8.

Operation
4. Context of the organization
4 nqa indonesia NEVER STOP IMPROVING 8.1 Operational planning & control 8
4.1 Understanding the organization & its context 8.2 Due diligent

Determine external & internal issues 1. Transactions, project or activities

MIND MAPPING
2. Business associate
Issue regarding statutory & regulatory
3. Personnel
4.2 Understanding the needs & expectations of stakeholders 8.3 Financial Controls
Determine stakeholders a) Separation of duties

Determine needs & expectation of stakeholders b) Level of payment approval

4 8
c) Approval mechanism
4.3 Determining the scope of ABMS d) 2 signature on payment approval

Determine the boundaries & applicability of ABMS e) Supporting documentation for payment approvals
f) Cash control
Consider 4.1, 4.2 & 4.5
g) Payment categorizations & account are accurate & clear
4.4 ABMS and its processes h) Periodic management review of significant transaction

Establish, document, implement, maintain & continually review i) Independent financial audit

5 9
ABMS, including the process needed & their interaction 8.4 Non financial controls

4.5 Bribery Risk Assessment 8.5 Implementation of anti-bribery controls by controlled

organizations and by business associates

ISO
4.5.1 Undertake regular bribery risk assessment 8.6 Anti-bribery commitments

a) identify the bribery risks For business associates which pose more than a low
bribery risk, the organization shall implement procedures

37001
b) analyse, assess and prioritize commit to preventing bribery

c) evaluate to mitigate the assessed bribery risks. terminate the relationship

6 10
8.7 Gift, hospitality, donations & similar benefit
4.5.2 Establish criteria for evaluate level of bribery risk
The organization shall implement procedures that are
4.5.3 Review the bribery risk assessment designed to prevent the offering, provision or acceptance
of gifts, hospitality, donations and similar benefits
4.5.4 Retain documented information that demonstrates i. In relation to gifts and hospitality, the procedures implemented
that the bribery risk assessment has been conducted by the organization could,
A. control the extent and frequency of gifts and hospitality by

7 A
1) a total prohibition on all gifts and hospitality; or

5
5. Leadership 2) permitting gifts and hospitality, but limiting them by
reference to such factors as:
5.1 Leadership & Commitment
2.1 a maximum expenditure
5.1.1 Governing Body
2.2 frequency (relatively small gifts and hospitality can
5.1.2 Top Management accumulate to a large amount if repeated);

Demonstrate 13 point leadership & commitment 2.3 timing (e.g. not during or immediately before or after

7
tender negotiations);
7. Support
5.2 AB Policy 2.4 reasonableness (taking account of the location,

Establish, maintain & review AB Policy

7.1 Resource
10. Improvement
10 sector and seniority of the giver or receiver);
2.5 identity of recipient
Human resource
1. Prohibits bribery
IncludeAB compliance function 2.6 reciprocity
2. Comply with bribery law 10.1 Non conformity (NC) & corrective action (CA) 2.7 legal and regulatory
Physical resources
3. Appropriate to the purpose B. require approval in advance of gifts and hospitality above a
Financial resource a) React promly to NC defined value or frequency by an appropriate manager;
4. Provide framework AB objective 7.2 Competence
C. require gifts and hospitality above a defined value or frequency
5. Commitment to satisfy ABMS
- Take action to be made openly, effectively documented
7.2.1 General
6. Raising concerns in good faith without fear of reprisal
Determine a necessary competence
- Deal with the consequences ii. In relation to political or charitable donations, sponsorship, promotional expenses
and community benefits, the procedures implemented by the organization could,
7. Commitment to continual improvement
Ensure persons are competent by education, b) Evaluate the need for action to eliminate a) prohibit payments
training or experience
8. Authority & independence of AB compliance function the cause(s) of the nonconformity b) undertake due diligence on the political party, charity or other recipient
Maintain a necessary competence to determine whether they are legitimate and are not being used as a
9. The consequences of not comply
7.2.2 Employment process
c) Implement any action needed; channel for bribery
Be communicated
c) require that an appropriate approves the payment;
Be available to relevant stakeholders 7.2.2.1 All of personnel d) Review the effectiveness of any corrective
d) require public disclosure of the payment;
action taken;
A
5.3 Organization Rules, responsibility & authorities Comply with Policy & ABMS
e) ensure that the payment is permitted by applicable law and regulations;
5.3.1 Roles & responsibility Receive a copy or access to AB Policy & Training ANNEX A e) Make changes to the anti-bribery management f) avoid making contributions immediately before, during or immediately after contract
Top management shall have responsibility and A.1 General
system, if necessary. negotiations.
Disciplinary procedure
compliance with ABMS iii. In relation to client representative or public official travel, the procedures implemented by
Will not suffer retaliation, A.2 Scope of ABMS 10.2 Continual Improvement the organization could
Top management shall ensure that the discrimination or disciplinary action
responsibilities and authorities for relevant roles A.3 Reasonable & proportionate a) only allow a payment that is permitted by the procedures of the client or public body, and
7.2.2.2 Position more than a low bribery risk by applicable law and regulations;
are assigned and communicated within and A.4 Bribery risk assessment
throughout every level of the organization.
9
b) only allow travel that is necessary for the proper undertaking of the duties of the client
Personnel due diligent A.5 Roles & responsibility of governing body & top management representative or public official
5.3.2 Anti Bribery Compliance Function 9. Performance Evaluation
Periodically review for bonuses, target & A.6 Anti bribery compliance function c) require that an appropriate manager of the organization approves the payment;
Competence, status, authority & independence other incentive
A.7 Resources 9.1 Monitoring, measurement, analysis & evaluation
5.3.3 Delegate decision making Declaration from top management and
compliance function is notified of the travel and hospitality to be provided;
the governing body A.8 Employment procedure a) what needs to be monitored measured;
Establish and maintain a decision making process e) restrict payments to the necessary travel, accommodation and meal expenses directly
7.3 Awareness & Training (internal & business associate) A.9 Awareness & training b) who is responsible for monitoring; associated with a reasonable travel itinerary;
and the level of authority of the decision-makers
AB Policy, procedures & ABMS A.10 Due diligent c) the methods for monitoring, measurement, analysis
and evaluation and hospitality policy;

6
Bribery risk damage from bibery A.11 Financial control
g) prohibit paying the expenses of family members or friends;
A.12 Non financial control d) when the monitoring and measuring shall be performed;
Bribery on their duties
h) prohibit the paying of holiday or recreational expenses.
6. Planning How to recognise & respond to solicitation or A.13 Implementation of ABMS by controlled organization and by e) when the results from monitoring and measurement shall be
8.8 Managing inadequacy of AB controls
offers of bribery business associate analysed and evaluated;
6.1 Action to address risks & opportunities Prevent and avoid bribery A.14 Anti bribery commitment f) to whom and how such information shall be reported.
a) in the case of an existing transaction, project, activity or relationship, take steps
appropriate to the bribery risks and the nature of the transaction, project, activity or
Consider 4.1, 4.2, 4.5 & opprotunity for improvement Contribution to the effective ABMS A.15 Gift, hospitality, donations & similar benefits 9.2 Internal Audit
relationship to terminate, discontinue, suspend or withdraw from it as soon as
practicable;
Action to address bribery risks & opportunities for Implication and consequences of not conforming A.16 Internal audit 9.2.1 Conduct internal audit at planned interval b) in the case of a proposed new transaction, project, activity or relationship, postpone
AMBS
improvement, and how to integrate, implement and A.17 Documented information or decline to continue with it.
How and whom to report 9.2.2 The organization shall ;
evaluate A.18 Investigating & dealing with bribery 8.9 Raising Concern
7.4 Communication (what, when, with whom, how & who) a) plan, establish, implement and maintain an audit
A.19 Monitoring Implement procedure which ;
6.2 Anti Bribery objectives & planning to achieve them 7.5 Documented information programme(s), including the frequency, methods,
A.20 Planning & implementing change to the ABMS responsibilities, planning requirements and reporting, which a) encourage and enable persons to report
Establish ABMS Objectives at relevant function & 7.5.1 Provide documentation REQUIRED by International shall take into consideration the importance of the processes b) treats reports confidentially, so as to protect the identity o
Standard & NECESSARY by organization A.21 Public officials
levels concerned and the results of previous audits;
c) allow anonymous reporting;
7.5.2 Creating & updating A.22 Anti bribery initiatives
S.M.A.R.T b) define the audit criteria and scope for each audit; d) prohibit retaliation, and protect those making reports from retaliation,
a) Identification & description (e.g. a title, date,
author, reference number) c) select competent auditors e) enable personnel to receive advice from an appropriate person on what to do
Establish planning to achieve objective if faced with a concern or situation which could involve bribery.
b) Format & media d) ensure that the results of the audits are reported to relevant
What will be done management, the anti-bribery compliance function, top management The organization shall ensure that all personnel are aware of the reporting
c) Review & approval procedures and are able to use them, and are aware of their rights and protections
9.2.3 These audits shall be reasonable, proportionate and risk-based. under the procedures.
Resources will be required 7.5.3 Control Documented Information
8.10 Investigating and dealing with bribery
9.2.4 To ensure the objectivity and impartiality of these audit programmes
Who will be responsible Available & suitable
The organization shall implement procedures
Protected 9.3 Management Review
When objective will be achieved a) require assessment and, investigation, or violation of the anti-bribery policy
a) Distribution, access, retrieval and use 9.3.1 Top Management or the ABMS, which is reported, detected or reasonably suspected;
How the result will be evaluated & reported b) Storage & preservation b) require appropriate action in the event that the investigation reveals any bribery, or
9.3.2 Governing Body Review
Who will impose sanctions or penalties c) Control of change (e.g. version control) violation of the anti-bribery policy or the anti-bribery management system;

d) Retention & disposition 9.4 Review by anti-bribery compliance function c) empower and enable investigators;
d) require co-operation in the investigation by relevant personnel;
e) require that the status and results of the investigation are reported to the anti
bribery compliance function and other compliance functions
Office Address +62 21 4260 778 @nqaindonesia
Graha ISKA 165, 6th Floor, Jl. Pramuka Raya No.165, Central Jakarta 10570. Indonesia. +62 8111 4777 79 training@nqa-indonesia.com
www.nqa.com f) require that the investigation is carried out confidentially and that the outputs of the
investigation are confidential.