iso 37001 anti-bribery management system

ISO 37001 Anti-Bribery Management System

Dr Mark Lovatt mark.lovatt@trident-integrity.com

www.trident-integrity.com

How does corruption arise?

Corruption arises from:

– Weak systems

– Poor enforcement

– Acceptance culture

You have to change the first two to impact the third

Purpose of ISO 37001

• To provide assurance for companies that their anti-bribery system comprises ‘adequate procedures’ regarding bribery & corruption

• To provide an international certification for anticorruption systems

• Published 15 Oct 2016

Who can use ISO 37001?

ISO: Full Structure

Implementation infrastructure

Risk Matrix (5 x 5)

7

Almost certain Significant Significant High High High

Likely Moderate Significant Significant High High

Moderate Low Moderate Significant High High

Unlikely Low Low Moderate Significant High

Rare Low Low Moderate Significant Significant

Insignificant Minor Moderate Major Catastrophic

Implementation infrastructure

Step 1: Top-Level Commitment

• The programme must start at the right level: from the top

– Board agrees to the programme

– Designated senior manager made responsible

– Company roles & responsibilities determined

Implementation infrastructure

Having established the necessary implementation

infrastructure, the core infrastructure can now be set up

ISO: Full Structure

ISO 37001 Core Infrastructure

Nestle

ISO 37001 Core Infrastructure

CoI management: Rio Tinto

ISO 37001 Core Infrastructure

Your money is like water going through the system

You have to stop the leakages!

Example: Procurement profiling

ISO 37001 Core Infrastructure

High Risk areas

• Gifts & Hospitality – Hampers

– Gifts

– Dinners

– Entertainment

• Political donations

• Charitable donations & sponsorships

• Support letters

• Facilitation payments

ISO 37001 Core Infrastructure

Whistleblowing procedure

ISO 37001 Core Infrastructure

Investigations procedure

• Documented procedures for investigations

• Qualified and trained staff in position to conduct investigations

• Procedures linked to Domestic Inquiry process and Police / ACC reporting protocol etc.

Implementation infrastructure

Communication & Training

• General communications

– Newsletter

– Team meetings

– Intranet / portal

• Training, esp. for specialist functions

– Sales

– Tendering & Procurement

– Contract management

• Customer & Supplier

– Letter or leaflet

– Briefing event

Implementation infrastructure

Performance evaluation & Improvement

• Monitoring & Enforcement

– Audits on compliance

– Investigations on incidents

– Prosecutions and terminations

• Periodic reviews of the system

– Audit (internal & external)

– Top management review

• Improvements to the system

– Analysis of incidents

– External expert review

Dr Mark Lovatt mark.lovatt@trident-integrity.com

www.trident-integrity.com +6 013 297 4450

THANK YOU