ISO 37001 – The new norm?

In the current regulatory landscape, global organizations can expect increasing investigations and analysis in business practices...

Home » Industry Insights » ISO 37001 – The new norm?

ISO 37001 – The new norm? by Stef Loizou, Regional Solutions Director

Background and Regulatory Landscape

Within the current regulatory landscape, global organizations can expect increasing investigations and analysis in business practices and organizational transactions by authorities that are seeking to assess and examine bribery and corruption.

Strengthening basic FCPA controls and accelerating the use of automated monitoring controls to prevent inappropriate payments can help organizations boost up their financial well-being, business reputation and cause potential growth and success with the goal to show both the authorities and stakeholders that they’re committed to doing business the appropriate way.

An anti-bribery policy and supporting management systems are critical components of an overall compliance strategy. Implementing ISO 37001 can help organizations avoid the negative impacts of bribery. Achieving legal obligations and committing to sustainable and clear business practices helps build trust and confidence with customers, suppliers, and partners. Ultimately the certification causes good business and healthy profits.

Compliance Challenges - Microsoft

"Microsoft’s Corporate Vice President & Deputy General Counsel David Howard mentioned that the patchwork of anti-bribery and corruption laws and guidance from various governments and non-governmental organizations around the world makes compliances challenging. We think a rational approach to anti-corruption programs is a good thing."

Compliance Challenges - Walmart

“Walmart just announced that it is considering ISO 37 001 adoptions. Singapore and Peru Governments are studying the ways to apply the standard to public procurements and the private sector.

What's controls are essential for certification?

Organizations already have the 2016 guidance of the International Organisational Standardisation ISO 9001 at their disposal to guide them in the implementation journey of advanced risk management controls. The recently published guidance of ISO 37001 (Anti-Bribery management systems) contains an essential list of anti-bribery controls that are applicable to small, medium, and large organizations across all sectors and recommends among other things the following risk management financial controls:

1. Effective Segregation of Duties.

2. Defined delegation of authorities.

3. Validation of required approvals.

4. Countersignature requirement for payment approvals.

5. Submission of supporting documentation.

6. Stringent controls on cash.

7. Detailed requirement for transaction descriptions.

8. Management Review of significant transactions.

9. Independent financial audits and transactions testing.

Once obtaining the ISO 37001 what does it give to the organization?

Builds Trust: It assures stakeholders, ranging from board members and investors to employees and customers that the organization is actively engaged in preventing bribery.

Establishes Credibility: Organisations that have taken a reputational hit after a bribery scandal or those based in countries with a high risk of bribery and corruption can benefit from achieving the Standard - a reflection of their commitment to ethical business

Creates Process Efficiencies: Improved processes and risk visibility saves time and reduces cost by eliminating inefficient or ineffective approaches.

Gain a competitive edge: It offers a business advantage when such certifications are requirements in bidding processes or for supply chain onboarding.

Establishes Transparency: In the event of an investigation, it helps them demonstrate to internal and external auditors that their organization has taken reasonable steps to prevent bribery.

In fact, a study looking at the financial performance of companies that adopted the previous ISO 9001 verification standards revealed significant improvements in sales growth, return on sales and return on assets compared to those that chose not to implement ISO 9001. Moreover, establishing a reputation as an ethical organization has been estimated to enhance stock values between 20 to 50 percent or more. Adopting ISO 37 001 is likely to offer similar financial benefits.

Of course, business is not static, and certification is not an assurance that the program will continue operating effectively even as the corporate environment changes. An ISO certification alone is not adequate to shield a company from corruption.

Nevertheless, it appears that the importance of ISO 37001 continues to grow and soon it will become the 'new norm'!

If you have any questions, please contact us and a member of the team will be able to assist.

Background and Regulatory Landscape
Within the current regulatory landscape, global organizations can expect increasing investigations and analysis in business practices and organizational transactions by authorities that are seeking to assess and examine bribery and corruption.
Strengthening basic FCPA controls and accelerating the use of automated monitoring controls to prevent inappropriate payments can help organizations boost up their financial well-being, business reputation and cause potential growth and success with the goal to show both the authorities and stakeholders that they’re committed to doing business the appropriate way.
An anti-bribery policy and supporting management systems are critical components of an overall compliance strategy. Implementing ISO 37001 can help organizations avoid the negative impacts of bribery. Achieving legal obligations and committing to sustainable and clear business practices helps build trust and confidence with customers, suppliers, and partners. Ultimately the certification causes good business and healthy profits.
Compliance Challenges – Microsoft
“Microsoft’s Corporate Vice President & Deputy General Counsel David Howard mentioned that the patchwork of anti-bribery and corruption laws and guidance from various governments and non-governmental organizations around the world makes compliances challenging. We think a rational approach to anti-corruption programs is a good thing.”
Compliance Challenges – Walmart
“Walmart just announced that it is considering ISO 37 001 adoptions. Singapore and Peru Governments are studying the ways to apply the standard to public procurements and the private sector.
What’s controls are essential for certification?
Organizations already have the 2016 guidance of the International Organisational Standardisation ISO 9001 at their disposal to guide them in the implementation journey of advanced risk management controls. The recently published guidance of ISO 37001 (Anti-Bribery management systems) contains an essential list of anti-bribery controls that are applicable to small, medium, and large organizations across all sectors and recommends among other things the following risk management financial controls:
1. Effective Segregation of Duties.
2. Defined delegation of authorities.
3. Validation of required approvals.
4. Countersignature requirement for payment approvals.
5. Submission of supporting documentation.
6. Stringent controls on cash.
7. Detailed requirement for transaction descriptions.
8. Management Review of significant transactions.
9. Independent financial audits and transactions testing.
Once obtaining the ISO 37001 what does it give to the organization?
Builds Trust: It assures stakeholders, ranging from board members and investors to employees and customers that the organization is actively engaged in preventing bribery.
Establishes Credibility: Organisations that have taken a reputational hit after a bribery scandal or those based in countries with a high risk of bribery and corruption can benefit from achieving the Standard – a reflection of their commitment to ethical business
Creates Process Efficiencies: Improved processes and risk visibility saves time and reduces cost by eliminating inefficient or ineffective approaches.
Gain a competitive edge: It offers a business advantage when such certifications are requirements in bidding processes or for supply chain onboarding.
Establishes Transparency: In the event of an investigation, it helps them demonstrate to internal and external auditors that their organization has taken reasonable steps to prevent bribery.
In fact, a study looking at the financial performance of companies that adopted the previous ISO 9001 verification standards revealed significant improvements in sales growth, return on sales and return on assets compared to those that chose not to implement ISO 9001. Moreover, establishing a reputation as an ethical organization has been estimated to enhance stock values between 20 to 50 percent or more. Adopting ISO 37 001 is likely to offer similar financial benefits.
Of course, business is not static, and certification is not an assurance that the program will continue operating effectively even as the corporate environment changes. An ISO certification alone is not adequate to shield a company from corruption.
Nevertheless, it appears that the importance of ISO 37001 continues to grow and soon it will become the ‘new norm’!

Discover our industry leading expertise

Industry Insights

Risk Evolution: Expectation VS Reality
February 21, 2022 0
Did you know 30% of critical infrastructure organizations will suffer a security breach by 2025? Read our latest insights to find out the real implications of controlling risk in JDE...

Managing User Access in JD Edwards Efficiently
October 7, 2019
Managing user access can be quite time consuming, walk through the tools available to streamline user access management processes including request self-service tools
Watch On-Demand

Upcoming live events

No upcoming webinars found

Empower your security team

Save time, enhance risk visibility and be audit-ready with ALLOut Security for JD Edwards.

Request a Demo

Cookie name	Default expiration time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_ga_<container-id>	2 years	Used to persist session state.
_gac_gb_<container-id>	90 days	Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

visitor_id<accountid>	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>	If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a `true` or `false` value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to `true`, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to `false`. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
pardot	A session cookie named pardot is set in your browser while you’re logged in to Pardot as a user or when a visitor accesses a form, landing page, or page with Pardot tracking code. The cookie denotes an active session and isn’t used for tracking.

Cookie name	Default expiration time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_ga_<container-id>	2 years	Used to persist session state.
_gac_gb_<container-id>	90 days	Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

visitor_id<accountid>	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>	If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a `true` or `false` value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to `true`, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to `false`. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
pardot	A session cookie named pardot is set in your browser while you’re logged in to Pardot as a user or when a visitor accesses a form, landing page, or page with Pardot tracking code. The cookie denotes an active session and isn’t used for tracking.