Auditing Conflict of Interest
A conflict of interest (COI) is created when the parties involved in an activity or transaction fail to meet the fiduciary responsibilities that they were initially tasked with. When an employee who was hired to pursue the organization’s interests and exercise all reasonable efforts to purchase supplies economically for the organization’s operating activities is otherwise engaged in making private deals that further his own interests while lowering the interests of the employer, this person is in the midst of a COI.
COI is a common concern of internal auditors because it can result in massive instances of abuse for personal financial gain through fraud. It degrades the judgment of the person involved and enable fraud, corruption, nepotism, favoritism, self-dealing, and other inappropriate actions within the organization. It represents a risk because it can corrode the organization’s ethical fabric. Organizations are highly encouraged to develop a COI policy, an annual certification statement, and provide mandatory training to forbid COI in fact and appearance.
- Fact: where COI is clearly evident
- Appearance: where it may not be clear that a COI occurred, or the parties involved sought and addressed the COI appropriately by disclosing the condition, recusing themselves from the related activities, or similar acts.
Auditing Conflicts of Interest
- Verify that a COI policy is in place, that it was ratified within the past two years, and that it is readily available to employees (e.g. on the company’s intranet, employee handbook).
- Confirm that a COI statement was signed by all employees, and key contractors, within the past year.
- Determine if COI is covered in onboarding, ethics, or similar training, and how often it is provided to employees.
- Verify that all conflicts disclosed in the COI statements were appropriately addressed by the assigned party (often either the Legal Department or HR).
- If possible, compare personnel records to vendor master data to determine if there is matching information. For example, names, initials, addresses, phone numbers, bank routing and account numbers, tax, and other identification information.
Sources: IIA Articles, Dr Hernan Murdock