Control environment and activities are actions that help senior management mitigate bribery and corruption risks to ensure the achievement of overall objectives. Control activities may be preventive or detective and may be performed at all levels of the organization. It includes senior and middle management’s overall attitude and actions regarding the importance of internal controls in their organization. Internal controls effectively function when the management and employees believe that internal controls can mitigate the risks of bribery and corruption, which help in compliance with the applicable anti-bribery and corruption framework.
Control Environment: ABC Compliance Program Elements #3
The control environment includes the integrity, ethical values and competence of staff, management’s philosophy and operating style. The way management assigns authority and responsibility, direction provided by the board, organizational structure, policy and procedures, and code of conduct. These components are required to ensure that bribery and corruption incidents are discouraged and employees work fairly and transparently. Everyone in the organization is responsible for the effective implementation and compliance of the internal control system to avoid bribery and corruption risks. Each element of the control environment needs to work effectively to ensure that the organization’s objectives are effectively achieved.
The organization demonstrates its commitment to integrity and ethical values by setting the tone at the top, establishing standards of conduct, adhering to them, and appropriately addressing deviations. The board of directors demonstrates independence from management and exercises oversight of the development and performance of the control system by establishing an oversight responsibility, applying relevant expertise, operating independently, and providing oversight for the system of internal control.
As part of the control environment, the company’s Audit Committee takes the issue of management override of controls. Every quarter the Committee reviews the bribery and corruption cases reported by the senior management. Control environment relates to the governance and aims to control the overall organizational structure and processes. Control environment ensures the effectiveness of business and back-end processes implemented in various departments. Organizations operating, regardless of their size, maturity, or structure of ownership, have unique challenges and opportunities relating to the design and operation of the internal control system.
Internal Control System
A strong internal control system helps mitigate the significant risks associated with complex processes. Organizations design and implement internal controls in light of many changes in business and operating environments to address operations and reporting objectives and clarify the requirements for determining what constitutes effective internal controls.
Risk-based controls should be designed to mitigate bribery and corruption risks associated with the engagement of third-party providers, including any intermediaries and the principal investments and controlled fund acquisitions/ joint ventures. The activities related to giving and taking gifts and hospitality and any charitable giving and political contributions, marketing sponsorships, and employment and work experience must be monitored as part of the compliance program.
The control environment includes the assessment of the structure of the entity-level control. Entity-level controls are defined as controls “that have a pervasive effect on the entity’s internal control system including the control environment.”
The maturity of the entity-level control structure significantly affects the assessment and the associated results. For instance, when the organizations have a formal ERM activity, the organization has standardized processes for risk assessment, remediation design and implementation, monitoring, and reporting. Supporting processes such as ongoing management evaluations or separate evaluations driven by the internal audit also may exist. Management can use these processes and the related documentation during the assessment.
To avoid bribery and corruption, the departments to maintain the control environment hire qualified individuals and make efforts to retain skilled employees. The departmental heads train new and current staff to excel in the jobs and use appropriate internal controls to avoid bribery and corruption. They assist staff by providing tools for anti-bribery and corruption policy and procedure manuals that communicate all the employees’ responsibilities and duties. They provide sufficient supervision to review the work of employees.
If the ERM activity is less formal, management may find that the organization’s senior management handles the responsibilities for controlling the environment, monitoring, and reporting. The lack of a structured control environment results in bribery and corruption risks, which indicates a gap in the control structure, which increases as the number of locations increases in the organization.
Bribery and corruption are significant impediments to socioeconomic development and distort national and international economic relations. In response, nation states and international organizations have developed regulatory frameworks to aid in the fight against corruption.
The OECD Convention on Combating Bribery of Foreign Public Officials (1997) and the UN Convention against Corruption are two examples of international frameworks that have been enforced through ratification by respective member states (2003). Whereas the former makes it a crime for companies and individuals to pay bribes to foreign public officials, the latter covers bribery both at home and abroad, as well as private sector corruption.