In 2016, the ISO 37001 standard was established to increase the level of awareness and compliance with anti-bribery best practices on an international scale. This standard specifies requirements for establishing, implementing, and continuously improving anti-bribery management systems. The system can be independent or integrated into an overall management system.
There are top five tips or ensuring best practices are embedded into a business for achieving ISO 37001 Certification.
1) Preparation is the key
Companies must enter the ISO 37001 certification process only when they are completely ready. It is easy to assume that a company committed to good business practices will not need to prepare, but this is not always true. All requirement of ISO 37001 must be met to obtain certification, and even the best program will have areas for preparation or improvement. A preparation assessment is a great way to make sure you pass before performing an ISO 37001 audit.
2) Get everyone involved
The auditor’s job is to see how the anti-bribery program works within the organisation – achieving ISO 37001 Certification is a company-wide effort. They will interview members of management, legal, sales, finance, procurement, human resources, and communications to be certain that all departments understand their organisation’s bribery risks and are implementing appropriate anti-bribery procedures and controls.
3) Know what to expect
Your ISO 37001 auditor will be polite, but it will not always be easy to impress. Auditors are anti-corruption experts who take nothing for nominal value. Interviewees are asked in-depth questions about processes and procedures and then asked to show the auditor proof they exist and are being followed. Interviewees need to be reminded that the process is not personal and that they should simply answer to the best of their ability.
4) Failure is not fatal
If the company fails to meet a requirement during the ISO 37001 audit, certification bodies will hold the process open for a period of time while the main non-conformity is corrected. Partial failure to meet a requirement is considered a minor non-conformity. The companies will have 90 days after the end of the audit to conduct a root cause analysis and provide a corrective action plan
5) Commitment to continuous improvement
It is not necessary for a program to be perfect for obtaining the ISO 37001 certification, but it is necessary to commit it to be more efficient and effective throughout certification period. The auditor will return the year after certification for a brief surveillance audit to look at what has been done to make the programme even better.