best practices for multinationals in north-africa & middle ... · best practices for...

Best Practices for Multinationals in North Africa & Middle East

ACFE European Conference

March 26, 2012

Triple-S Consulting

1

Agenda

Local Presence

Evaluating existing Control Environment

Culture & Business Tips

Mini-SOX Kit

Next steps with “Responsibilities and Accountabilities Matrix” and Conclusion

2

Agenda

Local Presence

Evaluating Existing Control Environment


Mini-SOX Kit


3

Local Presence

4

Local Presence

RepOffice

Subsidiary

Branch/PE

• Sales & marketing office – activities of preparatory nature

• Legally and tax-wise an “arm” of the mother company

• Mother company’s bank account

• Payroll tax obligations • No/minor atatutory &

reporting obligations

• Broader range of activities • Signing certain contracts • Own bank account

• Payroll tax • Corporate tax • Limited statutory &

reporting obligations

• Full range of activities/services • Self-funding and generating profit

by billing customers • Own bank account

• Payroll tax • Corporate tax & other local

tax • Full statutory compliance

(local GAAP) & reporting

5

Local Presence

More complex fraud preventive measures as local presence becomes more important.

For example:

– Bank account

– Contracts negotiations, bids & contract signing

6

Agenda

Local Presence



Mini-SOX Kit


7

Evaluating Existing Controls

8

Principle 1 — The Fraud Triangle


Principle 2 — The COSO Model

Control environment – start from level of local presence

Organizational structure

Code of Ethics

Identify Risk

Define activities “at-risk”

Start from these activities to define accountabilities, responsibilities → bring transparency, structure, make local team create their rules in line with corporate rules

9

Evaluating Existing Controls: Responsibilities & Accountabilities

Matrix

Prepare a matrix for all local activities

Who is Responsible

Who is Accountable

Who is Consulted

Who is informed

R

A

C

I

The do-er

The final decision maker

...before the action

...that action was done

10


Principle 2 — The COSO Model

List policies and procedures in place

Information systems & communication

Monitor quality of internal controls on a regular basis

11

Agenda

Local Presence



Mini-SOX Kit


12

Culture

Pillars of islamic Belief – “Shahadah “ Profession

of Faith

– “Salah” Prayer (5 times daily & Friday = Rest)

– “Zakah” Almsgiving

– “Ramadan” 30 days’ fasting (in Saudi Arabia = legally enforced)

– “Haj” Pilgrimage

– “6th Pillar”

But not all Arabs belief in Islam as Christian Arabs will confirm. Arab people have a Muslim majority in the population.

Arab = ethnic reference to a Senite

Moslim = religious belief & grouping

13

Culture & Business Tips Egypt

Well-trained workforce Oriented towards

– Families and public gatherings – Slower way of life, including decision making – Lack of punctuality in keeping appointments

Somewhat westernized WRT international business but also traditional Arab patterns are present (still a ways to go towards a functional democracy that protect human rights)

Law 43

15

Culture & Business Tips North Africa

“Friendship before Business” – before a meeting starts “general talk”

“People come first, then time” – Sit & Talk: What cannot be done today can always

be accomplished tomorrow.

– Meetings not promptly & hours later → Try to respect Western custom.

Corruption result of poverty

Age = respect

16

Culture & Business Tips Middle East

“People come first, then company or contract.” – Meetings not prompt; time is flexible. Don’t impose

Western schedules. Their day is divided in five prayer moments.

– Connections and networking. Socialization is tradition in business, but communication is complex. Show harmony & agreement (no superiority or arrogance).

– Decision making is done in person.

Bargaining is common practice. No alcohol! No fingerpointing! Limp

handshake...Taboos...

17

Culture Characteristics of Islamic Culture

18

Culture & Business Tips Characteristics of Islamic Culture

Arab language Arab values = Love for the family and its privacy +

hospitality Arab personal distance Sociability & equality: Cordiality is core

• First getting acquanted • Little regard for schedule or appointments • Limp handshake

Arab women — protecting & respecting. Foreign women should be sensitive to what is acceptable in the local situation.

19

Agenda

Local Presence



Mini-SOX Kit


20

Creation of a Mini-SOX Kit

Start from SOX Rules at corporate level Identify activities in the local office (RepOffice,

Branch/PE or legal entity) — via interviews & questionnaire; team-building event on responsibilities and accountabilities

Link High, Medium & Low Risk controls to the different activities – Segregation of duties – Approval Matrix

Jointly implement for success

21

Mini-SOX Kit Examples of High Level Priority Risks per Process

• Accounts Payable process (expenses supported by an official invoice)

– Approval Matrix

– Documentation policies

• Cash Disbursements

– Approval matrix and authority limits are established

– Specific limits of signing authority for checks and bank transfers — in line with corporate authority

– Dual signatories, included in bank account registry (not only limited to Internal policies)

22

Mini-SOX Kit Examples of High Level Priority Risks

per Process (cont.) • Petty Cash Disbursement

– Written in a register – Register and controls performed by another person than

the register keeper – Petty cash transactions access is limited to a number of

employees – Limited to the total transaction amount “can’t exceed

$XXX” otherwise the payments should be made via bank account

– Limited to irregular ad hoc payment – Appropriate supporting documentation is required: a

document signed by the requester and his supervisor for disbursements; a document at receipt of cash signed by the register keeper and supervisor

23


per Process (cont.)

• Bank reconciliation

– Statements are prepared properly and timely and reported to management

• Travel and entertainment

– Approval of advance payments to employees

– Documentation of advances and reconciliation to receipts and the returned cash

– Approval of payments and adequate supporting documentation

24


per Process (cont.)

• Grants

– Use the company’s standard grant request form

– Documentation

– Comply with local legislation and populate local systems set up by local government

• Liabilities

– Accruals documentation

25


per Process (cont.)

• Payroll

– All salary levels properly approved and supported by an employment agreement

– Bank accounts — Payroll is paid to the employee via bank transfer or checks

– Reconciliation — to avoid ghost employees — and ensure proper approved amount as contractually agreed

26

Agenda

Local Presence



Mini-SOX Kit


27

Next Steps “Responsibilities and Accountabilities Matrix”

Seggregation of duties (A & R)

Interpretation of results

Measure time needed, based on avg per action and quantity

Design ideal & simple organisational structure

Design job descriptions & objectives — create transparency

28

Conclusion

Take time for cultural differences and change.... Invest in change management....

Mixture of implementing a standard mini-SOX kit for the region and creating awareness of the risks with the local management and staff.

Joint effort made by the local and the regional internal controlling team.

Fraud prevention should be effective and efficient, systems and tools are to be provided , processes not too time-consuming for local staff.

The first objective and core activity of the people in the RepOffice or branch is “Doing Business”…

29

Questions?

Thank you!

30

“Association of Certified Fraud Examiners,”

“Certified Fraud Examiner,” “CFE,” “ACFE,”

and the ACFE Logo are trademarks owned by

the Association of Certified Fraud Examiners,

Inc. The contents of this paper may not be

transmitted, re-published, modified,

reproduced, distributed, copied, or sold without

the prior consent of the author.

best practices for multinationals in north-africa & middle ... · best practices for...

Documents