This site uses cookies for its functionality, if you want to learn more or opt out of all or some cookies href="/ita/pag/informativa_cookies_privacy/70/">click here.
By closing this banner or clicking any of its elements, you consent to the use of cookies.


The approach
To allow the Organization to have a fully compliant management system with the UNI ISO 37001 standard, which is able to prevent, trace and deal with the risk of corruption at the level of the single "risk activity" underlying the company processes. Manage the planning of adaptation interventions.

Conditions for success
In order to achieve the objectives described above, full awareness of corporate contacts and the maximum collaboration of the resources involved in the audit process are necessary.

The phases
Analysis of the business context, through a meeting with the Management, the Anti-Corruption Manager, the Head of Legal Affairs, Internal Auditor and other Referents, is divided into:

  • Process mapping, possibly declined at the level of activity phases, with identification and assignment of roles and responsibilities for each;
  • Identification of external subjects that interact with the Organization's offices at the single stage of the process, taking care to represent the nature of the relationship with the subject in question (eg requests for opinions, production of documents, supervision, information, etc.).
  • Configuration of risks and associated preventive control measures. The KRC® system is equipped with a substantial library that facilitates the user in identifying both risks and measures.

Identification of Activities at Risk; the activity takes place in the company and, for each phase of the process, the activities at risk of corruption are linked to that specific phase (eg Purchasing Process - Phase Direct assignment procedures for purchases below a predetermined threshold - Risk Activities quotation request)

Analysis and Evaluation of Activities at Risk; for each activity at risk of corruption, also taking into account the external parties that interact with the organization for that specific activity, the risks are associated. Each risk, during the evaluation phase, is then evaluated according to the criteria and methodologies established during the configuration phase.

Treatment of Activities at Risk and Protocols; in this phase all the preventive and control measures necessary to contain the risk assessed in the previous phase are identified and established, making sure that, taking these interventions into account, it can move to a LOW level.


  • Analysis of the context
  • Analysis and evaluation of activities at risk
  • Schedule of compliance / improvement