

    reasonable assurance that the requirements of the

    Act are being complied with in all material respects.

    C Identify any waste or inefficiencies in the processes

    for insuring compliance with the FCPA.

    D Report results of testing and recommendations for

    improvements in policies, controls, and processes to

    help ensure compliance with the FCPA.

    Audit Step Initial Comments Planning and Preparation

    1. Review available subject matter resources related to

    stock administration, practice guides, etc.

    2. Set up binder and work paper sections

    3. Develop project plan and determine scope

    4. Budget the amount of hours

    5. Coordinate meetings with relevant client personnel

    6. Review the Audit Follow-Up File and determine if there

    is any follow-up from previous audits that needs to be

    done concurrently with this assignment

7. Obtain an organization chart and identify key


    8. Identify key risk and control points

    9. Review documents prior to beginning fieldwork.

    a. Identify and review pertinent local policies and


    b. Obtain copies of forms and reports used by the

    function being audited.

    c. Identify and review pertinent laws and regulations.

    10. Conduct an entrance meeting with auditee


    a. Invite the appropriate personnel to attend.

    b. Discuss the audit objectives, scope, and

    methodology, along with information that the



    Audit Step Initial Comments

    auditee will need to supply.

    c. Establish a cooperative tone

    11. Develop an internal control questionnaire

    a. Include key control points and solicit information

    regarding the functioning of those controls.

    Fieldwork A. Background Processes 1. Perform a preliminary risk assessment to determine

    initial sample size requirements.

    2. Perform a walkthrough to evaluate key assertions. 3. Interview key personnel with the internal control

    questionnaire to determine whether the system has

    been implemented and is operating as designed.

    B. Preliminary Evaluation -Questionnaires Note: The following questions are designed to aid the auditor in evaluating the adequacy of the internal controls.

    They cannot be considered all inclusive. There may be

    additional control considerations unique to each audit.

    Administrative Controls 1. Has awareness training been provided to key


    2. Does the policy address all the requirements of the


    3. Are foreign bank statements reconciled on a monthly

    basis and are any necessary adjustments in the

    general ledger control accounts made?

    4. Are financial records for all foreign entities kept in

    accordance with GAAP?

    5. Does someone in the accounting organization review

    all foreign transactions and payments?

    6. Do all subcontracts and purchase orders to foreign

    subcontractors flow down appropriate FCPA clauses?

    7. Do all consultant/contractor, representative, and agent

    contracts include appropriate FCPA clauses?

    8. Do key employees certify that they are in compliance

    with the FCPA?

    Organization Controls



Audit Step Initial Comments

    9. Is there adequate segregation of duties between the

    custody of cash in foreign checking accounts and the

    person who performs the bank reconciliations?

10. Is there adequate training and supervision of the

    clerical people doing the foreign accounting and

    reconciling the foreign bank statements so that they

    would recognize non-compliance with the FCPA?

    Information System Controls

    11. Are data file storage procedures in place to ensure

    FCPA compliance data is backed up to provide timely

    access during recovery efforts?

12. Are security access controls including access rights to

    critical FCPA compliance information in place to

    prevent unauthorized access?

C. Controls - Training

    1. Review existing Company policies and procedures in

    light of the Foreign Corrupt Practices Act and evaluate

    their adequacy.

2. Review the Company's training materials for the

    Foreign Corrupt Practices Act and comment on their


3. Determine if the training incorporates a discussion of

    the accounting requirements of the Act and the

    company's implementing policies and procedures

    rather than just a discussion of the Act itself.

    4. Determine whether the Company has identified the

    key employees who should have FCPA training and

    developed a training plan.

    5. Determine whether the Company has provided FCPA

    training to the key employees identified.

D. Controls Agent & Representative Payments

    1. Obtain copies of and review all foreign agent,

    representative, and distributor agreements.

    2. Identify all foreign agents, representatives, and


    3. Verify that FCPA requirements have been included

    and certification of compliance is obtained from the

    agent on a periodic basis.

    4. Review a sample of payments to foreign agents,

    representatives, and distributors over the past 12


    5. Follow up on any payments that appear questionable.



    Audit Step Initial Comments E. Controls Government Officials

    1. Identify all payments made to government employees

    and foreign officials over the past 12 months.

    2. Follow up on any payments that appear questionable.

F. Controls - Foreign Entity Financial Stmts

    1. Identify all foreign operations that are wholly owned

    or majority owned.

    2. Determine whether they have financial records that

    comply with the FCPA accounting requirements

    and appear adequate for GAAP reporting.

    3. Review check registers for the past 12 months and

    follow-up on any disbursements that appear out of

    the ordinary or which appear to be questionable.

G. Controls - Foreign Bank Account Reconciliation

    1. Identify all foreign bank accounts.

    2. Review the bank reconciliations and the bank

    statements for the above accounts and ensure

    that they match the ledger.

    3. Identify all foreign petty cash accounts.

    4. Review the past 12 months of disbursements

    and follow up on any disbursements that appear


    Summary of Issues Identified 1. Based on the initial assessment and subsequent

    detailed testing, modify the current administrative

    procedures to correct future administrative issues.

2. Discuss any exceptions or control issues with area

    management immediately to clarify, subsequently

    confirm, and develop recommendations for

    improvement. Review with audit management.

Report Drafting and Issuance

    1. Review findings/test results and set up file.

    a. Manager should review preliminary

    recommendations and related


    2. Draft report of findings and recommendations.

    3. Closing Meeting and Delivery of Report.

    a. Present report to client and/or legal counsel.

    b. Discuss findings and recommendations for


    c. Also offer solutions to provide efficiencies and

    prevent recurrence of errors.

    4. Identify Solutions and Develop Processes.

    a. Team with client to identify practical solutions to

    administration deficiencies.



    Audit Step Initial Comments b. Assist in developing processes and procedures to

    facilitate plan administration.



Report this document

For any questions or suggestions please email