Embed Size (px)
Citation preview
How does corruption arise?
Corruption arises from:
– Weak systems
– Poor enforcement
– Acceptance culture
You have to change the first two to impact the third
Purpose of ISO 37001
• To provide assurance for companies that their anti-bribery system comprises ‘adequate procedures’ regarding bribery & corruption
• To provide an international certification for anticorruption systems
• Published 15 Oct 2016
Who can use ISO 37001?
ISO: Full Structure
Implementation infrastructure
Risk Matrix (5 x 5)
7
Almost certain Significant Significant High High High
Likely Moderate Significant Significant High High
Moderate Low Moderate Significant High High
Unlikely Low Low Moderate Significant High
Rare Low Low Moderate Significant Significant
Insignificant Minor Moderate Major Catastrophic
Implementation infrastructure
Step 1: Top-Level Commitment
• The programme must start at the right level: from the top
– Board agrees to the programme
– Designated senior manager made responsible
– Company roles & responsibilities determined
Implementation infrastructure
Having established the necessary implementation
infrastructure, the core infrastructure can now be set up
ISO: Full Structure
ISO 37001 Core Infrastructure
Nestle
ISO 37001 Core Infrastructure
CoI management: Rio Tinto
ISO 37001 Core Infrastructure
Your money is like water going through the system
You have to stop the leakages!
Example: Procurement profiling
ISO 37001 Core Infrastructure
High Risk areas
• Gifts & Hospitality – Hampers
– Gifts
– Dinners
– Entertainment
• Political donations
• Charitable donations & sponsorships
• Support letters
• Facilitation payments
ISO 37001 Core Infrastructure
Whistleblowing procedure
ISO 37001 Core Infrastructure
Investigations procedure
• Documented procedures for investigations
• Qualified and trained staff in position to conduct investigations
• Procedures linked to Domestic Inquiry process and Police / ACC reporting protocol etc.
Implementation infrastructure
Communication & Training
• General communications
– Newsletter
– Team meetings
– Intranet / portal
• Training, esp. for specialist functions
– Sales
– Tendering & Procurement
– Contract management
• Customer & Supplier
– Letter or leaflet
– Briefing event
Implementation infrastructure
Performance evaluation & Improvement
• Monitoring & Enforcement
– Audits on compliance
– Investigations on incidents
– Prosecutions and terminations
• Periodic reviews of the system
– Audit (internal & external)
– Top management review
• Improvements to the system
– Analysis of incidents
– External expert review
