ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS. An initiative to strengthen the Corporate Integrity

Transcription

1 ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS An initiative to strengthen the Corporate Integrity Fauziah Sulaiman Management System Certification Department SIRIM QAS International Sdn. Bhd.

2 PRESENTATION OUTLINE Pilot Program Understanding of Standard Requirements Challenges & Benefits to the organization Certification Process 2

3

4 PILOT PROGRAMME MILESTONE 1. ABMS Taskforce Meeting 2. Meeting with SPRM/DSM/MACA 3. Briefing to SPRM PRE- CERTIFICATION STAGE 1 AUDIT STAGE 2 AUDIT CERTIFIED (expected:12 organizations) 2017 MAC APRIL MAY JULY AUG SEPT OCT NOV 4

5 COMPANIES UNDER PILOT PROGRAMME 1. AGENSI KELAYAKAN MALAYSIA (MQA) 2. BANK RAKYAT 3. JABATAN IMIGRESEN MALAYSIA 4. JABATAN PENGANGKUTAN JALAN 5. JABATAN PERKHIDMATAN AWAM 6. LEMBAGA TABUNG HAJI 7. MAJLIS PERBANDARAN SEBERANG PERAI 8. MAJLIS PERBANDARAN SUBANG JAYA 9. PETROLIAM NASIONAL BERHAD (PETRONAS) 10.PIHAK BERKUASA TEMPATAN PENGERANG 11.TOP GLOVE CORPORATION BERHAD 5

6 ADDITIONAL APPLICANTS FOR ABMS CERTIFICATION 1. FELDA GLOBAL VENTURES HOLDINGS BERHAD (FGV) 2. ANGKATAN KOPERASI KEBANGSAAN MALAYSIA BERHAD (ANGKASA) 3. YAYASAN PAHANG 6

7 PILOT PROGRAMME WORKSHOPS 7

8 PILOT PROGRAMME WORKSHOPS 8

9 FIRST COMPANY CERTIFIED TO ISO 37001: th October 2017 MAJLIS PERBANDARAN SEBERANG PERAI 9

10 SUCCESS STORY Certified companies as at 6 November ) Majlis Perbandaran Seberang Perai 2) Angkatan Koperasi Kebangsaan Malaysia Berhad (ANGKASA) 3) Pihak Berkuasa Tempatan Pengerang 4) Top Glove Sdn. Bhd. 5) Petroliam Nasional Berhad (Petronas) 6) Lembaga Tabung Haji 7) Jabatan Pengangkutan Jalan 8) Agensi Kelayakan Malaysia (MQA) 9) Jabatan Imigresen Malaysia 10) Majlis Perbandaran Subang Jaya 11) Yayasan Pahang

11

12 12

13 WHAT IS ISO 37001? ISO is an anti-bribery management system standard published in October It is designed to help an organization establish, implement, maintain, and improve an anti-bribery compliance programme. It includes a series of measures and controls that represent global anti-bribery good practice. 13

14 DOES THE STANDARD REQUIRE A STAND-ALONE MANAGEMENT SYSTEM? The measures required by ISO are designed to be integrated with existing management processes and controls. It follows the common high-level structure for ISO management system standards, for easy integration with, for example QMS, EMS, OSHMS, EnMS, ISMS, AMS. ISO 50001:2011 ISO 55001:2014 ISO 9001:2015 Integrated Management System ISO 14001:2015 ISO 45001:2018 OHSAS ISO 27001:

15 WHAT DOES ISO ADDRESS? Bribery by the organization, or by its personnel or business associates acting on the organization s behalf or for its benefit. Bribery of the organization, or of its personnel or business associates in relation to the organization s activities. 15

16 DOES THE STANDARD DEFINE BRIBERY? Bribery is defined by law which varies between countries. Therefore the Standard provides a generic definition of bribery, but the actual definition will depend on the laws applicable to the organization. The Standard provides guidance on what is meant by bribery to help users understand the intention and scope of the Standard. BRIBERY INVOLVES RECEIVER Valuable items Gifts Job offers Services GIVER 16

17 WHO CAN USE ISO 37001:2016? The standard is flexible and can be adapted to a wide range of organizations, including: Large Org Large organizations Small & medium sized enterprises (SMEs) Public and private sector organizations NGOs ISO SMEs Non-governmental organizations (NGOs) The standard can be used by organizations in any country. Public/ Private 17

18 WHAT IS ISO 37001:2016? Helps to Reduce bribery risks and demonstrate a culture of integrity transparency, openness and compliance. Conformity to ISO cannot provide assurance that no bribery will occur as it is not possible to completely eliminate the risk of bribery. helps organizations implement reasonable measures to prevent, detect and respond to bribery. 18

19 WHAT IS ISO 37001:2016? ISO ABMS : Series of measures to help organisation to Respond Prevent 1. An anti-bribery policy & objectives 3. Training Which include 2. Appointing a person(s) to oversee antibribery compliance 4. Risk assessments & due diligence on projects & business associates Detect 5. Implementing financial & commercial controls 6. Instituting reporting & investigation procedures 19

20 CORPORATE INTEGRITY SYSTEM MALAYSIA (CISM) & ISO REQUIREMENTS CISM ISO 37001: CODE OF ETHICS & ANTI-BRIBERY POLICY CONFLICT OF INTEREST DETERRENCE POLICY WHISTLEBLOWING POLICY REFERAL POLICY An anti-bribery policy, procedures, & controls Top management leadership, commitment & responsibility Governing body Oversight CORRUPTION RISK MANAGEMENT TRAINING ON ETHICS, EDUCATION & COMMUNICATION COMPLIANCE PROGRAMME ANTI-CORRUPTION PREVENTION REPORTING LEADERSHIP CORPORATE SOCIAL RESPONSIBILITY Anti-bribery training and awareness Risk assessment Due diligence on projects & business associates Reporting, monitoring and investigation Management review, corrective action & continual improvement 20 20

21 WHAT DOES ISO REQUIRE? Series of measures and controls Prevent Detect & Respond to bribery An anti-bribery policy, procedures, & controls Top management leadership, commitment & responsibility Oversight Governing body Anti-bribery training Bribery risk assessment Due diligence on projects & business associates Reporting, monitoring, investigation & review Corrective action & continual improvement 21

22 MACC Act 2009 (ACT 694) ACT & RELATED DOCUMENTS Whistleblower Protection Act 2010 (ACT 711) - Enforcement Agencies :SPRM, JPJ, JIM, PDRM, KASTAM Related acts & documents: Private Companies Commission Act 1965 Securities Commission Act 1993 Corporate Governance 2016 (Code of Conducts / Code of Business Ethics) 22

23 ACT & RELATED DOCUMENTS Government Pekeliling & Arahan Arahan Arahan Perbendaharaan Pekeliling Perkhidmatan Bil 3, 1998 Garispanduan pemberian & penerimaan hadiah di dalam perkhidmatan awam Pekeliling Perkhidmatan Bil 6 Tahun 2013 Penubuhan Unit Intergriti Di Semua Agensi Awam Peraturan pegawai awam (kelakuan dan tatatertib)

24 MACC ACT 2009 (ACT 694) Core offences: Section 16 : Solicit and Accept/Agree to Accept : (Offences of accepting grafication) Section 17 : Offer and Give : Offences of giving or accepting gratification by agents Section 18 : False Claim : Offence of intending to deceive principal by agent Section 23 : Abuse of Office/Position : Offence of using office or position for gratification Penalty : Imprisonment Maximum 20 years and Fine Not less than 5 times the value of gratification (bribe) or Minimum RM10,000 (whichever is higher) 24

25 THE ISO HIGH LEVEL STRUCTURE ISO 37001: 2016 ISO 9001: Introduction 0. Introduction 1. Scope 1. Scope 2. Normative Reference 2. Normative Reference 3. Terms and Definitions 3. Terms and Definitions 4. Anti-Bribery Management Systems 5. Leadership 6. Planning 4. Quality Management Systems 5. Leadership 6. Planning 7. Support 7. Support 8. Operation 9. Performance Evaluation 8. Operation 9. Performance Evaluation 10. Improvement 10. Improvement 25

26 ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS REQUIREMENTS WITH GUIDANCE FOR USE 26

27 CLAUSE 4 : CONTEXT OF THE ORGANIZATION Understand the organization (Refer A ) Determine the scope of ABMS (Refer A.2) Conduct bribery risk assessment (Refer A.4) ISO 31000:2009 Risk Management Principles and guidelines ISO/IEC 31010:2009 Risk Management Risk assessment techniques 27

28 CLAUSE 5 : LEADERSHIP Governing Body Top management (Refer A.5) Anti-bribery Compliance Function (Refer A.6) Anti-bribery Policy (a- i) 28

29 CLAUSE 6 : PLANNING Taking action from the risk assessment to achieve anti-bribery objectives 29

30 CLAUSE 7 : SUPPORT Resources (Refer A.7: Human, Physical, Financial) Competency Employment Process (Refer A.8) Awareness and Training (Refer A.9) Communication Documented Information (Refer A.17) 30

31 CLAUSE 8 : OPERATION Control of operations to reduce bribery risks ( gifts, hospitality, donations policy/procedures) (Refer A.15) Due diligence required for operations that is above low bribery risk (Refer A.10) Financial (Refer A.11) & Non-Financial Control (Refer A.12) Control of business associates to reduce bribery risks to the organization (Refer A.13 & Refer A.14) Managing concerns relating to bribery ( reporting, investigating, protect those making report) (Refer A.18) Managing non-compliance of controls 31

32 CLAUSE 9 : PERFORMANCE EVALUATION Monitoring and evaluate anti-bribery performance (Refer A.19) Refer ISO 19600:2014 Compliance Management System Guidelines Internal Audit (Refer A.16) Review by Anti-bribery compliance function Review by Top Management Review by Governing Body 32

33 CLAUSE 10 : IMPROVEMENT Responding to non-conformities (React, Evaluate, Implement and Review Action) Refer A.20 33

34 REQUIREMENTS 4 Context of organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance and Evaluation 10 Improvement 4.1 Understanding context (a-h) 4.2 stakeholders 4.3 Scope ABMS 5.1 Leadership and commitment Governing Body, Top Mgt, ` 5.2 ABMS Policy(a-i) 6.1 Actions to address risks and opportunities 6.2 ABMS objectives and planning 7.1 Resources 7.2 Competence Employment Process 8.1 Operational planning and control 8.2 Due Diligence 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit 10.2 Nonconformity and corrective action 10.3 Continual improvement 4.4 ABMS 4.5 Bribery Risk Assessment 5.3 Organizational roles, responsibilities and authorities- Anti Bribery Compliance Function 7.3 Awareness & training 7.4 Communication 8.3 Financial Control 8.4 Non Financial Control 9.3 Management review Top Mgt Review Governing Body 7.5 Documented Information 8.5 By Controlled organization and by business associate 9.4 Anti Bribery Compliance Function Guidance Annex A A.1 till A. 22 ISO (Risk) ISO (Compliance Management 8.6 Anti Bribery Commitment 8.7 Gift, hospitality, donation 8.8 Managing inadequate control 8.9 Raising Concern 8.9 Investigating & dealing with bribery 34

35 ESSENTIAL ELEMENTS FOR SUCCESSFUL ABMS Governing Body & Top Management Commitment Bribery risk assessment Anti-bribery culture Implementations of effective controls and monitoring Effective internal audits Effective investigation and corrective action process 35

36 CHALLENGES Understanding the requirements of the standards Establishing the structure and reporting line Developing the competency Changing the Culture External influences politics, economy, social, legal 36

37 CHALLENGES : IDENTIFYING BRIBERY RISK 1) Hot target areas/people/activities/business associates 2) Risk assessment methodology 3) 4) Knowledgeable personnel in risk assessment and bribery risk Integrating bribery risk with other types of enterprise risk

38 CHALLENGES GOVERNING BODY INVOLVEMENT 1) 2) Communication with governing body Access to records (Board minutes of meeting, Board papers) 3) Training/Awareness for governing body

39 BENEFITS To establish a culture of integrity, transparency, openness and compliance. To assist organization to avoid or mitigate the costs, risks and damage of involvement in bribery To promote trust and confidence in business (assurance to management, investors, employees, customers, and other stakeholders that an organization is taking reasonable steps to prevent bribery) To enhance reputation and improve employee morale 39

40 BENEFITS To reduce cost of operation To have better financial standing Competitive advantage in national & international markets Comply to acts/regulations/code of practice related to integrity/corruption 40

41 SUCCESS STORY OF ABMS Eni S.p.A. Italian multinational oil and gas company headquartered in Rome.,the first Italian company (by RINA Services SpA) Bosch the global supplier of technology and services, is the first company in the UAE (by TASNEEF-RINA Business Assurance L.L.C.) Alstom Rail transportation giant, first French company (by AFNOR Certification, Alstom s anti-bribery efforts at seven sites in France and elsewhere in Europe. CPA Global, an international intellectual property (IP) management and technology company, headquartered in Jersey (by ETHIC Intelligence) 41

42 CONCLUSION ABMS is about : proactively combating bribery building anti-bribery culture ABMS should decrease the cost of doing business, ensure transparency in transactions and increase employee morale. 42

43 CERTIFICATION PROCESS Application Stage 1 Audit Stage 2 Audit Certification Certificate valid for three (3) years Surveillance Audit Once a Year Recertification Audit Every 3 Years (renewal)

44 THE CERTIFICATE 44

45 CERTIFICATION MARK 45

46 46

47 SIRIM QAS International Sdn. Bhd Mobile : Connect with SIRIM QAS international to get the latest development on industry topics, news and events. Join us via our official social media platforms as below: - Facebook: Twitter: You Tube: Linkedin: 47

48 48