There has been a lot of discussion & electronic chat surrounding Regulators leveraging internal investigations in recent FCPA enforcement actions. The key message is that the Regulators are looking to rely on the organization’s internal controls, monitoring & reporting capabilities when possible…when an effective GRC program is operating.
There are inherent efficiencies to both the organization & the Regulator when the internal control environment and the internal investigation are defensible. This is the right mix of “People, Process & Technology”…effective key controls should indicate need for further investigation & then the right resources should be engaged.
Self-management & reporting of potential infractions indicates the ability to self-regulate as apposed to being an organization with more systemic issues.
FCPA is somewhat unique in that it is typically intertwined with Finance, SEC Reporting & the organization’s Books & Records. In an organization subject to SOX the key controls of the financial reporting process should have identified some failure in accounting if the alleged event was completed or may indicate systemic issues in financial reporting….other business functions are typically impacted providing early warnings of an issue like travel & expenses, cash distributions etc…
If an organization can proactively manage & report on FCPA related issues this would be more cost effective & less of a burden on external & internal resources…proactive management includes having the right resources & expertise engaged.
I believe there are several factors that will contribute to systemic organizational changes to current practices of dealing with FCPA compliance…a more proactive approach to identifying risks based on sound GRC execution:
COST – The cost of reacting to various legal & regulatory issues as “one off” situations is expensive. Looking at this more holistically usually shows patterns & synergies of efforts to comply with the various requirements…Faster, Better, Cheaper!
RISK – Choice Computing – The end-user will drive the next generation of business tools like the I-pad, I-phone, web tools & cloud, social networking etc & the organization’s needs to retain certain information and Books & Records will need to adapt. This impacts the entire business.
VISIBITY – The systemic need to manage, monitor, secure, report on & control global assets that span the business, IT, Security, legal/regulatory, T&E, HR etc. already exists for most organizations. To gain efficiencies & mitigate potential risks this requires a top-down strategy & sound eGRC processes.
Understanding all these different elements of the People, Process & Technology in your compliance process is the key to controlling costs & mitigating risks.
Our team has developed an easy-to-use “eDiscovery ROI Calculator”, which is now available for the iPad.
If you would like to discuss this topic further…please comment below or send an email @ firstname.lastname@example.org.