Have you ever reviewed an expense transaction in a corporation’s books and wondered, “is this expense allowed?” Or have you ever expensed a transaction and asked yourself the same question?
If you have been in this situation, as a business owner or an employee, you are probably far too familiar with this “grey area”. There are those clear transactions that are not permitted, and often times you can identify these by merely appraising the vendor to whom the payment was made. On the flip side, you have other transactions that are undeniably business-related. Although it should be logical to decide whether or not to make that payment or swipe that corporate card, the question actually becomes, “will I get away with it?”
In order to narrow the “grey area” referred to above, the answer lies within a company’s internal policies and procedures. A company’s policies and procedures, if developed, documented and communicated properly, become the foundation and roadmap to establish corporate values, principles and norms within an organization, through the following:
- Establishing benchmarks
- Supporting the company mission
- Management accountability
Policies and procedures set expectations, establish rules and guidance so that employees understand behaviours and transactions that are permitted and/or prohibited, in order to distinguish those in line with a company’s values, as well as governing laws and regulations. Further to understanding the rules set out in the policies and procedures, documenting consequences resulting from non-compliance of those rules is also a key factor.
For example, one company’s Anti-Bribery and Anti-Corruption Policy may have language specifically prohibiting any contribution made to a political party, whereas another company’s policy may allow the same type of contribution under specific circumstances. Whether or not the employee abides by the policy will determine the consequences that he or she will bear. In the absence of a policy, the “grey area” becomes quite large, and this can lead to confusion that can impact the employee, or the company as a whole.
Supporting the Company Mission
It is important for all organizations to support their mission, and maintain integrity, in order to cultivate the trust of their clients. Policies and procedures set out specific rules and norms that will educate employees about the organization’s key values and serve as guidance for employees to follow. Working in an organization that promotes integrity and respect will encourage a positive work environment for employees, resulting in content employees, who will work to support the organization’s overall mission.
Management is responsible for the overall corporate environment within an organization as well as setting the “tone at the top.” Where policies and procedures stipulate the rules employees must follow, the same rules should also apply to the management team, to create common expectations at all levels of the organization. Holding the management team accountable for their actions fosters a trusting environment where employees feel that they are held to the same standards and encourages accountability.
Compliance with Laws and Regulations
Not only do internal policies and procedures set the expectations and rules on an internal level, but if developed correctly, they also stipulate compliance with laws and regulations. A company’s Anti-Bribery and Anti-Corruption Policy should contain specific language prohibiting the bribing of foreign public officials, as per the Corrupt Foreign Public Officials Act (CFPOA). Further, language surrounding compliance with any other relevant local anti-bribery laws and regulations is equally important. For example, a Canadian organization with a subsidiary in Latin America must ensure that employees in the Canadian entity, as well as employees of the subsidiary, follow all company policies and procedures, as well as local and Canadian laws and regulations. Proper policies and procedures should consider in which jurisdictions the Canadian entity may have nexus.
Where to Seek Guidance
Well-documented and communicated policies and procedures will also reference where to seek guidance where necessary. For example, policies should include language surrounding a specific contact to notify to when one finds themselves in compromising situations. Policies and procedures should serve as guidelines should any question arise. To the extent that it is available, an anonymous whistleblower hotline should also be referenced.
Well written and documented policies and procedures, supplemented with recurring training and attestation provides company employees with knowledge of expectations and consequences resulting from non-compliance.
Policies and procedures are the foundation to any organization’s internal controls. If you need help reviewing and/or implementing your organization’s policies and procedures, please reach out to our team of experienced professionals to help.
Alessandra Leggio, CPA, CA, CPA (Florida), CAMS, CFE, CFI
Partner – Forensics
Sukhanpreet Dhanotta, CPA, CA
Partner – Audit
Direct: (905) 479-1700