(18) Records

Keep reasonably detailed records of the ABMS, and its implementation, and any compliance issues which arise.

(19)  Review

Monitor, review and evaluate the ABMS in order to ensure that it is effectively designed to manage the bribery risks faced by the organisation, and that it is being effectively implemented.  This can be done by a number of mechanisms:

• The compliance function should continually monitor the effectiveness of the ABMS.
• Where practicable, the outputs of the ABMS should be measured and monitored (e.g. number of persons who have undertaken anti-bribery training).
• Internal audits should be undertaken at planned intervals (e.g. annually) which assess functions and projects on a sample basis to determine whether the ABMS is effectively designed to manage the organisation’s bribery risks, and is being effectively implemented.
• The organisation’s top management should undertake periodic reviews of the ABMS (e.g. annually). At this review, the top management should receive reports from the compliance function and internal audit functions as to the effectiveness and implementation of the ABMS.

(20)  Improvement

Rectify as soon as possible any identified weakness in the ABMS.