What are ISO 37001’s requirements ?
Part 3 – Running the system
By Jean-Pierre Méan
Published on Tuesday January 9, 2018
Running the system implies first implementing the procedures that have been put in place at the outset.
This includes monitoring the implementation of the anti-bribery policy by requesting personnel and business associates presenting a bribery risk to acknowledge receipt of the policy and committing to abide by it.
It further includes adapting the employment procedures to the anti-bribery policy, conducting training for personnel and business associates presenting a bribery risk, running the alert system to raise concerns and monitoring the expenses for gifts, hospitality, donations and similar benefits.
An important role in running the system further hangs on due diligence, especially in organizations with international operations. Due diligence consists of an assessment of the bribery risk in relation to specific transactions, projects, activities, business associates and personnel that present a more than a low bribery risk. The expression more than a low bribery risk, that is used in several places in the standard, links the requirements of the standard to the assessment of the bribery risk so that extensive due diligence is required for business associates in high risk countries or activities but no due diligence is required where the bribery risk is quite remote, as might be the case for a commercial distributor in a low risk country as opposed to an agent serving as an intermediary in public procurement in a high risk country.
Investigations have to be conducted on violations or suspected violations of the anti-bribery policy or of the implementing procedures. These investigations have to be conducted confidentially except to the extent required to progress the investigation and subject to respecting the rights and intimacy of the victim if there is one. The individual conducting investigations should have prior experience as an investigator or should be adequately trained. Investigations should result in corrective and where appropriate disciplinary action against the violators.
The Anti-Bribery Compliance Function shall assess the anti-bribery management system on a continual basis and shall report on the performance of the system to the Board and top management as appropriate. Top management and the Board shall review the anti-bribery management system at planned intervals
The organization shall document all elements of the anti-bribery management system and shall further retain summary documented information as evidence of the results of the Board review.
Do you want to contribute to the blog?
Please have a look at our Blog Guidelines
