Managing the Risk
of Bribery and
Corruption
Self-assessment Checklists
£
November 2017
Managing the Risk of Bribery and Corruption
2
Checklists
Organisations
The following checklists have been drawn together from a range of sources
1
and are designed
to help NI public sector organisations identify and address any bribery and corruption risks they
may face. The checklists have been kept reasonably brief and high level for the purposes of
the Good Practice Guide
2
in which they appear, but organisations with significant bribery and
corruption risks can access the more detailed checklists from which these have been compiled
(see source details at Appendix 3 of the Good Practice Guide). The checklists are based on the
six key principles as described in Part 3 of the Guide.
The checklists are provided as aide-memoires only and should not be used as a substitute for
an open, honest and ethical culture.
When considering bribery and corruption risk and using the checklists, organisations should
ensure that they adhere to the principle of proportionality.
Individuals
The checklist on page 11 will help individual public officials determine whether they are familiar
with, and adhere to, all relevant policies and procedures.
1 The Bribery Act 2010: Guidance, Ministry of Justice, February 2012, Countering Small Bribes, Transparency International,
June 2014, The 2010 UK Bribery Act Adequate Procedures Checklist, Transparency International and Bribery and
Corruption Assessment Template, Home Office, December 2016
2 Managing the Risk of Bribery and Corruption: a Good Practice Guide for the NI Public Sector, NIAO, November 2017
Managing the Risk of Bribery and Corruption
3
Proportionate Procedures
Procedures adopted by an organisation to counter bribery and corruption risk should be proportionate to its
level of risk. Procedures may be either stand-alone or part of wider guidance, for example on procurement,
and should include measures already in place to strengthen governance and accountability and address
wider fraud risks.
Good Practice Y/N Action Required
This organisation has a formal policy which
highlights a zero tolerance of bribery and
corruption.
This organisation has anti-bribery and corruption
procedures which are proportionate to the risks
identified and the size and complexity of the
organisation.
This organisation has procedures in place for
raising and reinforcing awareness, particularly with
those open to greater risk of bribery and corruption.
This organisation has sound system controls in
place which will help reduce the risk of bribery
and corruption, such as separation of duties and
delegated authority levels.
This organisation has sound financial controls in
place which will help reduce the risk of bribery and
corruption, such as transparent accounting records
and a requirement for full supporting documentation
for all transactions.
This organisation seeks to minimise or avoid the use
of cash payments.
This organisation has strong internal and external
audit functions and an effective audit committee.
This organisation has a comprehensive set of
policies in place which address possible bribery
and corruption risks, for example conflicts of
interest, gifts and hospitality and anti-fraud policies.
This organisation has clear and effective procedures
in place for those wishing to raise concerns about
actual or potential bribery or corruption.
This organisation has effective procedures in place
for dealing with any bribery or corruption detected,
e.g. a fraud or bribery response plan.
Yes No
Y N
Managing the Risk of Bribery and Corruption
4
Top Level Commitment
Those at the top of an organisation are best placed to ensure that it conducts its business in a fair, honest and
open way. Clear and visible commitment from senior management is an essential element of an ethical culture.
Good Practice Y/N Action Required
This organisation has formally committed to business
integrity and ethics.
This organisation has a Code of Conduct or similar
document which includes a clear anti-bribery and
corruption statement.
The Chair, Board and senior management of this
organisation provide a ‘tone from the top’ which
enhances a culture of integrity and supports an anti-
bribery and corruption stance.
The Chair, Board and senior management of this
organisation have clearly assigned responsibility
and authority for implementing anti-bribery and
corruption arrangements.
The Board or equivalent body considers bribery
and corruption risks as part of wider discussion of
fraud and whistleblowing concerns at its meetings.
Managing the Risk of Bribery and Corruption
5
Risk Assessment
A risk assessment is key to establishing the bribery and corruption risk faced by an organisation. It will also
inform the proportionality of the controls introduced to mitigate risks identified.
Good Practice Y/N Action Required
The Board or equivalent body has oversight of the
risk assessment process.
The risk assessment process includes consideration
of bribery and corruption risk.
The risk assessment is documented and periodically
reviewed.
The process for identifying bribery and corruption
risk ensures that all key risks will be identified (for
example, by consulting with staff across all business
functions, and particularly those in higher risk
areas).
The business functions at particular risk from bribery
and corruption have been identified.
The employees most likely to be exposed to bribery
and corruption risk have been identified by, for
example, reviewing the register of interests.
Assessment of bribery and corruption risk has been
used to inform relevant policies and procedures.
Bribery and corruption risks have been evaluated
and prioritised so that mitigating controls can be
properly targeted.
Managing the Risk of Bribery and Corruption
6
Due Diligence
Due diligence is an accepted element of wider good governance within an organisation. The application
of due diligence in relation to the bribery and corruption risk posed by associated persons should be
proportionate and risk-based. Due diligence can be applied both to third party associates and internal
members of staff.
Good Practice Y/N Action Required
Due Diligence – Third Parties
Risk-based due diligence is carried out on
contractors, suppliers and other associates before
appointment and periodically thereafter.
Contractors, suppliers and other associates are
made aware of this organisation’s ethical position in
relation to bribery and corruption and are expected
to act accordingly.
Where there is a higher risk level, associates are
contractually required to comply with our anti-
bribery and corruption policy and procedures.
Where there is a higher risk level, there is
contractual provision for access to the associate’s
records for inspection purposes.
Where there is a higher risk level, there is provision
for termination of the contract where bribery or
corruption by the associate is suspected or proven.
There are procedures for the application of
sanctions to third party associates when incidents of
bribery or corruption occur.
Managing the Risk of Bribery and Corruption
7
Good Practice Y/N Action Required
Due Diligence – Employees and other Officials
This organisation’s recruitment process includes
procedures to ensure that it is fair, transparent and
free from bribery and corruption.
This organisation carries out appropriate due
diligence when recruiting Board members.
This organisation carries out appropriate due
diligence when recruiting employees, particularly
to positions with a higher risk of bribery and
corruption or positions of trust.
Employees must sign up to a Code of Conduct
(which should include a clear anti-bribery
and corruption statement) when they join this
organisation and must continue to be made aware
of its provisions.
Board members and Councillors are required
to sign up annually to a Code of Conduct or
equivalent statement.
Employees and other officials (e.g. Board members
and Councillors) receive training on bribery and
corruption awareness and countering bribery and
corruption risk.
Managing the Risk of Bribery and Corruption
8
Communication and Training
Communication promotes awareness and understanding of the organisation’s policies and procedures in
relation to bribery and corruption and provides a deterrent to acts of bribery or corruption by internal or
external associated persons or agents. Training may range from raising awareness of the risks with new
employees as part of induction arrangements, to specialised training for those in key posts.
Good Practice Y/N Action Required
Internal Communication
This organisation has a clear anti-bribery and
corruption policy and procedures which are
communicated in an accessible way to all
employees. (Depending on the level of risk,
provisions in relation to bribery and corruption may
be included in the anti-fraud policy or may be in a
stand-alone policy.)
This organisation provides a secure, confidential
and accessible means by which employees can
raise concerns or seek advice in relation to bribery
and corruption risk, without fear of reprisal.
External Communication
This organisation’s anti-bribery and corruption
stance is clearly stated and communicated to all
third party associates. (This may be, for example,
by way of a policy statement and/or code of
conduct on the organisation’s website.)
Every opportunity is taken in external
communications to emphasise this organisation’s
commitment to fairness, openness and honesty, as a
deterrent to improper behaviour.
Managing the Risk of Bribery and Corruption
9
Good Practice Y/N Action Required
Training
Bribery and corruption awareness training is given
to all staff. (This may be as part of general fraud
awareness training.)
Those employees at a higher risk of bribery
and corruption (e.g. those who work within
procurement, planning or regulatory functions)
are given more detailed, tailored anti-bribery and
corruption training.
Where appropriate, third party associates are
included in tailored anti-bribery and corruption
training.
Training is provided to all staff on how they can
raise concerns about bribery and corruption risks,
or seek advice.
Training is provided to staff who may receive
reports of concerns, so they have the confidence to
deal appropriately with concerns raised.
Managing the Risk of Bribery and Corruption
10
Monitoring and Review
An organisation’s bribery and corruption risks can change over time, for example if it assumes new functions.
There is a need to periodically monitor and review anti-bribery and corruption arrangements to ensure they
remain adequate and fit for purpose.
Good Practice Y/N Action Required
Internal financial control systems are subject to
periodic review and audit to ensure they remain
effective in countering bribery and corruption risk.
There is periodic review of high risk transactions,
for example large scale procurements or significant
planning decisions, to ensure compliance with anti-
bribery and corruption procedures and controls.
There is periodic review of fraud and
whistleblowing caseload within the organisation,
to determine whether the cases highlight any new
bribery and corruption risks.
There is periodic review of the register of interests to
determine whether any new conflicts of interest may
have arisen which could leave an employee more
susceptible to the risk of bribery and corruption.
Employees, particularly those in high risk
functions, are required to confirm periodically
that they comply with anti-bribery and corruption
arrangements, for example by signing up to a
Code of Conduct which includes anti-bribery and
corruption provisions.
The Audit Committee or Board periodically reviews
anti-bribery and corruption procedures and controls,
and challenges where necessary.
The results of review activities feed into systems
controls reviews and the strengthening of controls
where necessary.
Managing the Risk of Bribery and Corruption
11
Checklist for Individual Public Officials
Bribery and corruption risk can affect individual public officials. Officials need to be aware of the risks they
face and how they can minimise those risks.
Good Practice Y/N Action Required
I am aware of the ethical standards required of me
in my role as a public official.
I am aware of, and abide by, the provisions of my
organisation’s Code of Conduct.
I am aware of my organisation’s policies on:
fraud and corruption
bribery
gifts and hospitality
conflicts of interest; and
whistleblowing.
I know where to access these policies.
I am aware of the need to declare any actual or
potential conflicts of interest.
I have declared any such conflicts of interest.
I am familiar with my organisation’s policy on gifts
and hospitality.
I fully comply with the gifts and hospitality policy.
I am aware of the potential bribery and corruption
risks I may face as a public official.
I am aware that the risks are more significant if
my responsibilities relate to high risk areas such as
procurement, planning or regulation.
I avoid over familiarity with contractors and
suppliers and act in an appropriate way to avoid
any sense of obligation.
I am familiar with the procedures to follow if I need
to raise a concern about actual or potential bribery
or corruption.
Published and printed by CDS
CDS 180278