An Anti-bribery Management System (ABMS) is a set of management system controls designed to prevent, detect, and address bribery risks. ISO 37001 specifies requirements for implementing and maintaining that system.
An Anti-bribery Management System (ABMS) is a management system structure focused on controlling bribery risk through defined requirements, processes, and oversight. ISO 37001 sets out the requirements for establishing, implementing, maintaining, and improving an ABMS, giving organizations a consistent basis to design controls and demonstrate conformity.In an audit context, an ABMS is assessed as a system, not as isolated policies. Auditors look at whether the organization’s anti-bribery controls exist, are implemented, and are effective in the scope of the management system. This includes how anti-bribery expectations are set, how responsibilities are defined, and how the organization checks that controls are working.The course positions ABMS auditing within widely used auditing practices by referencing ISO 19011 guidance and ISO/IEC 17021-1 requirements related to certification processes. That matters because ABMS audits require disciplined evidence evaluation. Auditors must be able to connect observed practices and records to ISO 37001 requirements and document findings in a way that supports decision-making.Understanding ABMS fundamentals is also necessary for audit planning. You cannot build a meaningful audit plan or test plan without knowing what the system is supposed to achieve and what the organization claims is in place. The course’s first day introduces ABMS and ISO 37001, along with standards and regulatory frameworks and the certification process, before moving into audit principles and stages on subsequent days.For organizations, the ABMS is intended to keep anti-bribery processes in check and enable continual improvement. For auditors, it provides a structured basis to assess conformity, identify nonconformities, and evaluate action plans through follow-up and program management.
ABMS audits go wrong when auditors treat ISO 37001 as a checklist. The better approach is to follow the evidence trail: what the organization says it does, what is actually implemented, and what records demonstrate control performance. If you can consistently link evidence to requirements, your findings will be clearer and your nonconformity statements will be defensible.Use risk-based thinking in planning. Prioritize audit time where bribery exposure is higher and where control failure would have the largest impact.
“An ABMS is audited as a system of controls, not isolated documents.”
This training prepares professionals to design and operationalize an Anti Bribery Management System aligned with ISO 37001:2025. Participants move beyond policy writing to address real bribery risks, third party exposure, and enforcement expectations.
View courseThis course equips compliance and governance professionals to manage the transition from ISO 37001:2016 to ISO 37001:2025 with precision and confidence. Rather than restating the standard, it focuses on what has materially changed and how those changes affect real ABMS implementations.
View courseThis four-day course prepares you to plan, conduct, and lead audits of Compliance Management Systems (CMS) based on ISO 37301:2021. It builds audit competence using recognized principles and practices aligned with ISO 19011 and the certification process described in ISO/IEC 17021-1.
View courseAudit findings should state what was observed and how it relates to requirements. Nonconformity reports should be evidence-based and clear enough to support corrective action planning and later evaluation by the auditor.
The exam is stated as three hours in duration and is available online. It is described as meeting the PECB Examination and Certification Programme requirements.
Stage 1 focuses on initiating the audit and checking readiness against requirements. Stage 2 is where on-site audit activities are performed, including executing procedures, communicating with auditees, and using test plans.
Day 1 covers ABMS fundamentals and ISO 37001 context. Day 2 covers audit principles and initiation including stage 1, Day 3 covers stage 2 on-site activities and test planning, and Day 4 covers findings, nonconformities, quality review, and audit program management.
Browse all FAQs →
Full knowledge base
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.