ISO 37001:2016 Anti-Bribery Management System Certification is critical for organisations in the public, private and non-profit sectors. After all, consider the benefits: Certification adds a distinct level of credibility to the organisation’s management systems and ensures that the organisation implements a viable anti-bribery management program utilising widely accepted controls and systems.
It assures management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. ISO 37001:2016 certification also protects the organisation, its assets, shareholders and directors from the effects of bribery. But what, exactly, is the process for getting ISO 37001:2016 certified by CRI Group? Once your organisation has submitted questionnaire information and completed the approval and contract stage, the certification cycle is ready to begin.
Step 1: Audit confirmation
An audit plan will be developed with your organisation and confirmed to the Certification’s Body Assessment Team at least three months before the organisation’s first audit.
Step 2: Pre-assessment audit (optional)
The organisation can opt to perform a pre-assessment audit to identify any possible gaps between its current management system and the standard requirements. This audit is optional and helps the organisation check its preparedness for the stage 1 and 2 assessments by identifying any major non-conformities that have not been addressed.
Step 3: Stage 1 audit
Review the results of the audit, including:
- General observations
- Non-conformities (major or minor, see below)
Minor non-conformities: These are not seen as serious. The organisation must complete an internal Corrective Action Plan (CAP) before Stage 2. CAP is not required to be sent to the Assessment Team at Stage 1.
Major non-conformities: These are more serious. The organisation will need to submit a CAP within ten days of receiving the audit report, with all actions scheduled to be completed before Stage 2. The CAP should be sent to the Assessment Team. The major non-conformities raised during Stage 1 will be re-assessed during Stage 2 Audit.
Step 4: Stage 2 audit
This is an on-site audit and takes place after the organisation has successfully completed Stage 1 and corrected any major non-conformities identified during the Stage 1 audit. Stage 2 confirms that the organisation’s management system is fully aligned to the standard. The evaluation is of management system implementation and its effectiveness.
Outcome: The audit report will detail the following:
- Any positive observations
- Opportunities for improvement – suggestions for improvement and any findings that could lead to potential non-conformities.
- Non-conformities (Major or Minor)
- Recommendation for Certification
Minor non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit this to the Assessment Team within 45 working days of receiving the audit report. The Assessment Team will review the CAP; it must detail the non-conformity, the cause, the proposed corrective action, who is responsible and the date the action will be implemented. Based on the evaluation of CAP, the recommendation for certification will be made.
For minor non-conformities, if an organisation has a corrective action procedure, this will not delay the certificate.
Major non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit it within 90 days (or 180 days depending on the number and risk of major non-conformities) of receiving the audit report be sent to the auditor.
Consider ISO 37001:2016 ABMS as one of the invaluable tools of your Third-Party Risk Management Strategy. Combined with due diligence, background screening, business intelligence and compliance solutions, ISO 37001 certification and training can lift your risk management process and help your business mitigate risks from third-party affiliations, protecting your organisation from liability, brand damage and harm to the business.
What comes next?
ABAC® program helps ensure that your business has implemented a management system which prevents, detects and responds to bribery and complies with anti-bribery laws, internally and externally (i.e. agents, consultants, suppliers, distributors and other third-parties). ABAC© program can be tailored in accordance with your organisation’s requirements and your organisation will benefit from many other benefits such as:
- Extensive and Effective Global Coverage
- Our vast network of Certified Fraud Examiners, Compliance Officers and Research Consultants possess diverse industry backgrounds and are strategically positioned across five continents. Our multi-national corporate intelligence and forensics network is based in Dubai and operates in Europe, the Middle East, Asia, North Africa and outlier territories where reliable information is difficult to obtain.
- Our professionals are acutely trained in international business compliance, including the Foreign Corrupt Practices Act (FCPA), UK Bribery Act, OECD Anti-Bribery Convention, Money Laundering Regulations and their associated developments. Business intelligence is gathered from regulators, industry observers, suppliers, competitors, distributors and even current/former customers.