Friday, May 14, 2010

The High Cost of FCPA Compliance - CCM-T as Low-cost Antidote

We've been writing and tweeting about Foreign Corrupt Practices Act (FCPA) compliance for several months, after teaming with Houston-based Morgan-Garris for an innovative data-driven solution to help reduce the costs of FCPA monitoring and compliance. We'll actually be presenting next week at MISTI's SuperStrategies on using Continuous Auditing and Monitoring technology for several different applications, including FCPA.

This week's Forbes Article titled, "How Bribery Hurts Business and Enriches Insiders" shows the incredible high costs of FCPA investigations. Deloitte 1300+ project consultants billed more than 949,000 hours on their work for Siemens FCPA investigation. ABB has reserved $300 million, and Avon Products has reserved $95 million for their on-going investigations.

It is becoming increasingly common for FCPA costs to run tens, if not hundreds of millions of dollars. What takes so long? Why is it so expensive?

When Kim and I were at PwC, it was common for the data acquisition component of a Big 4 data analysis project to consume 60% or 70% or more of a project budget. Extracting flat files and fastidiously mapping them into desktop audit software tools was and still is a time-consuming process, especially for ad hoc analysis. At Visual Risk IQ, most of our data analysis projects are fixed-fee, and include time to acquire and map data into more modern audit software like Oversight, Approva, or SymSure for IDEA**. These more modern tools facilitate repeated extraction at dramatically lower costs of data acquisition, therefore allowing more time for research and review of results.

As such, each successive extract of a monthly or even daily file can be loaded into modern audit software, so that 100% of the time for the second file is spent on review of results, not loading data. Further, advances in workflow and logging can facilitate efficient review and oversight by finance or inside / outside counsel. Given the fees cited in Forbes, we know we have a much better way.

Joe Oringel
Visual Risk IQ
Charlotte NC, USA

** Author's Note - We read that ACL's AX/2 has similar automation for data extraction, through integration of Informatica for extract, transform, and load. We have not yet validated this functionality.

Tuesday, May 4, 2010

Speaking at Conferences in 2010, continued

Excellent feedback from IIA Chapter and District meetings has resulted in several new speaking opportunities this quarter. The list of topics is broadening, though the central themes remain data analysis and continuous auditing and monitoring. Among the newest new topics are a Data-Driven Approach to Enterprise Risk Management and Social Media 101, in addition to existing programs around anti-fraud programs and continuous auditing and monitoring.

Recent speaking engagements booked include National AICPA Conferences (i.e. NAAAT's - the National Advanced Accounting and Auditing Symposium and Controller's Workshops) and industry conferences with the Association of College and University Auditors (ACUA) and Association of HealthCare Internal Audit Conference (AHIA), among others. At AHIA, we'll be co-presenting with Chase Whitaker of HCA HealthCare, and at ACUA's Annual Conference we'll be co-presenting with Scott Stevenson of Emory.

We are currently preparing for our Wake-Up session on May 19, 2010, at MISTI's SuperStrategies, the Audit Best Practices conference to be held in Orlando. Our session is entitled Hot Topics in Continuous Auditing: Fraud, FCPA, and More. We will recap a number of Continuous Auditing implementations that touch on frequent risk assessment and frequent control assessment. This session will describe ways to integrate the multitude of audit software platforms that can occasionally challenge, if not even overwhelm internal audit departments.

For more information on bringing partial-day or even full-day speaker programs to your IIA, ACFE, ISACA, or CPA society meeting, please contact us via the comment feature of this blog below.

Joe Oringel
Visual Risk IQ
Charlotte NC, USA