Using A Major Accounting Firm For Uncovering Fraud And Compliance Violations

Monday, October 1, 2007 - 00:00

Editor: Please tell our readers about Ernst & Young's Fraud Investigation & Dispute Services practice.

Sibery: There continues to be a high demand for client services in the fraud area, particularly among companies with global businesses. Our practice along with Ernst &Young's Business Risk Services practice is part of the larger umbrella service group we call Risk Advisory Services. Through our Risk Advisory Services group we bring together the firm's broad resources to provide effective multidisciplinary teams to help clients manage risk and detect and proactively deter fraud throughout the world.

We help U.S. and foreign companies with their fraud prevention and other compliance concerns on a global basis. We have been called in many times to assist companies that may have questions about their activities in a particular region such as China, India or Russia or within certain business units, functions or industries. We can help them develop an appropriate tone at the top and to improve their policies. We assess their risk appetite and help them develop anti-fraud strategies including how to provide appropriate training. We can also help them with fraud risk assessment; fraud controls; and monitoring and response plans.

Editor: An effective compliance strategy requires a seamless partnership among the business people, attorneys and auditors. Are you called in frequently by outside counsel?

Sibery: As our reputation and presence in the fraud investigation and prevention areas has grown, we are frequently called in by law firms or corporate law departments to assist in an investigation which may involve working with one or more of our offices in a foreign country. Investigations that are compliance related is a growth area for us as companies are more aware of their vulnerability to prosecution not only by U.S. authorities but also by authorities in the increasing number of countries that have begun enforcing their own anticorruption laws. In addition, fraud is costly both monetarily and from a reputation perspective. As companies become more global in their operations, our relationships with their law firms are becoming more global as well. We have broad relationships with global law firms in places like New York, Atlanta, Chicago, Hong Kong, London and Brussels.

Editor: Do you regularly work with a company's internal auditors?

Sibery: We are often asked to assist internal audit with FCPA risk assessments, training and other compliance related projects. Where there is a major investigation involving numerous locations, we are frequently called in to share the work with internal audit. We may lead the charge in some investigations while in others internal audit will take the lead. Working with us is a valuable learning experience for the internal auditors. They can observe our investigative techniques and apply them to their future audits.

Editor: Do global corporations maintain ongoing relationships with the Fraud Investigation & Dispute Service of Ernst & Young?

Sibery: We have ongoing relationships with companies who come to Ernst & Young when they are looking for assistance on risk or compliance issues. They come back to us repeatedly because over time we become familiar with their personnel, the way they conduct their businesses and their accounting and auditing practices - and we may have helped them with employee training and installing systems to deter fraud. When we come in to help them with an investigation, we don't have to reinvent the wheel. This is particularly true of global investigations where the accounting practices followed may be quite different from country to country. We know how they do things and we know their expectations.

Editor: Would you describe a typical client engagement and how you would work with them to uncover red flags in their operations?

Sibery: In a typical assignment, we are retained to focus on a particular area of concern. The reason for our retention may be a specific complaint or whistleblower accusation, or it may be a more general concern about the effectiveness of the compliance function or controls in a particular area. We work with clients on various levels with an eye towards uncovering issues that might otherwise escape detection. For example, on a FCPA compliance assessment project, we may first look at the compliance structure that is in place, the policies the company has and the method and frequency of training on those policies. If a company had suitable policies in place, we focus on understanding whether new policies may be necessary because of changes in their business.

Editor: What advice do you give clients who are constructing a compliance program to mitigate the risk associated with entering a high risk region?

Sibery: A client recently approached us because they were expanding their business into a region with a historically high risk of corruption. We began the engagement by working with the client to understand their current business strategy. We also looked at the company's tone at the top, their current compliance policies, their training, accounting control and whistleblower channels and tried to evaluate their employees' understanding of the corruption issues they might face.

We also assisted them during the due diligence phase with a corruption-focused risk assessment of the business they were acquiring. This allowed the client to further understand what the risks were and further define their priorities in post-acquisition compliance. It was very important for them to understand what pre-existing issues they may inherit. For this project, I worked closely with my forensic accounting colleagues based in the country the client was entering. Our local counterparts understand the local corruption issues; they speak the language and are an integral part of the Ernst & Young team.

Editor: Do you work with companies to develop suitable controls to ensure that sales agents comply with Foreign Corrupt Practices Act ("FCPA") requirements?

Sibery: This question goes back to the importance of training and effectively communicating company policies. It requires due diligence and being familiar with FCPA requirements and the risks associated with sales agents - who could pass a payment to a third party that might be deemed a bribe. Some companies may have implemented FCPA policies but grandfathered long-standing sales agents. The company may not have considered what these agents are currently doing, how much they are being paid and whether those payments make sense.

An area where we have seen companies get into trouble recently is when they make facilitation payments. Even though a company may be comfortable with making these payments because they fall within the allowable FCPA exception for facilitation payments, the company may not be recording and booking those in an appropriate manner. Oftentimes a company may not be able to retroactively identify facilitation payments. This is problematic from a books and records perspective and can create problems when an issue is raised about the validity of the payments. Companies should consider tightening their controls and communicate specific policies about when a facilitation payment is appropriate. They should also set up specific procedures for recording those payments to provide the accountants, attorneys and compliance people with the information they need to determine how much is paid and the reason for the payment. For instance, it may make sense to establish an expense account dedicated to facilitation payments so that they are not lumped together with payments for agent services.

Editor: So, it is possible for a company to violate FCPA for not recording these payments properly?

Sibery: Yes, it could be a violation of the books and records provisions of the FCPA. The most common issue we have seen is that a company may be making a lump sum payment to an agent and booking it as a consulting fee without specifying how much of that payment was facilitation fees going to Customs, local utilities or other government agencies. Without engaging in a thorough investigation, it would be impossible for a company to determine how much of the payment was for facilitation fees. The bigger picture issue is also making sure the company's legal department is comfortable that the payment even qualifies as a facilitation payment. Oftentimes people from finance or internal audit may make this decision and it is not necessarily that straight forward. The facilitation payment exception is narrower than many people realize and an attorney experienced in this area should be consulted.

Editor: Should companies retain records that justify sizeable differences in consulting fees?

Sibery: Absolutely. During a risk assessment or an internal investigation one of the issues we would focus on is whether there are any agents being paid more than others rendering similar services. If an agent is being paid more than the others performing similar services, it would be helpful to have documentation explaining that difference.

Editor: Does it make sense for companies to audit their agents' records to protect themselves from potential agent misconduct?

Sibery: Yes, it makes sense in a number of situations. Companies are now more inclined to provide for audit rights in their contracts with agents. We have also seen companies exercising those rights on a more frequent basis. Some companies even consider engaging in periodic audits of agents or third parties on a proactive basis. I recently worked with a client who decided to terminate a relationship with an agent because the agent refused to provide them with access to their books. That was a valuable relationship for our client, but not granting the requested access is a significant red flag and continuing business with them could have been very risky.

Editor: Training programs are an effective way to communicate with employees and agents about FCPA requirements. Do you work with clients to establish these programs?

Sibery: We help companies develop training programs for their employees including live training, PowerPoint presentations, and conference calls. Customized training sessions are always more effective than generic FCPA programs so we look at a client's code of conduct, its internal policies, the issues relevant to the client's industry and the regions they are operating in to tailor a program to their specific needs. Our international network has been a tremendous asset for us in this area as well. We receive valuable information from our local team members which allows us to implement customized training programs for clients.

Please email the interviewee at richard.sibery@ey.com with questions about this interview.