How to boost internal control to tackle corruption?

Taking money out of a wallet Day in and day out, businesses in India have to deal with numerous corruption-related risks. A majority of these are in the form of theft of physical assets and information, bribery, and internal financial frauds. This trend, combined with a stringent regulatory and enforcement environment, has brought risk management to the fore. It is not a choice anymore, but a necessity. Neville Dumasia, National Leader, Risk Advisory Services, India, EY discusses ways to leverage internal control to tackle corruption.

If you look back at India Inc. in recent times, you will observe how scandals and frauds have become ‘business as usual’. FICCI’s recent India Risk Survey 2014 rates bribery and corporate fraud as the biggest risks affecting Indian corporates this year.  Businesses are required to develop a robust internal control program to assess, as well as mitigate, these risks. We now see Indian companies deploying targeted anti-corruption compliance programs, financial controls, trainings, internal audits and other monitoring mechanisms.

In fact, anti-corruption watchdog Transparency International has rated Tata Group companies as the best in emerging markets for their measures to combat corruption.

Designing a suitable anti-corruption risk program

The starting point for designing an anti-corruption risk program is a holistic assessment of risks inherent in the business; the portfolio of projects in the pipeline; dealings with government entities and intermediaries; and complexity of the operational and regulatory environment.

For instance, a large Europe-based utility has a clearly laid out anti-corruption program called ‘Zero Tolerance of Corruption’. It enlists guidelines for matters such as contributions to political parties, facilitation payments, and relations with third parties.

A ‘one-size-fits-all’ approach is not appropriate for India’s diverse and dynamic business environment. Businesses are required to develop a program which is well-balanced between control policies and business necessities. This is especially relevant as there are vast differences in the customer segments that companies serve. For instance, cash is a preferred mode of payment in rural India. A company that relies on the rural market cannot afford to have a control policy restricting the use of petty cash.

Due diligence on third parties

An essential element of an effective compliance program is third party due diligence. Companies are constantly put at risk due to their dealings with third parties and their exposure to corruption schemes.

Businesses should have a due diligence framework in place for third parties, that covers an assessment checklist for local employees, external verification, and periodic audits and site visits. It is also advisable to train local sales and finance personnel on how to identify ‘red flags’ when offered/requested payments over and above the services rendered.

There should also be a well-defined policy for facilitation payments:Many a times, corruption is disguised in the form of facilitation payments. To alleviate such risks, companies should set in place a clear corporate policy on facilitation payments that dictates the extent to which such payments are allowed and ensures their accurate documentation.

Safeguarding whistle blowers

Turning a blind eye to violations can result in criminal and civil liabilities for the company as well as for individuals. But still, many a times, employees shy away from disclosing violations fearing negative implications of the disclosure.

As a response, companies should deploy mechanisms such as an ombudsman or helplines that facilitate and encourage its people to report any suspected malpractice. These mechanisms will initiate the necessary investigation while maintaining the anonymity of the person.

Moreover, India’s regulatory watchdog SEBI has made it mandatory for listed companies to have a whistle-blower mechanism for their employees and directors. To be effective, the whistle-blower policy should prompt timely action from the management and ensure protection of people who raise their voice against malpractices.

For instance, a leading Indian automobile company has a whistle-blower policy that sets a 15-day deadline for the Whistle Officer or committee submit an investigation report about the complaint.  This ensures timely redressal.

Firm-wide anti-corruption culture through training

Employees are the face of a company and their conduct constantly exposes it to various types of risks. As fraud manifests itself in minor transactions across an organization, it is very important to drive anti-corruption as a cultural element.

It is essential for the senior leadership to motivate all its employees to be vigilant. Companies should introduce mandatory training on the company’s code of conduct and anti-corruption practices.

One such example is Cisco, which has made its global anti-corruption training a mandate for all its sales and marketing employees, channel partners, distributors, as well as sales supporting consultants.

A training module, which takes into consideration employees’ roles and responsibilities and is periodically renewed for new as well as transitioning employees, can go a long way in creating a firm-wide anti-corruption culture.

Leveraging forensic data analytics

Companies can use data analytics as a tool for compliance monitoring. This can help in identifying high-risk vendors, track email communications carrying sensitive words, and determine which locations to audit.

A Fortune 500 company recently conducted an anti-fraud/anti-corruption review covering 15 countries and thousands of employees and vendors. The company analysed more than 2 terabytes of data, comprising over 25 million documents, using forensic data analytics tools such as data visualization and text mining. The exercise resulted in improved project efficiencies and identification of high-risk vendors, customers and employees.

Continuous renewal

As the business environment becomes more dynamic than ever, companies will be constantly exposed to more regulatory changes and new types of risks. What is required from businesses is to periodically conduct risk assessments to ensure the relevance and effectiveness of their anti-corruption programs.

In today’s world, no organization is immune to bribery, corruption or fraud. Those that understand the risks and implement proper controls will be best prepared to compete in the global economy.

However, businesses will be required to measure the cost of implementing such measures and see that they do not overrun the benefits of risk control programs. Proper budget allocation and tracking of records are required for successful implementation of these programs.

It is clear that there are no quick fixes for managing corruption-related risks, but building best practices to deal with such risks is the need of the hour. The risk profile of a company changes with every strategic decision that it takes, and thus, it is important to review and update risk assessment on a regular basis. Those who fail to do so will expose themselves to countless risks in this corruption-prone environment.


8 thoughts on “How to boost internal control to tackle corruption?

  1. Dear Viral,

    For detailed insights into forensic accounting and related risk management we have an exclusive blog platform called Forensic Diaries Blog:

    This is a unique blog platform voicing the opinions of expert forensic leaders. The blog posts on this forum highlight the increasing complexities related to fraud, corruption and other threats, changes in the regulatory landscape and trends redefining ethics in a global business ecosystem.

    We hope you find this purposeful, if need be, please feel free to share with us any specific topic per se this category. Our team will connect back with the author.

    Have a great day ahead 🙂

  2. Dear Team,

    We would like you to share some more thoughts on forensic accounting and related risk management, in present scenario.


  3. Thanks to everyone. We hope to hear from you more often 🙂

    Would be great to know if there are any particular topics you would like our authors to cover in the blog. Please share with us in the comments sections here.

  4. Thats absolutely essential Viral but which is the reason why there are two seperate departments and hence two seperate DOA to counter this risk

  5. One important point, I’d like to mention here. Many a times, it is seen that there exists a conflict of interest between two departments ( e.g. Sales and Operations or Sales & Credit in Banks/FIs etc.), where one often tries to unduly influence other for doing something, for their benefits (Business necessities, as mentioned here) but might put other in risk situation and compromise organisation’s interests, in some way or the other.

    Here, it requires close coordination between the two, clear understanding of inherent risk in the transaction by both, timely & unfiltered communication, fair & unbiased higher management, its timely intervention and clear stand (Not vague) in the matter.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s