Diagnosis and risk analysis
We map the organisation's context: sectors of operation, geographies, types of third-party relationship (public contracts, intermediaries, commercial agents, M&A). We identify inherent and residual bribery risks, weight them by probability and impact, and prioritise controls. The output is the Bribery Risk Assessment (BRA), the core document of ISO 37001.