The Purchase-to-Pay (P2P) process, also known as Procure-to-Pay, includes all steps from...
Why Sapin 2, FCPA & UKBA Anti-Corruption Controls Should Be Based on ERP Data
The AFA Finding: "Poorly Defined Anti-Corruption Controls"
When the French Anti-Corruption Agency (AFA) published its 2024 activity report, the message was clear: companies massively underestimate their corruption risks. The agency notes that too few anti-corruption controls are properly implemented to prevent the mapped risks.
The statistics in companies speak for themselves:
- Nearly 30% of French companies report having faced at least one case of corruption or influence peddling in the past five years (Diagnostic dispositifs anticorruption, AFA, 2024)
- 48% of global frauds involve corruption (Report to the Nation, ACFE, 2024)
- 51% of frauds result from insufficient internal controls or bypassing of existing controls (Report to the Nation, ACFE, 2024)
- Average loss of 5% of turnover for victim companies (Report to the Nation, ACFE, 2024)
This French reality reflects a concerning global trend that questions the real effectiveness of current systems—often static, theoretical, and based on analysis of general journal entries and trial balances. Similar challenges exist for organizations implementing FCPA and UKBA compliance programs.
The Terminological Confusion That Changes Everything: When "Accounting Controls" Doesn't Mean "Journal Entries" or "Trial Balance"
Many naturally associate anti-corruption controls with analysis of their usual extracts: journal entries, trial balance, and general ledger. This restrictive interpretation leads to developing systems that appear compliant but prove insufficient in practice.
In reality, the AFA, DOJ and SFO recommend controls that extend well beyond accounting:
- Analysis of upstream operational processes
- Control of authorizations and segregation of duties
- Master data monitoring
- Behavioral analysis of transactions
The 3 Blind Spots of Journal Entries and Trial Balance Controls
1. Absence of Transaction-Level Data
In your journal entries or trial balance, certain operations appear perfectly normal: correct accounting entries, appropriate chart of accounts classification, and consistent amounts. However, certain process bypass practices or data modifications constitute major warning signals that can reveal malfunctions.
2. Lack of Visibility on Segregation of Duties
Segregation of duties (SOD) constitutes one of the pillars of corruption prevention, but it remains impossible to control via journal entries or trial balance. A collaborator can combine order creation and receipt validation (and more), opening the way to sophisticated frauds without leaving any trace in the general ledger.
3. Incomplete and Manipulable Timestamps
Journal entries and trial balances capture posting dates but ignore the real chronology of operational events. A fraudster can backdate orders, modify prices after validation, or create "emergency" suppliers—all manipulations invisible in your general ledger extracts.
The Coverage Gap Between Journal Entries, Trial Balance, and ERP
Eye2Scan analyzed all anti-corruption controls recommended by the AFA for the Sapin 2 law in its "Anti-Corruption Controls Guide" to evaluate which data sources enable effective implementation. The Sapin 2 law is recognized as the most comprehensive anti-corruption legislation in the world. This analysis reveals a striking gap:
|
Data source |
Coverage |
Main limitations |
|
Journal entries/Trial balance |
20-40 % |
No sub-ledger transaction-level data |
|
Complete ERP extracts |
+90 % |
Near-exhaustive coverage |
This major difference is explained by access to sub-ledger process data, authorization logs, and complete transaction history with detailed timestamps.
➡️Download the data source comparison – AFA recommanded Anti-corruption Controls
Non-Accounting Controls in Action: Practical Cases
P2P Controls Practical Case: How to Detect Supplier Corruption
Consider this situation: your analysis of regularization orders reveals that a buyer systematically creates purchase orders several days after receiving invoices for a specific supplier. Cross-referencing with SOD controls, you discover that this same buyer also validates receipts for this supplier.
The investigation then reveals other anomalies: price modifications during orders without hierarchical validation, and payment terms deviations favorable to the supplier compared to the framework contract. Master file control finally shows that this supplier's banking details were recently modified.
Result: This combination of signals, invisible in general ledger extracts, reveals an organized corruption scheme between the buyer and supplier. More about P2P controls here.
O2C Controls Practical Case: Detection of Unauthorized Rebates
In the Order-to-Cash process, analysis of abnormal sales prices highlights a customer systematically benefiting from rates 15% below market average. Cross-referencing with credit limit modifications reveals that this customer saw their limit increased significantly without documented justification.
Analysis of unbilled deliveries finally shows several "sample" shipments to this customer, recorded as expenses when they are standard finished products.
Result: These non-accounting controls reveal a possible system of unauthorized rebates or undue advantages granted in exchange for considerations.
Conclusion: From Risk Mapping to ERP Controls
Risk mapping constitutes the foundation of any anti-corruption program. However, this mapping can only be effective if the resulting anti-corruption controls actually cover the identified risks. Yet operational processes often represent the most critical risk areas—orders, approvals, data modifications—which remain completely invisible in journal entries and trial balance extracts.
The ERP data approach enables implementing continuous controls, adapted to mapped risks and covering all business processes. This permanent monitoring becomes all the more crucial as it allows for transverse controls, crossing several processes to detect sophisticated fraud schemes.
ERP data thus offers more complete coverage aligned with the real issues of your risk mapping. This approach fits perfectly with global regulatory evolution: new CSRD and CS3D directives reinforce the importance of data analytics as governance and compliance tools, where regulators increasingly expect data-driven compliance monitoring.
➡️Assess Your Anti-Corruption Controls Coverage: Our detailed Journal Entry vs Balance vs ERP comparison will reveal precisely which controls are feasible according to your current data sources.
Discover in 30 minutes how to detect corruption signals that your purely accounting controls don't see. Book your personalized demonstration.
