Anticorruption accounting controls

Article 17, II, 8° of the Sapin 2 Law stipulates that the chairs/presidents, chief executive officers, general managers and managers of companies targeted by said Law must implement:

“accounting controls, whether internal or external, intended to make sure that the books, registers, and accounts are not used to conceal acts of corruption or influence peddling”.

Accounting control and audit procedures help manage risks and are one of the preferred tools for preventing and detecting corruption.

They must focus on the high-risk situations identified in the risk map and be ideally structured around three lines of defense, in the same way as for the internal control and assessment system, i.e.:

• First line of defense, for preventive purpose, aimed at ensuring that tasks that are part of an operational or support process are performed in compliance with the company’s applicable procedures;

• Second line of defense, for detective purposes, aimed at ensuring, randomly or with a pre-defined frequency, that first-line-of-defense actions are properly executed;

• Third line of defense, also referred to as “internal audits”, aimed at ensuring that the control system complies with the company’s requirements, is implemented effectively and is kept up to date.

Anticorruption accounting controls may be performed by the company’s own accounting and financial control function or by an external auditor with the required expertise.

In this context, Soulier Avocats assists companies and groups of companies operating in a wide range of industries in the development, deployment and optimization of anticorruption accounting control procedures to prevent and detect corruption, in accordance with the requirements of the Sapin 2 Law.

Our dedicated team provides support and assistance at each of the following stages:

Coordination between anticorruption accounting controls and existing general-purpose accounting controls

Any and all companies have general-purpose accounting control procedures designed to ensure the regularity, accuracy and reliability of the accounts and financial statements.

Anti-corruption accounting controls:

• Ultimately ensure compliance with the same principles as general-purpose accounting controls (lawfulness, accuracy and reliability of accounts and financial statements);

• Aim specifically at detecting unwarranted and unjustifiable transactions;

• Use the same methods as general-purpose accounting controls, including for instance sampling reviews, consistency reviews, physical controls (inventory counts) and third-party confirmations.

Anticorruption accounting control procedures are established with regard to the high-risk situations identified in the risk map, which may include, but is not limited to:

• Transactions such as sponsorship, patronage, fees and commissions, travel, representation and entertainment expenses, gifts and hospitality, donations, legacies, etc.;

• Unusual transactions (e.g., suspense accounts and temporary accounts);

• High-stakes or extraordinary transactions;

• Transactions involving third-parties from high-risk groups (consultants, intermediaries, etc.);

• Movements or funds or commodities to and from accounts or third parties from high-risk groups (commercial agents, intermediaries, etc.);

• Off-balance sheet commitments, such as commitments made on behalf of third parties, collaterals and guaranties.

The management of some account items, such as the reversal of entries, discounts and rebates, sundry expenditures and cash float, may also be identified as high-risk items in the risk map. Balance sheet items, such as goodwill or suspense accounts and imprest accounts, may also involve a high level of risk.

Formalization of anti-corruption accounting controls

Anti-corruption accounting control processes must be set forth in a dedicated procedure that sets out in particular:

• The scope and the purpose of the controls;

• The role(s) and responsibility(ies) of each stakeholder (senior management, compliance officer, finance and accounting officers, finance and accounting staff, internal control and audit services, statutory auditors) in the implementation of first-line, second-line and third-line of defense anticorruption accounting controls;

• The sampling procedures for transactions that are, as appropriate, subject to controls;

• The definition of a control plan which may include, according to the levels of risk that have been identified, systematic controls and controls by rotation according to a frequency to be defined;

• The procedures for managing anomalies that are found;

• The threshold and materiality criteria that trigger controls.

Content of anti-corruption accounting controls

First line of defense

First-line-of-defense anti-corruption accounting controls are generally performed by the persons responsible for entering and validating accounting entries. These persons must ensure that the entries are properly justified and documented.

To set aside any risk that may result from self-auditing, companies should ensure that high-risk accounting entries are reviewed and validated by a different person than the one who has made the entries.

Reciprocal validation between staff members is satisfactory for entries involving sums under a defined threshold. Entries involving sums above that threshold must be approved by a supervisor.

Second line of defense

Second-line-of-defense anti-corruption accounting controls must be performed all year long by persons who are independent from those who have performed the first-line-of-defense anti-corruption accounting controls.

The purpose is to ensure that the first-line-of-defense anti-corruption accounting controls have been properly conducted.

As such, for example, when sampling review is used, the sampling method must be representative of the risks that are inherent in the transactions, and the sampling procedures must be defined with regard to a prior analysis of the various entries and relevant risks to ensure proper representativeness.

If the first-line-of-defense anti-corruption accounting controls are automated, the second-line-of-defense controls must be adapted accordingly.

The findings of the second-line-of-defense anti-corruption accounting controls must be set forth in a summary report (see below Management of the anomalies found).

Third line of defense

Third-line-of-defense anti-corruption accounting controls, also referred to as “accounting audits”, aim at assessing the effectiveness of anti-corruption accounting controls.

They cover the entire accounting system to make sure that the applicable anti-corruption accounting controls comply with the company’s requirements, are effectively implemented and are kept up to date.

As such, third-line-of-defense anti-corruption accounting control must in particular assess the appropriateness and effectiveness of:

• Governance and resources allocated for anti-corruption accounting controls;

• The methods for developing (in particular with regard to the risk map) and implementing first-line and second-line-of-defense anti-corruption accounting controls.

Management of the anomalies found

Any anomaly found as a result of the anti-corruption accounting controls must be taken into account by the company.

The findings of the second-line-of-defense anti-corruption accounting controls must be set forth in a summary which must include, in the event of anomalies being found, the definition of corrective actions to be implemented within the framework of an action plan. The findings of the third-line-of-defense anti-corruption accounting controls must be set forth in a report submitted to the senior management.

The company may thus be required to amend/supplement some of the existing accounting procedures in order to remedy the anomalies found. Such anomalies must be taken into account in the update of the risk map. They may also be used as additional illustrations in the code of conduct and training materials dedicated to the prevention of corruption.

If the anomaly originates from a failure in the implementation of accounting procedures or the anti-corruption program, the supervisor may consider taking measures against the person responsible for such failure. These measures must be proportional to the severity of the identified failure.

If the anomaly leads to suspicions or cases of corruption, it must be reported to the compliance officer and the senior management, which may decide to launch an internal investigation.

Outsourcing

Anti-corruption accounting controls may be implemented:

• Internally, by the accounting and finance departments or by specialized services (shared services centers, management control, internal audit, etc.) on which the company relies for this purpose; or

• Externally, by competent entities hired by the company.