ACL EBOOK
BRIBERY
AND
CONTENTS
Failing to Manage Bribery and Corruption Risks Can Be Very Expensive…_____________________________________________4
A Global Risk _____________________________________________________________________________________________________________________8
So Why is Bribery Still Commonplace and Such a Risk? ____________________________________________________________________9
What Can Be Done to Address the Risks Associated with Bribery and Corruption? _________________________________10
Whose Job is it Anyway? Start by Defining Roles and Responsibilities ________________________________________________12
A Fork in the Process Roadmap: Choose a Standalone or an Integrated Process ____________________________________13
Build an Anti-Bribery & Anti-Corruption Program: 5 Step Process _____________________________________________________14
Identify and Assess Risks _____________________________________________________________________________________________________14
Identify Mitigation Procedures to Reduce the Risks and Their Impact ____________________________________________________16
Monitor ________________________________________________________________________________________________________________________18
Manage Exceptions ___________________________________________________________________________________________________________20
Reporting and Ongoing Assessment ________________________________________________________________________________________22
Anti-Bribery & Anti-Corruption Compliance Process Flow ______________________________________________________________24
How Does Your Organization Rank? ________________________________________________________________________________________25
4 - Bribery & Corruption: The essential guide to managing the risks
For many corporations, the risks related to bribery and other forms of corrupt
payments rank among the most serious risks that must be managed. The direct
impact of financial penalties is not the only problem for businesses, as
the damage to
brand and reputation from negative publicity
can have an even greater and more
long-term impact.
Some organizations, such as multinationals and those in specific industries, including defense, major construction and resources, are particularly at risk, but it typically extends to any organization competing for contracts across the globe. Virtually no business is completely free of the risks associated with some form of corrupt payments.
Many people in the world of audit, compliance, legal, and risk management will be well aware of high profile instances in which organizations had to pay many hundreds of millions of dollars in fines and penalties to U.S. and other national authorities for failing to comply with anti-bribery and corruption regulations.
This e-book outlines the key aspects of an effective process framework for managing the risks of bribery and corrupt payments.
“Many of you are familiar with our pending litigation against various executives of Magyar Telekom, Siemens, and Noble. Litigation is ongoing against individuals in all three matters, and these cases have sent an unambiguous
message that we will vigorously pursue cases to hold individual accountable for FCPA violations – including executives at the highest rungs of the corporate ladder.
In fact, this April, we obtained the second
highest penalty ever assessed against an
individual in an FCPA case, when one of
the Siemens executives agreed
to pay $275,000.”
6 - Bribery & Corruption: The essential guide to managing the risks
“Bribery is a specific offence which concerns the practice of offering something, usually money, to gain an illicit
advantage and corruption is
an abuse of a position of trust in order
to gain an undue advantage.
”Government of Ireland definition
“By its nature corruption can be difficult to detect as
it usually involves two or more people
entering into a secret agreement
. The agreement can be to pay a financial inducement to a public official for securing favor of some description in return.In overseas corruption this can manifest itself in a company paying a bribe for the benefit of an overseas public official in
order to win a contract. This can be done through a third party — commonly known as an agent or advisor — who then passes the bribe on to the public official or directly by
the company to the public official.
Ingenious methods of making the payments are used by those involved, including moving the money through a number of offshore companies (which, on the face of it, have
nothing to do with the intended recipient) registered in various jurisdictions.”
UK Serious Fraud Office
“The Foreign Corrupt Practices Act (FCPA), enacted in 1977, generally
prohibits the payment of bribes to foreign officials to assist in obtaining or retaining business
. The FCPA can apply to prohibited conduct anywhere in the world and extends to publicly traded companies and their officers, directors, employees,stockholders, and agents. Agents can include third party agents, consultants, distributors, joint-venture partners, and others.
The FCPA also requires issuers to maintain accurate books and records and have a system of internal controls sufficient to, among other things, provide reasonable assurances that transactions are executed and assets are accessed and accounted for in accordance with management’s authorization. The sanctions for FCPA violations can be significant. The SEC may bring civil enforcement actions against issuers and their officers, directors, employees,
stockholders, and agents for violations of the anti-bribery or accounting provisions of the FCPA. Companies and individuals that have committed violations of the FCPA may have to disgorge their ill-gotten gains plus pay prejudgment interest and substantial civil penalties.
Companies may also be subject to oversight by an independent consultant.
”8 - Bribery & Corruption: The essential guide to managing the risks
A GLOBAL RISK
The
U.S. Foreign Corrupt Practices Act (FCPA)
and the U.K. Bribery Act are just two
examples of government legislation that aim to address the problem by levying
massive fines and other penalties against organizations and individuals involved in
bribery. The specifics of regulations vary by region and applicable laws.
The FCPA, for example, is only applicable to public companies whose shares are traded in U.S. exchanges and only relates to corrupt payments to government officials. The U.K. Bribery Act is more wide-ranging and also applies to corrupt payments to non-government officials. Other national legislation, such as the Chinese Article 164, the Brazilian Clean Company Act and the
Canadian Corruption of Foreign Public Officials Act, among many others, all seek to do essentially the same thing and impose very severe penalties on corporations that resort to bribery.
Despite increasing global legislation and enforcement, the extent of bribery and corrupt payments does not appear to be in decline. PwC’s 2014 Global Economic Crime Survey reported that most organizations have actually seen an increase in the problem. Bribery and corruption, along with other forms of fraud and economic crime, continue to be a major concern for companies of all sizes across all regions and in virtually every sector.
More than 40 countries have
adopted the OECD Anti-Bribery
Convention, which establishes
“legally binding standards to
criminalize bribery of foreign
public officials in international
SO WHY IS BRIBERY STILL COMMONPLACE AND SUCH A RISK?
Dealing with the problem of bribery and corrupt payments is not always easy. Formal
policies in most large companies clearly forbid such practices, but this does not mean
they will not occur. Behavioral education and compliance training is simply not
enough to mitigate the risk.
Payment and receipt of bribes, as well as other forms of facilitation and consulting fees, gifts, entertainment, travel and other benefits, are a well-established part of business and government culture in many parts of the world. Until relatively recently, these practices were widely accepted by large, global companies as simply a part of the cost of doing business. The reality for many business managers is that it can be extremely difficult to remain competitive and win new business in foreign markets without
resorting to some form of activity that may be illegal or, at best, in a “grey area.”
As a result, in spite of the implementation of increasingly stringent corporate policies, the temptation is to do whatever is necessary to close a deal and then find a way to avoid getting caught. This often means that large payments manage to make their way into the bank accounts of influential individuals in governments or corporations in order to win a contract, but are carefully disguised in a way that makes them difficult to detect through normal control mechanisms.
10 - Bribery & Corruption: The essential guide to managing the risks
WHAT CAN BE DONE TO ADDRESS THE RISKS ASSOCIATED WITH BRIBERY AND CORRUPTION?
“We encourage companies to maintain robust compliance programs, to voluntarily disclose and eradicate misconduct when it is detected,
and to cooperate in the government’s investigation. But we will not wait for companies to act responsibly. With cooperation or without it, the department will
identify criminal activity at corporations and investigate the conduct ourselves, using all of
our resources, employing every law enforcement tool, and considering all possible
actions, including charges against both corporations and individuals.”
Assistant Attorney General Caldwell,
As with many different forms of risks faced by corporations and other large organizations, there are ways to manage the risks
associated with bribery and corruption so that the extent of risk is reduced to a level that is acceptable to the organization.
Effective enterprise risk management (ERM) involves a process that, in principle, can be applied to any type of risk.
Some organizations develop a comprehensive framework for ERM, where strategic risks are assessed and holistic programs put in place to monitor and mitigate risks organization-wide, while others have far more rudimentary approaches. Most research indicates that those businesses with capable risk management processes outperform those with ad hoc, disparate or informal systems.
Let’s look at the key aspects of an effective process framework for managing the risks of bribery and corrupt payments. While the specific risks and best response will always vary to some extent from one organization to another, as well as from one part of an organization to another, there are key factors and steps that should be considered in any risk management process for bribery and corruption. These are all part of what we refer to in this publication as the “ABAC Program” (Anti-Bribery and Anti-Corruption).
The U.S. Department of Justice has
indicated that if a company has
performed proactive automated
monitoring of payments, then it will
take this into account when instances
of bribery still occur and will consider
reducing penalties accordingly
12 - Bribery & Corruption: The essential guide to managing the risks
TIP >>
WHOSE JOB IS IT ANYWAY?
START BY DEFINING ROLES AND RESPONSIBILITIES
Ideally, the organizational structure for dealing with the risks of bribery and corruption should reflect that of risk management
responsibilities overall. This means there are several stakeholders and levels of responsibility:
THE BOARD, RISK AND AUDIT COMMITTEES
Various executives have overall responsibility for ensuring that risks are effectively managed within the organization, with the CEO holding the ultimate job:
Chief Compliance Officer
The CCO role owns overall responsibility for protecting the organization from compliance risk and enforcement actions and often directly leads the creation and management of an ABAC program.
General Counsel
General Counsel usually plays an active role in regulatory
compliance and establishment of levels of risk appetite around specific activities.
Chief Risk Officer
Many organizations now have a formal role of Chief Risk Officer that focuses on facilitation and coordination of overall enterprise risk management (ERM) processes, ensuring that appropriate procedures are implemented by those with more direct responsibilities for avoiding potentially corrupt payments. The CRO is usually responsible for identifying and prioritizing material risks and discussing them with senior management and the Board.
Chief Financial Officer
The CFO bears responsibility for financial controls, while line and regional executives are directly responsible for the appropriateness of payments that take place within their area of budgetary and business control.
Internal Audit
As with most areas of risk, internal audit needs to consider the risks and controls related to ABAC as they develop and execute their audit plan. Internal audit’s procedures provide assurance that ABAC processes and controls are effective and working as intended. It is of course the job of business management to actually implement and maintain the ABAC processes and controls.
As there are various stakeholders in the ABAC Program process, the important thing is that all are aware of their respective roles and how they fit within the process. In order to achieve this there needs to be an effective central system that can be accessed in order to clearly communicate and share information on the process and its current status.
A FORK IN THE PROCESS ROADMAP:
CHOOSE A STANDALONE OR AN INTEGRATED PROCESS
Although it is preferable that the processes for managing the risks of bribery and
corruption are integrated into an overall enterprise risk management “ERM” process,
this is not always feasible within some organizations.
The benefits of integration are that a full range of risks can be assessed and compared with a consistent approach and within one system. This allows specific bribery risks to be evaluated within the overall business context of organizational objectives. Appropriate resources can then be allocated for management and mitigation of a range of different risks, based on the organization’s tolerance for different types of risk.
If an integrated ERM approach is not practical, the specific processes for managing an ABAC program
remain essentially the same, except without the element of comparison of the relative
impact of different risks.
As noted, if a formalized ERM process
exists within an organization, then the
anti-bribery and anti-corruption
(ABAC) risk assessment process should
ideally be carried out within the
corporate ERM framework. However, in
some organizations the overall risk
management process is fragmented
and the reality is that risks of bribery
and corruption are considered in
relative isolation.
Whichever approach is taken within an
organization, the process of defining
the risks should involve individuals
with sufficient knowledge of
regulations and the ways that the
14 - Bribery & Corruption: The essential guide to managing the risks
BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS
1
IDENTIFY
AND
ASSESS
RISKS
The first thing to do is fully understand the nature of the risks of bribery and corrupt
payments across the organization. The specific risks can vary considerably according
to factors such as:
■
■ Applicable legislation ■
■ Types of business carried out ■
■ Geographical locations in which business
takes place
■
■ Types of customers
The purpose of any enterprise risk management (ERM) process is to identify and assess those risks that may negatively impact the organization’s ability to achieve its corporate objectives, and then determine what can be done to mitigate those risks and reduce them to a level that is acceptable. This “acceptable level” is based on the risk appetite that is usually defined by the board and risk committees.
It is often desirable to have a variety of individuals involved in the assessment and ranking process, including those who have different perspectives based on their
background and understanding of the way the organization works (e.g., auditors, legal and compliance specialists, business managers, accountants, controllers). The usual desired outcome is to have a “heat-map” type report that ranks the risks by likelihood and extent of impact, as well as an estimate of the costs of managing the risks to an acceptable level. It often makes sense to identify the “residual risk” — the extent of risk that remains after taking account of risk mitigation efforts such as internal controls.
ABAC TECHNOLOGY REQUIREMENTS:
o Ability to record, assess, and rank a range of risks in a structured and consistent way that provides sufficient detailed information for comparison and reference purposes.
Risk Heat Map
The use of a heat map enables the different types of specific ABAC risks to be put into context against each other, as well as other risks across the organization. The end result of this heat map ABAC risk evaluation can vary considerably assessment. So, for example, a business unit of a U.S. publicly traded company that bids
competitively for major government contracts in a region where corruption is commonplace is likely to rank the likelihood and size of risk as high. On the other hand, a privately held corporation that sells primarily into the
16 - Bribery & Corruption: The essential guide to managing the risks
BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS
2
IDENTIFY
MITIGATION
PROCEDURES
TO REDUCE THE
RISKS AND
THEIR IMPACT
Risks are a normal part of business. Some, such as investing in new products and
markets, are very desirable for any healthy, growing, innovative company. Other types
of risks, such as those related to bribery and corrupt payments are clearly not
generally desirable. The issue is to weigh the negative aspects of risks against the cost
of managing the risks. In some cases it may make good business sense to accept that
a risk will sometimes turn into a negative event as the cost of managing and reducing
the risk is simply too high.
Once the nature of the types of bribery and corruption risk is properly understood, an important part of the risk management process is to identify the ways in which the risks can be monitored, reduced, or eliminated through mitigation efforts.
In the case of ABAC, mitigation efforts could include examples such as:
■
■ Corporate policies that are documented and
expressly prohibit the payment of bribes or other forms of corrupt payments.
■
■ Compliance training programs for those most likely
to be exposed to bribery and corrupt activities, designed to increase awareness and educate on what constitutes illegal or “grey area” activities.
■
■ Specific controls, such as approval, authorization,
and review processes, for payments that take place through systems for vendor payables, purchasing cards, travel & entertainment expenses.
■
■ Systematic monitoring of payments to look for
suspect outliers, unusual patterns and other indicators of potential cases of bribery and corruption.
For each type of mitigation procedure, whether policy, specific control, or program, it is important to consider at a detailed level all the things that could go wrong and reduce make the process or program ineffective.
ABAC TECHNOLOGY REQUIREMENTS:
o Ability to clearly identify the relevant mitigation procedures and controls for specific bribery and corruption risks.
o Ability to assess the effectiveness of each mitigation procedure or control.
18 - Bribery & Corruption:
The essential guide to managing the risks
BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS
3
MONITOR
The ABAC risks have been defined, assessed, and ranked and decisions made about
the risk mitigation processes that need to be in place. What’s left to do…?
Quite a lot.
None of these efforts are worth much if the process, policy, or control, however carefully planned, is not actually working as intended.
One of the most critical phases of the ABAC Program is to monitor the process to determine:
(a) whether or not the controls and procedures are working as intended, and
(b) whether there are indicators of new risks for which no specific controls were developed.
Monitoring of policies and controls can take place across the range of business process areas that are subject to bribery and corruption risks, including purchase-to-payment, vendor transactions, expense reporting, and general ledger. Human behavior can be monitored as well through human analytics, such as querying employees if they have completed ABAC compliance training, or to provide their response as to whether they followed the protocol when providing any benefit, such as
entertainment, within a foreign jurisdiction. Based on employee responses to these surveys, triggers can be setup to automatically assess their responses and flag, notify or escalate as required.
What is Human Analytics?
In its simplest of forms, surveys or questionnaires are
forms of human analytics. But the possibilities of solving
significant problems and adding strategic value are
endless with human analytics.
CLICK TO
LEARN MORE
,
ON THE
ACL BLOG >>
The single most effective method of monitoring is to examine every payment transaction and every benefit provided by the organization in order to determine if there are signs that non-compliant activities occurred, in spite of the policies and controls that are meant to be in place. This form of detailed testing of transactions and controls, based on data analysis, is used widely by internal auditors in many of their assurance activities.
This approach is even more effective when used by those directly responsible for maintaining effective payment control systems, including the financial, business, and operational managers of an organization, as well as those in specific compliance functions.
Entire populations of payment transactions, across disparate business systems, are examined in detail to look for indicators of problems such as some of the following:
■
■ Payments made to individuals on the “Politically
Exposed Persons (PEP)” database of foreign government officials
■
■ Expenses in high risk regions described using
suspect keywords such as “facilitation”, “consulting”, “donation”, “training”
■
■ Payments made in high risk regions to one time
or new vendors that do not fit the typical vendor profile
■
■ High value transaction amounts that have not
been subject to required approvals
ABAC TECHNOLOGY REQUIREMENTS:
o Links between individual controls and the tests used to examine transactions and other data.
o Ability to perform a wide range of data analysis tests on an automatic basis and link the results back to the description of the control.
o Visual analysis of testing results.
DOWNLOAD ACL’S LIST
OF THE
“TOP 10
ANTI-BRIBERY
ANALYTICS”
20 - Bribery & Corruption: The essential guide to managing the risks
BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS
4
MANAGE
EXCEPTIONS
The transaction monitoring process can produce a high or low number of exceptions,
depending on the thresholds and parameters used in the data analysis tests. In order
to determine whether the ABAC Program is working effectively, it is important to have
a strong process for dealing with exceptions.
Not all exceptions necessarily mean that a bribe has been paid. Depending on the exact nature of the test and the way the monitoring system is implemented, an exception should mean that there is a reasonable probability that there is a problem that needs investigation and follow up. The result of the follow up may be an understanding that the exception was a “false positive” — in which case the test can be modified to reduce the chances of future false positives. The result could also be a conclusion that a control, such as an approval process where the controller needs to review all high dollar transactions to one time vendors, is not working as intended — in which case the situation must be
addressed. Of course, the exception could turn out to be an actual corrupt payment — in which case, depending on the circumstances, a series of critical notifications and actions may need to be performed.
Typically, the exception management process involves specific workflow that will vary considerably from one organization to another and will also vary depending on the nature of the exception that is identified. For example, certain high risk exceptions may always be routed directly to a senior manager. In the event that there is no
satisfactory resolution within a given timeframe, a notification would be sent to the CFO and CRO.
ABAC TECHNOLOGY REQUIREMENTS:
o Flexible workflow capabilities that can accommodate a range of alternate actions depending on the nature of exceptions generated.
o Comprehensive visual reporting on the status of exception management activities, in summary and at a detailed level.
o Ability to collaborate with any stakeholder of the organization – including vendors, partners, contractors, clients and employees and request confirmation or evidence for the validity of a transaction or payment.
o “Human analytic” capabilities, meaning the ability to assess and combine responses that individuals provide when following up on exceptions.
22 - Bribery & Corruption: The essential guide to managing the risks
BUILD AN ANTI-BRIBERY & ANTI-CORRUPTION PROGRAM: 5 STEP PROCESS
5
REPORTING
AND ONGOING
ASSESSMENT
Reporting is one of the most important and valuable steps in the ABAC Program process.
This is where risk managers, compliance officers, auditors, C-suite executives, and other
stakeholders can really get visibility into how effectively the ABAC program is working.
Ideally, the reporting system should be able to go from a top level overview of overall risk trends, all the way down to the detail of specific red flags of potential violations, including the resolution of each issue that was identified. It is a critical part of the ongoing risk assessment process.
One of the great benefits of using data analysis in the ABAC Program process is that the monitoring and assessment process can be accurately quantified.
This could mean, just as an example, that a report or visual dashboard shows –
SAMPLE VISUALIZATION TO COMMUNICATE TO EXECUTIVES:
that a total equivalent of
US$3.542B
of payments across15
BUSINESS
units and10
REGIONS
were analyzed and tested for
12 KEY
INDICATORS
of potential corrupt payments Of these payments,384,
totalingUS$45.7M,
in two regions, were flagged as exceptions75%
of these were satisfactorily resolved but10
TRANSACTIONS
,
totalingUS$11
MILLION,
are in the process ofinvestigation and appear to be very high-risk items
Effective reporting means that you can see both the
ABAC TECHNOLOGY REQUIREMENTS:
o The ability to quickly and easily get an overview of the status of the entire ABAC process and move down to whatever detailed level is appropriate.
o Provide an executive storyboard that shows all material issues identified in the organization, across all risk mitigation programs, as it relates specifically to ABAC.
o Multiple levels of access control and security in order to ensure that sensitive data is only available to those who should be involved in a particular part of the process.
o Visual reporting capabilities that, where needed, are fully integrated into an overall risk
Risk & Controls
Database
Payment/Benefits
Transactions Identify & Assess
Risks
Identify & Assess
Controls
Manage
Exceptions Design & ConfigureTests
Run Tests
& MonitorReport
Respond
& ResolveTests
24 - Bribery & Corruption: The essential guide to managing the risks
WE’RE HERE TO HELP
ACL has drawn upon its two
decades of experience working
with thousands of customers
worldwide to develop detailed
methodologies and best practices
for managing anti-bribery and
anti-corruption compliance.
For a free assessment of how your
organization can best integrate
technology into your
compliance program,
call 1-888-669-4225
or email info@acl.com
HOW DOES YOUR ORGANIZATION RANK?
The business media regularly reports news showing the increasing
magnitude of threats posed from failing to comply with anti-bribery
and anti-corruption legislation.
We know that some organizations are well down the path of implementing effective programs to manage these risks, while others still have a very long way to go. Where does your organization fit in this spectrum? We hope that this eBook has provided you with some helpful information on how to best manage the risks associated with bribery and corrupt payments, using technology including data-centric compliance management as a key driver.
We are here to help.
IS YOUR ORGANIZATION AT RISK
OF HAVING TO PLEAD GUILTY?
Take the Anti-Bribery Self-Assessment Quiz
26 - Bribery & Corruption: The essential guide to managing the risks
ANTI-BRIBERY AND ANTI-CORRUPTION TECHNOLOGY BUYING CHECKLIST
Make sure your ABAC compliance software platform has the following capabilities:
1. IDENTIFY AND ASSESS RISKS
o Ability to record, assess, and rank a range of risks in a structured and consistent way that provides sufficient detailed information for comparison and reference purposes
2. IDENTIFY MITIGATION PROCEDURES TO
REDUCE THE RISKS AND THEIR IMPACT
o Ability to clearly identify the relevant mitigation proceduresand controls for specific bribery and corruption risks
o Ability to assess the effectiveness of each mitigation procedure or control
3. MONITOR
o Links between individual controls and the tests used to examine transactions and other data
o Ability to perform a wide range of data analysis tests on an automatic basis and link the results back to the description of the control
o Visual analysis of testing results
4. MANAGE EXCEPTIONS
o Flexible workflow capabilities that can accommodate a range of alternate actions depending on the nature of exceptions generated
o Comprehensive visual reporting on the status of exception management activities, in summary and at a detailed level
o Ability to collaborate with any stakeholder of the organization – including vendors, partners, contractors, clients and employees and request confirmation or evidence for the validity of a transaction or payment
o “Human analytic” capabilities, meaning the ability to assess and combine responses that individuals provide when following up on exceptions
5. GENERAL CAPABILITIES
o Designed for rapid configuration and implementation
o Software runs on a range of mobile devices
o Seamless integration across functional capabilities, including data analysis
o Modern, simple design and best practices user interface
6. REPORTING AND ONGOING ASSESSMENT
o The ability to quickly and easily get an overview of the statusof the entire ABAC process and move down to whatever detailed level is appropriate
o Provide an executive storyboard that shows all material issues identified in the organization, across all risk mitigation programs, as it relates specifically to ABAC
o Multiple levels of access control and security in order to ensure that sensitive data is only available to those who should be involved in a particular part of the process
o Visual reporting capabilities that, where needed, are fully integrated into an overall risk management dashboard
o Reporting that can be accessed from a range of technologies, including smart phones, tablets and laptops
#
Bribery & Corruption: The essential guide to managing the risks - 28
© 2015 ACL Services Ltd. ACL and the ACL logo are trademarks or registered trademarks of ACL Services Ltd. All other trademarks are the property of their respective owners.
ABOUT THE AUTHOR:
JOHN VERVER
John Verver, CPA, CISA, CMC is an acknowledged thought leader, writer and speaker on the application of technology, particularly, data analysis, in audit, fraud detection, risk
management and compliance. He is recognized internationally as a leading innovator in continuous controls monitoring and continuous auditing and as a contributor to professional publications. He is currently a strategic advisor to ACL, where he has also held vice president responsibilities for product strategy, as well as ACL’s professional services organization. Previously, John was a principal with Deloitte in Canada
ABOUT ACL
ACL delivers technology solutions that are transforming audit, compliance, and risk management. Through a combination of software and expert content, ACL enables powerful internal controls that identify and mitigate risk, protect profits, and accelerate performance.
Driven by a desire to expand the horizons of audit and risk management so they can deliver greater strategic business value, we develop and advocate technology that strengthens results, simplifies adoption, and improves usability. ACL’s integrated family of products—including our cloud-based governance, risk management, and compliance (GRC) solution and flagship data analytics products—combine all vital components of audit and risk, and are used seamlessly at all levels of the organization, from the C-suite to front line audit and risk professionals and the business managers they interface with. Enhanced reporting and dashboards provide transparency and business context that allows organizations to focus on what matters.
And, thanks to 25 years of experience and our consultative approach, we ensure fast, effective implementation, so customers realize concrete business results fast at low risk. Our actively engaged community of more than 14,000 customers around the globe—including 89% of the Fortune 500—tells our story best. Here are just a few.