Read the Czech version here.

PwC Forensic Insight February/2019
Prepare. Respond. Emerge Stronger

Increasing requirements for an effective Compliance system

Currently, the biggest problem for companies is not the loss of funds due to fraudulent behaviour or the payment of fines, but rather the long and demanding investigations conducted by law enforcement or regulatory authorities that damage a company's reputation.
Compliance is thus becoming more important than ever. Particularly after the publishing of a methodology by the Supreme Public Prosecutor's Office in August 2018 examining in detail the possibility to exculpate legal entities from their criminal liability if they are able to prove that their Compliance system is working effectively.

1. Risk analysis: The first step to success

A Compliance system cannot be effectively set up without detailed knowledge of the risks the company is facing. It is critical to:

  • identify specific actual as well as potential risks;
  • assess the effectiveness of the implemented measures and internal controls put in place to reduce those risks;
  • consider what other controls or measures should be put in place; and
  • document the entire risk analysis process.

2. Design of an effective Compliance system

Two international ISO standards can provide guidance for properly setting up a Compliance system:

  • ISO 37001: Anti-bribery management systems; and
  • ISO 19600: Compliance management systems.

The key is:

  • to tailor it to the size and specifics of the business;
  • to design and implement appropriate and interconnected internal measures - preventive, detective and reactive; and
  • to monitor and assess the detected non-compliances.

3. Regular checks and continuous enhancement

It is important to keep in mind that an effective Compliance system does not mean a one-off setup. It is crucial that the company's management ensures that:

  • the Compliance system is really working i.e. is not only on paper, but is a true part of the corporate culture;
  • its functionality is regularly checked and tested to reflect new risks resulting from the company's business activities;
  • its adherence is enforced within the company; and
  • corrective actions or measures are designed and implemented without undue delay.
The challenge for many firms is to design a Compliance system in a way that allows it not only to detect non-compliance, but also to assess its importance for the company's business. The amount of data that businesses have at their disposal in electronic format increases every day. The very same data can be used for an effective detection of cases where internal rules were violated.
Data analysis - the alfa and omega of effective detection
  • searches for anomalies, discrepancies or other deviations, so-called red flags, in a company's electronic data; and
  • determines the riskiest transactions. Internal resources can then focus on a review of transactions with high risk.
Advanced data analysis v even benefits from artificial intelligence techniques. It is therefore not necessary to define a set of rules to detect anomalies and deviations, the system itself identifies them with the use of big data analysis and self-learning software. For more information about Forensic Data Analysis, please see HERE.

Upcoming events
15.3.2019 Investigate – simulation of forensic investigation (see HERE

Would you like to receive a regular NEWSLETTER with the latest information and top tips? All you need to do is to REGISTER.

Do you want to know more? Contact us:

Kateřina Halásek Dosedělová, CFE, FCCA
PwC | Forenzní služby
+420 724 369 351 | LinkedIn
[email protected]

Pavel Jankech
PwC | Forenzní služby
+420 739 342 277 | LinkedIn
[email protected]