Corporate India’s transforming risk landscape - are you prepared?
With more focus on driving revenues from less mature markets, companies are facing more complex challenges. They must reinforce their commitment to drive ethical growth for better sustenance. There is a need to understand the complexities of the new-age business environment and appropriately deliver on these important priorities. Companies need to ensure that they are able to assess the risks present in their system, identify potential threats and accordingly safeguard their reputation and business.
Leading practices to ensure ethical path for organizational growth
Compliance risks cannot be effectively addressed without robust oversight by the board. It is essential that the board sets a demanding plan, continues to ask tough questions and actively holds senior management accountable for the results. Boards need to appropriately challenge management regarding the quality and frequency of their risk assessments, particularly around new risks such as cyber-fraud and cybercrime. Board members can push the company to foster better collaboration between legal, compliance and internal audit, and they should request regular updates from management regarding fraud, bribery and corruption risks.
Over the past several years, the term big data has been a major theme for information technology media and increasingly made its way into compliance, internal audit and fraud risk management-related publications. Mining big data using forensic data analytics tools can improve compliance and investigation outcomes and can help management provide useful summary information to the board. For those charged with deterring, detecting and investigating misconduct, mining such data can be a particularly powerful tool to be utilized in their overall compliance and anti-fraud efforts.
Companies should have a response plan in place and clearly defined escalation procedures. These should include whether to respond to a whistle-blower or a cyber-incident, to minimize the damage being done, and would need to include how certain types of incidents should be highlighted to the board within a given timeframe. Furthermore, when deemed necessary, consultation with outside legal counsel, forensic accountants and IT security professionals should be directed.
Specialized due diligence should be the norm either as pre-closure or post-closure. Efforts to mitigate corruption risks posed by agents, consultants, commercial sales representatives and other third parties break down into four separate activities:
- Pre-contract due diligence and acceptance procedures
- Contracting provisions with anti-fraud and anti-bribery representations, warranties and other vendor requirements such as certifications and anti-corruption training
- Special payments review and approval
- Audits of intermediaries
A company needs to categorize its vendors, analyze the risks posed by vendor type and determine if any groups warrant enhanced treatment to mitigate corruption risks. Companies should also develop a policy and specific procedures for anti-corruption due diligence in any contemplated merger, acquisition or joint venture; this would be a safeguard against inheriting liability for past corrupt activities.
The trainings should be customized in the local language and should include a mix of classroom and other online or video components. Participant information should be tracked and business unit leaders — including those in foreign locations — should be evaluated on participation levels. C-suite executives need to lead on training and cannot be exempt from it. Board members too should undergo dedicated trainings for better enablement. Organizations need to invest in developing specific training modules given the profile of the personnel, seniority and risk associated with employees or third party to discharge duties etc.
While the business needs to own the risk, internal audit and compliance play essential roles in both improving standards of business conduct and in keeping the company out of trouble. Companies need to understand the value that these functions bring in and ensure that an adequate amount of resources and budgets are allocated to enable thorough enforcement of policy and procedure.