Bradley Wiggins, the Tour de France and Internal Audit under the FCPA

Bradley Wiggins, the Tour de France and Internal Audit under the FCPA

Today is a great day for Brits everywhere. Not only did Bradley Wiggins become the first Brit to win the Tour de France but fellow Team Sky rider Christopher Froome came in second making it the first British 1-2 finish in the 99 year history of the Tour as well. Wiggins ended his masterful three weeks of cycling by leading in yet another Team Sky member, Mark Cavendish, the "Mann Manx", to his fourth consecutive win on the final day of the Tour, down the Champs-Elysees. It was a fabulous finish to an incredible 20 stages of riding. So a tip of my cycling helmet to Mr. Wiggins and to all of Team Sky.

One question which I sometimes ask in conjunction with the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act is what are some of the specific questions that should be reviewed by auditors in an internal audit which focuses on bribery, corruption and fraud? Last October the US Public Company Accounting Oversight Board (PCAOB) issued "Staff Audit Practice Alert No. 8 Audit Risks in Certain Emerging Markets" (Staff Alert No. 8). While Staff Alert No. 8 "focuses on risks of misstatement due to fraud that auditors might encounter in audits of companies with operations in emerging markets" I found it to be a useful guide for auditors who are also tasked with anti-bribery and anti-corruption focused audits, particularly internal auditors who may be asked to review such practices in the ongoing internal audits. Staff Alert No. 8 begins with a list of "conditions and situations indicating a heightened fraud risk", which I cite in full because it is an excellent list of Red Flags.

  • Existence of two separate and different sets of financial books and records;
  • Discrepancies between the company's financial books and records and audit evidence obtained with respect to the existence and accuracy of cash balances, accounts receivable, and revenues;
  • Auditor difficulties in confirming cash balances, including when requesting to visit the offices of the company's bank, or questions about the authenticity of bank statements provided to the auditor;
  • Auditors' follow-up visits to bank offices indicating serious discrepancies between bank confirmations provided to the auditor and the bank's actual records, such as previously undisclosed material borrowings and no record of or significant differences regarding certain transactions;
  • Attempts by management to intercept or alter confirmation requests or responses;
  • Irregularities in sales contracts, such as a company-specific seal affixed on the sales contract that does not belong to the purported customer named in the contract;
  • Recognizing revenue from contracts or customers whose existence could not be corroborated;
  • Recording sales of products shipped to warehouses or freight forwarders where no customer is identified;
  • Undisclosed material facts surrounding acquisition transactions, sales transactions, and off-balance-sheet transactions with related parties;
  • Recording of assets for which evidence of control, ownership, or title is either unclear or difficult to corroborate;
  • Potential double counting of fixed assets;
  • Recording of uncorroborated operating expenses for which the business purpose is unclear;
  • Manipulation of the accounting records to mischaracterize or conceal payment of bribes or other improper payments;
  • Significant unexplained discrepancies between amounts included in the financial statements in SEC filings and amounts included in financial reports to other regulators, such as local authorities;
  • Use of personal-type bank accounts held in the name of corporate officers or employees instead of corporate-type bank accounts for company business; and
  • Unusual delays by management in the production of routine documents requested by the auditor.

Staff Alert No. 8 makes clear that an auditor cannot accomplish a task unless he or she understands both the company and its environment. An auditor should have an understanding of the following:

  • The relevant industry and regulatory factors, including the legal, and political environment, which may include matters such as:
    • The company's significance in the regional or local economy and its level of influence over its industry, and regional or local government, and
    • Cultural norms in the business and regulatory environments;
  • The company's objectives, strategies, and related business risks; its organizational structure; and sources of funding of the company's operations;
  • The company's significant investments, including equity method investments, joint ventures, and variable interest entities;
  • The sources of the company's earnings, including the relative profitability of key products and services; and
  • The company's key supplier and customer relationships.

From these factors, Staff Alert No. 8 advises that "incentives, pressures and opportunities" may lead to a heightened risk of corruption. Regarding incentives and pressures, the Staff Alert warns that companies which are looking to raise money for international markets may have an incentive to "manipulate financial statements rather than report poor results". Providing a more detailed example the Staff Alert says that one technique used to accomplish such fraud would be consolidating the financial reports of a joint venture with a foreign state-owned enterprise, even if the company does not have a controlling interest in the partnership. Another example the Staff Report provides is the situation where a company repatriates large amounts of cash back to the US. Such foreign legal requirements can create a situation which could lead to bribery or corruption.

In the areas of opportunities, Staff Alert No. 8 focuses on weak internal controls as such deficiencies can provide opportunities for management or employees in such foreign jurisdictions to engage in bribery and corruption. In circumstances where a company is a dominant player in a geographic region, management might be able to dictate terms or conditions to local suppliers or customers, which might result in non-arm's length transactions. Another example may well be where management could "pressure personnel of a local bank or other third parties to provide fraudulent information to the auditor." Lastly, the PCAOB noted that there may be situations where employees are "not be willing to report instances of fraud for cultural reasons or fear of retribution from management" even where the company has a whistleblower program. The Staff Alert cautions that auditors should look for evidence of "undisclosed side agreements" and other evidence of collusion with third parties to "create false documentation to support fictitious transactions."

Staff Alert No. 8 specifies that an auditor must exercise professional skepticism which requires an auditor to obtain and critically evaluate independent evidence from outside sources, rather than simply relying on "management representations about the company's performance." To accomplish this, the Staff Alert speaks to receipt of and review of independent confirmations and test and review revenue to ascertain that it is recognized correctly. Particular attention should be paid to transactions with related parties and to identify their materiality to financial statements.

I found Staff Alert No. 8 a very useful piece of guidance. Not only does it speak to the auditor looking at FCPA or Bribery Act issues but it is important for the compliance practitioner to understand what a regulator might expect to see. As most people you have heard me speak and know my FCPA and Bribery Act mantra is "Document Document Document". This Staff Alert No. 8 lists what documentation a company should keep in order to help prove that it is doing business in compliance with these anti-bribery and anti-corruption laws.

So, congratulations, once more, to Bradley Wiggins. And for those of you cycling fans out there, seven of this year's Tour de France stage winners will be riding in the London Olympics beginning this weekend. It should be great.

 Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

For more information about LexisNexis products and solutions connect with us through our corporate site.