Do you need a Compliance Oversight Review Committee? I recently read Thomas Fox’s article in FCPA Compliance Report on this very topic. Fox advocates that a Compliance Oversight Review Committee is critical in a best practices compliance program.
Fox dives into an interesting example of the Deferred Prosecution Agreement (DPA) that the Monsanto Company entered with the DOJ back in 2005, which in every practical sense established a Compliance Oversight Review Committee. His article gave me a lot to chew on. It’s worth a read in full, but I thought I’d share some of my main takeaways.
The Why
The Compliance Oversight Review Committee (let’s call it CORC for short) sits between the CCO and the Board’s compliance committee. It’s not just an extra layer of oversight for the sake of having another layer. The CORC has an important purpose—to make sure nothing slips through the cracks that might expose the company to unwanted risk.
The Who
What makes the CORC different from other committees is who sits on it and their focus on reviewing the highest risks to the organization. The CORC includes senior managers from multiple departments. It’s not just compliance folks that sit on the CORC; it’s accounting or finance, legal and business unit operations. This mixture of people from across the organization ensures the right people are in the room to make decisions about high risk transactions.
The What
The CORC should focus on the highest risks to the organization. This will vary from company to company but could include review of:
- Third-party approvals and renewals
- Requests for payments from third parties
- Significant gift, travel and entertainment requests from employees
- Agents or reps in high-risk areas
- Transaction in high risk countries
And the CORC needs to get deep into these high-risk transactions to make sure they are warranted, within company guidelines and do not violate the FCPA. They can’t just scratch the surface.
The How
The CORC exists to supplement the records and internal controls systems that are designed to detect violations of a company’s policies. It serves to investigate violations that are detected. Again, the CORC needs to focus on the highest risk. That is where technology comes in.
Technology can transform your expense audit and compliance process, and enable the CORC to provide the oversight it’s tasked with. By leveraging data analytics and automation, you can see exactly who is spending what and when.
Fox says: “There should be some type of oversight which can be reviewed on a monthly or quarterly basis as part of a company’s management of risk.” Using AI technology such as Oversight Insights On Demand to monitor compliance 100% of the time will give your CORC the oversight it needs to manage risk.
The When
Now is the time to transform your expense audit and compliance process. Oversight can help. Sign up for a demo of Insights On Demand to see how.
