Pharma and Healthcare Companies can Benefit from ISO 37001

Pharma and Healthcare Companies can Benefit from ISO 37001

When global pharmaceutical giant GlaxoSmithKline found itself in the Chinese government’s crosshairs for an alleged large-scale bribery scandal, there was perhaps little doubt that the consequences would be large-scale, as well. GSK was accused of systematically paying bribes and “gratuities” to doctors and hospitals in return for favourable product use and promotion. Pharma and Healthcare Companies ISO 37001 Benefits

China was in the midst of an emerging anti-graft campaign and imposed tough penalties against GSK and its executives: In the end, various company leaders were arrested and eventually given suspended prison sentences; GSK was fined $490 million; and the corporation published a statement of apology to the Chinese government and its citizens.

GSK’s fraud was arguably symptomatic of a widespread problem among pharmaceutical companies and healthcare providers (also called “life sciences” providers) with bribery and corruption in economies and healthcare markets around the world. Despite increased awareness of the problem and the application of sophisticated anti-fraud mechanisms, individual actors and agencies continue to defraud public and private health systems in the same ways exemplified by GSK in China.

Generally speaking, healthcare and pharma presents a target-rich environment for fraud. Quantitative data indicate that healthcare fraud has already risen starkly in recent years. The World Health Organisation (WHO) estimates that, where losses have been measured and the types of health expenditure have been covered, the average annual cost of fraud totals 7.29 per cent of healthcare budgets (Gee and Button, 2014). With rapidly ageing populations and the increased costs of providing long-term care, placing substantial pressure upon already overburdened health and social care sectors, healthcare spending will continue to increase worldwide. Unfortunately, this will also bring increased fraud schemes, as fraud perpetrators follow the money.

Bribery and corruption will continue to be a part of this upward trend in fraud. Certainly, not all cases are as broad and sweeping as GSK’s – in some cases, corruption occurs simply because the pharma or healthcare entity doesn’t have proper controls in place to uncover red flags. This also raises serious compliance issues in a landscape that has increasingly stringent regulations and enforcement measures to punish organisations that fail to implement proper anti-bribery and anti-corruption management procedures.

CRI Group investigates: Pharma corruption case included CFO

A major pharma company suspected bribery and corruption among some of its senior employees. The client’s corporate security department had received conflict of interest complaints that reportedly involved a range of employees, from sales personnel on up to the chief financial officer (CFO).

An outside investigation firm was called in launch a risk assessment of the company’s third-party relationships, which included several interviews with identified vendors and suppliers to help ascertain the engagement process and associated risks. This process uncovered the fact that the client had no policy or code of conduct concerning ethics, compliance and standards for appointment of vendors, suppliers and local agents. Most troubling was the fact that in most cases, senior management referred business opportunities to friends and family members.

Investigators found that one of the vendors, which was deeply engaged in procurements and the supply of services for the pharma company over the past five years, raised serious red flags. The vendor’s letterhead lacked a physical address, and the only contact information listed was a single cell phone number. It was clear this vendor warranted further investigation.

Investigators used site visits, background checks and interviews to determine that the suspicious vendor was not a company at all – but a single person. Not just any person, however – a public records check with a national database revealed that this individual, who was posing as a major vendor, was none other than the brother-in-law of the client company’s CFO. Worse still was the fact that this blatant fraud was being conducted right under the noses of procurement and finance professionals at this large and well-known pharma company.

The individual’s residence was being used as a warehouse to help facilitate the fraud. A comprehensive litigation records check found that he was previously convicted in federal court and spent three years in prison for the charges of selling counterfeit products, physician samples and expired medicines; further regulatory checks found that his pharmacist license had been cancelled.

A high fraud risk environment was created through the non-compliance of specific procurement rules, and a lack of integrity due diligence and proper risk management. Also, severe conflicts of interest were exposed, connected to high-level executive positions and benefiting those in positions of power.

The pharma company was exposed to highly unethical practices and could face regulatory and other government action. Furthermore, the company was at risk of civil and criminal investigations and liability, damage to its reputation, and loss in shareholder trust, all of which could adversely affect the company’s financial well-being.

A solution through ISO 37001:2016 ABMS

The case study above is not an outlier – such corruption cases are relatively common in such a broad and complex industry. The pharma company could have prevented the scandal altogether, however, had it proactively implemented a proper anti-bribery management system (ABMS). There is a solution that pharma and healthcare companies can implement to help prevent and detect bribery and corruption: the ISO 37001:2016 Anti-Bribery Management System standard. ISO 37001:2016 is designed to help global organisations implement an anti-bribery management system (ABMS), as the standard specifies a series of measures required by the organisation to prevent, detect and address bribery, and provides guidance relative to that implementation.

CRI Group’s ABAC Certification Services is fully accredited to offer independent ISO 37001:2016 certification to ensure that an organisation is in compliance with the standard, which is recognised and practised worldwide.  CRI Group’s auditors and analysts work with pharma and healthcare companies to develop measures that integrate with existing management processes and controls, and include:

• Adopting an anti-bribery policy
• Establishing buy-in and leadership from management
• Training personnel in charge of overseeing compliance
• Communicating the policy and program to all personnel and business associates
• Providing bribery and corruption risk assessments
• Conducting due diligence on projects, business associates and other third-party affiliations
• Implementing financial and commercial controls
• Developing reporting and investigation procedures

In the case study outlined above, having such an ABMS in place would have detected the red flags of bribery and corruption before the scandal was able to proliferate and cause so much damage to the company. Risk assessments, in particular, would have uncovered the lack of due diligence procedures and alerted organisation leaders to the trouble areas that were points of opportunities for the CFO and his brother-in-law. Also, having proper due diligence procedures in place to vet and uncover fraudulent third-parties would have detected the problem with this vendor from the outset.

Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO37001:2016 standard. During this time, any changes to processes and any new relationships with vendors and other third-party partners are carefully reviewed.

Long-lasting benefits of ISO 37001:2016 certification

ISO 37001 provides a strong framework for addressing and isolating risk factors, and the benefits of certification are far-reaching, impacting not just the primary organisation but also influencing contractors, clients, and raising the profile of the company as an ethical entity that is a good trading partner.

By achieving ISO 37001:2016 certification, a pharma or healthcare organisation will ensure that the organisation is implementing a viable anti-bribery management system utilising widely accepted controls and systems. It will also assure management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. Today, companies cannot afford to be reactive to threats of bribery and corruption. By achieving ISO 37001 Anti-Bribery Management System certification today, an organisation will remain in compliance and better positioned to address risks head-on.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Pharmaceutical & Healthcare, Resources by admin
No Comments »

Risk management and its continuous improvement

Risk management requires continuous improvement. Without a company culture strongly aligned with principles of continuous improvement, organisations will struggle to implement, let alone maintain, successful risk management programs. This can be challenging in practice, as cultivating a risk management attitude within a company involves aligning risk initiatives with existing company values, policies and, to put it simply, convincing everyone involved that risk management is worthwhile. However, improving risk culture is possible, and, like many things, it becomes a lot easier when you have a process for it.

Such a process can be separated into three stages:

• Cultural awareness
• Cultural change
• Cultural refinement

Phase one: Building and strengthening cultural awareness

The first stage is building cultural awareness; this will take the form of communications, training, and general education initiatives within the organisation. Here is where companies set risk management expectations and objectives, define roles and responsibilities, and communicate all of these things with their employees. You shouldn’t expect your employees to conform to your ideas about risk management without first taking the time to educate and inform them, whether through formal training or access to knowledge base material or similar.

Successfully building and strengthening cultural awareness about continuous improvement includes:

• Establishing a common risk management vocabulary
• Making sure communications are consistent with said vocabulary and that everyone in the organisation has clear access to all relevant documents
• Being clear about risk management responsibilities and accountabilities.
• Launching and maintaining training programs, providing training support and guidance where needed and as required by different roles and responsibilities within the organisation
• Making sure onboarding processes adequately cover risk management.
• Making sure recruitment processes adequately cover risk management.

Phase two: Changing the way the organisation operates

Once a firm foundation of cultural awareness regarding continuous improvement has been established, it’s time to start thinking about how to gradually change how the organisation operates to reflect these values. This phase begins by recognising and rewarding employees for paying attention to risk and responding to risk in a way that challenges the previously established (pre-continuous improvement) status quo. These motivational systems, rewarding and penalising behaviour according to the established ideals of continuous improvement outlined in the early planning stages, will result in the gradual but certain shift towards a proliferation of continuous improvement-conscious company culture. Another important element is recognising the talent that conforms with the desired vision of continuous improvement and capitalising on this alignment by placing them accordingly in relevant, optimised positions of responsibility or seniority. It’s getting people in the right place to drive the right results.

Some important considerations for this phase:

• Utilising challenge as a motivator for driving cultural change
• Gamifying and quantifying risk performance metrics and rewarding/penalising behaviour accordingly.
• Considering risk management and continuous improvement culture in talent management approaches.

Phase three: Optimising and refining the cultural ecosystem

The third and final stage of cultural adoption of continuous improvement occurs once the company culture has matured to the point of widespread adoption and desired values are already well-entrenched. At this point, the focus shifts to monitoring performance versus expectations and attempting to tweak and refine the system to further improve cultural adoption. The expectations can and will be influenced by a wide range of stakeholders, not just top management; employees, a board of directors, analysts, customers, investors – they all have a say in the definition of cultural expectations because these expectations should directly reflect the whole entity that is the organisation, made up of all its constituent stakeholder parts.

Steps taken during this phase might include:

• Iterating feedback and observations from risk management into training, education, resources, and communications.
• Making sure stakeholders are held responsible for their actions
• Make sure any risk performance metrics or quantifiers are adjusted to reflect risk strategy, goals, and objectives changes.
• The capacity to redeploy and reassign individuals within an organisation according to desired risk culture goals
• Continually reflecting on and refining risk culture by continually changing business goals, objectives, and strategies.

At CRI® Group, we are committed to spreading the knowledge about the risk, compliance management and negative impact of fraud, bribery, and corruption to global businesses and promote transparent business relations across the world. As part of this effort, we want to present you our in-depth risk management and compliance insights – articles, whitepapers, eBooks, and other publications to help organisations overcome fraud, compliance, bribery, and corruption management challenges and tackle risks more effectively.

Don’t miss the opportunity to step up towards transparency and better protection for your business and your career – CRI® Group’s risk management and compliance insights give you a chance to explore these topics in-depth. If you are interested in our solutions, please click below to a free quote or contact us today.

GET A FREE QUOTE

Filed under: All Industries, All Regions, Background Investigation,

3 ways to protect your Company’s Reputation

In today’s connected business world, there are very few secrets. United Airlines, for example, recently learned the hard way that one ugly incident can go viral and spread around the world in a matter of minutes – not hours, days or weeks. protect company reputation

United initially faced criticism over the rough treatment of a passenger being removed from one of their planes. Then, the company learned a second lesson when its CEO’s response to the crisis seemed somewhat disconnected and uncaring. United was in the middle of a reputational crisis, and its first official response to angry consumers only added more fuel to the fire. Later, the CEO offered an apology and a more compassionate statement – but the damage was done.

There are lessons to be taken from this and other high-profile cases where companies have seen their reputation, which they’ve worked hard to cultivate, trashed in the public spotlight. The fact is, things happen, and no company has a guaranteed way to safeguard their reputation from ever being dinged or facing scrutiny, whether fair or not. But there are ways to mitigate the damage and help ensure your company survives the crisis, and can rebuild its reputation in a positive way.

Know that people are talking about you

In the age of Twitter, Facebook, Yelp and other social engagement sites, people are keen to talk about what they like, dislike, what they wish would be better, and anything else on their mind. That includes your company and your products or services. Accept this and embrace it. Engage with people who post on social media when appropriate, and always in a polite and respectful manner. When there is a legitimate problem, communicate that you are taking the matter seriously and looking to resolve it, and then do so.

1. Be transparent

A way to be proactive in your engagement with others is to ask for feedback. Then be prepared to address it, good or bad. Consumers, stakeholders and even your own employees will be impressed by the open lines of communication and an honest dialog. In this way, you can strive to improve your services and offerings and show that you are receptive to your client’ needs.

2. Protect your customers’ data

Nothing can destroy your reputation among your clients and customers quicker than having to tell them their personal information, which was entrusted to you to remain private and protected, is now in the hands of hackers or criminals because you suffered a security breach. Even worse is when they learn that your company did not take all the measures necessary, or even the most basic ones, to prevent such a breach from occurring. Not only might you be criminally liable, but customers will run from you, not wanting to take a risk that something like that could happen again in the future. In today’s high-risk environment, you must have the most sophisticated and up-to-date security measures in place to protect your date – and your reputation.

3. Conduct due diligence

How much do you know about your third-party partners – those suppliers and contractors that you’ve trusted for years, or new ones with whom you seek to engage? An unethical partner can have serious effects on your own company’s reputation – bribery, corruption, supply chain problems are all issues that can end up tainting your own business and causing your customers to lose trust in your products or services. Conducting thorough due diligence, with background checks and full risk assessments, is the only way to help protect your reputation from potential harm.

It may feel sometimes like your company’s reputation is out of your control. However, there are steps you can take to help manage your reputation and help steer the conversation. It becomes more difficult when you wait, and try to undo later the damage that has already been done. That’s why being proactive in maintaining a positive reputation is the best strategy. Contact CRI Group today and let us help you stay on the path to managing your message and your reputation.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Automotive, Aviation,

Top 4 Red flags during a Merger & Acquisition

The business world is often transitional, and the landscape changes as entities grow or industries change – and the players involved have to change with it. Mergers and acquisitions are examples of these “transitional times,” and they are also among the most critical times to conduct proper and thorough due diligence.

There are inherent risks involved with the “unknown factor” that outside entities represent. By nature, merging with another entity, or acquiring it altogether, can be an exciting time, but background screening is especially crucial at this juncture.

When conducting due diligence before a merger or acquisition, what are some of the red flags that should make you take a closer look?

CRI® Group has conducted numerous due diligence engagements for clients undertaking major business deals. Our agents have also conducted many investigations for organisations that failed to do proper due diligence, and as a result became victims of fraud. Our findings in those investigations have provided a road-map of things to look for, and be cautious about, when in the pre-merger or pre-acquisition stage.

Here are a few red flags for any organisation undergoing a merger or acquisition:

1. Legal issues

When merging with or acquiring another entity, due diligence will uncover legal proceedings, including any troubling issues that the entity might have been trying to keep hiding. Past or current litigation or even criminal proceedings have been uncovered in background checks.

2. Credit risks

Some potential partners might be financial landmines, bringing the kind of baggage your organisation cannot afford. Has the entity claimed bankruptcy? Have they dissolved prior companies or are they faced with debtor filings? Proper due diligence will uncover these and other financial risk factors.

3. Lack of experience

If your organisation is looking to partner with a contractor or service provider, what is their experience level in the industry? Have they successfully completed past projects of a similar scale? Nothing can hurt your reputation with clients and customers more than having your deliverability affected by a contractor that cannot handle to job.

4. People problems

Hopefully, your organisation conducts thorough employee background screening of all potential and current employees. Can you say the same for the entity you are considering for a merger or acquisition? If not, the risks are great: fraud risks, criminal conduct, even employees without the needed training or skill level doing dangerous jobs could all come back to damage your own organisation and reputation. Comprehensive and thorough background screening, including of owners and principals (perhaps these are most important) will uncover such risks.

None of these red flags, on their own, are necessarily absolute roadblocks to a proposed merger or acquisition. Some scenarios can be explained, and certain circumstances simply require a fuller explanation.

But the key is having the information. In business, being surprised is generally not a good thing. This is never more true than when dealing with mergers and acquisitions.

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today and get your FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening,

In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Automotive, Aviation, Employee Background Check, Finance & Professional services Industry, Insurance, IT & Telecommunications, Oil, Gas & Energy, Pharmaceutical & Healthcare, Property, Resources by admin
No Comments »

Any successful ethics and compliance strategy needs 5 key ingredients …

Once upon a time, the idea of business ethics was more of an abstract or philosophical notion that seemed more suited for discussion in a university lecture or at a business conference. Today, however, organisations of all sizes and industries must have concrete ways of addressing ethics and compliance issues as a principal component of their business processes and strategy. 

According to a study by PwC, 98 per cent of senior leaders say they’re committed to compliance and ethics; however, only 67 per cent have a process in place to identify the owners of compliance and ethics-related risks, with only a third having an officer in place for the overall compliance and ethics. Fifty-six per cent of the companies don’t have a chief ethics officer at all, and only 20 per cent have a Board of Directors that formed separate compliance and ethics committees. The study reports that 82 per cent of leaders communicated with employees on ethics, but 46 per cent of this is done in business meetings or by email. You can read the result on the full PwC website.

Business leaders are usually quick to communicate their expectations to employees, especially when it comes to financial goals or tasks that they want to be accomplished. However, what is often lacking is a clear, concise explanation of what the organisation expects regarding ethical behaviour and a compliance framework in place to follow. Today citizens, media, politicians and international bodies across all regions actively condemn abuses of power. And past scandals and their consequences have created a demand for increased regulations, greater transparency, and other rigorous scrutiny measures to be taken. To maintain (or regain) public trust, the ethics and compliance function has been placed at the centre of the strategic core of organisations by effective leaders.

Empower your organisation to mitigate risk!

To ensure a robust compliance and ethics strategy, five critical elements need to be implemented; 1) tone at the top; 2) corporate culture; 3) risk management, 4) a Chief Compliance Officer; and 4) testing and monitoring.

1 – Building Tone at the Top

“Tone at the top” is a term used to describe the ethical atmosphere created at an organisation or workplace by their leaders and their attitudes and behaviours. Tone at the top is vital in determining whether fraud, bribery, or corruption are likely to occur. Because all levels of management set it, it has a trickle-down effect on all employees. If the top leaders show a robust and zero-tolerance approach to fraud, employees are likely to lead by example.

An organisation with a strong ethical culture is usually led by a board of directors and senior management personnel who actively promote a culture of compliance and zero tolerance for fraud and other unethical business behaviour. Effective tone at the top will communicate to the organisation at all levels the expected type of conduct, what is considered unacceptable, and what the consequences will be for transgressions. A zero-tolerance approach should be followed at all times; it is vital in maintaining the culture of ethics and compliance at the organisation; below are some examples of failed tone at the top:

• The Enron scandal
• Arthur Andersen obstruction of justice
• Xerox fined by SEC
• Scandals at Fannie Mae
• Global financial crisis
• Tyco Scandal
• MCI Inc/WorldCom
• ImClone Systems trading case

For more scandals, check out our list of the “Top 10 Bribery & Corruption Stories of 2020“.

2 – Corporate culture

The prevailing norms, expectations, and recognised acceptable behaviour form the corporate culture of an organisation. By implementing an ethical code of conduct and compliance with all regulations a part of those norms, the organisation will help promote positive behaviour and integrity among its staff. 

You might be making assumptions that your employees know how to conduct themselves ethically when, in fact, this expectation only exists in a grey area in their minds – if at all. Some employees who have engaged in fraud, corruption or other unethical situations have claimed that while they knew their behaviour was wrong, they thought it was implicitly accepted by their bosses and, in some cases, their company on the whole.

Similar to establishing an effective tone at the top, fostering a positive corporate culture hinges on effective communication, and it needs to permeate different layers of the organisation. In other words, sending occasional emails about ethical behaviour isn’t enough to influence the culture at a company. Develop videos, team-building exercises, new employee orientations, and employee appreciation events; these provide opportunities to recognise positive behaviour and reinforce the company’s values. When employees see their colleagues being recognised and rewarded for maintaining a compliant and ethical corporate culture, they are more likely to help cultivate an ethical workplace. When the tone at the top and corporate culture are tied together, everyone understands what is acceptable and expected in being a part of the organisation’s success.

3 – Risk management: perform risk assessments

Risk management is identifying, evaluating, and prioritising risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events to maximise the realisation of opportunities. In other words, before you establish an ethics and compliance framework – first, a risk assessment should be conducted to uncover any vulnerabilities that need to be addressed with new processes. 

> Risk assessment breakdown: Identification, Analysis, Evaluation   

This means you need to assess how your business is conducted. So ask yourself:

• Have the various roles at the company been appropriately allocated, and is there a proper separation of duties?
• Are employees qualified for their responsibilities?
• Is the workforce trained to recognise the red flags of unethical behaviour and fraud?

Once the risks are identified, they can be isolated and addressed as part of your organisation’s comprehensive approach to ethics and compliance. The risks should be prioritised:

• Which ones pose an immediate threat?
• Could they effectively shut down the business?
• Do they pose a risk of financial, legal, or reputational risk – or all of the above?

Once prioritised, the identified risks should be assigned to critical members of the organisation. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk management strategy in place, then ISO 31000 can provide the principles, framework and a process for managing risk.

4 – A Chief Compliance Officer (CCO)

The implementation of a robust ethics and compliance strategy can give your organisation a competitive edge. A compliance officer or a CCO plays an essential and crucial role in the implementation. They are tasked with the day-to-day responsibility of overseeing the management of compliance and ethical risks whilst ensuring that the organisation is in compliance with the various regulatory requirements and that employees adhere to internal procedures and policies. Oversight should be provided by the board of directors (or ownership and executives) to ensure that problem areas have been adequately addressed and the organisation is taking a proactive approach to mitigating risk. 

5 – Testing and monitoring

When all the new processes have been implemented (the anti-fraud policy and employee code-of-conduct, anti-bribery and anti-corruption training and policies, allocation of duties and responsibilities, an anonymous reporting -hotline- process for unethical behaviour), a thorough testing and monitoring regimen is critical to ensure the new process is working. 

It is important to remember that having the best processes on paper won’t make a positive difference on its own. You need to monitor how they are being used and their success. A schedule should be in place that promotes frequent, regular check-ups of the ethics and compliance controls, with metrics that show results (i.e. surprise audits). A surprise audit is an effective way to test if any new controls have reduced the flagged irregularities. Before implementing ethics and compliance controls, the risk assessments should have identified risk areas with the new processes to mitigate that risk. Only by testing and testing frequently can the organisation determine if the new controls have the desired effect. If they are not, the company should develop new solutions that specifically robustly target these problem areas – and, in time, test them again.

Addressing ethics and compliance issues at an organisation can be a daunting task. However, with careful preparation, expert help, and a common-sense approach, any organisation can develop or enhance its corporate culture to be proactive in mitigating ethics and compliance risks. The benefits will be obvious – increased productivity, better security, and empowered employees who understand that their organisation values integrity and an ethical work environment.

Create a zero-tolerance approach to fraud with ISO 37001 ABMS

Creating a zero-tolerance approach to fraud doesn’t happen overnight. When your organisation enrols in ISO 37001:2016 ABMS training and certification, the program involves your entire team. The training helps establish an ethical culture by educating your employees on the following:

• What constitutes fraud, corruption, and bribery, and why these are so damaging to business
• How to identify red flags of fraud, corruption and bribery
• The process for reporting fraudulent and unethical acts
• The organisation’s zero-tolerance attitude toward unethical behaviour and willingness to terminate employees for breaches and prosecute unethical acts
• The severe ramifications for committing fraud or bribery, the legal consequences, and the negative impact on one’s career

Employees shouldn’t be expected to follow a code of conduct that they aren’t aware exists. That’s why ISO 37001:2016 ABMS creates a communication plan through which organisation leaders regularly communicate their ethical behaviour expectations to the staff periodically. Read more on how to build trust in the workplace with ISO 37001 Certification.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal communication channels or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy. COMPLIANCE HOTLINE

Filed under: All Industries, All Solutions, Automotive, Aviation, Compliance Solution, Finance & Professional services Industry, Global, Insurance, ISO 37001, IT & Telecommunications, Leadership Insights, Oil, Gas & Energy, Property, Resources by admin
1 Comment »

Internal Control: Identify Vulnerabilities through TPRM Assessment

CRI® Group’s Third-Party Risk Assessments are front-line tools used to ascertain whether an organisation has the appropriate policies and procedures in place to address all potential risks at the management, operations and financial levels and simulates the likelihood of those risks occurring.

A 3PRM^TM assessment includes a review of internal auditing procedures, compliance guidelines, performance criteria, internal controls, reporting processes, and contractual requirements vital to fostering a long-term positive outcome with the third-party provider when looking at the relationship from a cost-benefit standpoint. A 3PRM^TM assessment verifies whether the proposed third-party relationship is consistent with the organisation’s strategic plan and overall business strategy. Specific areas addressed in a 3PRM^TM assessment include:

• Audit and supervision functions that assign clearly defined responsibilities within the organisation
• Business continuity plans that take into account natural disasters and third-party business closures
• Supply-chain alternatives that react and respond to every possible scenario, from regional events to currency fluctuations
• Jurisdictional considerations and affiliations with potential partners located in regions that may be prohibited by law
• Data and intellectual property protection, which includes customer privacy and information security considerations
• Anti-corruption and whistle-blower policies begin with staff education and extend to safe internal and external reporting mechanisms which are easily accessible to management and staff.

Our 3PRM^TM assessments ensure tight controls to mitigate key risks and designate specific staff responsible for maintaining those controls. Any gaps detected in those controls are addressed during the assessment phase.

VIEW 3PRM^TM BROCHURE

CRI® Group invites you to schedule a quick appointment with us to discuss how conducting our 3PRM^TM assessment can help you and your organisation. 

GET A FREE QUOTE

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

Filed under: All Industries, All Regions, Industry Insights, Resources,

Employee Screening Process

How do you know the candidate you just offered a role to is ideal? Are you 100% sure you know that everything they’re telling you is the truth? 90%? They showed you a diploma; how do you know it’s not photoshopped? Did you follow the correct laws during your background check process? Background checks and necessary screenings are vital to avoid horror stories and taboo tales within HR, your business or even your brand – simply investing in proper employee screening can save you time, money and heartbreak. A complete employee screening process will result in fewer applications with serious discrepancies – it increases the quality of new hires due to an improved applicant pool and selection process. EmploySmart™ provides full in-depth background screening services for employees and candidates at all levels, from senior executives to shop-floor employees.

How Well Do You Know The People You Invest In?

CRI® Group has developed EmploySmart™, a robust new pre-employment background screening service to avoid negligent hiring liabilities. Ensure a safe work environment for all. EmploySmart™ can be tailored into specific screening packages to meet the requirements of each specific position within your company. We are a leading worldwide provider specialised in local and international employment background screening, including pre-employment and post-employment background checks.

Pre-employment checks/background checks/screening benefits:

• Reduce turnover & training costs
• Gain a competitive edge through the hiring of better people
• Increase productivity – help your employees be more productive, knowing that everyone employed by your company has been screened.
• Set your company apart & win more business
• Reduce employee-related problems
• Protect company reputation/brand & customer relations
• Comply with mandates created by state or federal law for certain industries
• Increase retention
• Reduce negligent hiring claims
• Avoid violence in the workplace (threats of violence & actual violence)
• Reduce theft & espionage
• Avoid lawsuits & the costs associated with the defence.
• Avoid loss of goodwill.

Pre-employment checks/background checks, what are they?

These checks are essentially an investigation into a person’s character – inside and outside their professional lives. Some checks you probably already carry out in-house, such as candidate’s qualifications (documents provided), work history (with a reference check), right to work in the country and even a quick social media presence scan. However, we provide a full in-depth background screening service for candidates and employees at all levels – from senior executives through to shop-floor employees:

• Address Verification (Physical Verification)
• Identity Verification
• Previous Employment Verification
• Education & Credential Verification
• Local Language Media Check
• Credit Verification & Financial History (where publicly available)
• Compliance & Regulatory Check
• Civil Litigation Record Check
• Bankruptcy Record Check
• International Criminal Record Check
• Integrity Due diligence… and more.

When should I conduct pre-employment checks?

Our pre-employment screening services will help you avoid adding potential fraudsters and other bad actors to your staff. These checks can be implemented before or after a job offer (with each having its pros and cons).

How to collect references, and what to ask?

Because it is impossible to know how your candidate will work daily from just one interview, you will need references. References are a great way to find out whether your candidates are suitable for the role or will fit with your company culture. A primary reference check asks for:

• Employment dates
• Employment main responsibilities
• Attendance record
• Any disciplinary actions against them
• Any reasons why they shouldn’t be employed

These references will help you back up their CV – however, many candidates tend to exaggerate or misrepresent themselves. Our EmploySmart™ team goes beyond to get a fuller picture for you:

• Greatest strengths?
• Are they suitable for the role they’ve applied for?
• Would they rehire the candidate?
• Suitable management style?
• Do they have any leadership skills?
• Situations in which they have excelled at?

Some companies have policies of not giving references and just providing necessary employment details, while others direct you towards HR, but the EmploySmart™ team is persistent.

What specific legal requirement should I ask?

You will need to check if they have the right to work in the region you are recruiting for. You are subject to statutory penalties if you employ foreign nationals who don’t have the correct visas. You will need to request criminal records checks depending on the role you are recruiting. Such roles with children or vulnerable people are highly regulated – and all of these differ from country to country.

CRI Group™ carries the burden of knowing the laws, so we can assist you with staying compliant and helping you to make the best decisions for your company’s needs. We have established an interdisciplinary team of experts in employment law, best practices and data protection. We can manage your employment background screenings across borders for you! Country by country, we have documented the different approaches to employment screening, ensuring we operate in harmony with local culture and within the limitations of local legislation.

With extensive local language capabilities, flexible working patterns and time zone intelligent workflow, we provide a comprehensive and fully compliant global screening service.

At CRI Group™, we specialise in employment screening, working as trusted partners to HR and recruiting managers of corporations and institutions worldwide. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

CRI Group™’s unique identity and vision evolved from our fundamental desire to support our clients and candidates. We have a passion for Screening and a simple belief in setting new standards. These qualities fuel our commitment to excellence and drive our culture.

Our EmploySmart™ background screening services expose vulnerabilities and threats within your organisation and can significantly reduce business and financial crime, fraud and malpractice within your workplace. Our experienced EmploySmart™ Team can safeguard your data security and your business integrity while you can focus on human conversations and interactions. Together, your organisation can deliver outstanding screening experiences.

We provide a host of professional services to HR managers representing significant corporations worldwide. Employees should be screened regularly to reveal any new information relevant to the business. That’s why our background investigations services also include:

• Employee monitoring and risk management
• Data protection compliance
• Employee testing and confidentiality
• Employee risk management
• Post-employment background checks

CRI Group™ is trusted by the world’s largest corporations and consultancies – outsource your employee due diligence to an experienced provider, and you will only ever have to look forward, never back.

BS 7858:2019 Screening: extra security level for your business and employees

CRI Group™ is trusted by the world’s largest corporations and consultancies – outsource your employee due diligence to an experienced provider, and you will only ever have to look forward, never back.

Get answers to frequently asked questions about background checks/screening cost, guidelines, check references etc. This eBook of compiled list of background screening related questions taken as a whole is the perfect primer for any HR professional, business leader and company looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.

READ MORE

Working with CRI Group™, you get:

• Extensive global coverage, with expertise in domestic and international Screening; one of the largest, most experienced and best-trained integrity due diligence teams in the world
• Our team of more than 50 full-time analysts is spread across Europe, the Middle East, Asia, and North and South America and is fully equipped with the local knowledge to serve your needs globally.
• The ability to manage multiple background checks online
• Quick turnaround times
• Our solutions are easily customisable and flexible, and we will tailor our scope to address your concerns and risk areas, saving you time and money.
• High-quality searches, backed by numerous checks and quality controls
• We have a flat structure which means that you will have direct access to senior staff members throughout the due diligence process.
• Our multi-lingual teams have conducted assignments on thousands of subjects in over 80 countries, and we’re committed to maintaining and constantly evolving our global network.
• Our extensive solutions include due diligence, employee pre and post background screening, business intelligence and compliance, and facilitating any decision-making across your business, no matter what area or department.

GET A QUOTE

Who is CRI Group™?

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, and is an HRO certified provider and partner with Oracle.

LET’S TALK!

Filed under: All Industries, All Regions, Background Investigation, Employee Background Check, Resources by admin
1 Comment »

Components of ISO 31000:2018

ISO 31000:2018 Components

Managing risk is a critical part of the success of any organization. That’s why ISO (International Organization for Standardization) developed the 31000 Risk Management Standard. Issued in 2009, the standard helps address operational continuity, and also confidence and reassurance in your organization’s economic resilience, professional reputation and environmental and safety outcomes. Best of all, ISO 31000 can be tailored to your organization to help achieve the best results.

1. Principles

The purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives. Principles include the requirement for the risk management initiative to be (1) customized; (2) inclusive; (3) structured and comprehensive; (4) integrated; and (5) dynamic.

2. Framework

The purpose of the risk management framework is to assist with integrating risk management into all activities and functions. The effectiveness of risk management will depend on integration into governance and all other activities of the organization, including decision-making.

> At CRI Group we are working on new ISO 31000 Awareness training course. Show your interest and sign up for more updates HERE!

2.1. Leadership and commitment, including:

• Aligning risk management with the strategy, objectives and culture of the organization;
• Issuing a statement or policy that establishes a RM approach, plan or course of action;
• Making necessary resources available for managing risk; and
• Establishing the amount and type of risk that may or may not be taken (risk appetite).

2.2. Integration, including:

• Determining management accountability and oversight roles and responsibilities; and
• Ensuring risk management is part of, and not separate from, all aspects of the organization.

2.3. Design, including:

• Understanding the organization and its internal and external context;
• Articulating risk management commitment and allocating resources; and
• Establishing communication and consultation arrangements.

2.4. Implementation, including:

• Developing an appropriate implementation plan including deadlines;
• Identifying where, when and how different types of decisions are made, and by whom; and
• Modifying the applicable decision-making processes where necessary.

2.5. Evaluation, including:

• Measuring framework performance against its purpose, implementation and behaviors; and
• Determining whether it remains suitable to support achievement of objectives.

2.6. Improvement, including:

• Continually monitoring and adapting the framework to address external and internal changes;
• Taking actions to improve the value of risk management; and
• Improving the suitability, adequacy and effectiveness of the RM framework.

> Are you new to risk management? Our newly published “Risk Management & ABMS Playbook: A guide for prevention, detection and compliance” is available for download now. Read more here!

3. Process

The risk management process involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk.

3.1. Communication and consultation, including:

• Bringing different areas of expertise together for each step of the RM process;
• Ensuring different views are considered when defining risk criteria and evaluating risks;
• Providing sufficient information to facilitate risk oversight and decision-making; and
• Building a sense of inclusiveness and ownership among those affected by risk.

3.2. Scope, context and criteria, including:

• Defining the purpose and scope of risk management activities;
• Identifying the external and internal context for the organization;
• Defining risk criteria by specifying the acceptable amount and type of risk; and
• Defining criteria to evaluate the significance of risk and to support decision-making;

3.3. Risk assessment, including:

• Risk identification to find, recognize and describe risks that might help or prevent achievement of objectives and the variety of tangible or intangible consequences;
• Risk analysis of the nature and characteristics of risk, including the level of risk, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness; and
• Risk evaluation to support decisions by comparing the results of the risk analysis with the established risk criteria to determine the significance of risk.

4. Risk treatment, including:

• Selecting the most appropriate risk treatment option(s); and
• Designing risk treatment plans specifying how the treatment options will be implemented.

5. Monitoring and review, including:

• Improving the quality and effectiveness of process design, implementation and outcomes;
• Monitoring the RM process and its outcomes, with responsibilities clearly defined;
• Planning, gathering and analyzing information, recording results and providing feedback; and
• Incorporating the results in performance management, measurement and reporting activities.

6. Recording and reporting, including:

• Communicating risk management activities and outcomes across the organization;
• Providing information for decision-making;
• Improving risk management activities; and
• Providing risk information and interacting with stakeholders.

Getting Started with ISO 31000 Risk Management?

ISO 31000 is an international standard issued in 2009 by ISO (International Organization for Standardization). All types and sizes of organizations face internal and external factors that directly impact whether an organization can achieve their objectives or not. ISO 31000:2018 serves as a guide for the design, implementation and maintenance of risk management, ISO 31000:2018 describes a systematic and logical process, during which organizations manage risk by identifying it, analyzing it, and then make a determination as to mitigating the risk treatment in a way that is consistent with their risk appetite. An organization can implement risk management across the entire company, and it can do so at any time. Our newly published “ISO 31000 Risk Management: A guide to identify, analyse and mitigate risk” playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

• What is ISO 31000?
• Why is this Standard a good idea?
• What are the benefits for my business?
• Principles of ISO 31000:2018
• ISO 31000 framework
  • Why was it revised?
  • What are the main differences?
• Key Clauses of 31000:2018
• Who is the standard for?
• The process
• The link between 31000:20180 and other standards
• Importance of risk management leadership
• 31000:2018 and continuous improvement
• How do we get started?

> Risk management is a full-time, ongoing endeavor for organizations in today’s business world, and it poses constant challenges. The first part of reducing risk is having a strategy, and taking action. So DOWNLOAD your free playbook now!

Speak Up – Report Any Illegal, Unethical, or Improper Behavior

Ethics and Compliance Hotline is an anonymous reporting mechanism that facilitates reporting of possible illegal, unethical, or improper conduct when the normal channels of communication have proven ineffective, or are impractical under the circumstances. At CRI Group, we are committed to having an open dialogue on ethical dilemmas regardless.

REPORT HERE!

We would like to introduce a new Ethics & Compliance Hotline. This hotline is available to all employees, as well as clients, contractors, vendors and others in a business relationship with CRI Group and ABAC Group. If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline in below mentioned ways or provide us with your complaint online on the form below. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.

READ MORE!

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

TAKE A PART OF THIS SURVEY

Your opinion matters! Participate in the background screening survey now and let us know how COVID-19 and WFH have affected your business. ANSWER THE SURVEY

Filed under: All Industries, Leadership Insights, Resources by admin
1 Comment »

Ethics and Compliance Hotline: your frequently asked questions answered…

Ethics hotlines are growing in popularity. In 2017 the South Africa Home Affairs Minister Malusi Gigaba announced over 3,000 officials were found guilty of misconduct related to cases reported via the National Anti-Corruption Hotline (NACH). “The closure rate underscores a commitment by government departments to investigate allegations of corruption as reported through the NACH.” Ethics and compliance hotlines work! Organizations must have an ethics and compliance hotline to help promote the organization’s code of conduct and nurture a culture of honesty and accountability. 

Don’t opt out of an ethics hotline

The 2019 Global Business Ethics Survey found that more reports of misconduct were made to direct supervisors (a median of 51 per cent) compared to hotlines (6 per cent). However, it is still crucial to have an Ethics and Compliance Hotline. Why? Having an ethics and compliance hotline shows employees that the business leaders genuinely want to hear from them, making it a great employee relations tool.

The ethics and compliance hotline is an anonymous reporting mechanism. So when the normal channels of communication fail, a hotline can facilitate any flagging. They provide an accessible way for employees to report potential wrongdoing, possibly illegal, unethical, or improper. A company can better protect itself from fraud, learn of employee misconduct and proactively mitigate any corruption-related risk. Despite industry or size, any organisation should be 110% committed to having an open dialogue on ethical dilemmas regardless. 

CRI® Group encourages everyone to report any wrongdoing. We believe that everyone should have a voice and protect themselves, colleagues and the organizations that they work for. Everyone must seek to maintain transparency to comply with the code of conduct and compliance regulations. If your organization considers an ethics and compliance hotline, here are some must-knows.

Who can report? And what can you report?

All individuals – employees, clients, contractors, vendors and others in a business relationship with you or your organization – have a duty and responsibility to report any known or suspected noncompliant behavior or violations of any regulatory mandates and/or local policies, including but not limited to:

• Ethical standards violations;
• Violation of laws and company policy and internal control;
• Risk and safety;
• Theft, embezzlement or misappropriate of assets and fraud;
• Bribery and corruption;
• Employee rights, employee relations, work environment;
• Privacy laws or security of personal information;
• Discrimination;
• A dispute related to a supervisor, HR and other departments;
• Physical and verbal harassment in the workplace;
• Issues related to job responsibilities;
• The report related to a suspicious activity being a witness; and/or
• Unfair dismissals.

How to report?

You can report your concern using the Ethics and Compliance hotlines at any time, 24/7. And an effective Ethics & Compliance Hotline should allow reporting via phone, email, web-based compliant forms and even walk-ins.

How does it work?

This will depend on your organization structure; however, if you allow reporting directly by telephone, the caller should speak with the Compliance Department directly. The caller can remain anonymous or may want follow-up, in which case(s) he will give contact details. If the individual submits a report online, the system should guide the individual through the reporting process, and a PIN number will be generated automatically once they complete the report. The compliance department specialist who receives the tip is then in charge of validating it. This compliance officer typically receives special training on gathering enough information to ensure the complaint is credible. The tip is then routed to the right department within the organisation, such as audit, legal, or human resources. 

What is the process of the investigation?

The Compliance Department or Committee should then review the report and conduct an investigation. The investigation may include an interview with relevant witnesses review of records, computers, telephones and other equipment per relevant personal data regulations. The reported individual will be able to follow the status of the case and communicate with the Compliance by giving their case number. However, no party can contact the individual directly if you have chosen to remain anonymous. The investigation conclusions and recommendations are reported to Management.

Can we generate anonymous reporting?

Yes, if the individual wishes to remain anonymous when reporting their concern, they can. However, you should encourage the individual to identify themselves where/when possible, enabling your organization to investigate the report more effectively. If they provide their names, your compliance department should protect their confidentiality to the greatest extent possible during the investigation. The organization should have a Non-Retaliation and Whistleblower Policy to help ease the process.

What is a Non-Retaliation Policy?

While on the surface, hotlines may seem a convenient option to receive employee complaints, tips or concerns, often, it’s the process that surrounds the hotline which can determine whether it ultimately succeeds or fails. Areas such as employee relations are particularly challenging for anonymous tips. An organisation needs to have a whistleblower process in place – this is a critical component of any compliance monitoring system. It enables companies to identify and mitigate potential risks early before they impact operations, reputation and ultimately, financial performance. 

How can we make sure they deliver a credible report?

When reporting an issue, encourage individuals to ensure that they provide as much relevant information as possible, for example, the names of persons involved in the alleged conduct, potential witnesses, appropriate documentation or data, visual evidence etc. Provide them with forms that allow them to understand what they need to submit a credible report, with the appropriate questions and empty spaces for further feedback, including the ability to upload any initial profs. This will allow your Compliance to effectively follow up on the case.

What makes a successful implementation?

1. A strong and clear message is delivered to employees and stakeholders by a senior individual who champions the overall programme.
2. A clear understanding of how best to engage with your employees at all levels and in all countries. Remember to take into account country and cultural differences.
3. A robust internal process to deal with reported issues as laid out in your code of conduct policy or ethics programme.

Are you addressing corporate Compliance?

Prove that your business is ethical. Find out if your organisation’s compliance program aligns with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Let our experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under the UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

Find out what’s a Gap Analysis and why do you need it?

Report with CRI® Group!

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use the reporting process in this Code of Conduct, including the Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by the CRI® Group Non-Retaliation Policy. 

REPORT NOW!  

CRI® will not accept any retaliation or discrimination against any employee or external stakeholder who uses our Compliance Hotline in good faith or participates in an investigation. Any employee who breaches the policy will be subject to disciplinary actions. If you wish to learn more just have a look at our article on Ethical code of conduct: What should be covered?

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

Meet the CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal Compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: All Industries, All Regions, All Solutions, Anti-Bribery Anti-Corruption Solution, Compliance Solution, CRI News, Global, ISO 37001, Leadership Insights, Resources by admin
No Comments »

Importance Of Strong Risk Management Leadership

Managing risk effectively ensures businesses succeed and thrive in constant uncertainty. Good leadership has tremendous importance in the success of the ISO 31000 risk management system. ISO 31000 aims to simplify risk management into clearly understandable and actionable guidelines that should be straightforward to implement, regardless of a business’s size, nature, or location. However, without leadership, your risk management strategy is likely to fail. Here are a few key points that top management should pay close attention to for a successful ISO 31000 risk management system. 

ISO 31000 is not one-size-fits-all

ISO 31000 clearly states that risk management is an open-ended process designed to be highly customised and tailored to the organisation’s individual needs and contexts. That said, ISO 31000 advises particular attention to customising the risk profile, risk appetite, and the communication and facilitation of risk management throughout the company culture.

Executive alignment is crucial

This is one of the most important points; top management must be firmly committed to the risk management program, or the system will not work. Executives should ensure that the entire risk management process is integrated across all levels and departments of the organisation and is strongly aligned with company objectives, strategy, and culture.

Consider how risks will impact value

Top management should be responsible for ensuring that risks are prioritised per how they impact the organisation’s ability to create and deliver value. This approach differs from traditional risk management approaches, which typically rank the risks by numeric value, assigned by considering probability and estimated severity.

Proactive, not reactive

This one is self-explanatory. The basic idea is that risk management should be preemptive. Rather than simply reacting to the currently identifiable risks, it prepares for risks that haven’t yet arisen.

What about ISO 31000 certification?

ISO 31000 provides guidelines, not requirements, and is therefore not intended for certification purposes. It’s important to note that ISO 31000 is a set of guidelines, not requirements. Many ISO standards, like ISO 37001 ANTI-BRIBERY MANAGEMENT SYSTEMS and ISO 37301 Compliance Management Systems, are requirements, which means they compose a strict set of specifications that can be certified. ISO 31000 is not like that; it can’t be certified. It’s simply a set of best practice guidelines.

Powered by CRI® Group, ABAC® educates, equips and supports the world’s leading business organisations with the latest best-in-practice risk assessments, performance assessments, systems improvement and standards certification. Our ISO solutions (certification and training) are offered through our ABAC® Center of Excellence. Find out how ABAC® can help your business! 

Getting Started with ISO 31000 Risk Management?

ISO 31000 is an international standard issued in 2009 by ISO (International Organization for Standardization). All types and sizes of organisations face internal and external factors that directly impact whether an organisation can achieve their objectives or not. ISO 31000:2018 serves as a guide for the design, implementation and maintenance of risk management; ISO 31000:2018 describes a systematic and logical process during which organisations manage risk by identifying it, analysing it, and then determining as to mitigating the risk treatment in a way that is consistent with their risk appetite. An organisation can implement risk management across the entire company and can do so at any time. It can also tailor these controls to specific areas and activities in the business.

• Organisations can use it to compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.
• It is a clear indicator to your customers and other stakeholders that, as an organisation, you are committed to managing risks in every part of your business.
• Increases public confidence in the organisation by demonstrating your management capabilities in protecting your business from internal and external threats.
• ISO 31000:2018 helps to provide guidance for internal or external audit programmers.
• Competitive bidding for commercial tenders will enhance your company’s reputation and give you a competitive advantage.

Our newly published “ISO 31000 Risk Management: A guide to identify, analyse and mitigate risk” playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

• What is ISO 31000?
• Why is this Standard a good idea?
• What are the benefits for my business?
• Principles of ISO 31000:2018
• ISO 31000 framework
  • Why was it revised?
  • What are the main differences?
• Key Clauses of 31000:2018
• Who is the Standard?
• The process
• The link between 31000:20180 and other standards
• Importance of risk management leadership
• 31000:2018 and continuous improvement
• How do we get started?

Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. The first part of reducing risk is having a strategy and taking action. So DOWNLOAD your free playbook now!

Other risk management solutions

CRI® Group’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates, thus creating the DueDiligence360™. We specialise in solutions regarding compliance, working as trusted partners to businesses and institutions across the globe. While CRI® may not offer the ABMS certification, we offer other services. Our experts work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

The DueDiligence360™ reports help organisations comply with anti-money laundering, anti-bribery, and anti-corruption regulations. This service also proves beneficial ahead of a merger, acquisition, or joint venture. It can be used for a third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. Identifying key risk issues clearly and concisely helps enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.

Why not consider our background investigative solutions? 

Firms spend thousands, even millions, to brand their products and services – it only takes one bad hire to cause a loss of capital and reputation. Employee Background Checks can aid in reducing the risk of hiring an employee who does not live up to their supposed skill set and could cause irrevocable damage. It can cause a business to fail, especially if the employee holds malice toward the organisation. EmploySmart™ is CRI® Group’s solution to expose vulnerabilities and threats within your organisation. Much like the ISO certification, our EmploySmart™ is a risk management measure that can be used to significantly reduce business and financial crime, fraud and malpractice within your workplace.

Our solutions are also certified by the British Standard Institute BSI for the scope of BS 7858:2019 Screening of individuals working in a secure environment, Code of practice (the only BS 7858 certified background screening services provider in the UAE and across the Middle East); and BS 102000:2018 Code of practice for the provision of investigative services.

Another risk management solution to consider from CRI® is our Third-Party Risk Management solution (TPRM), also known as 3PRM™. In the wake of the global pandemic, the 3PRM-Certified™ was developed to aid organisations in accurately determining the legal compliance, financial viability, and integrity levels of external parties, vendors, and customers who seek to be affiliated with and represent the business.

The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on the targeted parties. This highly thorough program reveals anti-corruption, compliance and risk management discrepancies associated with the international regulatory framework helping your business flourish at any scale. Find out more about CRI® Group’s Risk Management Solutions.

If you’re unsure what solution may be best for you and your business, how about connecting with one of our experts for a free consultation? Receive tailored advice from the top analysts and investigators across the globe.

اتصل بنا

Filed under: All Industries, All Regions, Resources by admin
No Comments »