Role of Internal Auditors in the Anti-Corruption
Bribery, and other illicit payments are contrary to the
public good. They thwart the competitive process and circumvent laws,
regulations, and procedures put in place for the public good. They
divert funds from owners, shareholders, and are usually paid as fees,
commissions, or are paid without record. The cost to the public totals
millions of dollars annually. The US Government is aware of almost 100
cases in which foreign bribes undercut the ability of US firms to win
contracts valued at $45 billion in the 12 months before May 1995.
"Corruption occurs when someone has monopoly power over a good or a
service, has the discretion to decide whether or not you receive it
and how much you receive, and lacks accountability." (Robert
Klitgaard, Controlling Corruption, 1988). The level of corruption in
international business transactions continues to be a critical
problem. Companies need both the motivation and the governance
practices to discontinue these payments. An effective internal audit
function is a major weapon in a company's battle against corruption.
Measuring corruption trends is a daunting task but I believe we all
can agree that the current level of corruption around the world is
totally unacceptable. We are here in Lima because of our concern
about corruption and our interest in reducing it. The focus for
reduction is shifting from the recipients to the companies paying the
bribes. This is the area of corruption where auditors can have the
best opportunity of prevention, detection, and prosecution.
One Effective Change - Legislation
Companies will stop paying bribes
when the risk to the management or the company itself is greater than
the perceived benefit to be gained from the bribe. In many cases, the
payment will be a business decision not a moral one. U.S. companies'
motivation to pay bribes changed dramatically with the passage of the
Foreign Corrupt Practices Act (FCPA) in 1977. The strong criminal
sanctions of the FCPA usually prevailed over the perceived benefit
from the bribe. A recent study of 18 countries by Professor Johann
Lambsdorff and sponsored by Transparency International concludes that
U.S. companies are least likely to pay bribes while companies from
Belgium, France, and Italy are most likely to pay bribes. The U.S.
does not hold the high moral ground here. The obvious conclusion is
that strong laws like the FCPA vigorously enforced, will significantly
reduce payment of bribes.
The 29 members of The Organisation for Economic Co-operation and
Development (OECD) are committed to developing a treaty that would
make it illegal for companies from member countries to bribe foreign
officials and end the tax deductibility for foreign bribes. The
proposed laws would have to be adopted by each member country with
laws that criminalize bribery abroad. If and when this happens, and
if enforcement is vigorous, then OECD countries will have the same
motivation as U.S. companies.
Other international anti-corruption initiatives include:
- Inter-American Convention against Corruption was signed in 1996, but
not yet ratified. It provides for ciminalization of bribery and
various domestic reforms.
- World Trade Organisation agreed in December
1996 to study proposals to increase transparency in government
- World Bank tightened guidelines for public procurement
contracts. They included provisions for sanctions on borrower
countries and companies which engage in corrupt practices.
- International Chamber of Commerce approved in 1996 a strengthened Code
of conduct on illicit payments.
Response of the Organisation to Unacceptable Risk - Motivating Change
Motivation is the first key step but it must be followed by
strengthened corporate governance and a change in corporate culture.
The FCPA law recognised this by requiring US companies to maintain an
adequate system of internal accounting control. A key theme underlying
the law was that sound internal control should provide in effective
deterrent to illegal payments. Internal auditors play a vital role in
monitoring the internal control process.
Ongoing Prevention, Detection, and Remediation
Corporate governance is
a vital component of a company's ethical compass. In the U.S. the
board of directors establishes the organisation's governance process
through written policy statements which define the roles to the
board, senior management, internal audit, and others. The role of the
board is to oversee senior management's activities and, with the
assistance of the internal and external auditors, to secure assurance
concerning the state of the organisation's system of internal control.
Senior management is responsible for overseeing the establishment,
administration, and evaluation of internal controls.
Internal control is defined as a process - effected by
an entity's board of directors, management, and other personnel -
designed to provide reasonable assurance regarding the achievement of
the following objectives:
So the board is generally responsible for internal control and
specifically responsible for ensuring compliance with laws. How does
it do this? It relies on senior management to install an "effective
control process" but it also clearly states its own expectations in
this area. Effective board members are objective, capable, and
inquisitive. Management may be in a position to override controls or
stifle communication from subordinates. A strong, active board will be
sure it has open lines of communication with the people in the
organisation especially the internal and external auditors.
- Effectiveness and efficiency of operations
- Reliability of
- Compliance with applicable laws and regulations
The control environment (corporate culture) set by management and the
board regarding corruption must be absolute and clear. Management must
convey the message that integrity and ethical values cannot be
compromised and employees must receive and understand the message.
Management must continually demonstrate, through words and actions, a
commitment to high ethical standards. This culture issue is seen is
the cornerstone of a well managed and well controlled company in the
1992 Internal Control - Integrated Framework published by the
Committee of Sponsoring Organisations (COSO) in the U.S. This is a
private sector initiative of five professional financial, auditing,
and accounting organisations with a mission to prevent fraudulent
This group has identified five interrelated components for
the internal control process. Each off these components is also
critical in an critical in an entity's effort to prevent corruption
payments. They are:
Although each of these five components bears directly on preventing
corruption, the control environment is the foundation for
anti-corruption and all other control objectives COSO recommends the
following actions establish the proper control environment:
- Control environment - The proper corporate culture (discussed below)
- Risk assessment - Identification of business areas transactions at
risk for corruption
- Control activities - Policies and procedures
that help ensure management directives are carried out
- Information and communication - Free and open communication throughout
- Monitoring - assess the quality of the internal
control system over time
A 1995 survey showed that 70% of top 500 U. S. companies have their
own codes and most chief executives think that these help maintain
standards. However, the risk of falling standards were growing
because of the greater use of contract staff, the career structure has
disappeared, and the disproportionate gap between executive and
- Codes of Conduct and other policies regarding acceptable business
- Establishment of the proper "Tone at the Top" and
communication throughout the organisation
- Appropriateness of
remedial action taken in response to violations
attitude toward override of controls
- Avoid pressure to meet
unrealistic performance targets
The Internal Auditor's Role
Internal auditing is defined as "an
independent appraisal function established within an organisation to
examine and evaluate its activities as a service to the organisation."
The internal auditing process involves identifying the internal
auditing universe, assessing business risk, designing and gaining
approval of the audit plan and performing individual internal audits.
Consequently, the entity's internal auditors should have a key role in
the overall internal control process. This role includes the
prevention and detection of corrupt actions.
The profession of internal auditing is governed by The Institute of
Internal Auditors. This is a world-wide organisation of 60.000 members
based in Florida in the USA. It promulgates standards of code of
ethics, training and certification program. Professional rule related
to the prevention of corruption include:
- Independence - The auditor must be independent of the activity being
audited and of adequate organisational status to be influential
- Communication - The auditor must freely report the results of his
work to management and the board when appropriate
- Scope of Work - Requires auditors to determine compliance with laws and regulations
- Code of Ethics - Calls for higher standards of honesty, objectivity
In my experience, both the board and management should rely
heavily on the internal auditor to prevent corrupt payments. Very
often the head of internal audit acts as the conscience of the
organisation. When a questionable payment or contract is being
considered by an entity, the approval of the internal auditor will be
sought beforehand . The internal audit department also often
administers the entity's Code of Conduct and will review all exception
items reported by employees. Including questionable payments. Of
course the internal auditors are also monitoring the internal control
system to ensure the appropriate policies and safeguards are in place
and being followed.
While the focus of this paper has been on the entity
paying, the bribe the receiving party should also be subject to
internal audit scrutiny . Understandably, it usually is easier for the
receiving entity to conceal the payment but the same level of controls
and scrutiny should apply.
In summary, internal auditors should be a key element in an entity's
program to prevent corrupt payments. The auditor, must operate within
the proper internal control framework created by the board and
management in order to be effective. The most important element of
that framework is the control environment or corporate culture:
- Creating an ethical environment that makes bribery unthinkable--An
ethical business environment supports global trade preserves the
organisation's image, improves employee morale, and reduces fraud
- Determining the adequate of records that surfaces payments that are
- Training managers to be vigilant
- Reviewing and evaluating the
system of internal controls by internal and external auditors
- Disseminating prompt remedies when a deviation occurs.