Bribery is widely acknowledged as a significant business risk in many countries and sectors. Previously, bribery has in many cases been tolerated as a “necessary” part of doing business.
Now, increasing awareness of the damage caused by bribery to countries, organizations and individuals has resulted in calls at international and national level for effective action to be taken to prevent bribery.
Yet despite efforts on national and international levels to tackle bribery, it remains a significant issue, especially in the world of business today.
Many international treaties have been signed during the last 20 years requiring member states to implement anti-bribery laws and procedures. However, the law alone is not sufficient to solve this problem. Organizations have a responsibility to proactively contribute to combating bribery.
This can be achieved by an anti-bribery management system, which this document is intended to provide, and through leadership commitment to establishing a culture of integrity, transparency, openness and compliance. The nature of an organization’s culture is critical to the success or failure of an anti-bribery management system.
Recognizing this, ISO has developed a new standard to help organizations fight bribery and promote an ethical business culture.
ISO 37001, Anti-bribery management systems, specifies a series of measures to help organizations prevent, detect and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.
It is designed to help your organization implement an anti-bribery management system, or enhance the controls you currently have. It helps to reduce the risk of bribery occurring and can demonstrate to your stakeholders that you have put in place internationally recognized good-practice anti-bribery controls.
(Source: International Organisation for Standardization – ISO)
ISO 37001:2016 Requirements
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of stakeholders
4.3 Determining the scope of the anti-bribery management system
4.4 Anti-bribery management system
4.5 Bribery risk assessment
5 Leadership
5.1 Leadership and commitment
5.1.1 Governing body
5.1.2 Top management
5.2 Anti-bribery policy
5.3 Organizational roles, responsibilities and authorities
5.3.1 Roles and responsibilities
5.3.2 Anti-bribery compliance function
5.3.3 Delegated decision-making
6 Planning
6.1 Actions to address risks and opportunities
6.2 Anti-bribery objectives and planning to achieve them
7 Support
7.1 Resources
7.2 Competence
7.2.1 General
7.2.2 Employment process
7.3 Awareness and training
7.4 Communication
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
8 Operation
8.1 Operational planning and control
8.2 Due diligence
8.3 Financial controls
8.4 Non-financial controls
8.5 Implementation of anti-bribery controls by controlled organizations and by business associates
8.6 Anti-bribery commitments
8.7 Gifts, hospitality, donations and similar benefits
8.8 Managing inadequacy of anti-bribery controls
8.9 Raising concerns
8.10 Investigating and dealing with bribery
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
9.3.1 Top management review
9.3.2 Governing body review
9.4 Review by anti-bribery compliance function
10 Improvement
10.1 Nonconformity and corrective action
10.2 Continual improvement
The requirements of ISO 37001:2016 are generic and are intended to be applicable to all organizations (or parts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors.
Commentaires