Since we started the mission to create a new certification model focused in Compliance and Anticorruption in 2015, we had a big challenge to understand how we can improve the evaluation and to deliver a solution with the capabilty to identify and prevent the real organization´s risks.
During almost 20 years working in Management Systems, and also in Certifications and Accreditation models in Brazil, our team had a lot of opportunities to identify some of the weakenesses regarding the evaluation process applied in Brazil, which would need to be faced to improve the real results and accomplish the mentioned mission. First of all, we realized that understand standard´s requirements, like ISO Standards, and provide a “check the box” evaluation process wouldn´t be enough to introduce a real guarantee of effectiveness; Secondly, the culture couldn´t be assessed just checking the capabilty to decorate polities and concepts, but through a face to face conversation and behavior simulations with “multilevel” employees and stakeholders (including evaluation of the “Tone from the Top”), and check their current and real understanding regarding the policies and concepts; Thirdly, how we can improve the auditors knowledge and add a valuable critical analysis of the system objectives and goals, and; Finally, we have ever heard from the auditors: “Oh, I´m sorry to change your routine, but this is a part of the process”. Why routine changes have to be a part of the evaluation? When you change the routine, we will probably evaluate a unreal company, employees pre-selected, process which were implemented to attend this “special moment”, won´t we?! Why we have to accept something like that? Why the audit have to be a “party moment”, which the company will be able to select the available guests, more polite and prepared (employees more prepared and qualified) and also will be able to prepare special food which they have never eaten or which they don´t eat everyday (processes and results)?
These were the main challenges, specially when we are talking about Compliance, Anticorruption and Anti-Bribery Management Systems.
Let´s focus the assessment of the compliance culture and the main aspects which guided our exclusive assessment methodology to develop our EXCLUSIVE Certification Program for Anticorruption Management Systems:
1 – Understanding the organization (market, structure, business with public organizations, global presence, laws/requirements applied or not applied);
2 – Considering global presence, there are different requirements, definitions, classifications for each countries where the company works (for instance: the bribery definition is the same for each country?)
3 – Risk Assessement Critical Analysis (any omissions? any faults? All of the concepts, requirements and definitions have been considered?)
4 – Which are the critical areas/departments (considerding the main risks)?
5 – Check the employees/stakeholders, specially in the critical departments, their professional qualification and profile. What they have to know about compliance? Which the compliance values applied for each functions?
6 – Map and draw the tests, questions and simulations to apply with them during the assessment, in comply with the company risks and structure;
7 – Set a range of expected/accepted answers, behaviors and feedback in comply with the company risks;
8 – Arrange a sampling of employees, stakeholders and shareholders to be interviewed and to participate during the assessment activities, considering the critical areas and each expectations;
9 – Arrange a schedule considering the sampling and also the risks. Be careful to set this schedule splited and improve the assessement capability to evaluate people working during the company routine and reduce the risks to evaluate people pre-selected by the company.
10 – Make the assessment following the main objectives and be unflexible with the range of expected answers/behaviors and feedback settled.