Anticorruption

Definition and management of the System
ISO 37001:2016

Try KRC

SCOPE

Enable the Organization to have a management system, implemented on an IT platform, capable of preventing, tracking, and addressing the risk of corruption at the level of individual "at-risk activities" underlying business processes. Manage the planning of compliance actions.

METHODOLOGY

The approach

The Management System has been implemented at KRC in compliance with the UNI ISO 37001 standard.

The conditions for success

To achieve the objectives described, full awareness of company representatives and maximum collaboration of the resources involved in the audit process are required.

The phases

Analysis of the company context, through a meeting with the Management, the Anti-Corruption Officer, the Head of Legal Affairs, Internal Auditor and other representatives, is divided into:

  • Process mapping, possibly broken down into activity phases, with identification and assignment of roles and responsibilities for each;
  • Identification of external parties who interact with the organization's offices at the individual process stage level, taking care to represent the nature of the relationship with the party in question (e.g., requests for opinions, document production, supervision, information flows, etc.).
  • Configuration of risks and associated preventive control measures. The KRC system is equipped with a comprehensive library that helps the user identify both risks and measures.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RISKY ACTIVITIES

Identification of Risky Activities; the activity is carried out within the company and, for each process phase, the activities at risk of corruption underlying that specific phase are matched (e.g. Purchasing Process – Direct Award Procedures Phase for purchases below a predetermined threshold – Risky Activities: Request for Quote).

Analysis and Evaluation of Risk Activities; risks are associated with each activity at risk of corruption, also taking into account the external parties interacting with the organization for that specific activity. Each risk, during the assessment phase, is then evaluated according to the criteria and methodologies established during the configuration phase.

Risk Management and Protocols; in this phase, all the preventive and control measures necessary to contain the risk assessed in the previous phase are identified and established, ensuring that, taking these measures into account, the risk can be reduced to a low level.

THIRD PARTY DUE DILIGENCE

The purpose of third-party due diligence is to support corporate decision-making and protect the company from potential legal, financial, operational, and reputational damage resulting from transactions with third parties. To this end, a form is provided containing key third-party information and the assessment results. Due diligence reports are uploaded manually and/or via automated imports.

Any authorized employee can perform a third-party database search at any time and obtain the outcome of the Assessment. If the outcome is not available, the request is processed by the Anti-Corruption Officer and a response notification is sent to the requester. The requester has access to a dedicated homepage from which they can submit requests and monitor the outcome.

POLITICAL STATEMENT AND CONFLICTS 37001

For individuals, there is a section that allows the request to complete and sign the 37001 Policy and Conflicts Statement. The signed statement will be associated with the individual's Due Diligence form and consequently used in the Due Diligence Research function, in the case of sensitive ISO 37001 functions or delegations/powers of attorney/board members (internal and external) or CEO.

The 37001 Due Diligence and Policy and Conflict Statements have a configurable expiration date, after which they will need to be renewed.

GENERATED REPORTS

  • Context analysis
  • Analysis and evaluation of risky activities
  • Compliance/Improvement Program
  • Due Diligence List
  • Political Declaration and Conflict List 37001

 

 

 

 

 

 

 

 

 

THE ADVANTAGES OF DIGITALIZING THE ANTI-CORRUPTION SYSTEM

  • The connection of information between the different procedures/flows is guided by the logic of the standard and the optimization of work
  • Information is propagated between the different flows, e.g. Internal Audit findings are shown in the ISO 37001 Findings Register; from module 37001 the information flows are sent to the Supervisory Body Management flow.

All common factor procedures, to complete the ISO 37001 Management System, are described in the module
Integrated Management Systems

Modules

Whistleblowing
Internal Audit
Integrated Risk Management
Model 231
Anticorruption
Privacy
Business Continuity
Quality
Information Security
Human Resources
Health and Safety
Facility Management
Environment
Plaint Maintenance
Behavior Based Safety
Corporate Social Responsibility
ERM - ESG
Project Risk Management
Insurance Risk Management
Sustainability Strategy and Reporting
Sustainability strategy and reporting
Integrated Management Systems