I don’t mean to alarm you, but it’s coming soon… the rustle of leaves underfoot, the back-to-school bonanza, the big push until the holiday season begins.  Fall is frequently the busiest time of year for compliance officers and the business.  What can you do now to prepare?  Here are four ways to get ahead of the game before the frenzy takes hold…

1.      Prepare for Budget Season

In most companies, September and October are budget season, where departments submit their requests for next year’s budget.  Where can you request more budget for next year, or, alternatively, where can you afford to cut?  By thinking about what you want now, you can prepare statistics, benchmark against other companies’ expenditures, and draft your arguments for what you’re going to need.  Start early so that you’re ready.

2.      Plan your End-of-Year Spending

Many companies have a “use it or lose it” approach to budget.  If you see that you’ll have excess budget by December, plan now for how you’ll spend it.  Can you get an additional online training module?  What about an external compliance program evaluation?  Maybe some new posters about the whistle-blowing hotline for the break rooms?  Plan how you’ll spend your budget now, and always remember: if you don’t use all of your budget, you’re likely to have your budget reduced.

3.      Review your HR-Related Goals

Ring. Ring. Ring…is anyone there?  Can you hear me now?  Have I reached the right number?  Nearly everyone with a compliance program has some sort of reporting mechanism, whether it’s a formal whistle-blower hotline or an email address for the compliance department.  But how good is your whistle-blower hotline?  To find out, answer these three questions.

1.     Who can call?

Do you want to hear about the ethical concerns of your employees?  Of course.  What about the concerns of your suppliers?  How about the compliance concerns of your customers?  Yes?  Yes.  Knowledge is power.  While it’s true that if you extend the availability of your whistle-blower hotline to the outside world, you may get some spurious complaints, a real concern that you can properly investigate is worth the irritation of a couple of consumer gripes about your product.

A mature compliance program’s whistle-blower hotline should be available to:

Imagine you’re really hungry.  You walk up the street and see two restaurants.  One has an “A” rating on the window for food safety, certified by the city’s health and safety body.  The other has a handwritten “A” on the window, without any information as to who gave the grade.  Which restaurant would you go into?

With respect to the ISO 37001 Anti-Bribery Management Systems Certification, many commentators have asked the question, “Who is doing the certification!?!”  Up until recently the answer was simply, “Certification bodies.”  But which certification bodies?  And how do you know whether a certification body has a quality process in place to ensure that it only certifies companies that meet the high threshold requirements of ISO 37001?  

When the anti-bribery ISO standard was published in Oct. 2016, a second standard was published with it.  This second Standard, ISO 17021-9, laid out the auditing criteria that was to be used to determine whether a company had met the standard, and specified that only anti-bribery experts could be auditors. While the auditing criteria could be applied immediately, verification that a certifying body was following that criteria would take longer to judge.  That is because, similar to companies seeking ISO 37001 certification, certification bodies can seek accreditation by proving that they are following proper ISO certification standards.

The Accreditation Process

ISO is a global NGO comprised of member bodies from all participating country.  Each country has what’s called an accrediting body.  This body evaluates certifying bodies and decides whether the certifying body is following the auditing criteria associated with various ISO standards, including ISO 37001. This is a rigorous process.  After reviewing audits, if the accrediting body is satisfied, it will accredit the certifying body.