Corruption Risk Assessment
The Corruption Risk Assessment (CRA) is the basis of an effective anti-corruption programme. Using the assessment, the necessary controls as prescribed by the Guidelines on Adequate Procedures issued by the Prime Minister’s Office of Malaysia or ISO 37001 for anti-bribery management systems (ABMS) can be developed and tailored so that the corruption risks can be managed effectively.
Our depth of experience and expertise developed over years of practice equips us to conduct comprehensive assessments using internationally recognised methodologies, in particular ISO 31000 and the Malaysian Anti-Corruption Commission Corruption Risk Management (CRM) approach which is recommended for a more in-depth analysis of corruption risks and controls.
The risk assessment can be conducted either as a stand-alone exercise or as a key element of a company’s ongoing anti-corruption programme. Our team is trained and experienced to conduct both CRA and CRM work with a strong track record in this field, having conducted assessments for a range of organisations, from larger SMEs to some of Malaysia’s biggest companies operating across multiple countries.
Contact us to explore your requirements and how we can help you deliver a high-quality corruption risk assessment.
Our CRA case studies are as per below:
A major insurance company was looking for a high-quality consultancy to establish their MACC Act Section 17A adequate procedures, with an emphasis on Corruption Risk Management (CRM). Following a competitive tender, Trident was selected to do the job. The TRUST framework of the Malaysian Government’s Guidelines was used to establish the integrity programme based on best practice, tailored to the operations of the company. The project began with a gap analysis exercise, followed by the development and implementation of the programme.
The CRM exercise was required as part of the initiative to strengthen the corporate governance in corruption prevention. The CRM approached utilises the ISO 31000:2010 risk assessment methodology to ensure it is done in line with international risk management standards. Trident conducted corruption risk awareness training sessions, where selected members were trained to be the facilitators for the main CRM workshop and to be their department’s corruption risk liaison person on CRM in the future. Following that, a 2-day workshop was conducted with heads of departments to identify their potential corruption risks, including schemes and root causes. Making use of the results of the corruption risk assessment, Trident worked with the company to develop the control measures needed to manage the risks identified. The company’s current policies and procedures were reviewed and suitable amendments made, with new materials developed where needed, all of which were designed to be practical and effective.
The CRM approach utilises the ISO 31000:2010 risk assessment methodology to ensure it is done in line with international risk management standards. Following Trident’s standard procedures a corruption risk awareness session was held as a pre-workshop preparation session. This was followed by a train-of-trainers session, where selected members were trained to be the facilitators for the main CRM workshop and to be their department’s corruption risk liaison person on CRM in the future. Further to that, a 2-day workshop was conducted with heads of departments to identify their potential corruption risks, including schemes and root causes. Making use of the results of the corruption risk assessment, Trident worked with the company to develop the control measures needed to manage the risks identified. The company’s current policies and procedures were reviewed and suitable amendments made, with new materials developed where needed, all of which were designed to be practical and effective.
Trident also assisted the company to establish the review, monitoring and enforcement approach for the adequate procedures. This included the auditing plan which was developed in conjunction with the Internal Audit Department. Trident then worked with the company to prepare and action the training and communication plan. Tailor-made training materials were developed for the company and training initiated, with Dr Lovatt taking the lead. Trident also worked with the company to establish the communication plan to reach the company’s personnel and business associates. This was to ensure that the company’s position on anti-corruption, the reporting channel and the importance of compliance are well communicated.
The programme concluded with Dr Lovatt conducting an interactive 3 hour Board training session attended by all directors. The training explained the legislation, their tailored new adequate procedures programme, and their own roles and responsibilities going forward. Innovation and new technologies for their consideration were also presented. A full hour of open discussion followed, demonstrating the engagement of the Board and their strong interest in the subject matter. Dr Lovatt was commended on the programme and training session, with directors indicating their interest in continuing the working relationship with Trident.
A major property company was seeking expert consultancy to review the corruption risk assessment methodology based on the MACC’s methodology, and conduct a Corruption Risk Management (CRM) exercise to identify and manage down the corruption risks of the company. The company had already conducted an initial corruption risk assessment but was seeking an independent review by top anti-corruption specialists to gain assurance for the Board that their methodology was the best and the risk assessment was done to a high degree of excellence. Trident was appointed.
Trident worked with the company to determine the risk parameters and other materials to be used for the corruption risk assessment using the CRM approach, which uses ISO 31000 for risk assessments as its basis. Interviews were conducted with people from key positions to identify the likely risks and help prepare for the workshop. Trident then conducted a corruption risk assessment workshop over two days to identify, review and update the corruption risks.
Following the workshop the results were compiled into a set of completed corruption risk templates and presented to the company’s top management, with all the necessary materials provided. The end result provided an enhanced corruption risk management methodology, an up-to-date risk register, and strong awareness developed in the company of the importance of corruption risk management now that the MACC Act Section 17A is in force. The risks assessment was also used as the basis for enhancing its corporate liability adequate procedures and, in due course, ISO 37001 certification.
Our expert and capable team is led by CEO Dr Mark Lovatt, a PECB-certified Lead Implementer of ISO 37001 with many years of experience in anti-corruption work, as well as our pool of leading anti-corruption and risk management consultants. Our portfolio is rich in companies we’ve worked with to establish effective integrity systems and related programmes.
Contact us today to explore how we can help you identify your bribery and corruption risks and prepare your company for corporate liability by effective adequate procedures or ISO 37001 implementation.