DISCLAIMER - NIKZAFRI.BLOGSPOT.COM


Today, Knowledge Management today are not limited merely to : (A) 'knowing' or 'reading lots of books/scholarly articles' or (B) data mining, analysis, decision making, preventive actions, or (C) some Human Resources Management issue or (D) some ICT issue. Knowledge Management is about putting your knowledge, skills and competency into practice and most important IT WORKS! For you and your company or your business (Nik Zafri) Can I still offer consultancy or training? Who claims otherwise? Absolutely, I can.

The information comprised in this section is not, nor is it held out to be, a solicitation of any person to take any form of investment decision. The content of the nikzafri.blogspot.com does not constitute advice or a recommendation by nikzafri.blogspot.com and should not be relied upon in making (or refraining from making) any decision relating to investments or any other matter. You should consult your own independent financial adviser and obtain professional advice before exercising any investment decisions or choices based on information featured in this nikzafri.blogspot.com can not be held liable or responsible in any way for any opinions, suggestions, recommendations or comments made by any of the contributors to the various columns on nikzafri.blogspot.com nor do opinions of contributors necessarily reflect those of http://www. nikzafri.blogspot.com

In no event shall nikzafri.blogspot.com be liable for any damages whatsoever, including, without limitation, direct, special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use, arising out of or related to the nikzafri.blogspot.com or the information contained in it, whether such damages arise in contract, negligence, tort, under statute, in equity, at law or otherwise.


MY EMPLOYERS AND CLIENTELLES



BIODATA - NIK ZAFRI


 



NIK ZAFRI BIN ABDUL MAJID,
CONSULTANT/TRAINER
Email: nikzafri@yahoo.com, nikzafri@gmail.com
https://nikzafri.wixsite.com/nikzafri

Kelantanese, Alumni of Sultan Ismail College Kelantan (SICA), IT Competency Cert, Certified Written English Professional US. Has participated in many seminars/conferences (local/ international) in the capacity of trainer/lecturer and participant.

Affiliations :- Network Member of Gerson Lehrman Group, Institute of Quality Malaysia, Auditor ISO 9000 IRCAUK, Auditor OHSMS (SIRIM and STS) /EMS ISO 14000 and Construction Quality Assessment System CONQUAS, CIDB (Now BCA) Singapore),

* Possesses almost 30 years of experience/hands-on in the multi-modern management & technical disciplines (systems & methodologies) such as Knowledge Management (Hi-Impact Management/ICT Solutions), Quality (TQM/ISO), Safety Health Environment, Civil & Building (Construction), Manufacturing, Motivation & Team Building, HR, Marketing/Branding, Business Process Reengineering, Economy/Stock Market, Contracts/Project Management, Finance & Banking, etc. He was employed to international bluechips involving in national/international megaprojects such as Balfour Beatty Construction/Knight Piesold & Partners UK, MMI Insurance Group Australia, Hazama Corporation (Hazamagumi) Japan (with Mitsubishi Corporation, JA Jones US, MMCE and Ho-Hup) and Sunway Construction Berhad (The Sunway Group of Companies). Among major projects undertaken : Pergau Hydro Electric Project, KLCC Petronas Twin Towers, LRT Tunnelling, KLIA, Petronas Refineries Melaka, Putrajaya Government Complex, Sistem Lingkaran Lebuhraya Kajang (SILK), Mex Highway, KLIA1, KLIA2 etc. Once serviced SMPD Management Consultants as Associate Consultant cum Lecturer for Diploma in Management, Institute of Supervisory Management UK/SMPD JV. Currently – Associate/Visiting Consultants/Facilitators, Advisors for leading consulting firms (local and international) including project management. To name a few – Noma SWO Consult, Amiosh Resources, Timur West Consultant Sdn. Bhd., TIJ Consultants Group (Malaysia and Singapore) and many others.

* Ex-Resident Weekly Columnist of Utusan Malaysia (1995-1998) and have produced more than 100 articles related to ISO-9000– Management System and Documentation Models, TQM Strategic Management, Occupational Safety and Health (now OHSAS 18000) and Environmental Management Systems ISO 14000. His write-ups/experience has assisted many students/researchers alike in module developments based on competency or academics and completion of many theses. Once commended by the then Chief Secretary to the Government of Malaysia for his diligence in promoting and training the civil services (government sector) based on “Total Quality Management and Quality Management System ISO-9000 in Malaysian Civil Service – Paradigm Shift Scalar for Assessment System”

Among Nik Zafri’s clients : Adabi Consumer Industries Sdn. Bhd, (MRP II, Accounts/Credit Control) The HQ of Royal Customs and Excise Malaysia (ISO 9000), Veterinary Services Dept. Negeri Sembilan (ISO 9000), The Institution of Engineers Malaysia (Aspects of Project Management – KLCC construction), Corporate HQ of RHB (Peter Drucker's MBO/KRA), NEC Semiconductor - Klang Selangor (Productivity Management), Prime Minister’s Department Malaysia (ISO 9000), State Secretarial Office Negeri Sembilan (ISO 9000), Hidrological Department KL (ISO 9000), Asahi Kluang Johor(System Audit, Management/Supervisory Development), Tunku Mahmood (2) Primary School Kluang Johor (ISO 9000), Consortium PANZANA (HSSE 3rd Party Audit), Lecturer for Information Technology Training Centre (ITTC) – Authorised Training Center (ATC) – University of Technology Malaysia (UTM) Kluang Branch Johor, Kluang General Hospital Johor (Management/Supervision Development, Office Technology/Administration, ISO 9000 & Construction Management), Kahang Timur Secondary School Johor (ISO 9000), Sultan Abdul Jalil Secondary School Kluang Johor (Islamic Motivation and Team Building), Guocera Tiles Industries Kluang Johor (EMS ISO 14000), MNE Construction (M) Sdn. Bhd. Kota Tinggi Johor (ISO 9000 – Construction), UITM Shah Alam Selangor (Knowledge Management/Knowledge Based Economy /TQM), Telesystem Electronics/Digico Cable(ODM/OEM for Astro – ISO 9000), Sungai Long Industries Sdn. Bhd. (Bina Puri Group) - ISO 9000 Construction), Secura Security Printing Sdn. Bhd,(ISO 9000 – Security Printing) ROTOL AMS Bumi Sdn. Bhd & ROTOL Architectural Services Sdn. Bhd. (ROTOL Group) – ISO 9000 –Architecture, Bond M & E (KL) Sdn. Bhd. (ISO 9000 – Construction/M & E), Skyline Telco (M) Sdn. Bhd. (Knowledge Management),Technochase Sdn. Bhd JB (ISO 9000 – Construction), Institut Kefahaman Islam Malaysia (IKIM – ISO 9000 & Internal Audit Refresher), Shinryo/Steamline Consortium (Petronas/OGP Power Co-Generation Plant Melaka – Construction Management and Safety, Health, Environment), Hospital Universiti Kebangsaan Malaysia (Negotiation Skills), Association for Retired Intelligence Operatives of Malaysia (Cyber Security – Arpa/NSFUsenet, Cobit, Till, ISO/IEC ISMS 27000 for Law/Enforcement/Military), T.Yamaichi Corp. (M) Sdn. Bhd. (EMS ISO 14000) LSB Manufacturing Solutions Sdn. Bhd., (Lean Scoreboard (including a full development of System-Software-Application - MSC Malaysia & Six Sigma) PJZ Marine Services Sdn. Bhd., (Safety Management Systems and Internal Audit based on International Marine Organization Standards) UNITAR/UNTEC (Degree in Accountacy – Career Path/Roadmap) Cobrain Holdings Sdn. Bhd.(Managing Construction Safety & Health), Speaker for International Finance & Management Strategy (Closed Conference), Pembinaan Jaya Zira Sdn. Bhd. (ISO 9001:2008-Internal Audit for Construction Industry & Overview of version 2015), Straits Consulting Engineers Sdn. Bhd. (Full Integrated Management System – ISO 9000, OHSAS 18000 (ISO 45000) and EMS ISO 14000 for Civil/Structural/Geotechnical Consulting), Malaysia Management & Science University (MSU – (Managing Business in an Organization), Innoseven Sdn. Bhd. (KVMRT Line 1 MSPR8 – Awareness and Internal Audit (Construction), ISO 9001:2008 and 2015 overview for the Construction Industry), Kemakmuran Sdn. Bhd. (KVMRT Line 1 - Signages/Wayfinding - Project Quality Plan and Construction Method Statement ), Lembaga Tabung Haji - Flood ERP, WNA Consultants - DID/JPS -Flood Risk Assessment and Management Plan - Prelim, Conceptual Design, Interim and Final Report etc., Tunnel Fire Safety - Fire Risk Assessment Report - Design Fire Scenario), Safety, Health and Environmental Management Plans leading construction/property companies/corporations in Malaysia, Timur West Consultant : Business Methodology and System, Information Security Management Systems (ISMS) ISO/IEC 27001:2013 for Majlis Bandaraya Petaling Jaya ISMS/Audit/Risk/ITP Technical Team, MPDT Capital Berhad - ISO 9001: 2015 - Consultancy, Construction, Project Rehabilitation, Desalination (first one in Malaysia to receive certification on trades such as Reverse Osmosis Seawater Desalination and Project Recovery/Rehabilitation)

* Has appeared for 10 consecutive series in “Good Morning Malaysia RTM TV1’ Corporate Talk Segment discussing on ISO 9000/14000 in various industries. For ICT, his inputs garnered from his expertise have successfully led to development of work-process e-enabling systems in the environments of intranet, portal and interactive web design especially for the construction and manufacturing. Some of the end products have won various competitions of innovativeness, quality, continual-improvements and construction industry award at national level. He has also in advisory capacity – involved in development and moderation of websites, portals and e-profiles for mainly corporate and private sectors, public figures etc. He is also one of the recipients for MOSTE Innovation for RFID use in Electronic Toll Collection in Malaysia.

Note :


TO SEE ALL ARTICLES

ON THE"LABEL" SECTION BELOW (RIGHT SIDE COLUMN), YOU CAN CLICK ON ANY TAG - TO READ ALL ARTICLES ACCORDING TO ITS CATEGORY (E.G. LABEL : CONSTRUCTION) OR GO TO THE VERY END OF THIS BLOG AND CLICK "Older Posts"


 

Showing posts with label ISO 37000. Show all posts
Showing posts with label ISO 37000. Show all posts

Wednesday, February 22, 2023

PART 7 - ANTI BRIBERY MANAGEMENT SYSTEM - by Nik Zafri

 (Anti Bribery Management System = ISO 37001:2016)

Note : This is the most critical element in ABMS, failure to understand and comply to this element may prove negative to the organization.

5. OPERATION - Planning and Control

Process to comply to ABMS requirements should be planned and implemented. They should also be controlled and reviewed. (Process requires criteria, control and proper documented information)

Do not change the process unnecessarily. Apart from internal, focus also on outsourced process (sub-contractor, supplier, vendor, consultant etc)

Due Diligence - Bribery Risk Assessment

Potential bribery risk should be assessed no matter how insignificant (conducted on defined frequency for updated information) - transactions - projects/activities, if necessary - always involved business associates and certain important positions of the organization. Despite the organization may conclude that it is unnecessary, unreasonable or disproportionate to undertake due dilligence on certain personnel and business associate, but it is advisable and highly recommendable that apart from prioritization, assessment should also cover the rest of the organization as well. (no stone left unturned)

Financial Controls

is required to manage risk. Non-Financial control managing such risk should also be prioritized such as purchasing/procurement, operation, sales, commercial, HR and legislation-related activities. It's recommended to encourage business associates/service providers to understand, implement and consistent with the organizational strong view on bribery and ensure the implement their own anti-bribery controls/mitigation as well. (subject to assessment) It's recommended that the business associate/service providers/3rd party to submit evidence of anti-bribery controls/mitigation. 

Assessment should be reasonable and proportionate.

Anti-Bribery Commitments

Business associates with low risk of bribery should still be subject to assessment. They should show evidence of commitment and be willing to be assessed on any transaction, project, activity, or relationship. Failure to do so; in the event of proven bribery; the organization may terminate the business associates.

The organization must also be ready to assist in assessing, managing and help business associates understand the risk.

Gifts, Hospitality, Donations or equivalent

Procedure(s) is required to ensure any offering, gifts, hospitality, donations or equivalent could be perceived as bribery. (Clear definitions and situations are required to address these issues) 

Managing Inadequacy of Anti-Bribery Controls

Not all risks are manageable. The organization may change the nature of transaction, project, activity or relationship where applicable in order to better manage the risks. (It is recommended that business associates, supplier, sub-contractor, consultants should share the responsibility and accountability to manage risks of bribery that is found difficult to control)

(Should there be "red flags" situation (proven bribery has been committed), the organization may terminate, discontinue, suspend or withdraw (even taking legal action where necessary).

Raising concerns

Procedure(s) is/are required especially for smooth reporting or whistleblowing any possible or ongoing bribery activities to the appropriate personnel such as Management Representative or anyone with authority to make decision such as members of the governing body. (Although the personnel may also; out of fear that such action may possibly jeopardize his work/duty; directly report the alleged incident to the authorities) All reports should be treated in strictest of confidence and the identity of the person reporting the incident must be protected whether or not the alleged corruption activity result to be genuine or otherwise.

The person in charge should investigate as soon as possible without partiality.

Investigating and Dealing with bribery

Procedure (s) is/are required for investigation process determining the extent of such alleged acts (based on the law, anti-bribery policy or ABMS). The personnel that is/are conducting such investigation should be given authority to do so. (transparency should be genuine with no attempts to "sweep the matter under the carpet" or intimidating investigators or intervening in the investigation. On the other hand, the personnel and witness should also be given ample opportunity to defend themselves, prove their innocence or provide evidence)

Organization may also; to avoid partiality; hire a 3rd party (such as private investigator) to investigate the matter.

Sunday, February 19, 2023

PART 6 - ANTI BRIBERY MANAGEMENT SYSTEM - by Nik Zafri

 (Anti Bribery Management System = ISO 37001:2016)

4.0 Support

Support = Resources required to implement, maintain and improve ABMS.

Competence

a) Determine the competence of employees,

b) Education background, training and experience,

c) Possible additional training required?

d) Reasignment or 3rd party support?

e) Document them as evidence

(It's a good practice to run a background check/screening of person(s) holding significant positions having authority on approval of financial matters) 

Employment Process

Procedure (s) required.

- employment regulations - to address the need to comply with ABMS Policy and System and action that will be taken against non-compliances 

(Bribery; once proven; IS A CRIME! Report it to the authorities and immediate termination should be executed - There is no need for reminders or warnings or showcause/domestic inquiries, even industrial courts as this is not a disciplinary matter, it's a crime) 

- employee should receive a copy of such policy/regulations. Conduct refresher training/briefing/inductions at the right intervals if necessary.

- just like a whistleblower, employee must also be equally protected in case reports of bribery or possible bribery or rejecting bribery - being lodged disregarding position or social status. 

- investigations, risk assessments and; if necessary; due diligence to be made once reports are lodged, if necessary - declaration of assets,  

The anti-bribery compliance declaration can stand alone or be a component of a broader compliance declaration process.

Awareness and training

Adequate training/workshops/inductions on ABMS are required - if possible, not only on the key staff but also throughout the organization. Contents of training to include :

a) ABMS overall awareness, policy, procedures, roles/responsibility/authority

b) need for compliance, risks and opportunities, 

c) how to recognize, react, prevent potential or actual events of bribery and corruption.

d) aspects of communication, 

e) scope of bribery/corruption to include internal and external parties,

(those involving service providers - the contractual requirements can add a clause on "Bribery and Corruption")

Retain documented information.

Communication

- internal and external

a) What, When, With Whom, How, Who to communicate on ABMS various issues.

b) Medium of communication to be used - although one language shall prevail in case of ambiguity - other translated versions should be in multiple languages accordingly)

c) ABMS Policy; apart from all staff; should also be communicated/extended to Service Providers as well.

Documented information

A must have - Policy, Objectives, Plans, Manual, Procedures, methodologies, checklist, relevant codes of practice etc.

The extent of documented information can differ from one organization to another depnding on size, scope of work, processes (complexity/interaction), 

products and services, competency etc. A banking and financial institution may differ in scope to a construction company. 

So, APPLY ONLY THE NEEDED DOCUMENTS, not everything - not hijacked from others - not copy and paste from others!

ABMS documented information can be retained separately or part of other systems - compliance, financial, commercial, audit etc.)

(My advice? separate them! Unless you know what to omit and what to add without overlapping)

Format (Creating/Updating)

- identification/description - title/date, author, approval, reference number, revision/issue number, 

- hardcopies or electronic (online) (online versions may subject to a stricter audit - identifying the authorized users acess, authorized to make amendment (s), the approval parties, encryption, firewall etc.)

- review for adequacy at intervals.

Control of documented information

Control : 

a) available for use, location and when to use

b) protected (confidentiality, unauthorized access, loss of integrity (printed version can be compromised in the long run) 

b) distribute, access, retrieval and use

c) storage and preservation

d) retention and disposition.

Superseded documents; if retained; must be quarantined and not to be filed together with the active ones. Justification is required of why the superseded documents are kept. Among reasons for retaining is for future reference and may also serve as evidence in the court of law.

Thursday, February 02, 2023

PART 4 - ANTI BRIBERY MANAGEMENT SYSTEM (ISO 37000) - by Nik Zafri

 (Anti-Bribery Management System/ABMS = ISO 37001:2016)

2.0 LEADERSHIP

Leadership is not limited only to the executive and top management, but it should also include the Head of Departments, Supervisors, Immediate Superiors, Administrative positions and equivalent.

All levels of leadership must have a sense of strong commitment to uphold the requirements of Anti-Bribery Management System (ABMS)

Governing body

The standard mentions the phrase "governing body". In this context, it refers to a special committee formed by the organization. To ensure impartiality, it is recommended that this special committee should function as independent commission with minimal intervention by the executive and top management. The  committee should comprise of nominated member(s) of the Board of Directors (BOD), external civil servant from the authorities such as Anti Corruption Agency  or Institute of Governance or equivalent, legal practitioner, Auditor (both internal and external) Management Representative etc.

The duties and responsibilities of the "governing body" is to approve the ABMS policy and ensuring its' consistency with other organizational policies, plans, manual, procedures etc., review and approve report on ABMS status after a certain cut-off period. Resources; as far as is practicable; such as laptops, online/communication and network facilities, work station etc are to be provided to facilitate their work such as risk assessments, recommendations on the type of documented information required, protection of whistleblowers etc.

Cooperation and Effective Communication taking into account transparency are to be taken seriously into account. 

In the absence of a governing body (which is not recommended to minimize partiality), the top management shall assume the duties of the body.

Policy

A policy should be made to address the seriousness of bribery, compliance to the anti-bribery laws, setting/reviewing/achieving ABMS (measurable) objectives  (department/unit), whistleblowing protection and commitment to provide resources/review/continual improvement of the policy. 

As other certification standards requirement, the policy to be available at all times (usually also included in the ABMS Manual) - including stakeholders,  communicated (and translated if necessary where the English or native language shall prevail in case of ambiguity) and/or displayed.

Roles, Responsibilities and Authorities

Top management shall be responsible to implement and comply with ABMS. Thus, responsibilities and authorities (usually by means of Job Description) and ABMS 

Objectives to be assigned and communicated throughout the organization. If there is a governing body, they are to adopt a check and balance approach with the top management.

Anti-Bribery Compliance Function

a) Design/Implementation of ABMS, 

b) Advice/counsel/guide to personnel involved in ABMS,

c) To comply to the ABMS requirements

d) Reporting ABMS performance to the governing body

All 3 significant parts of the organization namely governing body, top management and the leadership function shall have the necessary competence (by means of training if necessary), status, authority and independence. (These are also rules to good governance practice)

Access to to be made to the governing body/top management should there be any concerns raised (red and yellow flags/alert) on evidence, suspicion, investigation or issues on the ABMS itself.

Delegated Decision-Making

Delegation of authority is also linked to the Job Description. The governing body, top management and the personnel involved should be aware of their respective authorities. There should be a set of controls to address decision process and authority level of decision making. Decision making should take into account the possibility of conflict of interest, impartiality and independence. Again the role of independent governing body is important to ensure the "check and balance" process running smoothly