Page 78 - COSO Guidance Book
P. 78

38    |   Enterprise Risk Management   |  Compliance Risk Management: Applying the COSO ERM Framework




          16. Transparency of the entity regarding donations to   1.  A comprehensive risk assessment
             candidates and political parties                 2.  Vetting and training obligations for managers
                                                              3.  Reporting procedures
        The decree states that in evaluating the compliance program,   4.  Recordkeeping
        consideration will be given to the unique features of the   5.  Due diligence
        organization, including the number of employees, number   6.  Other processes for minimizing the risk of abuses
        of locations, countries in which it operates, it industry, its
        complexity, and its use of third parties.           Singapore
                                                            Singapore’s Corrupt Practices Investigation Bureau in
        This provision is consistent with U.S. guidance stating that   2017 published “PACT – A Practical Anti-Corruption Guide
        there is no “one size fits all” approach to C&E programs.   for Businesses in Singapore” to assist organization’s in
        Every program should be tailored to fit the unique needs of   complying with The Prevention of Corruption Act. The guide
        the organization.                                   describes the following four steps (thus the acronym, PACT)
                                                            that companies can take to prevent corruption:
        Costa Rica
        Costa Rica is another Latin American country (along with   1.  Pledge — Tone from the top, anti-corruption policies,
        Argentina, Peru, and Chile in 2018) to recently enact a law   and a code of conduct
        addressing compliance programs. The scope of the 2019   2.  Assess — Conduct periodic risk assessments
        Costa Rican law is domestic and international bribery and   3.  Control and communicate — Internal controls, audit
        corruption, as well as falsifying books and records to conceal   checks, training and communication, and a robust
        such corruption. Significant penalties can be reduced if a   reporting system
        company has a compliance program in place. Expectations   4.  Track — Evaluate and improve the anti-corruption
        of the C&E program as described in the law include the   system
        following:
                                                            Spain
          1.  Conduct a risk assessment for the business activity in   Amendments to Spain’s Criminal Code that took effect on July
             Costa Rica                                     1, 2015, provide for the regulation of corporate compliance
          2.  Implement a code of conduct and adopt specific rules   programs. The amended code provides companies with an
             and processes that prevent the commission of crimes  exemption from criminal liability for crimes committed by
          3.  Establish specific policies and procedures to prevent   their officers or employees if the company has adopted a
             crimes relating to public bidding contracts, obtaining   compliance program that includes the following six elements:
             licenses, or any other activity related to the public
             administration                                   1.  Risk assessment
          4.  Determine the scope of these policies for third parties  2.  Standards and controls to mitigate any criminal risks
          5.  Establish adequate financial controls and financial   detected
             records aimed at the prevention of wrongdoing    3.  Financial controls to prevent the crimes
          6.  Periodic anti-corruption training, including training for   4.  Obligation to report to the compliance body
             third parties                                       any violations of the standards and controls (a
          7.  Perform periodic risk assessments and modify the   whistleblowing channel)
             program accordingly                              5.  Disciplinary system to sanction violations of the
          8.  Establish a disciplinary model for noncompliance   compliance program by officers and employees
          9.  Appoint a compliance officer and provide adequate   6.  Periodic review of the compliance program, making
             capacity and resources for the program              the necessary adjustments when serious violations
          10. Conduct an external accounting audit               occur or when the company undergoes organizational,
                                                                 structural, or economic changes.
        New Zealand
        The Anti-Money Laundering and Countering Financing   Summary
        of Terrorism Act took effect in July 2013. One of the   The summary in this appendix is far from complete and
        requirements of the act is the appointment of a compliance   is provided only to illustrate some of the similarities and
        officer and development of a reporting and compliance   differences among a handful of the many nations that have
        program.                                            promulgated some form of requirement or guidance relating
                                                            to compliance and ethics programs. Organizations should
        The key elements of a compliance program must include the   always consult the laws and regulations of each jurisdiction
        following:                                          in which they operate for further guidance.






           c oso . or g
   73   74   75   76   77   78   79   80   81   82   83