Corruption risk is huge but technology deployment against it is still sparse

BBC News mapped out the countries where the most bribes were paid, based on a survey carried out by Transparency International in 95 countries. The results from countries where data was available indicated that one person in four had paid a bribe to a public body in the prior year.

For those living in some parts of the world, a statistic like this may seem hard to believe. However, in many countries, it is simply a fact of life.

Some form of personal payment is often expected in order to get an official to perform their basic duties, such as issuing a permit or processing a form – or even to avoid performing a duty, such as for ignoring a traffic violation. Although it may be seen by many as a reprehensible practice, it has become just part of the way the economy works.

In terms of the total monetary value of bribery and corrupt payments, the picture is very different. Very large sums of money are regularly paid by North American and European companies to foreign government and corporate officials in order to win massive competitive contracts. While most large companies have policies in place that prohibit such activities, this does not mean that bribery does not occur. The practices just take place in a fashion that is less obvious and harder to detect.

Over the past few years, legislation has been introduced or amended in many countries with the objective of outlawing the practice, typically involving harsh financial penalties for those corporations who are found guilty of illicit payments and benefits. 

For many corporations, the risks arising from bribes and corrupt payments rank among the largest risks that they face. The direct financial impact can be materially harmful when penalties reach hundreds of millions of dollars. The indirect cost, in terms of damage to brand and reputation, can have a greater and more lasting effect.

So how can corporations protect themselves from these risks? Most start with formal policies, together with education and training programs. Of course, recognizing the degree and magnitude of risk should also be performed as part of an overall formal risk management and risk assessment program. But how does the CCO, CRO, CFO or CEO obtain any degree of comfort that the policies are really being followed?

Technology has a big role to play. What if the appropriate corporate officials can look at daily reports on their smart phones, tablets or laptops that summarize the volumes of payments monitored by data analysis test specifically designed to detect indicators of bribery and corruption? What if high-risk suspect payments are highlighted and notified immediately to the right people? Dashboards can also indicate trends in whether risks of specific types of corrupt payments appear to be increasing or decreasing in given regions.

The ability of software to manage the anti-bribery and corruption process in terms of recording and assessing the risks and then monitoring, assessing and detecting instances of bribery and corrupt payments is now well established. However, the actual implementation of such systems is far from extensive, even in those companies most susceptible to bribery. This really is surprising, given the risks involved.

In some organizations the expectation may be that internal audit provides protection, which of course is not the case. Although internal audit may well perform data analysis to provide assurance over the apparent effective of anti-bribery controls, the real solution to the issue is for management to insist that risk management and monitoring software be implemented for all areas of significant potential risk within an organization.

_________

John Verver, CPA, CISA, CMC is an acknowledged thought leader, writer and speaker on the application of data analysis technology in audit, fraud detection, risk management, and compliance. He is recognized internationally as a leading innovator in continuous controls monitoring and continuous auditing and as a contributor to professional publications. He is currently a strategic advisor to FCPA Blog sponsor ACL, where he has also held vice president responsibilities for product strategy, as well as ACL’s professional services organization. Previously, John was a principal with Deloitte in Canada.