1
AUDIT REPORT – READINESS FOR ASSESSMENT ISO37001:2016
ORGANISATION:AUDIT REPORT
AND
TECHNICAL REPORT
ON THE EXTENT OF COMPLIANCE WITH
ISO37001:2016
DATE:
ORGANISATIONCompany name:
Registered address:
Head office address:
Name and address of production site:
ACTIVITY AND PRODUCT OR SERVICE SUBJECT TOAUDIT:
AUDIT / Type Start date: End date:
AUDIT TEAM / POSITION
TeamLeader
Co- Teamer
Co- Teamer
OUTCOME OF THE AUDIT
The contents of this report, the notes issued during the audit and the information acquired in support of the report will be treated as strictly confidential and will not be divulged outside the organisation.
The audit was subject to time limits, reduced scope and sampling techniques.
As a consequence, the lack of comments in some areas or relating to elements of the Anti bribery Management System does not necessarily imply compliance with the requirements pertaining to the audit.
The documentation examined, interviews made during the on-site inspections, the excellent training of those in charge of sensitive process for Antibribery, the interest shown by all the professional figures involved place, on the basis of the analysis methodology adopted, Organisation X at a level of compliance with the international standard ISO37001:2016 equal to the numerical percentage index % (percentage value in letters) thus highlighting a difference of the numerical percentage index %.
The difference highlighted is in part due to deficiencies of a documentary nature (documents and/or operating procedures required by the reference standard are missing and/or are to be integrated); the organisation must consider that once the ABMS documentation is in order, its implementation is not only fundamental but must also be supported by objective evidence.
One of the advantages derived from possible certification according to the international standard ISO 37001:2016 is without doubt the continuous monitoring by a third party of the state of compliance with the legislation in force.
COMPANY REPRESENTATIVES / POSITIONSUMMARY OF ASSESSMENT
ORGANISATION’S REFERENCE DOCUMENTS / NOTES0 / DESCRIPTION OF REQUIREMENTS AND ASPECTS CHECKED
4.1 / Understanding the organization and its context
4.2 / Understanding the needs and expectations of stakeholders
4.3 / Determining the scope of the anti-bribery management system
4.4 / Anti-bribery management system
4.5 / Bribery risk assessment
5.1 / Leadership and commitment
5.1.1 / Governing body
5.1.2 / Top management
5.2 / Anti-Bribery policy
5.3 / Organizational roles, responsibilities and authorities
5.3.1 / Roles and responsibilities
5.3.2 / Anti-Bribery compliance function
5.3.3 / Delegated decision-making
6.1 / Actions to address risks and opportunities
6.2 / Anti-bribery objectives and planning to achieve them
7.1 / Resources
7.2 / Competence
7.2.1 / General
7.2.2 / Employment process
7.3 / Awareness and training
7.4 / Communication
7.5 / Documented information
7.5.1 / General
7.5.2 / Creating and updating
7.5.3 / Control of documented information
8.1 / Operational planning and control
8.2 / Due diligence
8.3 / Financial controls
8.4 / Non-financial controls
8.5 / Implementation of anti-bribery controls by controlled organizations and by business associates
8.6 / Anti-bribery commitments
8.7 / Gifts, hospitality, donations and similar benefits
8.8 / Managing inadequacy of anti-bribery controls
8.9 / Raising concerns
8.10 / Investigating and dealing with bribery
9.1 / Monitoring, measurement, analysis and evaluation
9.2 / Internal audit
9.3 / Management review
9.3.1 / Top management review
9.3.2 / Governing body review
9.4 / Review by anti-bribery compliance function
10.1 / Nonconformity and corrective action
10.2 / Continual improvement
Have permanent sites been audited following a site sampling procedure? .
If YES,indicatedates,sites audited and activities carried out (add sheet if necessary):
Site addressActivity performed
Were the activities performed outside the organisation checked(i.e.service provision centres)?
If YES, indicate dates, sites and activity carried out (add sheet if necessary)
AddressActivity and/orservice performed
ORGANISATIONAUDIT REPORT N°
N°. / OBSERVATIONS / Critical / ORGANISATION’S ACTIONS1 /
2 /
3 /
4 /
5 /
6 /
7 /
Signature of Team Leader
AUDIT TEAM’S CONCLUSIONS
Information and additional notes:
SPACE FOR THE ORGANISATION
The organisation accepts the contents of the report including the attached findings(if any).
RESERVATIONS AND OBSERVATIONS
ORGANISATION REPRESENTATIVE’S SIGNATURE FOR ACCEPTANCE
SIGNATURE OF TEAM LEADER and AUDITOR / DATE AND STAMP OF COMPETENT AND INDEPENDENT AUDITOR
Technical Report on the extent of compliance
in relation to the requirements of ISO 37001:2016
INTRODUCTION
This report defines the condition of the organisation in relation to possible certification of its Antibribery Management System according toISO 37001:2016
This readiness for assessment thus defines the divergence between the system currently implemented and the requirements of the reference standard and mandatory legislation and also their level of implementation
The analysis has been conducted at:
Sito/i:Date:
METHODOLOGY
The inputs for the drafting of this report are:
1. Examination of the documentation and verification that it complies with the reference standard;
2. Compliance with the mandatory laws;
3. Sample on-site inspections in relation to the activities carried out;
4. Interviews with the personnel in charge of sensitive functions;
5. Interviews with the managers and collaborators.
The expected outputs are:
1. Indication of the level of compliance with the legal requirements applicable to the organisation;
2. Identification of the actions to be taken to enable the organisation to attain certification;
3. Identification and indication of the “pros” and any “cons” concerning the continuation of the certification activities.
The methodology adopted for the analysis is based on the recordingof all the evidence collected in the field, through both documental and operational sampling.
The criteria adopted and reference specifications were:
- Applicable legal legislation
- ISO 37001:2016
- The organisation’s internal requirements (documented information)
On the basis the evidences collected, for each clause of the standard, the maximum score achievable was established corresponding to full compliance with the clause, which is 100% of the attainment level.
Therefore, for each clause of the standard assessed the level of implementation was expressed as a percentage, thus identifying any gap to be filled.
GRAVITA’ / PUNTEGGIOASSEGNATO / STATO DI CONFORMITA’Red / 1 / Requirement not met (missing or totally inadequate)
Organge / 2 / Requirement partially met (inadequate or incorrectly managed)
Yellow / 3 / Requirement improvable (present aspect adequate but with room for improvement)
Green / 4 / Requirement fully met
The analysis was carried out by checking the documented information required by the reference standard.
At the same time, the contents of the existing documents were analysed to check their compliance with the specific clause and/or sub-clause of ISO 37001:2016.
Thus, the text of the clause and sub-clause of the standard has been reported, in tabular form with the assessment of its level of adequacy and implementation by means of comments and observations on the basis of the checks made during the on-site inspections.
INTERVIEWED PERSONNEL
Site: / Date:Nominativo / Ruolo Ricoperto
RINA SERVICES SPA _ rev.0 del 16/02/2016
1
AUDIT REPORT – READINESS FOR ASSESSMENT ISO37001:2016
Punto / Descrizione / Punteggio ottenuto / Punteggio massimo / Percentuale4.1 / Understanding the organization and its context / 4 / %
4.2 / Understanding the needs and expectations of stakeholders / 4 / %
4.3 / Determining the scope of the anti-bribery management system / 4 / %
4.4 / Anti-bribery management system / 4 / %
4.5 / Bribery risk assessment / 4 / %
5.1 / Leadership and commitment / 4 / %
5.1.1 / Governing body / 4 / %
5.1.2 / Top management / 4 / %
5.2 / Anti-Bribery policy / 4 / %
5.3 / Organizational roles, responsibilities and authorities / 4 / %
5.3.1 / Roles and responsibilities / 4 / %
5.3.2 / Anti-Bribery compliance function / 4 / %
5.3.3 / Delegated decision-making / 4 / %
6.1 / Actions to address risks and opportunities / 4 / %
6.2 / Anti-bribery objectives and planning to achieve them / 4 / %
7.1 / Resources / 4 / %
7.2 / Competence / 4 / %
7.2.1 / General / 4 / %
7.2.2 / Employment process / 4 / %
7.3 / Awareness and training / 4 / %
7.4 / Communication / 4 / %
7.5 / Documented information / 4 / %
7.5.1 / General / 4 / %
7.5.2 / Creating and updating / 4 / %
7.5.3 / Control of documented information / 4 / %
8.1 / Operational planning and control / 4 / %
8.2 / Due diligence / 4 / %
8.3 / Financial controls / 4 / %
8.4 / Non-financial controls / 4 / %
8.5 / Implementation of anti-bribery controls by controlled organizations and by business associates / 4 / %
8.6 / Anti-bribery commitments / 4 / %
8.7 / Gifts, hospitality, donations and similar benefits / 4 / %
8.8 / Managing inadequacy of anti-bribery controls / 4 / %
8.9 / Raising concerns / 4 / %
8.10 / Investigating and dealing with bribery / 4 / %
9.1 / Monitoring, measurement, analysis and evaluation / 4 / %
9.2 / Internal audit / 4 / %
9.3 / Management review / 4 / %
9.3.1 / Top management review / 4 / %
9.3.2 / Governing body review / 4 / %
9.4 / Review by anti-bribery compliance function / 4 / %
10.1 / Nonconformity and corrective action / 4 / %
10.2 / Continual improvement / 4 / %
TOTAL / 172 / %
RINA SERVICES SPA _ rev.0 del 16/02/2016