Protection notice / Copyright notice Confidential / © Siemens AG 2009. All rights reserved. Oversight and Compliance Public and Private Sector models Mark Gough Deputy Head Compliance Investigations Corporate Legal and Compliance, Siemens AG IAS Conference, Brussels, 13 October 2009
Protection notice / Copyright noticeConfidential / © Siemens AG 2009. All rights reserved. Oversight and Compliance Public and Private Sector models Mark.
Mar 27, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Protection notice / Copyright noticeConfidential / © Siemens AG 2009. All rights reserved.
Oversight and CompliancePublic and Private Sector models
Mark GoughDeputy HeadCompliance InvestigationsCorporate Legal and Compliance,Siemens AG
IAS Conference, Brussels, 13 October 2009
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 2
Copyright notice
Overview
1. History
2. Audit and Investigation – Differences; Standards
3. Feeding Investigations
4. UN Model
5. Siemens Model
6. Lessons learned
7. Going Forward
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 3
Copyright notice
History
The Gough Experience – History Repeats
United Nations 1996 – 2008 (Investigations Division)
- building the unit; conducting/managing investigations; anti-corruption strategies
Siemens AG 2008 to date (Compliance Investigations)
- Building the unit; conducting/managing investigations; anti-corruption strategies
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 4
Copyright notice
Audit and Investigation
Differences:
Audit = control of systems and regulations; lacunas in controls; inferential; consultative
IAA Standards: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Investigation = control of organizational behaviour and ethics; lacunas in ethical and/or moral behaviour; evidentiary; defensive/adversarial and consultative
Investigation is a legally-based, fact-gathering process to identify personal culpability for violations of internal rules, regulations and national laws and make recommendations for sanctions.
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 5
Copyright notice
Audit – Dealing with Fraud (IIA Standards)
1210 - Proficiency
1210.A2 - Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.
(IIA International Standards for the Professional Practice of Internal Auditing)
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 6
Copyright notice
Feeding Fraud and Corruption Investigations
Audit Support for Successful Investigations
- Heavy reliance on input from experienced colleagues (friendly)
- Audit reports and auditors - rich veins of information
- Information collection tasking of audit groups – yes or no?
- Formal or informal audit reporting to investigations
- Audit cycles and joint activity
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 7
Copyright notice
The United Nations Model
Internal Audit Division The internal auditing function is an independent, objective, assurance and advisory
activity designed to add value and improve the Organization's operations. Internal audits help the Organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control and governance processes.
According to United Nations Financial Regulation 5.15, OIOS is responsible for conducting independent internal audits in accordance with the International Standards for the Professional Practice of Internal Auditing.
Internal audit reports contain recommendations intended to address shortcomings identified while reviewing specific management activities or operational areas. Implementation of the most critical audit recommendations by management is carefully tracked.
Programme managers are expected to promptly act on the audit findings and recommendations and to also report to OIOS on the status of implementation. OIOS follows up and monitors its audit recommendations until they are fully implemented.
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 8
Copyright notice
The United Nations Model
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 9
Copyright notice
The United Nations Model – Feeding Investigations
Internal Audit Division Manual:
B.3.1.1 Identification of Fraud Indicators
- IAD staff shall immediately report to the Director any possible cases of fraud orother major irregularity that comes to their attention, and which may requireinvestigation by the OIOS Investigations Division. In addition to providing theInvestigations Division with information and documentation on any such cases, the auditor may, if required, be asked to assist in the investigation itself.
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 10
Copyright notice
The United Nations Model – Issues for consideration
Common Management – Investigations and Audit - need for separation?
Debates in OIOS - money, people and influence
Support to Investigations: - Formalised- Is this correct?
Implementation of Recommendations – does it happen?
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 11
Copyright notice
The Siemens Model
The mission of Siemens Corporate Audit (CF A) is to add value and improve the worldwide operations and processes of Siemens AG and its Affiliated Companies (Siemens), by independently and objectively evaluating and reporting on Siemens' financial reporting integrity, the effectiveness of risk management and internal control systems, and the adherence to Siemens' compliance policies in a systematic and disciplined manner.
CF A shall conduct – in accordance with an enterprise-wide, risk-based schedule established in agreement with the Managing Board and Audit Committee – the following audits, including, but not limited to: (i) financial audits, (ii) operational audits, (iii) information technology audits, and (iv) compliance audits in coordination with the Chief Compliance Officer. The results of these audits will be reported to the Managing Board and the Audit Committee, as deemed appropriate.
The audits conducted by CF A will meet or exceed the International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors.
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 12
Copyright notice
The Siemens Model
Audit
Historical Problems in Detection → Complete Revision of Structure (Financial Audit, Operational Audit, Compliance Audit, Forensic Audit, IT Audit – plus Operational Review)
Resourcing and Management - Separated– 500 audit staff worldwide in 4 hubs (USA, China, India, Germany)- 600 Compliance staff worldwide (17 investigators plus pool)
Remediation responsibility – only in Compliance function
Support to Investigations – Not so formalised – but connected
Protection notice / Copyright notice
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 14
Copyright notice
Global Compliance Organization – Corporate Functions
Corporate UnitsCompliance
Officer
SectorCompliance
Officers
CompliancePolicies,
Communication & Training
Compliance Program, Projects
& Reporting
ComplianceOperating
Officer
DisciplinarySanctions
Compliance Helpdesk &Monitoring
ComplianceInvestigation
RegionalCompliance
Officers(RCOs)
Compliance Legal
Division Compliance
Officers(DCOs)
Chief Compliance
Officer
Cross SectorCompliance
Officers(DCOs)
ComplianceGlobal
Coordinators
Compliance represented in Managing Board Embedded in business units and regions
Member of the Managing BoardGeneral Counsel
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 15
Copyright notice
Lessons Learned – Successful Audit and Investigation
Independence of Audit and Investigation:
- Must be real - not perceived- Must have funding to mirror responsibilities- Must be able to independently determine audit plan
Management of Audit and Investigation:
- Must be committed to strategic common interest- Must be audit or legally trained- Must be open to information sharing (need to know concept)- Must be investigation savvy
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 16
Copyright notice
Going Forward
Which model feeds investigations best?
Are they different?
Audit Specialisation – Forensic and IT Audit data collection (+++)
Notification System formalised
Reduction of Competition
Agreed Common Goals
Siemens ComplianceProtection notice / Copyright notice
2009-10-13 Mark GoughPage 17
Copyright notice
Thank you for your attention!
Confidential / © Siemens AG 2009. All rights reserved.
Mark GoughDeputy HeadCompliance InvestigationsSiemens AGCorporate Legal and ComplianceCL CO I
Wittelsbacherplatz 280333 Munich, Germany
Phone: +49 89 636 32844Fax: +49 89 636 1332844Mobile: +49 1522 8874914
E-mail: [email protected]
Related Documents
