One Size In Compliance Programs Does Not Fit All!

Monday, August 2, 2010 - 01:00

Editor: Would you each tell our readers about your professional backgrounds and the composition of your current practices?

Klein: I am a partner in the Litigation and Valuation Services Group of Amper and am a certified public accountant (CPA) licensed in the state of New Jersey, a certified fraud examiner (CFE) and am certified in financial forensics (CFF). I also am accredited in business valuation (ABV) and as a certified valuation analyst (CVA). My practice consists mainly of litigation support, which encompasses forensic accounting and fraud and business valuation.

Bradow: I am a graduate of the College of New Jersey with a B.S. in Accounting. I am also a certified public accountant (CPA) in New Jersey, a certified fraud examiner (CFE) and certified in financial forensics (CFF).

I am a manager in our firm's litigation and valuation services group and specialize in litigation support services, fraud and forensic accounting investigations. I also have traditional public accounting experience which includes auditing and taxation.

Editor: As part of your litigation support services, do you also serve as expert witnesses?

Klein: Yes, we serve as expert witnesses and provide expert testimony for our clients. We do not work in an advocacy role because that is not permitted by the ethics codes of the organizations that credential us. We are supposed to be finders of fact and report our findings no matter which way it might come down.

Editor: What are the core features of a compliance program?

Bradow: SAFE is a simple mnemonic that I use to keep the core features in mind. S means setting tone at the top. Compliance is absolutely a cultural mind set. Studies have shown that if management holds itself out as ethical, then the employees tend to follow. They may be less likely to commit fraud if they feel that the ethical standards are a priority within the organization. A means assess your risk of fraud. Conduct an internal risk assessment to identify your weaknesses. F means formulate a program that identifies the ongoing processes, controls and other monitoring procedures needed to identify and mitigate those risks. E means educate your employees. Communicate what is expected of them and train them to recognize those red flags.

Editor: There seems to have been some standardization in the design of compliance programs in certain industries. Does your firm specifically tailor the compliance programs that it develops for your clients?

Klein: When designing a compliance program, there are specific things that are general in nature, and everyone uses them in the accounting world everyday. In the marketplace, people like standardization, but in the real world it is not practical. The design of a plan has to be tailored to a company. Every company, every product, every process is genuinely unique. So while there may be generalized terms or concepts that are useful as starting points, compliance programs need to be uniquely tailored to the specific entity. Of course, while nothing can cover everything, you have to design the program to ensure that you capture many areas where you think the company may be vulnerable. Once a compliance program is put in place, it must be monitored and re-evaluated on a periodic basis to ensure that it maintains its integrity and is operating as intended. As technology changes, you must adapt your control procedures to those changes accordingly.

Given the amount and availability of information in the world, additional protocols may have to be installed regularly.

Editor: Is there an advantage to having an outside auditor design a compliance program for a company, or should it be designed internally and then reviewed by outside auditors?

Klein: It depends on the type of company you are dealing with and if there are any restrictions on the ability of the outside accounting firm to interact with the company. If a company is a publicly traded company, the outside auditors should not design the programs. Under Sarbanes-Oxley, there is very limited consulting work that a public accounting firm can do for its publicly traded client. Today, it is quite common for one public accounting firm to do the audit work and another public accounting firm to help in a consulting capacity. Therefore, the independence of the auditing/accounting firm is not impaired, nor does it give the appearance of being impaired.

However, if it is a privately held company, the accounting firm quite often does help design and implement the controls and procedures. From a cost-benefit point of view, the program can be designed internally. Internal management knows best what the current operating procedures are and where they think the weaknesses may be. They can use the outside accountant during the consulting phase to review the work and do the initial testing and monitoring of the program to ensure that it's operating as intended.

Editor: What is the best way for a company to introduce a compliance program to its employees? How can it convey the seriousness of purpose and get the employees on board?

Bradow: Companies should implement a training program, which should be updated at least annually. All companies should make their employees aware that they are serious about detecting fraud. If an offense is detected, then the employees must know that the company means business and is going to take the necessary steps to respond appropriately, even if it means seeking prosecution against its own employees. In these tough economic times, if employees know how the bottom line can be negatively impacted by fraud, they might be more willing to help out because they don't want to see jobs being lost as a result of fraud. Having a compliance program won't necessarily eliminate fraud, but it definitely will reduce it.

Editor: Is there a way to measure the effectiveness of a compliance program?

Klein: Compliance programs should be regularly monitored and tested, be it externally or internally. Effectiveness testing should be a part of the design of the compliance program and should indicate if the procedures and programs are operating as intended. If they are not, an assessment and evaluation should be done to indicate what needs to be done to make the compliance program work as intended. Because things change over time, ongoing monitoring is absolutely necessary.

Editor: Have you found that because of cost-cutting measures, compliance and monitoring programs are being reduced?

Bradow: Yes, definitely. Companies have been using cost-cutting measures during this economic crisis, and this definitely can increase the opportunities for employees to commit fraud. We are seeing that companies are laying off employees, and sometimes they have to consolidate positions, which can create an opportunity for fraud to go undetected. Business owners and executives need to be aware of this and should take every precaution possible, including being more hands on.

Klein: The 2010 annual study by the Association of Certified Fraud Examiners noted that it is in a down economy when fraud is usually discovered. The behavior may have been going on for a period of time, but people don't seem to look until the economy goes down. So policies and procedures need to be monitored at all times, and they should be viewed as a cost-saving measure.

Editor: What course of action do you recommend if your client discovers non-compliance through its own internal audit?

Bradow: They should retain the services of a forensic accountant who can understand their accounting records and internal controls to do an initial assessment. The forensic accountant will work with both in-house counsel and outside counsel to make a determination and assessment of the situation. This is also a good time for the forensic accountant to help the company figure out the best ways of preventing future occurrences of non-compliance.

Klein: If these compliance issues involve employees, then inside counsel and human resources need to become involved in the assessment because there are individual rights to consider. Therefore, when interviewing the forensic accountant to be selected to do the initial assessment, ensure that he or she is aware of not just state and local laws, but also federal employment laws.

Editor: In what phase of the process are you called in by the attorneys to provide litigation support?

Bradow: Generally we are brought into the litigation matter by the attorney during the discovery phase. Sometimes the attorney will call us in even earlier to determine if it is worth pursuing the claim or how much the case may cost in damages, i.e., a cost-benefit analysis. Because of the nature of the economy and the cost of litigation, more than ever, companies are assessing the cost of litigation versus what the expected damage to the company may be.

Editor: When an investigation is initiated either by your client or against your client, what are the first steps that you advise a client to take?

Klein: We often are called in by the attorneys, but we may be called in by a client to do a quick assessment before the attorneys are called in. More often than not, if we find that there is something of a questionable nature, we advise the client to obtain counsel and let them take it from there. Once they have counsel, we leave it to the attorney to advise us as to what steps or processes need to be taken, what evidence we will review and what procedures they would like us to employ to maintain the integrity and the chain of command of the evidence. Some situations may start out as a civil matter, but there are times when a civil matter can become a criminal matter. There are different rules for the chain of custody and preservation of evidence that we will need to comply with, and we defer to legal counsel or law enforcement authorities.

Bradow: If the company first obtains legal counsel, either in-house or from an outside law firm, it will want to assess the viability of the claim. Initially, we help it decide what approach to take in the internal investigation. Does management want to do a limited investigation or a thorough investigation? We emphasize to the company that it needs to be truthful and forthcoming with all the information provided to us. To do otherwise, among other things, would compromise the quality of our investigation and our recommendations. We emphasize this need with our client and with counsel.

Editor: Do you see an increased level of scrutiny of your clients by the SEC? If so, is there any particular area where the SEC is concentrating?

Klein: The SEC is ramping up its enforcement action, but it is too soon to determine its effect. They are becoming more aggressive in trying to isolate issues earlier in the process because they were burned through the late '90s and the early 2000s. Clearly, companies should bear in mind the enhanced enforcement climate when designing new or monitoring existing compliance programs.

Please email the interviewees at hklein@amper.com or bradow@amper.com with questions about this interview.