ISO 37001 certification ensures that your organisation is complying with globally recognised processes and procedures that are viewed worldwide as the generally accepted standard for business transparency and good governance as it relates to issues involving bribery and corruption. Read below the frequently asked questions about ISO 37001 Anti-Bribery Management Systems Certification.
“Adequate procedures” is a term made popular through the UK Bribery Act of 2010. It presents the potential of a company avoiding liability for failing to prevent bribery if that organisation can fully demonstrate clear, sound and established policies and procedures that deter individuals (inside and outside of the organisation) from partaking in questionable or corrupt conduct.
In complying with these guidelines and prove “adequate procedures,” public and private sector organisations should strongly consider the ISO 37001:2016 Anti-Bribery Management System certification process which provides proper assurance that the organisation has succeeded in establishing, implementing, maintaining, reviewing and improving its Anti-Bribery Management System.
From improved management systems to enhanced public perception and distinct competitive advantages, certification may provide a positive return on investment for the organisation.
- It helps your company create new and better business partnerships with entities that recognise your certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances.
- It could potentially reduce corporate insurance premiums.
- It provides your customers, stakeholders, employees, and partners with confidence in your business operations and ethics.
- It provides a competitive edge over non-certified organisations in your industry or niche.
It provides acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption.
ISO 37001:2016 Anti-Bribery Management System.
It is an internationally accepted standard that specifies the procedures by which an organisation should implement in preventing bribery while detecting and reporting any bribery incident that occurs. The standard certifies that an organisation has implemented reasonable and proportionate measures to prevent bribery. These measures involve top-level leadership, training, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit, and investigation.
ISO 19600:2014 Compliance Management Systems.
It is a widely accepted standard that provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an organisation’s compliance management program. It covers virtually all compliance-related issues including anti-bribery, anti-corruption, antitrust, fraud, misconduct, export control, anti-money laundering and many others. The standard acts as a global benchmark for an effective and responsive compliance management program, with a foundation that is based on the principles of good governance and transparency.
ISO 31000:2018 Risk Management.
This standard provides principles, framework and a process for managing risk, as it covers most business activities, including research, planning, management and communications. This can help the organisation increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
ABAC Center of Excellence is fully accredited as a Conformity Assessment Body (Certification Body) to assist your organisation in attaining ISO 37001 certification through a thorough bribery risk assessment and audit covering the entire scope of the standard. The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC Certification team has discovered during the audit.
Auditing techniques take a risk-based approach to examining your organisation’s Anti-Bribery Management System (ABMS), and the ABAC Certification team will increase the scale of the investigation if they determine that a specific process presents on a higher risk side. Factors such as Impact, Negligence, Minor, Major, and Critical are taken into consideration during the audit.
A separate audit method is a process-based approach where ABAC Certification examines the organisation’s processes while considering the interaction between those processes. Finally, there is a sampling-based audit approach where ABAC Certification incorporates an appropriate sampling plan utilising samples from different ABMS processes to conclude and support the audit findings and results.
The audit is extremely thorough in its approach, which results in an accredited certification for the scope of the ISO 37001 Anti-Bribery Management System.
The certification audit is comprised of 10 key steps:
- Audit Confirmation
- Pre-Assessment Audit
- Stage 1 Audit – Review of Policies, Procedures, Documents; Interviews
- Stage 2 Audit – Implementation Audit; Site Visits; Evidence Evaluation
- Follow-up Audit – For Non-Conformities; Corrective Action Plan
- Recommendation for Certification
- Certification Decision
- Awarding Certificate
- Continual Improvement and Surveillance
- Re-Certification Audit
The certification audit approach is based on following criteria:
Evidence Based Findings
All audit findings will be raised based on objective evidence. The Auditor will gather sufficient evidence to support the audit finding.
Risk Based Approach
The audit plan will be determined by high risk areas and functionalities.
Sample Based Approach
The organisation’s audit scope and sites will be covered with respect to the certification procedures and IAF published guidelines for multi-site audit and sampling. Sample size will be sufficient to effectively verify the system.
Process Based Approach
The Auditor will adhere to ISO 19011 guidelines and establish an audit trail of the organisation’s processes and interactions as well as risks associated with them.
The extent of the entire certification process is generally based on six key procedures, and the level at which these procedures are implemented by the organisation:
- Proportionate Procedures: An organisation’s procedures to prevent bribery associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organization’s activities. They are also clear, practical, accessible, effectively implemented and enforced.
- Top Level Commitment: The degree to which top-level management of an organisation (board of directors, owners or any other equivalent body or person) is committed to preventing bribery by persons associated with it, and fosters a culture within the organisation in which bribery is never acceptable.
- Risk Assessment: How the organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodically reviewed, informed and documented.
- Due Diligence: How the organisation applies due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform or will perform services for or on behalf of the organisation in order to mitigate and confront identified bribery risks.
- Communication: The degree to which the organisation seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication (including training).
- Monitoring and Review: How the organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.
The certification process can take up to eight weeks to complete, dependent on the number of locations visited.
- Employs interviews, policy reviews, sampling, due diligence and testing of methods and techniques;
- Produces sufficient evidence of a sound and adequate anti-bribery management system;
- Spotlights specific areas of risk that demand attention and subsequent improvement to adhere to the standard.
While a Quality Manager isn’t mandatory, we highly suggest that a representative from the organisation who is familiar with the organisation’s risk management processes and procedures act as a primary point person alongside our auditors during the certification process. This will help the process proceed in a more efficient and timely manner.
We do not provide consulting services, as that could present a potential conflict of interest during the certification process.
Certification can only be attained through an accredited auditor who is trained to the standard and adheres to strict competency requirements for certification bodies. An Accredited Auditor:
- Is specifically certified and credentialed to lead and conduct such audits.
- Is guided by the requirements of ISO 17021-9 to conduct an ABMS assessment.
- Is highly experienced in the areas of anti-bribery and anti-corruption.
- Is knowledgeable of the industry sectors and the respective geographic regions (with a familiarity of the legal jurisdictions) served by the organisation being certified.
- Is qualified to serve as a helpful, non-confrontational advocate during the entire audit process, expertly guiding the organisation through the process.
CRI Group is accredited by EIAC (Emirates International Accreditation Center) and UKAS (United Kingdom Accreditation Service).
We welcome transfers at any time during the certification cycle.
Certification costs are calculated using several factors, including the size of the organisation, staff size and number of locations that require a visit. In planning the process, we will provide a guaranteed quote upfront.
Certification occurs in three-year cycles and we will administer an annual surveillance audit to keep the certification valid for that time period.
Our representatives will follow up periodically to keep the lines of communication open and answer any questions or concerns you may have after certification. We will also contact you in advance to coordinate follow-up visits and audits.
While certification naturally leads to increased transparency and improved corporate governance, it also has many intrinsic benefits:
- It Demonstrates Best Practice in Business
A demonstrated commitment to battling corruption can bring competitive advantages in the marketplace.
- It Helps Position the Organisation as a Premium Provider
Which could justify subsequent higher pricing on goods and services.
- It Shows Transparency in Operations
Which breeds ideas and input internally that can help the organisation improve on and enhance its systems and processes.
- It Saves the Organisation Money
As it results in a marked reduction in bribes and the logistics involved in such practices.
- It Can Save the Organisation’s Employees Time & Energy
By eliminating the need for staff to repeatedly establish proof of a qualified anti-bribery and corruption training program.
- It Protects and Preserves the Integrity of the Organisation
Which supports a growing international call to incorporate ethics as a core value when conducting business around the world.
- It Leads to Healthier Relationships with Third Parties
Ensuring that outside third parties have adopted their own qualified anti-bribery measures.
- It Can Greatly Assist in Litigation
Certification provides a verified level of proof in legal proceedings that the organisation is committed to anti-bribery practices by taking reasonable actions to prevent such corruption.)
- It Ensures Compliance
The statutory defence for corporate liability is provided under subsection 4 of Section 17A, of the Malaysian Anti-Corruption Commission Act, whereby commercial organisations need to prove that “adequate procedures” against corruption have been put in place. In December 2018, the Prime Minister of Malaysia issued the “Guidelines on Adequate Procedures” according to subsection 5 of Section 17A of the MACC (Amendment) Act 2018 (Article 4.4 PRINCIPLE IV: SYSTEMATIC REVIEW, MONITORING AND ENFORCEMENT suggest ISO 37001 external audit one of the best practice to demonstrate adequate procedures). Read Malaysia’s National Anti-Corruption Plan 2019-2023 here.