Should I adopt the ISO Standards?
In our view, adopting the ISO Standards and Guidelines for Governance and Compliance is a great step towards achieving GREAT Governance & Compliance.
Most large multi-national companies have put in place anti-corruption programmes to comply with applicable regulations, including FCPA, UK Bribery Act, French Law Sapin II.
So, what's new under the Standards and Guidelines to what I have now?
To use the ISO 37001 Standard as an example, the key word in the ISO 37001 Anti-bribery Management Systems standard is actually the word “System”.
In addition to the programmes that exist to ensure you comply with the regulations you have identified, the System will actually ensure you do the following:
- Review on a regular basis the context of your organisation: “you have a new subsidiary in the UK, you need to make sure to comply with the UK Bribery Act”, “you develop a new business model involving distributors: you have to include those in your anti-bribery risk analysis”
- Review annually your risk analysis, define yearly objectives for your anti-bribery management system (e.g. % of suppliers needing Due Diligence, turnaround time of investigations, % of employees trained in each employee category…), measure them and take action if they have not been achieved!
- Have a system to organise your procedures and keep records (this can be useful the day you need to demonstrate you have taken the appropriate steps when you are under investigation)
- Do an annual Top Management Review and internal audit programme to ensure a continual improvement of your system: ensure that you identify gaps either in your procedures or their actual implementation, and ensure that they are not only corrected on time, but also that you have treated the root cause of the issue with the appropriate corrective action, so that it doesn’t happen again
Once again, having a system doesn’t prevent one individual occurrence (and this is one of the criticisms of the ISO 9001 Quality Management System), however, when it is properly implemented and reviewed/certified by qualified external third parties it ensures that you learn continously from the issues you have identified and prevent further issues arising in your organisation.
What should I do now to start the process?
The short answer is reach out to us at ETHIC Intelligence and we will work out what product may be right for you. You might need some of our corporate training solutions first or perhaps a readiness assessment to see where you are along the journey. Just contact us and one of our team will work out the best path forward.