1. Context of the Organization
Most of the contents are almost similar to any other quality, safety and environmental certification standards. With exceptional the use of "Anti Bribery Management System (ABMS)" in lieu of QMS, OHSMS and EMS.
It's important to identify and customize ABMS to the overall business nature of the organization be it internal or external. Not everything may apply to the organization practicing ABMS but to link most of the elements to the core processes would be an added advantage.
Most important, all activities and relevant documented information to also take into account applicable statutory, regulatory, contractual and professional obligations and duties.
2. Stakeholders
In this sense, not limited to the following, stakeholders could be :
a) Board of Directors (BOD) or equivalent - in this sense, directors that possess a certain portion of shares and with executive authorities to execute their duties and responsibilities to ensure that resources are provided to ensure the success of ABMS. They must also have a fair knowledge of the relevant regulations and ABMS.
b) Management Representative (MR) - although most of the latest revision of the standards may have ommitted "MR", it's still required to have one either a member of the BOD or a member of the organization who possess sufficient experience, qualifications and competency to become the "watchdog" of the system.
c) Non-Executive Directors or equivalent - this would apply to advisors; despite limited to making recommendations; they should also be fully aware of applicable regulations and ABMS
d) Representatives from Service Providers - namely Consultants, Contractors and Suppliers/Vendors - they are also involved in ABMS and is bound to ethics and requirements of the ABMS procurement contract and procedures,
e) Investors - for public and public listed companies, the prospectus, annual reports or magazines (online and offline) or press conferences should highlight the initiatives taken by the organization and how investors can play their roles in ABMS,
e) Representatives from the general public or people from the surrounding areas of operation. It's also a good practice to involve relevant NGOs as well.
f) Authorities - involving Anti-Corruption Commission, Corporate Governance, Company Laws, Security Commission, Anti-Money Laundering, Central Bank and the finances and banks as well. Communications should be well-established with these entities.
It is important to note that "whistleblowers" MUST be protected at all times.
3. Scope
"Scope" is relevant to the nature of business of the organization taking into account internal and external issues and risk assessment. Documented information to determine and clarify the scope should be included in the ABMS Manual of the Organization.
4. Anti-Bribery Management System (ABMS)
Again, the keywords :
i) Establish
ii) Document
iii) Implement
iv) Maintain
v) Review
vi) Improve
are included in ABMS to manage documented information (document, data and records) just like any other certification standards.
Most important - whether it's a Policy, or Manual or Plan, or Procedures (Administrative and Operation) or Work Instruction or Method Statement or Inspection and Test Plan (even checklists) - a clear and thorough process flow (typical 4 columns - no., process, person in charge (PIC) and relevant documented information - should be included and related to the documented information. These documented information should take into account ABMS standard, relevant regulations and where applicable contractual requirements.
The documented information should also contain measures designed to identify and evaluate the risk of, and to prevent, detect and respond to, bribery.
Despite to eliminate risk of bribery is almost impossible, it is advisable to have a target set for every cut-off period of implementation.
5. Risk Assessment
a) Identify the bribery risks - proactively if necessary (based on past experience) or as per recommendation from external party,
b) New and unexpected risks could be identified as the implementation goes - analyze (data analysis), assess and prioritize (e.g. the typical Red, Yellow, Green coloured bands - with justifications)
c) Identify proactive mitigation or new mitigation for unexpected risks found during assessment,
d) Be reviewed (usually in the Management Review Meeting)
e) Be susceptible to change in the country laws/legislations or the standard or any other guidelines from the relevant parties.
Should there be a repetitive trends, then it is important to look back at the risks been identified during the commencement of the system (ABMS)