The vast majority of corruption enforcement actions involve bribe payments made by third parties, as opposed to those made directly by employees or officers. Given this fact, a company’s ability to readily identify which of its third-party business partners represent heightened risk and then hold those high-risk third parties to a higher standard of care, is a critically important component of an overall anti-corruption program.

Having a strong, thoughtfully conceived anti-corruption policy is an important starting point but it is not enough. Organizations need to implement the underlying procedures and align them with internal controls and their audit program to operationalize an anti-corruption program. Having a combination of the right resources with the right skills to collect and parse large volumes of data regarding third-party business partners – and perform escalating levels of due diligence investigation for those that represent a disproportionate degree of risk – as well as a technology solution to manage this overall program, is often the difference between high-performing programs and those deemed to be ineffective.

Leading organizations work smart by utilizing the Governance Portal as the backbone of their anti-corruption program to manage the corruption risk within their third-party population.

Sustainable Third-Party Anti-Corruption Program

The Governance Portal for Third-Party Anti-Corruption enables companies to apply a risk-based approach to the third parties with whom and through whom they do business. The system features the ability to gather third-party data, analyze and score corruption and other types of risk based on a proprietary scale, manage work flows, approvals and due diligence investigations, as well as to continuously monitor these relationships.

Protiviti’s Governance Portal for Third-Party Anti-Corruption

Scope, Sponsor, Justify

Collect and Certify

Trai

n an

d Co

mm

unic

ate

Score and Contract

Scope Collect

Measure and ReportTrain

• Establish a framework of third-party business partners, automated risk scoring and detailed due diligence.

• Identify “in-scope” third-party entities.

• Match key sponsors within your organization to create accountability.

• Develop a set of standard questions to create a consistent program applied across your entire organization.

• Automate the data collection process by deploying surveys to collect information and data from third-party business partners.

• Obtain “certification” to your anti-corruption program via an annual survey.

• Train your executives, employees, agents and business partners regarding your anti-corruption program.

• Communicate changes to your policies and procedures with existing vendors and obtain acknowledgement and certification regarding your anti-corruption program.

• Develop a standard risk-scoring model and evaluate third-party survey responses.

• Analyze survey responses and create a risk scorecard for each third party.

• Identify “red flags” that require further investigation

1 A Resource Guide to the U.S. Foreign Corrupt Practices Act (“the Guide”), www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf.

The Governance Portal is a market-leading governance risk and compliance (GRC) software solution used by hundreds of clients around the world, providing visibility and insight needed to manage and mitigate critical risk and compliance issues today and in the future.

The Governance Portal:

• Enhances project team efficiency

• Promotes enterprise accountability

• Produces business intelligence

• Optimizes your GRC platform investment

Protiviti has been positioned as a “Challenger” by Gartner, Inc. in the September 2013 Magic Quadrant for Enterprise Governance, Risk, and Compliance Platforms.

“DOJ’s and SEC’s FCPA enforcement actions demonstrate that third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions. Risk-based due diligence is particularly important with third parties and will also be considered by DOJ and SEC in assessing the effectiveness of a company’s compliance program.”1

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Proactively Manage Your Corruption RiskThe system helps you create a sustainable, consistent process to evaluate the risks associated with your agents and third-party business partners. It facilitates effi cient data collection from third parties, and provides a standard risk-scoring methodology based on your requirements and risk scorecards to identify high-risk entities and take additional action.

It enables continuous assessment of vendors based on your anti-corruption policy and provides the means to drive regulatory compliance accountability and maintain ongoing communication with internal and external parties.

All referenced trademarks are the property of their respective owners.

© 2014 Protiviti Inc. An Equal Opportunity Employer M/F/D/V. PRO-0514-104217Protiviti is not licensed or registered as a public accounting fi rm and does not issue opinions on fi nancial statements or offer attestation services.

The Governance Portal for Third-Party Anti-Corruption enables you to:

• Gather responses to third-party anti-corruption questionnaires prior to contract approval.

• Establish a risk-scoring model that aligns with your overall anti-corruption policy.

• Identify third parties with heightened risk, allowing you to allocate resources on a risk basis for additional investigation and follow-up.

• Manage overall workfl ow, investigative cases and approvals.

• Provide complete audit trail and serve as overall data repository for program activity.

• Continuously monitor third parties against watch lists and optional integration with accounting systems.

To schedule a demo for the Governance Portal for Third-Party Anti-Corruption, visit us at protiviti.com/grc-software.

About ProtivitiProtiviti (protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000® and FORTUNE Global 500® companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The fi rm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

0 100 200 300

Swift Report Research

Compliance Review

Onboarding Complete

Risk Scorecard Review

Business Sponsor Review

Third-Party Response

Initiate Onboarding

Low

Medium

High

Action Steps

ApproveRequest Due DiligenceDemote to Business SponsorExit Relationship

Onboarding Status

Risk Scorecard