Stage 1 focuses on initiating the audit and checking readiness against requirements. Stage 2 is where on-site audit activities are performed, including executing procedures, communicating with auditees, and using test plans.
ISO 37001 audits commonly separate work into stage 1 and stage 2 activities. The course agenda highlights both stages and places them within a broader audit lifecycle that includes preparation, execution, and closing.Stage 1 is part of initiation and preparation. It is used to confirm the audit scope and approach, clarify how the ABMS is structured, and determine whether the organization is ready for the next stage. In practical terms, stage 1 aligns expectations on what will be audited and how evidence will be evaluated. It also helps the audit team plan stage 2 activities more precisely.Stage 2 is where on-site audit activities take place. The agenda for Day 3 includes preparing for stage 2, executing stage 2, maintaining communication during the audit, applying audit procedures, and creating audit test plans. Test plans are important because they translate audit objectives into targeted checks and sampling strategies, which supports evidence-based conclusions.The course also emphasizes audit principles such as evidence-based auditing and risk-based auditing. Evidence-based auditing requires clear linkage between observed facts and the requirements being assessed. Risk-based auditing helps prioritize audit effort toward areas where bribery exposure or control weaknesses are more likely to matter.After stage 2, the audit moves into closing activities, including drafting findings and nonconformity reports, performing documentation and quality review, and evaluating action plans. The course includes “beyond the initial audit” and managing an internal audit program, reinforcing that audit work should feed ongoing oversight rather than end with a report.
Stage 1 is where you prevent wasted stage 2 time. Use it to validate scope, confirm how the ABMS is documented, and identify where evidence is likely to be strongest or weakest. A disciplined stage 1 output is a clear stage 2 plan, including what you will test and who you need to speak with.During stage 2, manage communication actively. Evidence quality improves when auditees understand what you are asking for and why it matters to specific requirements.
“Stage 1 confirms readiness; stage 2 produces the evidence.”
This training prepares professionals to design and operationalize an Anti Bribery Management System aligned with ISO 37001:2025. Participants move beyond policy writing to address real bribery risks, third party exposure, and enforcement expectations.
View courseThis course equips compliance and governance professionals to manage the transition from ISO 37001:2016 to ISO 37001:2025 with precision and confidence. Rather than restating the standard, it focuses on what has materially changed and how those changes affect real ABMS implementations.
View courseThis four-day course prepares you to plan, conduct, and lead audits of Compliance Management Systems (CMS) based on ISO 37301:2021. It builds audit competence using recognized principles and practices aligned with ISO 19011 and the certification process described in ISO/IEC 17021-1.
View courseDay 2 focuses on audit principles and preparation, including evidence-based and risk-based auditing, audit initiation, and stage 1 audit activities.
byRamesh PAVADEPOULLE
It enables you to plan and conduct internal and external ISO 9001 audits and to lead audit teams using ISO 19011 guidance and ISO/IEC 17021-1 certification process concepts. It also builds competence in reporting and follow-up.
byChristophe MAZZOLA
The course frames audit planning and execution in line with ISO 19011 and the ISO/IEC 17021-1 certification process, while auditing an EnMS against ISO 50001:2018 requirements.
byTania POSTIL
An Anti-bribery Management System (ABMS) is a set of management system controls designed to prevent, detect, and address bribery risks. ISO 37001 specifies requirements for implementing and maintaining that system.
Audit findings should state what was observed and how it relates to requirements. Nonconformity reports should be evidence-based and clear enough to support corrective action planning and later evaluation by the auditor.
The exam is stated as three hours in duration and is available online. It is described as meeting the PECB Examination and Certification Programme requirements.
Day 1 covers ABMS fundamentals and ISO 37001 context. Day 2 covers audit principles and initiation including stage 1, Day 3 covers stage 2 on-site activities and test planning, and Day 4 covers findings, nonconformities, quality review, and audit program management.
Browse all FAQs →
Full knowledge base
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.