Tag: Internal Controls

Erasing the “Lines” to Enhance Risk Management

In July 2020, The Institute of Internal Auditors (“IIA”) updated its Three Lines of Defense Model (“Model”) to emphasize more active forms of risk management and governance that appear to go beyond merely defensive maneuvers made by the internal audit function.  

Some believed the old model sent a message that we should fear risk. I never saw it that way. I understood the subliminal message was the model was about achieving objectives, which requires both the creation and the protection of value. The new model does a much better job of confirming that risk management contributes “to achieving objectives and creating value, as well as to matters of “defense” and protecting value.”

Learn why the Enterprise Risk Resilient Model might be a better choice.

» Read More

Baker Tilly’s Global Forensic Investigations, Compliance & Integrity Practice Continues to Impress and Grow!

Our experience conducting fraud investigations, domestically and globally, allows us to advise our clients on measures they can take to prevent fraud from occurring and detect issues before they expand. Our clients look to us to design anti-fraud programs and controls, perform anti-bribery and anti-corruption compliance assessments, and perform proactive fraud examinations to identify possible red flags or indicators of fraudulent activity. Because of our collective skills and the depth and breadth of our experiences, we are also able to design and enhance compliance programs and serve as integrity monitors. 

Correcting deficiencies, addressing gaps in controls, and remediation of specific issues is important at the end of every investigation to prevent the same or similar frauds from recurring.

We address these important client needs at the end of our investigations and can assist with implementing remedial actions.

» Read More

The Continued Evolution of Best Practices for Compliance Programs

In 2019 and 2020, the federal government released significant information which directly impacted compliance professionals. We cover all three releases in this eBook, the 2020 Evaluation of Corporate Compliance Programs – Guidance Document, the 2019 Framework for OFAC Compliance Commitments, and the 2019 Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations.

These three documents provided not only the government’s refreshed thinking on what constitutes a best practices compliance program. I have combined all three onto a best practices document.

Fraud On The Rise is No Surprise!

Last week, the Association of Certified Fraud Examiners (” ACFE”) published the results of a survey taken by more than 1,800 anti-fraud professionals in late April and early May 2020, while we were deep into the Covid-19 crisis.  The findings, for the most part, are not surprising, but does reveal some disappointing information.  While I have not seen a raw copy of the survey, I was surprised the ACFE didn’t ask if the company’s fraud risk assessment was reviewed and modified accordingly.

In addition, the survey highlights trends in the overall level of fraud. Survey respondents provided information about their current observations and expected changes regarding ten (10) specific types of fraud.

» Read More

DOJ Revises its Guidance on the Evaluation of Corporate Compliance Programs

Without any fanfare, the U.S. Department of Justice Criminal Division has once again revised its Evaluation of Corporate Compliance Programs (“ECCP”).  The ECCP  remains  organized around three overarching questions that prosecutors ask when evaluating compliance programs, with some revisions, which are in bold text below:

Is the corporation’s compliance program well designed?
Is the program being applied earnestly and in good faith? In other words, is the program being implemented adequately resourced and empowered to function effectively?
Does the corporation’s compliance program work in practice?

While most of the document is identical to the 2019 Guidance, there are subtle and noticeable revisions.  The revisions appear to be designed to help provide additional clarity when answering the above three questions. 

» Read More

Take Your SOx Off

On March 12, 2020, the Securities & Exchange Commission adopted a controversial rule that exempts more categories of public companies from auditor attestation of management’s internal control over financial reporting required by Section 404(b) of the Sarbanes-Oxley Act of 2002, despite strong opposition by investor protection advocates.

The rules are intended to benefit low revenue companies even if the funds raised in the public stock markets are not small, according to, Release No. 34-88365, Amendments to the Accelerated and Large Accelerated Filer Definitions. The amendments become effective 30 days after publication in the Federal Register, which normally occurs a few weeks after a rule is posted on the SEC’s website.

» Read More

DOJ Updates FCPA Corporate Enforcement Policy

On November 20th, 2019, The Department of Justice (“DOJ”) announced updates to its Foreign Corrupt Practices Act (“FCPA”) Corporate Enforcement Policy. While the changes were relatively minor, the modifications underscored important principles surrounding the FCPA Corporate Enforcement Policy.  

This latest update follows extensive revisions made in March of this year and the announcement that the FCPA Policy will apply as non-binding guidance for all criminal cases; all reflect DOJ’s continued efforts to promote self-disclosures and provide clarity on DOJ’s approach for companies deciding whether to self-disclose. There is little doubt the DOJ has landed on a Corporate Enforcement Policy that took years to develop. The FCPA Corporate Enforcement Policy now applies to all corporate criminal prosecutions except Antirust Division criminal prosecutions that are guided by the Leniency Program. The DOJ is consistently applying the principles and appears to be very comfortable with the results.

» Read More

Speaking and Training on Fraud, Compliance, Ethics, and More…

Welcome to my site. I have spoken and been the keynote speaker for many conferences, including the ABA, ACC, ACFE, IIA, and IMA to name a few. I have designed customized training for the board, senior leadership, legal, compliance, internal audit, and others for some of the world’s largest organizations.

» Read More

Tone From the Top, the Next Level

As a result of COVID-19, the Board of Directors and Senior Management are challenged to monitor the cultural shifts of their organization and adjust their sensitivity and the frequency of communications as appropriate.

Leaders should always try to find ways to talk and engage with their people to motivate them, especially during these uncertain and trying times. If done correctly, talking can be incredibly powerful. It can help relieve anxiety (defined as “a feeling of worry, nervousness or unease, typically about an imminent event or something with an uncertain outcome”) and help people find the strength they didn’t know was in them. Studies have shown that talking shuts down the brain’s fear center.

» Read More

Baker Tilly’s 2019 Effective Governance and Compliance Roundtable Series – May 1, 2019 – CPE Event in Philadelphia -Using Continuous Auditing and Monitoring in the Fight Against Fraud

Organizations are under increasing scrutiny regarding ethical lapses and allegations of fraud. Fiscal year 2018 was a record-breaking year for the U.S. Securities and Exchange Commission’s whistleblower program, as more and more individuals have been coming forward with allegations of impropriety. Come learn how to use continuous auditing and monitoring in the fight against fraud – or help improve your compliance program!

» Read More

Fraud Risk Assessment – A Recipe for Greater Success!

In addition to establishing an ethical environment, board members and management must also take the lead in implementing and maintaining a formal fraud risk management program. One key element of such a program is a fraud risk assessment.

Risk assessments are part of the discipline of risk management, where enhanced frameworks and techniques have emerged. Risk management comprises the identification, assessment, and prioritization of risks followed by the coordinated and efficient use of resources to monitor, minimize, and otherwise control the impact of the risks on the organization.

Skip to toolbar