ISO 37001 is an international standard that provides a systematic approach to anti-bribery management. This standard provides a framework for organizations to establish, implement, maintain, and continually improve their anti-bribery management system, which essentially enables them to address bribery risks; prevent, detect and respond to bribery.
ISO 37001 covers all forms of bribery, including Active Bribery – offering or paying a bribe; Passive Bribery – soliciting or receiving a bribe; Public Sector – bribery of public officials; in the Private Sector – bribery of personnel of corporations or of other private organization or of private individuals; Direct Bribery – by the organization or its personnel, or; Indirect Bribery – bribery through business associates such as agents, consultants or outsourcing partners.
The standard was first published by the International Organization for Standardization (ISO) in 2016 and has since been widely adopted by organizations worldwide.
The bribery risk assessment enables the organization to form a solid foundation for its anti-bribery management system. Risk assessment methodology depends upon two factors:
The organization establishes its criteria for evaluating bribery risk keeping in mind different factors. The risk assessment design’s purpose and objectives are divided into four major phases, as explained below.
The first phase of a risk assessment process establishes criteria for evaluating the level of bribery risk, which considers the organization’s policies and objectives. An organization can achieve this by understanding the impact and likelihood of the risk occurring. To measure the impact, the extent to which the risk becomes acceptable or tolerable is taken into account. To measure the risk, the likelihood of risks is rated on a five-point scale.
The impact rating should consider the following –
The second phase of the risk assessment process identifies risk, which consists of finding, recognizing and describing risks that might prevent an organization from achieving its objectives. Risk identification is based on the organization’s environment, including the nature of its operations, business and locations.
The second phase includes
The risk categories concerning bribery include the following:
The third phase of the risk assessment is the risk analysis and evaluation. The risk analysis is conducted by applying the risk criteria, which includes the likelihood and the impact of occurrence, with reference to the risks identified in the different categories. Further, it is evaluated how likely the risk is to occur, and if it does, what is its adverse impact on the organization? The analysis provides a risk score for each category.
The fourth phase is the risk response and monitoring by management to bring the residual risk within the desired level of risk exposure. The possible responses are:
ISO 37001 helps organizations improve their reputation and credibility. And the ones that are certified to ISO 37001 are seen as being committed to ethical business practices and reducing bribery risks. This can increase stakeholders’ and partners’ confidence and improve due diligence processes.
From improving overall risk management and compliance management to identifying and addressing bribery risks, ISO 37001 brings a number of implementation benefits, as listed below.
4C Consulting recently empowered a client in a cargo and mineral port based in, Central Africa. ISO 37001 enabled our client to introduce a speak-up culture, comply with local laws, improve ESG rating and also increase stakeholder trust. To achieve the same results and much more, reach out to our consultant at info@4cpl.com And for more information on ISO 37001.
In today’s fast and interconnected world, businesses must operate efficiently, maintain quality, and meet ever-evolving…
As global industries struggles with climate change challenges. ISO 9001 has taken a significant step…
In the food industry safety is non-negotiable. Achieving FSSC 22000 certification not only demonstrates your…
In today's dynamic business environment, ensuring the safety and well-being of employees is more critical…
With increasing data breaches and stricter regulations, ISO 27001 certification has become essential for companies…
The automotive industry is fast-paced, driven by constant innovation and a strong focus on quality.…