Essential Control and Compliance Practices for SME

Programme Objective

Establishing proper control and compliance framework in an organization is important to prevent fraud and error. Such framework will guide the employees actions and behaviours to a desired outcome. Due to close management of owners, many enterprises may not have such framework in place when it started. Some non-profit organization such as charitable entities may also lack of such control framework as it rely heavily on trust. As the organization grow, new employees and management may be brought in as the owner/ trusted individual may not have the time and resource to oversee the expanded operations. These emerging enterprises or newly setup/ acquired ventures are therefore vulnerable to errors, compliance issues and fraud. Proper procedures and compliance framework need not be complex or expensive. Small and medium enterprises can creatively set up the fundamental controls in an economical way. This course aims to provide an overview of control and compliance framework for organization. The participants will learn the step-by-step guide on how to set up fundamental control procedures and compliance framework in any organization in an economical way.

Programme Outline

1. Overview of Control and Compliance Framework • Compliance framework is a holistic program – awareness, reporting, communication, detection, investigation, resolution, etc • Involve various department – Legal, HR, Policy, Tax, cross border trade, security, etc

2. Building Control and Compliance Framework Economically • Process & policy – COC, COI declaration, supplier CoC, Whistle blowing hotline • People – training, awareness, refresher, selection and hiring • Strategies – Procurement, Revenue practices, government funded project, export control, custom issue (industries dependent) • System – ERP, data analytics (concentration of transaction, consultancy, T&E) • Common Procedures and Policy - Procurement, Sales, HR, General Accounting, Warehouse, Logistic, Production, QC

3. 5E in Setting up Compliance Framework • Endorse – from the top • Ensure – through policy and procedures • Educate – training and communication for all • Empower – systems, procedures, protocols • Evaluate – continuous monitoring, and investigation

4. Three line of defense - How should be build? • Operational management – 1st line of defence • Risk and compliance team – 2nd line of defence • Internal audit – 3rd line of defence • Senior management – ultimate line of defence • IA may move between 2nd line and 3rd line – as subject matter expert, as resourced well travelled, well positioned

5. Incorporate compliance into operation • Macro + Micro level • A joint process by all level of organization + cross functions • Need endorsement from senior management • Culture, Tone at the top, consistent message and action

6. Operating in emerging and challenging market • Anti-corruption • Political contribution, dealing with government officer, • Agent and vendor due diligence • Internal accounting practices, record retention,

7. Setting up basic whistleblowing program • Hotline (email, phone, text – social media?) • Posters, banner, name cards • Corporate Code of Conducts • Ethic and Compliance Council • Investigation Framework & SOP

8. Building the internal audit function • Endorsement and independence of IA • IA also need to audit and monitor the Compliance program • Who should lead the compliance program (IA or other?) • Benefits if other functions join compliance program to support? - expert advice

9. Compliance issues – who lead internal investigation? • Compliance committee – the body assessing, deciding next course of action • Suitable functions to lead investigation (HR, Legal, IT, Security, Loss prevention, IA) • In highly sensitive matters, consider hire external firm • Investigation – strong and qualified investigation team to resolve allegation (legally admissible case)

10. COSO framework on internal control for SME a. control environment b. Risk assessment c. Control activities d. Information & communication e. Monitoring activities

Target Audience

• Entrepreneur, business owner, business development professionals
• CFO, Finance Manager, Accountant
• Chief Compliance and Ethic Officer
• Internal Auditor, Forensic Auditor
• Risk Management Officer
• Human Resource Manager

Training Methodology

Presentation, group discussion, case study. Multimedia and template sharing

Programme Facilitator

Kent Hoh is a prolific trainer in audit, fraud investigation, corporate governance and personal effectiveness. Kent Hoh has wide ranging experience in leading compliance and audit functions in Asia Pacific as well as forensic investigation team globally.

View Full Profile