POOLE AUDIT
ANTICORRUPTION PROGRAM

Effective Date: June 16, 2026
Version: 1.0
Approved by: Terry Poole, Owner

1. Program Overview and Objectives

This Anticorruption Program (“Program”) operationalizes the Anticorruption Policy by establishing the organizational structure, risk assessment process, specific controls, monitoring mechanisms, training, and continuous improvement activities necessary to prevent, detect, and respond to bribery and corruption risks.

As a small, specialized firm with the Owner providing direct oversight and most work performed by vetted independent contractors, this Program is designed to be effective yet proportionate—avoiding unnecessary administrative burden while ensuring robust protection for the firm, its people, and its clients.

Program Objectives: - Prevent corrupt conduct through clear rules, training, and cultural tone at the top. - Detect potential issues early through monitoring, reporting channels, and due diligence. - Respond effectively with prompt investigation, remediation, and, where appropriate, disclosure. - Continuously improve based on lessons learned, regulatory changes, and business evolution. - Demonstrate to clients, regulators, and partners a mature, credible compliance posture suitable for high-stakes energy sector work.

2. Governance and Responsibilities

Owner (Terry Poole): Ultimate accountability for the Program. Approves policies, major decisions, disciplinary actions, and resource allocation. Sets and reinforces tone at the top through personal conduct and communications.

Chief Operating Officer (Evan Poole): Day-to-day implementation responsibility. Coordinates training, maintains registers (gifts, third parties, incidents), oversees contractor onboarding and due diligence, escalates issues, and prepares periodic reports to the Owner.

All Associated Persons: Personal responsibility to understand and comply with the Program, complete required training and certifications, report concerns, and cooperate with reviews and investigations.

Compliance Coordinator (designated role, initially COO or Owner appointee): Maintains this Program document, tracks regulatory developments, coordinates annual reviews, and serves as primary point of contact for compliance questions.

3. Risk Assessment

Poole Audit conducts periodic (at least annual, or upon significant business changes) bribery and corruption risk assessments considering: - Nature of services (audit/assurance work generally lower direct bribery risk than sales/procurement, but risks arise in client entertainment, gifts during fieldwork, influence on audit findings, and subcontractor integrity). - Geographic footprint (primarily U.S.; any international or Mexico-related work elevates risk due to FCPA jurisdiction and local enforcement). - Counterparties (clients include large energy companies and potentially state-owned entities; vendors/subcontractors used in our own operations or recommended to clients). - Engagement types (joint venture audits involve multiple parties and sensitive commercial information; vendor audits may involve verification of payments that could relate to corrupt schemes). - Use of third parties (heavy reliance on independent contractors creates vicarious liability risk under FCPA).

Current overall risk rating: Low to Moderate, with specific elevated risks in client relationship management, gifts/hospitality during audits, and contractor due diligence. Mitigating factors: Strong personal oversight by Owner, limited number of contractors, focus on professional services rather than large capital projects or trading.

Risk assessment results shall be documented and used to prioritize controls and training.

4. Key Controls and Procedures

4.1 Third-Party Due Diligence and Onboarding - New independent contractors and material vendors: Complete due diligence questionnaire (background, ownership, conflicts, prior compliance issues, references). Adverse media and basic sanctions screening performed. - High-risk third parties (those interacting with government entities, handling significant funds, or operating in higher-risk jurisdictions): Enhanced due diligence, including beneficial ownership verification and, where appropriate, third-party screening reports. - All third-party contracts include anti-corruption clause, audit rights, and termination language. - Existing contractors: Periodic re-certification and review (at least every 2–3 years or upon red flags).

4.2 Gifts, Hospitality, and Expense Controls - Maintain a Gifts & Hospitality Register (simple spreadsheet or secure digital log). - Pre-approval process: COO or Owner approval required above thresholds; form includes recipient, relationship, business purpose, value, and approver. - Expense reports reviewed for reasonableness, business purpose, and policy compliance before reimbursement. - Client gifts/entertainment during active audits subject to heightened review to avoid any appearance of influence on findings.

4.3 Contractual Protections - Standard anti-corruption language in all client engagement letters, contractor agreements, and vendor contracts, including: - Representations of compliance with applicable anti-bribery laws - Covenant to comply with Poole Audit policies - Right to audit compliance - Immediate termination and indemnification rights for violations.

4.4 Books and Records Controls - All payments approved by authorized personnel with supporting documentation. - Periodic reconciliation and review of expense categories prone to abuse (travel, meals, client development). - Prohibition on cash payments except documented petty cash with dual control where used (currently minimal).

4.5 Whistleblower / Reporting Mechanism - Primary channel: Direct report to Owner or COO (email or phone). - Anonymous option: Dedicated compliance email address or secure web form (to be implemented; initially use anonymous email or mail to principal office). - All reports logged, investigated promptly, and outcomes documented. - Non-retaliation policy prominently communicated; violations treated as serious misconduct.

4.6 Incident Response and Investigation - All credible reports or red flags trigger documented investigation led by Owner or independent reviewer as appropriate. - Investigations preserve evidence, maintain confidentiality to extent possible, and afford fair process. - Remediation may include enhanced controls, retraining, contractor termination, client notification (if required), and voluntary disclosure to authorities in consultation with legal counsel.

5. Training and Communication

• Onboarding: All new contractors receive the full compliance package (Ethics Code, Conduct Code, Anticorruption Policy & Program) and must complete acknowledgment/certification before commencing work.
• Annual Training: Role-appropriate training (general awareness for most; enhanced for those in client-facing or financial roles). Includes scenario-based discussion relevant to auditing work (e.g., client offers expensive dinner during fieldwork; subcontractor requests unusual payment terms).
• Tone at the Top: Owner and COO communicate commitment regularly (e.g., in annual meetings, engagement kickoffs, or policy updates).
• Accessibility: Policies available in digital format; questions encouraged.

6. Monitoring, Auditing, and Continuous Improvement

• Ongoing Monitoring: COO reviews gifts register, expense reports, and contractor performance/compliance indicators periodically.
• Internal Compliance Review: At least annually, the Owner and COO review Program effectiveness, incident trends, training completion, and any regulatory developments. Results documented and drive updates.
• External Audit Support: Financial statement audits (if applicable) or client-requested SOC/compliance reviews may test anti-corruption controls.
• Program Updates: This Program and related policies shall be reviewed and updated at least annually or more frequently if warranted by incidents, business changes, or legal developments. Version control maintained.

7. Record Retention

Compliance-related records (training certifications, due diligence files, gifts registers, incident reports, investigation files, policy acknowledgments) shall be retained for a minimum of seven (7) years or longer as required by law or client contract.

8. Program Metrics (for Internal Use)

Simple KPIs tracked: - % of contractors with current policy acknowledgments and training - Number and nature of gifts/hospitality logged and approved - Due diligence completion rate for new third parties - Hotline/incident reports received and resolved - Policy review completion date.

These metrics are reviewed in the annual compliance assessment.

Appendices to Program (Available Upon Request or in Separate Files)

• Sample Third-Party Due Diligence Questionnaire
• Gifts & Hospitality Pre-Approval and Log Form
• Contractor Compliance Certification Form
• Sample Anti-Corruption Contract Clause
• Whistleblower Report Intake Form (template)
• Annual Compliance Training Outline

Terry Poole
Owner, Poole Audit
Date: June 16, 2026
________________________________________
________________________________________
Document Control
Version 1.0 – June 16, 2026 – Initial Release – Approved by Terry Poole, Owner
Poole Audit – Integrity. Excellence. Trust. | Third Generation of Professional Audit Services
This document is confidential and intended solely for internal use and authorized distribution in connection with legitimate business development and contracting activities.