Speeki's top five things to focus on with ISO 37001

As companies start to use the ISO anti-bribery management system standard to develop their anti-bribery and compliance systems, there are five things they should focus on to maximise their use of the ISO 37001 standard and their chances of becoming certified by an accredited certification body like Speeki Europe.

Top five things to focus on with ISO 37001

Leadership commitment

The highest level of management must demonstrate leadership and commitment to the anti-bribery management system (ABMS). Clear expectations must be set for employees, resources to support the ABMS must be available, and the importance of compliance must be communicated throughout the organisation. Leadership owns the ABMS, so they must be able to articulate it and understand the guidance in ISO 37001.

Risk assessment

The organisation must identify and assess its bribery risks. This includes considering the organisation’s size, industry, location and activities. Once risks have been identified, they must be mitigated through appropriate controls. The risks should be specifically focused on bribery and specific to business units, countries, subsidiaries and vertical areas like sales, channel pricing, procurement of indirect spending and donations. A useful risk assessment should include breakdowns of country risk and supplier risk in that country. The more precise a risk assessment is, the better it is.

Due diligence

The organisation must conduct due diligence on its business partners and suppliers to assess their bribery risks. This includes reviewing their anti-corruption policies and procedures and conducting audits to verify compliance. We expect to see due diligence on the companies, people and even high-risk employees. The due diligence should be effective and not simply a ‘tick-the-box’ process. It should focus on bribery risks, not credit checks or sanctions checks. It is a research exercise on the historical or future risk of bribery and corruption.

Communication and training

The organisation must communicate its anti-bribery policies and procedures to all employees and the ecosystem in which it operates. This includes providing training on the importance of compliance and how to identify and avoid bribery. Awareness, communications and training should be considered as three discrete areas (rather than being joined together). For each of these areas, there should be a written plan that relates back to a set of objectives, which in turn relates back to the set of risks. There should be ways to manage the effectiveness of the training and not just consider completion rates.

Monitoring and review

The organisation must monitor and review its ABMS to ensure that it is effective. This includes conducting internal audits and reviewing reports of bribery allegations. It must also include deep analyses of the AMBS by three different and separate functions of the company: compliance, top management and the board (known as the governing body). These are reviews of the ABMS itself and how it is working, if it is adding value, if it is meeting its objectives, and whether it is effective. Monitoring and reviewing are often confused with ABMS reporting. Reporting lets your management or top governing body know about the programme and its results, but monitoring and measurement are more about assessing the ABMS and its function.

By focusing on these five areas, organisations can implement an effective ABMS that will help them prevent bribery and corruption.

Some additional tips for implementing ISO 37001 are:

• getting buy-in from top management – this is essential for the success of any management system
• involving employees in the process – employees are the front line of preventing bribery, so it is important to get their input and buy-in
• using a risk-based approach to focus on the risks that are most likely to occur and have the greatest impact
• using a continuous improvement approach to continuously monitor and improve the programme to ensure that it is effective.

By following these tips, organisations can implement an effective ISO 37001 ABMS that will help them prevent bribery and corruption. This will greatly increase the opportunity to be certified by an accredited certification body like Speeki Europe.