Bloomberg reports that the former CEO of Canada-based SNC Lavalin Group Inc., who retired during a corruption scandal earlier this year, has been arrested and charged with fraud, fraud conspiracy, and forgery. On March 26 — the day the former CEO retired — SNC-Lavalin said a probe found that more than half a million dollars in expenses related to hiring construction contractors had been booked incorrectly. The company also alleged the former CEO failed to comply with the company's code of ethics in approving some of the payments.
Internationally, there are diverse legislative, regulatory, and policy regimes, and among Western countries, there is an increasing trend in government enforcement of anti-bribery and corruption policies. Substantial fines and penalties also are heightening concerns among multinational corporations — well beyond those involved in engineering and construction like SNC-Lavalin. Adding to this is the increasing flow of capital funds into higher-risk countries and economies.Many companies have or are moving toward strengthening their compliance programs to mitigate the risk of business interruption and reputational damage arising from corruption and fraud scandals. Auditors, particularly those working within multinational corporations, need to stress the importance of planning and executing anti-fraud, corruption, and bribery-related audits as part of a top-down, bottom-up approach in a balanced compliance program.Internal auditors should focus on key business risk areas as well as the review and testing of particular internal controls (e.g., accounting) that often are used to record or disguise improper transactions and behavior, including:
Controls over funds. Unauthorized use of bank accounts, including signatories, management of bank mandate, off-balance-sheet accounts, and third-party access; inappropriate payments (e.g., controls over high-risk payment mechanisms and use of manual payments); and inappropriate use of cash, such as advances and petty cash.
Procurement and payment. Unauthorized purchases, including purchase order approvals and three-way matching processes; inappropriate vendor management processes, such as vendor adoption, master file controls, and abuse of one-time vendor provisions; and high-risk transactions, particularly commissions.
Sales and marketing. Inappropriate use of intermediaries, including inadequate and incomplete due diligence, authorization, training, and contractual provisions; improper gifts and entertainment; and inappropriate donations and sponsorship.
Cost accounting and accounting records. Abuse and lack of budgetary controls, including budget versus actual variance analysis and approval and access controls; misclassification, including chart of accounts and inappropriate general ledger journals; authorization, including segregation, high-risk accounts, and access controls; uncleared suspense accounts; and inappropriate intercompany transactions.
This is by no means a complete list, and looking beyond the scope of what appears to be involved in the SNC-Lavalin case, an auditor also would need to examine contracting and tendering, receivables management, and technology controls. Overall, anti-corruption and fraud compliance testing should be included in general internal audit work plans and in systems and controls audits, as well as be adapted to the changing business operating environment. Because of the complexity of international environments, laws, and business arrangements, outside expertise should be leveraged to help assess the risk environment, when necessary.