Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Audit Analytics For Bribery Act Compliance

While the Foreign Corrupt Practices Act has been around for decades, the newly enacted U.K. Bribery Act (July 1, 2011) enforces even more far-reaching and stricter penalties. If you’re involved in audit, finance, legal, risk management or compliance in an organization doing any business in the U.K., be it directly or via subsidiaries, agents or branches, you’re probably already under pressure to address Bribery Act compliance.

You may already know that you need to establish a Bribery Act compliance program. Maybe you’ve started monitoring Bribery Act regulations manually, and are realizing that emailing spreadsheets isn’t cutting it as a sustainable compliance program.

So, how do you become efficient and effective at addressing Bribery Act requirements? The direct answer: develop an audit analytics strategy for Bribery Act testing as an integral part of your compliance program.

A technology-enabled strategy using audit analytics is a keystone of an effective and efficient Bribery Act compliance program. It’s risky to rely on “policies” alone – companies need to actively monitor transactions to ensure compliance with policies and ensure potential issues can be quickly identified without relying on a lot of additional manual effort.

An audit analytics strategy can help assure compliance with the UK Bribery Act in the following ways:

  •        Look for ‘red flags’
  •        Develop an early warning system
  •        Continuously monitor key internal controls
  •        Create instant notification of potential problem areas

This contributes to creating a culture where employees know that their actions are being reviewed — a proven deterrent to non-compliance.

Over time, use of audit analytics combined with a process to follow-up and resolution of red flags may itself become a control and provide evidence of having “adequate procedures” in place.

Audit analytics will allow you to perform detailed analysis of your business transaction data against red flag scenarios and enables repeatable testing — essential steps in creating an effective compliance program.

To learn more about how to use audit analytics as part of a comprehensive UK Bribery Act compliance strategy, download the free eBook: Don’t Get Stung by the UK Bribery Act: Leveraging audit analytics for compliance testing.


Steve Biskie, CPA, CITP, CISA, is the Director of Customer Solutions, ACL Services.

Share this post



  1. Steve, sorry but the emphasis in the UK law is on prevention. Detection simply is not enough. If you detect a violation, even right after it happens and you take prompt action, you may still be liable for failing to prevent the bribe.

  2. Always good to hear from you, Norman –

    I agree that the UK Law and FCPA are both about prevention. In an ideal world, an organization would have controls to prevent bribery. There would be perfect hiring practices that ensure no unethical employee ever gets hired. There would be perfect training programs to ensure everyone understands their responsibilities even given language and cultural differences. Managers would have instant and advance visibility to all of their employee activities regardless of location and be capable of questioning and even stopping suspect behavior. There would even be fantastic system checks in place that can interpret the intent of user activity and stop potential bribes before they happen (which of course would now be accidental because of our perfect hiring, perfect training, and perfect real-time advance monitoring).

    Of course, we don’t live in that ideal world (at least I don’t), so we need to help balance our imperfect hiring, training, monitoring, and automated control practices with detective procedures to make sure something doesn’t slip through the cracks. And while we may still be liable for activity we fail to prevent, hopefully timely detection and correction can ensure we establish an internal precedent, which itself impacts our future control environment.

Comments are closed for this article!