Move Over, ID Theft – Here’s the New No. 1 Fraud

From CBS News

Beware of bogus IRS agents, fake offers of tech support – in other words, impostors. They’ve overtaken identity thieves to become the nation’s top fraudsters, according to the latest consumer complaint data.

The Federal Trade Commission’s Consumer Sentinel project, which tallies up the number and type of consumer complaints received each year, reported more than 3 million of them in 2016. Debt collection remains the No. 1 gripe, accounting for some 28 percent of reported complaints. However, the bulk of debt-collection complaints involve overly aggressive collection tactics, not fraud.

Read the full article.

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today to get started on implementing a robust program that will serve you well for years to come. Get your FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background Screening

TPRM
العناية الواجبة 360°
حلول الامتثال
 and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- GuidelinesISO 37000:2021 Governance of OrganisationsISO 37002:2021 Whistleblowing Management SystemISO 37301:2021 (formerly ISO 19600) Compliance Management system (CMS)Anti-Money Laundering (AML); and ISO 37001:2016 Anti-Bribery Management Systems ABMS. ABAC® offers a complete suite of solutions designed to help organisations mitigate the internal and external risks associated with operating in multi-jurisdiction and multi-cultural environments while assisting in developing frameworks for strategic compliance programs. Contact ABAC® for more on ISO Certification and training.

Importance Of Strong Risk Management Leadership

Managing risk effectively ensures businesses succeed and thrive in constant uncertainty. Good leadership has tremendous importance in the success of the ISO 31000 risk management system. ISO 31000 aims to simplify risk management into clearly understandable and actionable guidelines that should be straightforward to implement, regardless of a business’s size, nature, or location. However, without leadership, your risk management strategy is likely to fail. Here are a few key points that top management should pay close attention to for a successful ISO 31000 risk management system. 

ISO 31000 is not one-size-fits-all

ISO 31000 clearly states that risk management is an open-ended process designed to be highly customised and tailored to the organisation’s individual needs and contexts. That said, ISO 31000 advises particular attention to customising the risk profile, risk appetite, and the communication and facilitation of risk management throughout the company culture.

Executive alignment is crucial

This is one of the most important points; top management must be firmly committed to the risk management program, or the system will not work. Executives should ensure that the entire risk management process is integrated across all levels and departments of the organisation and is strongly aligned with company objectives, strategy, and culture.

Consider how risks will impact value

Top management should be responsible for ensuring that risks are prioritised per how they impact the organisation’s ability to create and deliver value. This approach differs from traditional risk management approaches, which typically rank the risks by numeric value, assigned by considering probability and estimated severity.

Proactive, not reactive

This one is self-explanatory. The basic idea is that risk management should be preemptive. Rather than simply reacting to the currently identifiable risks, it prepares for risks that haven’t yet arisen.

What about ISO 31000 certification?

ISO 31000 provides guidelines, not requirements, and is therefore not intended for certification purposes. It’s important to note that ISO 31000 is a set of guidelines, not requirements. Many ISO standards, like ISO 37001 ANTI-BRIBERY MANAGEMENT SYSTEMS and ISO 37301 Compliance Management Systems, are requirements, which means they compose a strict set of specifications that can be certified. ISO 31000 is not like that; it can’t be certified. It’s simply a set of best practice guidelines.

Powered by CRI® Group, ABAC® educates, equips and supports the world’s leading business organisations with the latest best-in-practice risk assessments, performance assessments, systems improvement and standards certification. Our ISO solutions (certification and training) are offered through our ABAC® Center of Excellence. Find out how ABAC® can help your business! 

Getting Started with ISO 31000 Risk Management?

ISO 31000 is an international standard issued in 2009 by ISO (International Organization for Standardization). All types and sizes of organisations face internal and external factors that directly impact whether an organisation can achieve their objectives or not. ISO 31000:2018 serves as a guide for the design, implementation and maintenance of risk management; ISO 31000:2018 describes a systematic and logical process during which organisations manage risk by identifying it, analysing it, and then determining as to mitigating the risk treatment in a way that is consistent with their risk appetite. An organisation can implement risk management across the entire company and can do so at any time. It can also tailor these controls to specific areas and activities in the business.

  • Organisations can use it to compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.
  • It is a clear indicator to your customers and other stakeholders that, as an organisation, you are committed to managing risks in every part of your business.
  • Increases public confidence in the organisation by demonstrating your management capabilities in protecting your business from internal and external threats.
  • ISO 31000:2018 helps to provide guidance for internal or external audit programmers.
  • Competitive bidding for commercial tenders will enhance your company’s reputation and give you a competitive advantage.

Our newly published “ISO 31000 Risk Management: A guide to identify, analyse and mitigate risk” playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

  • What is ISO 31000?
  • Why is this Standard a good idea?
  • What are the benefits for my business?
  • Principles of ISO 31000:2018
  • ISO 31000 framework
    • Why was it revised?
    • What are the main differences?
  • Key Clauses of 31000:2018
  • Who is the Standard?
  • The process
  • The link between 31000:20180 and other standards
  • Importance of risk management leadership
  • 31000:2018 and continuous improvement
  • How do we get started?

Risk management is a full-time, ongoing endeavour for organisations in today’s business world, and it poses constant challenges. The first part of reducing risk is having a strategy and taking action. So DOWNLOAD your free playbook now!

Other risk management solutions

CRI® Group’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates, thus creating the DueDiligence360™. We specialise in solutions regarding compliance, working as trusted partners to businesses and institutions across the globe. While CRI® may not offer the ABMS certification, we offer other services. Our experts work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

The DueDiligence360™ reports help organisations comply with anti-money launderinganti-bribery, and anti-corruption regulations. This service also proves beneficial ahead of a merger, acquisition, or joint venture. It can be used for a third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. Identifying key risk issues clearly and concisely helps enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.

Why not consider our background investigative solutions? 

Firms spend thousands, even millions, to brand their products and services – it only takes one bad hire to cause a loss of capital and reputation. Employee Background Checks can aid in reducing the risk of hiring an employee who does not live up to their supposed skill set and could cause irrevocable damage. It can cause a business to fail, especially if the employee holds malice toward the organisation. EmploySmart™ is CRI® Group’s solution to expose vulnerabilities and threats within your organisation. Much like the ISO certification, our EmploySmart™ is a risk management measure that can be used to significantly reduce business and financial crime, fraud and malpractice within your workplace.

Our solutions are also certified by the British Standard Institute BSI for the scope of BS 7858:2019 Screening of individuals working in a secure environment, Code of practice (the only BS 7858 certified background screening services provider in the UAE and across the Middle East); and BS 102000:2018 Code of practice for the provision of investigative services.

Another risk management solution to consider from CRI® is our Third-Party Risk Management solution (TPRM), also known as 3PRM™. In the wake of the global pandemic, the 3PRM-Certified™ was developed to aid organisations in accurately determining the legal compliance, financial viability, and integrity levels of external parties, vendors, and customers who seek to be affiliated with and represent the business.

The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on the targeted parties. This highly thorough program reveals anti-corruption, compliance and risk management discrepancies associated with the international regulatory framework helping your business flourish at any scale. Find out more about CRI® Group’s Risk Management Solutions.

If you’re unsure what solution may be best for you and your business, how about connecting with one of our experts for a free consultation? Receive tailored advice from the top analysts and investigators across the globe.

اتصل بنا

Structure of ISO management system standards

The International Organization for Standardization (ISO) defines a management system as a set of procedures an organisation needs to follow to meet its objectives. A management system standard provides a model to follow when setting up and operating a management system. Some of the top-level benefits of a successful management system include:

  • Enhanced use of resources;
  • Improved risk management; and
  • Increased customer satisfaction by meeting product/service expectations

ISO has published many management system standards for topics ranging from quality and environment to information security and business continuity management. For this reason, and to help accomplish their business objectives, most organisations have more than one management system standard in place. With this comes a need to integrate and combine the standards effectively because uncoordinated systems take up extra time and resources.

Most organisations have more than one management system standard. Existing management system standards often have different structures, requirements and terminology, so integration is challenging. Uncoordinated systems take up extra time and resources. At CRI® Group, we can help you address this problem. Adopting these standards together in an integrated way will produce less duplication, confusion, and misunderstandings by ISO 31000, ISO 37001 and ISO 19600.

Management system auditors use a core set of generic requirements across disciplines and industry sectors. In the future, all ISO management system standards will have the same high-level structure, identical core text, as well as common terms and definitions:

Clause 1: Scope

It sets out the intended outcomes of the management system. The outcomes are industry-specific and should be aligned with the organisation’s context (see clause 4).

Clause 2: Normative references

This section provides the reference standards or publications relevant to the particular standard.

Clause 3: Terms and definitions

The clause explains terms and definitions applicable to the specific standard and any formal related terms and definitions standard.

Clause 4: Context of the organisation

Clause 4 has four subclauses: 4.1) Understanding the organisation and its context; 4.2) Understanding the needs and expectations of stakeholders; 4.3) Determining the scope of the management system; and 4.4) The management system. The section describes why the organisation exists. The organisation needs to identify internal and external issues that can impact its intended outcomes and all stakeholders and their expectations. It also needs to document its scope and set the boundaries of the management system.

Clause 5: Leadership

Top management is accountable for all management systems. They need to integrate the management system into the core business process, ensure the system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the system to heighten employee awareness and involvement. Clause 5 has three sub-clauses: 5.1) Leadership and commitment; 5.2) Policy; and 5.3) Organisational roles, responsibilities and authorities.

Clause 6: Planning

Having identified risks and opportunities, the organisation needs to specify how these risks will be managed. The management system’s objectives should be measurable, monitored, communicated, aligned to the system’s policy and updated when needed. This proactive approach replaces preventive actions and reduces the need for corrective actions later. Clause 6 has two sub-clauses: 6.1) Actions to address risks and opportunities, and 6.2) Management system objectives and planning to achieve them.

Clause 7: Support

After addressing the context, commitment and planning, organisations need to look at the support needed to meet their goals and objectives. This includes resources, targeted internal and external communications, and documented information that replaces previously used terms such as documents, documentation and records. Clause 7 has five sub-clauses: 7.1) Resources; 7.2) Competence; 7.3) Awareness; 7.4) Communication; 7.5) Documented information.

Clause 8: Operation

The bulk of the management system requirements specific to the topic under consideration is within this single clause. Clause 8 addresses both in-house and outsourced processes. In contrast, overall management of the process includes adequate criteria to control these processes and ways to manage planned and unintended change. Clause 8 has only one sub-clause: 8.1) Operational planning and control.

Clause 9: Performance evaluation

Decisions are required on how performance will be monitored, measured, analysed and evaluated. Internal audit activities are part of the process to ensure the management system conforms to the organisation’s requirements and is successfully implemented and maintained. Management review evaluates whether the management system is suitable, adequate and effective. Clause 9 has three subclauses: 9.1) Monitoring, measurement, analysis and evaluation; 9.2) Internal audit; 9.3) Management review;

Clause 10: Improvement

The requirement for continual improvement in performance and enhanced delivery of stakeholder expectations should be embedded in all management system standards. Clause 10 has two sub-clauses: 10.1) Non-conformity and corrective action, and 10.2) Continual improvement. Clause 10 looks at ways to address non-conformities and corrective action, as well as strategies for improvement continually.

At CRI® Group, our experts can help your organisation implement ISO 37001, ISO 31000, and ISO 19600 seamlessly integrate these management systems. This is the most effective way to reap the benefits of these world-class standards, with Training and best practices that position your organisation to mitigate risk and create actionable systems for increased success.

What are the ISO certification & Training benefits?

When your organisation decides to become certified in ISO 37001, ISO 31000, and ISO 19600, numerous benefits come with implementing these management standards.

  1. Get government tenders: ISO certification is now required in most government tenders.
  2. Build credibility internationally: ISO certification helps your organisation gain credibility to build an overseas business.
  3. Better customer satisfaction: ISO standards enable an organisation to serve their customers better and increase customer satisfaction. ISO certification enhances customer satisfaction by meeting customer requirements.
  4. Improve product quality: Since product quality matches the international level, this can reduce the risk of order rejections due to the flaw in the product.
  5. Improve business efficiency: ISO certification implementation enhances the functional efficiency of an organisation. ISO implementations help you manage your resources effectively, as you become able to use all your resources to their maximum extent. ISO certification helps you develop SOPs and work Instructions for all your processes.
  6. Improve marketability: ISO certification helps improve business credibility with current and new clients, which leads to creating a niche market for your business.

Our ISO solutions (certification and Training) are offered through our ABAC® Center of Excellence. Powered by CRI® Group, ABAC® educates, equips and supports the world’s leading business organisations with the latest best-in-practice risk assessments, performance assessments, systems improvement and standards certification. Find out how ABAC® can help your business! 

Address bribery and corruption in all its forms with ISO 37001 Anti-Bribery Management System

To help combat the threat of bribery and corruption, ISO issued the ISO 37001:2016 Anti-Bribery Management System (ABMS) standard to help businesses, nonprofits, and governmental agencies reduce their risk of bribery and corruption by establishing, implementing, maintaining and improving an anti-bribery management system. This is critically important, as bribery and corruption can lead to criminal punishments, fines, regulatory action, lowered employee morale and damage to reputation.

The benefits are immediate when an organisation decides to move forward with ISO 37001 Anti-Bribery Management System training and certification. That’s because ISO 37001 puts methods in place that do the following:

  • Ensure that your organisation is implementing a viable anti-bribery management system using widely accepted controls and systems.
  • Give your company the tools it needs to prevent bribery and mitigate related risks.
  • Provide assurance to management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption.
  • Help your company create better business partnerships with entities that recognise your certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances.
  • Potentially reduce corporate insurance premiums.
  • Provide your customers, stakeholders, employees and partners with confidence in your business operations and ethics
  • Provide a competitive edge over non-certified organisations in your industry or niche
  • Provide acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption

ISO 37001 certifies that your organisation has implemented reasonable and proportionate measures which prevent, detect and respond to bribery and comply with anti-bribery laws, internally and externally (i.e. agents, consultants, suppliers, distributors and other third parties). These measures involve top-level leadership, Training, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit and investigation. Learn more about ISO 37001 standard today. Learn more about ISO 37001 ABMS

Leverage ISO 31000:2018 to improve your business continuity management program

ISO developed the 31000:2018 Risk Management Standard to help organisations address operational continuity and provide confidence and reassurance in your organisation’s economic resilience, professional reputation and environmental and safety outcomes. Like most ISO management standards, ISO 31000 can be tailored to your organisation to help achieve the best results. ISO 31000 Risk Management provides principles, a framework and a process for managing risk. Public, private, and community enterprises can all benefit from ISO 31000 because it covers most business activities, including research, planning, management and communications. Implementing ISO 31000 can help organisations increase the likelihood of achieving objectives, identify opportunities and threats and effectively allocate and use resources for risk treatment.

Being ISO 31000 certified means protecting your organisation from potential risks that could endanger the operational efficiency, governance, and stakeholders’ confidence. It will help strengthen and achieve the strategic objectives of your organisation by establishing a risk-based system of values, enabling your organisation to:

  • Enhanced risk management will support achieving goals & objectives
  • Reduce costs through proper risk management
  • Respond to change effectively & find viable solutions
  • Create and protect the value
  • Create a consistent basis for decision making & planning
  • Increase the likelihood of achieving objectives
  • Productively identify the opportunities and threats
  • Identify and mitigate the risk throughout the organisation
  • Gain stakeholder confidence and trust

Learn more about ISO 31000 Risk Management standard with our free playbook!

ISO 37301 standard provides a clear and comprehensive description of what the compliance function should be responsible for

ISO 37301:2021 provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an organisation’s compliance management program. It covers all compliance-related issues, including anti-trust, fraud, misconduct, export control, anti-money laundering, and other unexpected risks which might affect your business.

The standard acts as a global benchmark for effective and responsive compliance management programs based on good governance and transparency principles. The guidelines set forth by the standard are applicable to all types and sizes of organisations and aren’t restricted by industry, risk exposure or geographic reach. The guidelines set forth in the internationally accepted ISO 37301 Compliance Management Systems represent the first step in developing a framework that protects the organisation from falling victim to the many risks associated with corporate bribery and/or corruption. ISO 37301 standard provides a clear and comprehensive description of what the compliance function should be responsible for:

  • Identifying compliance obligations and translating those obligations into actionable policies and procedures
  • Integrating compliance obligations into existing practices and procedures
  • Analysing performance to identify the need for corrective actions
  • Providing or organising ongoing Training and support for employees regularly
  • Establishing compliance performance indicators, monitoring and measuring compliance performance
  • Providing objective advice to the organisation on compliance-related matters
  • Putting in place a compliance reporting & documenting system
  • Ensuring the compliance management system is reviewed regularly.
  • Developing & implementing processes for managing information (i.e. hotlines, whistleblowing reporting systems & other mechanisms)
  • Providing employees with access to resources on compliance procedures & references
  • Ensuring there is access to appropriate professional advice in the establishment, implementation and maintenance of the management system
  • Promoting the inclusion of compliance responsibilities into position descriptions & employee performance-management processes
  • Identifying compliance-related risks & managing resulting compliance obligations relating to third parties (i.e. suppliers, agents, distributors, consultants & contractors)

ISO 37301 Compliance Management Systems

Other Solutions

CRI® Group’s unique identity and vision evolved from our fundamental desire to support our clients and their candidates, thus creating the DueDiligence360™. While CRI® may not offer the ABMS certification, we offer other services. We specialise in solutions regarding compliance, working as trusted partners to businesses and institutions across the globe. Our experts work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

The DueDiligence360™ reports help organisations comply with anti-money launderinganti-bribery, and anti-corruption regulations. This service also proves beneficial ahead of a merger, acquisition, or joint venture. It can be used for a third-party risk assessment, onboarding decision-making, and identifying beneficial ownership structures. Identifying key risk issues clearly and concisely helps enhance your knowledge and understanding of the customer, supplier, and third-party risk, helping you avoid those involved with financial crime.

Why not consider our background investigative solutions? 

Firms spend thousands, even millions, to brand their products and services – it only takes one bad hire to cause a loss of capital and reputation. Employee Background Checks can aid in reducing the risk of hiring an employee who does not live up to their supposed skill set and could cause irrevocable damage. It can cause a business to fail, especially if the employee holds malice toward the organisation. EmploySmart™ is CRI® Group’s own solution aiming to expose vulnerabilities and threats within your organisation. Much like the ISO certification, our EmploySmart™ is a risk management measure that can be used to significantly reduce business and financial crime, fraud and malpractice within your workplace.

Our solutions are also certified by the British Standard Institute BSI for the scope of BS 7858:2019 Screening of individuals working in a secure environment, Code of practice (the only BS 7858 certified background screening services provider in the UAE and across the Middle East); and BS 102000:2018 Code of practice for the provision of investigative services.

Another risk management solution to consider from CRI® is our Third-Party Risk Management solution (TPRM), also known as 3PRM™. In the wake of the global pandemic, the 3PRM-Certified™ was developed to aid organisations in accurately determining the legal compliance, financial viability, and integrity levels of external parties, vendors, and customers who seek to be affiliated with and represent the business.

The 3PRM-Certified™ program consists of gap analysis and investigative due diligence on the targeted parties. This highly thorough program reveals anti-corruption, compliance and risk management discrepancies associated with the international regulatory framework helping your business flourish at any scale. Find out more about CRI® Group’s Risk Management Solutions.

If you’re unsure what solution may be best for you and your business, how about connecting with one of our experts for a free consultation? Receive tailored advice from the top analysts and investigators across the globe.

اتصل بنا