8m ago
4.40 MB
91 Pages
Last View : 2d ago
Last Download : 23d ago
Upload by : Julia Hutchens


OUTLINE1. The Development of ISO 370012. What is ISO 37001?3. ISO 37001 Requirements4. Implementation Journey5. Challenges & Benefits6. The certification process

New Paradigm in Management SystemStandardRisk based thinkingStrategic thinkingSustainable developmentImproved alignment with other managementsystems standards

RISK-BASED APPROACH MSISO 9001 : 2015Quality Management SystemsISO 14001 : 2015Environment Management SystemsISO 45001 : 2018Health & Safety (OH&S) Management SystemsISO 37001 : 2016Anti-Bribery Management SystemsISO 28000 : 2007Supply Chain Security Management SystemsISO 21001 : 2018Education Management SystemsISO 22000 : 2018Food Safety Management SystemsISO 50001 : 2018Energy Management SystemsISO 20000-1 : 2018IT Service Management Part 1ISO 39001 : 2012Road Safety Management SystemsISO 27001 : 2013Information Security Management SystemsISO 55001 : 2014Asset Management SystemsAll management systems supports sustainable development goals

THE ISO HIGH LEVEL STRUCTURE (HLS)ISO 9001:2015ISO 14001:2015ISO 45001:2018ISO 37001:2016ISO/IEC 27001:20130. Introduction0. Introduction0. Introduction0. Introduction0. Introduction1. Scope1. Scope1. Scope1. Scope1. Scope2. Normativereference2. Normativereferences2. Normative reference2. Normativereferences2. Normativereferences3. Terms anddefinitions3. Terms anddefinitions3. Terms and definitions3. Terms anddefinitions3. Terms anddefinitions4. Context of theorganization4. Context of theorganization4. Context of theorganization4. Context of theorganization4. Context of theorganization5. Leadership5. Leadership5. Leadership andworker participation5. Leadership5. Leadership6. Planning6. Planning6. Planning6. Planning6. Planning7. Support7. Support7. Support7. Support7. Support8. Operation8. Operation8. Operation8. Operation8. Operation9. Performanceevaluation9. Performanceevaluation9. Performanceevaluation9. Performanceevaluation9. Performanceevaluation10. Improvement10. Improvement10. Improvement10. Improvement10. Improvement

ISO 19600:2014 COMPLIANCE MANAGEMENT - GUIDELINEThe ISO 19600 standard (December2014) is not certifiable but providesuseful guidelines for a variety ofcompliance needs including antibribery, anti-money laundering,export control. The ISO 37001standard (October 2016) is acertifiable standard, consistent withISO 19600 and dedicated to AntiBribery Management Systems.Values, ethics &beliefsCompliance

CORPORATE INTEGRITY SYSTEM MALAYSIA (CISM) &ISO 37001 REQUIREMENTSCISM1 CODE OF ETHICS & ANTI-BRIBERYPOLICY2 CONFLICT OF INTEREST DETERRENCEPOLICY3 WHISTLEBLOWING POLICY4 REFERAL POLICY5 CORRUPTION RISK MANAGEMENT6 TRAINING ON ETHICS, EDUCATION &COMMUNICATION7 COMPLIANCE PROGRAMME8 ANTI-CORRUPTION PREVENTIONREPORTING9 LEADERSHIP10 CORPORATE SOCIAL RESPONSIBILITYISO 37001An anti-bribery policy, procedures, & controlsTop management leadership, commitment &responsibilityGoverning body OversightAnti-bribery training and awarenessRisk assessmentDue diligence on projects & businessassociatesReporting, monitoring and investigationManagement review, corrective action &continual improvement


WHAT IS ISO 37001? It is designed to help an organization establish,implement, maintain, and improve an antibribery compliance programme. It includes a series of measures and controlsthat represent global anti-bribery good practice.11

WHAT IS ISO 37001 ?Helps toReduce bribery risks and demonstrate aculture of integritytransparency, openness andcompliance. cannot provide assurance that no briberywill occur as it is not possible to completelyeliminate the risk of bribery.Conformityto ISO helps organizations implement reasonable37001measures to prevent, detect and respond tobribery.12

WHAT IS ISO 37001?ISO 37001-ABMS : Series ofmeasures to help organisation toPREVENT Which include1. An antibribery policy &objectives2. Appointing aperson(s) to overseeanti-briberycompliance3. Training4. Risk assessments& due diligence onprojects & businessassociates5. Implementingfinancial &commercial controls6. Institutingreporting &investigationproceduresDETECTRESPOND

WHAT DOES ISO 37001 ADDRESS? Bribery by the organization, or by itspersonnel or business associates acting onthe organization’s behalf or for its benefit. Bribery of the organization, or of itspersonnel or business associates in relation tothe organization’s activities.14

WHO CAN USE ISO 37001:2016 ?The standard is flexible and canbe adapted to a wide range oforganizations, including: Large organizations Small & medium sizedenterprises (SMEs) Public and private sectororganizations Non-governmentalorganizations (NGOs)The standard can be used byorganizations in any country.15LargeOrgNGOsISO37001Public/PrivateSMEs

DOES THE STANDARD REQUIRE A STAND-ALONEMANAGEMENT SYSTEM? The measures required by ISO 37001 are designed to be integratedwith existing management processes and controls. It follows the common high-level structure for ISO managementsystem standards, for easy integration with, for example QMS,EMS, OSHMS, EnMS, ISMS, 01:2018OHSAS18001

DOES THE STANDARD DEFINE BRIBERY? Bribery is defined by law which varies between countries.Therefore the Standard provides a generic definition ofbribery, but the actual definition will depend on the lawsapplicable to the organization. The Standard provides guidance on what is meant by briberyto help users understand the intention and scope of theStandard.BRIBERY INVOLVESGIVERValuableitemsGiftsJob offersServicesRECEIVER

The standard does not specifically address Fraud Cartels and other anti-trust/competition offences Money-laundering or Other activities related to corrupt practicesHowever an organization can choose to extend thescope of management system to include suchactivities.18


REQUIREMENTS4 Context ofOrganization4.1 Understandingcontext4.2 Stakeholders4.3 Scope ABMS4.4 ABMS4.5 Bribery RiskAssessment5 Leadership6 Planning7 Support8 Operation10Improvement5.1 Leadership &commitment –Governing Body,Top Mgmt.9 Performance& Evaluation6.1 Actions toaddress risks andopportunities7.1 Resources8.1 OperationalPlanning & Control9.1 Monitoring,measurement,analysis &evaluation10.1Nonconformity &corrective action7.2 Competence8.2 Due Diligence7.2.2 EmploymentProcess8.3 FinancialControl7.3 Awareness &training8.4 Non FinancialControl8.5 By Controlledorganization & bybusiness associate8.6 Anti-BriberyCommitment5.2 ABMS Policy(a-i)5.3 Organizationalroles,responsibilitiesand nnex A – A.1 till A. 22ISO 31000 (Risk)ISO 19600 (ComplianceManagement)6.2 ABMSobjectives andplanning7.4Communication7.5 DocumentedInformation8.7 Gift, hospitality,donation8.8 Managinginadequate control8.9 RaisingConcern8.10 Investigating& dealing9.2 Internal Audit9.3 Managementreview –TopMgmt. Review,Governing Body9.4 Anti-BriberyComplianceFunction10.3 Continualimprovement

4 Context of the organization4.1Understanding the organization and its context4.2Understanding the needs and expectation ofstakeholders4.3Determining the scope of the anti-briberymanagement system4.4Anti-bribery management system4.5Bribery risk assessment22

4.1Understanding the organization and its contextThe organization shall determineexternal & internal issuesthat are relevant to its purpose andthat affect its ability to achieve the objectives of itsanti-bribery management system.23

4.1Understanding the organization and its contextThe issues will include (without limitation) Size, structure and delegation decisionmaking authority of the organization Locations and sectors in which theorganization operates or anticipates operating Nature, scale and complexity of theorganization’s activities and operations Organization’s business model24

4.1Understanding the organization and its contextThe issues will include (without limitation) The entities over which the organization hascontrol and entities which exercise control overthe organization The organization’s business associates The nature and extend of interaction which publicofficials Applicable statutory, regulatory, contractual andProfessional obligations and duties25


4.2 UNDERSTANDING THE NEEDS AND EXPECTATIONS OF STAKEHOLDERSSTAKEHOLDERSNEED & EXPECTATIONSGOVERNMENT,LOCAL AUTHORITIES,CONCESSIONAIRES,UTILITY PROVIDERSGovernance complianceApplicable laws (Construction & Building By Law)Industrial and workplace relationEnvironmental and safety managementSHAREHOLDERS, JV PARTNERSEfficient operations –sustainable profitabilityLong term growth and stabilityBoard governance sustainabilityEMPLOYEEOrganization’s growth, strategies and performanceEmployees safety and well-beingCapability developmentEmployee performanceCUSTOMERS & CONSUMERSStandards of customer relationsSafety and securityInnovative and trend setting practicesSUPPLIERS, SERVICE PROVIDERS,CONTRACTORS, CONSULTANTFair practicesTransparent tender, procurement processCompliance with law and regulationsCOMMUNITYHealth and safety impactenvironmental impactService deliveryMEDIAOperational issue and financial impactCorporate responsibilityreputationOpen

4.3 (a) DETERMINING THE SCOPE OF THE ANTI-BRIBERY MANAGEMENT SYSTEM(INTERNAL- values, culture , performance & knowledge)Factors that may impact level of integrity and exposure to bribery & vernanceOpenSystemProcess

4.3 (a) DETERMINING THE SCOPE OF THE ANTI-BRIBERY MANAGEMENT SYSTEM(EXTERNAL-legal, technological, competitive, market, cultural, social and economic environments )Factors that may impact level of integrity and exposure to bribery & ironmentalSocialTechnologyOpen

GUIDANCE FOR SAMPLINGINTERNAL ISSUESEXTERNAL ISSUESSTRATEGYoverall performance of the organizationRESOURCEas infrastructure (see ISO 9001:2015, 7.1.3),environment for the operation of theprocesses (see ISO 9001:2015, 7.1.4),organizational knowledge (see ISO9001:2015, 7.1.6);3) human aspects such as competence ofpersons, organizational behavior andculture, relationships with unions;PEOPLEcompetence of persons, organizationalbehavior and culture, relationships withunions;OPERATIONALprocess or production and serviceprovision capabilities, performance of thequality management system, monitoringcustomer satisfactionGOVERNANCErules and procedures for decision makingor organizational structure.ECONOMYmoney exchange rates, economic situation, inflationforecast, credit availability;SOCIALas local unemployment rates, safety perception, educationlevels, public holidays and working daysPOLITICALas political stability, public investments, local infrastructure,international trade agreements;TECHNOLOGYnew sector technology, materials and equipment, patentexpirations, professional code of ethicsMARKETcompetition, including the organization’s market share,similar products or services, market leader trends, customergrowth trends, market stability, supply chain relationships;STATUTORY ®ULATORYaffect the work environment (see ISO 9001:2015, 7.1.4) suchas trade union regulations and regulations related to anindustry;Open

Internal IssuesExternal IssuesBribery and corruption exposures within high riskoperations are not adequately mitigatedIncreasing political influenceEmployees behavior and culture not fully supportthe substantive implementation of requisiteGovernance, Risk and Compliance cultureIncreasing public awareness on the governing anticorruption laws and regulationsAbuse of position, affecting important andstrategic decision makingEconomic slowdown compounded with the risingcost of livingLack of competency/knowledgeThird party agreements are entered into withindividuals/businesses via JV partnership etc whomay have questionable ethicsWeak internal control, lack of enforcementGifts & Entertainment occur throughoutorganization by third parties (suppliers,contractors, counterparts, top management ) mayinfluence decision makingTrust deficit/perception issues/complaint channelLeadership crisisIncreasing imposition of guidelines or adequateprocedures by anti-corruption laws andjurisdictionOpen

4.1 h - LAW REGULATIONS & OTHER REQUIREMENTS MACC Act 2009 (ACT 694) Whistleblower Protection Act 2010 (ACT 711)- Enforcement Agencies :SPRM, JPJ, JIM, PDRM, KASTAM,SSM, SCSIAP( Suruhanjaya Intergriti Agensi Penguatkuasa)Related acts & documents: Private Companies Act 1965 2016 ( Act 777) Securities Commission Act 1993 (Act 498) Corporate Governance 2016 (Code of Conducts / Code ofBusiness Ethics)

4.1 h ACT & RELATED DOCUMENTSGovernment –Pekeliling & Arahan –Arahan Arahan Perbendaharaan Pekeliling Perkhidmatan Bil 3, 1998 –Garispanduanpemberian & penerimaan hadiah di dalam perkhidmatanawam Pekeliling Perkhidmatan Bil 6 Tahun 2013 – PenubuhanUnit Intergriti Di Semua Agensi Awam Peraturan pegawai awam (kelakuan dan tatatertib) 1993

4.1 h ACT & RELATED DOCUMENTSYAB PERDANA MENTERI PekelilingARAHANPerkhidmatanBil 6 Tahun 2011- PindaanNO.1 TAHUN 2014Tapisan Keselamatan Bagi Pegawai Yang DilantikDalam Perkhidmatan AwamManual Pengguna Sistem eVetting

ARAHANYAB PERDANAMENTERI - - NO.1 TAHUN 2014ARAHAN YABPERDANAMENTERINO.1 TAHUN 2014Jun 2014ARAHAN YAB PERDANA MENTERI - NO.1 TAHUN 2018Jun 2018Gerakan Pemantapan Governans, Intergriti dan AntiRasuah Dalam PengurusanPen

ISO 45001 : 2018 Health & Safety (OH&S) Management Systems ISO 37001 : 2016 Anti-Bribery Management Systems ISO 28000 : 2007 Supply Chain Security Management Systems ISO 21001 : 2018 Education Management Systems ISO 22000 : 2018 Food Safety Management Systems ISO 50001 : 2018 Energy Management Systems ISO 20000-1 : 2018 IT Service Management Part 1