Bribery Risks II: Identifying Risks and Vulnerable Activities
A key component with the implementation of ISO37001 Anti-Bribery Management System (ABMS) is the assessment of bribery risks in all areas of the organization’s activities. The assessment helps organizations to identify risks, determine priorities, and develop policies and procedures for managing these risks.
The first important step in conducting the assessment is the commitment of the top-level management to encourage adequate, sustainable and high-quality risk assessments. Without the commitment of the top management, bribery risk management will be ineffective.
The next step is to find as much information as possible about how bribery might occur in your organization – depending on your type of organization; corporate, non-profit, etc. Information can be obtained from internal and external sources including the reviews of previous risk assessments (if any), internal audit findings, information from public domains and open sources, employee opinions, and reviews of the findings from the compliance division.
Based on this information, bribery risks could then be identified in the organization, this includes the types of activities, risk factors that increase the probability of bribery, and bribery schemes. An example could be a supplier tender process. One risk factor for bribery is the business ethics in the country in which the business operates. The bribe for the tender can occur through gratuities (kickback).
Below are some activities in business processes that are vulnerable to bribery:
– Marketing and sales. The risk of bribery can occur to obtain confidential company information related to tenders.
– Supply chain management. Receipt of bribes can come from suppliers and brokers, logistics, and issuance of Sailing Approval Letter.
– Financial function. Bribes are paid to an employee from the finance division to obtain financial information, steal data, or conduct other fraudulent activities.
– Acquisition and merger. Bribery is given for insider information.
– Human resources. Bribes are paid to an employee of the HR department to influence the recruitment process, appointment of positions and disciplinary action.
From the identification of risks, the organization can then carry out the required assessments and procedures to reduce the risks. For example, to reduce the risk of bribery when working with third parties, it is necessary to carry out safety procedures including conducting due diligence on third parties, as well as to obtain the approval of several executives for contracts, and to ensure that there is documentation for each transaction.
One thing that needs to be underlined is that the business world is in constant flux, which means the trend of bribery, risks and mitigation efforts would also change. Therefore, bribery risk assessment is a procedure that needs to be carried out on an ongoing basis and requires the involvement of the organization’s stakeholders.