ISO 37001 (Anti-Bribery Management Systems) and ISO 19600 (Compliance Management Systems) are standards applicable to any type of organization: companies, public organizations, administrations and not-for-profit organizations.
The Compliance Program Certificate designed by ETHIC Intelligence, however applies only to companies.
Even if both the ISO 37001 and ISO 19600 are relevant to all types of organizations, their respective audits will have slightly differing focuses depending on the organization’s nature; corruption schemes vary greatly amongst public and private organizations. Within public organizations, passive corruption (bribe taking) constitutes the most substantial risk while within private organizations, active corruption (bribe giving) represents the highest risk.
ETHIC Intelligence offers four types of anti-corruption certifications to match an organization’s diverse needs in terms of size and compliance maturity.
With the goal to help organizations assess whether they are ready for certification or not, ETHIC Intelligence has designed specific tools such as a gap analysis, a mock audit, etc.…
ETHIC Intelligence offers a free preliminary assessment of basic requirements prior to any certification, in order to ensure a certification audit’s reasonable chances of success.
Should you have any concerns or questions regarding your compliance program’s readiness to undergo certification, please do not hesitate to contact us.
The first thing to keep in mind is that a certification involves a given perimeter.
You can choose to have your entire organization certified or only a branch, a business unit or one entity.
If you want to have the whole organization certified, we will select together a limited, yet representative, number of entities to be audited. We generally use a square root rule: if you have 16 entities, 4 will be audited.
ETHIC Intelligence has designed several processes that an organization can use prior to certification; these ensure the organization has a chance of success in obtaining certification before an audit is initiated. Our deontology keeps us from encouraging organizations to begin a process whose outcomes are doubtful
Certification is not an automatic process. We guarantee our auditors' full independence of judgement and our technical and certification committees will award certification only if the necessary requirements are met.
Certification cannot and will not be awarded if one (or more) requirement is not thoroughly addressed; such oversight constitutes a major non-conformity which prevents the anti-bribery management from functioning efficiently.
In this case scenario, an explanation detailing the non-conformity will be provided by the lead auditor to the organization, so the latter knows exactly what must be remediated in the next 90 days.
ETHIC Intelligence might decide to execute a complementary in-situ audit that will verify the requirement’s completion or, they might consider an exchange of documents/conference calls to be sufficient. A report is then submitted to the Technical or to the Certification Committee and certification can be awarded.
The duration of the certification process is directly linked to the size of the audited organization.
Based on international recommendations and over a decade of expertise, ETHIC Intelligence defines the number of days that should be allocated to different steps of the process according to an organization’s size.
Auditing an organization for certification with fewer days than is recommended is not an option for ETHIC Intelligence: a shorter audit time endangers the audit report’s quality, taints the certificate’s reputation and might be interpreted as a window dressing exercise by anti-corruption enforcement authorities.
To assess the complete duration of a certification process, one should add to the number of days relevant to its organization’s size, a period of three weeks, for the following reason: three weeks prior to the audit, a “kick off” meeting with the compliance team is organized– usually via Webex. The purpose of this meeting is to prepare for the audit, identify the people who will be interviewed and the documents that should be sent to the auditor in anticipation of the audit. This meeting is ensures a smooth audit with a well-prepared auditor.
Do not hesitate to contact us for more details.
A certification audit is not only a paper audit: its intention is to assess the design AND implementation of an Anti-Bribery Management System.
In-situ interviews are of utmost significance for the auditor who needs to appraise how various requirements are really met: the auditor will rely on documented information analysis, interviews of people and in-situ observations.
Naturally in some cases, interviews can be held via Webex, due to exceptional circumstances such as employees being out of the office at the time of the audit. A mock audit which determines if an organisation is ready for certification can be carried out remotely if the organization so wishes. Yet again, a paper-only audit is not a certification audit.
If an act of corruption is brought to the attention of the judicial authorities, the judge will consider the case with no “preconceptions” and will try not to understand the different actors’ responsibilities. In other words, a successful certification audit will not provide an affirmative defence.
However, certification can be used by the company and its management to support the claim that the organization did do its best to prevent corruption. If the business elects to do so, the judge will examine the quality and rigor of the certification process. The judge will want to establish that certification was not simply a window dressing exercise, that the auditor did possess the right expertise and that the number of days spent by the auditor was sufficient given the organization’s perimeter. In other words, the judge will assess whether the certification audit was a genuine certification process, honestly executed with a view to benchmarking the certified company according to international best practices.
ETHIC Intelligence is committed to providing the highest level of expertise in anti-corruption compliance and to implementing audit processes that correspond to international standards; more specifically, ETHIC intelligence employs audit practices respectful of international standards advocated for by accredited certification bodies under both the ISO/IEC 17021-1 and ISO/IEC 17021-9 standards.
ETHIC Intelligence certification has already been mentioned by a court in Bern, Switzerland, who issued an order to dismiss on 22nd of November 2011.
Finally, certification provides an affirmative defence for the failure to prevent corruption offense under the UK Bribery Act. Specifically, paragraph 6.4 – to which ETHIC Intelligence contributed an opinion at the time of the document’s drafting – mentions that “Some organizations may be able to apply for certified compliance with one of the independently-verified anti-bribery standards maintained by industrial sector associations or multilateral bodies”.
For more information see Philippe Montigny’s Blog post: Does ISO 37001 provide legal defense?
The cost of certification is directly linked to the size of the organization under certification.
The major part of the cost is related to the time allocated to the audit. The following table provides information regarding the number of days that will be devoted to an audit in relation to the organization’s size. Certification fees are applied for the monitoring of the certification process and also depend on the organization’s size.
The international presence of ETHIC Intelligence accredited auditors keeps travel costs to a minimum.
It should be noted that in cases of certification denials there might be additional audit costs pertaining to the verification of major non-conformities’ remediation. Which is why ETHIC Intelligence focuses on the level of an organization's readiness when seeking certification and offers a free assessment of basic certification requirements to increase the chances of successful certification
ETHIC Intelligence designed the very first certification process in 2005 and has been certifying anti-corruption compliance since 2006.
ETHIC Intelligence specializes only in anti-corruption compliance on which it possesses a unique experience. The agency’s certification team is composed of experts in anti-corruption familiar with both current legal trends and compliance best practices.
ETHIC Intelligence performs only certifications, audits and training and refrains from providing any technical assistance. Our certification is free from any form of conflict of interest.
ETHIC Intelligence strictly abides by ISO/IEC 17021-1 and ISO/IEC 17021-9’s rules with respect to accredited certification bodies. These rules are meant to guarantee anti-corruption certification’s legitimacy.
ETHIC Intelligence has chosen one of the most demanding accreditation bodies in the world which involves long and thorough controls. Our accreditation process is therefore ongoing.
As we will be accredited by a body which is a member of the International Accreditation Forum (IAF), our accreditation will be valid in every country.
We are committed to respecting the accreditation rules of both ISO/IEC 17021-1 and ISO/IEC 17021-9.
Our accreditation manual detailing all our audit and certification processes is available on demand.