Audit

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 8

Surname 1

Student’s Name

Professor’s Name

Course

Date

Auditing Project

Introduction

The credibility and success of business organizations are closely linked to the trust and

confidence placed by stakeholders as well as reputation. The issues of bribery and

noncompliance are critical factors, which can affect the success of an organization by damaging

its reputation. Considering the effect of these factors, it is important for organizations to establish

appropriate policies to mitigate their impact. The ISO 37001 standard provides an effective

reference for implementing anti-bribery and non-compliance management systems. In the current

scenario, the case company is not complying with government and internal policies while at the

same time conducting business with unauthorized people. As such, an anti-bribery and

compliance management system is required to restore the credibility of the organization. This

paper includes the identification of red flags and risks, the scope of the anti-bribery and

compliance management system, and an audit plan.

Red Flags and Risks

Various red flags can be identified from the case company. For instance, there was a significant

currency gap in the exchange rates whereby the government rate was 10 pesos/USD while the

black market rate was 20 pesos/USD. This gap is indicative of extortion and corruption whereby
Surname 2

the transacting entities overcharge clients. The gap can also indicate the existence of bribery

whereby the officials take advantage of their monopoly for personal gain. Another key red flag is

the collection of PESOS and invoicing USDS with unauthorized clients. Such clients may be

involved in unethical businesses or money laundering. Transactions involving unauthorized

clients indicate non-compliance with government policies. Furthermore, unauthorized clients

may involve in bribery so that their transactions can be accepted. The final red flag is the

acceptance of endorsement cheques, which is against the policy of the case company. Failure to

follow procedures is indicative of non-compliance and other bribery aspects such as fraud.

Considering these red flags, various risks can be identified.

The risks associated with the case company can be classified into compliance and bribery

risks. Compliance risks relate to reputational damage, regulatory or legal sanctions, and financial

loss arising from failure to adhere to laws and regulations. For instance, there is a high likelihood

of reputational damage when the public becomes aware of the corrupt dealings of the case

company. Furthermore, the trade license of the company may be withdrawn resulting in financial

loss from future revenues. Finally, the company may subject to sanctions from financial

regulators. Risks, on the other hand, include fraud, kickbacks, and price-fixing. Fraud involves a

deliberate attempt to illegally obtain a benefit. For instance, the employees of the case company

can fail to record some transactions – especially those from unauthorized clients. Kick-backs

involve collusion whereby authorized agents get personal benefits by facilitating the transactions.

Finally, there is potential for price-fixing considering that there is a wide gap between the

government rates and the black market rates.


Surname 3

Scope of Anti-bribery Management System

An anti-bribery management system is developed to combat bribery and restore confidence in a

business. The bribery risks encountered in an organization vary according to organizational size,

the operational environment, and the complexity and scale of organizational activities. As such,

an anti-bribery management system should be reasonably implemented according to the bribery

risks encountered. Regarding the case company, a generic anti-bribery framework should be

implemented focusing on all organizational activities. Such a framework should consider all

stakeholders including internal employees and clients. The risks of focus include fraud,

kickbacks, and price-fixing. In this case, the framework should provide for the detection and

resolution of fraud activities while ensuring that the government exchange rate is applied. All

clients should also be vetted to ensure that they are authorized to transact. Other risks such as

money laundering should also be monitored because they form the basis for kickbacks. Finally,

all transactions should be monitored in relation to various compliance requirements.

Scope of Compliance Management System

A compliance management system is developed to ensure that delivered services are consistent

with the requirements of a business and stakeholders. Since the compliance risks span both

internal and external policies, the scope of the compliance management system should capture

both policies. Internally, the system should ensure that all policies are followed including the

prohibition of endorsement cheques. Internal policies span multiple aspects including personal

conduct, tort, utilization of resources, and others. Externally, the compliance management system

should ensure that the company adheres to laws and regulations. For instance, it is important to

ensure that only authorized clients can transact with the company. Furthermore, the system

should ensure that only acceptable transactions – as opposed to black market deals – are
Surname 4

complete in the organization. Regardless of the scope defined in this section, it is important to

ensure that the system is consistent with the ISO 37001 standard. The ISO 37001 standard

provides a comprehensive framework for implementing an anti-bribery and non-compliance

system in an organization of any size.

Integration of Bribery and Compliance Management Systems

Non-compliance and bribery are closely linked aspects, which influence each other. For instance,

a client can bribe an official to breach a law or regulation. A good example is a context whereby

unauthorized clients are allowed to transact with the case company. Such transactions are likely

to be facilitated after the exchange of benefits. Furthermore, the exchange rate may be varied

depending on the kickbacks given to the employees of the case company. As such, the

integration of the anti-bribery and compliance management systems could be a valuable solution.

Integration of the systems should be completed in compliance with the ISO 37001

standard including leadership, planning, support, operation, performance evaluation and

improvement. The ISO 37001 standard specifies that the leadership of an organization should

demonstrate commitment to the anti-bribery and compliance management system. In this case,

the management of the case company should ensure that the integrated anti-bribery and

compliance management system is allocated adequate resources. The system should also allocate

roles and responsibilities through appropriate policies. Regarding planning, the anti-bribery and

compliance management system should group compliance and anti-bribery together to improve

administration. The compliance and anti-bribery objectives should be designed in such a way

that detect both issues and their pathways.


Surname 5

System support and operations are the key areas where integration is required.

Operational aspects mainly reflect the aspects of controls, due diligence, commitment, reporting,

and investigations. In this case, the integrated anti-bribery and compliance management system

should provide a holistic framework, which can be used to the progression of all organizational

activities with the goal of detecting issues related to bribery and non-compliance. Whenever an

issue of non-compliance is identified, associated bribery risks should be assessed. Regarding

support, documentation for the association between noncompliance and anti-bribery should be

done. Finally, evaluation and improvement should be integrated to ensure that the identified

issues are solved in a holistic manner.

Reporting

Organization name

Organization members

Auditor Team:

Date

Time

Location

Stage 1 | Stage 2

Audit objectives: To identify the bribery and non-compliance instances in the case company.

Audit scope: The audit covers core transactions relating to USD payments and collections. The

audit covers Revenue growth, sales growth, performance surge, competitor growth, financial

statement, payment methods, and applicable laws/regulations/policies.


Surname 6

Executive summary: Following the restriction of USD payments and collections, some

anomalies have been identified in the case company. For instance, there was a significant

currency gap in the exchange rates whereby the government rate was 10 pesos/USD while the

black market rate was 20 pesos/USD. There are also some transactions involving unauthorized

clients while other clients are paying through endorsement cheques, which is against the policy

of the company. Such anomalies show the potential for bribery and non-compliance. The

identified non-compliance and bribery issues could result in fraud, kickbacks, price-fixing,

regulatory or legal sanctions, and financial loss. As such, an integrated anti-bribery and

compliance management systems. The objective of the system is to detect and address the

bribery and non-compliance issues arising.

Non-conformities:

Area Non-conformities Description


Bribery Fraud Fraud is a serious problem,
which can result in loss of
revenue.
Bribery Pricing Price variations can lead to
preferential pricing, which
could result in personal gain.
Bribery Kick-backs Due to price-fixing and fraud,
kick-backs become essential.
Bribery Money laundering Money laundering is one of the
activities, which could
influence someone to accept
black-market rates in USD
payments and collections.
Compliance Failure to observe internal policies Fraud, price-fixing, kick-
backs, and money laundering
can only happen when internal
policies are not followed.
Compliance Failure to observe laws Fraud, price-fixing, kick-
backs, and money laundering
can only happen when laws are
not followed.
Compliance Failure to observe regulations Fraud, price-fixing, kick-
Surname 7

backs, and money laundering


can only happen when
governmental regulations are
not followed.

Observations

Area Observations Description


Bribery Revenue growth, sales growth, These aspects are indicative of
performance surge, competitor systematic fraud.
growth, and financial statement.
Bribery USD payments and collections. USD payments and collections
can be used to identify
irregularities.
Bribery USD payments and collections This information can be used
as well as client details. to detect kickbacks.
Bribery Deposits, payment methods, These aspects can be useful in
client information, client identifying money laundering.
balances, transaction activities.
Compliance Transactions and organizational A comparison between
policies. transactions and organizational
policies can be used to identify
non-compliance to internal
policies.
Compliance Transactions and business laws. A comparison between
transactions and business laws
can be used to identify non-
compliance to external laws.
Compliance Transactions and regulations. A comparison between
transactions and regulations
can be used to identify non-
compliance to external
regulations.

Conclusions: Bribery and non-compliance can lead to reputational damage, regulatory or legal

sanctions, and financial loss. Furthermore, bribery and non-compliance can create an
Surname 8

environment for fraud, money laundering, price-fixing, and kick-backs in USD payments and

collections. It is important to institute a framework for detecting and addressing bribery and non-

compliance. Since bribery and non-compliance are intertwined, integrated anti-bribery and

compliance management systems could be useful in addressing the identified issues. While a

generic framework is proposed, the aspects of focus should be Revenue growth, sales growth,

performance surge, competitor growth, financial statement, payment methods, and applicable

laws/regulations/policies.

Recommendation for certification committee: It is important to ensure that USD payments

and collections are completed in accordance with the applicable policies, laws, and regulations.

Any incident of non-compliance should form the basis for bribery investigation.

You might also like