Sapin 2 Software – Corruption Risk Mapping
What does the
Sapin 2 law
on corruption risk mapping?
The French Anti-Corruption Agency has reaffirmed the central role of risk mapping in the development of an anti-corruption system.
These risks of corruption and influence peddling are identified according to the sectors of activity and geographical areas in which an organization operates. In practice, this requires the definition of risk scenarios covering the exposed processes for each activity. Once the risks have been identified, they must be prioritized and a relevant and effective system must be identified or defined to control them.
Frequently asked questions about risk mapping
What are the particularities of a corruption risk map?
Unlike a global or major risk map, the sole purpose of the corruption risk map is to identify, analyze and prioritize the company’s corruption risks in the normal course of its business, based in particular on the sectors of activity and geographical areas in which it operates.
The AFA insists on the fact that a risk map must be complete, formalized and built according to a documented methodology, structured (for example by business line or by process), evolving and updated.
How many risks should a corruption risk map include?
There are no rules in this area, as it depends on the company’s business model, its geographic or sector exposure, but also the quality of its usual management practices. Indeed, a company will have to analyze the corruption risks inherent in each of its activities, which may involve identifying a large number of risk scenarios. Their evaluation and prioritization will allow the prioritization of corrective actions to be implemented in order to control these risks.
Simplify and secure your corruption risk mapping
- Identification of the roles and responsibilities of stakeholders
- Identification of processes and risk scenarios
- The assessment of gross risks
- Net risk assessment
- Prioritization of risks and definition of associated action plans
- Formalization, updating and archiving
The software being fully customizable, the fields delivered by default are customizable (modification of labels, addition or deletion of fields,…).
Steps 1 and 2: roles, responsibilities, processes and risk scenarios
- Specify the roles and responsibilities of the stakeholders identified in your mapping process, according to the specificities of your organization
- Identify and formalize the risks related to the various activities selected. This identification work requires a combination of a “top down” and “bottom up” approach, in particular through workshops or targeted interviews, in order to have an overall view of the risks incurred at all stages of a given process. This is a particularly crucial and time-consuming step given the complexity of the perimeters to be covered. Rely on a risk catalog.
- If necessary, distribute a questionnaire to relevant and pre-established targets within the various entities of your organization. Visualize the results via a thematic and geographic overview of the corruption risk present in your organization, allowing you to identify the elements to prioritize or on which it is relevant to launch a more in-depth analysis.
Steps 3 and 4: Risk assessment
- List each of the identified risks according to criteria of impact and frequency, the nature of the impact (reputational, legal, financial, economic or legal) as well as the associated aggravating factors, and then the control elements
- Document your valuation methodologies, whether they relate to gross or net risks.
Step 5: prioritization of risks and definition of action plans
- Visualize your risks on a dynamic matrix
- Zoom in on a risk to find its record and modify certain elements with a real-time update of your matrix
- Document and manage your action plans (nature, priority, responsibilities and actors, milestones, etc.) and make them live in a collaborative way
- Drive action plans via animated data visualizations
Step 6: Formalization, updating and archiving
- Keep a centralized and structured record of the methods and methodologies used and the results obtained
- Update and maintain your cartography independently
- Keep all historical data, especially those that may be requested by the AFA: trace of exchanges with the personnel concerned (schedules, notes, written summaries), method of calculating gross, net or residual risks and the associated definitions, risk identification and classification procedures, versions of the maps presented to the management bodies and the validations, action plans, minutes of the dedicated committees, audit trails, etc.
The strengths of the ConformEthics© application dedicated to Sapin 2
- Give you a global and centralized view of the processing of your obligations for your compliance with Sapin 2 through a single application
- Save time in collecting, processing, analyzing and communicating information, thanks to a digital approach and procedures
- Promote collaboration and give you a homogeneous access to the follow-up of regulations and a vision on the anti-corruption approach of your company
The fundamentals
100%
simple and intuitive
The user experience above all else: everything is intuitive, visual, simple and easy to use
100%
secure
No deadlock on security, durability and compliance with your IT requirements
100%
scalable
Applications benefiting from continuous innovation, thanks to the 15% of our turnover dedicated to R&D
100%
made in France
Design, development, maintenance and hosting managed in France, between Paris and Nevers
100%
personalized
Infinite possibilities for customizing your application, features and ergonomics
Let’s keep in touch!
Do you want a demonstration? Do you have questions about our solution and approach?
