When the French Anti-Corruption Agency (AFA) published its 2024 activity report, the message was clear: companies massively underestimate their corruption risks. The agency notes that too few anti-corruption controls are properly implemented to prevent the mapped risks.
The statistics in companies speak for themselves:
This French reality reflects a concerning global trend that questions the real effectiveness of current systems—often static, theoretical, and based on analysis of general journal entries and trial balances. Similar challenges exist for organizations implementing FCPA and UKBA compliance programs.
Many naturally associate anti-corruption controls with analysis of their usual extracts: journal entries, trial balance, and general ledger. This restrictive interpretation leads to developing systems that appear compliant but prove insufficient in practice.
In reality, the AFA, DOJ and SFO recommend controls that extend well beyond accounting:
In your journal entries or trial balance, certain operations appear perfectly normal: correct accounting entries, appropriate chart of accounts classification, and consistent amounts. However, certain process bypass practices or data modifications constitute major warning signals that can reveal malfunctions.
Segregation of duties (SOD) constitutes one of the pillars of corruption prevention, but it remains impossible to control via journal entries or trial balance. A collaborator can combine order creation and receipt validation (and more), opening the way to sophisticated frauds without leaving any trace in the general ledger.
Journal entries and trial balances capture posting dates but ignore the real chronology of operational events. A fraudster can backdate orders, modify prices after validation, or create "emergency" suppliers—all manipulations invisible in your general ledger extracts.
Eye2Scan analyzed all anti-corruption controls recommended by the AFA for the Sapin 2 law in its "Anti-Corruption Controls Guide" to evaluate which data sources enable effective implementation. The Sapin 2 law is recognized as the most comprehensive anti-corruption legislation in the world. This analysis reveals a striking gap:
|
Data source |
Coverage |
Main limitations |
|
Journal entries/Trial balance |
20-40 % |
No sub-ledger transaction-level data |
|
Complete ERP extracts |
+90 % |
Near-exhaustive coverage |
This major difference is explained by access to sub-ledger process data, authorization logs, and complete transaction history with detailed timestamps.
➡️Download the data source comparison – AFA recommanded Anti-corruption Controls
Consider this situation: your analysis of regularization orders reveals that a buyer systematically creates purchase orders several days after receiving invoices for a specific supplier. Cross-referencing with SOD controls, you discover that this same buyer also validates receipts for this supplier.
The investigation then reveals other anomalies: price modifications during orders without hierarchical validation, and payment terms deviations favorable to the supplier compared to the framework contract. Master file control finally shows that this supplier's banking details were recently modified.
Result: This combination of signals, invisible in general ledger extracts, reveals an organized corruption scheme between the buyer and supplier. More about P2P controls here.
In the Order-to-Cash process, analysis of abnormal sales prices highlights a customer systematically benefiting from rates 15% below market average. Cross-referencing with credit limit modifications reveals that this customer saw their limit increased significantly without documented justification.
Analysis of unbilled deliveries finally shows several "sample" shipments to this customer, recorded as expenses when they are standard finished products.
Result: These non-accounting controls reveal a possible system of unauthorized rebates or undue advantages granted in exchange for considerations.
Risk mapping constitutes the foundation of any anti-corruption program. However, this mapping can only be effective if the resulting anti-corruption controls actually cover the identified risks. Yet operational processes often represent the most critical risk areas—orders, approvals, data modifications—which remain completely invisible in journal entries and trial balance extracts.
The ERP data approach enables implementing continuous controls, adapted to mapped risks and covering all business processes. This permanent monitoring becomes all the more crucial as it allows for transverse controls, crossing several processes to detect sophisticated fraud schemes.
ERP data thus offers more complete coverage aligned with the real issues of your risk mapping. This approach fits perfectly with global regulatory evolution: new CSRD and CS3D directives reinforce the importance of data analytics as governance and compliance tools, where regulators increasingly expect data-driven compliance monitoring.
➡️Assess Your Anti-Corruption Controls Coverage: Our detailed Journal Entry vs Balance vs ERP comparison will reveal precisely which controls are feasible according to your current data sources.
Discover in 30 minutes how to detect corruption signals that your purely accounting controls don't see. Book your personalized demonstration.