ACCA P1考试：Bribery and Corruption
4.6.3 Risk Assessment
Assessment of the nature and extent of exposure to potential external and internal risks of bribery on the organisation's behalf by persons associated with it. The assessment is periodic, informed and documented.
Typical external risks include:
Sector (e.g. extractive industries, large scale infrastructure).
Transactions (e.g. charitable and political contributions, licences, permits, public procurement, offshore receipts/ payments, no commercial reality).
Business opportunity (e.g. high-value projects, multiple contractors or intermediaries, opaque, not at market prices, lack of legitimate objective).
Business partnership risk (e.g. use of intermediaries, agents, consortia, joint ventures, public officials, politically exposed individuals/organisations).
Typical internal risks include:
Lack of training, appropriate skills and knowledge.
Bonus culture (e.g. rewards excessive risk taking).
Lack of clarity (e.g. codes, policies and procedures are vague).
Weak financial controls.
No top-down approach (e.g. no clear leadership, poor management attitude, awareness and action).
4.6.4 Due Diligence
Application of due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.
Understanding your client is an established procedure under money-laundering requirements and for client acceptance for the provision of auditing and other financial services, so its application to bribery and corruption is a natural process.
An approach to due diligence of agents, intermediaries, subsidiaries, etc would cover:
Assessing risks (e.g. in low-risk situations, due diligence may be considered to be minimal).
High-risk situations would require, for example, direct enquiries of the individual, indirect investigations (e.g. legal searches, credit risk, criminal records, background, expertise, business experience, recommendations) or general research (e.g. follow up to verify direct or indirect findings).
Because employees are persons "associated" with the organisation, similar due diligence procedures should be incorporated into the recruitment and human resources procedures to mitigate the risks of bribery being undertaken by employees in high-risk positions. Such due diligence should be ongoing for established employees.*
*Remember that persons/individuals also includes listed entities and partnerships.