Contributed 3/24/00 by John Peterson AUDIT PROGRAM TABLE OF CONTENTS I. GENERAL INFORMATION A. BACKGROUND B. OBJECTIVES C. SCOPE II. REFERENCES AND DEFINITIONS A. REFERENCES B. DEFINITIONS III. AUDIT PLANNING AND ORGANIZATION IV. PRELIMINARY SURVEY AND SYSTEM DESCRIPTION V. DETAILED TESTING I. GENERAL INFORMATION A. BACKGROUND (Provide background as to why the FCPA is high risk to the entity) B. OBJECTIVES The objectives of the audit include the following: A. Evaluate the Company's policies, procedures, and training relating to the FCPA. B. Devise and perform compliance tests to provide reasonable assurance that the requirements of the Act are being complied with in all material respects. C. Identify any waste or inefficiencies in the processes for insuring compliance with the FCPA. D. Report results of testing and recommendations for improvements in policies, controls, and processes to help ensure compliance with the FCPA. C. SCOPE The scope of the audit will the current status of training and agreements along with a 12 month period of financial statements and petty cash disbursements. The following areas and audit steps will be included in the scope: A. Policies and procedures B. Foreign bank accounts and bank reconciliations C. Distributor, agent, and rep agreements D. Internal training E. Payments to foreign government officials F. Foreign financial statements G. Petty Cash funds and disbursements The following areas are excluded from the audit: A. (Describe any scope restrictions) Areas of concern include: A. (Describe any known issues that possibly led to this audit being included in the annual audit plan along with general areas in which the entity might have unique vulnerabilities to the FCPA or where compliance might be weak or suspect) Note to the user: the accounting requirements of the FCPA only apply to publicly traded companies; however, the requirements reflect sound business practices that any company would need to follow in order to be successful. II. REFERENCES AND DEFINITIONS A. REFERENCES Foreign Corrupt Practices Act of 1977 (available on the web) Company Policy XXXX, Foreign Corrupt Practices Policy Company Policy XXXX, Ethics (Other company policies that are applicable) B. DEFINITIONS None III. AUDIT PLANNING AND ORGANIZATION Description W/P Reference Initials/Date A Review the following: 1. Audit Data Sheet from the Annual Audit Plan 2. Permanent file. 3. Recent Internal Audit reports and associated working papers. 4. Company policies and procedures. 5. Minutes of any applicable meetings. 6. Unit financial data. B Create an Audit Planning Memo and review with the audit manager. 1. Review the Annual Audit Plan documentation or request for audit and establish a preliminary audit objective and scope. 2. Determine the tentative audit schedule and resources necessary. 3. Identify key contacts and personnel that should be kept informed during the audit process. 4. Identify any CAATs that could improve audit efficiency. 5. Do a preliminary assessment of risk C Create a preliminary Audit Program D Review the Audit Follow-Up File and determine if there is any follow-up from previous audits that needs to be done concurrently with this assignment. E Prepare and send an announcement letter. IV. PRELIMINARY SURVEY AND SYSTEM DESCRIPTION ADMINISTRATIVE CONTROLS During the course of the audit pre-scope, the auditor should gain an understanding of the company's systems for collecting and reporting time worked, processing payroll, and distributing labor charges to cost objectives. ORGANIZATIONAL CONTROLS These controls ensure that functions and activities are established in accordance with management objectives, authority delegated to management is commensurate but not excessive with their responsibility, and staffing and supervision is adequate. Effective organization controls rely upon a logical organizational structure with adequate segregation of duties. INFORMATION SYSTEM CONTROLS These controls assure that the accounting information system provides management with an awareness of operational efficiency and adhere to prescribed managerial policies. The cost data generated should be reliable and relevant to the operations, adequately segregate costs into correct classifications, and segregate unallowable costs. During the course of the audit the auditor should remain alert for weaknesses in the information systems which could lead to errors. Description W/P Reference Initials/Date A Obtain an organization chart and identify key personnel. B Identify and review pertinent local policies and procedures, both formal and desktop. C Obtain copies of forms and reports used by the function being audited. D Identify and review pertinent laws and regulations. E Identify and review any related DCAA topics in the Contract Audit Manual (CAM). F Identify and review any related independent public accountant or DCAA audit reports G Conduct an entrance meeting with auditee management. 1. Invite the appropriate personnel to attend. 2. Discuss the audit objectives, scope, and methodology, along with information that the auditee will need to supply. 3. Establish a cooperative tone. H Develop an internal control questionnaire. The questionnaire should identify key control points and solicit information regarding the functioning of those controls. I Interview key personnel with the internal control questionnaire to determine whether the system has been implemented and is operating as designed. J Perform a walkthrough to evaluate key assertions. K Perform a preliminary risk assessment to determine initial sample size requirements. V. PRELIMINARY EVALUATION The following questions are designed to aid the auditor in evaluating the adequacy of the internal controls. They cannot be considered all inclusive. There may be additional control considerations unique to each audit. A. Administrative Controls Description Yes/No W/P Reference Initials/Date 1 Has awareness training been provided to key personnel? 2 Does the policy address all the requirements of the Act? 3 Are foreign bank statements reconciled on a monthly basis and are any necessary adjustments in the general ledger control accounts made? 4 Are financial records for all foreign entities kept in accordance with GAAP? 5 Does someone in the accounting organization review all foreign transactions and payments? 6 Do all subcontracts and purchase orders to foreign subcontractors flow down appropriate FCPA clauses? 7 Do all consultant, representative, and agent contracts include appropriate FCPA clauses? 8 Do key employees have to certify that they are in compliance with the FCPA? B. Organization Controls Step Description Yes/No W/P Reference Initials/Date 1 Is there adequate segregation of duties between the custody of cash in foreign checking accounts and the person who performs the bank reconciliations. 2 Is there adequate training and supervision of the clerical people doing the foreign accounting and reconciling the foreign bank statements so that they would recognize non-compliance with the FCPA. D Information System Controls Description Yes/No W/P Reference Initials/Date 1 (Identify any systems controls that are applicable to the audit) VI. DETAILED TESTING The testing function is divided into several sections: A. Analytical Procedures N/A B. Test of Controls - Adequacy Of Policies And Procedures Step Description W/P Reference Initials/Date 1 Review existing Company policies and procedures in light of the Foreign Corrupt Practices Act and evaluate their adequacy. C. Test of Controls - FCPA Training Step Description W/P Reference Initials/Date 1 Review the Company's training materials for the Foreign Corrupt Practices Act and comment on their adequacy. Make sure the training incorporates a discussion of the accounting requirements of the Act and the company's implementing policies and procedures rather than just a discussion of the Act itself. 2 Determine whether the Company has identified the key employees who should have FCPA training and developed a training plan. 3 Determine whether the Company has provided FCPA training to the key employees identified in C.2. above. D. Test of Controls - Agent, Representative, and Distributor Agreements and Payments Step Description W/P Reference Initials/Date 1 Identify all foreign agents, representatives, and distributors. 2 Obtain copies of and review all foreign agent, representative, and distributor agreements. Verify that FCPA requirements have been included and certification of compliance is required from the agent on a periodic basis. 3 Review a sample of payments to foreign agents, representatives, and distributors over the past 12 months. 4 Follow up on any payments that appear questionable. E. Test of Controls - Payments to Government Employees and Foreign Officials Step Description W/P Reference Initials/Date 1 Identify all payments made to government employees and foreign officials over the past 12 months. 2 Follow up on any payments that appear questionable. F. Test of Controls - Foreign Entity Financial Statements Step Description W/P Reference Initials/Date 1 Identify all foreign operations that are wholly owned or majority owned. 2 Determine whether they have financial records that comply with the FCPA accounting requirements and appear adequate for GAAP reporting. 3. Review check registers for the past 12 months and follow-up on any disbursements that appear out of the ordinary or which appear to be questionable. G. Test of Controls - Foreign Bank Account Reconciliations, Working Paper Section K Step Description W/P Reference Initials/Date 1 Identify all foreign bank accounts. 2 Review the bank reconciliations and the bank statements for the above accounts and ensure that they match the ledger. H. Test of Controls - Petty Cash Disbursements, Working Paper Section L Step Description W/P Reference Initials/Date 1 Identify all foreign petty cash accounts. 2 Review the past 12 months of disbursements and follow up on any disbursements that appear questionable. FCPA Audit Program.doc COMPANY NAME. INTERNAL AUDIT DEPARTMENT FOREIGN CORRUPT PRACTICES ACT AUDIT AUDIT NUMBER XXXXXX 1