Global Knowledge Management and Economy - Nik Zafri: ISO 37001:2016

DISCLAIMER - NIKZAFRI.BLOGSPOT.COM

Today, Knowledge Management today are not limited merely to : (A) 'knowing' or 'reading lots of books/scholarly articles' or (B) data mining, analysis, decision making, preventive actions, or (C) some Human Resources Management issue or (D) some ICT issue. Knowledge Management is about putting your knowledge, skills and competency into practice and most important IT WORKS! For you and your company or your business (Nik Zafri) Can I still offer consultancy or training? Who claims otherwise? Absolutely, I can.

The information comprised in this section is not, nor is it held out to be, a solicitation of any person to take any form of investment decision. The content of the nikzafri.blogspot.com does not constitute advice or a recommendation by nikzafri.blogspot.com and should not be relied upon in making (or refraining from making) any decision relating to investments or any other matter. You should consult your own independent financial adviser and obtain professional advice before exercising any investment decisions or choices based on information featured in this nikzafri.blogspot.com can not be held liable or responsible in any way for any opinions, suggestions, recommendations or comments made by any of the contributors to the various columns on nikzafri.blogspot.com nor do opinions of contributors necessarily reflect those of http://www. nikzafri.blogspot.com

In no event shall nikzafri.blogspot.com be liable for any damages whatsoever, including, without limitation, direct, special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use, arising out of or related to the nikzafri.blogspot.com or the information contained in it, whether such damages arise in contract, negligence, tort, under statute, in equity, at law or otherwise.

MY EMPLOYERS AND CLIENTELLES

BIODATA - NIK ZAFRI

NIK ZAFRI BIN ABDUL MAJID, CONSULTANT/TRAINER
Email: nikzafri@yahoo.com, nikzafri@gmail.comhttps://nikzafri.wixsite.com/nikzafri

Kelantanese, Alumni of Sultan Ismail College Kelantan (SICA), IT Competency Cert, Certified Written English Professional US. Has participated in many seminars/conferences (local/ international) in the capacity of trainer/lecturer and participant.

Affiliations :- Network Member of Gerson Lehrman Group, Institute of Quality Malaysia, Auditor ISO 9000 IRCAUK, Auditor OHSMS (SIRIM and STS) /EMS ISO 14000 and Construction Quality Assessment System CONQUAS, CIDB (Now BCA) Singapore),

* Possesses almost 30 years of experience/hands-on in the multi-modern management & technical disciplines (systems & methodologies) such as Knowledge Management (Hi-Impact Management/ICT Solutions), Quality (TQM/ISO), Safety Health Environment, Civil & Building (Construction), Manufacturing, Motivation & Team Building, HR, Marketing/Branding, Business Process Reengineering, Economy/Stock Market, Contracts/Project Management, Finance & Banking, etc. He was employed to international bluechips involving in national/international megaprojects such as Balfour Beatty Construction/Knight Piesold & Partners UK, MMI Insurance Group Australia, Hazama Corporation (Hazamagumi) Japan (with Mitsubishi Corporation, JA Jones US, MMCE and Ho-Hup) and Sunway Construction Berhad (The Sunway Group of Companies). Among major projects undertaken : Pergau Hydro Electric Project, KLCC Petronas Twin Towers, LRT Tunnelling, KLIA, Petronas Refineries Melaka, Putrajaya Government Complex, Sistem Lingkaran Lebuhraya Kajang (SILK), Mex Highway, KLIA1, KLIA2 etc. Once serviced SMPD Management Consultants as Associate Consultant cum Lecturer for Diploma in Management, Institute of Supervisory Management UK/SMPD JV. Currently – Associate/Visiting Consultants/Facilitators, Advisors for leading consulting firms (local and international) including project management. To name a few – Noma SWO Consult, Amiosh Resources, Timur West Consultant Sdn. Bhd., TIJ Consultants Group (Malaysia and Singapore) and many others.

* Ex-Resident Weekly Columnist of Utusan Malaysia (1995-1998) and have produced more than 100 articles related to ISO-9000– Management System and Documentation Models, TQM Strategic Management, Occupational Safety and Health (now OHSAS 18000) and Environmental Management Systems ISO 14000. His write-ups/experience has assisted many students/researchers alike in module developments based on competency or academics and completion of many theses. Once commended by the then Chief Secretary to the Government of Malaysia for his diligence in promoting and training the civil services (government sector) based on “Total Quality Management and Quality Management System ISO-9000 in Malaysian Civil Service – Paradigm Shift Scalar for Assessment System”

Among Nik Zafri’s clients : Adabi Consumer Industries Sdn. Bhd, (MRP II, Accounts/Credit Control) The HQ of Royal Customs and Excise Malaysia (ISO 9000), Veterinary Services Dept. Negeri Sembilan (ISO 9000), The Institution of Engineers Malaysia (Aspects of Project Management – KLCC construction), Corporate HQ of RHB (Peter Drucker's MBO/KRA), NEC Semiconductor - Klang Selangor (Productivity Management), Prime Minister’s Department Malaysia (ISO 9000), State Secretarial Office Negeri Sembilan (ISO 9000), Hidrological Department KL (ISO 9000), Asahi Kluang Johor(System Audit, Management/Supervisory Development), Tunku Mahmood (2) Primary School Kluang Johor (ISO 9000), Consortium PANZANA (HSSE 3rd Party Audit), Lecturer for Information Technology Training Centre (ITTC) – Authorised Training Center (ATC) – University of Technology Malaysia (UTM) Kluang Branch Johor, Kluang General Hospital Johor (Management/Supervision Development, Office Technology/Administration, ISO 9000 & Construction Management), Kahang Timur Secondary School Johor (ISO 9000), Sultan Abdul Jalil Secondary School Kluang Johor (Islamic Motivation and Team Building), Guocera Tiles Industries Kluang Johor (EMS ISO 14000), MNE Construction (M) Sdn. Bhd. Kota Tinggi Johor (ISO 9000 – Construction), UITM Shah Alam Selangor (Knowledge Management/Knowledge Based Economy /TQM), Telesystem Electronics/Digico Cable(ODM/OEM for Astro – ISO 9000), Sungai Long Industries Sdn. Bhd. (Bina Puri Group) - ISO 9000 Construction), Secura Security Printing Sdn. Bhd,(ISO 9000 – Security Printing) ROTOL AMS Bumi Sdn. Bhd & ROTOL Architectural Services Sdn. Bhd. (ROTOL Group) – ISO 9000 –Architecture, Bond M & E (KL) Sdn. Bhd. (ISO 9000 – Construction/M & E), Skyline Telco (M) Sdn. Bhd. (Knowledge Management),Technochase Sdn. Bhd JB (ISO 9000 – Construction), Institut Kefahaman Islam Malaysia (IKIM – ISO 9000 & Internal Audit Refresher), Shinryo/Steamline Consortium (Petronas/OGP Power Co-Generation Plant Melaka – Construction Management and Safety, Health, Environment), Hospital Universiti Kebangsaan Malaysia (Negotiation Skills), Association for Retired Intelligence Operatives of Malaysia (Cyber Security – Arpa/NSFUsenet, Cobit, Till, ISO/IEC ISMS 27000 for Law/Enforcement/Military), T.Yamaichi Corp. (M) Sdn. Bhd. (EMS ISO 14000) LSB Manufacturing Solutions Sdn. Bhd., (Lean Scoreboard (including a full development of System-Software-Application - MSC Malaysia & Six Sigma) PJZ Marine Services Sdn. Bhd., (Safety Management Systems and Internal Audit based on International Marine Organization Standards) UNITAR/UNTEC (Degree in Accountacy – Career Path/Roadmap) Cobrain Holdings Sdn. Bhd.(Managing Construction Safety & Health), Speaker for International Finance & Management Strategy (Closed Conference), Pembinaan Jaya Zira Sdn. Bhd. (ISO 9001:2008-Internal Audit for Construction Industry & Overview of version 2015), Straits Consulting Engineers Sdn. Bhd. (Full Integrated Management System – ISO 9000, OHSAS 18000 (ISO 45000) and EMS ISO 14000 for Civil/Structural/Geotechnical Consulting), Malaysia Management & Science University (MSU – (Managing Business in an Organization), Innoseven Sdn. Bhd. (KVMRT Line 1 MSPR8 – Awareness and Internal Audit (Construction), ISO 9001:2008 and 2015 overview for the Construction Industry), Kemakmuran Sdn. Bhd. (KVMRT Line 1 - Signages/Wayfinding - Project Quality Plan and Construction Method Statement ), Lembaga Tabung Haji - Flood ERP, WNA Consultants - DID/JPS -Flood Risk Assessment and Management Plan - Prelim, Conceptual Design, Interim and Final Report etc., Tunnel Fire Safety - Fire Risk Assessment Report - Design Fire Scenario), Safety, Health and Environmental Management Plans leading construction/property companies/corporations in Malaysia, Timur West Consultant : Business Methodology and System, Information Security Management Systems (ISMS) ISO/IEC 27001:2013 for Majlis Bandaraya Petaling Jaya ISMS/Audit/Risk/ITP Technical Team, MPDT Capital Berhad - ISO 9001: 2015 - Consultancy, Construction, Project Rehabilitation, Desalination (first one in Malaysia to receive certification on trades such as Reverse Osmosis Seawater Desalination and Project Recovery/Rehabilitation)

* Has appeared for 10 consecutive series in “Good Morning Malaysia RTM TV1’ Corporate Talk Segment discussing on ISO 9000/14000 in various industries. For ICT, his inputs garnered from his expertise have successfully led to development of work-process e-enabling systems in the environments of intranet, portal and interactive web design especially for the construction and manufacturing. Some of the end products have won various competitions of innovativeness, quality, continual-improvements and construction industry award at national level. He has also in advisory capacity – involved in development and moderation of websites, portals and e-profiles for mainly corporate and private sectors, public figures etc. He is also one of the recipients for MOSTE Innovation for RFID use in Electronic Toll Collection in Malaysia.

Note :

TO SEE ALL ARTICLES

ON THE"LABEL" SECTION BELOW (RIGHT SIDE COLUMN), YOU CAN CLICK ON ANY TAG - TO READ ALL ARTICLES ACCORDING TO ITS CATEGORY (E.G. LABEL : CONSTRUCTION) OR GO TO THE VERY END OF THIS BLOG AND CLICK "Older Posts"

Showing posts with label ISO 37001:2016. Show all posts

Thursday, February 09, 2023

PART 5 - ANTI BRIBERY MANAGEMENT SYSTEM (ISO 37001:2016) - by Nik Zafri

(Anti Bribery Management System = ISO 37001:2016)

3.0 PLANNING

This element links back to identified (bribery) risks and types of mitigation (risks and opportunities of improvement) as mentioned in the previous article. In planning, there should be a sense of assurance that the objectives will work.

Risks require a plan which entails prevention and "what if" situations e.g. if they fail. (Back up plan is required)

No planning requires no improvement. It's not perfect. You'll learn through experience.

Thus, especially your manual and your procedures addressing risks of briberies, level of risks and possible mitigations should be part of the core process of the organization.

Mitigation is something to be based on experience. You may need brainstorming session(s) to see and test the viability of mitigation especially to possibility of "new bribery risks" that is unexpected.

Evaluate the planning process and execute the plan.

Objectives

The (measureable) objectives as mentioned earlier should be at the departmental and functional level. In making the objectives, it should adopt a cascading concept to the policy. (sort of the Drucker's MBO concept)

(A word of caution : Never treat the policy, objectives or other documented information as merely to comply with the standard and/or law requirements, the organization must feel that "This is the company policy, this is the company's objectives etc" or better "ABMS is part of the company's culture" - to have the sense of ownership towards the system)

Objectives must be practical not something that is "plucked from the sky". Sometimes achievement is not necessarily a measure of success as past achievements are also subject to further review. (as the law or standard changes or poor achievement is witnessed in the past)

Like policy, the objectives must be communicated (usually every department, unit and functions should have it documented or pasted or spread through the respective network throughout the department/unit/function)

Planning should involve the next course of action (including legal where necessary), resources, responsibilities and authorities, a time frame for achievement/reviewed or improvement.

Thursday, February 02, 2023

PART 4 - ANTI BRIBERY MANAGEMENT SYSTEM (ISO 37000) - by Nik Zafri

(Anti-Bribery Management System/ABMS = ISO 37001:2016)

2.0 LEADERSHIP

Leadership is not limited only to the executive and top management, but it should also include the Head of Departments, Supervisors, Immediate Superiors, Administrative positions and equivalent.

All levels of leadership must have a sense of strong commitment to uphold the requirements of Anti-Bribery Management System (ABMS)

Governing body

The standard mentions the phrase "governing body". In this context, it refers to a special committee formed by the organization. To ensure impartiality, it is recommended that this special committee should function as independent commission with minimal intervention by the executive and top management. The committee should comprise of nominated member(s) of the Board of Directors (BOD), external civil servant from the authorities such as Anti Corruption Agency or Institute of Governance or equivalent, legal practitioner, Auditor (both internal and external) Management Representative etc.

The duties and responsibilities of the "governing body" is to approve the ABMS policy and ensuring its' consistency with other organizational policies, plans, manual, procedures etc., review and approve report on ABMS status after a certain cut-off period. Resources; as far as is practicable; such as laptops, online/communication and network facilities, work station etc are to be provided to facilitate their work such as risk assessments, recommendations on the type of documented information required, protection of whistleblowers etc.

Cooperation and Effective Communication taking into account transparency are to be taken seriously into account.

In the absence of a governing body (which is not recommended to minimize partiality), the top management shall assume the duties of the body.

Policy

A policy should be made to address the seriousness of bribery, compliance to the anti-bribery laws, setting/reviewing/achieving ABMS (measurable) objectives (department/unit), whistleblowing protection and commitment to provide resources/review/continual improvement of the policy.

As other certification standards requirement, the policy to be available at all times (usually also included in the ABMS Manual) - including stakeholders, communicated (and translated if necessary where the English or native language shall prevail in case of ambiguity) and/or displayed.

Roles, Responsibilities and Authorities

Top management shall be responsible to implement and comply with ABMS. Thus, responsibilities and authorities (usually by means of Job Description) and ABMS

Objectives to be assigned and communicated throughout the organization. If there is a governing body, they are to adopt a check and balance approach with the top management.

Anti-Bribery Compliance Function

a) Design/Implementation of ABMS,

b) Advice/counsel/guide to personnel involved in ABMS,

c) To comply to the ABMS requirements

d) Reporting ABMS performance to the governing body

All 3 significant parts of the organization namely governing body, top management and the leadership function shall have the necessary competence (by means of training if necessary), status, authority and independence. (These are also rules to good governance practice)

Access to to be made to the governing body/top management should there be any concerns raised (red and yellow flags/alert) on evidence, suspicion, investigation or issues on the ABMS itself.

Delegated Decision-Making

Delegation of authority is also linked to the Job Description. The governing body, top management and the personnel involved should be aware of their respective authorities. There should be a set of controls to address decision process and authority level of decision making. Decision making should take into account the possibility of conflict of interest, impartiality and independence. Again the role of independent governing body is important to ensure the "check and balance" process running smoothly

Tuesday, January 31, 2023

PART 3 - ANTI-BRIBERY MANAGEMENT SYSTEM - by Nik Zafri

1. Context of the Organization

Most of the contents are almost similar to any other quality, safety and environmental certification standards. With exceptional the use of "Anti Bribery Management System (ABMS)" in lieu of QMS, OHSMS and EMS.

It's important to identify and customize ABMS to the overall business nature of the organization be it internal or external. Not everything may apply to the organization practicing ABMS but to link most of the elements to the core processes would be an added advantage.

Most important, all activities and relevant documented information to also take into account applicable statutory, regulatory, contractual and professional obligations and duties.

2. Stakeholders

In this sense, not limited to the following, stakeholders could be :

a) Board of Directors (BOD) or equivalent - in this sense, directors that possess a certain portion of shares and with executive authorities to execute their duties and responsibilities to ensure that resources are provided to ensure the success of ABMS. They must also have a fair knowledge of the relevant regulations and ABMS.

b) Management Representative (MR) - although most of the latest revision of the standards may have ommitted "MR", it's still required to have one either a member of the BOD or a member of the organization who possess sufficient experience, qualifications and competency to become the "watchdog" of the system.

c) Non-Executive Directors or equivalent - this would apply to advisors; despite limited to making recommendations; they should also be fully aware of applicable regulations and ABMS

d) Representatives from Service Providers - namely Consultants, Contractors and Suppliers/Vendors - they are also involved in ABMS and is bound to ethics and requirements of the ABMS procurement contract and procedures,

e) Investors - for public and public listed companies, the prospectus, annual reports or magazines (online and offline) or press conferences should highlight the initiatives taken by the organization and how investors can play their roles in ABMS,

e) Representatives from the general public or people from the surrounding areas of operation. It's also a good practice to involve relevant NGOs as well.

f) Authorities - involving Anti-Corruption Commission, Corporate Governance, Company Laws, Security Commission, Anti-Money Laundering, Central Bank and the finances and banks as well. Communications should be well-established with these entities.

It is important to note that "whistleblowers" MUST be protected at all times.

3. Scope

"Scope" is relevant to the nature of business of the organization taking into account internal and external issues and risk assessment. Documented information to determine and clarify the scope should be included in the ABMS Manual of the Organization.

4. Anti-Bribery Management System (ABMS)

Again, the keywords :

i) Establish

ii) Document

iii) Implement

iv) Maintain

v) Review

vi) Improve

are included in ABMS to manage documented information (document, data and records) just like any other certification standards.

Most important - whether it's a Policy, or Manual or Plan, or Procedures (Administrative and Operation) or Work Instruction or Method Statement or Inspection and Test Plan (even checklists) - a clear and thorough process flow (typical 4 columns - no., process, person in charge (PIC) and relevant documented information - should be included and related to the documented information. These documented information should take into account ABMS standard, relevant regulations and where applicable contractual requirements.

The documented information should also contain measures designed to identify and evaluate the risk of, and to prevent, detect and respond to, bribery.

Despite to eliminate risk of bribery is almost impossible, it is advisable to have a target set for every cut-off period of implementation.

5. Risk Assessment

a) Identify the bribery risks - proactively if necessary (based on past experience) or as per recommendation from external party,

b) New and unexpected risks could be identified as the implementation goes - analyze (data analysis), assess and prioritize (e.g. the typical Red, Yellow, Green coloured bands - with justifications)

c) Identify proactive mitigation or new mitigation for unexpected risks found during assessment,

d) Be reviewed (usually in the Management Review Meeting)

e) Be susceptible to change in the country laws/legislations or the standard or any other guidelines from the relevant parties.

Should there be a repetitive trends, then it is important to look back at the risks been identified during the commencement of the system (ABMS)

Saturday, January 28, 2023

PART 2 - ANTI-BRIBERY MANAGEMENT SYSTEM - by Nik Zafri

Note : For all parters of my articles, I will not touch clause 2.0 and 3.0. The articles may follow the sequential order of the standard clauses or quoting certain paras/phrase from the standard but the contents are mostly self-explanation based on my understanding and experience. The contents may also be customized to the Malaysian environment with some references cited from international laws and case studies.

Scope

All documented information is recommended to use anti-bribery laws and voluntary commitments as their guidelines.

Among others, ISO 37001:2016 entails the need for detect, prevent and respond to many types of bribery. The scope involves personnel, associates, business activities, 3rd parties from public, private and not-for-profit sectors (example NGO).

This means that it's not limited only to clients but also branching out to customers, JV, JV partners, consortium partners, outsourcing providers, contractors, consultants, sub-contractors, suppliers, vendors, advisors, agents, distributors, representatives, intermediaries and investors.

For public official, the system should also cover person holding a legislative, administrative or judicial office, whether by appointment, election or succession, or any person exercising a public function, including for a public agency or public enterprise, or any official or agent of a public domestic or international organization, or any candidate for public office.

These requirements are typically addressed in the Anti Bribery Management System (ABMS) Manual.

Although the standard may not be thorough, to organizations practicing (corporate) governance especially Public and Public Listed Company, the manual and the associated procedures should include fraud, cartels, anti-trust/competition offences, money laundering etc.

However, this may require a joint effort between those in the financial positions and the duly authorized personnel from the management.

It is recommended the organization work closely to Bank Negara Malaysia, Security Commission, Registrar of Company/Society etc. for more information on legislation or conditions for public-listing/investment.

Friday, January 27, 2023

ANTI-BRIBERY MANAGEMENT SYSTEM - PART 1 - by Nik Zafri

While the world is not fully out of the Covid-19 pandemic, we are still facing another pandemic what seems to have no cure to it. This pandemic is known as Bribery.

Bribery in any forms has evolved itself to become part of the twisted culture in many industries and sectors - even in the civil services.

It is known as a hindrance to good and clean practices, governance, economy, social and even moral. Hence it has also lead to imbalance and creation of gaps between the rich and the poor via means of taxation and cost of living. The quality and safety of products and services provided are also badly affected by bribery.

Enforcement of the law on many cases of bribery; whilst making good progress; has also been known to meet dead-ends when powerful figures decide to intervene in the judiciary system.

Despite many government endless efforts to address bribery domestically or internationally, the progress seem to be too slow which is evident when arrests have been made only to certain small groups rather than the big planners behind bribery.

As we all know, having laws without proper guidelines and monitoring of compliance will not be effective. Organizations and industries must adopt a self-governance by having their own standards, policies and procedures.

This is the reason why we need a specific standard now known as ISO 37000 - an ambitious effort to reduce risks of bribery in organizations and industries.

However, I still see the infamous disclaimer :

"Conformity with this document cannot provide assurance that no bribery has occurred or will occur in relation to the organization, as it is not possible to completely eliminate the risk of bribery. However, this document can help the organization implement reasonable and proportionate measures designed to prevent, detect and respond to bribery"

I believe that having the proper policies and documented information based on this standard can become evidence in the eyes of the law - thus, I honestly think that this statement is a little redundant.

I also believe that both law and standard should also provide justice to innocent victims or black sheeps which may require element of forensic auditing skills and just like financial audit, the auditors should be able to lodge reports once proven to the authorities without any tampering from the organization being audited whether the auditor is internal (staff) or an external auditor from the certification body.