best practices for multinationals in north-africa & middle ... · best practices for...
TRANSCRIPT
Best Practices for Multinationals in North Africa & Middle East
ACFE European Conference
March 26, 2012
Triple-S Consulting
1
Agenda
Local Presence
Evaluating existing Control Environment
Culture & Business Tips
Mini-SOX Kit
Next steps with “Responsibilities and Accountabilities Matrix” and Conclusion
2
Agenda
Local Presence
Evaluating Existing Control Environment
Culture & Business Tips
Mini-SOX Kit
Next steps with “Responsibilities and Accountabilities Matrix” and Conclusion
3
Local Presence
RepOffice
Subsidiary
Branch/PE
• Sales & marketing office – activities of preparatory nature
• Legally and tax-wise an “arm” of the mother company
• Mother company’s bank account
• Payroll tax obligations • No/minor atatutory &
reporting obligations
• Broader range of activities • Signing certain contracts • Own bank account
• Payroll tax • Corporate tax • Limited statutory &
reporting obligations
• Full range of activities/services • Self-funding and generating profit
by billing customers • Own bank account
• Payroll tax • Corporate tax & other local
tax • Full statutory compliance
(local GAAP) & reporting
5
Local Presence
More complex fraud preventive measures as local presence becomes more important.
For example:
– Bank account
– Contracts negotiations, bids & contract signing
6
Agenda
Local Presence
Evaluating Existing Control Environment
Culture & Business Tips
Mini-SOX Kit
Next steps with “Responsibilities and Accountabilities Matrix” and Conclusion
7
Evaluating Existing Controls
Principle 2 — The COSO Model
Control environment – start from level of local presence
Organizational structure
Code of Ethics
Identify Risk
Define activities “at-risk”
Start from these activities to define accountabilities, responsibilities → bring transparency, structure, make local team create their rules in line with corporate rules
9
Evaluating Existing Controls: Responsibilities & Accountabilities
Matrix
Prepare a matrix for all local activities
Who is Responsible
Who is Accountable
Who is Consulted
Who is informed
R
A
C
I
The do-er
The final decision maker
...before the action
...that action was done
10
Evaluating Existing Controls
Principle 2 — The COSO Model
List policies and procedures in place
Information systems & communication
Monitor quality of internal controls on a regular basis
11
Agenda
Local Presence
Evaluating Existing Control Environment
Culture & Business Tips
Mini-SOX Kit
Next steps with “Responsibilities and Accountabilities Matrix” and Conclusion
12
Culture
Pillars of islamic Belief – “Shahadah “ Profession
of Faith
– “Salah” Prayer (5 times daily & Friday = Rest)
– “Zakah” Almsgiving
– “Ramadan” 30 days’ fasting (in Saudi Arabia = legally enforced)
– “Haj” Pilgrimage
– “6th Pillar”
But not all Arabs belief in Islam as Christian Arabs will confirm. Arab people have a Muslim majority in the population.
Arab = ethnic reference to a Senite
Moslim = religious belief & grouping
13
Culture & Business Tips Egypt
Well-trained workforce Oriented towards
– Families and public gatherings – Slower way of life, including decision making – Lack of punctuality in keeping appointments
Somewhat westernized WRT international business but also traditional Arab patterns are present (still a ways to go towards a functional democracy that protect human rights)
Law 43
15
Culture & Business Tips North Africa
“Friendship before Business” – before a meeting starts “general talk”
“People come first, then time” – Sit & Talk: What cannot be done today can always
be accomplished tomorrow.
– Meetings not promptly & hours later → Try to respect Western custom.
Corruption result of poverty
Age = respect
16
Culture & Business Tips Middle East
“People come first, then company or contract.” – Meetings not prompt; time is flexible. Don’t impose
Western schedules. Their day is divided in five prayer moments.
– Connections and networking. Socialization is tradition in business, but communication is complex. Show harmony & agreement (no superiority or arrogance).
– Decision making is done in person.
Bargaining is common practice. No alcohol! No fingerpointing! Limp
handshake...Taboos...
17
Culture & Business Tips Characteristics of Islamic Culture
Arab language Arab values = Love for the family and its privacy +
hospitality Arab personal distance Sociability & equality: Cordiality is core
• First getting acquanted • Little regard for schedule or appointments • Limp handshake
Arab women — protecting & respecting. Foreign women should be sensitive to what is acceptable in the local situation.
19
Agenda
Local Presence
Evaluating Existing Control Environment
Culture & Business Tips
Mini-SOX Kit
Next steps with “Responsibilities and Accountabilities Matrix” and Conclusion
20
Creation of a Mini-SOX Kit
Start from SOX Rules at corporate level Identify activities in the local office (RepOffice,
Branch/PE or legal entity) — via interviews & questionnaire; team-building event on responsibilities and accountabilities
Link High, Medium & Low Risk controls to the different activities – Segregation of duties – Approval Matrix
Jointly implement for success
21
Mini-SOX Kit Examples of High Level Priority Risks per Process
• Accounts Payable process (expenses supported by an official invoice)
– Approval Matrix
– Documentation policies
• Cash Disbursements
– Approval matrix and authority limits are established
– Specific limits of signing authority for checks and bank transfers — in line with corporate authority
– Dual signatories, included in bank account registry (not only limited to Internal policies)
22
Mini-SOX Kit Examples of High Level Priority Risks
per Process (cont.) • Petty Cash Disbursement
– Written in a register – Register and controls performed by another person than
the register keeper – Petty cash transactions access is limited to a number of
employees – Limited to the total transaction amount “can’t exceed
$XXX” otherwise the payments should be made via bank account
– Limited to irregular ad hoc payment – Appropriate supporting documentation is required: a
document signed by the requester and his supervisor for disbursements; a document at receipt of cash signed by the register keeper and supervisor
23
Mini-SOX Kit Examples of High Level Priority Risks
per Process (cont.)
• Bank reconciliation
– Statements are prepared properly and timely and reported to management
• Travel and entertainment
– Approval of advance payments to employees
– Documentation of advances and reconciliation to receipts and the returned cash
– Approval of payments and adequate supporting documentation
24
Mini-SOX Kit Examples of High Level Priority Risks
per Process (cont.)
• Grants
– Use the company’s standard grant request form
– Documentation
– Comply with local legislation and populate local systems set up by local government
• Liabilities
– Accruals documentation
25
Mini-SOX Kit Examples of High Level Priority Risks
per Process (cont.)
• Payroll
– All salary levels properly approved and supported by an employment agreement
– Bank accounts — Payroll is paid to the employee via bank transfer or checks
– Reconciliation — to avoid ghost employees — and ensure proper approved amount as contractually agreed
26
Agenda
Local Presence
Evaluating Existing Control Environment
Culture & Business Tips
Mini-SOX Kit
Next steps with “Responsibilities and Accountabilities Matrix” and Conclusion
27
Next Steps “Responsibilities and Accountabilities Matrix”
Seggregation of duties (A & R)
Interpretation of results
Measure time needed, based on avg per action and quantity
Design ideal & simple organisational structure
Design job descriptions & objectives — create transparency
28
Conclusion
Take time for cultural differences and change.... Invest in change management....
Mixture of implementing a standard mini-SOX kit for the region and creating awareness of the risks with the local management and staff.
Joint effort made by the local and the regional internal controlling team.
Fraud prevention should be effective and efficient, systems and tools are to be provided , processes not too time-consuming for local staff.
The first objective and core activity of the people in the RepOffice or branch is “Doing Business”…
29
“Association of Certified Fraud Examiners,”
“Certified Fraud Examiner,” “CFE,” “ACFE,”
and the ACFE Logo are trademarks owned by
the Association of Certified Fraud Examiners,
Inc. The contents of this paper may not be
transmitted, re-published, modified,
reproduced, distributed, copied, or sold without
the prior consent of the author.