Loi Sapin II control evidence: What AFA expects to see
The AFA doesn't want your policy. It wants your evidence. The email lands on a Tuesday at 5:43 PM. "Please provide evidence of your internal control plan and its execution." You have a code of conduct. A risk map. A polished slide deck.
6 internal control mistakes to avoid to stay audit-ready all year
Internal control is the set of governance, processes, and activities an organization uses to provide reasonable assurance that it will achieve objectives such as compliance, reliable reporting, and operational effectiveness.
7 blind spots to avoid if you want to build a risk-based anti-bribery program
Most bribery risk maps fail in a predictable way: they look complete, but they do not explain how bribery could realistically happen in your workflows, and they do not produce evidence that your controls actually operate.
Policy management that auditors can test and trust
Most policy libraries fail in the same moment: when an auditor asks, “show me which version applied on that date, who approved it, who it applied to, who acknowledged it, and how you know it changed behavior.
Risk assessment vs management: what's the difference?
In compliance, people often use “risk assessment” and “risk management” as if they were interchangeable.