Compliance risk reviews

Enterprise Risk Management

RISK ADVISORY
Compliance risk reviews


Companies and government entities are required to comply with a range of laws, including legislation, industry codes, organisational standards, as well as standards of good corporate governance, ethics and community expectations.

As the Australian Standard AS 3806 Compliance Programs writes: “failure to embrace compliance values at all levels of an organisation’s operation risks exposing that organisation to a compliance failure.

On numerous occasions the courts have considered an organisation’s commitment to compliance when determining the appropriate penalty to be imposed for contraventions of relevant laws.”

Of particular concern to any Australian based organisation that either has operations overseas or connections through the use of intermediaries or agents is the risk of foreign bribery and corruption. Relevant legislation with global reach includes the US Foreign Corrupt Practices Act (FCPA) 1977, and theUK Bribery Act 2010. The Australian Commonwealth Criminal Code Act 1995 contains effectively similar provisions to the FCPA with Australians able to be prosecuted for actions overseas. US and UK authorities have published suggested compliance programs for organisations to mitigate this compliance risk as follows. We assist clients in all areas of developing these compliance programs.


US FCPA regulator compliance program guidance:

  1. Senior management commitment and clearly articulated policy against corruption
  2. Code of conduct and compliance policies and procedures
  3. Oversight, autonomy and resources
  4. Risk assessment
  5. Training and continuing advice
  6. Incentives and disciplinary measures
  7. Third party due diligence and payments
  8. Confidential reporting and internal investigation
  9. Continuous improvement: periodic testing and review
  10. Mergers and acquisitions: pre-acquisition due diligence and post-acquisition integration

UK Bribery Act regulator compliance program guidance:

  1. Proportionate bribery prevention procedures
  2. Top-level commitment (including Board level, bribery unacceptability or zero tolerance stance)
  3. Risk assessment (foreign bribery/ corruption) that is periodic, informed and documented
  4. Due diligence (on agents, intermediaries) for bribery risks
  5. Communication (including training on bribery prevention policies and procedures)
  6. Monitoring and review (making improvements where necessary including legislative changes as relevant)

We perform compliance risk reviews (including foreign bribery and corruption risk), including:

  • Risk assessments against any legislation/legal obligations
  • Foreign bribery and corruption compliance program assessment and compliance program elements design, implementation, monitoring, and review for continual improvement
RSM offers Workplace assurance advice

Tips for managing risk through and after COVID-19

2 November 2021
Many organisations are engaged in discussions about COVID-19 and its implications from a risk management perspective.

Webinar: Anti-Fraud Resilience The Latest Innovations

7 October 2021
Roger Darvall-Stevens, Partner and Head of Fraud and Forensic Services, presented on recent significant changes to fraud and corruption control which could make a significant positive impact to your business to help reduce the cost of fraud and corruption and have a more robust fraud and corruption control system.

3 tips to protect your government agency from a ransomware attack

23 September 2021
Are you scared of being a victim of ransomware?

Fighting Insider Fraud: Using the Right Technologies

26 July 2021
Roger Darvall-Stevens, Partner and Head of Fraud and Forensic Services, met with the team at Fraud Today for an interview to discuss his latest global webinar on the topic of Fighting Insider Fraud: Using the Right Technologies. 

Is COVID-19 an excuse to forgo forensic due diligence or integrity checks?

20 April 2020
In the wake of these ever-changing times it is quite natural for businesses and individuals to focus more on survival. This includes staff retainment rather than paying attention to protective control measures including conducting forensic due diligence checks.

COVID-19 Anti-fraud and corruption toolkit for business

27 March 2020
An important COVID-19 fraud update from the Fraud & Forensic Services team at RSM 

South Pacific and Asia Conference 2020 (SOPAC®)

2 March 2020
Darren Booth, National Head of Security and Privacy Risk Services at RSM Australia, will be presenting at the upcoming South Pacific and Asia Conference 2020 (SOPAC®) on 'The latest news in cyber security'. This presentation will cover the following:

Emerging Competition in the Financial System

22 November 2019
The sharing economy has grown significantly in recent years, facilitating innovation, job growth and more choices for consumers. It started with taxis and hotel rooms, but will financial services follow soon? Or has it already begun with the new wave of fintechs?

Top of mind Cyber Security concerns for the financial services industry

26 September 2019
Cyber attacks and data breaches are now commonplace in financial services, more so than in any other industry and becoming the number-one risk concern for executives and directors.  

Should auditors be responsible for detecting fraud?

11 June 2018
An auditor is a watchdog, not a bloodhound...

ATO focus extended to superannuation guarantee non-compliance

30 August 2017
The Australian Government has announced increased funding for the ATO in order to focus on employer underpayments of compulsory superannuation contributions.  

Fraud and corruption prevention for SMEs

8 November 2016
Stopping your company from being a target for fraud and corruption

Ultranet Operation Dunham

31 March 2016
RSM’s Fraud and Forensic Services’ Roger Darvall-Stevens and Probity Adviser Michael Shatter share their thoughts on the public examinations of Operation Dunham, Victoria’s Independent Broad-based Anti-Corruption Commission’s (IBAC) investigation into the Department of Education and Training’s $180 million Ultranet project.

Pages