17. Monitoring & Review
Best Practice Guidelines
Continuous improvement: Through monitoring the anti-bribery programme, identify aspects which could be improved or where the process and procedures could be simplified to ensure that the programme is as effective and efficient as possible.
Assign responsibilities: The Board provides oversight through an audit committee comprised of non-executive directors, the compliance or ethics function should be responsible for planning and implementing monitoring.
Plan: Draft a monitoring plan which ensures that the entirety of the company's high risk activities are covered over time.
Test first: Before rolling out the monitoring programme or when first undergoing assurance or certification, carry out pilot engagements.
Work with other functions: Use cross-functional working. Compliance should work with other functions in designing and implementing the monitoring programme. These include internal audit, finance, human resources, quality and excellence management and professional advisers.
Focus: Ensure the regular and close monitoring of high risk functions and transactions. As a safety control, use statistical sampling to conduct spot checks to avoid risks being overlooked.
New technology: Use technology to manage the monitoring process, enable collaborative working, record data and information, provide a monitoring or audit trail, carry out automated data analysis to monitor for red flags and suspicious transactions.
Test for quality: Check the results of monitoring to validate information received, check that data analysed provides the right quality and does not generate volumes of unusable data, provide control checks.
Spread the burden: Save on cost; embed self-monitoring in functions, business units and even third parties; draw upon reports from line managers and relationship managers; and use a rolling programme.
Self-assess and benchmark: Check your methods and results against peers and leadership practitioners.
Independent review: Undergo an external independent review to provide confidence in the anti-bribery programme and bring a fresh perspective.
Review by leadership: Report on results of monitoring to senior management and the Board and ensure improvements are implemented where deficiencies have been detected.
Document: Document the monitoring process fully as this will aid future monitoring, provide an audit trail in the event of an investigation and will serve to show the quality of the monitoring process.
Act on concerns: If suspicions or instances of bribery are detected, these are acted on promptly. The procedure for incident response management should be applied. Record and assess how incidents have been remediated.
Report publicly: Report to stakeholders on the outcomes of monitoring and the key results.