missing “internal controls” puzzle pieces

Evaluating Effectiveness Companywide

Regulatory authorities don’t expect perfection in a compliance program, but they do expect a concerted effort on all fronts, from the C-suite to the front-line employees. Internal controls are an essential part of a robust compliance program, but ensuring compliance with internal policies and procedures takes ongoing analysis. 

Let’s start with some basics: a public company is required to implement a set of internal controls. A compliance program is a critical part of a company’s internal controls.

A company’s compliance program is only as effective as the degree to which its board, executives, managers and employees adhere to the compliance policies and procedures. If a company’s constituents do not comply with the compliance program and policies, then the company’s compliance program controls are ineffective.

Ask yourself an important question: what is my company’s compliance rate with its internal compliance controls?

For example, if your company has implemented a revised due diligence program to review and approve new third-party intermediaries, it is unreasonable to expect that everyone in your company has complied with this new policy. Somewhere in the company, a third-party intermediary is likely to be hired without going through the due diligence process.

Take another example: what is your company’s compliance rate with gifts, meals and entertainment authorizations and reimbursements? Again, no one should expect perfection in this area. We all have witnessed situations when corporate executives, managers and employees have failed to comply with the respective approval process.

To promote compliance with company policies and procedures, a company must dedicate time and resources to ensuring compliance by communication, training and enforcement. In fairness to a company’s directors, executives, managers and employees, a company has to communicate internally about the new policy and explain the new policy and its requirements. Depending on the importance of the new policy, the company should enlist the support and communications contributions from the CEO and other senior executives. To reinforce this new policy and procedure, the company should conduct training on the new policy so that everyone understands its requirements and new procedures.

After there are sufficient efforts to communicate and train on the new policy requirements, the chief compliance officer should devote time to monitor compliance with the new policy. The CCO will have to conduct limited audits or enlist the support of internal audit to examine the compliance rate with the new policy. The CCO would have to examine financial records to determine if any new third parties have been signed up and paid and compare the list of new parties to the list of parties subjected to due diligence. Depending on the number of third parties, a CCO can start with a single country to determine compliance rates.

If the CCO identifies violations of the company’s procedures, the CCO has to initiate an internal investigation to confirm the violation and the circumstances surrounding the violation. Given the importance of compliance with these new policies, the CCO has to ensure the company balances the importance of strict punishment for such violations, while balancing the individual reasons for the violation.

A CCO cannot ignore the importance of compliance with its policies and procedures as a basic requirement for an effective program.

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.


Michael Volkov

Michael Volkov

Michael-Volkov-leclairryanMichael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com.  His practice focuses on white collar defense, corporate compliance, internal investigations, and regulatory enforcement matters. He is a former federal prosecutor with almost 30 years of experience in a variety of government positions and private practice.

Michael maintains a well-known blog: Corruption Crime & Compliance which is frequently cited by anti-corruption professionals and professionals in the compliance industry.Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues.

Michael has assisted clients with design and implementation of compliance programs to reduce risk and respond to global and US enforcement programs.

Michael has built a strong reputation for his practical and comprehensive compliance strategies.Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for 5 years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice.

Michael also has extensive trial experience and has been lead attorney in more than 75 jury trials, including some lasting more than six months. His clients have included corporations, officers, directors and professionals in, internal investigations and criminal and civil trials. He has handled a number of high-profile criminal cases involving a wide‐range of issues, including the FCPA and compliance matters, environmental crimes, and antitrust cartel investigations in countries all around the world.

Representative Engagements

  • Successfully represented three officers of a multinational company in two separate criminal antitrust investigations involving a criminal antitrust investigation in the District of Columbia and the Southern District of New York.
  • Defended pharmaceutical company before the Food and Drug Administration and Senate Finance Committee relating to application for approval of generic drug.
  • Conducted internal investigation which exonerated company against allegations of false statements in submissions to the FDA and against improper conduct alleged by Senate Finance Committee.
  • Represented company before the US State Department on alleged violations of ITAR which lead to voluntary disclosure and imposition of no civil or criminal penalties.
  • Advised several multinational companies on compliance with anti‐corruption laws, and design and implementation of anti‐corruption and anti‐money laundering compliance programs.
  • Advised hospitals, pharmaceutical companies and medical device companies on compliance issues relating to Stark law and Anti‐Kickback law and regulations.
  • Conducted due diligence investigations for large multinational companies for anti‐corruption compliance of: potential third party agents, joint venture partners and acquisition targets in Europe, Africa, Asia and Latin America.
  • Represented individual in white collar fraud case in Alexandria, Virginia and secured dismissal of criminal charges and expungement of criminal record.
  • Represented company before Congress and Executive Branch in effort to modify Justice Department regulations concerning use of federal funds.
  • Advised and assisted World Bank in review of global corruption policies, enforcement programs and corruption investigations and prosecutions.

Related Post