ISO 37001: Let’s Talk Specifics

NAVEX Global
Contact

[author: Leslie Benton, Vice President of Advocacy and Stakeholder Engagement, CREATE.org]


Some, though certainly not all, of the dust has settled since ISO 37001 published last fall. As compliance professionals grapple with the new standard, we thought it would be interesting to use the power of social media to seek input from our readers on ISO 37001 now that everyone has had some time to get better acquainted.

Such polarizing opinions on a topic makes for a perfect opportunity to bring the community together for discussion.

As cited by Compliance Week, the opinions on ISO 37001 run the gamut from “…we don’t need another standard in anti-bribery” to the standard signaling “a ‘coming-of-age moment’ for the anti-corruption compliance space.” Such polarizing opinions on a topic makes for a perfect opportunity to bring the community together for discussion. So let’s do that. 


Read More: ISO 37001: Answers to the 5 Questions We’ve Heard Most About the Standard


Points for Discussion

1. By the Industry for the Industry

ISO 37001 was drafted with input from hundreds of experts across 56 countries and seven liaison organizations. The committee drafting the standard included business people, as well as lawyers, NGOs, academics and others, assembled to ensure the standard was rigorous and practical. As a result, the framework was written in non-legalistic, plain language and provided a new level of detail, uniformity and transparency.

Is the standard easy to understand? Does it provide detail, uniformity and transparency where other standards or regulations did not?

Answer via Twitter

2. The Benefits of a New Standard

Organizations understand that reports of bribery can hurt their reputations and brands—and that conforming to standards like ISO 37001 can be a key market differentiator. The standard was created so organizations could use it to engage business partners and measure their own compliance capabilities. The end goal is to minimize the risk of unlawful behavior, allow for earlier interventions and provide evidence of reasonable steps to prevent bribery and demonstrate commitment to ethical practices. Regulators have recently rewarded organizations that take such steps.

Has ISO 37001 made it easier to gauge business partners on compliance? Has it made it easier to judge your own organization?

Answer via Twitter

3. Flexibility of Design

ISO 37001 was designed to aid in complying with international good practices and with relevant anti-bribery legal requirements in all countries. It also can be adapted according to the size and nature of the organization and the potential bribery risk.

Will ISO 37001 work in all jurisdictions? Will it work for organizations of various sizes?

Answer via Twitter

It’s important to remember that ISO 370001 certification will be voluntary and that ISO doesn’t perform certifications itself. But independent certification bodies can use the new standard, and that service should be available later this year.

Adherence to ISO 37001 is not a safe harbor or a bar to liability.

In the U.S., the ANSI-ASQ National Accreditation Governing body (ANAB) issues accreditation to auditors. ISO 37001 certification will be valid for three years, with an annual surveillance audit. Auditor competency is governed by detailed requirements (ISO/IEC 17021-1 and -9), developed by ISO's Committee on Conformity Assessment (CASCO), to ensure confidence, quality and reliability in the certification process. ISO 37001 auditors are required to have specific knowledge, including knowledge of the standard’s requirements, bribery concepts and scenarios, third-party risk, bribery risk assessment and due diligence, and the design and evaluation of effective anti-bribery controls.

Organizations should also remember that adherence to ISO 37001 is not a safe harbor or a bar to liability. But it’s worth looking at, as it may be taken into consideration by prosecutors should a bribery-related event occur. It can provide some evidence that an organization has taken reasonable steps to prevent wrongdoing.


View original article at Ethics & Compliance MattersTM


Written by:

NAVEX Global
Contact
more
less

NAVEX Global on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.