The Quest for Compliance

Tips for Using IDEA for FCPA

Just before 2019 came to a close, Stockholm-based Ericsson begrudgingly made it onto the Foreign Corrupt Practices Act (FCPA) top ten list with a $1.06 billion mega-settlement. Oddly enough, Sweden ranks as one of the world’s cleanest countries according to the Corruption Perceptions Index (CPI). A country’s rank is not always a perfect indicator of how they conduct business overseas, but it’s certainly a good starting point.

While the FCPA has been around for more than 40 years, enforcement has tightened in the last decade. The availability of electronic data and advancements in data analytics are shrinking the dark corners where companies who engage in bribery, corruption or other violations can no longer hide.

Many countries have passed new legislation in recent years to hold companies responsible for failing to prevent bribery committed on their behalf by employees, agents or subsidiaries. Recent FCPA judgments indicate that having proactive and detective procedures in place may mitigate penalties.

Data analysis is playing a significant role in helping companies stay compliant with these laws and regulations. Government watch groups, including long-time CaseWare IDEA® users within the federal government, now have the technology to keep their eye just as closely on the “little guys” doing business abroad as they do the “giants.” Here are a few tips and resources for using IDEA to ensure your company doesn’t make the list of non-compliant companies:

Are You Doing Business with High-Risk Countries?

Technology advancements have made the world smaller and more accessible. It’s difficult to know where the risks lie when conducting business on a global scale.

Transparency International publishes a Corruption Perceptions Index (CPI), which ranks 180 countries and territories by their perceived levels of public sector corruption. Using a scale of 0 to 100, where 0 is highly corrupt and 100 is considered a non-threat, you can focus your efforts on areas with the highest levels of perceived risk for corruption.

More than 2/3 of countries score below 50 in the 2018 index, with an average score of just 43.

You can easily download the data from the CPI into Excel, then upload it into IDEA to:

• Search for payments to vendors in high risk countries
• Identify countries in which you do business which have significant changes in risk profile
• Use the CPI Index as part of a High-Risk Country Risk assessment

Analyzing Payment Data

• Duplicate Testing including Same vendor name and payment amount, but a different invoice number. Often times, this will include instances where regular payments were made to the same vendor, for example, reoccurring phone bills. Over time, you can exclude these from your testing parameters.
• Analyzing payments made to consultants or to government related accounts
• Payments made to or from an offshore bank account
• Payments to new vendors, with no prior relationship
• Compare vendors to the prohibited vendors list provided by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC)

Also look for:

• Expense totals just under the review threshold or authorization limits
• Payments made directly from a bank
• One-off payments to vendors, including one-time annual payments
• Manual payments
• Round-dollar payments and invoices
• Sequential invoices

Compliance-Sensitive Words

IDEA allows you to perform keyword searches to analyze text fields within transactions and invoices or other payment details including:

• Credit cards
• Invoices
• Emails
• Expense reports
• P-cards

Within the payment description or notes, look for words that may indicate fraud such as: “facilitation,” “consulting” “cash,” “gifts,” or the catch-all, “NULL” or “N/A.” Blank descriptions are also red flags.

Quick Tip: Use @similarword, which measures the similarity between two strings. For example, when looking for all cash transactions across millions of rows, it will identify any transactions containing the word “cash” or any variation, such as “cash payment.”

These Audimated Apps will save you hours of effort when searching for words or creating a list for frequency detection:

Looping Search – Search in 1, 2, or 3 fields using words or wildcard fragments contained in a second file.

Work List Maker – Search for frequently-used words in a selected field by creating a unique list.

Lost in Translation?

When working with transactions in foreign languages, you can download a Unicode version of IDEA, which recognizes foreign languages.

You can also use Google Translate to convert a list of keywords or information from a PDF, then use @isini to search for the occurrence of a specified character string (of any case) in a character field or date field. If appending a field and the string is found, it returns the starting position of the specified character string; otherwise, a 0 is returned.

Detecting Duplicates

Most ERP systems will not allow the same vendor, invoice number and payment to be entered without an error message. A quick workaround, whether intentionally deceitful or not, is to add a space or character (punctuation marks, underscore, etc.) to bypass this control.

@strip removes all spaces, punctuation and special characters from a text field leaving a string of characters and numbers. For example, a field that looks like: “-109A B,V=$%” would be yield: “109ABV.”

The @strip function is also helpful when testing vendor addresses.

One of the largest engineering and construction firms in the world with $10B in revenue and 40,000+ global employees uses IDEA to analyze projects to ensure contract specifications are met and to assure FCPA compliance. Within their first few years of using IDEA they:

• Avoided over $500k annually in duplicate payments
• Saved over 300 hours per year of audit time
• Detected $40k in fraudulent travel expenses

Spending Trends

IDEA can be used profile travel and entertainment transactions to search for:

• Instances where employees are reimbursed through both T&E and AP to cover bribes.
• Search expense descriptions for high-risk words (e.g., gifts)
• Focus on sales agents and ex-patriots
• Look for conflict of interest schemes between employees and government entities using the vendor master file to compare address names, phone numbers and tax ID using:

@justletters – Returns characters, spaces and special characters from the character string or field by removing any numbers

@justnumbers – Returns only the numbers from the specified charter string or field

“IDEA has simplified the work we do to help clients check compliance and identify exposures relating to the Foreign Corrupt Practices Act. For instance, at the beginning of an investigation, we are provided with a variety of general ledger information, which we then test to produce a subset of transactions and request documentary evidence. The tests we conducted included looking for round amounts, zero dollar invoices, duplicate invoice numbers, invoices paid with checks where the check date is before the invoice date, employees with the same address as vendors and many others. IDEA performs all these tasks with ease, and in many cases, has preprogrammed functions (such as detecting duplicates) that allow the test to be run in a single step. IDEA is also helpful in completing SAS99 work (consideration of fraud), which involves running similar tests to those used for FCPA purposes.”

– IDEA User and Certified Fraud Examiner

Even the most robust FCPA compliance program is not a 100% defense against rogue employees. There will always be those who believe, “good compliance means not getting caught.” Data analytics is a great way to demonstrate proactive monitoring of transactions for corruption. With the fines now reaching the billion-dollar mark, it’s certainly worth the effort.

Facing an FCPA challenge? Let our experts guide you in applying data analytics to meet FCPA compliance requirements with our co-sourced professional services. Or, we can run the analytics on your data with our full-service outsourced option. Contact [email protected] to get started.