• Join our Communities!

  • Twitter Updates

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • Disclaimer:

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. The opinions and interests expressed on this employee blog are the employees' own and don't necessarily represent EMC's positions, strategies or views. Inappropriate comments will be deleted at the authors discretion.
  • Advertisements

FCPA Compliance and Good Governance

There has been a lot of discussion & electronic chat surrounding Regulators leveraging internal investigations in recentTed O'Neil FCPA enforcement actions.  The key message is that the Regulators are looking to rely on the organization’s internal controls, monitoring & reporting capabilities when possible…when an effective GRC program is operating.

There are inherent efficiencies to both the organization & the Regulator when the internal control environment and the internal investigation are defensible. This is the right mix of “People, Process & Technology”…effective key controls should indicate need for further investigation & then the right resources should be engaged.

Self-management & reporting of potential infractions indicates the ability to self-regulate as apposed to being an organization with more systemic issues.

FCPA is somewhat unique in that it is typically intertwined with Finance, SEC Reporting & the organization’s Books & Records. In an organization subject to SOX the key controls of the financial reporting process should have identified some failure in accounting if the alleged event was completed or may indicate systemic issues in financial reporting….other business functions are typically impacted providing early warnings of an issue like travel & expenses, cash distributions etc…

If an organization can proactively manage & report on FCPA related issues this would be more cost effective & less of a burden on external & internal resources…proactive management includes having the right resources & expertise engaged.

I believe there are several factors that will contribute to systemic organizational changes to current practices of dealing with FCPA compliance…a more proactive approach to identifying risks based on sound GRC execution:

COST – The cost of reacting to various legal & regulatory issues as “one off” situations is expensive. Looking at this more holistically usually shows patterns & synergies of efforts to comply with the various requirements…Faster, Better, Cheaper!

RISK – Choice Computing – The end-user will drive the next generation of business tools like the I-pad, I-phone, web tools & cloud, social networking etc & the organization’s needs to retain certain information and Books & Records will need to adapt. This impacts the entire business.

VISIBITY – The systemic need to manage, monitor, secure, report on & control global assets that span the business, IT, Security, legal/regulatory, T&E, HR etc. already exists for most organizations. To gain efficiencies & mitigate potential risks this requires a top-down strategy & sound eGRC processes.
Understanding all these different elements of the People, Process & Technology in your compliance process is the key to controlling costs & mitigating risks.

Our team has developed an easy-to-use “eDiscovery ROI Calculator”, which is now available for the iPad.

If you would like to discuss this topic further…please comment below or send an email @ ted.oneil@emc.com.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: