What is ISO 37001:2016 Anti-Bribery Management System?

ISO 37001:2016 is an international standard that specifies the requirements and provides guidance for establishing, implementing, maintaining, reviewing, and improving an ISO 37001:2016 Anti-Bribery Management System (ABMS). This standard was developed to help organizations of all sizes and industries prevent bribery and corruption.

Key components of ISO 37001:2016 include:

1. Anti-Bribery Policy: Organizations must establish a clear and comprehensive anti-bribery policy that outlines their commitment to preventing bribery and corruption.
2. Risk Assessment: A thorough risk assessment should be conducted to identify potential bribery risks within the organization and its business activities.
3. Due Diligence: Organizations must perform due diligence on business associates, such as suppliers and partners, to ensure they are not involved in corrupt activities.
4. Training and Awareness: Employees and relevant stakeholders should receive anti-bribery training and know the organization's policies and procedures.
5. Reporting and Investigation: Mechanisms for reporting and investigating bribery incidents should be established, and confidentiality and non-retaliation measures should be in place to encourage reporting.
6. Monitoring and Review: Continuous monitoring and periodic reviews of the ABMS are necessary to ensure its effectiveness and make improvements as needed.
7. Documentation: Documentation of all anti-bribery activities, policies, procedures, and records is essential for compliance and accountability.
8. Management Leadership and Commitment: Top management should demonstrate their commitment to the ABMS and provide the necessary resources and support.
9. Communication: Effective communication of the anti-bribery policy and related information should occur internally and externally.
10. Legal and Regulatory Compliance: Organizations must ensure compliance with applicable anti-bribery laws and regulations in their jurisdictions.

ISO 37001:2016 is a tool that helps organizations establish a systematic approach to prevent bribery and corruption. It provides a framework for implementing anti-bribery best practices, which can help organizations build trust, enhance their reputation, and reduce the risk of legal and financial penalties associated with bribery and corruption.

Organizations can seek certification against this standard to demonstrate their commitment to anti-bribery efforts to stakeholders, customers, and business partners.

 

Major Requirements of ISO 37001

 

ISO 37001:2016 specifies several significant requirements for an Anti-Bribery Management System (ABMS). These requirements are essential for organizations seeking to establish and maintain a system that helps prevent bribery and corruption within their operations.

 

Here are the significant needs of ISO 37001:

1. Leadership and Commitment (Clause 5): Top management must demonstrate leadership and commitment to the ABMS by establishing an anti-bribery policy, assigning responsibility for the ABMS, and providing adequate resources and support.
2. Anti-Bribery Policy (Clause 5): Organizations must develop, implement, and maintain an anti-bribery policy that reflects their commitment to preventing bribery and corruption. This policy should be communicated throughout the organization and to relevant stakeholders.
3. Risk Assessment (Clause 6): Organizations should conduct a comprehensive risk assessment to identify and evaluate the bribery risks associated with their activities, locations, and business relationships.
4. Due Diligence (Clause 7): Implement owing diligence procedures for evaluating and addressing the bribery and corruption risks associated with third parties, such as suppliers, agents, and business partners.
5. Policies and Procedures (Clause 8): Establish anti-bribery policies and procedures appropriate for the organization's size, structure, and risks. These policies and procedures should cover critical areas such as gifts, hospitality, donations, and facilitation payments.
6. Training and Awareness (Clause 9): Provide anti-bribery training to employees and relevant stakeholders to ensure they understand the organization's policies and procedures and their role in preventing bribery.
7. Communication (Clause 10): Effectively communicate the anti-bribery policy and related information both internally and externally, including to suppliers, customers, and business partners.
8. Reporting and Investigation (Clause 11): Establish a mechanism for confidentially reporting suspected or actual bribery and corruption incidents. Implement procedures for investigating and taking appropriate action on reported incidents.
9. Documented Information (Clause 12): Maintain written information about the ABMS, including policies, procedures, training records, risk assessments, and investigations.
10. Control of Records (Clause 13): Ensure the proper authority and retention of records related to the ABMS to demonstrate compliance with ISO 37001.
11. Monitoring and Measurement (Clause 14): Establish processes to monitor and measure the effectiveness of the ABMS. This includes conducting internal audits and management reviews.
12. Management Review (Clause 15): Conduct regular management reviews of the ABMS to assess its performance, identify areas for improvement, and ensure its continued suitability and adequacy.
13. Corrective Action (Clause 16): Take appropriate disciplinary actions when non-conformities or weaknesses in the ABMS are identified, and continually improve the system.
14. Continual Improvement (Clause 17): Commit to the ongoing improvement of the ABMS to enhance its effectiveness in preventing bribery and corruption.

ISO 37001 provides a structured framework for organizations to establish and maintain their ABMS, helping them to mitigate bribery risks, comply with anti-bribery laws and regulations, and demonstrate their commitment to ethical business practices.

Organizations can seek certification against this standard to provide external assurance of their anti-bribery efforts to stakeholders, customers, and business partners.

Anti-Bribery Management System Audit Process

Conducting an audit of an Anti-Bribery Management System (ABMS) based on ISO 37001 or other relevant anti-bribery standards involves a systematic process to assess the effectiveness of an organization's anti-bribery controls and practices.

 

Here is an overview of the audit process for an ABMS:

 

Audit Planning:

• Define the scope of the audit, including the departments, locations, and processes to be audited.
• Identify the audit objectives and criteria, such as ISO 37001 requirements and the organization's anti-bribery policies and procedures.
• Select and assemble an audit team with the necessary skills and expertise.
• Develop an audit plan with a schedule, resources, and procedures.

 Preparation:

• Notify the auditee (the organization being audited) of the upcoming audit and provide plan details.
• Request relevant documentation and records from the auditee, including their anti-bribery policy, procedures, risk assessments, training records, and incident reports.
• Review the documentation to familiarize the audit team with the organization's ABMS.

 On-Site Audit:

• Conduct on-site interviews and observations to assess the implementation and effectiveness of the ABMS.
• Review relevant records and documentation to ensure compliance with anti-bribery policies and procedures.
• Evaluate the organization's compliance with ISO 37001 requirements and relevant legal and regulatory obligations.
• Identify any non-conformities or areas of improvement.