ISO 37001 2016 AntiBribery Management System INTERNAL AUDIT

ISO 37001: 2016 Anti-Bribery Management System INTERNAL AUDIT CLAUSE 9. 2 (Principles & Techniques of Auditing) WORKSHOP II 14 FEBRUARY 2019 BALLROOM A SERI PACIFIC HOTEL, KUALA LUMPUR by S. NORMALIS ABD SAMAD Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

PROGRAM OUTLINE Time Activities 0900 - 1015 Internal Audit & Management Review 1015 - 1045 Refreshment 1045 - 1145 Group Internal Audit exercise discussion & presentation 1150 -1240 Presentation of NCR findings with Corrective action 1300 - 1415 Lunch 1415 - 1500 Facilitators presentation 1530 - 1700 Pilot project by Sharing of best practices of procedures and controls Group final discussion on way forward Break Wrap up / End Session National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

CONTENT • Objectives • Introduction to Internal Audit • Understanding Standard Requirements • Audit Planning • Performing Audit • Audit Reporting • Corrective Action and Follow Up Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

OBJECTIVES Pilot project by § To understand the “Principles of Auditing” § To understand the “Process Approach and Risk-based Auditing Techniques” § To understand the basic knowledge and skills of planning, performing, questioning, presentation of findings, report writing and drawing conclusion of the audit National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

PRINCIPLES OF AUDITING • Integrity • Fair Presentation • Due Professional Care • Confidentiality • Independence • Evidence-based Approach • Risk-based Approach Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

Introduction to Internal Audit Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

WHAT IS AN AUDIT Systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled Source: ISO 19011 : third edition 2018 clause 3. 1 Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

COMBINED AUDIT Audit carried out together at a single auditee on two or more management systems. Note 1 : When two or more discipline-specific management systems are integrated into a single management system known as integrated management system. Source: ISO 19011 : third edition 2018 clause 3. 1 Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

AUDIT EVIDENCE Records, statements of fact or other information, which are relevant to the audit criteria and verifiable Audit evidence is typically based on: • interviews • examination of documents • observation of activities and conditions • existing results of measurements and tests Source: ISO 19011: 2015, clause 3. 13. 8 Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

AUDIT CRITERIA Set of *requirements, used as a reference against which objective evidence is compared * Requirements may include policies, procedures, work instruction, legal requirements, contractual obligations, standard and guidelines, etc. Source: ISO 19011: 2015, clause 3. 13. 7 modified Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

AUDIT FINDINGS Results of the evaluation of the collected audit evidence against audit criteria Source: ISO 19011: 2015, clause 3. 13. 9 Eg: Conformity Non Conformity Opportunity For Improvement Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

AUDIT CONCLUSION Outcome of an audit, after consideration of the audit objectives and all audit findings. Source: ISO 19011: 2015, clause 3. 10 Note; Strength and weaknesses of overall quality system including summary of audit findings Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

REASONS FOR AUDITS • To determine the system meets the intent of the standard such as ISO 37001: 2016 • To determine the system is effectively implemented • To determine the system is properly maintained • A control mechanism used by Management • Tool for continual improvement • Correct non conformities in the systems Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

AUDIT IS NOT • • A police force Inspection of product An interrogation task force Finding faults Audit is an information gathering activity. There is no element of fault finding or blame for problems Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

AUDIT CLASSIFICATIONS Customer 2 nd Party Customer audit your organization External Internal 1 st Party Audit your own organization 2 nd Party You audit your supplier Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Supplier 3 nd Party Independent Audit Organization

First Party Audit First Party (Internal Auditors) Audits are carried out by trained Internal Auditors against the organization’s own management system. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Second Party Audits are carried out by the Customer on the Organization. The audit is based on the requirements of the contractor potential contract. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Third Party Audits are carried out by an independent organization against the requirements of a recognized standard. ie SIRIM QAS Sdn Bhd Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Understanding the Standard Requirements ISO 37001: 2016 Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001: 2016 - Overview ISO 37001: 2016 is an International Standard on Anti. Bribery Management System (ABMS). It specifies the requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 - Requirements on Internal Audit. The element for Internal Audit is part of Clause 9 of ISO 37001: 2016 under Performance Evaluation 9. 2 Internal Audit & Guidance in Annex A. 16 Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 – 9. 2 Internal Audit 9. 2. 1 The organization shall conduct internal audits at planned intervals to provide information on whether the anti-bribery management system: üa) conforms to: 1) the organization's own requirements for its anti-bribery management system; 2) the requirements of this document; üb) is effectively implemented and maintained. NOTE 1 Guidance on auditing management systems is given in ISO 19011. NOTE 2 The scope and scale of the organization's internal audit activities can vary depending on a variety of factors, including organization size, structure, maturity and locations. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 – 9. 2 Internal Audit 9. 2. 2 The organization shall: a). plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirement and reporting, which shall take into consideration the importance of the processes concerned and the results of previous audits: b). define the audit criteria and scope for each audit; c). select competent auditors and conduct audits to ensure objectivity and the impartiality of the audit process; Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Cont…

ISO 37001 – 9. 2 Internal Audit …cont. d). ensure that the results of the audits are reported to relevant management, the anti-bribery compliance function, top management and, as appropriate, the governing body (if any); e). retain documented information as evidence of the implementation of the audit programme and the audit results. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 – 9. 2 Internal Audit 9. 2. 3 These audit shall be reasonable, proportionate and riskbased. Such audits shall consist of internal audit processes or other procedures which review procedures, controls and systems for: a) bribery or suspected bribery; b) violation of the anti-bribery policy or anti-bribery management system requirements; c) failure of business associates to conform to the applicable anti-bribery requirements of the organization; d) weaknesses in, or opportunities for improvement to, the anti-bribery management system. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 – 9. 2 Internal Audit 9. 2. 4 To ensure the objectivity and impartiality of these audit programmes, the organization shall ensure that these audits are undertaken by one of the following: a) an independent function or personnel established or appointed for this process; or b) the anti-bribery compliance function (unless the scope of the audit includes an evaluation of the anti-bribery management system itself, or similar work for which the antibribery compliance function is responsible); or c) an appropriate person from a department or function other than the one being audited; or Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Cont…

ISO 37001 – 9. 2 Internal Audit …cont. d) an appropriate third party; or e) a group comprising any of (a) to (d). The organization shall ensure that no auditor is auditing his or her own area of work. NOTE See Clause A. 16 for guidance. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 – A. 16 Internal Audit A. 16. 1 The requirement in 9. 2 does not mean that an organization is obliged to have its own separate internal audit function. It requires the organization to appoint a suitable, competent and independent function or person with responsibility to undertake this audit. An organization may use a third party to operate its entire internal audit program, or may engage a third party to implement certain portions of an existing program. A. 16. 2 The frequency of audit will depend on the organization's requirements. It is likely that some sample projects, contracts, procedures, controls and systems will be selected for audit each year Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 – A. 16 Internal Audit A. 16. 3 The selection of the sample can be risk-based, so that, for example, a high bribery risk project would be selected for audit in priority to a low bribery risk project. A. 16. 4 The audits will normally need to be planned in advance so that the relevant parties have the necessary documents and time available. However, in some cases, the organization may find it useful to implement an audit which the parties being audited do not expect. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 – A. 16 Internal Audit A. 16. 5 If an organization has a governing body, the governing body may also direct the organization's selection and frequency of audits as it deems necessary, in order to exercise independence and help ensure audits are targeted at the organization’s primary bribery risk areas. The governing body may also require access to all audit reports and results, and that any audits identifying certain types of higher bribery risk issues or bribery risk-indicators be reported to the governing body when the audit has been completed. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

ISO 37001 – A. 16 Internal Audit A. 16. 6 The intention of the audit is to provide reasonable assurance to the governing body (if any) and top management that the anti-bribery management system has been implemented and is operating effectively, to help prevent and detect bribery, and to provide a deterrent to any potentially corrupt personnel (as they will be aware that their project or department could be selected for audit). Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Audit Stages 1. Adequacy/System/Desktop/Documentation (Stage 1) - Determine the existence of the ABMS and documentation meets the requirements of the selected ABMS standard; - Conducted Internal Audit and Management Review as per requirements. 2. Compliance/Implementation/Effectiveness (Stage 2) - Comprehensive/holistic audit is required to confirm whether the system has been implemented and effective. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Certification Process Stage 1 Audit Stage 2 Audit Internal Audit Surveillance Audit Re-certification Audit Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Management Review

Audit Planning A-1

Audit Process PDCA applies to Audit Process… Report to Management Review Planning Performing Follow - up Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Reporting

Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Implement ed by

Audit Process Internal Audit Planning Execution - Opening Meeting - Auditor Selection - Collect Information - Audit Schedule - Verify Information - Audit Plan - Closing Meeting - Notify the Auditee - Prepare Audit Checklist Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Reporting - Finding Clasification - Report Writing - Report Distribution Follow-up - Identify Root Cause - Corrective Action - Verification

Audit Program • OUTPUT OF AUDIT PROGRAM ØAudit Scope ØResources ØAuditor Competency ØAudit Plan • Annual plan • Detail plan

Internal Audit Schedule (Example)

Audit Program • An audit program will be influenced by the following criteria: v The scope, objective and duration of each audit to be conducted v The number, importance, complexity, similarity and locations of the activities to be audited. v Standards, statutory, regulatory and contractual requirements and other audit criteria v Result of previous audit v Significant changes to an organization or its operations • Output of audit program - Auditor selection, audit schedule and audit plan

Details of Audit Plan Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Notify Auditee ü Confirm the authority to conduct the audit ü Provide information on proposed audit timing and audit team composition ü Request access to relevant information , including records ü Determine applicable site safety rules ü Make arrangements for the audits Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

CHECK LIST 4 Assists in conducting Audit 4 Assures thoroughness and consistency 4 Identifies essential points to be examined 4 Identifies necessary evidence/ samples 4 Cross reference to standards identified 4 Maintains audit direction 4 2 types: Questionnaire & Notes 4 Reference: Standard/Documented Information & Process Approach/Turtle Diagram Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Audit Checklist for ISO 37001: 2016 • Prepared based on *process approach • Process analysis may be used as a guideline. • Should cover: – – – Pilot project by Method Who What Measurements input, output, etc National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Process Analysis diagram (Turtle diagram) How (Methods/ Procedure/ Techniques) INPUT With What? (Materials/ Equipment) Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) With Who? (Competence/Skills/ Training) PROCESS OUTPUT With What Criteria (Measurement)

WITH WHO ? (Competence/Skills/Training) WITH WHAT ? (Materials / Equipment) - Online system Credit card Supporting document - officer, - Cashier, - Anti bribery compliance function - Whistle blower - accountant Risk INPUT (What should we received) Request for license OUTPUT (What we should deliver) License application process - Application form contain direction for completion. - Online documentation - Supporting documentation - Procedure and guideline Pilot HOW ? (Method/Procedures/Techniques) National Centre for Governance, Integrity project by and Anti-Corruption (GIACC) Risk - License approved Mistake on application. Due diligence Anti bribery objective WITH WHAT Key Criteria ? ( Measurements/ Indicators)

Performing Audit A-1

PERFORMING AUDIT . Opening Meeting. Interview . Gather information. Closing Meeting Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) D - 1

Opening Meeting • • • Pilot project by Introduction of team Confirm Objective and Scope Confirm Audit program Explaining the audit method Resources and Facilities Matters relating to confidentiality Availability of any guides The audit is taken on a sample basis Confirm time of closing meeting Questions National Centre for Governance, Integrity and Anti-Corruption (GIACC)

How to gather informations Interview/Question Observe/demonstration Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Examine/Check

Communication Skill Required Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Interview • Main source of information gathered during the audit is by interviewing people • Interviewing people is a critical skill that all auditors must strive to master Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

How to start interviews: Pilot project by * Start with some ‘small-talk’ * Interviews can be initiated by asking the persons to describe their work. * Explain clearly the purpose of the audit * Express your interest in his/her work * Interviews the “right’ persons. * Be polite and sincere, and have empathy, i. e. to put one in another person’s place, to understand the problems and pressure. National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Listening…the most important skill!!! DURING INTERVIEWS . QUESTIONS. LISTEN. OBSERVE. ANALYSE. RECORD Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) D - 9

Type of questions • • Open Ended Focus Closed Ended Irrelevant Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) 4 Types of Questions

Open Ended Questions • Purpose – Encourage auditee to speak – To get a wide range of answer – Require several sentences (or action) to reply • No specific answers expected • Need to be alert to the answer that out of context or irrelevant

Open Ended Questions What ? Please explain. . . ? How. . . ? When ? Who ? Can you describe how. . ? Where ? Tell me. . . Why ? Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Open ended questions (Examples) w w w Can you describe the procedure briefly? So, how was the document change done? How did this come about What type of models do you use? Please tell me, who else has the authority to release the application?

Focus Questions • Purpose – Follow up on activities highlighted during open questioning – Go deeper into the understanding • May use auditee words as leads to focus questions

Focus Questions • Focus Question – Example • You mentioned that. . . , would you please explain more in detail? • As explained earlier, how about situation like this…?

Closed Ended Questions • Closed Ended Question – Purpose • To gather specific information • Reduce misunderstanding of what is required. – Guide the discussion towards a specific issue/problem – Should minimize using this type of questions

AUDITOR’S BEST FRIEND Please Show Me ! Don’t forget ! Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) D - 10

Skills of Questioning What ? Close questions When ? Open questions Please Show me Who ? Where ? Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Focus questions D - 10

An Effective Audit The “stair-step’ approach to interviews is an effective method. This begins broad, and narrows through the discussion, as follows: - What are your job responsibilities? - How does your order entry system work? - What do you look for when you’re reviewing an order? - Could you show me an example of an order you’re working on? Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Active Listening • Active listening encourages auditee go deeper for further communication. Some of “door openers”: – Interesting ! – Tell me about it – Tell me more – Would you like to talk about it – Let’s discuss it – You have something on your mind – Your thoughts are important to me Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Think about this ? • Use correct Tone • Beware of nonverbal body language – Facial expressions – Body positions and movement • Beware of communication barriers – – Pilot project by work environment perceptions mind set culture National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Auditor Toolkit • No Paper, No Pen = No Audit – Clipboard – Audit plan – Audit checklists – Note pad – Audit report forms – Pen – ISO 37001: 2016 standard Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

LISTENING SKILLS When listening, try to avoid the following behaviors… • Making judgments • Mentally rehearsing what you are going to say in response • Interrupting or completing sentences • Assuming you already know what the speaker is going to say • Offering advice or solutions Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Audit is based on sampling • Audit is based on sample • Select a sample that is: – Relevant – Reasonable – Representative “No NCR doesn’t mean the system is good”

Taking Notes As Reference Please, Please Take Notes !!!. For Investigation Now. For Investigation Later . For Use During Report Writing. For Use By Other Auditor Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Audit Note (example) . Number of record. Statements . Item identifiers. Names . Locations/ Places. Dates. Positions Do Not trust your memory! Write down the details as you go D - 2

Good Ethics of Auditor *Punctual *Objective *Opened minded *Analytical *Good judgement *Good listener *Polite *Honest *Hardworking *Patient Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Poor Ethics of Auditor • Poor At Preparation & Planning • Too Rigid • Fault Finding • Jumps To Conclusion • Argumentative • Bad Communicator • Easily Influenced • Stays In Office • Arrogant • Poor Timekeeping • Afraid Of Passing Unpopular Judgement

Audit Reporting A-1

What is report writing • • • Audit report is the final product The evidence of the audit was conducted Must be completely factual Tone must be courteous and professional Should be verifiable (track down the evidence) Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Audit Findings Audit evidence should be evaluated against audit criteria to generate audit findings. Audit findings can indicate either: Conformances Non Conformances (NCR) Opportunity For Improvement (OFI) Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) *Observations

Nonconformance Exists Because • The system does not comply with the standard, procedure or other requirements • Performance does not comply with the system • Performance is not effective Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Minor Nonconformity Single incident observed that a requirement of procedure or system or standard not being conform to. It may be one of the followings : - A failure in some part of the organization’s document ABMS relative to ISO 37001: 2016. - A single observed lapse in fulfilling one of a company’s ABMS. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Major Nonconformity - The absence of or total breakdown of a system to meet the requirement. - Any noncompliance that would result in the probable shipment of nonconforming product. - A noncompliance that judgment and experience indicate is likely either to result in the failure of the ABMS or to materially reduce its ability to assure controlled processes and products. - A number of minor nonconformities against one requirement can represent a total breakdown of the system Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Area for Improvement • An observed situation where there was not enough objective evidence to classify the situation as nonconformance • An observed situation which is NOT a major or minor nonconformity, but where results achieved, based upon the auditor’s judgement and experience in that commodity, are not optimal. • These opportunities shall be recorded in the final audit report for benefit of the supplier. • In support of continuous improvement, the auditor should identify quality system strengths, weaknesses and shall record opportunities for improvement Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

NON-CONFORMANCE REPORT Details of Nonconformance Auditor: _______ Auditee: _____ Root Cause(s): Correction: Corrective Action : Auditee: _______ Accepted by: _____ Completion Date : _____ Verification : Verified by: _______ NCR Close Out: Yes/No Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

NCR Statement • Nonconformance - Why a nonconformance – Deviation against requirements – Deviation against system • Evidence – – Something you found and confirmed by authorized personnel Be specific, where, what name, what number Make it retrievable Correct - check your fact • Requirement - cite the specific requirements – Reference Standard, Auditee ABMS, Management requirement, Customer contract, Gov. regulations, codes of practice Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

NCR statement “Should” Requirement Statement (links the two) “Actual” Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Evidence

How to start writing • • • It was found that……. It was noted that…… It was observed that ……. There is no evidence that…… During the audit ……. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

NCR example. . 1 There is no evidence the investigation of Anti-Bribery has been carried out by who are not part of the role function being investigated. (e. g. File 01213 shows the investigation against license department was conducted by En. Nazir, Head of License department), ISO 37001: 2016 Clause 8. 10 (Investigation and dealing with bribery) Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

NCR example 2 During the audit found that gifts, hospitality and donation which could reasonably be perceived as bribery are permitted without control. (e. g. luxury entertainment was given to by ABC Sdn Bhd to officer involved prior the contract is awarded was not recorded and reported). ISO 37001: 2016 Clause 8. 7 (Gifts, hospitality, donations and similar benefits) Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Opportunities for improvement • The organization has identify the continual improvement activities, however its implementation could be further improved. • The organization provided the training related to ABMS to their employees, however maintaining and updating the training related records could be further improved. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Closing Meeting To present audit findings to the auditees in such a manner as to obtain their clear understanding and acknowledgement of the factual basis of the audit findings. The Closing Meeting shall be chaired by the audit Team Leader Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Closing Meeting Flow • Opening Remarks & thanks • Attendee list - Pass around for signatures • Review audit objective and scope • Restrictions/ limitation • Tell of GOOD things you saw • Review of findings • Clarification • Agreement and Q & A • Closing and Thank you • Save audit finding as Records Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Corrective Action And Follow Up Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) A-1

Fundamental Components of Corrective Action IDENTIFY NONCONFORMANCE IF EFFECTIVE CLOSE OUT ROOT CAUSE ANALYSIS PROCESS FOLLOW-UP Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) APPLY CORRECTIVE ACTION

Corrective Action follow up • • • Issue corrective Action – Auditor Correction - Auditee Identify root cause - Auditee Corrective action - Auditee Verify corrective action - Auditor

NON-CONFORMANCE REPORT Responsibility Details of Nonconformance Auditor: _______ Auditee: _____ Root Cause/causes: Correction : Auditee Corrective Action : Auditee: _______ Accepted by: _____ Completion Date : _____ Verification : Auditor Verified by: _______ NCR Close Out: Yes/No Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) D - 13

How to identify root cause • Investigate the relationship between causes and problems • To differentiate between the root cause and symptom • Eliminating root cause can prevent from recurrence of problem (corrective action) • Should consider 4 M - Material, Man, Method, Machine Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Tools to identify root cause • • • Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC) Fishbone diagram 5 Why-Why Relation diagram Tree diagram

Response to the Audit Report • An action plan of things to come • Response time shall be timely without undue delay – Third Party – 30 - 90 days – Second party - typically 30 days – First party - typically 14 - 30 days • Team leader to keep track of the response • To remind the auditee where necessary Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Corrective Action • Action taken to eliminate the causes of an existing non-conformity, defect or other undesirable situation in order to prevent recurrence. Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Correction vs. Corrective Action • “Correction” refers the action to eliminate a detected nonconformity such as repair, rework, scrap or adjustment. • “Corrective action” relates to the elimination of the causes of nonconformity Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

Closeout Verification • Accept the response if there is a reasonable chance of success • Request the changed or revised documents where promised document change involve. • Perform brief follow-up visit to personally verify the implementation of the promised corrective action Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)

THANK YOU S. NORMALIS ABD SAMAD 013 3401 757 yusmalis@gmail. com Pilot project by National Centre for Governance, Integrity and Anti-Corruption (GIACC)