An Anti-bribery Management System (ABMS) is a set of management system controls designed to prevent, detect, and address bribery risks. ISO 37001 specifies requirements for implementing and maintaining that system.
An Anti-bribery Management System (ABMS) is a management system structure focused on controlling bribery risk through defined requirements, processes, and oversight. ISO 37001 sets out the requirements for establishing, implementing, maintaining, and improving an ABMS, giving organizations a consistent basis to design controls and demonstrate conformity.In an audit context, an ABMS is assessed as a system, not as isolated policies. Auditors look at whether the organization’s anti-bribery controls exist, are implemented, and are effective in the scope of the management system. This includes how anti-bribery expectations are set, how responsibilities are defined, and how the organization checks that controls are working.The course positions ABMS auditing within widely used auditing practices by referencing ISO 19011 guidance and ISO/IEC 17021-1 requirements related to certification processes. That matters because ABMS audits require disciplined evidence evaluation. Auditors must be able to connect observed practices and records to ISO 37001 requirements and document findings in a way that supports decision-making.Understanding ABMS fundamentals is also necessary for audit planning. You cannot build a meaningful audit plan or test plan without knowing what the system is supposed to achieve and what the organization claims is in place. The course’s first day introduces ABMS and ISO 37001, along with standards and regulatory frameworks and the certification process, before moving into audit principles and stages on subsequent days.For organizations, the ABMS is intended to keep anti-bribery processes in check and enable continual improvement. For auditors, it provides a structured basis to assess conformity, identify nonconformities, and evaluate action plans through follow-up and program management.
ABMS audits go wrong when auditors treat ISO 37001 as a checklist. The better approach is to follow the evidence trail: what the organization says it does, what is actually implemented, and what records demonstrate control performance. If you can consistently link evidence to requirements, your findings will be clearer and your nonconformity statements will be defensible.Use risk-based thinking in planning. Prioritize audit time where bribery exposure is higher and where control failure would have the largest impact.
“An ABMS is audited as a system of controls, not isolated documents.”
Expert Trainer
Expert Trainer
An ABMS is a structured management system designed to prevent, detect, and address bribery risks. ISO 37001 defines requirements for governance, controls, monitoring, and continual improvement.
It requires demonstrable evidence that required practices are implemented and operating, aligned with the assessment methodology and expectations.
Audit findings should state what was observed and how it relates to requirements. Nonconformity reports should be evidence-based and clear enough to support corrective action planning and later evaluation by the auditor.
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.