Read the Czech version here.
PwC Forensic Insight February/2019
Prepare. Respond. Emerge Stronger
Increasing requirements for an effective Compliance system
Currently, the biggest problem for companies is not the loss of funds due to fraudulent behaviour or the payment of fines, but rather the long and demanding investigations conducted by law enforcement or regulatory authorities that damage a company's reputation.
Compliance is thus becoming more important than ever. Particularly after the publishing of a methodology by the Supreme Public Prosecutor's Office in August 2018 examining in detail the possibility to exculpate legal entities from their criminal liability if they are able to prove that their Compliance system is working effectively.
1. Risk analysis: The first step to success
A Compliance system cannot be effectively set up without detailed knowledge of the risks the company is facing. It is critical to:
- identify specific actual as well as potential risks;
- assess the effectiveness of the implemented measures and internal controls put in place to reduce those risks;
- consider what other controls or measures should be put in place; and
- document the entire risk analysis process.
2. Design of an effective Compliance system
Two international ISO standards can provide guidance for properly setting up a Compliance system:
- ISO 37001: Anti-bribery management systems; and
- ISO 19600: Compliance management systems.
The key is:
- to tailor it to the size and specifics of the business;
- to design and implement appropriate and interconnected internal measures - preventive, detective and reactive; and
- to monitor and assess the detected non-compliances.
3. Regular checks and continuous enhancement
It is important to keep in mind that an effective Compliance system does not mean a one-off setup. It is crucial that the company's management ensures that:
- the Compliance system is really working i.e. is not only on paper, but is a true part of the corporate culture;
- its functionality is regularly checked and tested to reflect new risks resulting from the company's business activities;
- its adherence is enforced within the company; and
- corrective actions or measures are designed and implemented without undue delay.
The challenge for many firms is to design a Compliance system in a way that allows it not only to detect non-compliance, but also to assess its importance for the company's business. The amount of data that businesses have at their disposal in electronic format increases every day. The very same data can be used for an effective detection of cases where internal rules were violated.
Data analysis - the alfa and omega of effective detection
- searches for anomalies, discrepancies or other deviations, so-called red flags, in a company's electronic data; and
- determines the riskiest transactions. Internal resources can then focus on a review of transactions with high risk.
15.3.2019 Investigate – simulation of forensic investigation (see HERE)
Would you like to receive a regular NEWSLETTER with the latest information and top tips? All you need to do is to REGISTER.
Do you want to know more? Contact us: