Bribery, Fraud and Corruption (BFC) Cold Eyes Review Process (CERP)

Bribery, Fraud and Corruption (BFC) Cold Eyes Review Process (CERP)

CERPCERP

COLD EYES REVIEW PROCESS

When things get heated up, it is an opportune time to stay calm and perhaps the right time to conduct an annual CERP review. The Copenhagen Charter provides consultants to look at the BFC specic system(s) or process(es) with fresh eyes to identify potential areas for improvements.

CERP ConsultantsOur consultants are experienced and have the advantage of not being a part of the business unit, team, function, and therefore can serve as the independent cold-eye reviewers. They are not bogged down with the current difculties and corporate politics, but on the other hand are respected within the BFC industry as experts. They have an open mind to understand the idiosyncrasies, can ask insightful questions and they are excellent communicators and problem solvers. They are able to provide appropriate advice in a subtle way and have extensive experience and have worked in multiple environments.

CERP methodology.

The Copenhagen Charter CERP is an objective and comprehensive analysis of the current BFC strategy, involved in identifying, evaluating and mitigating the identied operational BFC issues with the management team and helps with developing plans and control/monitoring mechanisms.

CERP provides an independent, objective assessment of the current state of BFC performance and compares the processes relative to international best practices. Most importantly the Cold Eyes Review results in an effective action plan for addressing the issues that are identied in the CERP scope.

Managers and stakeholders of the BFC process have an obligation to understand the existing and future prospects for BFC reliability and operability as well as the failure potential of the BFC process.

Having a CC consultant review the BFC process and operations, allows for a new perspective and the identication of potential BFC issues. These issues have to be dealt with regularly to avoid possible negative consequences.

The overall CERP methodology is total. It starts with a complete BFC review and ends with implementation of the results of the ndings. The goal is to enhance process integrity of BFC to meet the goals of Good Governance, Risk Management Compliance and IT security.

CERP process operationsWe view BFC business operations as the sum of all BFC components incl. knowledge, education, monitoring, ownership, risks, incident management, thresholds and approvals, policies and procedures as a synopsis of the current BFC processes. Understanding how these interact and work together within the BFC process not only allows appreciation of the potential to reduce expenses on controls but more importantly supports a better utilisation of the business supply chain.

Identication phase

During the identication phase, the BFC's design, conguration and operation is reviewed for process maintenance and performance by understanding the total impact of BFC process operations and the issues around Governance, r isk and compliance procedures related to change and human interactions. The result is the identication and prioritisation of a list of mitigation oppor tunities that allow BFC system to meet the identied BFC process goals and objectives.

The CERP identication symbiosis is the method of nding the parasiteBirds that feed on the debris in Crocodiles teeth get good food, and the Crocs have clean teeth. It’s the business relationship where both entities are benetted.

The CERP process has three phases:

Symbiosis is where two individuals work together, involved in the lifecycle of the process The desirable type of commercial symbiosis is Mutualism.

This is where both groups benet. The second possibility is Commensalism

Here one benets and one neither benets nor is harmed. Parasitism is a form of Symbiosis

Where one group benets but one is harmed

Evaluation phase

In the evaluation phase, the identied BFC processes are then studied further using individual or combined tools:

Our IT Tool is used to examine the BFC processes for operations and suitability of the design to meet the set goals and objectives

Reliability, availability and maintenance methodologies are the CERP concepts that rapidly identify aws in the design, maintenance or operation and have an impact on goals and objectives

Human per formance improvement techniques are used to improve training/e-learning procedures and work practices to ensure that changes made are captured for future improvements.

The combination of out IT tool(s) and our consultant's ability to interpret results create the basis for determining the root cause of the identied issues. The results are later quantied using the IT Tool supported by a BFC process as an evaluation and monitoring tool to embed the entire BFC process.

At the conclusion of the evaluation phase, the BFC processes action list is further broken into sub processes based on a predened risk assessment procedure with detailed descriptions of the process. Procedure changes that must be implemented to reach the desired BFC business goals and objectives and procedural/cultural changes, based on the action list can then be implemented.

Reliability

The IT tool(s) are the backbone of the BFC business's performance. The ability of the equipment to perform within the context of dened business operating conditions can recognize success or failure of an individual method or process. Understanding the interaction between BFC business operations, quality data and IT capability combined with human performance gives the CERP process a basis to improve performance and reduce expenses

Implementation Phase

The implementation phase of the CERP is the nal piece of the review. The identied solutions are taken to the management and the CC consultant explains trains and guides the manager to support the successful realisation of the full potential of CERP.

We review the key risks involved in the entire supply chain that require careful consideration of the upstream/downstream impacts to reliability and the need for operational changes.

Human performance

Human interaction with the BFC policies and procedures can have a profound effect on process operations and monitoring/testing reliability. Identication of non-compliance to BFC policies and procedures is one of the leading causes of BFC process failure. Prevention and mitigation occur by formal procedures, training and supervision of the implemented procedures. The annual CERP exercise helps the board and management to be compliant

Independent assessmentThe CERP methodology applies the concepts discussed above using a fresh look at the BFC process. Often, the BFC processes include many daily routine tasks. The sheer volume often prohibits personnel to nd the time needed for improvement or change to safeguard the fundamental BFC issues they face. This leads to a culture of acceptance that things cannot change. Therefore, the benets of our CERP are: Break down organisational silos Establish a concentrated (integrated) action plan Compare the organisation with best practice Develop key personnel Establish cost and schedule condence Improve communication Improve performance and return on BFC operations Resolve problems & avoid surprises

Validate the BFC strategy

CERP advantagesWhen CERP is done properly, it often uncovers the obvious things that were missed before because people are so used to them. Occasionally CERP discovers the uncommon.

Here's how it works: BFC processes are adjusted to be compliant Around two weeks start to nish Comprehensive, objective & condential Established methodology Independent/integrated approach Divides operations into upstream and downstream BFC projects Credible, experienced team Preset fee

CERP review and assessment principles uses GRC management theories as a periscope or a trampoline, not as a panopticon.

Purpose. The purpose of the CERP assessment procedure is to ensure a high standard of BFC responsibilities, expressed in the study scope. The outcome will provide guidance and recommendations to comply, mitigate, enhance or repair BFC procedures and processes.

Transparency and accountability. The documents, process, procedures and business issues shall be readily available and accessible. Our consultants will ensure consistent and meaningful communications to the stakeholders as the developments and outcome unfolds.

Condentiality. Information or documentation relating to any issue or situation in scope will not be shared by anyone without the express permission of the management.

Performance responses. Consultants must have access to all materials that form the basis of their review. Consultations could include a comprehensive and extensive sessions with BFC experts at Copenhagen Charter on organizational or strategic needs as they relate to the answers to the ndings. We all work from the same source of information and the signicance will be coordinated with management.

Timeliness. We perform expeditiously and in a timely manner to ensure least possible disruption. In situations where a (re)search is recommended the adjusted timeframe will be in line with management deadlines.

Conict of Interest. Any real or perceived conict of interest will be identied and disclosed as soon as a member becomes aware of it.

Role and responsibilities. The CERP review members can serve as a deliberative body to solve other complex BFC issues in the organisation. Our consultants bring the perspective of their GRC experience and independent judgment. The accountability of each consultant will be identied in the written prole to the management for approval.

The CERP IT Tool

The CERP SaaS IT Tool to monitor BFC issues. All you need is a browser and you have an end to end application that goes from BFC vision to risk assessment to risk management. It walks you through the process from an organization's stated vision, at company, functional or business level, and a review of the optional strategies to achieve it.

When the BFC strategies are agreed/selected/determined it drills down a level to the detailed business objectives in each strategy and the risk categories in each; then there is the process of creating risks in each category - strategic, operational, nancial and compliance; then risk assessment; through identication of key risks; then for each key risk the identication of mitigations/controls; through personally assigned responsibilities to test and conrm the effective operation of them periodically (at determined frequencies) with a continuous monitoring and reporting process to provide ongoing comfort that things are on track to secure the vision that we started out with.

Overall, it is a tool and process to provide ongoing assurance that all of the risks to a vision have been identied and are being controlled so it gets achieved

The IT tool is a continuous monitoring systems that automates the process of assigning 'tasks' to named individuals at a periodic frequency, and captures assessments online or remotely in a macro with one-click upload, and any issues identied in an assessment in a

closed loop' i.e. once a control or task to be assessed is in the system its 'locked in' and its progress can be tracked. The tool also has an escalation module which identies for management if the 'task' or assessment has not been performed by a due date. The tool also provides localized user reporting (my reports) in a report wizard.

Set the stageCERP reviews are often perceived as a threat, primarily by management who remain deep-rooted in old ways of thinking. To break the ice, the CERP conducts several shor t meetings and/or conversations to initiate the process and outline the benets. Later the participants draw out a plan to address BFC areas to be considered for improvement.

The owner of the BFC system or process can provide an overview/orientation of the current state of BFC issues. The CC CERP reviewer will ask questions like: How long have you been doing it this way? Why? Identify the BFC processes that you wanted to change for a while Identify the barrier to the BFC process being more efcient, faster or

higher quality Items and issues that senior management does not want changed Your rst day as manager, what's the rst thing you would do

differently BFC Issues and processes that consumes the most time/resources What would happen if a role/step/process was eliminated Reduce the BFC or GRC cost by half, where would you cut? What does the competition do differently? If you could create a BFC process from scratch, what would it look

like? If money was no object, what IT tools or resources would you use to

replace a manual process.

Identify a BFC subjectStarts with the BFC issues, systems, or processes that have remained the same for an extended period of time. Uncover why and What has been done the same way for a long time so that nobody even thinks about why it is done that same way anymore? Cast a CERP on the organizational sacred BFC cows — those issues, projects, ideas, and ways of thinking that are generally considered off limits for discussion.

Create a timelineEnsure that the CERP gets past the good intentions stage. CERP consultants approach the task is an opportunity to promote, assist, and improve, and validate current BFC processes as appropriately needed.

Feedback and actionThe CERP reviewer reports back to management on the results, based on the feedback, brainstorm ideas for improvement, create action plans to implement the best idea(s), and set a timeline for implementation. Their role is to remain open to questions and feedback, and indicate opportunities for improvement.

CERP is most likely to nd signicant opportunities for improvement

Conducting a Zero Base CERP review

DTU/Science and Technology Park, Diplomvej 381, DK-2800 Lyngby, Denmark

info@copenhagencompliance.com | Tel: +45 2121 0616 www.copenhagencompliance.com