One area not often considered by the chief compliance officer as a key part of any compliance regime is the corporate controller. The controller generally has the responsibility to accurately record and report company financial transactions; to design, implement, and execute the financial processes and controls so they are both effective and efficient; and to safeguard all financial assets.
This means that not only can the controller be one of the compliance function’s strongest corporate allies, but by nature the role works to operationalize compliance. This is because to implement the appropriate internal controls around compliance, the controller must know the specific requirements of the Foreign Corrupt Practices Act and know what kinds of issues are likely to come up that might create a risk of bribery and corruption, which all leads to an appropriate understanding of the appropriate compliance internal controls to implement.
Another area on a controller’s radar is the Vendor Master List (VML). An obvious internal control is to ensure that no person or business venture partner gets paid unless he or she is properly placed on the VML; and no person or business venture partner is admitted to the VML unless they have gone through the appropriate level of due diligence, which varies by task, function, and country. The controller can help this process by putting in place controls that prevent workarounds, which are always a bête noir for compliance. Such financial controls also include those around the manual check process and internal requirements for international wire transfers. Finally, the controller is on the front lines of protecting and maintaining how petty cash is distributed, and even to this day petty cash continues to be a source of funds corrupt individuals will use to fuel bribery and corruption.
While compliance benefits from the controller, the controller benefits as well by leveraging compliance resources. A closer collaboration between the two will broaden awareness of compliance risks relating to the company’s financial processes, and by fully integrating compliance into the controller function, a more robust picture of enterprise risk emerges, one which encompasses legal, compliance, ethics, internal controls, financial, business, and governance.