Introduction

MSECB is continually making efforts to improve its service to clients. One of these improvements is to ensure that only subject matter expert auditors conduct certification audits for the various ISO standards. 

Clients from varying industries, often major multi-national companies, have expressed to us how important compliance with laws and regulations is to them and how damaging non-compliance can be to the company financially and reputationally.

Their reason for building a solid and robust anti-bribery management system is not to impress their stakeholders, but to ensure them that the company is a reliable business partner that makes every effort to mitigate the corruption risk.

In order to ensure that their anti-bribery management system meets international standards and significantly reduces the chances of corruption occurring, companies are looking for independent auditors to verify the robustness of their management system. These auditors are expected to thoroughly review and assess the effectiveness of the management system, applying their (extensive) knowledge and practical experience in compliance.

ISO 37001 auditor skillset

Having worked in multi-national companies, in senior positions in audit, compliance and corporate investigations, MSECB auditors apply a solid knowledge base combined with effective soft interviewing skills in order to determine the existence and effectiveness of the various (anti-bribery) controls that a company has implemented. 

Our clients have shown respect and appreciation for our audit approach, that is aimed to minimize disruption to the daily business activities and how identified (potential) control weaknesses in the management system are effectively communicated. Our clients embrace identified weaknesses as an opportunity to further improve their anti-bribery management system, which protects them against financial and reputational damage from bribery activities; they do not see them as a failure on their part.

Competence

In our opinion, an ISO 37001 auditor must have relevant experience in the area of compliance, preferably in different industries. Certification audits leave little time to understand the corporate governance structure of the company being audited, but it is a critically important aspect in order to conduct an effective certification audit. Thus, the ability to quickly comprehend the governance framework is an important skillset.

There are different approaches to assess the effectiveness of an Anti-bribery Management System. One approach is to interview a selected number of employees within the scope of the ABMS. The interviews are to assess the knowledge and understanding of various elements and controls of the ABMS relevant to the respective employees, but also to give the auditor a sense of the company’s culture and the level of integrity within the organization. 

Such interviews should ideally not be conducted if they are following a pre-composed standard checklist with questions. This could be perceived by the client as being subjected to a test, boring and, potentially, a lack of interest or knowledge of the auditor. In addition, understanding the level of integrity within a company culture is very difficult through an off-the-rack list of questions. Auditors with good interviewing skills have an advantage when conducting an audit for ISO 37001 certification. Maybe the most important characteristic of an effective ISO 37001 certification auditor is that they are genuinely respectful to the client’s employees, their culture and their beliefs. The auditor must always display ethical behavior. 

Conclusion

For a company, the obtained MSECB ISO 37001 certification is considered an independent confirmation of the strength of their anti-bribery management system by subject matter experts. It will have great value to its stakeholders. Business partners will feel comfortable entering into business and may be encouraged to assess their own anti-bribery controls, while regulators will recognize the company’s anti-bribery efforts when an unforeseen compliance incident occurs.

We have been alerted that certain regulators have concerns that auditors with limited or no experience/knowledge in Compliance are conducting ISO 37001 audits, which reduces the perceived value of the ISO 37001 certificate. 

We are therefore delighted and fully support MSECB’s initiative to ensure that its auditors are subject matter experts, which in my opinion will increase the perceived value of an obtained MSECB certificate, by external interested parties.