AUDITING IMPROPER RELATIONSHIPS

By

Kastuv Ray

Introduction

Corruption is a disease that affects societies and organizations across the world. Businesses and organizations need to display a degree of transparency as they are constantly in the Public Eye. The organization should list being labelled with the tag of having an improper relationship with an individual, body or business as a key risk in its risk register under the title of Reputation Management.

Internal Audit’s Role

So what role can Internal Audit play in this process? Internal Audit can conduct a review of the process for gifts, hospitality and declarations of conflicts of interests. This area needs to be examined at least once every three years.

Areas to Examine

Internal Audit needs to cover the following areas within their review: 

• The Organization’s Corporate Policy and Procedures on Gifts, Hospitality and Declarations of Conflicts of Interest

• The Organization’s Departmental Procedures for recording the above

• Training Provided within the Organization

• Examination of registers at the Corporate and Departmental Levels

• Instances of improper conduct and the action taken

• Management Information

Questions to Ask

Internal Audit may wish to ask the following questions with respect to the above areas:

Corporate Policy

• Are there corporate policies/procedures in place with respect to acceptance of gifts, hospitality and conflicts of interest?

• Is this formally documented?

• Who has approved this?

• Are these cross-referenced to the Organization’s Code of Conduct and Statement of Ethical Standards?

• Do the policies/procedures take into account relevant Human Rights legislation?

• What about compliance with relevant accounting legislation with respect to related or third party transactions?

• Do the policies include clear definitions as to what constitutes a gift, hospitality and what is deemed to be a conflict of interest?

• Under what circumstances can all these accepted?

• If there are exceptional circumstances, what is the process for review?

• Who authorises and approves this?

• Is there a threshold above which gifts and hospitality accepted has to be declared?

• What is unacceptable?

• Are examples provided?

• Who owns the policy?

• Are key roles of officers defined?

• What is the procedure for recording gifts, hospitality and declarations of interest?

• Are all employees and Board members aware of the policies/procedures regarding gifts, hospitality and declaration of interests?

• Do staff sign a declaration to state that they have received and understand the policy?

Departmental Policies

• Is there a separate Departmental policy?

• Is it cross-referenced to the Corporate Policy?

• Does this include a template, which shows the form to be completed?

Training

• What training is provided?

• Is this part of induction?

• Are scenarios and questions used in the training?

• Is feedback received regarding appropriateness of training?

• What about training plans?

• What happens if an employee has accepted a gift or hospitality in error?

• How is this recorded?

• Do they have to be retrained and have to undergo a rehabilitation program?

Corporate and Departmental Registers

• Is there a central register of interests?

• How are interests declared?

• Do forms have to be completed?

• What happens to the forms?

• Are these recorded in a register?

• Is it a computerized database?

• Is the register reviewed and updated regularly?

• Who is responsible for maintaining the register?

• Do the employees and Board members have to sign an annual declaration citing compliance with the policy/procedures?

• Is a record held of all exceptional gifts and hospitality that have been declined?

• Is there a requirement to disclose this information to the public?

• Is the information recorded on the register in compliance with suitable legislation on Data Protection?

Misconduct

• Are procedures in place to deal with improper conduct in relation to the acceptance of gifts, hospitality and declaration of conflicts of interest?

• Who can investigate allegations of improper conduct?

• Are they suitably trained?

• How is the policy monitored and evaluated?

• How is the investigation and disciplinary process invoked?

• Is there a whistle blowing program?

• Is a suitable committee/body charged with conducting hearing on cases of abuse?

Management Information

• Is there a requirement to produce an annual Control Assurance Statement with respect to Acceptance of Gifts, Hospitality and Declaration of Interests?

• Is this laid down in policies by the Organization?

• Does the Government lay down this requirement in statute?

Conclusion

Internal Auditors have an important role to play in protecting the reputation of the Organization and also have an ethical duty to themselves, the profession and the public.

Contributed by Kastuv Ray 12/01/04
kastuv@kastuv.fsnet.co.uk