Background and Regulatory Landscape
Within the current regulatory landscape, global organizations can expect increasing investigations and analysis in business practices and organizational transactions by authorities that are seeking to assess and examine bribery and corruption.
Strengthening basic FCPA controls and accelerating the use of automated monitoring controls to prevent inappropriate payments can help organizations boost up their financial well-being, business reputation and cause potential growth and success with the goal to show both the authorities and stakeholders that they’re committed to doing business the appropriate way.
An anti-bribery policy and supporting management systems are critical components of an overall compliance strategy. Implementing ISO 37001 can help organizations avoid the negative impacts of bribery. Achieving legal obligations and committing to sustainable and clear business practices helps build trust and confidence with customers, suppliers, and partners. Ultimately the certification causes good business and healthy profits.
Compliance Challenges – Microsoft
“Microsoft’s Corporate Vice President & Deputy General Counsel David Howard mentioned that the patchwork of anti-bribery and corruption laws and guidance from various governments and non-governmental organizations around the world makes compliances challenging. We think a rational approach to anti-corruption programs is a good thing.”
Compliance Challenges – Walmart
“Walmart just announced that it is considering ISO 37 001 adoptions. Singapore and Peru Governments are studying the ways to apply the standard to public procurements and the private sector.
What’s controls are essential for certification?
Organizations already have the 2016 guidance of the International Organisational Standardisation ISO 9001 at their disposal to guide them in the implementation journey of advanced risk management controls. The recently published guidance of ISO 37001 (Anti-Bribery management systems) contains an essential list of anti-bribery controls that are applicable to small, medium, and large organizations across all sectors and recommends among other things the following risk management financial controls:
1. Effective Segregation of Duties.
2. Defined delegation of authorities.
3. Validation of required approvals.
4. Countersignature requirement for payment approvals.
5. Submission of supporting documentation.
6. Stringent controls on cash.
7. Detailed requirement for transaction descriptions.
8. Management Review of significant transactions.
9. Independent financial audits and transactions testing.
Once obtaining the ISO 37001 what does it give to the organization?
Builds Trust: It assures stakeholders, ranging from board members and investors to employees and customers that the organization is actively engaged in preventing bribery.
Establishes Credibility: Organisations that have taken a reputational hit after a bribery scandal or those based in countries with a high risk of bribery and corruption can benefit from achieving the Standard – a reflection of their commitment to ethical business
Creates Process Efficiencies: Improved processes and risk visibility saves time and reduces cost by eliminating inefficient or ineffective approaches.
Gain a competitive edge: It offers a business advantage when such certifications are requirements in bidding processes or for supply chain onboarding.
Establishes Transparency: In the event of an investigation, it helps them demonstrate to internal and external auditors that their organization has taken reasonable steps to prevent bribery.
In fact, a study looking at the financial performance of companies that adopted the previous ISO 9001 verification standards revealed significant improvements in sales growth, return on sales and return on assets compared to those that chose not to implement ISO 9001. Moreover, establishing a reputation as an ethical organization has been estimated to enhance stock values between 20 to 50 percent or more. Adopting ISO 37 001 is likely to offer similar financial benefits.
Of course, business is not static, and certification is not an assurance that the program will continue operating effectively even as the corporate environment changes. An ISO certification alone is not adequate to shield a company from corruption.
Nevertheless, it appears that the importance of ISO 37001 continues to grow and soon it will become the ‘new norm’!
Discover our industry leading expertise
Industry Insights
Here’s the problem with most Security Audit Reports…
How does The Board and your top management assess the value of Security Audit reports to support their risk assurance? What do you have to report on and what should you give them?