Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Practice note: Audit rights power up a compliance program

At November’s 32nd ACI Foreign Corrupt Practices Act conference in Washington, DC, the DOJ’s new Compliance Counsel, Hui Chen, emphasized that compliance programs need to be real and not just paper programs. 

Among the most effective tools to take a compliance program from paper to real is to utilize audit rights. Once a rarely-used tool reserved for extreme situations, conducting anti-corruption audits of business partners is increasingly something regulators expect.
How does a company rise to this challenge? Below are ten steps to assist you with this task.    
First: Determine which business partner to audit. Usually, risk factors can be assigned based on the business partner’s function, history, contact with government entities, and country location — among other factors more specific to your industry.    
Second: Read your audit clauses. What rights do the clauses grant you? Are there other relevant clauses or agreements that might expand or contract your perceived rights?  
Third: Determine who should conduct the audit. The audit should be conducted by qualified individuals with anti-corruption training who also understand the specific transaction risks. You may consider whether, to preserve privilege, the audit should be conducted under the direction of counsel.
Fourth: Determine the scope of the audit. Are you conducting the audit with respect to activities occurring within the past three years, two years, or one year? What documents will you review? Who will you interview? How long will you spend on-site?
Fifth: Conduct an internal background review using appropriate  resources. Those include LexisNexis, Google Plus, Bloomberg, or even obtain an independent third party background report on the third party.
Sixth: Request documents internally and externally prior to the on-site visit.
Seventh: Review the documents and prepare for an on-site review and interviews. In reviewing the financial documents, review the general ledger for high risk transactions, with a focus on activities with government interaction.
Eighth:  During the on-site visit, interview select individuals from the third party, review the books and records of the third party, conduct interview, and conduct training (which should be in the native language if appropriate).
Ninth: Document your process and report your findings. You can choose to report to the board and audit committee if appropriate.

Tenth: Remediate if necessary. This includes changing your internal processes or choosing to suspend or terminate your business partner.


Every compliance review is unique, but a strong core program can easily be tailored to different circumstances.  Hopefully, these are some good starting points for your team to consider in preparing your audit program.


Benjamin S. Britz is a member of the Anti-Corruption and Internal Investigations practice at Hughes Hubbard & Reed LLP. He has represented clients before the DOJ, SEC, UK Serious Fraud Office, and the enforcement offices of the World Bank, Asian Development Bank, and African Development Bank, among others. He can be contacted here.
N. Tien Pham is a member of the Anti-Corruption and Internal Investigations practice at Hughes Hubbard & Reed LLP. Prior to joining Hughes Hubbard, she was an auditor at Ernst & Young LLP. She’s also a Certified Public Accountant in Virginia. She can be contacted here.

Share this post


Comments are closed for this article!