A Test on Transaction Testing
Everyone in the compliance industry acts like they understand the concept of “transaction testing.” Next time you are in a meeting and the term comes up; ask one of the nodding heads to explain what it means. I bet they start to choke up, or you might hear an explanation like “It is when you test your transactions.”
In fact, transaction testing is an important tool in a risk assessment. It can be used to identify:
1. A bribe
2. A red flag
3. Deficiencies in a company’s internal controls
4. Failure to conform to internal policies
Transaction testing is an important supplement any anti-corruption review which is usually focused on interviews and document review.
The first question which always comes up is which transactions should be examined and how many. As always, the answer depends. High-risk activities and locations should be a focus. It is important to exercise discretion and judgment – testing results which show no potential problems may not reflect compliance; in fact, it may provide a false assurance that the company has no major compliance risks.
The second question is what categories should be tested. The answer will usually revolve around the usual suspects: payments to third party intermediaries; gifts; travel, meals and entertainment expenses; petty cash; customs clearance agents; regulatory fees and security services.
The focus of transaction testing is on red flags and any suspicious payment or activity. The information learned in each test should be applied to additional testing decisions. In addition to red flags and suspicious payments, it is important to focus on the approvals for each transaction to confirm that the transaction was properly approved and that the entry on any ledger was correctly completed using the appropriate code. If a suspicious payment or red flag is identified, the issue should be raised with the Chief Compliance Officer.
The transaction testing data can be used to update a risk assessment and identify appropriate modifications to the compliance program. It is an important source of information on the overall performance of the compliance program. But it should not be given too much weight since it is not a comprehensive audit. Based on transaction testing, a compliance officer may decide to launch a deep dive in one particular category or specific office in the company. In addition, the chief compliance officer may decide to increase the scope or the number of transactions to test.
Compliance officers need as much information as they can get to improve a compliance program. Transaction testing is one of several cost-effective sources of information.