The certification audit is not related to the financial audit.

Where a financial audit aims to examine financial statements for fairness and accuracy in order to certify a company's accounts, an anti-corruption certification audit focuses entirely on a company's anti-corruption management system. The management system audit aims to verify the adequacy of the organization's anti-corruption program with the requirements described in ISO 37001.

However, as part of an effective anti-corruption management system, the organization must equip itself with adequate financial controls and audits, in line with the level of risk involved in financial transactions and flows.

Unlike the Sapin 2 law, whose requirements apply to companies with over 500 employees and consolidated sales of €100 million, ISO 37001 certification applies to organizations of all sizes and in all sectors.

Since an anti-corruption program involves ensuring compliance with the anti-corruption policy not only by employees but also by third parties (partners, subcontractors, suppliers, etc.), the aim is to encourage the deployment of anti-corruption programs throughout the supply chain.

ISO 37001 certification can even be a differentiating asset and a competitive advantage for small organizations, enabling them to demonstrate their commitment and the maturity of their programs to major clients.