Walmart has become the hot topic in anti-bribery and corruption/FCPA circles. FCPA professionals, commentators, and other interested parties have commented plenty. I’m no exception as this is my second blog on Walmart in the last 30 days.
As Michael Sher states in his May 21 FCPA Blog, “Walmart is now the world’s living laboratory for compliance”, and within the post Sher identifies eight areas where Walmart needs to provide tangible proof of improved performance over the next year. Within their “Global Compliance Program Report on Fiscal Year 2014”, Walmart outlines changes it has made to improve compliance and related ethics objectives. These changes include numerous people-focused changes largely centered around new resources in compliance, new training programs for existing resources, and increasing compliance-focused communications. The company also pointed to policies and processes it has changed including anticorruption controls and procedures and risk assessments. Finally, Walmart points to systems that have changed as it focuses on third-party due diligence and compliance monitoring.
It’s quite a laundry list of items that is impressive in terms of the numbers of new compliance-focused resources that have been added to the organization. Although, I am of the opinion that it doesn’t matter what kind of controls, policies, and processes you have in place, you need someone who cares about doing something when things don’t transpire as expected. These same people also need to have some idea regarding of what to do when the unexpected occurs.
My colleagues know that my favorite maxim is “inspect what you expect” and if you have read any previous Oversight blogs, you will know this is a recurring theme in my posts (sort of my Reagan-esque, “trust but verify”.) It remains to be seen whether Walmart’s efforts to close the loop on compliance and take effective steps to combat bribery and corruption will make any difference. Many companies have been subjected to SEC and DOJ actions, vowed to become better, and still ended up as two-time offenders. The proof is in the doing but, on the surface, Walmart has taken positive steps to avoid future FCPA violations.
While Sher is looking at eight major points I will only be looking at two to judge the true effectiveness of Walmart’s proposed actions. First, how successful is Walmart in inspecting what they expect in its anti-corruption controls and procedures? Policies around third-party due diligence, engaging third parties, charitable contributions and donations, business expenditures involving government officials, memberships and sponsorships, record-keeping, training, and reporting and investigating allegations of violations related to integrity all make sense on paper. The promised enhancements to and improvements of corporate monitoring and reporting, key control reporting, self-assessments, and evaluation of the effectiveness of enhanced financial controls are all positive steps.
Yet, in my experience, (and I am just the software guy financial controls for non-merchandise disbursements, employee expense reimbursements, and the sale of gift cards are not enough to prevent unwanted and unexpected results. Inspecting what is expected is the only way to ensure that reality matches theory.
We work with world-class companies who have world-class policies and processes. They leverage automated monitoring and analysis systems to make sure transaction realities match compliance policies. In particular, these companies know that non-merchandise disbursements, employee expenses, and gift cards are the soft under belly of their compliance programs. Preventive controls are tough to establish and maintain in these areas, and they know it isn’t fair to expect line managers to police every policy. The systems required to perform automated monitoring and analysis generally cost less than $100,000 per year for all but the largest organizations and the level of effort required to act on the results is always less than the level of effort associated with a sample-based manual audit (see this post for why this is true).
While more people and processes are both ways to demonstrate visible actions, inspecting what you expect is a way to show visible results. Hopefully, Walmart’s compliance monitoring will leverage the types of automated monitoring and analysis that can demonstrate to both shareholders and regulators that progress is being made.
