information about policy and procedures for anti bribery management in organization

1. ISO 37001:2016
ANTI-BRIBERY MANAGEMENT SYSTEM
LEMBAGA PELABUHAN KUANTAN
si ri m-qas.com.my

2. About the Speaker
• She has been with SIRIM Berhad and its subsidiary since 2004.
• She has four (4) years experienced in Plastic Industries and five (5)
years in Education Services before join SIRIM Berhad.
• Experience in auditing and developing news schemes in SIRIM
Berhad more than fifteen (15) years. Auditing in various schemes
i.e ISO 9001 (QMS), ISO 55001 (AMS), ISO 37001 (ABMS), ISO
45001 (OSHMS), ISO 21001 (EOMS), ISO 29993 (LSP), ISO 18788
(SOMS), ISO 18295 (CCC), MS 1900 (SYARIAH COMPLIANCE),
Malaysian Brand and IT Product Assessment. Leading for ABMS,
EOMS, LSP, CCC, SOMS and SPA Wellness.
• Currently, she is Head of the Services Section in the Management
System Certification Department, SIRIM QAS International Sdn.
Bhd. She is responsible for overseeing the entire management
system certification services in various industries such as
Education, Heathcare, Financial & Banking, Hospitality, Hotel, IT,
Security, Tourism, Commercial, Logisctics and Government .
• He has been involved in the development of the training module
for Lead Auditor Training Course such as ISO 9001, ISO 37001, ISO
18295, ISO 21001, ISO 29993 and ISO 18788 for SIRIM QAS
International auditors and presentation on related subjects in
public conference & forum.
Fauziah Sulaiman
Head of Services
Management System Certification
SIRIM QAS International Sdn Bhd

3. Speaker and panelist in Conference, Forum & Workshops in 2019
• She as Chief Facilitator for GIACC –UNDP Project for 9 ministries & government agencies in 2019. Lead and
the main speaker for the 3 workshops ( 10-11 Jan 2019, 13-14 Feb 2019 and 10-13 March 2019)
• 7 January 2019~Conference on ISO 37001:2016 Anti-bribery Management Systems Requirements : An
initiative to strengthen the Corporate Integrity organized by SIRIM QAS International for corporate agencies
• 18 February 2019~Conference on ISO 37001:2016 Anti Bribery Management System (ABMS ) an Effective
Mechanism To Combat Corruption organized by FMM agencies, Central Region
• 25 March 2019~Conference on ISO 37001:2016 Anti Bribery Management System (ABMS ) an Effective
Mechanism To Combat Corruption organized by Sarawak Government Agencies
• 27 March 2019~Conference on ISO 37001:2016 Anti Bribery Management System (ABMS ) an Effective
Mechanism To Combat Corruption organized by FMM agencies, Perak (North Region)
• 24 April 2019~Conference on ISO 37001:2016 Anti Bribery Management System (ABMS ) an Effective
Mechanism To Combat Corruption (Importance & Implication) organized by LADA agencies, Langkawi
• 17 Sept 2019 ~ Anti Corruption and Integrity Forum 2019 Corporate Liability Provision, “Lines Of Defences”
Available To Prove Diligence In Preventing Offence Envisaged In The Provision organized by ARAM Global &
IIM
• 11 November 2019 ~Corporate Liability On Corruption Forum organized by GRM Training

4. PRESENTATION OUTLINES
To introduce SIRIM QAS International’s capabilities
in Anti Bribery Management System Certification
services
Understanding the Implication of the Corporate
Liability from Perspective of Conformity
Assessment to Anti-Bribery Management System
(ABMS) : ISO 37001:2016
Requirement of the ISO 37001:2016
Bribery Risk Assessment
Implementation Journey

5. Certification Body, wholly owned by
SIRIM Berhad under the purview of
Ministry of Finance
Government
Owned
Revenue generated shall return
to the government

6. SIRIM QAS INTERNATIONAL SDN BHD IS THE ONLY
CERTIFICATION BODY ACCREDITATED
BY STANDARD MALAYSIA FOR ABMS

7. ACCREDITATIONS & RECOGNITIONS
7
• SIRIM QAS International’s accreditations by local and international bodies demonstrate its
high degree of competency, impartiality and credibility in the area of conformity assessment.
• SIRIM QAS International is a member of IQNet, an international network of certification
bodies comprising 35 partner organizations with more than 200 subsidiaries across the globe.
• The certification, inspection and testing services offered by SIRIM QAS International are
carried out in accordance with international standards.
• Our accreditations and recognitions facilitate the acceptance of our certifications and test
reports locally and abroad.

8. To safeguard country’s
confidentiality
National
Certification
Body

9. Large pool of auditors
25 auditors strength that is capable to
fulfill the demand
Audit Fee of RM1500 per audit day
Our Offer
Value for money

10. Proven
track
record
45 Companies certified to ABMS
- 23 Government Agencies
- 11 Private Companies
- 11 GLCs
Successfully completed ABMS certification under
GIACC –UNDP project
- 3 Ministries
- 6 Government Agencies
Pioneer in ABMS - Led pilot program on ABMS
implementation involving 10 companies in 2017

11. NATIONAL ANTI CORRUPTION PLAN (NACP)

12. National Anti Corruption Plan
NACP CLAUSE 2.1.3

13. Law & other requirement
• MACC Act 2009, (Amendment) 2018
• Whistleblower Protection Act 2010 (ACT 711)
(Enforcement Agencies - SPRM, JPJ, JIM, PDRM,KASTAM)
• Companies Act 2016 ( Act 777)
• Securities Commission Act 1993 (Act 498)
• Corporate Governance 2016 (Code of Conducts / Code of
Business Ethics)
• Arahan Perbendaharaan
• Pekeliling Perkhidmatan Bil 3, 1998 –Garispanduan pemberian &
penerimaan hadiah di dalam perkhidmatan awam
• Pekeliling Perkhidmatan Bil 6 Tahun 2013 – Penubuhan Unit
Intergriti Di Semua Agensi Awam
• Peraturan pegawai awam (kelakuan dan tatatertib) 1993
ABMS - OVERVIEW

14. FIVE MAIN OFFENCE
• Section 16 (Offence of accepting
gratification)
• Section 17 (Offence of giving or
accepting gratification by agent)
• Section 17A (Offence by
commercial organization)
• Section 18 (Offence of intending
to deceive principal by agent)
• Section 23 (Offence of using office
or position for gratification)
ABMS - OVERVIEW

15. ACT 694. MACC Act 2009 (Amendment) 2018
Part IV Offences and Penalties
Section 17A . Offence by commercial organization
Guidelines on adequate procedures
Pursuant to subsection (5) of section 17A under the
Malaysian Anti-Bribery Commission Act 2009
Guidelines on adequate procedures
(TRUST Principles)
- Principle 1 : Top Level Commitment
- Principle 2 : Risk Assessment
- Principle 3 : Undertake Control Measure
- Principle 4 : Systematic Review, Monitoring and Enforcement
- Principle 5 : Training and Communication
(http://www.giacc.jpm.gov.my)
ABMS - OVERVIEW

16. SUSTAINABLE DEVELOPMENT GOALS

17. SUSTAINABLE DEVELOPMENT GOAL 16
(PEACE AND JUSTICE)
▪ Combat crime and corruption

18. ABMS - OVERVIEW
MACC ACT
(AMENDMENT 2018)
SECTION 17A
NACP
ISO 37001
ABMS
OACPCORRUPTION
RISK
MNAGEMENT
TRUST

19. ABMS - OVERVIEW
COMMITMENT,
TO SAY ‘NO’ TO
BRIBERY &
CORRUPTION
ABMS – A TOOL
TO COMBAT
BRIBERY &
CORRUPTION
ABMS
CERTIFICATION
FOR BUSINESS
SUSTANABILITY
ENSURING
LEGAL
COMPLIANCE

20. ABMS - OVERVIEW
SOCIAL, MORAL,
ECONOMIC &
POLITICAL
CONCERNS
BRIBERY &
CORRUPTION …
WIDESPREAD
PHENOMENON
UNDERMINES
GOOD
GOVERNANCE
HINDERS
DEVELOPMENT
DISTORTS
COMPETITION

21. ABMS - OVERVIEW
INCREASE THE
COST OF DOING
BUSINESS
BRIBERY &
CORRUPTION …
WIDESPREAD
PHENOMENON
INTRODUCES
UNCERTAINTIES INTO
COMMERCIAL
TRANSACTIONS
INCREASE THE
COST OF GOODS &
SERVICES
DIMINISHES THE
QUALITY OF
PRODUCTS &
SERVICES

22. ABMS - OVERVIEW
LOSS OF LIFE &
PROPERTY
BRIBERY &
CORRUPTION …
WIDESPREAD
PHENOMENON
DESTROYS TRUST
IN INSTITUTIONS
INTERFERES WITH THE FAIR &
EFFICIENT OPERATION OF
MARKETS

23. ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS
REQUIREMENTS WITH GUIDANCE FOR USE
Adopted as
Malaysian Standard

24. • Published in October 2016
• Apply to all industry
• Worldwide recognized
• Designed to guide
organization to prevent,
detect and respond to
bribery
• Ensuring compliance to
applicable laws, regulations
and other voluntarily
commitments
• Tool to prevent and manage
corruption risks
ABMS - OVERVIEW

25. ABMS - OVERVIEW
CONFORMITY
WITH
STANDARD
CANNOT PROVIDE
ASSURANCE THAT
NO BRIBERY HAS
OCCURRED OR WILL
OCCUR IN RELATION
TO THE
ORGANIZATION
NOT POSSIBLE TO
COMPLETELY
ELIMINATE THE
RISK OF BRIBERY
HELP ORGANIZATION TO
IMPLEMENT REASONABLE
AND PROPORTIONATE
MEASURES DESIGNED TO
PREVENT, DETECT &
RESPOND TO BRIBERY
WHY?
BUT

26. ISO 37001 KEY ELEMENTS
Prevent
Detect
Respond
Corruption Risk
Management
Financial control,
non financial control
& due diligence
Business
associates
Competence &
Awareness
Leadership,
policy &
objective
Monitor &
review
ABMS - OVERVIEW

27. REQUIREMENTS
TOOLS
ISO 37001
OBJECTIVES
▪ United Nations
Sustainable
Development Goals
▪ United Nations
Convention against
Corruption (UNCAC)
▪ Government
Commitment
▪ Risk-based approach
▪ Self-regulated
▪ Preventive Measures
▪ Continual Improvement
ABMS as an Enabler to Achieve Anti-Corruption Objective
▪ Zero tolerance to
Corruption
ABMS - OVERVIEW

28. Risk
Assessment
Risk
Treatment
Monitor &
Review
Identify, analyse &
evaluate risks in
all activities by
the organization
ISO 37001 : RISK-BASED APPROACH
▪ Training &
awareness
▪ Review SOP
▪ Asset
declaration
▪ Due diligence
▪ Policies
Zero tolerance to
Corruption
32
ABMS - OVERVIEW
OBJECTIVES
▪ Internal audit
▪ Functional
review
▪ Management
review
▪ Governance
review

29. ORGANIZATION
(LEADERSHIP &
COMMITMENT)
STAKEHOLDERS /
INTERESTED
PARTIES
CUSTOMERS
REGULATOR
(MACC ACT,
NACP)
BUSINESS
ASSOCIATE /
EXTERNAL
SERVICE
PROVIDERS
DUE DILIGENCE,
FINANCIAL CONTROL,
NON-FINANCIAL
CONTROL
REPUTATION &
CORPORATE IMAGE,
PROFIT & LOSS
PRODUCT & SERVICE
REQUIREMENTS
ANTI-BRIBERY POLICY,
WHISTLEBLOWING POLICY,
NO GIFT POLICY,
INVESTIGATION &
BEST PRACTICES
ABMS - OVERVIEW

30. REQUIREMENTS
Context of
Organization
4.1 Understanding
context
4.2 Stakeholders
4.3 Scope ABMS
4.4 ABMS
4.5 Bribery Risk
Assessment
Leadership
5.1 Leadership &
commitment –
Governing Body,
Top Mgmt.
5.2 ABMS Policy
(a-i)
5.3 Organizational
roles,
responsibilities and
authorities-Anti-
Bribery Compliance
Function
Planning
6.1 Actions to
address risks and
opportunities
6.2 ABMS
objectives and
planning
Support
7.1 Resources
7.2 Competence
7.2.2 Employment
Process
7.3 Awareness &
training
7.4 Communication
7.5 Documented
Information
Operation
8.1 Operational
Planning & Control
8.2 Due Diligence
8.3 Financial
Control
8.4 Non Financial
Control
8.5 By Controlled
organization & by
business associate
8.6 Anti-Bribery
Commitment
8.7 Gift,
hospitality,
donation
8.8 Managing
inadequate control
8.9 Raising Concern
8.10 Investigating
& dealing
Performance &
Evaluation
9.1 Monitoring,
measurement,
analysis &
evaluation
9.2 Internal Audit
9.3 Management
review –Top Mgmt.
Review, Governing
Body
9.4 Anti-Bribery
Compliance
Function
Improvement
10.1
Nonconformity &
corrective action
10.2 Continual
improvement
Guidance
Annex A – A.1 till A. 22
ISO 31000 (Risk)
ISO 19600 (Compliance
Management)
4 5 6 7 8 9 10

31. 4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectation of
stakeholders
4.3 Determining the scope of the anti-bribery
management system
4.4 Anti-bribery management system
4.5 Bribery risk assessment
35

32. 4.1 Understanding the organization and its context
The organization shall determine
external & internal issues
that are relevant to its purpose and
that affect its ability to achieve the objectives of its
anti-bribery management system.
36

33. 4.1 Understanding the organization and its context
The issues will include (without limitation)
➢Size, structure and delegation decision-
making authority of the organization
➢Locations and sectors in which the
organization operates or anticipates operating
➢Nature, scale and complexity of the
organization’s activities and operations
➢Organization’s business model
37

34. 4.1 Understanding the organization and its context
The issues will include (without limitation)
➢The entities over which the organization has
control and entities which exercise control over
the organization
➢The organization’s business associates
➢The nature and extend of interaction which public
officials
➢ Applicable statutory, regulatory, contractual and
Professional obligations and duties
38

35. • Understand the organization (Refer A.13.1.3)
• Determine the scope of ABMS (Refer A.2)
• Conduct bribery risk assessment (Refer A.4)
➢ISO 31000:2018 Risk Management – Principles and guidelines
➢ISO/IEC 31010:2019 Risk Management – Risk assessment techniques
SUMMARY ~ CLAUSE 4 :
CONTEXT OF ORGANISATION

36. ISO 9001:2015 Vs ISO 31000:2009 & ISO 31000:2018
ISO 9001:2015 / 37001:2016 ISO 31000:2009 ISO 31000:2018
Clause Title Clause Title Clause Title
4.1 Understanding the
organization and its
context
5.3 Establishing the
context
5.4.1
6.3
Understanding the
organization & its
context scope, context,
criteria
4.2 Understanding the
needs and
expectations of
interested parties
5.3 Establishing the
context
5.4.1 Understanding the
organization & its
context scope, context,
criteria
6.1 Actions to address
risks and
opportunities
5.4 Risk assessment 6.4 Risk assessment
7.4 Communication 5.3 Communication and
consultation
6.2 Communication and
consultation
9.1 Monitoring,
measurement,
analysis and
evaluation
5.6 Monitoring and review 6.6 Monitoring & review
9.3 Management review 5.6 Monitoring and review 6.6 Monitoring & review

37. Risk Management Principles, Framework & Process ISO 31000:2019

38. RISK MANAGEMENT PROCESS ISO 31000: 2018 and
ISO 9001: 2015/ISO 37001:2016 integration
Communication&Consultation(6,2)
Monitoringandreview(5.6)
Establishing the context (5.4)
Risk Assessment (6.4)
Risk Identification (6.4.2)
Risk Analysis (6.4.3)
Risk Evaluation (6.4.4)
Risk Treatment (6.5)
4.1 & 4.2
6.1.1
6.1.2 &
8.1
ISO 9001/37001
clause
ISO 31000 clauseLegend:
9.3.2&10.2.1
7.4

39. ✓ Procurement
✓ Investment
✓ Development Projects
✓ Research activities
✓ Investment
✓ Revenue Collection
✓ Asset/Store Management
✓ Subsidies Management
✓ Human Resource
✓ Business Associates
HIGH RISK AREAS:

40. 5 Leadership
5.1 Leadership and commitment
5.1.1 Governing body
5.1.2 Top management
5.2 Anti-bribery policy ( a-i)
5.3 Organizational roles, responsibilities and authorities
5.3.1 Roles and responsibilities
5.3.2 Anti-bribery compliance function
5.3.3 Delegated decision-making
44
CLAUSE 5 : LEADERSHIP

41. Clause 5: Leadership
Governing body and top
management roles
• Ensure the system including policy and objectives is established,
implemented, maintained and reviewed to adequately address
the risks.
• Align with business objectives, strategies and culture
• Deploy adequate and appropriate resources.
• Assign appropriate authority, responsibility and accountability

42. • Build and promote the right culture (e.g. prevention, self
regulate & continual improvement)
• Communicate the value of ABMS with stakeholders
• Ensure the risks are managed effectively and remain appropriate
to the context of the organization
Clause 5: Leadership
Governing body and top management roles

43. 5.1.1 a,b, c & d
GOVERNING BODY
Governing Body
Top Management
47
Pilot project by

44. 5.1.1 a,b, c & d
GOVERNING BODY FOR MINISTRY
PERDANA
MENTERIKETUA SETIAUSAHA NEGARA
KETUA SETIAUSAHA KEMENTERIAN
48
Pilot project by
MENTERI

45. 5.1.1 a,b, c & d
GOVERNING BODY FOR STATE GOVERNMENT
MENTERI BESAR/KETUA MENTERI
SETIAUSAHA KERAJAAN NEGERI
49
Pilot project by
MMKN/EXCO

46. 5.1.1 a,b, c & d
GOVERNING BODY FOR LOCAL AUTHORITY
AHLI-AHLI MESYUARAT PENUH
PENGURUSAN TERTINGGI
50
Pilot project by

47. 5.1.1 e) REPORTING LINE
LEVEL CHAIRMAN
JAR
KEBANGSAAN
KEBANGSAAN PM
JAR
KEMENTERIAN
KEMENTERIAN KSN
JAR NEGERI NEGERI/KEMENTERIAN MB/KM/KSU
JAR AGENSI AGENSI KP/YDP/CEO

48. PROCEDURE
• CODE OF CONDUCT & BUSINESS ETHIC
• GARISPANDUAN MENJALANKAN PEKERJAAN LUAR
• DISCIPLINARY POLICY – 7.2.2
• GIFT /NO GIFT POLICY – BIL 3, 1998
• WHISTLE-BLOWING POLICY – 8.9 (SHALL)
• CHARITABLE CONTRIBUTIONS/ SPONSORSHIP/DONATION POLICY
• FACILITATION and EXTORTION PAYMENTS
• HOSPITALITY/ENTERTAINMENT
• CONFLICTS OF INTEREST
• LOBBYIST / CONSULTANT /INTERMEDIARIES
• ASSET DECLARATION
• DEALING WITH THIRD PARTIES
• VENDOR CODE OF CONDUCT
• DEALING WITH PUBLIC OFFICIAL
• POLITICAL CONTRIBUTION
• SUPPORT LETTER
and many others internal /external REFERRAL POLICIES

49. • Governing Body
• Top management (Refer A.5)
• Anti-bribery Compliance Function (Refer A.6) –guidance ISO 19600
• Anti-bribery Policy (a- i)
SUMMARY ~ CLAUSE 5:
LEADERSHIP

50. 6 Planning
6.1 Action to address risks and opportunities
6.2 Anti-bribery objectives and planning to
achieve them
54
CLAUSE 6 : PLANNING
• Taking action from the risk assessment to
achieve anti-bribery objectives

51. 7 Support
7.1 Resources (Refer A.7: Human , Physical,
Financial)
7.2 Competence
7.2.1 General
7.2.2 Employment process(Refer A.8)
7.3 Awareness and training(Refer A.9)
7.4 Communication
55
CLAUSE 7 : SUPPORT

52. 7 Support
7.2 Competence
7.2.2 Employment Process
7.2.2.1 In relation to all of its personnel, the organization shall implement procedures such that:
a) Conditions of employment require personnel to comply with the anti-bribery policy and anti-bribery
management system, and give the organization the right to discipline in the event of non-compliance.
b) Within a reasonable period of their employment commencing, personnel receive a copy of, or are
provided with access to, the anti-bribery policy and training in relation to that policy;
c) The organization has procedures which enable it to take appropriate disciplinary action against
personnel who violate the anti-bribery policy and anti-bribery management system;
d) Personnel will not suffer retaliation, discrimination or disciplinary action (e.g. bt threats, isolation,
demotion, preventing advancement, transfer, dismissal, bullying, victimization, or other forms of
harassment) for
1) refusing to participate in, or turning down, any activity in respect of which they have
reasonably judged there to be a more than low risk of bribery that has not been mitigated by the
organization; or
2) concerns raised or reports made in good faith, or on the basis of a reasonable
belief, of attempted, actual or suspected bribery or violation of the anti-bribery policy or the anti-bribery
management system (except where the individual participated in the violation)
7.2.2 EMPLOYMENT PROCESS

53. Implemented byPilot project by
7.2.2.1 IN RELATION TO ALL OF ITS PERSONNEL, THE ORGANIZATION SHALL
IMPLEMENT PROCEDURES SUCH THAT:
a) conditions of employment require personnel to comply with the anti-bribery
policy and anti-bribery management system, and give the organization the right
to discipline personnel in the event of non-compliance
Organization should have Anti-bribery Policy (refer to 5.2 Anti-bribery
Policy and 4.4 Anti-bribery management system). Organization must provide
sufficient awareness / training to all employees
b) within a reasonable period of their employment commencing, personnel receive
a copy of, or are provided with access to, the anti-bribery policy and training in
relation to that policy;
Integrity pledge signed by CEO/GM/Mayor/YDP to show Top Management
commitment. All employees sign Integrity Pledge. Evidence : Employees
attendance list during the awareness / training. The pledge signed by employees.
Publish in website, intranet internal circulation (memo or email)

54. Implemented byPilot project by
c) the organization has procedures which enable it to take appropriate disciplinary action against
personnel who violate the anti-bribery policy and anti-bribery management system;
d) personnel will not suffer retaliation, discrimination, or disciplinary action (e.g. by threats,
isolation, demotion, preventing advancement, transfer, dismissal, bullying, victimization, or
other forms of harassment) for
1) refusing to participate in, or turning down, any activity in respect of which they have
reasonably judged there to be a more than low risk of bribery that has not been
mitigated by the organization; or
Organization should have sufficient Procedures to address ie Procedure related to
Jawatankuasa Tatatertib or refer to General Order or SOP on Domestic Inquiry etc
2) concerns raised or reports made in good faith, or on the basis of a reasonable
belief, of attempted, actual or suspected bribery or violation of the anti-bribery policy
or the anti-bribery management system (except where the individual participated in
the violation).
Whistle Blowing Policy

55. 7.2.2 EMPLOYMENT PROCESS
7 Support
7.2 Competence
7.2.2 Employment Process
7.2.2.2 In relation to all positions which are exposed to more than a low bribery risk, as
determined in the bribery risk assessment (see 4.5), and to the anti-bribery compliance function,
the organization shall implement procedure which provide that:
a) Due diligence (see 8.2) is conducted on persons before they are employed, and on personnel
before they transferred or promoted by the organization, to ascertain as far as is reasonable
that it is appropriate to employ them and that it is reasonable to believe that they will comply
with the anti-bribery policy and anti-bribery management system requirements;
b) Performance bonuses, performance targets and other incentivizing elements of remuneration
are reviewed periodically to verify that there are reasonable safeguards in place to prevent
them from encouraging bribery;
c) Such personnel, top management, and the governing body (if any), file a declaration at
reasonable intervals proportionate with the identifies bribery risk, confirming their compliance
with the anti-bribery policy.
NOTE 1 The anti-bribery compliance declaration can stand alone or be a component of a
broader compliance declaration process.
NOTE 2 See Clause A.8 for guidance.
Due diligence through Tapisan Keselamatan (e-vetting) by CGSO
Pekeliling Perkhidmatan Bil 6 Tahun 2011
MANUAL PENGGUNA SISTEM e-VETTING 2.0

56. 7 Support
7.5 Documented information (Refer A.17)
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
60

57. 8 Operation
8.1 Operational planning and control
8.2 Due diligence
8.3 Financial Control
8.4 Non-financial control
61
CLAUSE 8 : OPERATION

58. 8 Operation
8.5 Implementation of anti-bribery controls by controlled
organizations and by business associates
8.6 Anti-bribery commitments
3.26 Business Associates :
External party with whom the organization (3.2) has, or plans to
establish, some form of business relationships.
Business associates includes but not limited to clients, customers, join
ventures, joint venture partners, consortium partners, outsourcing
providers, contractors, consultants, subcontractors, suppliers, vendors,
advisors, agents, distributors, representatives, intermediaries and
investors.
62
CLAUSE 8 : OPERATION

59. 8 Operation
8.7 Gifts, hospitality, donations and similar
benefits
8.8 Managing inadequacy of anti-bribery
controls
8.9 Raising concerns
8.10 Investigating and dealing with bribery
63
CLAUSE 8 : OPERATION

60. • Control of operations to reduce bribery risks ( gifts, hospitality, donations
policy/procedures) (Refer A.15)
• Due diligence required for operations that is above low bribery risk (Refer A.10)
• Financial (Refer A.11) & Non-Financial Control (Refer A.12)
• Control of business associates to reduce bribery risks to the organization (Refer
A.13 & Refer A.14)
• Managing concerns relating to bribery ( reporting, investigating, protect those
making report) (Refer A.18)
• Managing non-compliance of controls
SUMMARY ~CLAUSE 8 : OPERATION

61. 9 Performance evaluation
9.1 Monitoring, measurement, analysis and
evaluation
9.2 Internal audit
9.3 Management review
9.3.1 Top management review
9.3.2 Governing body review
9.4 Review by anti-bribery compliance function
65
CLAUSE 9 : PERFORMANCE EVALUATION

62. • Monitoring and evaluate anti-bribery performance
• (Refer A.19)
➢ Refer ISO 19600:2014 Compliance Management System – Guidelines
• Internal Audit (Refer A.16)
• Review by Anti-bribery compliance function
• Review by Top Management
• Review by Governing Body
SUMMARY ~ CLAUSE 9 : PERFORMANCE EVALUATION

63. 10 Improvement
10.1 Nonconformity and corrective action
10.2 Continual improvement
67
• Responding to non-conformities (React,
Evaluate, Implement and Review Action)
• Refer A.20
CLAUSE 10 : IMPROVEMENT

64. A.1 General
A.2 Scope of the anti-bribery management system
A.2.1 Stand-alone or integrated anti-bribery
management system
A.2.2 Facilitation and extortion payments
A.3 Reasonable and proportionate
A.4 Bribery risk assessment
A.5 Roles and responsibilities of governing body and
top management
ISO 37001 – Annex A
68

65. A.6 Anti-bribery compliance function
A.7 Resources
A.8 Employment procedure
A.8.1 Due diligence on personnel
A.8.2 Performance bonuses
A.8.3 Conflicts of interest
A.8.4 Bribery to the organization’s personnel
A.8.5 Temporary staff or workers
A.9 Awareness and training
ISO 37001 – Annex A
69

66. A.10 Due diligence
A.11 Financial controls
A.12 Non-financial controls
A.13 Implementation of the anti-bribery management
system by controlled organizations and by
business associates
A.13.1 General
A.13.2 Controlled organizations
A.13.3 Non-controlled business associates
ISO 37001 – Annex A
70

67. A.14 Anti-bribery commitments
A.15 Gifts, hospitality, donations and similar benefits
A.16 Internal audit
A.17 Documented information
A.18 Investigating and dealing with bribery
A.19 Monitoring
ISO 37001 – Annex A
71

68. A.20 Planning and implementing changes to the anti-
bribery management system
A.21 Public officials
A.22 Anti-bribery initiatives
ISO 37001 – Annex A
72

70. Governing Body &
Top Management
Commitment /
Approval
1
Form a
Taskforce
2 Identify the Gaps
Based on
Standard
Requirements
3
Conduct Risk
Assessment
4
Establish the Relevant
Documented
Information
5
Conduct
Internal Audit
Team
6
Conduct
Management
Review
7 Certification Audit
(Stage 1 & Stage 2)
8
THE JOURNEY
9

71. HOW ABMS CAN BENEFIT THE ORGANIZATION?
1
culture of integrity, transparency, openness
and compliance.
2
avoid or mitigate costs, risks and damage due
to bribery
3 comply to acts/regulations/code of practice
4
proper channel for personnel to report any
attempted, suspected and actual bribery
incidences.
5
awareness to public that organization is
implementing anti-bribery practices
6 promote trust and confidence in business.

72. SIRIM QAS International Sdn. Bhd
fauziahs@sirim.my
www.sirim-qas.com.my
Mobile : 012-383 5104
Connectwith SIRIMQASinternationalto get the latest developmenton industrytopics,newsand
events.Joinusviaour official social media platformsas below:
• Facebook: https://www.facebook.com/SIRIMQASInternational
• Twitter: https://twitter.com/SIRIMQASIntl
• You Tube: https://www.youtube.com/SIRIMQASInternational
• Linkedin: https://www.linkedin.com/SIRIMQASInternational
-