POPULARITY
6 episodes with joe howell
3 episodes with joe howell
Is the Black Church dead, or is it perhaps more alive than ever before? This week, we invited esteemed film producer Joe Howell and filmmaker Rafiq Nabali to our show, two creative minds behind the thought-provoking documentary, Let the Church Say. They tackle this intriguing question head-on, challenging the narrative around the Black Church and its relevance in our present-day society. Buckle up as we journey through the rich and complex tapestry of the Black Church, tracing its roots and its influence on Black economics, finance, and the civil rights movement. This institution has served as an incredible support system, providing not just spiritual comfort but financial and legal assistance. Joe and Rafiq provide a new perspective, highlighting how the younger generation's involvement in the Church can bring about progress and action. Finally, we move towards the future, discussing the plans of bringing Let the Church Say to different parts of the country. This documentary can serve as a jump-off point for necessary conversations within and beyond the Church. We also delve into how faith can guide us and how we can create ripples of impact through God's guidance. This episode is a testament to the robust and enduring spirit of the Black Church, a source of empowerment and transformation for the community. Join our enlightening conversation and immerse yourself in the story of an institution that has not just survived but thrived in the face of adversity.
Join us as Erika Jobes - ennea-type 8, cardiac nurse practitioner, and faculty instructor with The Institute for Conscious Being - shares about the crucial role integrative use of the enneagram is playing in her journey into a more conscious life AND the extraordinary enneagram learning opportunity coming to Birmingham. Whether you are new to the enneagram, already work with it on some level, or are a veteran with this ancient wisdom system, you will not want to miss this interactive presentation of the spiritual enneagram, led by Dr. Joe Howell, clinical psychologist, co-founder of The Institute for Conscious Being, International Enneagram Association (IEA) Accredited Professional Teacher, and author of Becoming Conscious: The Enneagram's Forgotten Passageway. Return to Essence: Dive Deeply Into The Spirituality Of The Enneagram will be hosted by Birmingham's historic downtown First Church United Methodist Church, August 12th and 13th, 2022. You can get more information and sign up for this event by going here https://www.eventbrite.com/e/return-to-essence-dive-deeply-into-the-spirituality-of-the-enneagram-tickets-319707322207?utm-campaign=social%2Cemail&utm-content=attendeeshare&utm-medium=discovery&utm-source=strongmail&utm-term=listing
As with the other components of the COSO Cube, the objective of Information and Communication is not to be taken in a vacuum. Indeed, one of the more interesting aspects of this objective is that it runs not only vertically but also horizontally. Principle 13: Use of relevant and quality information. Principle 14: Communicate internally. Principle 15: Communicate externally. Discussion. Obviously, there must be communications up and down from the Board but also within an organization for dissemination of the appropriate compliance related information. For this principle, the CCO or compliance practitioner should also evaluate the communication lines to third parties. This communication can flow both ways, as noted, with compliance obligations to third parties but also information in the form of compliance issues back from third parties. Joe Howell noted “communication internally is how you establish the communications with your sales organization, with your sales operations. How do you establish communications with the legal organization? How do you establish information with the post-sales organizations? Even with the auditors, and your internal auditors and your external auditors and the board, to give the Audit Committee of the Board comfort that the company has put in place the right levels of controls.” Three key takeaways: Consider the use of relevant and quality information. You need to document your internal communications so auditors can review the audit trail. This objective relates to your third-party compliance program.
What specifically are internal controls in a compliance program? Internal controls are not only the foundation of a company but are also the foundation of any effective anti-corruption compliance program. Internal controls expert Joe Howell, former Executive Vice President (EVP) at Workiva, Inc., has said that internal controls are systematic measures, such as reviews, checks and balances, methods and procedures, instituted by an organization that performs several different functions. These functions include allowing a company to conduct its business in an orderly and efficient manner; to safeguard its assets and resources, to detect and deter errors, fraud, and theft; to assist an organization ensuring the accuracy and completeness of its accounting data; to enable a business to produce reliable and timely financial and management information; and to help an entity to ensure there is adherence to its policies and plans by its employees, applicable third parties and others. Howell adds that internal controls are entity wide; that is, they are not just limited to the accountants and auditors. Howell also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes diversion of company assets, such as by unauthorized sales discounts or receivables write-offs as well as the distribution of assets. Three key takeaways: Effective internal controls are required under the FCPA. Internal controls are a critical part of any best practices compliance program. There are multiple FCPA enforcement actions that demonstrate the enforcement spotlight on internal controls.
One of the ongoing questions from members of Board of Directors is how to resolve the tension between oversight and managing. I recently had the opportunity to visit with Joe Howell, the Executive Vice President (EVP) of Workiva, Inc. on this subject. Howell has worked on and with Boards of Directors at various companies and I wanted to garner his understanding of the role of a Board and both senior management and a Chief Compliance Officer (CCO). Howell had a short response which I thought was an excellent starting point to understand the role; put sand in the shoes of management. The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong”, can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer putting the little bit of sand in the shoe to make sure that you’re thinking about things carefully can cause you to step back and really focus your resources where they're needed.” Howell noted the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “one very good example is the whole, the reputation of those stakeholders involved in the company and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell went on to state, “it’s very important as we go through some of the ways the board can help management in that role. I think the things that really make a difference to management is when the board is able to be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their own underlying assumptions and biases.” A Board is not simply there to be a rubber stamp for senior management. It must exercise independent judgment, action and oversight. Further, it is the Board’s role to ask hard, difficult and probing questions to make sure management is not only doing its job but has considered other risk possibilities. Three Key Takeaways Boards should force management to open up the company to itself. Boards should be a grain of sand in the shoe of management. Boards should make sure senior management is aware of and planning for both known and unknown risks.
With decades of CFO experience, and as a founder of the SEC and SOX Professionals Groups, Joe Howell has a ton to say about the historical perspective of the COVID-19 situation and how accounting pros can make the best of the change in their own careers.
Join us this week as Dr. Joe Howell and Erika Jobes welcome Nanette and Sai Mudium back to the podcast! We were delighted to have them as guests again to discuss living out of Essence rather than Ego. The conversation centers around the rich depth that comes to our relationships when we are engaging with others through our Soul Child.
Show Notes: http://wetflyswing.com/16 The history of steelhead fly fishing and fly tying is covered in episode 016 of the fly fishing show. John Shewey breaks down the history of steelhead flies and how things have evolved over the years in steelhead fly fishing. John is the current editor-in-chief of the NW Fly Fishing group of magazines and has written some of the best and most beautiful steelhead books you've ever seen. We talk about swinging flies on the North Umpqua and North Santiam and how it all came to be. Click below to listen to the episode with John Shewey: Find the show: itunes | stitcher | overcast Subscribe on Android Subscribe on Apple Podcasts Subscribe via RSS Show Notes with John Shewey: 4:05 - Dave McNeese was the first fly shop and one of the first people to apply east coast salmon flies to steeelhead flies 6:40 - Sid Glasso is another huge name in fly fishing and influence to Dave McNeese 9:00 - The Eel River and John Ben is where steelhead fly fishing first began 14:14 - The Parmacheene Belle fly pattern and story told of a pattern that caught a lot of fish back in the day, but people quit fishing it and it disappeared. You can find a photo at the link above and by scrolling down on this page. 16:55 - Jay Nicholas episode of the fly fishing show 17:40 - Trey Combs Steelhead Fly Fishing and Flies is one of the most influential books in history 19:05 - Classic Steelhead Flies is already a classic book 21:05 - Modern Steelhead Flies by Jay Nicholas is a comparison that John makes 25:55 - The North Santiam was John's home river since the 1980's and a river where he has hooked into many summer steelhead 34:05 - John talks about the demographics of the NW Fly Fishing magazine and the difference between the Drake Magazine in readers 41:35 - Birds of the Pacific Northwest and Oregon Beaches showcase John's diversity of publishing 43:45 - Caddis Float Tubes and Bob Houston was a great opportunity at the time and opened some doors for John to continue moving forward 44:20 - Fly Tyer Magazine was John's first publication and he would continue to write for the magazine 45:05 - Steve Probasco was the editor of NW Fly Fishing Magazine and was John's predecessor 47:30 - Rob Bryce Interview on the Skeena basin 53:55 - Forrest Maxwell was a mentor and fishing and hunting buddy 55:15 - Spawning Purple Fly was a fly that developed from the connection with Forrest 1:02:40 - The NW Fly Tying Expo is one of the biggest fly tying events in the western US 1:03:30 - Frank Moore and Joe Howell were icons on the North Umpqua. This link on Mending the line is Frank Moore's story You can reach John at matchthehatch.com if you have any questions or want to check out NW Fly Fishing magazine. [caption id="attachment_2501" align="alignnone" width="442"] http://www.nwexpo.com/tyer_john_shewey.php[/caption] "It's an invitation, because I know that anything I produce out of my vice has an equal chance." -John Shewey [caption id="attachment_2510" align="alignnone" width="518"] http://nwexpo.com/legends_plate-2015.php[/caption] Conclusion with John Shewey I wanted to give a huge thanks to John for taking the time to come on the show and talk about the history of the sport we all love. Hearing John talk about how it all started on the Eel River with the first summer steelhead and has evolved into modern spey lines and flies. I especially loved the tips John shared about what it takes to be a writer or photographer in the fly fishing industry. It's a great story to hear how John got to the place he is at now in fly fishing.
Episode 2: Corporate Solutions features Joe Howell of NAI Corporate Solutions chatting with our Host, and Global Director of New Offices, Simon Hartzell about his experience with different types of property owners and value-adds for their clients. You can learn more about NAI Global Corporate Solutions and Joe Howell here: http://www.naiglobal.com/members/nai-global-corporate-solutions-castle-pines. If you have any questions, you can reach Simon Hartzell at shartzell@naiglobal.com.
One of the ongoing questions from members of Board of Directors is how to resolve the tension between oversight and managing. I recently had the opportunity to visit with Joe Howell, the Executive Vice President (EVP) of Workiva, Inc. on this subject. Howell had a short response which I thought was an excellent starting point to understand the role; put sand in the shoes of management. Learn more about your ad choices. Visit megaphone.fm/adchoices
One of the ongoing questions from members of Board of Directors is how to resolve the tension between oversight and managing. I recently had the opportunity to visit with Joe Howell, the Executive Vice President (EVP) of Workiva, Inc. on this subject. Howell had a short response which I thought was an excellent starting point to understand the role; put sand in the shoes of management. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week we turn our attention to COSO, with an introduction to the organization and its framework for internal controls. I will go through the internal controls and how they relate to compliance. Finally, I will end with a discussion of evaluation of internal controls through the COSO Framework. Once again, I am joined in this exploration by internal controls and accounting expert Joe Howell, EVP at Workiva, Inc. What is COSO? That acronym stands for Committee of Sponsoring Organizations of the Treadway Commission, which originally adopted in 1992, as a framework for basis to design and then test the effectiveness of internal controls. It was deemed necessary to update this more than 20-year old COSO Framework, to provide a more supportable approach when adversarial third parties challenge whether a company has effective internal controls (such as the SEC). While the COSO Framework is designed for financial controls, I believe that the SEC will use the 2013 Framework to review a company’s compliance internal controls. This means that you need to understand what is required under the 2013 Framework and can show adherence to it or justify an exception if you receive a letter from the SEC asking for evidence of your company’s compliance with the internal controls provisions of the FCPA. COSO has produced three volumes detailing the 2013 Framework. The first lays out the Framework and is entitled “Internal Control – Integrated Framework”, herein ‘the Framework volume’. The second is an Illustrative Guide, entitled “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls”, herein ‘the Illustrative Guide’, which discusses how best to assess your internal control regime and provides forms and work sheets to use in this exercise. The third volume is the Executive Summary of the first volume, herein ‘Executive Summary’. All three works form an excellent starting point for exploration of the COSO Framework and how you might use it for your best practices anti-corruption compliance program. In the 2013 update the basic framework was retained with substantial support from user companies, and 3 specific objectives were added: (I) Operations Objectives – effectiveness and efficiency of operations, including safeguarding assets against loss; (II) Reporting Objectives – internal and external financial reporting; and (III) Compliance Objectives – adherence to laws and regulations to which the entity is subject. According to the guidance in the 2013 update, the system of internal controls can be considered effective only if it provides reasonable assurance the organization, among other things, complies with applicable laws, rules, regulations and external standards. With the addition of those specific objectives, the COSO framework now specifically includes the need for controls to address compliance with laws and regulations. The COSO Framework defines internal controls, from bottom to top, with the following Objectives: (a) Control Environment, (b) Risk Assessment, (c) Control Activities, (d) Information and Communication, and (e) Monitoring. From these five Objectives come 17 Principles which we will be exploring throughout this series. Larry Rittenberg, in his book “COSO Internal Control-Integrated Framework”, said that the original COSO framework from 1992 has stood the test of time “because it was built as conceptual framework that could accommodate changes in (a) the environment, (b) globalization, (c) organizational relationship and dependencies, and (d) information processing and analysis.” Moreover, the updated 2013 Framework was based upon four general principles which include the following: (1) the updated Framework should be conceptual which allows for updating as internal controls [and compliance programs] evolve; (2) internal controls are a process which is designed to help businesses achieve their business goals; (3) internal controls applies to more than simply accounting controls, it applies to compliance controls and operational controls; and (4) while it all starts with Tone at the Top, “the responsibility for the implementation of effective internal controls resides with everyone in the organization.” For the compliance practitioner, this final statement is significant because it directly speaks to the need for the compliance practitioner to operationalize internal controls for compliance and not to simply rely upon a company’s accounting, finance or internal audit function to do so. The primary object is to keep in mind that even if an organization adopts the Framework, there will be very few people within that organization who will have the unique knowledge that a compliance officer has that would impact all the elements of the Framework. The compliance officer's role is to provide the input to the Chief Financial Officer (CFO) and others involved in the implementation, to be sure that there is a proper focus on the risks that really are part of the compliance world. This primarily comes through the risk assessment component, the control activities, and then the monitoring. Companies typically do risk assessment from an operational standpoint and address business risks going forward and then develop the controls that deal with those business risks, which could be project financial results, doing business in certain countries, strategic decisions and similar issues. All of this puts the compliance function in the unique position to be the fulcrum on many issues which will come up with a COSO based analysis or implementation. The updated Framework retained the core definition of internal controls; those being control environment, risk assessment, control activities, information and communication, and monitoring activities. Further, these five operational concepts are still visually represented in the well-known three-dimensional “COSO Cube”. In addition, the criteria used to assess the effectiveness of an internal control system remain largely unchanged. The effectiveness of internal control is assessed relative to the five components of internal controls and the underlying principles supporting the components. However, it is the emphasis on the principles, which is new to the 2013 Framework. Joe Howell noted that the COSO Framework can be seen as both a prevent and detect control. He also related that your internal controls need to be sustainable over the long haul. He stated, “You cannot just build one off things that allow you to do one period and not have a process in place that is going to help you through all of the periods that you need to cover. The controls cannot just be a one and done. Many companies are going to find that their initial approach to all of this is one and done.” As we explore the COSO Framework, the compliance practitioner should understand how the entire Framework interacts and intersects with the compliance function in a manner which is sustainable throughout the organization. Three Key Takeaways You must use the COSO Framework or a similar source for your internal controls structure. The 2013 Framework identifies the following areas: (a) Control Environment, (b) Risk Assessment, (c) Control Activities, (d) Information and Communication, and (e) Monitoring. Your internal controls must be sustainable. For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com. Learn more about your ad choices. Visit megaphone.fm/adchoices
Joe Howell, EVP of Workiva, Inc. as noted that it is reasonable to expect that internal controls over gifts, travel and entertainment (GTE) be designed to ensure that all satisfy the criteria as defined in company policies. Generally speaking, these are fairly narrow, including a definition of the dollar limit, which must not be exceeded in order for gifts to be permissible, coupled with some subjective criteria such as the legality of the gifts for the recipient and whether the practice is customary within the country where the gift is delivered. The question I focus on is how to enforce the policies so that employees are not free to disregard them at will? The Department of Justice (DOJ), in several enforcement actions and the FCPA Guidance has emphasized the importance of risk assessment and effective controls and building a program tailored to those risks. Many companies effectively minimize the risk of inappropriate gifts through stringent pre-approval requirements because a sufficiently robust and enforced pre-approval policy can reduce the number of gifts simply because of the headache of getting the pre-approval. This has the added benefit of ensuring enforcement of internal controls, largely because of the reduced volume of gifts being included in expense reports. In considering the effectiveness of controls, you must always keep in mind the most frequently used method for defeating an internal control, which is driven by a dollar amount criteria, is splitting the item into multiple parts in order to appear to stay under the limit and to avoid the defined approval authority based on the amount of the gift. The key analysis is whether there are controls in place to enforce the policies and whether those controls are documented. There are four issues to evaluate. Is the correct level of person approving the payment / reimbursement for the gift? Are there specific controls, including signoffs, to demonstrate that the gift had a proper business purpose? Are the controls regarding gifts sufficiently preventative, rather than relying on detect controls? If controls are not followed, is that failure detected by other internal controls or the compliance protocols? While many compliance practitioners believe that employee expense reports are a sufficient internal control regarding gifts, because there are other ways in which a gift can be presented, there need to be other controls. Once your company policy on gifts has been finalized, the internal controls over expense reports fall into three basic areas: (1) The expense report format, including what information it requires; (2) Controls over the submitting employee and the preparation of the expense report; and (3) Controls to ensure the approvers do their review process properly. Consider the format itself of an expense report, which can be a prevent control. First it is important to have preprinted representations and certifications within the form because these can lead to “stop and think” type of controls, meaning the person submitting the expense report has to at least consider the information being submitted. The form can be signed without reading the preprinted representations, but if the employee and reviewers have been trained on how to review the expense report, it can be difficult to say later that the submitting employee did not understand what they were signing. Next consider the Preparer’s representations and the Approver’s representations. The Preparer’s representations include ensuring that all items representing a proper business purpose comply with the company’s code of conduct, comply with local law and custom, and comply with all applicable company policies. The Approver’s representations ensure that all supporting documentation has been examined and that all documentation complies with applicable company policies, including the submission of original receipts. Further, the approver should certify that they have complied with all company policies regarding the review and approval of the expense report. Some companies have two basic forms of expense reports. One pertains to US locations and does not involve any expenses incurred outside the US. The second is for items involving locations or persons outside the US. The international reporting form might have more stringent requirements and should provide for more detailed disclosures. It could require reporting, in a separate section of the expense report, all items that involve government officials, so that these items are not “buried” elsewhere in the expense report. Just as an added measure, the expense report includes a column where other expenses are reported which requires the submitter to check “Government Official YN?” this type of format should require sufficient disclosure of information regarding each item involving government officials. The next step in such an enhanced protocol would require a senior officer from the business unit to approve any reimbursements that meet certain criteria, for example, certain geographical areas or countries. Finally, such an enhanced representation could also include separate sections for each item requiring a description of the business purpose of meals, entertainment, names and business affiliation of all attendees, description of gifts and their business purpose, etc. A typical expense report requires this information to be on the receipt. Howell believes that moving beyond simply requiring receipts and requiring such detail to be incorporated directly onto the expense reimbursement forms highlights the presence or absence of proper documentation much more readily. Howell ended by noting it was incumbent to ensure reviewers sign off that each such item has documentation that required pre-approvals were obtained, if necessary. Internal controls around gifts can be used in a variety of ways in your best practices compliance program. They can certainly be used to detect an issue and perhaps even prevent an issue from becoming a full-blown FCPA violation, however, by using some of the techniques that Howell has suggested you can move your compliance program to a proscriptive phase where you not only stop an issue from becoming a violation but through identification, you can move towards remediation as a part of your ongoing compliance efforts. The bottom line is good internal controls make for good business processes; if you can move your compliance program’s internal controls forward, you can help make them a part of your financial controls and thereby have a better run company. Three Key Takeaways GTE compliance internal controls are low hanging fruit, pick them. Compliance internal controls can be both detect and prevent controls. Good compliance internal controls are good for business. For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com. Learn more about your ad choices. Visit megaphone.fm/adchoices
What specifically are internal controls in a compliance program? Internal controls are not only the foundation of a company but are also the foundation of any effective anti-corruption compliance program. The starting point is the FCPA itself, requires the following: Section 13(b)(2)(B) of the Exchange Act (15 U.S.C. § 78m(b)(2)(B)), commonly called the “internal controls” provision, requires issuers to: devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that— (i) transactions are executed in accordance with management’s general or specific authorization; (ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences …. The Justice Department (DOJ) and Securities and Exchange Commission (SEC), in their 2012 FCPA Guidance, stated, “Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organization regarding integrity and ethics; risk assessments; control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring.” Moreover, “the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.” Aaron Murphy, Assistant Solicitor General in the Office of the Attorney General for the state of Utah and the author of “Foreign Corrupt Practices Act: A Practical Resource for Managers and Executives”, said, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.” Internal controls expert Joe Howell, EVP at Workiva, Inc. has said that internal controls are systematic measures, such as reviews, checks and balances, methods and procedures, instituted by an organization that performs several different functions. These functions include allowing a company to conduct its business in an orderly and efficient manner; to safeguard its assets and resources, to detect and deter errors, fraud, and theft; to assist an organization ensuring the accuracy and completeness of its accounting data; to enable a business to produce reliable and timely financial and management information; and to help an entity to ensure there is adherence to its policies and plans by its employees, applicable third parties and others. Howell adds that internal controls are entity wide; that is, they are not just limited to the accountants and auditors. Howell also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes diversion of company assets, such as by unauthorized sales discounts or receivables write-offs as well as the distribution of assets. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) in its 2013 Internal Controls Framework defined internal controls, in its publication entitled “Internal Controls – Integrated Framework”, as follows: Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. This definition reflects certain fundamental concepts. Internal control is: Geared to the achievement of objectives in one or more categories—operations, reporting, and compliance A process consisting of ongoing tasks and activities - a means to an end, not an end in itself Effected by people - not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organization to affect internal control Able to provide reasonable assurance - but not absolute assurance, to an entity’s senior management and board of directors Adaptable to the entity structure - flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process. The Integrated Framework goes on to note, “This definition is intentionally broad. It captures important concepts that are fundamental to how organizations design, implement, and conduct internal control, providing a basis for application across organizations that operate in different entity structures, industries, and geographic regions.” Why are internal controls important in your compliance program? Two FCPA enforcement actions demonstrate the reason. The first came in late 2013 when the DOJ obtained a criminal plea from Weatherford International (WFT). There were three areas where WFT failed to institute appropriate internal controls. First, around third parties and business transactions, limits of authority and documentation requirements. Second, on effectively evaluating business transactions, including acquisitions and joint ventures (JVs), for corruption risks and to investigate those risks when detected. Finally, around excessive gifts, travel, and entertainment, where such expenses were not adequately vetted to ensure that they were reasonable, bona fide, and properly documented. The second case involved the gun manufacturer Smith & Wesson (S&W). The case did not include a criminal charge filed by the DOJ but a civil matter was prosecuted administratively by the SEC. In its Administrative Order, the SEC stated, “Smith & Wesson failed to devise and maintain sufficient internal controls with respect to its international sales operations. While the company had a basic corporate policy prohibiting the payment of bribes, it failed to implement a reasonable system of controls to effectuate that policy.” Moreover, the company did not “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed in accordance with management’s general or specific authorization; transactions are recorded as necessary to maintain accountability for assets, and that access to assets is permitted only in accordance with management’s general or specific authorization”. The whole concept of internal controls is that companies need to focus on where the risks are, whether they be compliance risks or other, and they need to allocate their limited resources to putting controls in place that address those risks, and in the compliance world, of course, your two big risks are the assets or resources of a company. Not just cash but inventory, fixed assets etc., being used to pay a bribe, and then the second big element would be diversion of company assets, such as unauthorized sales discounts or receivables and write offs, which are used to pay a bribe. As an exercise, I suggest that you map your existing internal controls to the Ten Hallmarks of an Effective Compliance Program or some other well-known anti-corruption regime to see where control gaps may exist. This will help you to determine whether adequate compliance internal controls are present. From there you can move to see if they are working in practice or ‘functioning’. Internal controls will only become more important in FCPA enforcement. This month you will learn how to get ahead of the curve. Three Key Takeaways Effective internal controls are required under the FCPA. Internal controls are a critical part of any best practices compliance program. The Weatherford and Smith & Wesson FCPA enforcement actions demonstrate the enforcement spotlight on internal controls. For more information on how to improve your internal controls management process, visit this month’s sponsor Workiva at workiva.com. Learn more about your ad choices. Visit megaphone.fm/adchoices
One of the ongoing questions from members of Board of Directors is how to resolve the tension between oversight and managing. I recently had the opportunity to visit with Joe Howell, the Executive Vice President (EVP) of Workiva, Inc. on this subject. Howell has worked on and with Boards of Directors at various companies and I wanted to garner his understanding of the role of a Board and both senior management and a Chief Compliance Officer (CCO). Howell had a short response which I thought was an excellent starting point to understand the role; put sand in the shoes of management. The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong”, can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer putting the little bit of sand in the shoe to make sure that you’re thinking about things carefully can cause you to step back and really focus your resources where they're needed.” Board’s do this by posing questions to management that help them challenge their own assumptions, especially those assumptions which senior management is most confident about. Howell said that Board’s “need to help senior management consider the things that management is so sure about that maybe are going to play out the way that they expect. For example, the things that can hurt investors more than anything else is a surprise. Chaos does not help investors in general. The things that surprise investors frequently are the things that also surprise management. Does management consider all of the things that can go wrong and have they built an environment where they can both help prevent those things from happening and detect them when they’re small and they can actually do something about them.” Howell noted the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “one very good example is the whole, the reputation of those stakeholders involved in the company and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell went on to state, “it’s very important as we go through some of the ways the board can help management in that role. I think the things that really make a difference to management is when the board is able to be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their own underlying assumptions and biases.” One of continuing struggles I hear from Board members is asymmetrical information, largely due from the siloed nature of company information and structures. Howell acknowledged, “These sorts of barriers are pervasive in any company of any size that has a particularly operations and different product lines and different markets and different countries and different time zones. These limitations in the free flow of information by themselves create a risk to the organization, to the investors of the organization, to the employees of the organization and the board’s ability to ask questions. If nothing else in their governance control creates this reminder to management to open up itself to itself and listen carefully to its own organization and be able to link information to all of the places it needs to be fed.” I asked Howell to further explain his phase “open itself up to itself and listen”. He provided the following example, “how can the Chief Financial Officer make sure that he is giving all the information that the Chief Compliance Officer needs to do his job? Those questions from the board can be very valuable in making sure that the Chief Financial Officer doesn’t forget these issues and the Chief Compliance Officer has an opportunity to engage constructively with the Chief Financial Officer and others in the organization.” Somewhat counter-intuitively, Howell noted that when it comes to the Board’s oversight role around internal controls, less is often more. This occurs by helping management understand a company can overdo a control environment, “in the sense that when management guides controls around risks that are not going to be the most serious risks to the company, that they end up building excessive amounts of energy and protection where they're not really needed. That you as a management team end up deluding your attention and deluding your resources.” Howell went on to explain it is simply a matter of resources, “When things do go wrong, you’re in effect spread so thin that you don’t see those risks coming at you. The real question where less is more can be very valuable is when the board continues to challenge the management team on the scenarios that could play out. That could be devastating to an organization where risk really matters.” I asked Howell if he could provide any discrete examples and he pointed to the food service industry for the following., “For example, in a food service company or a restaurant company, if there were contamination or if there were things that could happen either at the plant or by people who are touching the food. Those are very serious risks that a company needs to both be mindful of and to be able to prevent. If something goes wrong, you need to be able to detect early. When customers of the company or others are hurt that there’s a consequence of failures that can be devastating.” In another example Howell said he had seen situations where internal “controls that are used for financial reporting for example, when examined in the light of where the risk really exists for the company, the companies have been able to reduce their controls actually by as many as half and improve their overall control environment and reduce the aggregate risk to the company. It’s interesting that even spending less money on controls by having fewer controls can improve the overall comfort that the company and its management and investors are protected from risk.” A Board is not simply there to be a rubber stamp for senior management. It must exercise independent judgment, action and oversight. Further, it is the Board’s role to ask hard, difficult and probing questions to make sure management is not only doing its job but has considered other risk possibilities. Three Key Takeaways Boards should force management to open up the company to itself. Boards should be a grain of sand in the shoe of management. Boards should make sure senior management is aware of and planning for both known and unknown risks. Learn more about your ad choices. Visit megaphone.fm/adchoices
John MacKessy, writing in the Finance Professionals’ Post, in a piece entitled “Knowledge of Good and Evil: A Brief History of Compliance”, noted that the FCPA and Environmental Protection Act (EPA) “prompted companies to develop internal resources that would actively monitor compliance with the laws, rules, and regulations of their industries.” The next step in the evolution of the compliance profession was the defense procurement scandals from the 1980s, where the industries sales of “$400 hammers and $600 toilet seats” to the US government led to the Defense Industry Initiative (DII). This industry led initiative created “a set of principles endorsing ethical business practices and conduct” within the defense industry for its dealings with the US government. The next step in the evolution of the compliance profession was the 1992 US Sentencing Guidelines which, for the first time, set out what the government would consider for credit in sentencing of organizations. Many tribute these 1992 Sentencing Guidelines for the creation of the modern compliance profession. These guidelines included credit for “the specific elements of an effective compliance and ethics program. Companies that embarked on such programs would be eligible for more lenient sentences. To qualify as “effective,” a company’s compliance program would not only have to establish standards and procedures to prevent and detect criminal conduct, but would have to actively promote a culture encouraging ethical conduct and compliance with the law. The implementation of those guidelines in 2004 reflected the need for corporate boards to demonstrate knowledge of compliance programs and fulfillment of oversight responsibilities as part of monitoring the effectiveness of companies’ compliance and ethics programs.” The next major step was the financial accounting frauds and scandals of the late 1990s and early 2000s including Enron, WorldCom and Tyco. These scandals were so wide-ranging, with senior executive participation, if not directing of the corporate fraud that a new legislative response was required and this response was the passage of the Sarbanes-Oxley Act of 2001 (SOX). Aaron Einhorn, writing in the Denver Journal of International Law & Policy, in an article entitled “The Evolution and Endpoint of Responsibility: The FCPA, SOX, Socialist-Oriented Governments, Gratuitous Promises, and a Novel CSR Code”, said, “sections 302 and 404 of SOX together require corporate executives to state their responsibility for designing internal controls, to create such controls, to assess and evaluate these controls, and to draw conclusions about their effectiveness…” SOX specifically charges executive officers with internal controls duties.” Einhorn ends this section by noting, “internal controls have been transformed from a recitation of general duties lodged upon the corporation as a whole to a statement of specific duties imposed on corporate executives in particular.” This strengthened the compliance professional who was called upon to design these internal controls. The next major legislation which enhanced the compliance function was the Dodd-Frank Act of 2010, passed in response to the 2008 financial crisis. MacKessy pointed to the downfalls of Bear Stearns and Lehman Brothers as drivers of more compliance because they both “demonstrated the degree to which external risk events can create a loss of confidence resulting in permanent reputational damage and impaired shareholder value.” The legal and legislative response has been that companies should design effective compliance programs which use risk based programs as a basis to design, create and implement effective compliance programs. Joe Howell, Executive Vice President (EVP) for Workiva Inc., has gone further, drawing a straight line from the FCPA to SOX to Dodd-Frank in the development of the compliance function. All of this means compliance is not going away, no matter what the law enforcement priorities of the new administration. Companies understand that compliance and business ethics have a role in not only driving business strategies and initiatives but that more compliant companies are better run companies and at the end of the day more profitable because they have better controls. MacKessy ends his piece by stating the compliance programs “can provide multiple rewards - from risk mitigation, to reputational enhancement, to business strategy development.” The compliance discipline is where the harmonic convergence occurs in a corporation. Whether it be specific tasks of making sales, vetting relationships or the spade work of creating policies and procedures, it is compliance that drives the discussion of how we should do business. The corporate compliance profession fulfills the business obligation in doing things the right way for, at the end, it will be the compliance profession which implements the requirements of compliance whether those requirements are anti-corruption laws such as the FCPA, the UK Bribery Act, Anti-Money Laundering (AML), export control, anti-trust regulations, or any other regulation that you can name. Equally importantly, the compliance profession is teaching corporations how to evaluate risks and the compliance profession leads that discussion. It is the compliance profession that is the most innovative in not only protecting corporations, but actually helping corporations do business, do business more efficiently, and do business more profitably. Three Key Takeaways Doing compliance is Doing Business. Properly accomplished, compliance makes a business more efficient and more profitable. Use the Robert Gates as a great example of how the FCPA means more business for US companies. For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Learn more about your ad choices. Visit megaphone.fm/adchoices
A discussion with Joe Howell, Executive Vice President of Strategic Initiatives at Workiva about how CFOs and other financial executives can take control of audit fees.
© 2020-2025 Ivy Podcast Discovery LLC
