GoodCorporation Framework on Bribery & Corruption vs BS10500

 

BS 10500:2011 The GoodCorporation Framework on Bribery and Corruption
1. Scope
1.1 Below are the areas of the organization’s activities which an ABMS (anti-bribery management system) covers according to the BS10500:
1.1a Bribery in the public, private and voluntary sectors The GoodCorporation Framework scope covers bribery and corruption in the public and private sectors under all of its headings.
GV8 Bribery via the voluntary sector is covered specifically in GV8:‘There are procedures and controls to ensure that community projects and chartable contributions are not used to obtain undue business influence’
1.1b Bribery by the organization, or by its personnel or others acting on its behalf or for its benefit CT1 Employees receive the ABC policy and make personal commitments to follow it(ABC: Anti-bribery and corruption)
CT3 The organisation communicates its ABC policies to its suppliers, customers, agents and intermediaries and obtains their commitment to follow equivalent principles
DD2 There are clear due diligence procedures to examine the ethical practices or current and prospective agents, intermediaries, key suppliers, wholesales and distributors 
SMHR The Sales and marketing and Human Resources sections of GoodCorporation’s Framework deal specifically with bribery by the organisation, its personnel or sales and marketing intermediaries working on its behalf.
GV10  All agents and intermediaries interacting with government officials or regulators have clear terms and conditions with appropriate ABC clauses
GV11  All agents and intermediaries interacting with government officials or regulators follow the organisation’s policies on bribery and corruption
1.1c Bribery of the organization, or of its personnel or others acting on its behalf or for its benefit PPHR The Procurement and Human Resources sections of the GoodCorporation Framework cover passive bribery risks.
1.1d Direct and indirect bribery (e.g. a bribe paid or received through or by a third party) The GoodCorporation Framework scope covers bribery and corruption in the public and private sectors under all of its headings.
1.1e Bribery within the country in which the organization is based, and bribery in other countries in which the organization operates RA1 There is a risk assessment that evaluates the risks of bribery and corruption in markets, countries and sectors where the company is operating, or is considering operating
GV7 Where it encounters corruption as a material business issue in a particular country, the organisation engages in constructive dialogue with the country’s government and authorities
1.1f Bribery of any value, whether large or small (including facilitation payments) The GoodCorporation Framework scope covers bribery and corruption of all values.
GV4 No inducements in cash or in kind are offered to public officials to influence decisions
GV5 No form of facilitation payment, in cash or in kind, is allowed 
GV6 There are clear procedures and training to combat facilitation payments
1.1g Bribery involving both cash and non-cash advantages SM7 There are procedures and controls to ensure that commercial sponsorship avoids any element of bribery or inappropriate influence
SM8 No inducements in cash or in kind are offered to influence sales
HR The Human Resources section deals with Gifts and Hospitality, which in practice covers both cash and non-cash advantages
GV4 No inducements in cash or in kind are offered to public officials to influence decisions
1.2 The scope of this standard is applicable to bribery as applicable to the laws in the countries in which the organization (wishing to attain the standard) is based and/or operating. CM4 Senior management ensures that the organisation abides by all applicable national and international ABC laws, conventions and industry standards.
1.3 The requirements of this standard are generic and intended to be applicable to all organizations and sectors (public, private and voluntary) The GoodCorporation Framework is intended to be applicable to all organizations.
2. Terms and definitions
2 These are broadly the same as for both standards with the exception being:
2.3 Business associate GoodCorporation refers to agents, customers, distributors, intermediaries (sales and marketing as well as those who obtain permits, licences and authorisations on the company’s behalf), joint venture partners, partners, suppliers and wholesalers
3. Planning
Planning
3.1 While the BS10500:2011 standard refers to planning for the implementation of the ABMS, GoodCorporation is normally organising the planning of an audit, which is checking a management system and or process which is already in place.The GoodCorporation Framework can also be used by companies as an internal ABC checklist and specifically addresses the issue of resources to support compliance (CM1).
Scope of the ABMS
3.2 Scoping considerations are the same for both standards
4. Adopting an anti-bribery policy and implementing the ABMS
Anti-bribery policy and ABMS
4.1.1 The organization shall adopt and record an anti-bribery policy TC1 There is a written and clearly articulated anti-bribery and corruption (ABC) policy
4.1.2 The organization shall implement an ABCM comprising the appropriate policies, procedures and controls specified in 4.2 to 4.18 and Clauses 5 and 6 in a manner which is reasonable and proportionate having regard to the nature and extent of bribery risks which the organization faces, and taking into account the factors in 3.2 In line with Note 2 of the BS10500, GoodCorporation also agrees that many relevant documents will form part of existing policies, procedures and controls, rather than specific, standalone ABC ones.GoodCorporation reviews and logs documentary evidence for all the GoodCorporation Framework points. As per the Framework we check:

  1. That a policy exists
  2. That a system is in place to implement the policy
  3. That records exist which show that the system works in practice
4.1.3 Top management shall take responsibility for the adoption of the anti-bribery policy and the implementation of the ABMS TC2 The policy of zero tolerance of bribery and corruption has been formally approved by the board or equivalent
TC3 There is high-level and clear ownership of ABC controls
TC4 ABC issues and related policies are regularly considered by the board or equivalent
CM2 The compliance function has a reporting line to independent directors
Communicating the anti-bribery policy and ABMS
4.2.1 Top management shall make a statement that:a)    the organization has adopted an anti-bribery policyb)   the organization is implementing an ABMS to give effect to this policy; andc)    top management supports the policy and the ABMS TC2 The policy of zero tolerance of bribery and corruption has been formally approved by the board or equivalent
TC4 ABC issues and related policies are regularly considered by the board or equivalent
TC5 The policy of zero tolerance of bribery and corruption has been made public, together with the organisation’s supporting policies and implementation
CM3 Senior management communicates ABC policies and any current cases to independent directors or the parent organisation (where relevant)
4.2.2 The statement in 4.2.1 and the anti-bribery policy shall be communicated to all the organization’s personnel and shall be published on the organization’s intranet and public website (if it has these) TC5 The policy of zero tolerance of bribery and corruption has been made public, together with the organisation’s supporting policies and implementation
CT The Communication and training section of the Framework covers both external and internal communication of the company’s anti-bribery policies and the commitment to follow these principles
4.2.3 The organization shall implement procedures under which:a)    all personnel read the anti-bribery policy and agree to comply with itb)   records are maintained of all personnel who have

  1. received the ABC policy
  2. made the declaration
  3. not made a declaration
CT1 Employees receive the ABC policy and make personal commitments to follow it GoodCorporation routinely checks compliance declaration records and information against employee lists.
Education, training and/or guidance
4.3 Provision of appropriate education, training and or guidance covering all relevant personnel and the organization’s ABC policy/ABMs; their understanding of the risks and circumstances around bribery and corruption and to whom they should report concerns.The necessary repeat and update of such education, training and or guidance. CT1 Employees receive the ABC policy and make personal commitments to follow it
CT2 Employees are trained on the company’s ABC policies Please note that for this point GoodCorporation will assess the regularity and relevance of the training. Please see also RA2 below
CT6 ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries
RA2 The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable
HR3 Disciplinary processes are used to support the observance of the organisation’s anti-bribery and anti-corruption polices and procedures
HR7 Performance appraisals include specific reference to ABC
CM5 There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected
CM10 The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures
Management responsibility
Day-to-day responsibility for compliance
4.4.1 The organization shall define the levels of responsibility for overseeing compliance with the anti-bribery policy and ABMS on a day-to-day basis TC3 There is high-level and clear ownership of ABC controls
SM6 There are well-defined guidelines for carrying out major bids to supply goods and services, which ensure that expenditure is devoted to the quality and communication of the bid only
CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy. Please note, in line with the BS10500 comment, GoodCorporation also reviews each departments’ ABC risk assessment/profile and the inclusion of relevant risk and departmental ownership (under RA1). We also review local support for the compliance function.
Compliance manager
4.4.2.1 A suitably qualified or experienced manager shall be allocated responsibility for overseeing implementation of the ABMS CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy. 
4.4.2.2 The compliance manager shall:a)    have direct and prompt access to top managementb)   have responsibilities covering implementation of the ABMS, compliance with the policy and ABMS, consistency with good practice, legal compliance, and ABC guidance CT6 ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries
CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy.
CM2 The compliance function has a reporting line to independent directors
CM3 Senior management communicates ABC policies and any current cases to independent directors or the parent organisation (where relevant)
CM4 Senior management ensures that the organisation abides by all applicable national and international ABC laws, conventions and industry standards
Multiple organizations
4.4.3 Where the organizations comprises more than one independently-managed organization, a suitably qualified or experienced manager shall be appointed within each organization as responsible for ABC/ABMS. CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy. We also review local support for the compliance function in all relevant subsidiaries and affiliated organisations.
CM8 The ABC controls of joint ventures and significant investment projects are monitored
Provision of resources
4.5 The organization shall provide the resources needed to implement the ABMS FN3 There are appropriate internal and external audits which include ABC checks
CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy.
CM9 An external review of the adequacy of the company’s ABC controls is undertaken
Risk assessment
4.6.1 The organization shall implement procedures to enable it to assess the risk of bribery relative to its existing activities, new activities and whether its policies, procedures and controls are adequate RA1 There is a risk assessment that evaluates the risks of bribery and corruption in markets, countries and sectors where the company is operating, or is considering operating   
4.6.2 These risk assessments shall examine the bribery risks in relation to transactions, projects, countries, business sector, work type, business model and or proposed business associates. This shall be repeated so that changes can be properly assessed. RADD The Risk assessment and Due diligence sections of GoodCorporation’s framework cover these points
4.6.3 The timing and frequency of these risk assessments shall be defined by the organization RA2 The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable 
4.6.4 As part of its risk assessment process the organization shall undertake due diligence on business associates DD TheDue diligence section of GoodCorporation’s framework cover this point
4.6.5 Where the risk assessment deems necessary, there is provision for improvement of ABC controls RA2 The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable
CM9 An external review of the adequacy of the company’s ABC controls is undertaken
CM10 The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures
4.6.6 Where the risk assessment identifies risks which cannot be mitigated, the organization should take appropriate steps to terminate, discontinue or decline a project or transaction TC2 The policy of zero tolerance of bribery and corruption has been formally approved by the board or equivalent
TC4 ABC issues and related policies are regularly considered by the board or equivalent
RA2 The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable GoodCorporation reviews risks identified and where mitigation is not feasible or unlikely to be effective would judge whether appropriate action had been taken, with termination, discontinuation and market exit as possible outcomes
DD The Due diligence section of the framework supports this point.
PP7 There is a clear policy to apply sanctions to suppliers and partners where corrupt activity is discovered
CM3 Senior management communicates ABC policies and any current cases to independent directors or the parent organisation (where relevant)
CM6 All issues reported confidentially are properly recorded and investigated, with appropriate steps taken to prevent reoccurrence
Due diligence
4.7.1 Where the risk assessment shows that a business associate might pose a more than negligible bribery risk, the organization shall implement procedures to undertake due diligence on the business associate prior to entering into any business relationship with it. DD The Due diligence section of the framework covers this point.Please note, while DD1 refers to a process for deciding when due diligence is required, GoodCorporation emphasises the zero tolerance requirements of the UK Bribery Act.
4.7.2 The due diligence shall be repeated at a defined frequency on an on-going basis during the business relationship. DD1 There is a process for deciding when due diligence regarding bribery and corruption is required GoodCorporation assesses the frequency and appropriateness of due diligence reviews
Implementation of ABMS by controlled organizations and business associates
4.8.1 The organization shall implement procedures to ensure that organizations over which it has control implement reasonable and proportionate ABMS, having regard to the nature and extent of the risks.(This covers subsidiaries, joint ventures, consortia etc) CT4 The organisation communicates its ABC policies to its joint venture partners and obtains their commitment to follow equivalent principles
DD4 Where due diligence identifies contracts or contractors as high risk, processes are in place to manage the risks identified
CM8 The ABC controls of joint ventures and significant investment projects are monitored
4.8.2 In the case of business associates over which the organization has no direct control, where at all possible the organization should ensure that its business partners have appropriate ABMS, taking into account risk, size, activity, location etc.Risk assessments should be adjusted to reflect dealings with organizations that will not implement an ABMS or refuse to verify the existence of the same. CT3 The organisation communicates its ABC policies to its suppliers, customers, agents and intermediaries and obtains their commitment to follow equivalent principles
DD2 There are clear due diligence procedures to examine the ethical practices of current and prospective agents, intermediaries, key suppliers, wholesales and distributors
DD4 Where due diligence identifies contracts or contractors as high risk, processes are in place to manage the risks identified
SMPPGV The Sales and marketing, Procurement and Government and regulatory affairs sections of the Framework cover ABC clauses and sign up to the organisation’s own ABC policies (if equivalent are not available) for customers, suppliers and agents and intermediaries (both sales and marketing and those interacting with government on the company’s behalf)
Employment procedures
4.9 Employment procedures cover the below:
4.9a Vetting requirements and likelihood to comply with ABMS HR6 Recruitment processes include screening for political connections and conflicts of interest GoodCorporation does not assess whether companies vet an employees’ likelihood to comply with the ABC policy. We do check that, where local employment laws permit, criminal record checks are conducted on potential employees.
4.9b Organization’s right to discipline personnel in event of non-compliance with ABMS CT1 Employees receive the ABC policy and make personal commitments to follow it
HR3 Disciplinary processes are used to support the observance of the organisation’s anti-bribery and anti-corruption policies and procedures
4.9c Distribution of ABC policy and compliance declaration within a defined period of employment commencing CT1 Employees receive the ABC policy and make personal commitments to follow it GoodCorporation would highlight instances where unreasonable delays in sign-up were occurring
4.9d Conflicts of interest declarations HR6 Recruitment processes include screening for political connections and conflicts of interest GoodCorporation would also assess reminders and training about conflicts of interest, to ensure that if any occur post recruitment these are declared.
GV14 There is a policy to ensure that Politically Connected Persons are not used to gain undue advantage
4.9e Bonuses, targets and incentives to be reviewed periodically to ensure there are safeguards to prevent ABC SM1 ABC safeguards are built into sales and marketing processes GoodCorporation reviews employees’ commission based remuneration structures for reasonableness and bribery risk.
HR7 Performance appraisals include specific reference to ABC
4.9f Disciplinary procedure covering ABC (including the right of termination of employment) HR3 Disciplinary processes are used to support the observance of the organisation’s anti-bribery and anti-corruption policies and procedures GoodCorporation expects disciplinary procedures to cover ABC and ultimately the right to terminate employment if there have been ABC transgressions.
4.9g Employees’ right to decline business opportunity where there is an unacceptable risk of bribery CM5 There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected GoodCorporation makes no specific reference to this point, however it is understood that if training is adequate it will cover this eventuality. Likewise, as shown in CM5 good faith whistleblowers must be protected.
Gifts, hospitality, donations and similar benefits
4.10.1 The organization shall adopt a policy which prohibits the offer or receipt of items such as the following, where the offer or receipt or could reasonably be perceived to be, for the purpose of bribery (Gifts, entertainment and hospitality; political/charitable donations; client or public official travel; promotional expenses; sponsorship; community benefits) SM4 Sales and marketing agents and intermediaries are required to follow clear rules and controls on the offer and acceptance of gifts and hospitality which ensure that these do not influence business decisions
SM6 There are well-defined guidelines for carrying out major bids to supply goods and services, which ensure that expenditure is devoted to the quality and communication of the bid only
SM7 There are procedures and controls to ensure that commercial sponsorship avoids any element of bribery or inappropriate influence
PP6 No inducements in cash or in kind that could influence procurement decisions are accepted or offered
HR1 Employees follow clear rules and controls on the offer and acceptance of gifts and hospitality which ensure that these do not influence business decisions GoodCorporation would review client/public official travel policy as part of this point.
GV2 There is a clear policy forbidding political contributions whether direct or indirect
GV4 No inducements in cash or in kind are offered to public officials to influence decisions
GV8 There are procedures and controls to ensure that community projects and charitable contributions are not used to obtain undue business influence
4.10.2 The organization shall implement procedures which minimise the risk of the occurrence of any incident prohibited by the policy specified in 4.10.1 CT2 Employees are trained on the company’s ABC policies
CT3 The organisation communicates its ABC policies to its suppliers, customers, agents and intermediaries and obtains their commitment to follow equivalent principles
CT5 Sales and marketing intermediaries are trained on the company’s ABC policies
HR2 All gifts and hospitality given or received are recorded
Facilitation payments
4.11 The organization shall adopt a policy which prohibits the offer or receipt of facilitation payments, and provide guidance to personnel on what to do if they are faced with a demand for a facilitation payment, or when a facilitation payment has been made CT6 ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries
GV5 No form of facilitation payment, in cash or in kind, is allowed
Delegated decision-making
4.12 Where top management delegates to personnel the making of decisions in relation to which there is a risk of bribery, the organization shall establish a decision making process that ensures that the decision process and the seniority of the decision-maker are appropriate for the value of the transaction and the perceived risk of bribery. SM1 ABC safeguards are built into sales and marketing processes
PP1 There are procurement policies and procedures with clear ABC safeguards
FN1 There are clear policies and processes for the management and recording of financial transactions
Anti-bribery contract terms
4.13 The organization shall implement procedures which ensure that in relation to all business associates which pose a more than negligible bribery risk contracts contain a prohibition of bribery (as far as is reasonable.Where it is not reasonable to include these terms, the absence of the prohibition will be a negative factor, taken into account in undertaking the risk assessment. CT3 The organisation communicates its ABC policies to its suppliers, customers, agents and intermediaries and obtains their commitment to follow equivalent principles
CT4 The organisation communicates its ABC policies to its joint venture partners and obtains their commitment to follow equivalent principles
DD4 Where due diligence identifies contracts or contractors as high risk, processes are in place to manage the risks identified
SM2 All customers and all sales and marketing intermediaries have clear terms and conditions with appropriate ABC clauses
PP2 All suppliers have clear terms and conditions with appropriate ABC clauses
Financial controls
4.14.1 The organization shall implement financial controls which minimize the risk of the organization, or any of its personnel or others acting on its behalf or for its benefit, paying or receiving a bribe FN The Finance section of the GoodCorporation Framework covers these points
4.14.2 The organization shall maintain records that accurately document all financial transactions FN1 There are clear policies and procedures for the management and recording of financial transactions
CM6 All issues reported confidentially are properly recorded and investigated with appropriate steps taken to prevent reoccurrence
Procurement and other commercial controls
4.15 The organization shall implement procurement and other commercial controls which minimize the risk of the organization, or any of its personnel or others acting on its behalf or for its benefit, paying or receiving a bribe PP The Procurement section of the Good Corporation Framework covers these points
Raising concerns
4.16 The organization shall implement procedures which:
4.16a Enable personnel to report bribery or breaches of the ABMS CM5 There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected GoodCorporation includes all stakeholders in this point, rather than focusing on internal personnel
4.16b Where requested by personnel, ensure confidentiality of reporting CM5 There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected
4.16c Allow anonymous reporting CM5 There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected GoodCorporation does not include ‘anonymous’ in its Framework due to legal restrictions in different territories
4.16d Protect personnel from retaliation CM5 There is a confidential process for stakeholders to report issues of concern to senior management. Anyone reporting such a concern is good faith is protected
4.16e Enable personnel to receive advice on what to do if facing a situation involving bribery CT6 ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries 
4.16f Ensure that all personnel are aware of the reporting procedures CT2 Employees are trained on the company’s ABC policies
4.16g Promote and encourage use of the reporting procedures CT2 Employees are trained on the company’s ABC policies 
4.16h Include clear guidance covering:1.how to raise a concern regarding bribery2.report investigation and action/feedback3.access to independent advice4.reporting to external authorities5.that they will not be at risk of retaliation6.identity protection7.that it is a disciplinary offence to retaliate against someone who raises a concern about bribery8. the ethical responsibility to report9. the legal duty to report and consequences of a breach of this duty CT2 Employees are trained on the company’s ABC policies GoodCorporation evaluates the adequateness of training and guidance provided on the confidential reporting processes (covering the items listed in BS10500), although we would not look specifically for guidance on the ethical responsibility to report.
CT6 ABC guidance and advice is provided to directors, managers, employees, agents and intermediaries
CM7 There are processes to deal with cases of actual or suspected bribery and rules for when to report to the relevant authorities     
Investigating and dealing with bribery
4.17 The organization shall implement procedures whicha)    require investigation of any bribery or any breach of or weakness in the ABMS, which is reported, detected or reasonably suspectedb)   require appropriate action CM6 All issues reported confidentially are properly recorded and investigated, with appropriate steps taken to prevent reoccurrence
CM7 There are processes to deal with cases of actual or suspected bribery and rules for when to report to the relevant authorities
Documenting the ABMS
4.18 The organization shall keep appropriately detailed records of:a)    the ABMSb)   actions taken under the ABMSc)    any bribery-related issues which arise The GoodCorporation Framework assessment methodology requires an assessor to check the below for all Framework points:

  1. that a policy exists
  2. that a system is in place to implement the policy
  3. records exist which show that the system works in practice
5. Monitoring and reviewing the ABMS
Review by compliance manager
The compliance manager shall assess whether the ABMS is:a)    adequateb)   being effectively implemented (Note frequency is recommended to be at least annually) RA1 There is a risk assessment that evaluates the risks of bribery and corruption in markets, countries and sectors where the company is operating, or is considering operating
CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy
CM9 An external review of the adequacy of the company’s ABC controls is undertaken
Internal audit
5.2.1 The organization shall implement appropriate and proportionate internal audit processes or other procedures which check projects, contracts, procedures, controls and systems for any indication of:a)    briberyb)   non compliance with ABC policy or ABMSc)    failure of other organizations under the control of the organization to implement an ABMSd)   weaknesses in or scope for improvement to the ABMS FN3 There are appropriate internal and external audits which include ABC checks 
CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy
CM10 The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures      
5.2.2 /5.2.3 These audits should be conducted at regular, planned intervals in proportion to the importance of the processes and the results of previous audits RA2 The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable
CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy
5.2.4 The responsibility, scope, method, planning and conducting audits and the requirement for reporting results/maintaining records shall be defined in a documented procedure. CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy GoodCorporation examines any appropriate supporting documentation which proves that the compliance function is adequately supporting the ABC policy implementation.
5.2.5 Audit reports detailing any significant matters identified, and any recommended  corrective actions or improvements, shall be provided to the compliance manager and top management CM1 There is a compliance function (or equivalent) with a clear remit and adequate resources to support the ABC policy
CM3 Senior management communicates ABC policies and any current cases to independent directors or the parent organisation (where relevant) 
5.2.6 Ensuring objectivity and impartiality – the organization shall ensure that the audit is undertaken by:a)    an independent functional personb)   the compliance managerc)    an appropriate persond)   an appropriate third party FN3 There are appropriate internal and external audits which include ABC checks
CM9 An external review of the adequacy of the company’s ABC controls is undertaken GoodCorporation is often commissioned to provide an impartial and objective view on the adequacy of the company’s ABC controls and processes.
Top management review
5.3.1 In order to ensure the continuing adequacy and effectiveness of the ABMS top management shall review the scope and implementation of the ABMS. This review shall be carried out:a)    at regular planned intervalsb)   when major changes to the organization’s activities or structure take place TC4 ABC issues and related policies are regularly considered by the board or equivalent
CM10 The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures    
5.3.2 The review shall be based on:a)    the compliance manager’s assessments and reportsb)   audits undertakenc)    personnel reportsd)   breaches/incidents identified TC4 ABC issues and related policies are regularly considered by the board or equivalent GoodCorporation take a view as to the adequacy of the review content but do not specify in advance what documents should be included, but does encourage employee feedback to be sought (CM10).
CM10 The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures
5.3.3 Improvements identified shall be submitted to the improvement process TC4 ABC issues and related policies are regularly considered by the board or equivalent
RA2 The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable
6. Improvement of the ABMS
6 The organization shall implement a procedure for changing or improving the ABMS whenever necessary or desirable.All proposed changes shall be assessed prior to their introduction to ensure they do not reduce the effectiveness of the ABMS. TC4 ABC issues and related policies are regularly considered by the board or equivalent
RA2 The ABC controls are monitored and regularly reviewed to ensure that they are up-to-date and suitable
CM10 The views of employees and other stakeholders are proactively sought to help review and strengthen ABC policies and procedures

Key

Italics Wording in italics is a direct copy of the specific GoodCorporation Framework point
XY Indicates the section of the GoodCorporation Framework (TC for Top-level commitment, CT for Communication and training etc.)
XY# Indicates the specific GoodCorporation Framework point (TC1 for the first point in the Top-level commitment section etc.)