Awareness ISO 37001:2016. Menyediakan jasa auditor trainer dan konsultan ISO 37001:2016 dan seri lainnya..per hari 2,5 juta wa saja 081567796679 dan 08112999715
2. Perkenalan Diri
▪ Name: Danang SuryoWardhono ST MM
▪ Occupation:
▪ RegisteredTrainer /auditor PECB,Trainer/ auditor management system
for certification body LRQA, Mutu Certification International, RINA,
Afnor Indonesia, IAPMO,TUV rheinland, pusdiklat gadjahmada, Bina
Profesi Institute, mutu institute, NQA,WQA, ITSTeknosains, ISQ,
Sucofindo etc
▪ LA IRCA /PECB certified ISO 9K, 14K, 18K, 22K, 22301, 27K, 37k, 45, 50 k
(waiting result), smk3 auditor, halal, BRC versi 8 auditor conversion, PAK
KPK etc
▪ Telp/WA: 081567796679, 08112999715
▪ danangsuryowardhono@gmail.com
3. Purpose of this Course
▪Understanding basic concept of Anti
bribery Management System
▪High level structure
▪Clause ISO 37001:2016
▪Minimum documentation needed
4. Learning outcome
▪ Participant will understand:
1. Purposes and benefit of ABMS (anti bribery Management System) ISO 37001:2016
2. Structure of ISO 37001:2016
3. PDCA (clausal 4-10)
4. Operation control
5. Schedule day 1
topic time
Welcome and introduction 8.30-09.00
Anti bribery management system introduction 09.00-10.00
Clausal 1-4, scope, normative reference, terms and definitions,
context organization
10.00-12.00
Lunch 12.00-13.00
Clausal 5-7 leadership, planning, support 13.00-15.00
Break 15.00-15.15
Clausal 8 operation 15.15-16.15
Clausal 9 -10 performance evaluation , improvement 16.15-16.45
Wrapping and Closing 16.45-17.00
6. Schedule day 2
Topic time
Refreshment clausal 4-10 08.00-10.00
Workshop 10.00-12.00
Lunch 12.00-13.00
Group presentation 13.00-15.00
Break 15.00-15.15
Wrapping and closing 15.15-16.00
55. • ISO 37001 is the new global standard for anti-bribery and corruption (ABC)
management systems. This means that, for the first time, there is an
internationally-recognized minimum set of measures for an organization to
have in place to prevent and detect bribery.
• It is designed for use in both the public and private sector, and we expect
to see international adoption by public sector organizations, that will, in
turn, require that organizations wanting to do business with them are
certified to the same standard.
• Source PECB white paper Navigant, ISO 37001: A GAME CHANGER FOR
BRIBERY COMPLIANCE
56.
57.
58. 1 Scope
• This document specifies requirements and provides guidance for
establishing, implementing, maintaining, reviewing and improving an anti-
bribery management system.
• This document is applicable only to bribery. It sets out requirements and
provides guidance for a management system designed to help an
organization to prevent, detect and respond to bribery and comply with
anti-bribery laws and voluntary commitments applicable to its activities.
• This document does not specifically address fraud, cartels and other anti-
trust/competition offences, money-laundering or other activities related to
corrupt practices, although an organization can choose to extend the scope
of the management system to include such activities.
59. 3 Terms and definitions
3.1 bribery
• offering, promising, giving, accepting or soliciting of an undue
advantage of any value (which could be financial or non-financial) ,
directly or indirectly, and irrespective of location(s) , in violation of
applicable law, as an inducement or reward for a person acting or
refraining from acting in relation to the performance (3.16) of that
person’s duties
• 3.5 management system
• set of interrelated or interacting elements of an organization (3.2) to
establish policies (3.10) and objectives (3.11) and processes (3.15) to
achieve those objectives
60. • 3.7 governing body
• group or body that has the ultimate responsibility and authority for
an organization’s (3.2) activities, governance and policies and to
which top management (3.6) reports and by which top management
is held accountable
• 3.8 anti-bribery compliance function
• person(s) with responsibility and authority for the operation of the
anti-bribery management system (3.5)
61. • 3.29conflict of interest
• situation where business, financial, family, political or personal
interests could interfere with the judgment of persons in carrying out
their duties for the organization (3.2)
• 3.30 due diligence
• process (3.15) to further assess the nature and extent of the bribery
risk (3.12) and help organizations (3.2) make decisions in relation to
specific transactions, projects, activities, business associates (3.26)
and personnel
62. • 3.26 business associate
• external party with whom the organization (3.2) has, or plans to
establish, some form of business relationship
• 3.27 public official
• person holding a legislative, administrative or judicial office, whether
by appointment, election or succession, or any person exercising a
public function, including for a public agency or public enterprise, or
any official or agent of a public domestic or international
organization, or any candidate for public office
63. 4. Context of the organization
• 4.1 Understanding the organization and its context
• 4.2 Understanding the needs and expectations of stakeholders
• 4.3 Determining the scope of the anti-bribery management system
• 4.4 Anti-bribery management system
• 4.5 Bribery risk assessment
• Intention: Building an understanding and documenting the organization, as
well as the needs and expectations of its stakeholders. It stresses the
crucial risk assessment step in which the bribery risks are identified,
assessed and prioritized. The risk assessment must be documented, and
reviewed on a regular basis, including in the event of a significant change
to the structure or activities of the organization
64. • The organization should be aware that external and internal issues
can change, and therefore, should be monitored and reviewed. An
organization might conduct reviews of its context at planned intervals
and through activities such as management review.
65. • In planning their anti-bribery system, organizations must take steps to
identify and assess their bribery risks. Organizations are encouraged
to categorize risks into different levels, from low to high. For example
“Agents or intermediaries who interact with the organization’s clients
or public officials on behalf of it are likely to pose a “medium” or
“high” bribery risk, particularly if they are paid on a commission or
success fee basis.”
66. • The organization can then determine the type and level of anti-
bribery controls which apply to each risk category, and assess
whether existing controls are adequate. If not, the controls can be
appropriately improved. The organization may change the nature of
the transaction, project, activity or relationship such that the nature
and extent of the bribery risk is reduced to a level that can be
adequately managed by existing, enhanced or additional anti-bribery
risk controls. It follows that activities that the organisation determines
to be high risk, but that it cannot manage, should not be undertaken.
67. 5. Leadership
• 5.1 Leadership and commitment
• 5.1.1 Governing body
• 5.1.2 Top management
• 5.2 Anti-bribery policy
• 5.3 Organizational roles, responsibilities and authorities
• 5.3.1 Roles and responsibilities
• 5.3.2 Anti-bribery compliance function
• 5.3.3 Delegated decision-making
68. • The intent of this subclause is to ensure that top management
demonstrate leadership and commitment by taking an active role in
engaging, promoting, and ensuring, communicating and monitoring
the performance and effectiveness of the Anti bribery management
system. The ways it can be applied are based on various factors, such
as the size and complexity of an organization, management style and
organizational culture
69. 6.Planning
• 6.1 Actions to address risks and opportunities
• 6.2 Anti-bribery objectives and planning to achieve them
• The intent of this subclause is to ensure that when planning the Anti
Bribery management system processes, the organization determines
its risks and opportunities and plans actions to address them. Its
purpose is to prevent nonconformities, including nonconforming
outputs, and to determine opportunities that might enhance Anti
bribery performance or achieve an organization’s Anti bribery
objectives
70. 7.Support
• 7.1 Resources
• 7.2 Competence
• 7.2.1 General
• 7.2.2 Employment process
• 7.3 Awareness and training
• 7.4 Communication
• 7.5 Documented information
• 7.5.1 General
• 7.5.2 Creating and updating
• 7.5.3 Control of documented information
71. • The intent of this subclause is to ensure that the organization
provides the resources necessary for the establishment,
implementation, maintenance and continual improvement of the Anti
Bribery management system, and for its effective operation.
• In determining the resources that need to be provided, the
organization should consider the current capabilities of its internal
resources (e.g. people, capability of equipment, organizational
knowledge) and any constraints (e.g. budget, number of resources,
schedule).
72. • There must be adequate and appropriate training and communication
of the anti-bribery management system and documentation of the
information provided.
73. Specific in employment process
• The second is the requirement for due diligence on all personnel in
positions which are exposed to more than a low bribery risk, and to
all personnel employed in the anti-bribery compliance function.
Specifically:
• due diligence is conducted on persons before they are employed, and
on personnel before they are transferred or promoted by the
organization, to ascertain as far as is reasonable that it is appropriate
to employ or redeploy them and that it is reasonable to believe that
they will comply with the anti-bribery policy and anti-bribery
management system requirements;
74. 8. Operation
• 8.1 Operational planning and control
• 8.2 Due diligence
• 8.3 Financial controls
• 8.4 Non-financial controls
• 8.5 Implementation of anti-bribery controls by controlled organizations and by
• business associates
• 8.6 Anti-bribery commitments
• 8.7 Gifts, hospitality, donations and similar benefits
• 8.8 Managing inadequacy of anti-bribery controls
• 8.9 Raising concerns
• 8.10 Investigating and dealing with bribery
75. • The operational planning and control of ISO 37001 includes due
diligence, financial controls and non-financial controls. It covers the
reporting of suspected and actual bribery, as well as investigating on
and dealing with such findings.
76. • Due Diligence: Conducting checks of on certain transactions, projects,
activities, business associates, or an organisation’s personnel is a key
component of the standard, as it informs the decision on whether to
postpone, discontinue, or revise those transactions, projects, or
relationships with business associates or personnel. As expected, and
in line with all its requirements, the standard does not adopt the
‘one-size-fits-all’ approach, and due diligence must be weighted
according to risk.
77. • In relation to non-controlled business associates, for which the
bribery risk assessment or due diligence has not identified as low, the
organiation should obtain anti-bribery commitments, and require the
business associate to implement anti-bribery controls in relation to
the relevant transaction, project or activity.
• This might be limited to training, and controls over key payments and
gifts/hospitality. In the case of a major high bribery risk business
associate with a large and complex scope of work, the organization
might require the business associate to have implemented controls
equivalent to those required by ISO 37001. The organization will
normally impose these requirements on the business associate as a
pre-condition to working it, and/or as part of the contract document.
78. 9. Performance evaluation
• 9.1 Monitoring, measurement, analysis and evaluation
• 9.2 Internal audit
• 9.3 Management review
• 9.3.1 Top management review
• 9.3.2 Governing body review
• 9.4 Review by anti-bribery compliance function
79. • Organizations are required to review periodically the organization
compliance system, either via an independent internal audit or a
competent and independent third party. Such audits consist of internal
audit processes or other procedures which review procedures, controls and
systems for:
a. bribery or suspected bribery;
b. non-compliance with the anti-bribery policy or anti-bribery management
system requirements;
c. failure of business associates to conform to the applicable requirements of
the organization; and
d. weaknesses in or opportunities for improvement to the anti-bribery
management system.
81. Mandatory procedures
• reporting procedures for suspected and actual bribery (5.1.2)
• procedures which enable it to take appropriate disciplinary action
against personnel who violate the anti-bribery policy or anti-bribery
management system (7.2.2.1)
• Employment process (7.2.2)
• Procedures in positions which are exposed to more than a low bribery
risk such as due diligence (7.2.2.2)
• The anti-bribery compliance declaration
• procedures addressing anti-bribery awareness and training for
business associates (7.3)
82. Mandatory procedures cont.
• Procedures controlling Implementation of anti-bribery controls by
controlled organizations and by business associates (8.5.2)
• Procedures addressing Anti-bribery commitments for business
associates which pose more than a low bribery risk (8.6)
• Procedures Raising concerns (8.9)
• Procedures Investigating and dealing with bribery (8.10)
• procedures which review procedures, controls and systems ABMS
83. • may also implement audit procedures to identify ways personnel may
exploit existing control weaknesses for personal gain A.8.4.4
• audit procedures for business associate (A13.3.6)
• Procedures to control the extent and frequency of gifts and
hospitality A.15.3
84. Mandatory documented
• Scope of the anti-bribery management system i.e. the certification scope (clause 4.3);
• identification, review and assessment of the bribery risks (clause 4.5);
• the anti-bribery policy, available in appropriate languages (clause 5.2);
• the measurable and achievable anti-bribery objectives (clause 6.2);
• competence of personnel (clause 7.2.1);
• awareness and training provided to employees and business associates (clause 7.3);
• evidence that processes have been carried out as planned (clause 8.1.);
• methods and result for monitoring, measurement, analysis and evaluation (clause 9.1.);
• the internal audit (clause 9.2);
• results of the top management reviews (clause 9.3.1);
• results of the governing body reviews (clause 9.3.2);
• control of nonconformities and corrective actions (clause 10.1).
85. Periodic review
❑periodic management review of significant financial transactions A 11
❑periodic and independent financial audits and changing, on a regular
basis, the person or the organization that carries out the audit.A 11
❑periodic summary report of any minor compliance function failure
indication
86. Peraturan terkait
• permenkeu 83 2015 pengendalian gratifikasi di lingkungan kementerian keuangan
• perpres 54 2018 tentang strategi nasional pencegahan korupsi
• permenpan rb 03 2013 tentang pedoman umum sistem penanganan pengaduan
(whistleblower system) tindak pidana korupsi di lingkungan kementerian
pendayagunaan aparatur negara dan reformasi birokrasi
• permenpan rb 10 tahun 2019 pedoman pembangunan zona integrase, perubahan
permenpan rb no 54 tahun 2012
• permenpan rb no 54 tahun 2012 pedoman pembangunan zona integritas menuju
wilayah bebas dari korupsi dan wilayah birokrasi bersih dan melayani di
lingkungan instansi pemerintah
• uu 20 2001
• per ma 13 2016