Antifraud Programs and Controls
The audit committee should determine that the company has programs and policies in place to prevent and identify fraud. It should work with management to oversee the establishment of appropriate controls and antifraud programs and to take the necessary steps when fraud is detected. The audit committee should also be satisfied that the organization has implemented an appropriate ethics and compliance program and established a complaint hotline.
Ten Areas the Audit Committee Can Evaluate That May Help Mitigate Reputational Risks of Fraud and Corruption
- Integrating risk and strategy
- Crisis management planning
- Comprehensive risk assessment
- Risk tolerance and mitigation planning
- Managing performance and compensation
- Evaluating the tone at the top
- Whistleblower system benchmarking
- Leveraging transaction monitoring and data mining
- Regulatory relationships
- Investigative resources and protocols
Questions about Compliance Programs for Audit Committees to Consider
- Does the audit committee hear directly from the person who has day-to-day responsibility for compliance matters?
- Is the ethics officer independent of the general counsel’s office?
- Does the ethics officer have an adequate budget to do an effective job?
- Does the company regularly and systematically scrutinize the sources of compliance failures and react appropriately?
- How does management take action on reports? Is there evidence of employees being disciplined appropriately and consistently?
- Does the reporting process keep the audit committee informed of ethics and compliance issues, as well as the actions taken to address them? Is ethics and compliance a regular item on the committee’s agenda?
- What type of ongoing monitoring and auditing processes are in place to assess the effectiveness of the program?
SEC Issues Final Whistleblower Rules
On May 25, 2011, the SEC issued final whistleblower program rules. Employees with knowledge of potential securities fraud who report original information to the government or a self-regulatory organization can receive a minimum of 10 percent and as much as 30 percent of monetary sanctions if the enforcement action results in sanctions of at least $1 million.
Whistleblowers are not required to first report issues through internal company channels; however, those choosing to do so are still eligible for the reward if the company reports the problem to the government or if the whistleblower does so within 120 days of notifying the company.
The audit committee may want to consider discussing with management:
- Opportunities to enhance internal whistleblowing systems
- The potential advantages of implementing timely internal whistleblower cash awards to sustain and encourage internal whistleblowing
- The potential value of transaction monitoring tools to help promptly identify potential securities fraud issues such as bribery or financial statement fraud