Special Delivery

​Applying the ISO 37001 anti-bribery standard can help discourage contractors from trying to win deals corruptly.

Comments Views

​Federal prosecutors allege several Utah companies bribed a FedEx employee to obtain $280 million in contracts from the shipping company, KUTV reports. Prosecutors charged 10 individuals, including FedEx employee Ryan Lee Mower, who they described as "the highest-ranking FedEx Ground employee in Utah."

According to the federal indictment, Mower received more than $1 million to help the companies win contracts for FedEx shipments over a 10-year period. Additionally, he allegedly approved "ghost runs" in which trucking companies were paid for delivery routes that they didn't actually run. To make more money from the scheme, prosecutors say Mower boosted mileage, and falsely reported accidents and miles.

Lessons Learned

FedEx's response to this alleged multi-million-dollar bribery case includes this statement: "The vast majority of this money was payment for work that was actually performed. Therefore, because FedEx Ground would have paid to have that work performed in any event, the net financial loss to FedEx Ground is a small fraction of this amount and is not material."

This response is beside the main point of this story, however. A significant amount of money was allegedly paid out illegally through bribery schemes over 10 years, and it took a U.S. federal investigation to uncover it.

Moreover, bribery and corruption, within organizations, countries, and internationally, continues to grow. In 2016, the International Monetary Fund estimated that corruption amounted to roughly 2% of global economic output — between $1.5 trillion and $2 trillion worldwide. This story provides a good opportunity to review effective ways to fight a culture of corruption, including a systematic approach to maintaining rigorous controls over contracting.

Organizations typically manage bribery and corruption risk through a mix of internal control processes, certification requirements, promoting good practices, and monitoring and auditing throughout their operations, including with suppliers and vendors. External standards also can be powerful tools for those efforts, helping to strengthen ethics and compliance practices by offering a clear framework for action.

One external tool is the International Organization for Standardization's (ISO) 37001: Anti-bribery Management Systems standard, published in 2016. The standard offers organizations a structure for setting up or benchmarking an effective anti-bribery program aligned with their own risk profile and building a culture that values ethical behavior. The standard sets out an approach that is independently certifiable — and in the context of the broader ISO 9001 quality management standard — addresses bribery in all of its forms, and can be integrated into an organization's existing management systems.

However, ISO 37001 only addresses anti-bribery management systems, not broader fraud and corruption issues. These issues should be addressed through a fraud risk assessment and management process, among others. In particular, this standard contains four important ways for organizations to strengthen their anti-bribery practices:

  • Define ethical governance. Leadership is central to an effective anti-corruption system. ISO 37001 describes the responsibilities of the board and top management, including ensuring that the organization's strategy and anti-bribery policy and processes are aligned. The standard also requires the compliance function to be staffed by individuals with the right skills, status, authority, independence, and resources. It particularly needs a designated official who is responsible for anti-bribery efforts.

  • Embed a culture of compliance. The standard supports efforts to build an organizational culture that values ethics and compliance. Communication and training are needed to bolster the compliance program, and continual improvement is necessary to ensure that the program does not become stagnant. Other measures include establishing strong human resources policies and practices for background checks, turnover and rotation of staff, and a compliance hotline. And, the organization should establish investigations and monitoring to uncover wrongdoing.

    Fighting bribery through a strong compliance culture also can help build the organization's reputation and value. Demonstrating conformance with an internationally accepted anti-bribery standard may make it easier for the organization to attract business partners and investors who expect greater financial transparency and disclosure of anti-bribery activities. Ethical organizations also may have lower employee turnover, as well as receive greater respect from customers and clients who value organizations with good ethical practices.

  • Implement a uniform framework. This framework should have measurable, trackable indicators that promote consistency organizationwide. ISO 37001 intentionally does not prefer the legal regime or regulatory architecture of one country over another. Instead, it outlines a set of practices that can be used by organizations regardless of where they operate. Additionally, more and more organizations are using automated data capture, analysis, and tracking to support this approach.

  • Require good practices throughout the supply chain. Many organizations have a complex web of third-party partners that support their business, similar to the trucking-company contractors in the FedEx story. The risk with these partners is that a bidder or business partner will bribe an employee of the organization to help obtain a contract. ISO 37001 addresses the need for due diligence, monitoring, and auditing of third parties, and provides a tool to measure the capabilities of third parties and the strength of their compliance programs. In addition, organizations could ask third parties to demonstrate compliance with the standard.

Adopting these four methods does not guarantee protection against bribery, but it is one way organizations can better prevent and detect it. The ISO website provides more information on ISO 37001. To learn about ways to fight bribery and contracting fraud, refer to the many articles in the Fraud section of InternalAuditor.org.

Art Stewart
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Art StewartArt Stewart<p>​Art Stewart is an independent management consultant with more than 35 years of experience in internal audit, financial management, performance measurement, governance, and strategic policy planning.​​​</p>https://iaonline.theiia.org/authors/Pages/Art-Stewart.aspx


Comment on this article

comments powered by Disqus
  • AuditBoard_Pandemic_May 2020_Premium 1_
  • Galvanize_May 2020_Premium 2
  • IIA CERT-Online Proctering_May 2020_Premium 3