THE CONSULTING PROJECT - UNI ISO 37001
To allow the Organization to have a fully compliant management system with the UNI ISO 37001 standard, which is able to prevent, trace and deal with the risk of corruption at the level of the single "risk activity" underlying the company processes. Manage the planning of adaptation interventions.
Conditions for success
In order to achieve the objectives described above, full awareness of corporate contacts and the maximum collaboration of the resources involved in the audit process are necessary.
Analysis of the business context, through a meeting with the Management, the Anti-Corruption Manager, the Head of Legal Affairs, Internal Auditor and other Referents, is divided into:
Identification of Activities at Risk; the activity takes place in the company and, for each phase of the process, the activities at risk of corruption are linked to that specific phase (eg Purchasing Process - Phase Direct assignment procedures for purchases below a predetermined threshold - Risk Activities quotation request)
Analysis and Evaluation of Activities at Risk; for each activity at risk of corruption, also taking into account the external parties that interact with the organization for that specific activity, the risks are associated. Each risk, during the evaluation phase, is then evaluated according to the criteria and methodologies established during the configuration phase.
Treatment of Activities at Risk and Protocols; in this phase all the preventive and control measures necessary to contain the risk assessed in the previous phase are identified and established, making sure that, taking these interventions into account, it can move to a LOW level.