HOUSE_OVERSIGHT_022542.jpg

Internal Controls Provision The payment of bribes often occurs in companies that have weak internal control environments. Internal controls over financial reporting are the processes used by compa- nies to provide reasonable assurances regarding the reliabil- ity of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organi- zation regarding integrity and ethics; risk assessments; con- trol activities that cover policies and procedures designed to ensure that management directives are carried out (c.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitor- ing. Section 13(b)(2)(B) of the Exchange Act (15 US.C. § 78m(b)(2)(B)), commonly called the “internal controls” provision, requires issuers to: devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that— (i) transactions are executed in accordance with man- agement’s general or specific authorization; (ii) transactions are recorded as necessary (I) to per- mit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is com- pared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences ....?73 Like the “reasonable detail” requirement in the books and records provision, the Act defines “reasonable assurances” as “such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.”?* The Act does not specify a particular set of controls that companies are required to implement. Rather, the internal controls provision gives companies the flexibility to develop and maintain a system of controls that is appro- priate to their particular needs and circumstances. The FCPA: Accounting Provisions An effective compliance program is a critical com- ponent of an issuer’s internal controls. Fundamentally, the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption. A company’s compliance program should be tailored to these differences. Businesses whose operations expose them to a high risk of corruption will necessarily devise and employ different internal controls than businesses that have a lesser exposure to corruption, just as a financial services company would be expected to devise and employ different internal controls than a manufacturer. A 2008 case against a German manufacturer of indus- trial and consumer products illustrates a systemic internal controls problem involving bribery that was unprecedented in scale and geographic reach. From 2001 to 2007, the com- pany created elaborate payment schemes—including slush Companies with ineffective internal controls often face risks of embezzlement and self-dealing by employees, commercial bribery, export control problems, and violations of other U.S. and local laws. HOUSE_OVERSIGHT_022542