Six stages are indentified for Bribery Risk Assesment Process

1 Leadership Commitment and Oversight

2 Plan, Scope and Mobilize

3 Gather Information

4 Identify the Bribery Risks

Evaluate and Prioritise Bribery Risks

5
6 Use the Output of Risk Assesment
ntified for Bribery Risk Assesment Process
Provide broad oversight
Assign responsibilities
Allocate appropriate resources
Set control objectives
Form a planning team which should consider:
Bribery scope
Organizational scope
Organizational buyin
Appropriate resources
Sources of information
Documentation of risk assesment process
Desktop research:
Due delligence reports on third parties
Internal audit reports
Allegation reports
Investigation reports
Finding from compliance reviews
Employees opinion surveys
Address threats to information gathering
Get different perspectives
Asses quality of information
Design the register:
Identify activities subject to bribery and related risk
factors
Identify bribery schemes/channels

The risk evaluation stage assesses and prioritises the

bribery risks identified in the risk register prepared in
stage 4. Common practice is to apply two variables to
prioritise risks: likelihood of occurrence and the potential
adverse impact.
Risk Weightage : Likelyhood x Adverse Impact (Each factor
weightage 1-3)
Weightage : 1-3 Low, 4-6 Meium , 7-9 High
Likelyhood of occuracne is dependent on presence of Risk
Factors
Adverse impact depends on aspects like financial loss,
reputation, fines etc
Produce a prioritised list of bribery risks to be mitigated
Results of risk assessments are applied to a review the
extent to which existing controls need modification or
additions.:

Map the risks against existing controls

Identify gaps
Design and implement controls to mitigate the risks
Activities indentified as vulnerable to bribery
Sales and marketing
1

Procurement and contracting:

Project management

Supply chain management

Human resources

Corporate affairs

Facilities and assets management:

Financial functions
Financial trading and service

Mergers and acquisitions

Safety and quality managem

Research and development

Security

Goods inwards

Functions where regulatory

licenses or critical services
are required
bribery
Bribes made to win orders or to gain insider information such as
specification of tender specifications before they are released for
tendering

Contracts awarded to a supplier who then pays a kickback to reward

the buyer who made the decision.

On projects, the majority of the funds for paying a kickback

have to be generated through the implementation of the
project in ways such as rush orders, changes of
specification, substitution of inferior materials

Acceptance of bribes from suppliers and intermediaries,

payment of bribes in logistics, obtaining regulatory
approvals, port and canals clearances.

Bribes paid to human resources employees or

outsourcing contractors to influence recruitment,
appointments, promotions and disciplinary actions.

Bribery of public officials to circumvent regulations

related to human resources practices or quotas for local
nationals or members of certain local tribes or
communities.

Human resources is complicit with sales and marketing

to favour employment of customers’ relatives.
Bribery of or by union officials.

Undue political engagement, donations to politicians and

political parties

Bribes received by employees for awarding contracts or

providing access to facilities and assets.

Bribes paid to officials to obtain planning permission or

supply of utilities.
Assets used to influence public officials.

Bribes received for providing personnel and other

information, or enable criminality such as data theft, fraud
or robbery
Bribes received to steer recommendations for products and
suppliers, insider trading.

Bribery to obtain insider information, provide favourable

terms.

Acceptance of bribes to falsify records or overlook non-

compliance.

Bribery of researchers to falsify results or of officials to

obtain regulatory approvals.

Bribery to circumvent the company’s security controls, or to

provide information such as data on customers or research
and technology information.

: Bribes to falsify documentation such as falsely certifying

goods

Bribery of officials to obtain approvals or other services.

Examples include research and development (testing and
approval of drugs), telecommunications, casinos and
lotteries, facilities management (water, power, building
and plant planning approvals).
An external or internal circumstance that could make it more likely that bribery will occur; for example, the country

Risk Factor Description

Country Risk TI.'s CPI measures perceptions of corruption of public officials. It

does not measure country corruption nor corruption of the private
sector.

Certain business sectors typically have been associated with higher levels of brib

Sector Risk

Activities with high value or critical significance such as award of a

Incentives major infrastructure project, telecommunications licence, mining
concession, regulatory or planning approval can create incentive
for bribery.

Complexity will often go hand in hand with higher transaction

value. Complexity may arise because of the number of parties
involved in a project, including consortium partners, sub-
contractors, intermediaries or similar. The more third parties
involved, the higher the risk that one or more of them could act in a
Complexity manner which creates legal – or at least reputational – exposure for
the company. Alternatively, complexity may relate more to the
duration and/or number of phases of the project in question. The
more complex the project itself in terms of inputs, interactions,
phases and/or outputs, the greater the potential for breakdowns in
accountability and control over expenditures at some point.

The legal and regulatory framework for jurisdictions in which the

Legal Risks company operates can be seen as a risk factor to be accounted for.
Broadly, anti-bribery approaches are quite similar across
jurisdictions but there can be significant local variations which may
bring risks and will require tailoring of policies and procedures.
 Many of the major bribery scandals have involved the use of third
Third Parties parties, especially sales agents and consultants and many
companies decide to no longer use sales agents because of their
attached risks. As such, use of high risk forms of third parties
should be included in the list of risk factors.

In many countries, any dealing with government officials is likely to

carry a higher level of risk. Laws that comply with the OECD Anti
Bribery Convention, such as the UK Bribery Act and the FCPA, have
explicit prohibitions on the bribery of foreign public officials. One of
the challenges – which must be addressed as part of the risk
assessment exercise – is to identify who is a government official.
Interaction with Public officials This may not be absolutely clear-cut in some countries where there
is a degree of uncertainty about whether particular organisations
belong in the public or private sectors. The risk assessment should
identify the extent of government business or other interactions
with the government such as licence or regulatory applications and
where this is located to help determine the significance of the risk
factor.
or example, the country of operation

Likely Impact
Context of the organization’ is the clause that underpins the rest of the standard. It gives an organizati
environment that impact its ability to achieve ABMS objectives.

S No Factors Description

1 the size, structure and delegated An org can be small, medium or large,
decision-making authority of the similarly it could have a vertical (functional or
organization divisional) or Matrix (combines functional and
divisional to create dual command) structure.
Typically a small organization with verticle
structure has less possibility for bribery cases.
Delegated decision making authority in a low
trust country generally gives rise to possibility
of bribery

2 the locations and sectors in which Transparncy International CPI score of

the organization operates or different countries is generally indicative of
anticipates operating possibility of incidents of bribery to take place
in a country. Similarly some of the sectors
like oil & gas and large construction projects
are known to have much higher bribery
possibility as compared to a retail business

the nature, scale and complexity of The type of product and services sold by a
the organization’s activities and company also impacts the possibility of
operations bribery cases to take place. If the companies
deals in high value products or services the
possibility of bribery incidents would be high.
Similarly the more the complexity of
operations, the higher the chances of bribery
incidents
3 the organization’s business model Business model refers to an organization's
core strategy for making profits. It inclues
products and services, target customer and
associated costs. For example a company
may be selling large number of comparatively
low value products to a large number of
consumers like Toyota cars and another
company may be selling neiche products to a
selected customer group like Mercedez cars.
Low volume of high value carries higher
possibilities of bribery incidents

4
the entities over which the
organization has control and
entities which exercise control
over the organization

5 the organization’s business Large number of customers with low valued

associates products pose less risk. Suppliers with a very
large scope of work, or which could be in
contact with the organization’s clients,
customers or relevant public officials, can
pose a “medium” or “high” bribery risk.
Intermediaries and sales agents generally
carry higher bribery risk.

6 the nature and extent of Examine the nature and frequency of

interactions with public officials interactions with domestic or foreign public
officials who can pose a bribery risk, e.g.
interactions with public officials responsible
for issuing permits and approvals can pose a
bribery risk

applicable statutory, regulatory, Examine applicable statutory, regulatory,

contractual and professional contractual and professional obligations and
obligations and duties duties, e.g. the prohibition or limitation of
entertainment of public officials or of the use
7 of agents
d. It gives an organization the opportunity to identify and understand the factors and parties in heir

ISS Case Likey Impact on ABMS Objectives

ISS is a small organization with a functional Low to Medium

structure. The final authority for approval of
a Contract for Procurement and Sale of Goods
or Services rests with the CEO.

ISS is located in a low risk country Low

The contracting services peformed by ISS are Medium to High

relatively complex and generally can involve
intermediaries or partners
ISS carries out direct sale of products, High
undertakes projects including equipement
and services and provides services for
maintenance and project management in Oil
& Gas which is inherently a high risk sector

ISS operates indepently and does not control NA

and is neither answerable to any entity

ISS business associates include Suppliers,

Clients, Intermediaries and Project Partners

ISS does not have business related contact Low

with the public officials. However, it has to
interact with public officials in relation to its
import/export of equipement, liecencing and
taxation etc

ISS carries out its business according to DMCC Low

Company Regulations 2020, Employment
Rules and Licencing Rules
s in heir

Likely Impact on ABMS

KPITB Case
Objectives
KPITB is a small organization with a
funcational structure. (Please add
delegated authority aspect)

The org is located in high risk country.

However it does in operate in a high
risk sector

The company provides IT solutions to

public sector departments of KP Govt.
It is also helps private sector to develp
IT education and setup IT industry as
business venture
KPITB does not sell any product nor it
operates for profit

Being a public sector org KPITB follows

KPPPRA Rules for procurment and
contracting

KPITB has interaction with own public

for budget and approval of major
projects. Our org also occassionally
interacts with foreign public officials ?
Risk ID Risk Area (Activity) Risk Description

Kickbacks received from suppliers for

Procurement of materials and undue favour in award of purchase order
equipement

Contracts awarded to a bidder who then

pays a kickback to reward the buyer who
Contracting various projects
made the decision

Bribes made to customers for undue

Sales and Marketing
favour to win orders

Kickbacks generated through

implementation of the project such as
Project Management rush orders, changes of specs and use of
inferior material

Accepting of bribers from suppliers and

intermediaries, payment of bribes in
Supply Chain Management logistics, obtaining regulatory approvals
or port clearance

Bribes paid to HR employess or out-

sourcing contractors to infulence
recruitments, bribery to public officials
Human Resource Function to circumvent regulations, employment
of customers' relatives in conavnce with
Sales, bribery of or by Unions

Undue political engagement, donations

Corporate Affairs
to politicians and political parties

Bribes received for providing personnel

Financial Function and other information, or enable
criminality such as data theft
Bribes received to steer
recommendations for products and
suppliers, insider trading

Safety and Quality Acceptance of bribes to falsify records

Management or overlook non-compliance.
 Bribery of researchers to falsify results
Research and Development or of officials to obtain regulatory
approvals.

Bribery to circumvent the company’s

security controls, or to provide
Security Function information such as data on customers or
research and technology information

Bribes to falsify documentation such as

Warehouse Function falsely certifying goods received or to
allow deliveries at the goods inward gate
to jump the queue

Bribes received for awarded contracts or

Facilities and Assets misuse of facilities/assets. Bribes paid to
Management obtain planning persmission or utilities.
Assets used to influence public officials
 Bribery Risk Assesment Template
Risk Weightage
Risk Factor Likelyhood Impact on the Org
(Likelyhoodx Impact)

Higher bribery CPI country,

non ISO 37001 certified
suppliers, public sector org 2 3 6

Higher bribery CPI country,

non ISO 37001 certified
contractors, public sector 9
org

Higher bribery CPI country,

non ISO 37001 certified
contractors, public sector 4
org

Higher bribery CPI country,

political ifluence, public
sector org
6

Higher bribery CPI country,

public sector org 4

Higher bribery CPI country,

non ISO 37001 certified
suppliers, public sector org 6

Higher bribery CPI country,

public sector org 4
Higher bribery CPI country,
public sector org, non ISO
37001 certified suppliers P 4

Higher bribery CPI country,

public sector org
bery Risk Assesment Template

Business Unit/Funcition Associated Parties Existing Controls Gap Indentification

Procurment Suppliers, Contractors

 Mitigating Controls
Policies and Procedures Training and Communication Monitoring and Review
Records to be Maintained
 Effective financial controls restrict opportunities for usi
cash or other assets for bribery

Principal Financial Controls Purpose

Checks and balances are an important part of
Checks and Balances financial controls as they ensure accuracy, reduce
errors and prevent improper behavious

Cash Controls Preventive

Detective

Bribery scandals have frequently involved

No off the Books Accounts payments out of ‘slush funds’ i.e., funds that have
been accomulated in bank accounts from
commissions, kickbacks or other receipts and not
recorded in official books.
 Risks can also arise in relation to ‘shell
companies’ and special purpose entities

Payment in another jurisdiction may be an

No off-shore Payments indicator of improper activity and potential
money laundering

Controlling access and use of physical assets to

Control of Assets prevent theft, improper use, bribery and
corruption

Accurate accounting and record keeping is of the

utmost importance to the anti-bribery
programme as it allows checks to be made that
proper procedures are followed. It can also
provide documentary evidence in the case of
investigations or court proceedings undertaken
Accurate Books and Records to enforce anti-bribery policies and laws
Third Parties
The company’s controls will only be as good as
those of its third parties.
financial controls restrict opportunities for using the company’s
cash or other assets for bribery

Key Checks and Balances

• Assignment of authorities: Designation of the scope of
authority.

• Separation of functions: Internal checks should be maintained

to ensure that no one employee has responsibility for more
than one step in a transaction from completion to review.
Operational functions should be kep separate from record
keepting functions (recording transactions and reconciling
accounts). Purchasing functions should be kept separate from
payables functions

• Counter signatures.
• Financial thresholds for approvals.

• Eliminate cash use wherever possible.

• Restrict access to cash to named personnel.
• Set an upper limit on the value of physical cash held.
• Use company credit cards for the payment of expenses.
• Set limits on individual transaction values.
• Control cash per diems (daily allowances for expenses). Where
they are required by a public official, specify the lelvel of per
diems in the contract and require receipts fro the officials

• Document expenses and any other cash transactions.

• Control petty cash.
o Set limits on the types of expenditure that can be paid from
petty cash.
o Include payments from petty cash in company books and
records such that there is an
accurate document trail of the substance of the transactions.
o Obtain and file receipts and other supporting documentation
for all payments made from petty cash
• Regular reconciliations of petty cash balances and physical
counts of cash.
• Review of petty cash reconciliations by a senior person.
• Scrutiny of unauthorised or undocumented cash payments.
• Carry out spot checks of petty cash held and the associated records.

All transactions should be recorded in official books

Regular bank accounts reconciliations

Independent checks on bank accounts
Controls are also needed in relation to the approval process for
discounts, rebates and credit Notes outside the sales function

Payments for transactions should be in the country of location

of the responsible business unit

Controls should be implemented during the process of on-

boarding of third Parties including identification of the location
of the relevant bank accounts

Controls should be implemented in relation to the use,

movement, write-off or deaccession of assets and inventory

There should be a procedure for approval and tracking of assets.

Documented checks should be carried out to ensure that the

procedure is working

• Books should be maintained on a current basis.

• Transactions should be recorded chronologically and

supported by original documents which can be cross-referenced
in relation to each stage of the workflow or transaction.

• Ideally there should be a comprehensive automated filing

system although in practice, companies may find this hard to
achieve as it can be difficult to consolidate a mix of automated
systems but also because of the scale of the task of maintaining
comprehensive records.

• The aim should be that an audit trail of each transaction from

origin to completion is provided.
• Ensuring compliance with anti-bribery rules follows largely the
same process as that used for
combating fraud.
• Initiating the transaction, the physical handling of goods and
of cash, authorising or receiving payments and recording the
transaction in the books of account should be performed by
different employees. This procedure is normally described as
segregation of duties.

• Spot checks on the internal accounting control process should

be part of the supervisory function in the purchasing, sales,
stores, production and accounting departments.
Third party contracts should require that adequate anti-bribery
controls are in place and that the company has the right to
inspect books and records, and to carry out inspections and
audits including spot checks
The company should carry out due diligence and monitoring of
high risk third parties including checks on the design and
implementation of their anti-bribery programmes.
Some of the ways in which bribery is given or received are :

Gifts and Hospitality

Political Engagement
Sponsorship, Donations,
Communty Investments
Managing Third Parties
Contractors and Supplilers
n which bribery is given or received are :
Gifts and hospitality and travel expenses (together called ‘promotional expenses’ in this
section) are a high-risk area for bribery and have figured in a large number of FCPA cases.
They present a challenge for companies to manage as most laws do not define boundaries
while in many societies there are deep-rooted customs relating to gifts and hospitality.

Best practice permits promotional expenses where they are transparent, proportionate,
reasonable and bona fide. If companies follow this approach such expenditures are unlikely to
be considered an offence by authorities or criticised by stakeholders. However, companies
must ensure they have implemented adequate policies and procedures and tested their desig
against stakeholder expectations and applicable laws.

Key elements
Set limits: The company should place an upper limit for the values of gifts, entertainment or
expenses that can be received or given, such values being nominal and appropriate to genera
business practice. The financial limits are proportionate in value to the markets in which the
gift or hospitality is being offered or taken. A matrix of values for gifts, hospitality and
expenses will help in tailoring the programme to cultures, varying economic differences, and
country and/or sector corruption risk.

Public officials: Close attention should be given to promotional expenses given to public
officials. This includes requiring prior approval for expenditures that present concerns or
uncertainties, expenditures involving public officials and employees of state-owned
enterprises.
Training: Employees should receive communications and training which include training on
gifts, hospitality and expenses and ideally role playing exercises. Tailored training is given to
functions most at risk such marketing, purchasing and corporate affairs.

Companies engage with the political process with the aim of benefiting the business and
meeting the interests of stakeholders. Companies may, for example, be seeking to improve
the business and economic environment, create new markets and opportunities, and improve
modify or even prevent commercially damaging legislation.
Despite the strong business case, corporate political engagement is a significant risk area for
bribery and corruption, and public perceptions of lobbying and corporate influence in the
political process threaten reputational damage. The consequences of improper, negligent or
inadvertent engagement in political activities can be substantial. This includes exchanges of
people between the public and private sector, such as secondments or senior hires (the
‘revolving door’). Careful stewardship and transparency about these activities are needed to
ensure there is no attempt at improper influence and that therefore stakeholder trust is not
lost.

Amid growing legislation and pressure from investors, often sparked by political scandals,
companies are becoming increasingly transparent about their political activities. Many
companies have prohibited political contributions, and some are beginning to participate in
policy debates more openly, for example by including government consultation submissions o
their website.

The foundation of this guidance is that responsible corporate political engagement is carried
out within a framework of good corporate governance and commitments by the board to
integrity, accountability and transparency. By designing and implementing policies and
procedures, companies that interact with the political process can ensure their activities
contribute to the democratic process, benefit their business, and are carried out with integrity

Key elements
Ensure the board has oversight of the company’s political engagement and the CEO or a
senior manager has responsibility for managing political activities as a whole.

Integrate the approach to managing all forms of political activity, even where different
functions are responsible for different activities.

Be transparent about your principles, policies and procedures for political engagement, as we
as your public policy positions, political donations and lobbying activities.

Charitable donations, community investments and sponsorships can all be used as bribes.
They can be made to support the pet cause of a public official with decision-making power
over contracts or regulations that affect the company. They can be used to channel funds to
front organisations controlled by a bribery recipient. They also present opportunities for
employees to make inflated donations or sponsorship fees and receive money back from the
recipients as kickbacks. Bribery can be difficult to detect due to the absence of benchmarks o
‘market rates’ in many instances.
Charitable donations, community investments and sponsorships differ in their form and
purpose. Donations and community investments are given without expectation of a tangible
business return, although the fact that community investments are often tied to specific
contracts, providing support to project-affected communities, results in a heightened bribery
risk. Sponsorships, on the other hand, are a marketing expense. In anti-bribery practice,
though, they are often dealt with together as many of the controls are the same.

Key elements
Have a strategy for making donations and sponsorships and ensure that all proposals fit withi
the strategy and meet established criteria.

Conduct due diligence on all proposed recipients to check whether they are affiliated with
public officials or existing or potential customers, among other anti-bribery red flags.

Implement controls, including approval thresholds and counter-signatures, to counter the risk
of kickbacks. Monitor payments and check that procedures are being followed.

Be transparent about your donations and sponsorship strategy, procedures and, where
possible, payments.

Third parties can represent a considerable bribery risk for companies. They may not operate t

Key Elements:
Integrate: Develop and implement a risk based, integrated and consistent approach to anti-
bribery management of third parties across the company’s operations. Clearly assign
responsibilities for each stage of the company's relationship with its third parties.

Due Diligence: Collect, analyse and store relevant information about all your third parties,
including their ownership, how they operate, their integrity and anti-corruption standards and
any significant bribery and corruption risks.

Be systematic: Apply a comprehensive and consistent approach to registering, conducting

due diligence on and appointing third parties and to the management and monitoring of the
relationship.
Focus on your highest risks: Based on risk assessments, categorise and segment your thir
parties by risk. Focus your due diligence and other anti-bribery efforts on the highest risk thir
parties.
Build trust and constructive relationships: Aim to develop an environment in which
integrity can be fostered and bribery countered.
Procurement and contracting are high-risk areas for corruption. Corrupt employees in the
procurement and contracting function may solicit or accept bribes and kickbacks from bidders
and contractors. They can manipulate procurement processes to favour particular bidders,
disguise the basis of decisions to award contracts and even generate funds to be paid to
bidders to pay bribes or to be returned in kickbacks.

The company should ensure that it has effective procedures to counter bribery and corruption
in its procurement and contracting processes. This will include tailored training for staff,
financial controls over payments to contractors. The company should also communicate the
anti-bribery programme to contractors and suppliers, and include anti-bribery provisions in
contracts, and conduct rigorous monitoring of transactions and high-value contracts.

Key elements:
Publicly commit to fair trading and demonstrate your commitment through your procedures
to deter corrupt bidders from participating company tenders.

Conduct due diligence on prospective bidders to identify red flags for bribery and corruption

Implement consistent and transparent review processes for major contracts to ensure they
have not been awarded based on bribery.

Monitor contracting processes, decisions and transactions to identify red flags for collusion
between bidders and procurement staff.