ISO 37001 - System review reports and compliance function
Following her recent blog on 'strengthening the fight against bribery with Information Security Management', Serafin Alvarez, our Director of Information Security, Business Continuity and Compliance, has outlined five considerations that you need take into account when your business reaches the System Review Reports stage.
⇒ 1. Focus: The System Review Report by senior management and governing bodies focuses on a broader view of the anti-bribery management system, evaluating its overall performance in relation to established objectives and goals. The Compliance Function Adequacy Report, on the other hand, takes a narrower focus, concentrating on the system's ability to prevent, detect and manage bribery effectively and efficiently.
⇒ 2. Context: The Review Report is carried out in the context of the management of the system as a whole, including the performance of all its functions. The Suitability Report, however, is completed specifically in the context of the compliance function and its ability to manage bribery risks.
⇒ 3. Specific considerations: The Review Report evaluates aspects such as compliance with ISO standards, audit results, performance indicators, changes in external and internal requirements, and opportunities for continuous improvement. The Suitability Report examines the effectiveness of anti-bribery controls, adherence to policies and procedures, the level of bribery prevention awareness and training, and the ability to respond to bribery incidents.
⇒ 4. Results and actions: The Review Report leads to decisions and actions related to the improvement of the entire management system. The Suitability Report leads to specific decisions and actions to improve the compliance function's ability to prevent and manage bribery.
⇒ 5. Frequency: Both reports must be done regularly, but the frequency may vary. The Review Report is usually annual, while the adequacy of the compliance function could be reviewed more frequently, depending on the identified risks and the dynamics of the business environment.
Final thoughts
Remember that management systems must provide value to the organisation, and once this objective is achieved, a certification body like NQA will verify that your system is operating in accordance with the established standards set by UKAS.
At NQA, we have international experience in certifying anti-bribery management systems to UKAS-accredited standards, as well as training consultants and assessors to audit this rigorous, highly sought-after standard.
Contact us today to learn how ISO 37001 will help your business.
To learn more about ISO 37001, the Anti-Bribery Management Systems standard, and how it will benefit you and your business, click here.
We certify ISO 37001 globally, meaning that our professionally trained, UKAS-accredited auditors have experience in every type of business and industry, from the UK to the USA and China, the UAE to South America.
Speak to the team to learn how you can certify your business to ISO 37001 or incorporate it with an existing Information Security Management Systems standard like ISO 27001.
-------------------------------------------------------------------------------------------------------------------------
Author:
Serafin Alvarez
Director of Information Security, Business Continuity and Compliance, NQA