Friday, May 14, 2010

The High Cost of FCPA Compliance - CCM-T as Low-cost Antidote

We've been writing and tweeting about Foreign Corrupt Practices Act (FCPA) compliance for several months, after teaming with Houston-based Morgan-Garris for an innovative data-driven solution to help reduce the costs of FCPA monitoring and compliance. We'll actually be presenting next week at MISTI's SuperStrategies on using Continuous Auditing and Monitoring technology for several different applications, including FCPA.

This week's Forbes Article titled, "How Bribery Hurts Business and Enriches Insiders" shows the incredible high costs of FCPA investigations. Deloitte 1300+ project consultants billed more than 949,000 hours on their work for Siemens FCPA investigation. ABB has reserved $300 million, and Avon Products has reserved $95 million for their on-going investigations.

It is becoming increasingly common for FCPA costs to run tens, if not hundreds of millions of dollars. What takes so long? Why is it so expensive?

When Kim and I were at PwC, it was common for the data acquisition component of a Big 4 data analysis project to consume 60% or 70% or more of a project budget. Extracting flat files and fastidiously mapping them into desktop audit software tools was and still is a time-consuming process, especially for ad hoc analysis. At Visual Risk IQ, most of our data analysis projects are fixed-fee, and include time to acquire and map data into more modern audit software like Oversight, Approva, or SymSure for IDEA**. These more modern tools facilitate repeated extraction at dramatically lower costs of data acquisition, therefore allowing more time for research and review of results.

As such, each successive extract of a monthly or even daily file can be loaded into modern audit software, so that 100% of the time for the second file is spent on review of results, not loading data. Further, advances in workflow and logging can facilitate efficient review and oversight by finance or inside / outside counsel. Given the fees cited in Forbes, we know we have a much better way.

Joe Oringel
Visual Risk IQ
Charlotte NC, USA


** Author's Note - We read that ACL's AX/2 has similar automation for data extraction, through integration of Informatica for extract, transform, and load. We have not yet validated this functionality.

1 comment:

Peter said...

Joe,
I liked your article on this topical issue. FCPA compliance is definitely surfacing as an important risk for a number of organizations. Regarding your comment about ACL's AuditExchange platform, it does in fact have a very robust data access capability leveraging both ACL's own data access functionality and Informatica's full range of ETL technology. AuditExchange is a server-based implementation of ACL's data analysis software with greatly expanded automation, scheduling and exception management capabilities to enable continuous analysis.

~Peter Millar, ACL Services Ltd.