BS 10500:2011 | The GoodCorporation Framework on Bribery and Corruption | ||
1. Scope | |||
1.1 | Below are the areas of the organization’s activities which an ABMS (anti-bribery management system) covers according to the BS10500: | ||
1.1a | Bribery in the public, private and voluntary sectors | The GoodCorporation Framework scope covers bribery and corruption in the public and private sectors under all of its headings. | |
GV8 | Bribery via the voluntary sector is covered specifically in GV8:‘There are procedures and controls to ensure that community projects and chartable contributions are not used to obtain undue business influence’ | ||
1.1b | Bribery by the organization, or by its personnel or others acting on its behalf or for its benefit | CT1 | Employees receive the ABC policy and make personal commitments to follow it(ABC: Anti-bribery and corruption) |
CT3 | The organisation communicates its ABC policies to its suppliers, customers, agents and intermediaries and obtains their commitment to follow equivalent principles | ||
DD2 | There are clear due diligence procedures to examine the ethical practices or current and prospective agents, intermediaries, key suppliers, wholesales and distributors | ||
SMHR | The Sales and marketing and Human Resources sections of GoodCorporation’s Framework deal specifically with bribery by the organisation, its personnel or sales and marketing intermediaries working on its behalf. | ||
GV10 | All agents and intermediaries interacting with government officials or regulators have clear terms and conditions with appropriate ABC clauses | ||
GV11 | All agents and intermediaries interacting with government officials or regulators follow the organisation’s policies on bribery and corruption | ||
1.1c | Bribery of the organization, or of its personnel or others acting on its behalf or for its benefit | PPHR | The Procurement and Human Resources sections of the GoodCorporation Framework cover passive bribery risks. |
1.1d | Direct and indirect bribery (e.g. a bribe paid or received through or by a third party) | The GoodCorporation Framework scope covers bribery and corruption in the public and private sectors under all of its headings. | |
1.1e | Bribery within the country in which the organization is based, and bribery in other countries in which the organization operates | RA1 | There is a risk assessment that evaluates the risks of bribery and corruption in markets, countries and sectors where the company is operating, or is considering operating |
GV7 | Where it encounters corruption as a material business issue in a particular country, the organisation engages in constructive dialogue with the country’s government and authorities | ||
1.1f | Bribery of any value, whether large or small (including facilitation payments) | The GoodCorporation Framework scope covers bribery and corruption of all values. | |
GV4 | No inducements in cash or in kind are offered to public officials to influence decisions | ||
GV5 | No form of facilitation payment, in cash or in kind, is allowed | ||
GV6 | There are clear procedures and training to combat facilitation payments | ||
1.1g | Bribery involving both cash and non-cash advantages | SM7 | There are procedures and controls to ensure that commercial sponsorship avoids any element of bribery or inappropriate influence |
SM8 | No inducements in cash or in kind are offered to influence sales | ||
HR | The Human Resources section deals with Gifts and Hospitality, which in practice covers both cash and non-cash advantages | ||
GV4 | No inducements in cash or in kind are offered to public officials to influence decisions | ||
1.2 | The scope of this standard is applicable to bribery as applicable to the laws in the countries in which the organization (wishing to attain the standard) is based and/or operating. | CM4 | Senior management ensures that the organisation abides by all applicable national and international ABC laws, conventions and industry standards. |
1.3 | The requirements of this standard are generic and intended to be applicable to all organizations and sectors (public, private and voluntary) | The GoodCorporation Framework is intended to be applicable to all organizations. | |
2. Terms and definitions | |||
2 | These are broadly the same as for both standards with the exception being: | ||
2.3 | Business associate | GoodCorporation refers to agents, customers, distributors, intermediaries (sales and marketing as well as those who obtain permits, licences and authorisations on the company’s behalf), joint venture partners, partners, suppliers and wholesalers | |
3. Planning | |||
Planning | |||
3.1 | While the BS10500:2011 standard refers to planning for the implementation of the ABMS, GoodCorporation is normally organising the planning of an audit, which is checking a management system and or process which is already in place.The GoodCorporation Framework can also be used by companies as an internal ABC checklist and specifically addresses the issue of resources to support compliance (CM1). | ||
Scope of the ABMS | |||
3.2 | Scoping considerations are the same for both standards | ||
4. Adopting an anti-bribery policy and implementing the ABMS | |||
Anti-bribery policy and ABMS | |||
4.1.1 | The organization shall adopt and record an anti-bribery policy | TC1 | There is a written and clearly articulated anti-bribery and corruption (ABC) policy |
4.1.2 | The organization shall implement an ABCM comprising the appropriate policies, procedures and controls specified in 4.2 to 4.18 and Clauses 5 and 6 in a manner which is reasonable and proportionate having regard to the nature and extent of bribery risks which the organization faces, and taking into account the factors in 3.2 | In line with Note 2 of the BS10500, GoodCorporation also agrees that many relevant documents will form part of existing policies, procedures and controls, rather than specific, standalone ABC ones.GoodCorporation reviews and logs documentary evidence for all the GoodCorporation Framework points. As per the Framework we check:
|
|
4.1.3 | Top management shall take responsibility for the adoption of the anti-bribery policy and the implementation of the ABMS | TC2 | The policy of zero tolerance of bribery and corruption has been formally approved by the board or equivalent |
TC3 | There is high-level and clear ownership of ABC controls | ||
TC4 | ABC issues and related policies are regularly considered by the board or equivalent | ||
CM2 | The compliance function has a reporting line to independent directors | ||
Communicating the anti-bribery policy and ABMS | |||
4.2.1 | Top management shall make a statement that:a) the organization has adopted an anti-bribery policyb) the organization is implementing an ABMS to give effect to this policy; andc) top management supports the policy and the ABMS | TC2 | The policy of zero tolerance of bribery and corruption has been formally approved by the board or equivalent |
TC4 | ABC issues and related policies are regularly considered by the board or equivalent | ||
TC5 | The policy of zero tolerance of bribery and corruption has been made public, together with the organisation’s supporting policies and implementation | ||
CM3 | Senior management communicates ABC policies and any current cases to independent directors or the parent organisation (where relevant) | ||
4.2.2 | The statement in 4.2.1 and the anti-bribery policy shall be communicated to all the organization’s personnel and shall be published on the organization’s intranet and public website (if it has these) | TC5 | The policy of zero tolerance of bribery and corruption has been made public, together with the organisation’s supporting policies and implementation |
CT | The Communication and training section of the Framework covers both external and internal communication of the company’s anti-bribery policies and the commitment to follow these principles | ||
4.2.3 | The organization shall implement procedures under which:a) all personnel read the anti-bribery policy and agree to comply with itb) records are maintained of all personnel who have
|
CT1 | Employees receive the ABC policy and make personal commitments to follow it GoodCorporation routinely checks compliance declaration records and information against employee lists. |
Education, training and/or guidance | |||
4.3 | Provision of appropriate education, training and or guidance covering all relevant personnel and the organization’s ABC policy/ABMs; their understanding of the risks and circumstances around bribery and corruption and to whom they should report concerns.The necessary repeat and update of such education, training and or guidance. | CT1 | Employees receive the ABC policy and make personal commitments to follow it |
CT2 | Employees are trained on the company’s ABC policies Please note that for this point GoodCorporation will assess the regularity and relevance of the training. Please see also RA2 below | ||
CT6 | ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries | ||
RA2 | The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable | ||
HR3 | Disciplinary processes are used to support the observance of the organisation’s anti-bribery and anti-corruption polices and procedures | ||
HR7 | Performance appraisals include specific reference to ABC | ||
CM5 | There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected | ||
CM10 | The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures | ||
Management responsibility | |||
Day-to-day responsibility for compliance | |||
4.4.1 | The organization shall define the levels of responsibility for overseeing compliance with the anti-bribery policy and ABMS on a day-to-day basis | TC3 | There is high-level and clear ownership of ABC controls |
SM6 | There are well-defined guidelines for carrying out major bids to supply goods and services, which ensure that expenditure is devoted to the quality and communication of the bid only | ||
CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy. Please note, in line with the BS10500 comment, GoodCorporation also reviews each departments’ ABC risk assessment/profile and the inclusion of relevant risk and departmental ownership (under RA1). We also review local support for the compliance function. | ||
Compliance manager | |||
4.4.2.1 | A suitably qualified or experienced manager shall be allocated responsibility for overseeing implementation of the ABMS | CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy. |
4.4.2.2 | The compliance manager shall:a) have direct and prompt access to top managementb) have responsibilities covering implementation of the ABMS, compliance with the policy and ABMS, consistency with good practice, legal compliance, and ABC guidance | CT6 | ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries |
CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy. | ||
CM2 | The compliance function has a reporting line to independent directors | ||
CM3 | Senior management communicates ABC policies and any current cases to independent directors or the parent organisation (where relevant) | ||
CM4 | Senior management ensures that the organisation abides by all applicable national and international ABC laws, conventions and industry standards | ||
Multiple organizations | |||
4.4.3 | Where the organizations comprises more than one independently-managed organization, a suitably qualified or experienced manager shall be appointed within each organization as responsible for ABC/ABMS. | CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy. We also review local support for the compliance function in all relevant subsidiaries and affiliated organisations. |
CM8 | The ABC controls of joint ventures and significant investment projects are monitored | ||
Provision of resources | |||
4.5 | The organization shall provide the resources needed to implement the ABMS | FN3 | There are appropriate internal and external audits which include ABC checks |
CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy. | ||
CM9 | An external review of the adequacy of the company’s ABC controls is undertaken | ||
Risk assessment | |||
4.6.1 | The organization shall implement procedures to enable it to assess the risk of bribery relative to its existing activities, new activities and whether its policies, procedures and controls are adequate | RA1 | There is a risk assessment that evaluates the risks of bribery and corruption in markets, countries and sectors where the company is operating, or is considering operating |
4.6.2 | These risk assessments shall examine the bribery risks in relation to transactions, projects, countries, business sector, work type, business model and or proposed business associates. This shall be repeated so that changes can be properly assessed. | RADD | The Risk assessment and Due diligence sections of GoodCorporation’s framework cover these points |
4.6.3 | The timing and frequency of these risk assessments shall be defined by the organization | RA2 | The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable |
4.6.4 | As part of its risk assessment process the organization shall undertake due diligence on business associates | DD | TheDue diligence section of GoodCorporation’s framework cover this point |
4.6.5 | Where the risk assessment deems necessary, there is provision for improvement of ABC controls | RA2 | The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable |
CM9 | An external review of the adequacy of the company’s ABC controls is undertaken | ||
CM10 | The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures | ||
4.6.6 | Where the risk assessment identifies risks which cannot be mitigated, the organization should take appropriate steps to terminate, discontinue or decline a project or transaction | TC2 | The policy of zero tolerance of bribery and corruption has been formally approved by the board or equivalent |
TC4 | ABC issues and related policies are regularly considered by the board or equivalent | ||
RA2 | The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable GoodCorporation reviews risks identified and where mitigation is not feasible or unlikely to be effective would judge whether appropriate action had been taken, with termination, discontinuation and market exit as possible outcomes | ||
DD | The Due diligence section of the framework supports this point. | ||
PP7 | There is a clear policy to apply sanctions to suppliers and partners where corrupt activity is discovered | ||
CM3 | Senior management communicates ABC policies and any current cases to independent directors or the parent organisation (where relevant) | ||
CM6 | All issues reported confidentially are properly recorded and investigated, with appropriate steps taken to prevent reoccurrence | ||
Due diligence | |||
4.7.1 | Where the risk assessment shows that a business associate might pose a more than negligible bribery risk, the organization shall implement procedures to undertake due diligence on the business associate prior to entering into any business relationship with it. | DD | The Due diligence section of the framework covers this point.Please note, while DD1 refers to a process for deciding when due diligence is required, GoodCorporation emphasises the zero tolerance requirements of the UK Bribery Act. |
4.7.2 | The due diligence shall be repeated at a defined frequency on an on-going basis during the business relationship. | DD1 | There is a process for deciding when due diligence regarding bribery and corruption is required GoodCorporation assesses the frequency and appropriateness of due diligence reviews |
Implementation of ABMS by controlled organizations and business associates | |||
4.8.1 | The organization shall implement procedures to ensure that organizations over which it has control implement reasonable and proportionate ABMS, having regard to the nature and extent of the risks.(This covers subsidiaries, joint ventures, consortia etc) | CT4 | The organisation communicates its ABC policies to its joint venture partners and obtains their commitment to follow equivalent principles |
DD4 | Where due diligence identifies contracts or contractors as high risk, processes are in place to manage the risks identified | ||
CM8 | The ABC controls of joint ventures and significant investment projects are monitored | ||
4.8.2 | In the case of business associates over which the organization has no direct control, where at all possible the organization should ensure that its business partners have appropriate ABMS, taking into account risk, size, activity, location etc.Risk assessments should be adjusted to reflect dealings with organizations that will not implement an ABMS or refuse to verify the existence of the same. | CT3 | The organisation communicates its ABC policies to its suppliers, customers, agents and intermediaries and obtains their commitment to follow equivalent principles |
DD2 | There are clear due diligence procedures to examine the ethical practices of current and prospective agents, intermediaries, key suppliers, wholesales and distributors | ||
DD4 | Where due diligence identifies contracts or contractors as high risk, processes are in place to manage the risks identified | ||
SMPPGV | The Sales and marketing, Procurement and Government and regulatory affairs sections of the Framework cover ABC clauses and sign up to the organisation’s own ABC policies (if equivalent are not available) for customers, suppliers and agents and intermediaries (both sales and marketing and those interacting with government on the company’s behalf) | ||
Employment procedures | |||
4.9 | Employment procedures cover the below: | ||
4.9a | Vetting requirements and likelihood to comply with ABMS | HR6 | Recruitment processes include screening for political connections and conflicts of interest GoodCorporation does not assess whether companies vet an employees’ likelihood to comply with the ABC policy. We do check that, where local employment laws permit, criminal record checks are conducted on potential employees. |
4.9b | Organization’s right to discipline personnel in event of non-compliance with ABMS | CT1 | Employees receive the ABC policy and make personal commitments to follow it |
HR3 | Disciplinary processes are used to support the observance of the organisation’s anti-bribery and anti-corruption policies and procedures | ||
4.9c | Distribution of ABC policy and compliance declaration within a defined period of employment commencing | CT1 | Employees receive the ABC policy and make personal commitments to follow it GoodCorporation would highlight instances where unreasonable delays in sign-up were occurring |
4.9d | Conflicts of interest declarations | HR6 | Recruitment processes include screening for political connections and conflicts of interest GoodCorporation would also assess reminders and training about conflicts of interest, to ensure that if any occur post recruitment these are declared. |
GV14 | There is a policy to ensure that Politically Connected Persons are not used to gain undue advantage | ||
4.9e | Bonuses, targets and incentives to be reviewed periodically to ensure there are safeguards to prevent ABC | SM1 | ABC safeguards are built into sales and marketing processes GoodCorporation reviews employees’ commission based remuneration structures for reasonableness and bribery risk. |
HR7 | Performance appraisals include specific reference to ABC | ||
4.9f | Disciplinary procedure covering ABC (including the right of termination of employment) | HR3 | Disciplinary processes are used to support the observance of the organisation’s anti-bribery and anti-corruption policies and procedures GoodCorporation expects disciplinary procedures to cover ABC and ultimately the right to terminate employment if there have been ABC transgressions. |
4.9g | Employees’ right to decline business opportunity where there is an unacceptable risk of bribery | CM5 | There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected GoodCorporation makes no specific reference to this point, however it is understood that if training is adequate it will cover this eventuality. Likewise, as shown in CM5 good faith whistleblowers must be protected. |
Gifts, hospitality, donations and similar benefits | |||
4.10.1 | The organization shall adopt a policy which prohibits the offer or receipt of items such as the following, where the offer or receipt or could reasonably be perceived to be, for the purpose of bribery (Gifts, entertainment and hospitality; political/charitable donations; client or public official travel; promotional expenses; sponsorship; community benefits) | SM4 | Sales and marketing agents and intermediaries are required to follow clear rules and controls on the offer and acceptance of gifts and hospitality which ensure that these do not influence business decisions |
SM6 | There are well-defined guidelines for carrying out major bids to supply goods and services, which ensure that expenditure is devoted to the quality and communication of the bid only | ||
SM7 | There are procedures and controls to ensure that commercial sponsorship avoids any element of bribery or inappropriate influence | ||
PP6 | No inducements in cash or in kind that could influence procurement decisions are accepted or offered | ||
HR1 | Employees follow clear rules and controls on the offer and acceptance of gifts and hospitality which ensure that these do not influence business decisions GoodCorporation would review client/public official travel policy as part of this point. | ||
GV2 | There is a clear policy forbidding political contributions whether direct or indirect | ||
GV4 | No inducements in cash or in kind are offered to public officials to influence decisions | ||
GV8 | There are procedures and controls to ensure that community projects and charitable contributions are not used to obtain undue business influence | ||
4.10.2 | The organization shall implement procedures which minimise the risk of the occurrence of any incident prohibited by the policy specified in 4.10.1 | CT2 | Employees are trained on the company’s ABC policies |
CT3 | The organisation communicates its ABC policies to its suppliers, customers, agents and intermediaries and obtains their commitment to follow equivalent principles | ||
CT5 | Sales and marketing intermediaries are trained on the company’s ABC policies | ||
HR2 | All gifts and hospitality given or received are recorded | ||
Facilitation payments | |||
4.11 | The organization shall adopt a policy which prohibits the offer or receipt of facilitation payments, and provide guidance to personnel on what to do if they are faced with a demand for a facilitation payment, or when a facilitation payment has been made | CT6 | ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries |
GV5 | No form of facilitation payment, in cash or in kind, is allowed | ||
Delegated decision-making | |||
4.12 | Where top management delegates to personnel the making of decisions in relation to which there is a risk of bribery, the organization shall establish a decision making process that ensures that the decision process and the seniority of the decision-maker are appropriate for the value of the transaction and the perceived risk of bribery. | SM1 | ABC safeguards are built into sales and marketing processes |
PP1 | There are procurement policies and procedures with clear ABC safeguards | ||
FN1 | There are clear policies and processes for the management and recording of financial transactions | ||
Anti-bribery contract terms | |||
4.13 | The organization shall implement procedures which ensure that in relation to all business associates which pose a more than negligible bribery risk contracts contain a prohibition of bribery (as far as is reasonable.Where it is not reasonable to include these terms, the absence of the prohibition will be a negative factor, taken into account in undertaking the risk assessment. | CT3 | The organisation communicates its ABC policies to its suppliers, customers, agents and intermediaries and obtains their commitment to follow equivalent principles |
CT4 | The organisation communicates its ABC policies to its joint venture partners and obtains their commitment to follow equivalent principles | ||
DD4 | Where due diligence identifies contracts or contractors as high risk, processes are in place to manage the risks identified | ||
SM2 | All customers and all sales and marketing intermediaries have clear terms and conditions with appropriate ABC clauses | ||
PP2 | All suppliers have clear terms and conditions with appropriate ABC clauses | ||
Financial controls | |||
4.14.1 | The organization shall implement financial controls which minimize the risk of the organization, or any of its personnel or others acting on its behalf or for its benefit, paying or receiving a bribe | FN | The Finance section of the GoodCorporation Framework covers these points |
4.14.2 | The organization shall maintain records that accurately document all financial transactions | FN1 | There are clear policies and procedures for the management and recording of financial transactions |
CM6 | All issues reported confidentially are properly recorded and investigated with appropriate steps taken to prevent reoccurrence | ||
Procurement and other commercial controls | |||
4.15 | The organization shall implement procurement and other commercial controls which minimize the risk of the organization, or any of its personnel or others acting on its behalf or for its benefit, paying or receiving a bribe | PP | The Procurement section of the Good Corporation Framework covers these points |
Raising concerns | |||
4.16 | The organization shall implement procedures which: | ||
4.16a | Enable personnel to report bribery or breaches of the ABMS | CM5 | There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected GoodCorporation includes all stakeholders in this point, rather than focusing on internal personnel |
4.16b | Where requested by personnel, ensure confidentiality of reporting | CM5 | There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected |
4.16c | Allow anonymous reporting | CM5 | There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected GoodCorporation does not include ‘anonymous’ in its Framework due to legal restrictions in different territories |
4.16d | Protect personnel from retaliation | CM5 | There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected |
4.16e | Enable personnel to receive advice on what to do if facing a situation involving bribery | CT6 | ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries |
4.16f | Ensure that all personnel are aware of the reporting procedures | CT2 | Employees are trained on the company’s ABC policies |
4.16g | Promote and encourage use of the reporting procedures | CT2 | Employees are trained on the company’s ABC policies |
4.16h | Include clear guidance covering:1.how to raise a concern regarding bribery2.report investigation and action/feedback3.access to independent advice4.reporting to external authorities5.that they will not be at risk of retaliation6.identity protection7.that it is a disciplinary offence to retaliate against someone who raises a concern about bribery8. the ethical responsibility to report9. the legal duty to report and consequences of a breach of this duty | CT2 | Employees are trained on the company’s ABC policies GoodCorporation evaluates the adequateness of training and guidance provided on the confidential reporting processes (covering the items listed in BS10500), although we would not look specifically for guidance on the ethical responsibility to report. |
CT6 | ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries | ||
CM7 | There are processes to deal with cases of actual or suspected bribery and rules for when to report to the relevant authorities | ||
Investigating and dealing with bribery | |||
4.17 | The organization shall implement procedures whicha) require investigation of any bribery or any breach of or weakness in the ABMS, which is reported, detected or reasonably suspectedb) require appropriate action | CM6 | All issues reported confidentially are properly recorded and investigated, with appropriate steps taken to prevent reoccurrence |
CM7 | There are processes to deal with cases of actual or suspected bribery and rules for when to report to the relevant authorities | ||
Documenting the ABMS | |||
4.18 | The organization shall keep appropriately detailed records of:a) the ABMSb) actions taken under the ABMSc) any bribery-related issues which arise | The GoodCorporation Framework assessment methodology requires an assessor to check the below for all Framework points:
|
|
5. Monitoring and reviewing the ABMS | |||
Review by compliance manager | |||
The compliance manager shall assess whether the ABMS is:a) adequateb) being effectively implemented (Note frequency is recommended to be at least annually) | RA1 | There is a risk assessment that evaluates the risks of bribery and corruption in markets, countries and sectors where the company is operating, or is considering operating | |
CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy | ||
CM9 | An external review of the adequacy of the company’s ABC controls is undertaken | ||
Internal audit | |||
5.2.1 | The organization shall implement appropriate and proportionate internal audit processes or other procedures which check projects, contracts, procedures, controls and systems for any indication of:a) briberyb) non compliance with ABC policy or ABMSc) failure of other organizations under the control of the organization to implement an ABMSd) weaknesses in or scope for improvement to the ABMS | FN3 | There are appropriate internal and external audits which include ABC checks |
CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy | ||
CM10 | The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures | ||
5.2.2 /5.2.3 | These audits should be conducted at regular, planned intervals in proportion to the importance of the processes and the results of previous audits | RA2 | The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable |
CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy | ||
5.2.4 | The responsibility, scope, method, planning and conducting audits and the requirement for reporting results/maintaining records shall be defined in a documented procedure. | CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy GoodCorporation examines any appropriate supporting documentation which proves that the compliance function is adequately supporting the ABC policy implementation. |
5.2.5 | Audit reports detailing any significant matters identified, and any recommended corrective actions or improvements, shall be provided to the compliance manager and top management | CM1 | There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy |
CM3 | Senior management communicates ABC policies and any current cases to independent directors or the parent organisation (where relevant) | ||
5.2.6 | Ensuring objectivity and impartiality – the organization shall ensure that the audit is undertaken by:a) an independent functional personb) the compliance managerc) an appropriate persond) an appropriate third party | FN3 | There are appropriate internal and external audits which include ABC checks |
CM9 | An external review of the adequacy of the company’s ABC controls is undertaken GoodCorporation is often commissioned to provide an impartial and objective view on the adequacy of the company’s ABC controls and processes. | ||
Top management review | |||
5.3.1 | In order to ensure the continuing adequacy and effectiveness of the ABMS top management shall review the scope and implementation of the ABMS. This review shall be carried out:a) at regular planned intervalsb) when major changes to the organization’s activities or structure take place | TC4 | ABC issues and related policies are regularly considered by the board or equivalent |
CM10 | The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures | ||
5.3.2 | The review shall be based on:a) the compliance manager’s assessments and reportsb) audits undertakenc) personnel reportsd) breaches/incidents identified | TC4 | ABC issues and related policies are regularly considered by the board or equivalent GoodCorporation take a view as to the adequacy of the review content but do not specify in advance what documents should be included, but does encourage employee feedback to be sought (CM10). |
CM10 | The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures | ||
5.3.3 | Improvements identified shall be submitted to the improvement process | TC4 | ABC issues and related policies are regularly considered by the board or equivalent |
RA2 | The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable | ||
6. Improvement of the ABMS | |||
6 | The organization shall implement a procedure for changing or improving the ABMS whenever necessary or desirable.All proposed changes shall be assessed prior to their introduction to ensure they do not reduce the effectiveness of the ABMS. | TC4 | ABC issues and related policies are regularly considered by the board or equivalent |
RA2 | The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable | ||
CM10 | The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures |
Key
Italics | Wording in italics is a direct copy of the specific GoodCorporation Framework point |
XY | Indicates the section of the GoodCorporation Framework (TC for Top-level commitment, CT for Communication and training etc.) |
XY# | Indicates the specific GoodCorporation Framework point (TC1 for the first point in the Top-level commitment section etc.) |