Transcription
g u i d ep r a c t i c a laISO 37001:2016Anti-briberymanagement systems
Copyright protected documentAll rights reserved. Unless otherwisespecified, or required in the context of itsimplementation, no part of this publicationmay be reproduced or utilized otherwisein any form or by any means, electronicor mechanical, including photocopying,or posting on the internet or an intranet,without prior written permission. Permission can be requested from either ISO atthe address below or ISO’s member bodyin the country of the requester. ISO 2020ISO copyright officeCP 401 Ch. de Blandonnet 8CH-1214 Vernier, GenevaPhone : 41 22 749 01 11Fax : 41 22 749 09 47Email : copyright@iso.orgWebsite : www.iso.orgPublished in SwitzerlandViews expressed in this publication are those of the author(s) and contributors and do notnecessarily reflect those of the International Organization for Standardization or United NationsIndustrial Development Organization. The designations employed and the presentation of materialdo not imply the expression of any opinion whatsoever on the part of the International Organizationfor Standardization or the United Nations Industrial Development Organization concerning the legalstatus of any country, territory, city or area, or of its authorities; or concerning the delimitation ofits frontiers or boundaries; or its economic system or degree of development. Designations suchas “developed”, “industrialized” and “developing” are intended for statistical convenience and donot necessarily express a judgment about the stage reached by a particular country or area in thedevelopment process. Mention of names of firms and organizations and their websites, commercialproducts, brand names, or licensed process does not imply endorsement by the InternationalOrganization for Standardization or the United Nations Industrial Development Organization.
ContentsForeword.Introduction.About this handbook.How to start.912.17.21.22What does certification mean?ISO terminology.23.23ISO 37001:2016 requirementsIntroduction7.About management systemsAbout bribery571. Scope of the standard.272. Normative references.293. Terms and definitions.314. Context of the organization4.1.Understanding the organization and its context.4.2 Understanding the needs and expectations of stakeholders.4.3 Determining the scope of the anti-bribery management system37.38.40.41.474.4 Anti-bribery management system4.5 Bribery risk assessment5. Leadership3535ISO 37001:2016 Anti-bribery management systems – a practical guide –1
5.1Leadership and commitment5.2 Anti-bribery policy.6.152.57Actions to address risks and reness and training7.4Communication7.5Documented information8. Operation8.157.6.2 Anti-bribery objectives and planning to achieve them7. Support51.5.3 Organizational roles, responsibilities and authorities6. Planning48.6366.70.71.72.75.75.76Operational planning and control8.2 Due diligence8.3 Financial controls.81.828.5 Implementation of anti-bribery controls by controlled organizationsand business associates .848.6 Anti-Bribery Commitments868.4 Non-financial controls8.7.8.8 Managing inadequacy of anti-bribery controls8.9 Raising concerns92.97.9. Performance evaluation101.107.107.109Monitoring, measurement, analysis and evaluation9.2 Internal audit.110.1139.3 Management review10. Improvement99.8.10 Investigating and dealing with bribery9.1.Gifts, hospitality, donations and similar benefits.113.11410.1 Nonconformity and corrective action10.2 Continual improvement2 – ISO 37001:2016 Anti-bribery management systems – a practical guide
Appendix I – Demonstrating conformityConformity assessment options.120.123Appendix III – Comparison of ISO 37001with other anti-bribery instruments.145.149.159Appendix IV – Case studiesBibliography118.What to expect when becoming certifiedAppendix II – Diagrams and templates117ISO documents.International conventionsSelected documentation159.160.161ISO 37001:2016 Anti-bribery management systems – a practical guide –3
4 – ISO 37001:2016 Anti-bribery management systems – a practical guide
ForewordBribery is often viewed as a “ necessary ” evil that facilitates business andexpedites work. This perception is not only wrong, it places a heavy burden on people, economies and society as a whole. Loss of business and finesresulting from bribery and fraud, and concomitant reputational damage, canbe severely detrimental to companies, causing billions in lost revenue. Thisbegs the question: Is your organization willing to work with a company thathas been embroiled in a bribery scandal? Such organizations may face harshpenalties by regulatory bodies and studies show that employee morale sufferswhen individuals in their organization are found guilty of bribery.Taking steps to deter unethical practices in the workforce is therefore essentialto establish trust. ISO 37001:2016, Anti-bribery management systems – Requirements with guidance for use, is designed to help an organization implementand maintain a proactive anti-bribery system. Its flagship guidance presentsglobally recognized best practice to prevent, detect and deal with bribery atall levels of an organization. But the standard’s requirements go beyond theorganization’s own operations, covering every aspect of its global value chain.To help with its implementation, technical committee ISO/TC 309, Governance of organizations, has developed a handbook that provides users ofISO 37001:2016 with advice on bribery and the different measures they cantake to prevent it.ISO 37001:2016 Anti-bribery management systems – a practical guide –5
ISO 37001:2016 – Anti-bribery management systems – A practical guide containsdetailed information, case studies and examples that bring clarity to the standard’srequirements. Suitable for organizations of all types and sizes, this handbook isparticularly useful for small and medium-sized enterprises.Responding to the growing threat of bribery and corruption, the InternationalOrganization for Standardization (ISO) and United Nations Industrial DevelopmentOrganization (UNIDO) have joined forces in publishing this handbook that will helpusers of ISO 37001:2016 create a culture of integrity and compliance in their workforce.We hope it will provide all the support you need to put in place robust controlsand processes to protect your organization from the bribery risks it faces.Li YongSergio MujicaDirector GeneralSecretary-GeneralUNIDOISO6 – ISO 37001:2016 Anti-bribery management systems – a practical guide
IntroductionAbout this handbookThis handbook provides guidance on developing and imple menting an antibribery management system, based on the International Standard ISO 37001:2016,Anti-bribery management systems — Requirements with guidance for use. Forbrevity in this handbook, ISO 37001 refers to the 2016 version of the standard. Therequirements and guidance contained within ISO 37001 have been developed tobe applicable (and useful) to any type of organization, regardless of its sector,management structure, size, location, or products and services.ISO 37001 defines “ organization ” as a person or group of people that has its ownfunctions with responsibilities, authorities and relationships to achieve its objectives. This includes, for example: sole traders, companies, corporations, firms, enterprises, public authorities, partnerships, charities or institutions. It can also includeparts or combinations of any of these entities, as well as potentially others. Examplesof different organizational types can include: manufacturers, distributors, schools,law firms, financial institutions, foundations, public hospitals or local governments.While ISO 37001 can be applied to all these various kinds of organizations,this handbook has been developed to assist new, existing, and potential futureISO 37001:2016 Anti-bribery management systems – a practical guide –7
ISO 37001 practitioners, including those in small and medium sized organizationsthat do not have the same resources as larger organizations.This handbook is organized in the following sections to enable readers to referencekey sections as needed, or to read through as preferred:About management systems Describes what management systems are aboutand why an organization should have one.About briberyProvides an overview of bribery and whyorganizations should implement measures toprevent and detect bribery in their operations,if it occurs.How to startPractical advice on different options to introducean anti-bribery man agement system into anorganization, or update an existing one.ISO 37001 RequirementsCentral section of the handbook to help readersbetter understand specific requirementsof ISO 37001, together with examples andsuggestions on how to meet these requirements.Appendix IShort description of the various assessmentoptions and of certification.Appendix IIDiagrams and templates for elements ofISO 37001.Appendix IIIComparison of ISO 37001 with the maininternationally recognized anti-bribery tools.Appendix IVCase studies to illustrate practical questionsthat arise when implementing ISO 37001.BibliographyList of documents relevant to ISO 37001including ISO documents, internationalconventions and documented resources thatare helpful when implementing ISO 37001.8 – ISO 37001:2016 Anti-bribery management systems – a practical guide
suggestions on how to meet these requirements. Appendix I Short description of the various assessment options and of certification. Appendix II Diagrams and templates for elements of ISO 37001. Appendix III Comparison of ISO 37001 with the main internationally recognized anti-bribery tools. Appendix IV Case studies to illustrate practical questions
