This site uses cookies for its functionality, if you want to learn more or opt out of all or some cookies href="/ita/pag/informativa_cookies_privacy/70/">click here.
By closing this banner or clicking any of its elements, you consent to the use of cookies.

In KEISDATA the development of multidisciplinary knowledge, the creation of a culture oriented towards innovation, the anticipation of regulatory evolutions define a consultancy with a dynamic and flexible sense in the analysis of different needs and contexts.



The approach
To allow the Organization to have a fully compliant management system with the UNI ISO 37001 standard, which is able to prevent, trace and deal with the risk of corruption at the level of the single "risk activity" underlying the company processes. Manage the planning of adaptation interventions.

Conditions for success
In order to achieve the objectives described above, full awareness of corporate contacts and the maximum collaboration of the resources involved in the audit process are necessary.

The phases
Analysis of the business context, through a meeting with the Management, the Anti-Corruption Manager, the Head of Legal Affairs, Internal Auditor and other Referents, is divided into:

  • Process mapping, possibly declined at the level of activity phases, with identification and assignment of roles and responsibilities for each;
  • Identification of external subjects that interact with the Organization's offices at the single stage of the process, taking care to represent the nature of the relationship with the subject in question (eg requests for opinions, production of documents, supervision, information, etc.).
  • Configuration of risks and associated preventive control measures. The KRC® system is equipped with a substantial library that facilitates the user in identifying both risks and measures.

Identification of Activities at Risk; the activity takes place in the company and, for each phase of the process, the activities at risk of corruption are linked to that specific phase (eg Purchasing Process - Phase Direct assignment procedures for purchases below a predetermined threshold - Risk Activities quotation request)

Analysis and Evaluation of Activities at Risk; for each activity at risk of corruption, also taking into account the external parties that interact with the organization for that specific activity, the risks are associated. Each risk, during the evaluation phase, is then evaluated according to the criteria and methodologies established during the configuration phase.

Treatment of Activities at Risk and Protocols; in this phase all the preventive and control measures necessary to contain the risk assessed in the previous phase are identified and established, making sure that, taking these interventions into account, it can move to a LOW level.


  • Analysis of the context
  • Analysis and evaluation of activities at risk
  • Schedule of compliance / improvement

Enterprise Risk Management


When planning to adapt to the new ISO 9001:2015, the organization must consider risks and opportunities in relation to the desired and unwanted effects in order to plan actions and ways to address these risks and/or opportunities. In KRC® the management of risks and opportunities is carried out in the flow of Risk Management that allows to assess the potential risk for all activities, managed directly or through third parties, which may be subject to a risk or opportunity event. The objective of the project is to introduce and support the evaluation of process performance, the assessment of the risk of not reaching/exceeding the same and its impact on company objectives.


The Company has activated the Risk Management Module of the KRC® platform, therefore it has expressed the need for a consulting activity for the implementation of its Risk Management Model. KEISDATA will prepare a Risk Model contextualized to the type of company and the sector it belongs to and consistent with the recent product business plan. The activities related to the various phases of the Risk Management process are presented below.

Phase definition of operational objectives
This phase is currently underway and at the expense of the company. The list of objectives will be used for risk association.

Risk Model Identification phase and Methodologies and criteria
KEISDATA will prepare a Risk Model, contextualized to the current and emerging company type and sector, from which to start the personalization phase. The main evaluation criteria for risk events will be defined: the parameters that allow the determination of levels and related classes of risk, the types of Qualitative and/or Quantitative assessment.

Phase of alignment with the Directors and Identification Evaluation of risk events
The Model makes it possible to predict events that can compromise the achievement of company objectives or that can highlight new opportunities.

The phase is characterized by the support, by KEISDATA, to the contact persons (Risk Owner) to fill in the risk event cards. This activity will also be training for the development of a mentality oriented to risk management in a logic of long-term performance.

Risk treatment phase
The risk treatment phase is envisaged in the RM form. This phase will require verification with the improvement action plan currently underway (NC improvement and management objectives) and where not consistent or insufficient will be carefully assessed before proceeding with risk mitigation management.

Reporting phase to the BoD
This Phase will be activated as soon as the Risk Model will be deemed consistent by ....