Fernando detected risk vectors in our third-party chain that the legal department had not mapped. His forensic approach, with objective evidence clause by clause, allowed us to prioritize controls where they really mattered.
ISO 37001
ISO 37001 Audit — Anti-bribery Management System
Assessment of anti-bribery controls and organizational integrity culture.
ISO 37001 Lead Auditor
30+Public organizations assessed
8Sectors
ISO 37001:2016 is not just a regulatory compliance exercise — it is a legal defense mechanism. In jurisdictions that recognize the standard, demonstrating an in-place and audited anti-bribery system can constitute a mitigating factor in legal proceedings. What most organizations do not understand is that the standard demands proportionality: controls must be scaled according to the bribery risk level identified in each commercial relationship, geographic region, and activity sector. The most frequent finding in anti-bribery audits is generic due diligence — where the same level of verification is applied to a low-risk local supplier as to an intermediary in a high-risk jurisdiction. An auditable anti-bribery system requires evidence that controls adapt to the actual risk context, not the contract size.
Field evidence
Images from audits, teams, and validations linked to this line.
Deliverables
01
Bribery risk assessment
Corruption risk mapping by area, process and third-party relationships.
02
Controls audit
Verification of due diligence, whistleblowing channels and gift policies.
03
Effectiveness report
Findings, recommendations and benchmark against regional best practices.
Intervention Flow
01
Risk assessment
Context, stakeholder and bribery exposure assessment.
02
Field audit
Interviews, record review and control testing.
03
Executive report
Findings classified by criticality with action plan.
Technical Inquiries
No. ISO 37001 applies to any organization — public, private, NGO, or mixed — that has exposure to bribery risk. In the private sector, organizations with operations in multiple jurisdictions, relationships with government entities, or complex supply chains have a risk profile that justifies adoption. Furthermore, legislation such as the FCPA (US) and the UK Bribery Act implicitly recognize the standard as evidence of due diligence. A certified system can be the difference between a multimillion-dollar fine and a documented legal defense.
A code of ethics is a statement of intent; ISO 37001 requires an auditable system with operational controls. The difference is measurable: the code says 'we do not accept bribes'; the standard demands evidence that a documented due diligence process exists for each at-risk third party, that the whistleblowing channel is active and accessible, that senior management periodically reviews bribery risks, and that real documented consequences exist for violations. Without that evidence, the code is declarative but not auditable.
800+ organizations assessed
Verifiable results from real organizations
Directors, CISOs, and compliance officers across Latin America share their experience with Fernando Arrieta's independent assessments.
Fernando Arrieta offers evaluation, assessment, and methodological guidance services for management systems. These activities are independent of the certification process, which is carried out exclusively by accredited certification bodies.