Scour the existing risk management system. Identify policy, system, and process improvements. Eliminate questionable vendors. Close gaps. Apply analytics to find red flags.
After a compliance-focused risk assessment via a customized questionnaire rollout in seven high-risk countries, including China, Brazil and Mexico, we created a robust regulatory compliance and governance framework to track and mitigate all risks across geographies. We also designed a risk-based comprehensive vendor screening process, an analytics-driven review of high-risk spends, and a workflow-guided process for remediation, action-planning, and closing of all control gaps.
Here's how we performed the review:
We designed and implemented a risk-based framework for screening vendors; along with system-generated reports and vendor risk ratings, it also included identifying risk drivers, escalating true hits, and following up and closing recommended actions for true hits.
As part of the screening, we also:
- Screened a database of about 120,000 vendors in high-risk territories to identify high-risk third parties with sanctions, bribery, or other charges of non-compliance and PEP/SOE links
- Conducted stress testing to finalize confidence limits, fuzzy search criteria, and other parameters to automate the screening process
- Reported potential true hits for review and action
We captured the questionnaire responses from the process owners through the workflows that had built-in follow up and reminder capabilities. We also had follow-up calls, process discussions, and webinars to validate process understanding.
While performing risk assessment, we:
- Identified high risk processes from a compliance perspective across business entities
- Identified control gaps and improvement opportunities in processes such as complimentary or promotional products issuance, marketing spends, T&E, gifts, donations, and training
- Reviewed back-up and supporting documents to assess the operational effectiveness of the existing controls
- Identified root causes for control gaps and recommended remedial action to frame guidelines and reduce exposure to corruption risks
- Reported non-compliance via dashboards and followed up and tracked remediation action plans via workflow-based tool
Applying data analytics to tackle corruption was a key part of our framework, where we:
- Analyzed 100% of T&E and AP transactions, including complimentary and promotional product categories, using customized and corroborative algorithms to cover elements of fraud and regulatory compliance in addition to policy compliance
- Conduced a root cause analysis and remediation action planning via workflows