Meet Soraia Antunes, Chief Marketing Officer

Soraia is a technically and commercially astute professional with over a decade of B2B and B2C experience across various industries and cultures on a global scale. Who loves challenges and believes in enhancing customer loyalty via high impact marketing and communication strategies combined with engaging visual identities. She is passionate about creative excellence and driving innovation while influencing key stakeholders.

Track record in significantly enhancing a company’s brand market performance/effectiveness and profitability by improving name recognition, building credibility and inspiring employees. 

Feel free to reach out.

LET’S TALK!

Reach out for any marketing related questions
Languages spoken: English, Portuguese

Filed under: All Industries, All Regions, Background Investigation by admin
Comments Off on Meet Soraia Antunes, Chief Marketing Officer

How Risk Management and Due Diligence Interlock?

RISK MANAGEMENT AND DUE DILIGENCE: HOW DO BOTH INTERLOCK?

Risk management and due diligence: How both interlock? These are challenging and complex times. COVID-19 is forcing organisations to adapt quickly and change their business model in the process. In an era of compliance, with many regulations and regional “interpretations”, leaders and organisations need to be careful about how they conduct business, who conducts business in their name and with whom. This demands extraordinary attention to the means and mechanisms used by the organisation.

Due diligence, in legal terms, entails taking reasonable steps to satisfy any legal or regulatory requirement, regardless of the size or type of business conducted. Businesses also need to take several mandated steps to ensure that the organisation remains safe from any unwanted or unauthorised action taken on their behalf. For example, when making an investment such as a merger or an acquisition, the organisation needs to take the appropriate action on the proper due diligence necessary to make the most informed decision possible.

Being casual about the due diligence process is a failure to execute the proper level of investigation regarding the assets being purchased or financed or the management team being backed and vetted.

Where does Risk Management Come into Play?

Risk management is the identification, evaluation, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events or to maximise the realisation of opportunities.

A formal business discipline that relies on the forecasting and evaluation of any risks, along with identification and (where feasible or warranted) implementation of procedures to avoid or minimise their impact. Using ISO 31000 can help organisations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.

DOWNLOAD ISO 31000 PLAYBOOK

Risks can come from various sources including your employees. From a risk management perspective, the penalties on conducting business that can result from unwanted or unauthorised third-party relationships or any employee unethical business action are exceedingly high making it imperative to perform due diligence when trying to protect your business and brand.

Inadequate due diligence can easily take down an organisation; from damaged reputation to brand devaluation, from regulatory violations to fines and jail terms for directors, the risks are exceedingly high.

The risks from losses of such potential magnitude should not be ignored. At such cost, implementing the most stringent and effective controls and protections in place even at a cost still makes absolute financial sense. And the only way to fully protect a corporation’s assets, therefore, is through a strong and viable 360 due diligence program.

Learn more about due diligence from this article. When is due diligence most critical?

Managing risk and due diligence should begin with a policy and a plan. Here we will focus on the human element of risk management, specifically background investigations. Organisations need to perform due diligence to make sure that their business is conducted by their employees and through their partners and vendors. Such insurance invariably includes regular security audits, ISO certification, pre-employment background checks, TPRM, etc.

There are several incentives to practice due diligence and perform risk management to ensure you conduct business appropriately and comply with all applicable laws and regulations. Anything less is just asking for trouble and losses!

What Can and Should Organisations and Risk Professionals Do?

The very first step to mitigating risks and exposures starts with a risk assessment. There are plenty of risk assessment checklists and tools available. If you want to dive deeper into how to start a risk assessment, just read our Risk assessment breakdown: Identification, Analysis, Evaluation to learn more. Once risk professionals get a handle on their due diligence processes and other compliance regimes, it’s time to start the entry process into the regulatory life cycle:

1. Prioritisation and planning
2. Implementation of a response
3. Integration of related tools, technologies, audits, processes and procedures to integrate compliance into normal operations

The first steps toward achieving compliances are usually big ones and may require substantial time and effort. But after that, it’s just a matter of sticking to a routine to maintain compliance, meet reporting requirements and keep up with changes to governing regulations and day-to-day tools and operations.

About CRI Group™

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI Group™ launched the Anti-Bribery Anti-Corruption (ABAC™) Center of Excellence – an independent certification body established for ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000 Risk Management, providing training and certification. ABAC™ operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group™’s global team of certified fraud examiners work as a discreet, white-labelled supplier to some of the world’s largest organisations. Contact ABAC™ for more on ISO Certification and training.

Prove that your business is ethical with our free Gap Analysis

Evaluation of Corporate Compliance Programs – Highest Ethical Business Assessment: Evaluating Adequate Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Framework

Prove that your business is ethical. Complete our free Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC™ experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under the UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

The HEBA survey is designed to evaluate your compliance with adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC™ professionals with Business Ethics, Legal and Compliance backgrounds. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process.

The survey takes around 10 minutes to complete.

TAKE THE SURVEY NOW!

Filed under: All Industries, All Regions,

Risk management and its continuous improvement

Risk management requires continuous improvement. Without a company culture strongly aligned with principles of continuous improvement, organisations will struggle to implement, let alone maintain, successful risk management programs. This can be challenging in practice, as cultivating a risk management attitude within a company involves aligning risk initiatives with existing company values, policies and, to put it simply, convincing everyone involved that risk management is worthwhile. However, improving risk culture is possible, and, like many things, it becomes a lot easier when you have a process for it.

Such a process can be separated into three stages:

• Cultural awareness
• Cultural change
• Cultural refinement

Phase one: Building and strengthening cultural awareness

The first stage is building cultural awareness; this will take the form of communications, training, and general education initiatives within the organisation. Here is where companies set risk management expectations and objectives, define roles and responsibilities, and communicate all of these things with their employees. You shouldn’t expect your employees to conform to your ideas about risk management without first taking the time to educate and inform them, whether through formal training or access to knowledge base material or similar.

Successfully building and strengthening cultural awareness about continuous improvement includes:

• Establishing a common risk management vocabulary
• Making sure communications are consistent with said vocabulary and that everyone in the organisation has clear access to all relevant documents
• Being clear about risk management responsibilities and accountabilities.
• Launching and maintaining training programs, providing training support and guidance where needed and as required by different roles and responsibilities within the organisation
• Making sure onboarding processes adequately cover risk management.
• Making sure recruitment processes adequately cover risk management.

Phase two: Changing the way the organisation operates

Once a firm foundation of cultural awareness regarding continuous improvement has been established, it’s time to start thinking about how to gradually change how the organisation operates to reflect these values. This phase begins by recognising and rewarding employees for paying attention to risk and responding to risk in a way that challenges the previously established (pre-continuous improvement) status quo. These motivational systems, rewarding and penalising behaviour according to the established ideals of continuous improvement outlined in the early planning stages, will result in the gradual but certain shift towards a proliferation of continuous improvement-conscious company culture. Another important element is recognising the talent that conforms with the desired vision of continuous improvement and capitalising on this alignment by placing them accordingly in relevant, optimised positions of responsibility or seniority. It’s getting people in the right place to drive the right results.

Some important considerations for this phase:

• Utilising challenge as a motivator for driving cultural change
• Gamifying and quantifying risk performance metrics and rewarding/penalising behaviour accordingly.
• Considering risk management and continuous improvement culture in talent management approaches.

Phase three: Optimising and refining the cultural ecosystem

The third and final stage of cultural adoption of continuous improvement occurs once the company culture has matured to the point of widespread adoption and desired values are already well-entrenched. At this point, the focus shifts to monitoring performance versus expectations and attempting to tweak and refine the system to further improve cultural adoption. The expectations can and will be influenced by a wide range of stakeholders, not just top management; employees, a board of directors, analysts, customers, investors – they all have a say in the definition of cultural expectations because these expectations should directly reflect the whole entity that is the organisation, made up of all its constituent stakeholder parts.

Steps taken during this phase might include:

• Iterating feedback and observations from risk management into training, education, resources, and communications.
• Making sure stakeholders are held responsible for their actions
• Make sure any risk performance metrics or quantifiers are adjusted to reflect risk strategy, goals, and objectives changes.
• The capacity to redeploy and reassign individuals within an organisation according to desired risk culture goals
• Continually reflecting on and refining risk culture by continually changing business goals, objectives, and strategies.

At CRI® Group, we are committed to spreading the knowledge about the risk, compliance management and negative impact of fraud, bribery, and corruption to global businesses and promote transparent business relations across the world. As part of this effort, we want to present you our in-depth risk management and compliance insights – articles, whitepapers, eBooks, and other publications to help organisations overcome fraud, compliance, bribery, and corruption management challenges and tackle risks more effectively.

Don’t miss the opportunity to step up towards transparency and better protection for your business and your career – CRI® Group’s risk management and compliance insights give you a chance to explore these topics in-depth. If you are interested in our solutions, please click below to a free quote or contact us today.

GET A FREE QUOTE

Filed under: All Industries, All Regions, Background Investigation,

Any successful ethics and compliance strategy needs 5 key ingredients …

Once upon a time, the idea of business ethics was more of an abstract or philosophical notion that seemed more suited for discussion in a university lecture or at a business conference. Today, however, organisations of all sizes and industries must have concrete ways of addressing ethics and compliance issues as a principal component of their business processes and strategy. 

According to a study by PwC, 98 per cent of senior leaders say they’re committed to compliance and ethics; however, only 67 per cent have a process in place to identify the owners of compliance and ethics-related risks, with only a third having an officer in place for the overall compliance and ethics. Fifty-six per cent of the companies don’t have a chief ethics officer at all, and only 20 per cent have a Board of Directors that formed separate compliance and ethics committees. The study reports that 82 per cent of leaders communicated with employees on ethics, but 46 per cent of this is done in business meetings or by email. You can read the result on the full PwC website.

Business leaders are usually quick to communicate their expectations to employees, especially when it comes to financial goals or tasks that they want to be accomplished. However, what is often lacking is a clear, concise explanation of what the organisation expects regarding ethical behaviour and a compliance framework in place to follow. Today citizens, media, politicians and international bodies across all regions actively condemn abuses of power. And past scandals and their consequences have created a demand for increased regulations, greater transparency, and other rigorous scrutiny measures to be taken. To maintain (or regain) public trust, the ethics and compliance function has been placed at the centre of the strategic core of organisations by effective leaders.

Empower your organisation to mitigate risk!

To ensure a robust compliance and ethics strategy, five critical elements need to be implemented; 1) tone at the top; 2) corporate culture; 3) risk management, 4) a Chief Compliance Officer; and 4) testing and monitoring.

1 – Building Tone at the Top

“Tone at the top” is a term used to describe the ethical atmosphere created at an organisation or workplace by their leaders and their attitudes and behaviours. Tone at the top is vital in determining whether fraud, bribery, or corruption are likely to occur. Because all levels of management set it, it has a trickle-down effect on all employees. If the top leaders show a robust and zero-tolerance approach to fraud, employees are likely to lead by example.

An organisation with a strong ethical culture is usually led by a board of directors and senior management personnel who actively promote a culture of compliance and zero tolerance for fraud and other unethical business behaviour. Effective tone at the top will communicate to the organisation at all levels the expected type of conduct, what is considered unacceptable, and what the consequences will be for transgressions. A zero-tolerance approach should be followed at all times; it is vital in maintaining the culture of ethics and compliance at the organisation; below are some examples of failed tone at the top:

• The Enron scandal
• Arthur Andersen obstruction of justice
• Xerox fined by SEC
• Scandals at Fannie Mae
• Global financial crisis
• Tyco Scandal
• MCI Inc/WorldCom
• ImClone Systems trading case

For more scandals, check out our list of the “Top 10 Bribery & Corruption Stories of 2020“.

2 – Corporate culture

The prevailing norms, expectations, and recognised acceptable behaviour form the corporate culture of an organisation. By implementing an ethical code of conduct and compliance with all regulations a part of those norms, the organisation will help promote positive behaviour and integrity among its staff. 

You might be making assumptions that your employees know how to conduct themselves ethically when, in fact, this expectation only exists in a grey area in their minds – if at all. Some employees who have engaged in fraud, corruption or other unethical situations have claimed that while they knew their behaviour was wrong, they thought it was implicitly accepted by their bosses and, in some cases, their company on the whole.

Similar to establishing an effective tone at the top, fostering a positive corporate culture hinges on effective communication, and it needs to permeate different layers of the organisation. In other words, sending occasional emails about ethical behaviour isn’t enough to influence the culture at a company. Develop videos, team-building exercises, new employee orientations, and employee appreciation events; these provide opportunities to recognise positive behaviour and reinforce the company’s values. When employees see their colleagues being recognised and rewarded for maintaining a compliant and ethical corporate culture, they are more likely to help cultivate an ethical workplace. When the tone at the top and corporate culture are tied together, everyone understands what is acceptable and expected in being a part of the organisation’s success.

3 – Risk management: perform risk assessments

Risk management is identifying, evaluating, and prioritising risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events to maximise the realisation of opportunities. In other words, before you establish an ethics and compliance framework – first, a risk assessment should be conducted to uncover any vulnerabilities that need to be addressed with new processes. 

> Risk assessment breakdown: Identification, Analysis, Evaluation   

This means you need to assess how your business is conducted. So ask yourself:

• Have the various roles at the company been appropriately allocated, and is there a proper separation of duties?
• Are employees qualified for their responsibilities?
• Is the workforce trained to recognise the red flags of unethical behaviour and fraud?

Once the risks are identified, they can be isolated and addressed as part of your organisation’s comprehensive approach to ethics and compliance. The risks should be prioritised:

• Which ones pose an immediate threat?
• Could they effectively shut down the business?
• Do they pose a risk of financial, legal, or reputational risk – or all of the above?

Once prioritised, the identified risks should be assigned to critical members of the organisation. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk management strategy in place, then ISO 31000 can provide the principles, framework and a process for managing risk.

4 – A Chief Compliance Officer (CCO)

The implementation of a robust ethics and compliance strategy can give your organisation a competitive edge. A compliance officer or a CCO plays an essential and crucial role in the implementation. They are tasked with the day-to-day responsibility of overseeing the management of compliance and ethical risks whilst ensuring that the organisation is in compliance with the various regulatory requirements and that employees adhere to internal procedures and policies. Oversight should be provided by the board of directors (or ownership and executives) to ensure that problem areas have been adequately addressed and the organisation is taking a proactive approach to mitigating risk. 

5 – Testing and monitoring

When all the new processes have been implemented (the anti-fraud policy and employee code-of-conduct, anti-bribery and anti-corruption training and policies, allocation of duties and responsibilities, an anonymous reporting -hotline- process for unethical behaviour), a thorough testing and monitoring regimen is critical to ensure the new process is working. 

It is important to remember that having the best processes on paper won’t make a positive difference on its own. You need to monitor how they are being used and their success. A schedule should be in place that promotes frequent, regular check-ups of the ethics and compliance controls, with metrics that show results (i.e. surprise audits). A surprise audit is an effective way to test if any new controls have reduced the flagged irregularities. Before implementing ethics and compliance controls, the risk assessments should have identified risk areas with the new processes to mitigate that risk. Only by testing and testing frequently can the organisation determine if the new controls have the desired effect. If they are not, the company should develop new solutions that specifically robustly target these problem areas – and, in time, test them again.

Addressing ethics and compliance issues at an organisation can be a daunting task. However, with careful preparation, expert help, and a common-sense approach, any organisation can develop or enhance its corporate culture to be proactive in mitigating ethics and compliance risks. The benefits will be obvious – increased productivity, better security, and empowered employees who understand that their organisation values integrity and an ethical work environment.

Create a zero-tolerance approach to fraud with ISO 37001 ABMS

Creating a zero-tolerance approach to fraud doesn’t happen overnight. When your organisation enrols in ISO 37001:2016 ABMS training and certification, the program involves your entire team. The training helps establish an ethical culture by educating your employees on the following:

• What constitutes fraud, corruption, and bribery, and why these are so damaging to business
• How to identify red flags of fraud, corruption and bribery
• The process for reporting fraudulent and unethical acts
• The organisation’s zero-tolerance attitude toward unethical behaviour and willingness to terminate employees for breaches and prosecute unethical acts
• The severe ramifications for committing fraud or bribery, the legal consequences, and the negative impact on one’s career

Employees shouldn’t be expected to follow a code of conduct that they aren’t aware exists. That’s why ISO 37001:2016 ABMS creates a communication plan through which organisation leaders regularly communicate their ethical behaviour expectations to the staff periodically. Read more on how to build trust in the workplace with ISO 37001 Certification.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal communication channels or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy. COMPLIANCE HOTLINE

Filed under: All Industries, All Solutions, Automotive, Aviation, Compliance Solution, Finance & Professional services Industry, Global, Insurance, ISO 37001, IT & Telecommunications, Leadership Insights, Oil, Gas & Energy, Property, Resources by admin
1 Comment »

2nd ABAC Summit Announced in KL

After the great success of last year’s Anti-Bribery Summit, the 2nd ABAC Summit Announced in KL

CRI® Group is pleased to announce the upcoming Anti-Bribery Anti-Corruption (ABAC) Summit 2018 in Kuala Lumpur, Malaysia, 25 September 2018. This is the second year for the ABAC Summit, providing invaluable expertise in due diligence, internal controls and compliance issues, along with showcasing the latest resources and solutions to detect and combat bribery and corruption within organizations.

The one-day summit is a must-attend event for anyone working in anti-bribery and anti-corruption, due diligence, risk management, and anti-fraud such as CEOs, CFOs, Chief Legal Officers, Chief Compliance Officers, In-house Counsels, Compliance Managers, Lawyers and Auditors, Heads of Procurement and Other officers responsible for Compliance and Anti-Corruption.

Last year’s Anti-Bribery Summit was a great success, with critical topics presented by leading experts in anti-bribery and anti-corruption compliance. This year aims to be even better, with an agenda that includes the following highlights:

• A welcome introduction by Zafar Anjum MSc, CFE, Intl. Dip. (Fin. Crime). As founder and CEO of CRI® Group, Zafar Anjum has dedicated 28 years to the areas of fraud prevention, protective integrity, security and compliance. His expertise helps create secure networks across challenging global markets.

• Mohd Nur Lokman Bin Samingan, Assistant Commissioner at Malaysian Anti-Corruption Commission (MACC), will present “MACC (Amendment) Act 2018: Section 17A, ‘Offence by Commercial Organization’”. Mohd Nur Lokman Bin Samingan has vast experience as an investigator and a prosecuting officer, and is currently attached to the Community Education Division of MACC as the head of Private Sector Branch. He engages business entities, corporations and private companies in cultivating anti-corruption awareness.

• Dr KM Loi, Vice-Chairman of ISO/PC 278 (ISO 37001:2016), Co-convenor of ISO/TC 309 WG2 (ISO 37001 Handbook), will present “ISO 37001:2016 – Management Tool to Address Corporate Liability Provision”. Dr KM Loi is an anti-bribery expert with 20 years of management skills in quality consulting, training and auditing with wide exposure to various industries in the context of ISO 9001, ISO 14001, ISO 13485, IATF 16949, ISO 26000, ISO 37001, SA8000 & OHSAS 18001.

• Drago Kos, Chairman of Organization for Economic Co-Operation & Development, will present “Corporate Integrity Guarantees Prosperity”. Drago Kos is the Chairman of the OECD Working Group on Bribery in International Business Transactions, Co-Chair of the Defence Corruption Monitoring Committee in Ukraine and adviser to the Kosovo Anti-Corruption Agency.

• Cristian Nicoara, Independent Expert Consultant; Justice, Anti-Corruption, and Security Sector Reform Adviser, will present “Anti-Corruption Agencies are Fighting an Imbalanced Battle. Where to Find the Allies?” Cristian Nicoara is a former Romanian investigative prosecutor with 15 years specialisation in major crimes, anti-corruption and financial investigations.

• Md Alimuddin Rahim, Group Integrity Officer at Petra Energy Berhad, will present “Role of Malaysian Anti-Corruption Foundation (NGO) in assisting Malaysian Anti-Corruption Commission (MACC)”. Md Alimuddin Rahim has more than 20 years’ experience in his industry – he is the Secretary General at Malaysian Anti-Corruption Foundation and also works as Group Integrity Officer at Petra Energy Berhad.

• Presenter Cynthia Gabriel, Executive Director at The Center to Combat Corruption and Cronyism (C4 Center), human rights advocate and anti-corruption leader in Malaysia will present “New Lessons from 1MDB: The evolving actors in modern money laundering”. Cynthia Gabriel has experience advancing and promoting human rights, good governance and democratic freedoms. She founded the Centre to Combat Corruption and Cronyism (C4), a NED grantee, which works to promote good governance and conducts a multifaceted project designed to encourage public participation in efforts to combat corruption.

• A special panel discussion and Q&A session will feature all of the keynote speakers.

• An hour at the conclusion for additional networking among attendees, with refreshments provided.

CRI® Group founder and CEO Zafar Anjum said that after the success of last year’s inaugural event in Pakistan, he is excited about the second Anti-Bribery Anti-Corruption Summit in Kuala Lumpur, Malaysia.

“This year’s agenda was developed to provide you with invaluable information and foresight into the forces that guide and dictate our everyday work life: the ongoing quest for solutions, balance, and insight into the oftentimes chaotic world of anti-bribery and corporate corruption compliance”, Anjum wrote.

This is a critical time for world markets and economies. The latest Corruption Perceptions Index shows that “most countries around the world are making little or no progress in ending corruption” (Transparency international, titled “Corruption perception index 2017”, 2018).

That’s why the expertise, best practises and resources shared by the leading industry experts at the ABAC Summit are more important than ever. In the Asia Pacific region alone, the majority of countries are in the lower half of this year’s Corruption Perceptions Index. This is because bribery is still a key problem, made worse by unaccountable governments, lack of oversight, instability and insecurity.

There are positive signs as well. Officials in Malaysia, the host country of this year’s ABAC Summit, have made strides in the fight against bribery and corruption. According to MACC, 879 offenders – from top management to lower level staff, in both the public and private sectors – were arrested last year. This demonstrates Malaysia’s commitment to bringing offenders to justice.

Time is running out to make your plans to attend ABAC 2018 and get an edge on the latest best practices, laws, regulations and compliance, presented by the foremost experts in the field. Meet the colleagues you networked with at last year’s event; or make new connections with CEOs, CFOs, other executives, directors, lawyers, auditors, legal officers, compliance officers and others who face the same anti-fraud and anti-corruption challenges as you.

Visit www.anticorruptionsummit.com and reserve your spot today. Early bird registration (50 percent off!) is available until 30 August.

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- Guidelines; ISO 37000:2021 Governance of Organisations; ISO 37002:2021 Whistleblowing Management System; ISO 37301:2021 (formerly ISO 19600) Compliance Management system (CMS); Anti-Money Laundering (AML); and ISO 37001:2016 Anti-Bribery Management Systems ABMS. ABAC® offers a complete suite of solutions designed to help organisations mitigate the internal and external risks associated with operating in multi-jurisdiction and multi-cultural environments while assisting in developing frameworks for strategic compliance programs. Contact ABAC® for more on ISO Certification and training.

Filed under: CRI News, Malaysia, Kuala Lumpur by admin
Comments Off on 2nd ABAC Summit Announced in KL

Internal Control: Identify Vulnerabilities through TPRM Assessment

CRI® Group’s Third-Party Risk Assessments are front-line tools used to ascertain whether an organisation has the appropriate policies and procedures in place to address all potential risks at the management, operations and financial levels and simulates the likelihood of those risks occurring.

A 3PRM^TM assessment includes a review of internal auditing procedures, compliance guidelines, performance criteria, internal controls, reporting processes, and contractual requirements vital to fostering a long-term positive outcome with the third-party provider when looking at the relationship from a cost-benefit standpoint. A 3PRM^TM assessment verifies whether the proposed third-party relationship is consistent with the organisation’s strategic plan and overall business strategy. Specific areas addressed in a 3PRM^TM assessment include:

• Audit and supervision functions that assign clearly defined responsibilities within the organisation
• Business continuity plans that take into account natural disasters and third-party business closures
• Supply-chain alternatives that react and respond to every possible scenario, from regional events to currency fluctuations
• Jurisdictional considerations and affiliations with potential partners located in regions that may be prohibited by law
• Data and intellectual property protection, which includes customer privacy and information security considerations
• Anti-corruption and whistle-blower policies begin with staff education and extend to safe internal and external reporting mechanisms which are easily accessible to management and staff.

Our 3PRM^TM assessments ensure tight controls to mitigate key risks and designate specific staff responsible for maintaining those controls. Any gaps detected in those controls are addressed during the assessment phase.

VIEW 3PRM^TM BROCHURE

CRI® Group invites you to schedule a quick appointment with us to discuss how conducting our 3PRM^TM assessment can help you and your organisation. 

GET A FREE QUOTE

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

Filed under: All Industries, All Regions, Industry Insights, Resources,

CRI® Celebrates 28 Years with a Trip to Thailand

2018 has been a big year for CRI® Group, a global leader in Risk, Compliance and Anti-Corruption Management Systems. First, the firm was granted accreditation by the Emirates International Accreditation Centre (EIAC) as an ISO 37001:2016 Anti-Bribery Management System Certification and Conformity Assessment Body (the first accreditation of its kind awarded to a certification body specialising in global anti-bribery and anti-corruption, risk and compliance standards).

Then, CRI® Group proudly announced that it will host its Anti-Bribery Summit 2018 in Kuala Lumpur, Malaysia – following the success of last year’s inaugural event. The two-day summit offers expert training and the sharing of best practices for fighting bribery and corruption.

Following both of these major announcements, more than 20 CRI® Group employees gathered in Bangkok, Thailand to celebrate the company’s 28th anniversary. CRI® Group organised the trip to help employees connect, share in their achievements together, and enjoy all of the sights, sounds and great cuisine of Thailand in the ultimate team building trip.

CRI® Group: A Brief History

CRI® Group was originally founded as the “Metropolitan Detective Agency” by Mr. Muhammad Anwar Naveed, the father of CRI® Group CEO Mr. Zafar I. Anjum. It was a one-man private investigation firm that dealt with insurance claim investigations. In 1990, Mr. Zafar Anjum (a former member of the Pakistan Rangers who had earned a Graduate Diploma from Pakistan Detective Training Institute PDTI) formally launched the business as a full flagged district level detection agency with a full range of services including insurance claim fraud investigations, background checks and due diligence.

While working one insurance fraud case in particular, Mr. Zafar Anjum realised that a certain aspect of the affair struck him: Whereas most types of crime are dealt with by the justice system, fraud is peculiar in that it often mandates investigation by an external agency or organisation which specialises in fraud detection.

“I noticed that such organisations were sorely lacking in Pakistan at the time – and that there was a distinct lack of counter fraud education in the general population, which aided those committing fraud greatly”, Mr. Zafar Anjum said. “Furthermore, even where individuals were aware that they were being defrauded, they lacked the knowledge of how to effectively resolve disputes between themselves and the defrauder. Therefore we started a very first corporate investigation company in Pakistan specialising in Fraud Risk Investigations, Risk Consulting and Compliance solutions”.

Mr. Zafar Anjum raised the firm to a new level in 2001 when he incorporated and registered it in Pakistan as a Private Limited Company with a new name: Corporate Research and Investigations (Private) Limited, offering full-scale investigative research services. Corporate Research and Investigations Limited was incorporated in 2006 in the UK, and Corporate Research and Investigations LLC DIFC was incorporated in 2008 in UAE. Today, the company stands as a leader in employee background screening services, investigative due diligence, third-party risk management services and Anti-bribery Management Systems. CRI® Group safeguards some of the world’s leading businesses by establishing the legal compliance, financial viability and integrity levels of outside partners, suppliers and customers seeking for affiliation.

Currently based in London, UK, CRI® Group is a global firm with experts and resources located in key regional marketplaces across the Asia Pacific, South Asia, the Middle East, North Africa, Europe and North America. The company’s success and growth continues, as it recently expanded into North and South America and Asia while opening three new branches: Toronto (Canada), São Paulo (Brazil) and Shanghai (China).

ABAC® Center of Excellence

While reflecting on CRI® Group’s history, Mr. Zafar Anjum said the recent EIAC accreditation is a major milestone and a result of the commitment and hard work of the entire team. CR®I Group administers ISO 37001:2016 Anti-Bribery Management System Certification through its Anti-Bribery and Anti-Corruption ABAC® Center of Excellence, which it launched in October of 2016.

“It is a special honour to be the very first accredited conformity assessment body in Middle East, Asia and the UK”, Mr. Zafar Anjum said. “This accreditation is a testament to the expertise of our global network of audit specialists and the result of 28 years providing high-level risk management and compliance solutions to organisations worldwide seeking to combat the detrimental effects of bribery and corruption”.

CRI® Group’s ABAC®  Center of Excellence was created to educate, equip and support the world’s leading business organisations with the latest in best-practice due diligence processes and procedures, providing world-class anti-bribery and anti-corruption solutions to organisations seeking to validate or expand their existing compliance frameworks to maintain a competitive edge in the world marketplace.

“We are striving to ensure compliance and ethics being best practices for companies and their third-party relationships, and we believe this is a very best defence against all corporate malpractices”, said Mr. Zafar Anjum.

A Time to Celebrate

The idea for the meeting in Thailand grew from CRI® Group’s achievements, and also the company’s focus on human connection as the key to career success, recognising the positive attitudes and encouraging efforts of all employees that help lead the company to new heights year after year. The trip to Thailand was an enthusiastic “thank you” for their hard work.

The group was made up of 22 CRI® Group employees from various worldwide locations. They were joined by Mrs. Kanwal Zafar, wife of Mr. Zafar Anjum, as they gathered in Bangkok for four days. They also visited Pattaya, took a trip to the Coral Island, took a cruise in the river and enjoyed Thai food, culture and each other’s company. As one of the most important aspects of the trip, they engaged in several team building activities to strengthen rapport and communication.

Dubai-based CRI® Group employee Ayesha said: “We had an amazing time in Thailand to celebrate our achievement of accreditation by EIAC. I wish for CRI® Group to have more success ahead so that lots of such trips come our way!”

Austeja, who is based in the UK, said: “The best thing is that we met each other. We do communicate internally a lot, but never met each other in person. I believe from now on, our communication will be even more effective and the bonds we built will help the company to reach even higher goals”.

Muhammad, from Pakistan office, mentioned: “It was my first trip abroad and it was a very peaceful and enjoying journey to Thailand with CRI® Family. Very effectively and thoroughly planned by HR and Admin department. Must say a very well-done job.  Thanks to Sir Zafar and Mam Kanwal for such a memorable trip.”

HR manager Ayesha concludes: “On this auspicious event, I would like to congratulate Mr. Zafar Anjum who have set the foundations of this company 28 years back and worked hard day in and day out to reach heights of success. And this 28th anniversary is very special for all of us as we have achieved EIAC accreditation in this year and we are an Accredited CB for the scope of ISO 37001:2016 ABMS. It is rightly said, and I quote: “Celebrate what you have accomplished, but raise the bar a little higher, each time you succeed”.”

Congratulations to Mr. Zafar Anjum and all CRI® Group employees for an anniversary to remember!

Filed under: CRI News, Malaysia, Kuala Lumpur, Resources by admin
No Comments »

Employee Screening Process

How do you know the candidate you just offered a role to is ideal? Are you 100% sure you know that everything they’re telling you is the truth? 90%? They showed you a diploma; how do you know it’s not photoshopped? Did you follow the correct laws during your background check process? Background checks and necessary screenings are vital to avoid horror stories and taboo tales within HR, your business or even your brand – simply investing in proper employee screening can save you time, money and heartbreak. A complete employee screening process will result in fewer applications with serious discrepancies – it increases the quality of new hires due to an improved applicant pool and selection process. EmploySmart™ provides full in-depth background screening services for employees and candidates at all levels, from senior executives to shop-floor employees.

How Well Do You Know The People You Invest In?

CRI® Group has developed EmploySmart™, a robust new pre-employment background screening service to avoid negligent hiring liabilities. Ensure a safe work environment for all. EmploySmart™ can be tailored into specific screening packages to meet the requirements of each specific position within your company. We are a leading worldwide provider specialised in local and international employment background screening, including pre-employment and post-employment background checks.

Pre-employment checks/background checks/screening benefits:

• Reduce turnover & training costs
• Gain a competitive edge through the hiring of better people
• Increase productivity – help your employees be more productive, knowing that everyone employed by your company has been screened.
• Set your company apart & win more business
• Reduce employee-related problems
• Protect company reputation/brand & customer relations
• Comply with mandates created by state or federal law for certain industries
• Increase retention
• Reduce negligent hiring claims
• Avoid violence in the workplace (threats of violence & actual violence)
• Reduce theft & espionage
• Avoid lawsuits & the costs associated with the defence.
• Avoid loss of goodwill.

Pre-employment checks/background checks, what are they?

These checks are essentially an investigation into a person’s character – inside and outside their professional lives. Some checks you probably already carry out in-house, such as candidate’s qualifications (documents provided), work history (with a reference check), right to work in the country and even a quick social media presence scan. However, we provide a full in-depth background screening service for candidates and employees at all levels – from senior executives through to shop-floor employees:

• Address Verification (Physical Verification)
• Identity Verification
• Previous Employment Verification
• Education & Credential Verification
• Local Language Media Check
• Credit Verification & Financial History (where publicly available)
• Compliance & Regulatory Check
• Civil Litigation Record Check
• Bankruptcy Record Check
• International Criminal Record Check
• Integrity Due diligence… and more.

When should I conduct pre-employment checks?

Our pre-employment screening services will help you avoid adding potential fraudsters and other bad actors to your staff. These checks can be implemented before or after a job offer (with each having its pros and cons).

How to collect references, and what to ask?

Because it is impossible to know how your candidate will work daily from just one interview, you will need references. References are a great way to find out whether your candidates are suitable for the role or will fit with your company culture. A primary reference check asks for:

• Employment dates
• Employment main responsibilities
• Attendance record
• Any disciplinary actions against them
• Any reasons why they shouldn’t be employed

These references will help you back up their CV – however, many candidates tend to exaggerate or misrepresent themselves. Our EmploySmart™ team goes beyond to get a fuller picture for you:

• Greatest strengths?
• Are they suitable for the role they’ve applied for?
• Would they rehire the candidate?
• Suitable management style?
• Do they have any leadership skills?
• Situations in which they have excelled at?

Some companies have policies of not giving references and just providing necessary employment details, while others direct you towards HR, but the EmploySmart™ team is persistent.

What specific legal requirement should I ask?

You will need to check if they have the right to work in the region you are recruiting for. You are subject to statutory penalties if you employ foreign nationals who don’t have the correct visas. You will need to request criminal records checks depending on the role you are recruiting. Such roles with children or vulnerable people are highly regulated – and all of these differ from country to country.

CRI Group™ carries the burden of knowing the laws, so we can assist you with staying compliant and helping you to make the best decisions for your company’s needs. We have established an interdisciplinary team of experts in employment law, best practices and data protection. We can manage your employment background screenings across borders for you! Country by country, we have documented the different approaches to employment screening, ensuring we operate in harmony with local culture and within the limitations of local legislation.

With extensive local language capabilities, flexible working patterns and time zone intelligent workflow, we provide a comprehensive and fully compliant global screening service.

At CRI Group™, we specialise in employment screening, working as trusted partners to HR and recruiting managers of corporations and institutions worldwide. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

CRI Group™’s unique identity and vision evolved from our fundamental desire to support our clients and candidates. We have a passion for Screening and a simple belief in setting new standards. These qualities fuel our commitment to excellence and drive our culture.

Our EmploySmart™ background screening services expose vulnerabilities and threats within your organisation and can significantly reduce business and financial crime, fraud and malpractice within your workplace. Our experienced EmploySmart™ Team can safeguard your data security and your business integrity while you can focus on human conversations and interactions. Together, your organisation can deliver outstanding screening experiences.

We provide a host of professional services to HR managers representing significant corporations worldwide. Employees should be screened regularly to reveal any new information relevant to the business. That’s why our background investigations services also include:

• Employee monitoring and risk management
• Data protection compliance
• Employee testing and confidentiality
• Employee risk management
• Post-employment background checks

CRI Group™ is trusted by the world’s largest corporations and consultancies – outsource your employee due diligence to an experienced provider, and you will only ever have to look forward, never back.

BS 7858:2019 Screening: extra security level for your business and employees

CRI Group™ is trusted by the world’s largest corporations and consultancies – outsource your employee due diligence to an experienced provider, and you will only ever have to look forward, never back.

Get answers to frequently asked questions about background checks/screening cost, guidelines, check references etc. This eBook of compiled list of background screening related questions taken as a whole is the perfect primer for any HR professional, business leader and company looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.

READ MORE

Working with CRI Group™, you get:

• Extensive global coverage, with expertise in domestic and international Screening; one of the largest, most experienced and best-trained integrity due diligence teams in the world
• Our team of more than 50 full-time analysts is spread across Europe, the Middle East, Asia, and North and South America and is fully equipped with the local knowledge to serve your needs globally.
• The ability to manage multiple background checks online
• Quick turnaround times
• Our solutions are easily customisable and flexible, and we will tailor our scope to address your concerns and risk areas, saving you time and money.
• High-quality searches, backed by numerous checks and quality controls
• We have a flat structure which means that you will have direct access to senior staff members throughout the due diligence process.
• Our multi-lingual teams have conducted assignments on thousands of subjects in over 80 countries, and we’re committed to maintaining and constantly evolving our global network.
• Our extensive solutions include due diligence, employee pre and post background screening, business intelligence and compliance, and facilitating any decision-making across your business, no matter what area or department.

GET A QUOTE

Who is CRI Group™?

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, and is an HRO certified provider and partner with Oracle.

LET’S TALK!

Filed under: All Industries, All Regions, Background Investigation, Employee Background Check, Resources by admin
1 Comment »

Ethics and Compliance Hotline: your frequently asked questions answered…

Ethics hotlines are growing in popularity. In 2017 the South Africa Home Affairs Minister Malusi Gigaba announced over 3,000 officials were found guilty of misconduct related to cases reported via the National Anti-Corruption Hotline (NACH). “The closure rate underscores a commitment by government departments to investigate allegations of corruption as reported through the NACH.” Ethics and compliance hotlines work! Organizations must have an ethics and compliance hotline to help promote the organization’s code of conduct and nurture a culture of honesty and accountability. 

Don’t opt out of an ethics hotline

The 2019 Global Business Ethics Survey found that more reports of misconduct were made to direct supervisors (a median of 51 per cent) compared to hotlines (6 per cent). However, it is still crucial to have an Ethics and Compliance Hotline. Why? Having an ethics and compliance hotline shows employees that the business leaders genuinely want to hear from them, making it a great employee relations tool.

The ethics and compliance hotline is an anonymous reporting mechanism. So when the normal channels of communication fail, a hotline can facilitate any flagging. They provide an accessible way for employees to report potential wrongdoing, possibly illegal, unethical, or improper. A company can better protect itself from fraud, learn of employee misconduct and proactively mitigate any corruption-related risk. Despite industry or size, any organisation should be 110% committed to having an open dialogue on ethical dilemmas regardless. 

CRI® Group encourages everyone to report any wrongdoing. We believe that everyone should have a voice and protect themselves, colleagues and the organizations that they work for. Everyone must seek to maintain transparency to comply with the code of conduct and compliance regulations. If your organization considers an ethics and compliance hotline, here are some must-knows.

Who can report? And what can you report?

All individuals – employees, clients, contractors, vendors and others in a business relationship with you or your organization – have a duty and responsibility to report any known or suspected noncompliant behavior or violations of any regulatory mandates and/or local policies, including but not limited to:

• Ethical standards violations;
• Violation of laws and company policy and internal control;
• Risk and safety;
• Theft, embezzlement or misappropriate of assets and fraud;
• Bribery and corruption;
• Employee rights, employee relations, work environment;
• Privacy laws or security of personal information;
• Discrimination;
• A dispute related to a supervisor, HR and other departments;
• Physical and verbal harassment in the workplace;
• Issues related to job responsibilities;
• The report related to a suspicious activity being a witness; and/or
• Unfair dismissals.

How to report?

You can report your concern using the Ethics and Compliance hotlines at any time, 24/7. And an effective Ethics & Compliance Hotline should allow reporting via phone, email, web-based compliant forms and even walk-ins.

How does it work?

This will depend on your organization structure; however, if you allow reporting directly by telephone, the caller should speak with the Compliance Department directly. The caller can remain anonymous or may want follow-up, in which case(s) he will give contact details. If the individual submits a report online, the system should guide the individual through the reporting process, and a PIN number will be generated automatically once they complete the report. The compliance department specialist who receives the tip is then in charge of validating it. This compliance officer typically receives special training on gathering enough information to ensure the complaint is credible. The tip is then routed to the right department within the organisation, such as audit, legal, or human resources. 

What is the process of the investigation?

The Compliance Department or Committee should then review the report and conduct an investigation. The investigation may include an interview with relevant witnesses review of records, computers, telephones and other equipment per relevant personal data regulations. The reported individual will be able to follow the status of the case and communicate with the Compliance by giving their case number. However, no party can contact the individual directly if you have chosen to remain anonymous. The investigation conclusions and recommendations are reported to Management.

Can we generate anonymous reporting?

Yes, if the individual wishes to remain anonymous when reporting their concern, they can. However, you should encourage the individual to identify themselves where/when possible, enabling your organization to investigate the report more effectively. If they provide their names, your compliance department should protect their confidentiality to the greatest extent possible during the investigation. The organization should have a Non-Retaliation and Whistleblower Policy to help ease the process.

What is a Non-Retaliation Policy?

While on the surface, hotlines may seem a convenient option to receive employee complaints, tips or concerns, often, it’s the process that surrounds the hotline which can determine whether it ultimately succeeds or fails. Areas such as employee relations are particularly challenging for anonymous tips. An organisation needs to have a whistleblower process in place – this is a critical component of any compliance monitoring system. It enables companies to identify and mitigate potential risks early before they impact operations, reputation and ultimately, financial performance. 

How can we make sure they deliver a credible report?

When reporting an issue, encourage individuals to ensure that they provide as much relevant information as possible, for example, the names of persons involved in the alleged conduct, potential witnesses, appropriate documentation or data, visual evidence etc. Provide them with forms that allow them to understand what they need to submit a credible report, with the appropriate questions and empty spaces for further feedback, including the ability to upload any initial profs. This will allow your Compliance to effectively follow up on the case.

What makes a successful implementation?

1. A strong and clear message is delivered to employees and stakeholders by a senior individual who champions the overall programme.
2. A clear understanding of how best to engage with your employees at all levels and in all countries. Remember to take into account country and cultural differences.
3. A robust internal process to deal with reported issues as laid out in your code of conduct policy or ethics programme.

Are you addressing corporate Compliance?

Prove that your business is ethical. Find out if your organisation’s compliance program aligns with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Let our experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under the UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

Find out what’s a Gap Analysis and why do you need it?

Report with CRI® Group!

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use the reporting process in this Code of Conduct, including the Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by the CRI® Group Non-Retaliation Policy. 

REPORT NOW!  

CRI® will not accept any retaliation or discrimination against any employee or external stakeholder who uses our Compliance Hotline in good faith or participates in an investigation. Any employee who breaches the policy will be subject to disciplinary actions. If you wish to learn more just have a look at our article on Ethical code of conduct: What should be covered?

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, 

Meet the CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal Compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: All Industries, All Regions, All Solutions, Anti-Bribery Anti-Corruption Solution, Compliance Solution, CRI News, Global, ISO 37001, Leadership Insights, Resources by admin
No Comments »

Importance Of Strong Risk Management Leadership

Managing risk effectively ensures businesses succeed and thrive in constant uncertainty. Good leadership has tremendous importance in the success of the ISO 31000 risk management system. ISO 31000 aims to simplify risk management into clearly understandable and actionable guidelines that should be straightforward to implement, regardless of a business’s size, nature, or location. However, without leadership, your risk management strategy is likely to fail. Here are a few key points that top management should pay close attention to for a successful ISO 31000 risk management system. 

ISO 31000 is not one-size-fits-all

ISO 31000 clearly states that risk management is an open-ended process designed to be highly customised and tailored to the organisation’s individual needs and contexts. That said, ISO 31000 advises particular attention to customising the risk profile, risk appetite, and the communication and facilitation of risk management throughout the company culture.

Executive alignment is crucial

This is one of the most important points; top management must be firmly committed to the risk management program, or the system will not work. Executives should ensure that the entire risk management process is integrated across all levels and departments of the organisation and is strongly aligned with company objectives, strategy, and culture.

Consider how risks will impact value

Top management should be responsible for ensuring that risks are prioritised per how they impact the organisation’s ability to create and deliver value. This approach differs from traditional risk management approaches, which typically rank the risks by numeric value, assigned by considering probability and estimated severity.

Proactive, not reactive

This one is self-explanatory. The basic idea is that risk management should be preemptive. Rather than simply reacting to the currently identifiable risks, it prepares for risks that haven’t yet arisen.

What about ISO 31000 certification?

ISO 31000 provides guidelines, not requirements, and is therefore not intended for certification purposes. It’s important to note that ISO 31000 is a set of guidelines, not requirements. Many ISO standards, like ISO 37001 ANTI-BRIBERY MANAGEMENT SYSTEMS and ISO 37301 Compliance Management Systems, are requirements, which means they compose a strict set of specifications that can be certified. ISO 31000 is not like that; it can’t be certified. It’s simply a set of best practice guidelines.

Powered by CRI® Group, ABAC® educates, equips and supports the world’s leading business organisations with the latest best-in-practice risk assessments, performance assessments, systems improvement and standards certification. Our ISO solutions (certification and training) are offered through our ABAC® Center of Excellence. Find out how ABAC® can help your business! 

Getting Started with ISO 31000 Risk Management?

ISO 31000 is an international standard issued in 2009 by ISO (International Organization for Standardization). All types and sizes of organisations face internal and external factors that directly impact whether an organisation can achieve their objectives or not. ISO 31000:2018 serves as a guide for the design, implementation and maintenance of risk management; ISO 31000:2018 describes a systematic and logical process during which organisations manage risk by identifying it, analysing it, and then determining as to mitigating the risk treatment in a way that is consistent with their risk appetite. An organisation can implement risk management across the entire company and can do so at any time. It can also tailor these controls to specific areas and activities in the business.

• Organisations can use it to compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.
• It is a clear indicator to your customers and other stakeholders that, as an organisation, you are committed to managing risks in every part of your business.
• Increases public confidence in the organisation by demonstrating your management capabilities in protecting your business from internal and external threats.
• ISO 31000:2018 helps to provide guidance for internal or external audit programmers.
• Competitive bidding for commercial tenders will enhance your company’s reputation and give you a competitive advantage.

Our newly published “ISO 31000 Risk Management: A guide to identify, analyse and mitigate risk” playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

• What is ISO 31000?
• Why is this Standard a good idea?
• What are the benefits for my business?
• Principles of ISO 31000:2018
• ISO 31000 framework
  • Why was it revised?
  • What are the main differences?
• Key Clauses of 31000:2018
• Who is the Standard?
• The process
• The link between 31000:20180 and other standards
• Importance of risk management leadership
• 31000:2018 and continuous improvement
• How do we get started?

Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. The first part of reducing risk is having a strategy and taking action. So DOWNLOAD your free playbook now!

Other risk management solutions

CRI® Group’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates, thus creating the DueDiligence360™. We specialise in solutions regarding compliance, working as trusted partners to businesses and institutions across the globe. While CRI® may not offer the ABMS certification, we offer other services. Our experts work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

The DueDiligence360™ reports help organisations comply with anti-money laundering, anti-bribery, and anti-corruption regulations. This service also proves beneficial ahead of a merger, acquisition, or joint venture. It can be used for a third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. Identifying key risk issues clearly and concisely helps enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.

Why not consider our background investigative solutions? 

Firms spend thousands, even millions, to brand their products and services – it only takes one bad hire to cause a loss of capital and reputation. Employee Background Checks can aid in reducing the risk of hiring an employee who does not live up to their supposed skill set and could cause irrevocable damage. It can cause a business to fail, especially if the employee holds malice toward the organisation. EmploySmart™ is CRI® Group’s solution to expose vulnerabilities and threats within your organisation. Much like the ISO certification, our EmploySmart™ is a risk management measure that can be used to significantly reduce business and financial crime, fraud and malpractice within your workplace.

Our solutions are also certified by the British Standard Institute BSI for the scope of BS 7858:2019 Screening of individuals working in a secure environment, Code of practice (the only BS 7858 certified background screening services provider in the UAE and across the Middle East); and BS 102000:2018 Code of practice for the provision of investigative services.

Another risk management solution to consider from CRI® is our Third-Party Risk Management solution (TPRM), also known as 3PRM™. In the wake of the global pandemic, the 3PRM-Certified™ was developed to aid organisations in accurately determining the legal compliance, financial viability, and integrity levels of external parties, vendors, and customers who seek to be affiliated with and represent the business.

The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on the targeted parties. This highly thorough program reveals anti-corruption, compliance and risk management discrepancies associated with the international regulatory framework helping your business flourish at any scale. Find out more about CRI® Group’s Risk Management Solutions.

If you’re unsure what solution may be best for you and your business, how about connecting with one of our experts for a free consultation? Receive tailored advice from the top analysts and investigators across the globe.

اتصل بنا

Filed under: All Industries, All Regions, Resources by admin
No Comments »