In its full glory, corporate compliance is a complex subject. Here at Compliance Week do our best to provide subscribers with timely, concise looks at news in this field to help you understand how you can build and manage a better compliance program, but let’s be honest—sometimes you need an even deeper dive.
Today I’m happy to announce that Compliance Week now provides that deeper dive, too.
Starting today, Compliance Week will also publish an occasional series called Compliance In-Depth Reports: book-length treatments of compliance, audit, and risk management topics, available for purchase in our new virtual bookstore. We have two titles available now, from two authoritative writers, with more to come soon.
First is a subject that has induced migraines in IT managers, internal auditors, and financial compliance directors for years—effective segregation of duties. Everyone grasps the basic concept: you can’t let one person do two tasks that might let help commit fraud. Unto itself, that’s correct. But then ask that person to explain how you dissect a financial reporting process to find the specific duties that should be segregated. Even better, ask which duties scattered among multiple business processes should be segregated, and how you might configure business IT systems to ensure they are.
That is where lots of compliance professionals, especially those not formally trained in auditing, start staring at their shoes. Now they can open a copy of Segregation of Duties and Sensitive Access: Leveraging System-Enforced Controls, instead.
The author, Larry Carter, has been a practicing IT audit manager at Fortune 1000 companies for years. In Segregation of Duties and Sensitive Access he walks the reader through an 11-step process that you can use to deconstruct most standard financial processes (credit-to-cash cycle; inventory management; travel and expense management; and so forth) and identify key points where segregation of duties is critical. The book itself includes several flow charts, risk control matrices, and appendices to help the reader understand practical examples of SoD and sensitive access controls. With your purchase you receive three other Excel files as interactive appendices that include even more examples of SoD rules, sensitive access rules, and mitigating controls.
Second is a nuts-and-bolts handbook on building and running your compliance program, from our own Compliance Week columnist Tom Fox. Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program is 149 pages of a self-help manual for compliance officers new to the job, or uncertain that they’ve done the whole job, or simply looking for confirmation that they are doing a good job. Whatever the reason, Fox’s easy to read, easy to understand book belongs on your shelf.
Fox shares his considerable anti-corruption expertise as he walks the reader through the requirements to build, and execute, a modern compliance program. With a focus on anti-bribery and anti-corruption issues, the book first reviews the basic building blocks a compliance officer needs (code of conduct, policies and procedures, internal controls), moves on to address the proper role and autonomy of a chief compliance officer, delves into the most important CCO duties (risk assessment, training, investigations), and always offers practical examples and advice for how a compliance program should work.
Let’s be honest: anti-corruption enforcement is still the primary reason why we have compliance programs today. Yes, companies can (and should) invest in effective compliance to improve risk management, financial performance, and employee morale—all of which do improve when you have robust corporate compliance and ethics. Nevertheless, most companies build these programs because they fear the Justice Department or some other regulator pursuing them for violations of an anti-bribery statute. Preventing that type of misconduct is hard. Doing Compliance will help anyone confirm that they are fighting the battle in the right way.
Both books are available for purchase in either PDF format or as print-on-demand paperback books. (We’ll also have them on the Apple iBookstore and Amazon Kindle soon.) In coming months we’ll have more titles added, on everything from FACTA compliance to navigating European data privacy laws to working in emerging markets. And remember, Compliance Week exists to serve the compliance community; if you have an idea for an in-depth report, let me know at firstname.lastname@example.org.