Auditing Anti-bribery and Anti-corruption Programs

Auditing Anti-bribery and Anti-corruption ProgramsInstitute of Internal Auditors

Overview: Increasing globalization, legal complexities, and the potential for serious financial and reputational harm have made the risks of bribery and corruption, and audits of anti-bribery and anti-corruption programs, top corporate issues. Auditing anti-bribery and anti-corruption programs requires a team of auditors with collective skills, knowledge, and expertise in compliance, fraud, investigations, regulatory affairs, IT, finance, culture, and ethics.
On the global front, the U.S. Foreign Corrupt Practices Act (FCPA) and the U.K. Bribery Act are examples of strict legal regulations, each with far-reaching international implications. And evolving anti-bribery and anti corruption legislation in China, Hong Kong, India, and other countries (see page 17) is further complicating the matter. Private and public sector organizations are increasing awareness of bribery and corruption exposures and fighting back through international accords, regional conventions, best practice guides, and information on perceptions and instances of bribery and corruption.
Anti-bribery and anti-corruption legislation has led to the development of organizational anti-bribery and anticorruption programs with well-defined components, including tone at the top/governance structure, risk assessment (including third-party due diligence), policies and procedures, communication and training, monitoring and auditing, reports and investigations, enforcement and sanctions, and reviews and updates. Internal auditors in organizations with formal anti-bribery and anti-corruption programs have the opportunity to assess the effectiveness of each component and how all of the components work together to deter, curtail and detect bribery and corruption.
Internal auditors in organizations with non-existent or informal anti-bribery and anti-corruption programs have the opportunity to help their organizations establish a baseline by identifying and investigating red flags in high-risk areas such as third-party relationships, gifts and entertainment,
political contributions, and procurement. Audit observations in these and other areas can be leveraged by the organization to prioritize its anti-bribery and anti-corruption initiatives as input to developing and sustaining a formal anti-bribery and anti-corruption program.
Auditing anti-bribery and anti-corruption programs requires varying levels of collaboration and information sharing with other governance functions such as regulatory compliance, external auditors, investigators, and the governing board. Before getting started, the chief audit executive (CAE) or lead internal auditor should consult with the organization’s general counsel or legal representative to gain a full understanding of potential legal implications of the audit scope, fieldwork, and findings.

Download