Module 10:  The benefits and requirements of ISO 37001

Requirements: (18) Records; (19) Review; (20) Improvement

(18) Records

The organisation should keep reasonably detailed records of the ABMS, and its implementation, and of any compliance issues which arise.

(19)  Review

The organisation should monitor, review and evaluate the ABMS in order to ensure that it is effectively designed to manage the bribery risks faced by the organisation, and that it is being effectively implemented.  This can be done by a number of mechanisms:

  • The compliance function should continually monitor the effectiveness of the ABMS.
  • Where practicable, the outputs of the ABMS should be measured and monitored (e.g. number of persons who have undertaken anti-bribery training).
  • Internal audits should be undertaken at planned intervals (e.g. annually) which assess functions and projects on a sample basis to determine whether the ABMS is effectively designed to manage the organisation’s bribery risks, and is being effectively implemented.
  • The organisation’s top management should undertake periodic reviews of the ABMS (e.g. annually). At this review, the top management should receive reports from the compliance function and internal audit functions as to the effectiveness and implementation of the ABMS.

(20)  Improvement

If at any time a weakness is identified in the ABMS, then this should as soon as possible be rectified. 

                            16 of 22

January 2025
© GIACC