The cornerstone of any compliance program is the ability to conduct regular and thorough risk assessments so that the nature and extent of all company risk is unearthed, including where risk lies, and who it lies with.

Complacency, the enemy of vigilance, too often sets into organizations for a host of reasons. An organization may rationalize; a) our system works; b) little has changed in business operating practices; c) our monitoring controls will flag such risk; d) it’s too costly and time consuming.

 Sometimes we even see an expression of conceit or over confidence by a corporate executive immediately prior to the occurrence of any number of unforeseen calamities.

To avoid being lulled into complacency and a false sense of security, continuous and planned assessments should take place based on functional and operational risk levels.

It is imperative that the board is also properly exercising the due diligence demanded of it with respect to exactly how the organization’s strategic plan is being implemented and managed.

Managing Anti-bribery and Corruption Compliance is no different!

Appropriately, section 4.5 titled “Bribery Risk Assessment” of the ISO 37001 Anti-Bribery Management System standard states, “4.5.1 The organization shall undertake regular bribery risk assessment(s), which shall: a) identify the bribery risks the organization might reasonably anticipate, given the factors listed in 4.1; b) analyze, assess and prioritize the identified bribery risks; c) evaluate the suitability and effectiveness of the organization’s existing controls to mitigate the risks.”

Specktrum’s experience performing risk assessments is highlighted by having its risk assessments relied on for ISO 37001 certifications.

Specktrum employs a strict methodology fashioned to a degree by the classic top-down risk assessment internal audit often conducts as part of its annual general risk assessment.   Our version takes key vitals (elements) that relate to bribery and corruption and applies them organizationally.

Specktrum’s scope for risk assessments can be wide or narrow depending on organizational needs.

Specktrum's Anti-Bribery Risk Assessment Methodology which passed the ISO 37001 Muster

Although many of the vitals we employ can be measured quantitatively, those which are qualitative have multiple and varied inputs.  Ultimately each area of the business is given an absolute quantitative risk score that can be used to compare and benchmark risk levels.

To give you further perspective, examples of the vitals Specktrum employs are evidence and elements related to policy, total spend or total revenue; transaction volume; customer or supplier interaction level; government interaction; level of automation and segregation of duties; and susceptibility to bribery or fraud. We then apply those applicable vitals at the board, executive, and entity level, to the corporate strategic objectives, each business unit or function, and to each class of employee or contractor.

Expert, Cost Efficient Risk Assessments covering Anti-Bribery and Corruption, Data Privacy Protection; and Export Control