Date post: | 12-Aug-2015 |
Category: |
Economy & Finance |
Upload: | laszlo-arvai-lion-1500 |
View: | 207 times |
Download: | 4 times |
© 2015 Belden Inc. | belden.com | @BeldenInc.
Dirk Erlenkoetter Internal Audit Manager EMEA
Belden Inc.
Vienna, CFO Zone 2015 – 8th May 2015
Rethinking Risk in
Finance – Growing
Role of CFO as CRO
© 2015 Belden Inc. | belden.com | @BeldenInc. 2
AGENDA
1. Introduction – Company & Speaker
2. Risk Management Regulations
3. Self-Assessment and Facts & Figures
4. Risk Management Standards
5. Organization & Objectives of Risk Management
6. Risk Assessment & Risk Report
7. Enterprise-wide Risk Management
8. Corruption Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 3
1. Introduction – Company & Speaker
A Rich Heritage
• Founded by Joseph Belden
in 1902 in Chicago
• A long history of innovation for
communications technologies
• Early customers
included Thomas Edison
• CEO John Stroup, Headquarter St. Louis, MO
• Ca. 8,700 employees
• NYSE: BDC
• Operations in North and South America,
Europe, Middle East, Africa and Asia Pacific
• Revenue $3.2B
• 30+ Sales Offices; 30+ Manufacturing Facilities
Radio in the
1920s
TV in the
1950s
Computer Networking
in the 1980s and 1990s
Joseph Belden Thomas Edison
Business Platforms Applications Vertical Markets
Delivering highly engineered signal transmission
solutions for mission-critical applications in a
diverse set of global markets
Industrial
Enterprise
Broadcast
Data
Video
Sound
Belden Today
© 2015 Belden Inc. | belden.com | @BeldenInc. 4
Transformation from a Regional Cable Supplier to a Global Signal Transmission
Solutions Provider
Belden Business System
Strategy, Culture and Values
2009 2010 2011 2012 2006 2005 2007
Industrial Connectivity
Q2
Industrial IT Q1
Broadcast Q4
Broadcast Q4
Industrial IT Q4
Industrial IT Q3
Broadcast Q1
Broadcast Q4
Broadcast Q3
Communication Products Industrial
Connectivity Q2
2014
Broadcast Q1
Industrial IT Q2
2015
Q1
1. Introduction – Company & Speaker
© 2015 Belden Inc. | belden.com | @BeldenInc. 5
Four Business Platforms Delivering
Innovative Connectivity Solutions
• Connectors
• Industrial Cable
• Patch Cords
• Distribution Boxes
• Customized
Connectivity Solutions
Industrial
Connectivity Solutions
• Ethernet Switches,
Routers and Gateways
• Security Devices
• Network Management
Software
Industrial IT
Solutions
• Racks and Enclosures
• Copper and Fiber
Connectivity
• Ethernet, Fiber Optic
and Coaxial Cabling
• Custom Infrastructure
Solutions
Enterprise
Connectivity Solutions
• Broadcast Cameras
• Live Production Systems
• Routers and Interfaces
• Broadcast Connectors
• Broadband Connectivity
• Playout Systems
Broadcast
Solutions
1. Introduction – Company & Speaker
© 2015 Belden Inc. | belden.com | @BeldenInc. 6
1. Introduction – Company & Speaker
Dirk Erlenkoetter
• Internal Audit Manager EMEA Belden Inc.
• Director Internal Audit SKW Stahl-Metallurgie Holding AG
• Interim-CFO Magna Seating Czech Divisions
• Senior Internal Auditor Magna International Germany GmbH
• Audit Manager Salzgitter Klöckner-Werke GmbH
• Auditor Internal Audit & Integrity Services BDO Germany
© 2015 Belden Inc. | belden.com | @BeldenInc. 7
1. Introduction – Company & Speaker
Dirk Erlenkoetter
• Graduated in Business Administration and Graduated in Law
• Certified Risk Manager
• Certified Compliance-Officer
• Certification in Control Self-Assessment (CCSA)
• Speaker at
© 2015 Belden Inc. | belden.com | @BeldenInc. 8
2. Risk Management Regulation
Laws Enacted:
• «Obligationenrecht» Switzerland
• «Gesetz zur Kontrolle und Transparenz im Unternehmensbereich
(KontraG) 1998» Germany
• “Bilanzrechtsmodernisierungsgesetz (BilMoG) 2009” Germany
• «Verbandsverantwortlichkeitsgesetz» Austria
• «Sarbanes-Oxley Act (SOX) 2002» USA
SOX was enacted as a reaction to a number of major corporate
and accounting scandals (Enron, incorrect disclosed profit,
Worldcom, fraudulent entries).
Top management must individually certify the accuracy of
financial information; penalties for fraudulent financial activity are
much more severe.
SOX increased the oversight role of boards of directors and the
independence of the outside (and internal) auditors who review
the accuracy of corporate financial statements.
© 2015 Belden Inc. | belden.com | @BeldenInc. 9
SOX created the Public Company Accounting Oversight Board
(PCAOB), charged with overseeing, regulating, inspecting, and
disciplining accounting firms in their roles as auditors of public
companies; the act also covers issues such as Auditor
Independence, Corporate Governance, Internal Control
Assessment, and enhanced financial disclosure.
SOX Section 302 – Disclosure Controls: mandates a set of
internal procedures designed to ensure accurate financial
disclosure, the officers must "have evaluated the effectiveness of
the company’s internal controls”.
SOX Section 404 – Assessment of internal control: mandates
management to select an internal control framework and then
assess and report on the design and operating effectiveness of
their internal controls annually. This is the most costly aspect of
the legislation for companies to implement, as documenting and
testing important financial manual and automated controls
requires enormous effort.
2. Risk Management Regulation
© 2015 Belden Inc. | belden.com | @BeldenInc. 10
SOX Section 404 – Management is responsible for performing
their assessment in the context of a top-down risk assessment
(which requires management to base both the scope of its
assessment and evidence gathered on risk); according to several
board by-laws: CFO is responsible for Risk Management.
Quantification of risks: Risk Controlling
BUT: Concretion of risk management was not provided in any
regulation
2. Risk Management Regulation
© 2015 Belden Inc. | belden.com | @BeldenInc. 11
Motivation of Risk Management:
• Organizations of all types and sizes are facing several internal and
external factors and influences that make it uncertain whether and when
they will achieve their objectives;
• The effect this uncertainty has on an organization’s objectives is «risk»;
• Globalization increases uncertainty (financial, markets, production,
banking);
• Complex structure and processes, missing interfaces;
• Loss prevention;
• Silo mentality;
• Conflict of interests.
3. Self-Assessment and Facts & Figures
© 2015 Belden Inc. | belden.com | @BeldenInc. 12
So what does all this mean for practitioners?
The biggest change is shifting an organization’s
risk focus from a rear-window view to what we
can call «a global positioning orientation»!
3. Self-Assessment and Facts & Figures
© 2015 Belden Inc. | belden.com | @BeldenInc. 13
Maturity of Risk Management:
• Compliance with regulatory requirements
Basic Risk Management
• Reconciliation of Forecast and Risk Maps
• Integration in Budget and Forecast
• Forecasting Scenarios und Overall Risks / Risk Exposure
Advanced Risk Management
• Risk Bearing Ability / Net Risk Exposure
Optimized Risk Management
3. Self-Assessment and Facts & Figures
© 2015 Belden Inc. | belden.com | @BeldenInc. 14
Deloitte-Survey 2014:
• 40 % of biggest global corporations lost more than 20% of their
shareholder value in the last 10 years in only one month;
• 90 % of losses were generated by aggregated risks;
• Huge losses due to risks characterized by a high negative impact but a
low likelihood;
• In all corporations a risk management functions to control and monitor
risks was established by the management.
3. Self-Assessment and Facts & Figures
© 2015 Belden Inc. | belden.com | @BeldenInc. 15
Survey Horvath & Partners 2011:
• 25 % of the interviewed companies have no formalized risk
management process implemented;
• Significant improvement has been noted concerning the risk
management integration;
• Main objectives were compliance with regulation, business continuity /
going-concern and encouragement of risk awareness;
• > 50 % of the interviewed companies identified significant room for
improvement regarding risk management.
3. Self-Assessment and Facts & Figures
© 2015 Belden Inc. | belden.com | @BeldenInc. 16
Survey ACE European Group / Economist Intelligence Unit 2007:
• 97 % of 218 interviewed managers believe that risk management is a
competitive advantage / unique selling proposition;
• Risk Management takes an important role in increasing shareholder
value;
• Reputation risk is for 40 % of the interviewed managers the most
important risk;
• 60% of the interviewed managers said that the budget for risk
management increased in the last years;
• Risk management development is focused on risk reporting, training
and enhancement of risk analysis;
• Increase of risk management resources.
3. Self-Assessment and Facts & Figures
© 2015 Belden Inc. | belden.com | @BeldenInc. 17
Standards:
• 1999: IDW PS 340 External Audit of Risk Management as part of the
year-end audit activity (conducted by year-end auditor)
• 2002: «Deutscher Corporate Governance Kodex» (DCGK) German
Corporate Governance Code
• 2004: «Committee of Sponsoring Organizations of the Treadway
Commission» COSO Framework I & II
• 2004: ONR 49000 ff. (ON-Regelwerk 49000 Risk Management for
Organization and Systems)
• 2008: ISO 31000 Guideline on Principles and Implementation of
Risk Management
• DIIR Revisionsstandard Nr. 2 Institute Internal Auditors Germany
• ISO 22301:2012 Business Continuity Management System (the world‘s
first international standard for Business Continuity Management)
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 18
What is COSO?
• Committee of Sponsoring Organizations of the Treadway Commission
(COSO) is a voluntary privatesector initiative dedicated to improving
organizational performance and governance
through effective internal control, enterprise risk management,
and fraud deterrence.
• Five nonprofits are its sponsoring organizations:
(1) AAA (American Accounting Association),
(2) AICPA (American Institute of Certified Public Accountants),
(3) FEI (Financial Executives International),
(4) IIA (Institute of Internal Auditors), and
(5) IMA (Institute of Management Accountants).
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 19
COSO I (left, Internal Controls) and COSO II (right, ERM)
Framework for Internal Controls
focused on accounting and financial
reporting
Enhanced framework for Enterprise
Risk Management
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 20
COSO I: 1992 Internal Control – Integrated Framework
• SOX 404 requires management at public companies to select an
internal control framework and then assess and report on the design
and operating effectiveness of their internal controls annually.
COSO II: 2004 COSO Enterprise Risk Management (ERM)
• ERM defined as a top-down process, input for corporate strategy,
holistic approach (Internal Environment, Objective Setting, Event
Identification – positive / negative, Risk Assessment, Risk Response,
Risk Monitoring).
• COSO more than any framework places a greater degree of
responsibility on the board, requiring not only that the board support
ERM, but have direct involvement in the ERM process.
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 21
• To achieve their mission, organizations need to develop interrelated
strategies and objectives across the enterprise; the COSO ERM
Framework breaks these strategies and objectives into four distinct
categories:
Strategic Risks: Organizations need to consider a number of
sustainability issues, many of which can have a significant
strategic impact (range from marketing position and changing
customer demand to strategic investments, stakeholder
communications and investor relations).
Operational Risks: Changes in weather patterns, escalating
impacts of natural disasters, other extreme weather events, rising
propulation, lack of natural resources, supply chain impacts.
Compliance Risks: New and expanding regulatory compliance
risks.
Reporting Risks: Transparent, accurate and precise reporting,
reporting on sustainability.
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 22
• The COSO ERM Framework builds on eight interrelated components to
establish effective ERM:
(1) Internal Environment: reflects the tone of an organization and
how it considers and manages risk (what is the risk appetite?).
Important: This is an opportunity for Top Management to
proactively align and drive the organization!
(2) Objective Setting: backdrop for risk considerations and
management activities.
(3) Event (Risk) Identification: organizations need to evaluate all
risk exposures relative to potential sustainability issues; most
risk identification scales include three to five impact dimensions,
which are graduated from low (minimal) impact to high
(catastrophic) impact.
(4) Risk Assessment: risk root cause and sensitivity analysis to
understand the drivers and pathways of organizational risks.
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 23
(5) Risk Response: risk responses should be tied to the drivers of
risk and anchored in what is an acceptable range of solutions.
4. Risk Management Standards
Risk Treatment
1. MITIGATE - Corrective action to eliminate or reduce
impact or likelihood
2. AVOID - Cease activity to eliminate risk
3. TRANSFER - Shift impact to another entity
4. ACCEPT - No corrective action. Document acceptance
decision and monitor
(6) Control Activities: sustainability resources, the controller’s
office, operations and other relevant stakeholders can work
closely together to develop policies and procedures that
effectively execute risk responses.
© 2015 Belden Inc. | belden.com | @BeldenInc. 24
Important: Internal Audit can also perform audits to evaluate the
effectiveness of sustainability practices, communication
protocols and reporting initiatives. These audits enable the
organization to obtain independant analysis of the design and
operating effectiveness of sustainability initiatives!
(7) Information and Communication: critical factors for managing
risks and opportunities, particularly those associated with
sustainability
(8) Monitoring: to ensure that an organization is achieving its
objectives, staying within its risk tolerance threshold and
satisfying stakeholders, it should constantly monitor and
evaluate the sustainability activities it undertakes.
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 25
International Organization for Standardization (ISO): ISO 31000
• Worldwide federation of national standard bodies.
• This international standard establishes a number of principles that need
to be satisfied to make risk management effective.
• This international standard recommends that organizations
develop, implement and continuously improve a framework;
purpose is to integrate the process for managing risk into the
organization's overall governance (strategy and planning,
management, reporting processes, policies, values and culture).
• ISO 31000 is shifting from an event to the effect risk and risk
management has on organization‘s objectives (trying to predict events
can be difficult, objectives typically are clearer and more precisely
articulated).
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 26
International Organization for Standardization (ISO): ISO 31000
• ISO 31000 put the emphasis squareley on risk management as a
strategic discipline for making risk-adjusted decisions, rather than a
compliance-based function.
• ISO 31000 is not designed to provide assurance around controls, it
focuses on the actions taken on identified risks.
• Although the practice of risk management has been developed over
time and within many sectors in order to meet diverse needs, the
adoption of consistent processes within a comprehensive framework
can help to ensure that risk is managed
effectively,
efficiently,
and coherently across an organization.
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 27
Arial Text (Grösse und Fettigkeit der Schrift frei wählbar)
4. Risk Management Standards
© 2015 Belden Inc. | belden.com | @BeldenInc. 28
Dimensions of Risk Management:
(1) Risk transparency / insight (Risk Inventory and Risk Reports)
(2) Risk appetite / strategy (How much risk is comfortable? What kind of
risk am I willing to take, and how I expect to profit from those risks?
What is my risk capacity?)
(3) Risk-related business processes and decisions (Strategic planning,
capital allocation, financing)
(4) Risk organization and governance (Risk Group Board, Divisional
CEO’s and CFO’s, Risk Management Board, Corporate Internal Audit,
Corporate Risk Management)
(5) Risk culture (all norms of behavior for individuals and groups within the
company that determine the collective willingness to accept or take a
risk, and the ability to identify, understand, discuss, and to act on risks)
5. Organization & Objectives of Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 29
Objectives of Risk Management:
(1) Increase the likelihood of achieving objectives
(2) Encourage proactive management
(3) Need to identify and treat risk throughout the organization
(4) Comply with relevant legal und regulatory requirements and
international norms
(5) Improve Financial Reporting
(6) Improve Governance
(7) Improve stakeholder confidence and trust
(8) Establish a reliable basis for decision making and planning
(9) Improve Controls
5. Organization & Objectives of Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 30
Risk Management Mistakes (Survey in Harvey Business
Manager 2009):
(1) Historical data
(2) Imprecise operating figures
(3) Ignore recognizable risks
(4) Ignore hidden risks
(5) Improper risk communication
(6) Improper risk response
5. Organization & Objectives of Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 31
Risk assessment is the overall process of risk identification, risk
analysis and risk evaluation.
(1) Risk Identification
• The organization should identify sources of risk, areas of impacts,
events (including changes in circumstances) and their causes and their
potential consequences:
Generate a comprehensive list of risks based on those events
that might create, enhance, prevent, degrade, accelerate or
delay the achievement of objectives;
Comprehensive identification is critical, because a risk that is
not identified at this stage will not be included in further analysis.
• Identification should include risks whether or not their source is under
the control of the organization, even though the risk source or cause
may not be evident:
Cascade and cumulative effects!
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 32
All significant causes and consequences should be considered;
The organization should apply risk identification tools and
techniques that are suited to its objectives and capabilities, and
to the risks faced (Risk Inventory Tools).
• Practical approach is Risk Ownership of experts on different group
levels to achieve a holistic and consistent understanding of risks, which
potentially could impact a company.
• Results are assessments and scenarios on a subjective basis.
• Sources of risk identification: discussions, budget, forecast, judgment,
information from other departments (Internal Audit, Compliance, etc.).
• Methods of risk identification: most common is a risk universe / risk
catalog, IT-tools (risk inventory system, risk management system),
workshops, interviews, key ratios; also: Failure Mode and Effect
Analysis (FMEA), Fault Tree Analysis (FTA), Analysis of Variance
(ANOVA), Delphi Method.
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 33
(2) Risk Analysis
• Developing an understanding of the risk and provides an input to risk
evaluation and to decisions on whether risks need to be treated.
• Involves consideration of the causes and sources of risk, their positive
and negative consequences, and the likelihood that those
consequences can occur:
Factors that affect consequences and likelihood should be
identified;
Risk is analyzed by determining consequences and their
likelihood;
An event can have multiple consequences and can affect
multiple objectives. Existing controls and their effectiveness and
efficiency should also be taken into account;
It is also important to consider the interdependence of different
risks and their sources;
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 34
Factors such as divergence of opinion among experts,
uncertainty, availability, quality, quantity and ongoing relevance
of information, or limitations on modelling should be stated and
can be highlighted.
• Analysis can be qualitative, semi-quantitative or quantitative, or a
combination of these, depending on the circumstances.
• Consequences and their likelihood can be determined by modelling the
outcomes of an event or set of events, or by extrapolation from
experimental studies or from available data.
• Consequences can be expressed in terms of tangible and intangible
impacts.
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 35
(3) Risk Evaluation
• The purpose of risk evaluation is to assist in making decisions, based
on the outcomes of risk analysis.
• Risk evaluation involves comparing the level of risk found during the
analysis process with risk criteria established when the context was
considered:
based on this comparison, the need for treatment can be
considered;
two dimensional evaluation Likelkihood and Impact (positive or
negative);
product out of Likelihood and Impact is the Expected Value;
evaluation on gross and net basis ;
evaluation by a single value.
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 36
(3) Risk Evaluation
• Example: Brazilian Division
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 37
(3) Risk Evaluation
• Highly exposed risk / difficult circumstances: distribution function
as triangular distribution or multinomial distribution can facilitate
the risk evaluation
graph triangular distribution
Best case
Most Likely
Worst case
easy to apply
evaluation of likelihood not
necessary
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 38
(4) Risk Report
• Risk Reporting at least on quaterly basis
• Risk Reporting Addressee‘s: shareholder, stakeholder, investors, senior
management / board, supervisiory board / Verwaltungsrat, internal /
external auditors
• Top Group Risks / Top Entity Risks
• Best Practice: Risk Reporting including all risks exceeding the net
evaluation of likelihood > 50%
• Management Summary on annual basis
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 39
(4) Risk Report
• Risk Map
6. Risk Assessment & Risk Report
© 2015 Belden Inc. | belden.com | @BeldenInc. 40
What is Enterprise-wide Risk Management (ERM)?
• ERM is a structured, consistent and continuous process across the
whole organization for identifying, assessing, deciding on responses to
and reporting on opportunities and threats that affect the achievement
of its objectives.
Responsibilty for ERM?
• The board has overall responsibility for ensuring that risks are
managed.
• In practice, the board will delegate the operation of the risk
management framework to the management team.
• Everyone in the organization plays a role in ensuring successful
enterprise-wide risk management but the primary responsibility for
identifying risks and managing them lies with management.
7. Enterprise-wide Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 41
Benefits of ERM
• Greater likelihood of achieving objectives;
• Consolidated reporting of disparate risks at board level;
• Improved understanding of the key risks and their wider implications;
• Identification and sharing of cross business risks;
• Greater management focus on the issues that really matter;
• Fewer surprises or crises;
• More focus internally on doing the right things in the right way;
• Increased likelihood of change initiatives being achieved;
• More informed risk-taking and decision-making.
7. Enterprise-wide Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 42
The activities included in ERM
• Articulating and communicating the objectives of the organization;
• Determining the risk appetite of the organization;
• Establishing an appropriate internal environment, including a risk
management framework;
• Identifying potential threats to the achievement of the objectives;
• Assessing the risks (impact / likelihood of the threat occurring);
• Selecting and implementing responses to the risks;
• Undertaking control and other response activities;
• Communicating information on risks in a consistent manner at all levels
in the organization;
• Centrally monitoring and coordinating the risk management processes
and the outcomes, and
• Providing assurance on the effectiveness with which risks are
managed.
7. Enterprise-wide Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 43
Providing Assurance on ERM
• One of the key requirements of the board or its equivalent is to gain
assurance that risk management processes are working effectively and
that key risks are being managed to an acceptable level;
• This assurance should be completed by the provision of objective
assurance, for which the internal audit activity is a key source!
7. Enterprise-wide Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 44
2011 Risk and Insurance Management Society (RIMS) Executive
Report: Risk Maturity Model for Enterprise Risk Management (ERM)
(1) ERM-based approach: Gaining executive support within the corporate
culture
(2) ERM process management: Integrating ERM into business processes
(3) Risk appetite management: Establishing accountability within
leadership and policies to guide decision-making
(4) Root cause discipline: Binding events to their process sources
(5) Uncovering risks: Performing risk assessments to document risks and
opportunities
(6) Performance management: Executing organizational vision, mission
and strategy through outcomes-based measurements
(7) Business resiliency and sustainability: Integrating ERM into operational
planning and execution
7. Enterprise-wide Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 45
Example: Risk Management Workflow (Risk Inventory)
7. Enterprise-wide Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 46
8. Corruption Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 47
• Wherever multinational companies are active, they are subject to more
anti-corruption legislation than ever before; meanwhile, as international
legislation becomes increasingly strict as well as more widespread,
corruption itself remains a broad and complex problem.
• What is “Corruption”?
“Corruption” can include graft, bribery, facilitation payments or
other forms of improper business practice: Corruption can
assume all kinds of local nuances which may be euphemisms
for illegal and unethical business practices.
• How do I handle this from a CFO-Perspective:
The best approach is to conduct a comprehensive corruption
risk assessment, and the more tailored the assessment is to
your operations and requirements, the better your organization
will be protected against the risks that might occur.
8. Corruption Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 48
• SOX Sections 302 and 404 together also require to perform a fraud risk
assessment and include to establish a anti-fraud program.
• As stringent anti-corruption legislation comes into force (FCPA, UK
Bribery Act), you should be conducting a more specific assessment of
the risks your company faces. You will need to know whether or not your
organization can operate commercially in a given environment, and in
compliance with all relevant legislation.
• In the case of the UK Bribery Act, the Serious Fraud Office (SFO) states
that corruption cases involving companies that can prove they have
‘adequate procedures’ in place to mitigate against corruption risk are
more likely to avoid charges for single offences. A bespoke corruption
risk assessment is an essential first step towards adhering to the six
general principles that make up the SFO’s ‘adequate procedures’:
8. Corruption Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 49
• What are adequate procedures? The UK’s six anti-corruption general
principles:
(1) Risk Assessment
(2) Top-level Commitment
(3) Due Diligence (3rd Parties)
(4) Clear Practical and Accessible Policies and Procedures
(5) Effective Implementation
(6) Monitoring and Review
8. Corruption Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc. 50
• Proactive Anti-Fraud Program to comply with regulatory requirements
and maximize stakeholder value; promoting anti-fraud environment!
• The program needs full support and proper implementation from the
organization to reduce the risk of fraud and increase the likelihood that,
if fraud does occur, it will be detected at an early stage;
• Certain conditions can create a fertile environment for fraud, including:
Lack of awareness by management of the organization’s fraud
risk factors
Inadequate organizational structures, policies and procedures
Insufficient emphasis on, and understanding of, ethical duties
throughout the organization
Insufficient knowledge of the warning signs of fraud
Ineffective mechanisms for reporting, investigation and
remediating fraud
Ineffective board and audit committee oversight
8. Corruption Risk Management
© 2015 Belden Inc. | belden.com | @BeldenInc.
CONTACT:
Dirk Erlenkoetter Internal Audit Manager EMEA
Belden Inc.
Edisonstraat 9
P.O. Box 9, 5900 AA Venlo
The Netherlands
Direct: 0031-77-3878-278
Mobile: 0049-171-7903066
Email: [email protected]