Day 7 of One Month to a Better Board

Day 7 of One Month to a Better Board

The basic framework for internal controls is derived from the COSO Model developed by the Committee of Sponsoring Organizations of the Treadway Commission in 1992 (COSO). This model has become the standard for an internal control framework and provides a structure to ensure companies address the key elements that should result in an effective system of internal controls. Using the COSO Model, as modified in 2013, provides a very supportable approach when regulators challenge whether a company has effective internal controls. The COSO Model defines internal controls in a pyramid, from bottom to top, as follows: (a) Control environment, (b) Risk assessment, (c) Control activities, (d) Information and communication, and (e) Monitoring. Which internal controls does a company need to institute? Each company defines its internal controls to fit its business by determining what the Company wishes to protect and what type of control environment does it want to have in place. This means that they can be less formal in smaller companies but still effective if the focus is on the right risks. For anti-corruption risks, the most common control needs have been identified as follows: (i) Dealings with third parties; (ii) Gifts and entertainment, and (iii) Charitable donations. Yet even within those categories, a wide range of risks exists, depending on a company’s business practices. A Top Down ‘Check-the-box’ generic set of policies will not likely result in effective controls. The process to determine which internal controls are needed will be of some familiarity to the compliance professional. It all starts with a risk assessment to establish the corporate policies which are applicable, tailored to the company, and sufficiently specific. The risk assessment will also help to identify the types of transactions across the company which should be addressed (gifts and entertainment, maintenance of bank accounts and movement of cash, dealings with third parties, etc.). The next step is to prepare a set of documents which define the control objectives to be in place for each type of transaction – example: Controls will be in place to ensure no vendor has been added to the vendor master file until complete due diligence has been completed and the vendor has been approved in accordance with Corporate policies. Thereafter, you need to document how the controls will be performed and how they will be evidenced and then incorporate the control procedures into applicable work instructions and job descriptions. Each business location, determine the specific controls needed to accomplish each control objective. In many companies, a disparity of operating practices and accounting systems will result in different controls being needed. While this assignment may seem overwhelming it can be done in reasonable stages, pursuant to a specific implementation plan - it does not have to be done all at once for the entire company. Internal controls for a Board or Board Compliance Committee should be broken down into five concepts: Risk Assessment – A Board should assess the compliance risks associated with its business. Corporate Compliance Policy and Code of Conduct – A Board should have an overall governance document which will inform the company, its employees, stakeholders and third parties of the conduct the company expects from an employee. If the company is global/multi-national, this document should be translated into the relevant languages as appropriate. Implementing Procedures – A Board should determine if the company has a written set of procedures in place that instructs employees on the details of how to comply with the company’s compliance policy. Training – There are two levels of Board training. The first should be that the Board has a general understanding of what the FCPA is and it should also understand its role in an effective compliance program. Monitor Compliance – A Board should independently test, assess and audit to determine if its compliance policies and procedures are a ‘living and breathing program’ and not just a paper tiger. Three Key Takeaways Has your company implemented COSO 2013? What was the Board’s involvement? What is your documentation? Learn more about your ad choices. Visit megaphone.fm/adchoices

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(1613)

AI in Compliance and Eastward AI’s Continuous Risk “Reality Check”

AI in Compliance and Eastward AI’s Continuous Risk “Reality Check”

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes back Gerry Zack, and they discuss the growing use of AI in compliance and ...

13 Juli 29min

Managing Compliance and National Security Risks When Doing Business in the DRC, Part 2

Managing Compliance and National Security Risks When Doing Business in the DRC, Part 2

In this episode, Tom Fox welcomes David Simon, Partner at Foley & Lardner; Jack Korba, Of Counsel at Foley & Lardner; and Olivier Bustin, a Partner at Pinsent Masons, to discuss doing business in and ...

29 Juni 24min

Managing Compliance and National Security Risks When Doing Business in the DRC, Part 1

Managing Compliance and National Security Risks When Doing Business in the DRC, Part 1

In this episode, Tom Fox welcomes David Simon, Partner at Foley & Lardner; Jack Korba, Of Counsel at Foley & Lardner; and Olivier Bustin, a Partner at Pinsent Masons, to talk about doing business in a...

22 Juni 29min

Data Defensibility: The Foundation of AI Readiness with George Tziahanas

Data Defensibility: The Foundation of AI Readiness with George Tziahanas

In this episode, Tom Fox welcomes George Tziahanas, VP of Compliance and Associate General Counsel at Archive360, who brings a practical legal and governance perspective to the challenges of AI and da...

15 Juni 30min

Leading with Invitation: Communications, Leadership, and Compliance with Dr. Dennis Cummins

Leading with Invitation: Communications, Leadership, and Compliance with Dr. Dennis Cummins

In this episode, Tom Fox welcomes Dr. Dennis Cummins to discuss his latest book, Invitational Selling: The Human Connection Advantage. Dr. Cummins is a renowned expert in the field of invitational sel...

8 Juni 31min

Matt Ellis on Cartels, FTO Risk, and Corporate Compliance in Latin America

Matt Ellis on Cartels, FTO Risk, and Corporate Compliance in Latin America

In this episode, Tom Fox welcomes Matt Ellis of Miller & Chevalier about the ACI “Cartels, TCOs and Compliance in Latin America” forum (July 20–21, Washington, DC) and why cartel/TCO/FTO risk is a tim...

1 Juni 25min

Report from Compliance Week 2026 on AI Sessions

Report from Compliance Week 2026 on AI Sessions

In this episode, Tom Fox takes a solo turn behind the mic to report on the AI tracks from the recently concluded Compliance Week 2026 conference. He highlights two AI tracks: practical “creative” use...

11 Maj 21min

Building a Life Sciences Compliance Law Firm with Edye Edens

Building a Life Sciences Compliance Law Firm with Edye Edens

In this episode, Tom Fox welcomes Edye Edens about launching her Life Sciences Law Group (“Eedee Law”) after years of contracting in life sciences compliance across multiple firms. Edye explains she ...

4 Maj 34min

Populärt inom Business & ekonomi

badfluence
framgangspodden
varvet
dynastin
uppgang-och-fall
svd-tech-brief
avanzapodden
rss-borsens-finest
rss-inga-dumma-fragor-om-pengar
bathina-en-podcast
fill-or-kill
tabberaset
rikatillsammans-om-privatekonomi-rikedom-i-livet
rss-kort-lang-analyspodden-fran-di
market-makers
rss-dagen-med-di
borslunch-2
rss-borslunch
rss-veckans-trade
rss-dr-bjorklund