PART 5 - ANTI BRIBERY MANAGEMENT SYSTEM (ISO 37001:2016) - by Nik Zafri

 (Anti Bribery Management System = ISO 37001:2016)

3.0 PLANNING

This element links back to identified (bribery) risks and types of mitigation (risks and opportunities of improvement) as mentioned in the previous article. In planning, there should be a sense of assurance that the objectives will work. 

Risks require a plan which entails prevention and "what if" situations e.g. if they fail. (Back up plan is required)

No planning requires no improvement. It's not perfect. You'll learn through experience.

Thus, especially your manual and your procedures addressing risks of briberies, level of risks and possible mitigations should be part of the core process of the organization.

Mitigation is something to be based on experience. You may need brainstorming session(s) to see and test the viability of mitigation especially to possibility of "new bribery risks" that is unexpected.

Evaluate the planning process and execute the plan.

Objectives

The (measureable) objectives as mentioned earlier should be at the departmental and functional level. In making the objectives, it should adopt a cascading concept to the policy. (sort of the Drucker's MBO concept)

(A word of caution : Never treat the policy, objectives or other documented information as merely to comply with the standard and/or law requirements, the organization must feel that "This is the company policy, this is the company's objectives etc" or better "ABMS is part of the company's culture" - to have the sense of ownership towards the system)

Objectives must be practical not something that is "plucked from the sky". Sometimes achievement is not necessarily a measure of success as past achievements are also subject to further review. (as the law or standard changes or poor achievement is witnessed in the past)

Like policy, the objectives must be communicated (usually every department, unit and functions should have it documented or pasted or spread through the respective network throughout the department/unit/function)

Planning should involve the next course of action (including legal where necessary), resources, responsibilities and authorities, a time frame for achievement/reviewed or improvement.