Full version of ISO 37001 online course “Introduction of ISO-37001”
Lesson 8.4 of the video course “Introduction of ISO-37001”
In addition to financial control, the organization shall implement non-financial controls that manage bribery risk with respect to such areas as procurement, operational, sales, commercial, human resources, legal and regulatory activities.
In Standart ISO 37001 there is a NOTE which states that any particular transaction, type of activity, or relationship may be subject to financial and non-financial control.
Let’s have a look at some examples of non-financial control.
Non-financial controls are the management systems and processes implemented by the organization to help it ensure that the procurement, operational, commercial and other non-financial aspects of its activities are being properly managed. Depending on the size of the organization and transaction,
the procurement, operational, commercial and other non-financial controls implemented by an organization which can reduce bribery risk could include, for example, the following controls:
a) using approved contractors, sub-contractors, suppliers and consultants that have undergone a prequalification process under which the likelihood of their participating in bribery is assessed; this process is likely to include due diligence of the type specified in Clouse A 10 of ISO 37001
- the necessity and legitimacy of the services to be provided by a business associate (excluding clients or customers) to the organization,
- whether the services were properly carried out;
- whether any payments to be made to the business associate are reasonable and proportionate with regard to those services. This is particularly important in order to avoid the risk that the business associate uses part of the payment made to it by the organization to pay a bribe on behalf of or for the benefit of the organization. For example, if an agent has been appointed by the organization to assist with sales and is to be paid a commission or a contingency fee on award of a contract to the organization, the organization needs to be reasonably satisfied that the commission payment is reasonable and proportionate with regard to the legitimate services actually carried out by the agent, taking into account the risk assumed by the agent in case the contract is not awarded. If a disproportionately large commission or contingency fee is paid, there is an increased risk that part of it could be improperly used by the agent to induce a public official or an employee of the organization’s client to award the contract to the organization. The organization may also request that its business associates provide documentation that demonstrates that the services have been provided;
c) awarding contracts, where possible and reasonable, only after a fair and, where appropriate, transparent competitive tender process between at least three competitors has taken place;
d) requiring at least two persons to evaluate the tenders and approve the award of a contract;
e) implementing a separation of duties, so that personnel who approve the placement of a contract are different from those requesting the placement of the contract and are from a different department or function from those who manage the contract or approve work done under the contract;
f) requiring the signatures of at least two persons on contracts, and on documents which change the terms of a contract or which approve work undertaken or supplies provided under the contract;
g) placing a higher level of management oversight on potentially high bribery risk transactions;
h) protecting the integrity of tenders and other price-sensitive information by restricting access to appropriate people;
i) providing appropriate tools and templates to assist personnel (e.g. practical guidance, do’s and don’ts, approval ladders, checklists, forms, IT workflows).
Hence, even participation and 100% fulfilment of the tender conditions is not guarantee for the organization to be protected from the risk of fraudsters and “creative” businessmen.
In order to consolidate of knowledge and self-testing of interpretation and requirements of ISO 37001 standard, I invite you to evaluate the process of non-financial control, which is based on officially loaded documents to the official portal of public procurement of Ukraine ProZorro bidder of public procurement, on provision of certification services according to the requirements of ISO 9001, ISO 14001, ISO 45001 for Ukrainian nucler state enterprise “National Nuclear Energy Generating Company “Energoatom”
In March 2019, on the PROZORRO platform, at the state enterprise of the State Enterprise “National Nuclear Energy Generating Company “Energoatom”, an announcement of the perfoming of re-certification and annual supervisory audits according to the requirements of ISO 9001, ISO 14001, ISO 45001 based on DAKKS Accreditation (purchase id: UA-2019-03-06-001390-a), in the amount of 4 mil. Hryvnias was made.
“International Management Service” LLC appears in the tender and remains the only participant in this purchase.
The procurement procedure did not take place due to an insufficient quantity of participants.
In the re-published announcement in April 2019, on the purchase of services, (purchase ID: UA-2019-04-03-000192-b), International Management Service LLC appears again and again remains the only participant in this purchase.
And neither did the bidding take place.
In the 3 re-announcement of the procurement of services, International Management Service LLC appears again, and remains the only participant in this procurement.
Fulfilling the local requirements of legislation on public procurement, The State Enterprise “National Nuclear Energy Generating Company “Energoatom” (NNEGC “ENERGOATOM”) makes decisions on concluding an Contract with International Management Service LLC, on the basis of a negotiation procedure.
There is a publication of Minutes from the Tender Committee meeting dated 23.07.2019 in the PROZORRO system on the signed on 08.08.2019 Contract between NNEGC “ENERGOATOM” and International Management Service LLC (Nr. 31 PPZ).
After reviewing the documents submitted and published in the PROZORRO system in 2019 , and having analyzed with documentation of similar tender transactions for NNEGC “ENERGOATOM” from previous years, comparing them between itselves and the actual facts, we found the following risks:
1 RISK for NNEGC “ENERGOATOM” – Certificate of system conformity acc ISO 9001, ISO 14001, ISO 45001 for NNEGC “ENERGOATOM” and its 15 separate units issued by TUV NORD BULGARIA, on behalf of German TUV-NORD CERT – MAY NOT BE RECOGNIZED AS VALID and could be withdraw based on bridge a сertification rules.
2 RISK FOR TUV NORD Bulgaria and TUV NORD Cert – withdrawal of Dakks accreditation based on bridge a сertification rules
3 RISK FOR the management of International Management Service LLC and International Management Systems LLC – criminal prosecution.
What gives the right to such a serious suspicion and statement?
Documents and information. Facts solely taken from official and confirmed sources, which are available to the public.
Non-financial control of tenders documentation of 2019 revealed:
- The services in the Contract stated, offered and provided at the time of November, 2019 (between NNEGC “ENERGOATOM” and LLC International Management Service of 08.08.2019) ) are not in complance requirements of Subparagraph 5.1 of Section III of tender documentation at the open auction, according to the announcement of 06.03.2018 No. UA-2019-03-06-001390-a and according to the announcement of 03.04.2019 No. UA-2019-04-03-000192-b.
- The services provided under the Contract (between NNEGC “ENERGOATOM” and International Management Service LLC dated 08.08.2019) violate the requirements specified in Appendix 2 of TD, clauses 7.1.2 and 7.1.3 of the Ukrainian Law on Public Procurement, December 25, 2015 No. 922-VIII
Let us take steps as to how the NON-FINANCIAL REVIEW of the tender documentation was carried out.
We analyze the documents:
According to the data stated in the Protocol of Negotiations of NNEGC “ENERGOATOM”, EOOD «TUV NORD BULGARIA» after liqudation of TUV- NORD Ukraine LDT (100% company of TUV NORD International ) presents themselves as only the ONE official representative of TUV NORT CERT in Ukraine and offers certification on the basis of accreditation from accreditation issued by DakkS.
Source: TUV NORD BULGARIA
Source: Protocol of Negotiations
TUV NORD BULGARIA – a separate legal entity, is the subsidiary of TUV NORD GROUP, registered in Bulgaria. Since 2016 this company issued certificates for NNEGC “ENERGOATOM” in Polvdiv.
There is no words mentioned of the Ukrainian office on their website, not in any other official sources. However it is said that after the liquidation of TUV NORD UKRAINE, TUV NORD BULGARIA is the only certification representative in Ukraine.
From the source of the register of Ukrainian enterprises, we can see that the liquidation process has not yet been completed
From the open source on the internet, under search of TUV-NORD UKRAINE – once can find the first and independed representative of TUV NORD GROUP in Ukraine and CIS ( СIS non exist anymore).
According to the data stated in the Protocol of Negotiations of NNEGC “ENERGOATOM”, refers to letters dated 24.05.2016 from TUV NORD Cert who gives authority to TUV NORD BULGARIA to perform all services for ex TUV NORD Ukraine clients. The content of the letters is unavailable in the tender documentation.
However, there is a letter from 28.07.2015, where TUV NORD BULGARIA appoint themselves as a representative and represent their agent, the company International Management Service LLC.
FACT – International Management Service LLC is the official representative of TUV NORD BULGARIA
FACT – It is ukranian (certification body) which is the first independent representative of TUV NORD GROUP in the Ukraine and the CIS.
At the specified address in Sarny, where the branch of the company is stated to be located – there is no office. In fact, a pharmacy is located at this address.
On the official website of Ministry of Justice, we can specify that the registered company International Management Service LLC, managed by Sinyato Anton, has only one staff member in the company (according to the information provided by him), company address 21 Pushinskaya in Kiev.
We are moving onto the next step in tender documentation and analising Service Agreement between TUV NORD BULGARIA International Management Service LLC.
In public platform ProZorro we found several agreements under the name IMS – TUV NORD BULGARIA.
We need the Service Agreement between TUV NORD BULGARIA International Management Service LLC – the agreement, which referenced the Protocol of Negotiations of NNEGC “ENERGOATOM” and tender documentation.
HERE, WE GET TWO NONCONFORMITIES IN ONE – BUT CONTROVERSIAL.
We send an official enquiry to TUV NORD to comment on this fact, but the answer has not yet been provided.
We can assume that both legal entities International Management Service LLC and International Management Systems LLC are both agents of TUV NORD BULGARIA, and both are representatives in Ukraine and provide management and consultation services.
The second official representative of TUV NORD BULGARIA is the company International Management Service LLC.
Additionally, we check International Management Systems LLC as a legal entity. We can specify on the official website https://usr.minjust.gov.ua/ua/freesearch that International Management Systems LLC is registered at Pushinskaya 21 in Kiev.
International Management Service LLC and International Management Systems LLC conduct training and issue certificates. The Certificates issued by them are subsequently grounds for participation in tenders for procurement cases and confirm the competence of the specialists they undertake to involve in the works.
Obvious errors in the issued Certificates, the use of same template for both companies, the same logo and a same website, calls into question not only the legitimacy of these documents, but also the actual existence of internal rules on the organization of training, personal certification and competence of the personnel who should manage and control this process.
At the reqards of ISO 17021 (Requirements to bodies conducting audit and certification of management systems) and to the Rules themselves, which were established by one of LLC “IMS,” Source – DECLARATION.
This fact gives grounds for critical inconsistency and suspension of NAAU accreditation for the registered certification body of LLC “IMS” the head of which is Davydenko Sergey.
In the interpretation of ISO 37001, this fact should be the basis for further detailed verification (due diligence).
In this situation, we regard this as a controversial discrepancy. The conclusion may be after detailed clarification of which company LLC “International Management Service” or LLC “International Management Systems” has the rights to use the logo, who is actually the owner of the domain name, and who is the holder of accreditation of NAAU.
FACT According to the documents from the tender documentation, the Director of International Management Service LLC moved his office at Bogdana Khmelnitskii 68А of 73 to the office of International Management Systems LLC, although as he personally claimed in the report for the shareholders of company, he does not rent the office.
Source: letter from tender documentation 2019
In either case, this is very quickly turning into a sticky situation.
In the tender documents does not exist any documents wich shows that TUV NORD Cert – the actual Dakks Accreditation Holder, agree to perform the certification process for .
Does LLC “International Management Systems” have the right to carry out audits for state enterprises for nuclear industry in Ukraine?
Such issues, auditors specializing in anti-corruption systems or anti-bribery system (according ISO 37001) are investigated during non-financial control.
Who has qualification criteria and authority to conduct certification behalf TUV NORD Cert and acc Dakks accreditation for NNEGC “ENERGOATOM”?
What competences and education should auditors have to perform audits for four operating nuclear power plants of Ukraine, which operate 15 nuclear power units?
The Protocol of negotiation of NNEGC “ENERGOATOM” clearly indicates that Davydenko Sergey is the Director of International Management Systems LLC, and Sinato Anton is the Director of International Management Service LLC, both are representatives from TUV NORD in negotiations with NNEGC “ENERGOATOM”on the tenders. Both are sales – agents and representatives of TUV NORD Bulgaria. Both are auditors of TUV NORD Cert.
Both issue and sign Certificates to each other (with errors).
Both participate in NNEGC “ENERGOATOM” audits, respectively influence the audit decision.
And finally both are Directors of IMSes LLC!
But at least one of them can ‘t read or count! And one of them can definitely sign Certificates and Contracts.
Is there a risk in the interpretation of ISO 37001?
Why do I pay attention to this, because this fact will proof of their involvement in financial fraud.
This is topic in the Financial Control lesson.
We proceed to the next discrepancy, NONCONFORMITY 6
THE FACT “certification” is one process, and “service market expansion” or expand the market’s services is a COMPLETELY DIFFERENT process. How can you enter into a contract with the Contractor – which does NOT actually have the authority to perform certification?
Analyzing the letter from LLC “International Management Service” and the Agreement between LLC “International Management Service” and TUV NORD Bulgaria (from the tender documentation package 2019) to obtain the authority to carry out works under the contract, it turns out that LLC “International Management Service” issued itself the authority to carry out certification and re-certification AUDIT? And NAEK accepted it, on the basis of what?
In fact, the agreement between International Management Service LLC and TUV NORD BULGARIA gives the authority to expand the market’s services – that is, marketing, sales, and development of commercial offers. In other words, finding clients who, on the basis of commercial offers, will be interested in certifying their management systems on behalf of TUV NORD. Exactly, on the basis of a commercial offer that is missing from the tender documentation.
In Appendix 1 – Technical requirements (to the contract of 08.08.2019 between NAEK and LLC International Management Service) in 7.1.2. –states – International Management Service LLC (as winner of tender) must have experience of similar services is specified for at least 3 years.
How did International Management Service LLC acquire 3 years of experience to perform these works in 2016, 2017, 2018? (We remind you that the company was registered in 2015)
In the same document In Appendix 1 – Technical requirements (to the contract of 08.08.2019 between NAEK and LLC International Management Service) at 7.2.2. is indicated that certification body is obliged to have Accreditation scope 11 – which was not available in the Accreditation of TUV NORD according to ISO 45001 standard.
Source: Tender documentation 2019
We move on to a critical NONCONFORMITY 9, which is not only a risk to the management system, but also a violation of the legislation and the Criminal Law of Ukraine, Art 358.
In Appendix 1 – Technical requirements (to the signed contract of 08.08.2019 between GP NAEK and LLC International Management Service) , as well as in the letter of LLC “International Management Service” dated 21/03/2019 LLC “International Management Service” – director Mr Sinato Anton confirms that the company has avalible for performing audits a number of auditors and experts, including international ones, who do not meet the requirements of Clause 7.3 of Appendix 1 – Technical requirements to the contract.
Who did they mean? What auditors? According to our information and according to the report of Mr Siniato himself, there are no full-time working auditors in International Management Service LLC. In the staff of LLC “International Management Service” there is ONE Director with salary according to the staffing table (see above), the company does not even have an accountant.
Regarding auditors with 5 years experience in the nuclear industry as indicated. This is a topic for analyzing and verifying personnel competencies.
According to the materials of the criminal case, which has already been closed “on the recommendation“ of the Prosecutor ‘s Office, which gives us clear grounds for suspicion that there is a topic of corruption in this topic (No. 761/33690/19 – Register of court decisions,) according to the auditors themselves, and according to our data, some of these persons were not actually involved in audits in OOO IMS, some of these auditors did not have Certificates of appointment during this period, and many were not actually in Kazakhstan at this time and did not participate in these audits.
In addition, a fake reference letter from Ekibastuz State District Power Station 2 AK was submitted with the package of documents for the 2019 tender in NAEGC and presented to the Director of International Management Service LLC. Which is also client of TUV NORD Cert, and also certify by International Management Service LLC.
Conclusion from the author of the course: the non-financial analysis, revealed a number of facts and evidence, which indicate violations of the rules of certification, business ethics and legislation of Ukraine.
Analysis of non-financial control showed that the “NAEK” Energoatom “blind” on the procedure of negotiations, signed in 2019 an agreement with LLC “IMS” for certification with significant finance fraud, which resulted in the loss of Ukrainian state budget funds in the amount of UAH 1,613,698, 27.
At the moment,
as of November 2019,
criminal cases have been initiated on the facts described
above International Management Service LLC
(12019100100010643, 12018100100004305, 12019110040001513
If you liked this article (or did not like it) or you do not agree with me, write, I will be glad to comments. Ask Your questions, I will answer them.
Non-financial Non-financial Non-financial Non-financial Non-financial Non-financial Non-financial Non-financial