DANIEL BLEEKER’S SUCCESS STORY
Writing a success story about our business, in the midst of the pandemic, is a challenging exercise as many smaller companies are under severe pressure. But I hope to give the reader “food for thought” and ideas to survive during these difficult times, by telling my story.
I founded my company, STEER, with two former business colleagues. During our employment at a major global company, we had been in senior management positions in compliance, investigations, audit, and finance and had a critical role in successfully leading the company through two Deferred Prosecution Agreements with the Department of Justice (DOJ) in the USA, as a result of FCPA (anti-bribery) violations.
It was a coincidence that we all left the company within a period of a year. During one of my last days at the company I had a “farewell” coffee with the two persons who hired me years before. We talked about the previous years and the unique experience we had of working in this global company with a presence in over 100 countries, designing and implementing a compliance department and an internal investigations unit, leading the global audit function and heading the financial department of a global division. We all agreed that the best experience was the opportunity to have lived and worked in many countries around the globe.
Living in countries and being surrounded by people with different cultures, languages, views on the world, etc., is an invaluable experience. It made me even more humble and respectful towards people that had not grown up in the same environment as I did. I learned that everybody knows the basics of compliant behavior, but that it requires respect, proper communication, and patience to explain certain elements of compliance as it is known in the “Western World” and apply them in another culture.
Anyway, back to the “farewell” coffee I mentioned before. The coffee became two coffees, three coffees, and suddenly we had been talking for hours. Not a productive day for the company we worked for, but a good day for the three of us. We realized that with our combined experiences and expertise, we could be very valuable to many (global) companies. Over the next few months we all left the company and we decided to explore the possibility of starting our own boutique firm.
After multiple meetings, telephone calls, online conversations, and emails, we were convinced that there was a demand for our combined expertise and experience. However, starting a company is a stressful event, especially since we had the very ambitious plan to open offices in two different countries (Zurich, Switzerland, and New York, USA) at the same time.
It was therefore very important that we as founders decided to go through various psychological tests to better understand our inner self but also to face the strengths and weaknesses in us as a team. Based on the assessments we were able to determine how we could best complement each other and assign responsibilities.
The final step towards starting the company was to formalize our verbal agreement and address what we would do in better or worse times. The best time to talk about bad times is when things are going well. For us, that meant crafting a written partnership agreement before we officially started the business.
It was soon after ISO 37001 (Anti-bribery) was published in August 2016 that we realized that this ISO standard could be game changer in the world of compliance, for the private and public sector. We had more than relevant expertise in this area and we were experienced auditors. Now we had to search for a certification body that would have a comparable vision to ours.
When we started our company, we all had the same vision about conducting business. Quality over quantity. Instead of doing multiple jobs at the same time with the risk of providing mediocre results, we focused on providing quality on each single project. Our clientele are companies that take compliance seriously and they are looking for auditors who not only have the required expertise and experience but in addition, can do an audit with a fair but critical eye, so they can further improve their compliance efforts.
After conducting due diligence on a number of certification bodies, we got in contact with PECB MS. We were instantly charmed by the fact that PECB MS is constantly looking to improve its processes and image. It is very encouraging to find that a certification body follows the requirements of most ISO standards to constantly evaluate and improve. This approach definitely keeps PECB MS at the top of the list for certification bodies.
PECB MS made clear to us that it wants to work with experts in the field of each ISO standard. They do not want to provide just a certificate; they want the client to know that PECB MS auditors are best in class. An audit conducted by experienced auditors with relevant expertise adds value to the obtained certificate. Regulators around the world, such as the Department of Justice in the USA, support the ISO 37001 standard but are trying to determine which certification bodies are serious about conducting proper audits and granting certificates. It is our experience that PECB MS is one of those certification bodies that aims to provide top-notch services to their clients in this respect.
PECB MS showed great trust in us from the very beginning. In the few years that we work with PECB MS, we have seen the continual improvements. Processes are subject to change when improvements are identified, and the training material is currently undergoing great improvements as well. Proper training provides the essential foundation for auditors so that they can provide the best value added service.
Our ISO 37001 Success
It was two years ago when we were alerted that Microsoft, who were part of the development of ISO 37001, were looking for a certification body to audit and certify a country organization and a global business unit.
Microsoft is one of the biggest companies in the world measured by market value. And it is obvious that there are very few companies that would not want to have Microsoft as a client. PECB MS was one of the certification bodies that was approached by Microsoft. As PECB MS’s lead ISO 37001 auditors we were requested to do an online presentation. It was our first and only chance to convince Microsoft that the PECB MS and STEER as the PECB MS certified auditors, could provide the best value to Microsoft’s commitment to audit a solid and robust Anti-bribery Management System based on ISO 37001.
We knew we had to compete with many other audit firms, all of them bigger than us and key players in the industry. In preparation for our presentation, we decided that we would approach Microsoft the same way we would approach other potential clients; not pretending we are bigger than we are, not pretending that we have the answers to all questions. We chose to describe our background and expertise, how we conduct audits, and our view on ISO 37001. By doing this in an online meeting, it gave Microsoft the chance to ask questions and get an impression of our personalities. We think it made a difference that all three STEER partners were presenting to Microsoft and that we made the commitment that all three of us would be involved in the certification audit.
A few months after our presentation, PECB MS was approached by Microsoft with the request for a financial proposal including STEER to be the auditors, for a certification audit of Microsoft Hungary’s Anti-bribery Management System and a global business unit.
As with every project, if you fail on the first engagement, you will lose the client. This means, from the start of the project, the client needs to feel confident that they get value for their money. Firstly, the client needs to feel confident that the auditors have the relevant expertise to conduct a certification audit. Secondly, the client needs to feel comfortable about the audit approach.
During an online meeting the client just hears what you say. It gives a first impression. It is not until the preparation and execution of the certification audit when the client witnesses the capabilities of the auditors.
We were approaching this project with a long-term view. We put in so many (non-billable) hours to prepare for these audits, that we hardly covered our cost. However, by putting in so many hours we became very knowledgeable about Microsoft’s ABMS, which gives us an advantage on future Microsoft ISO 37001 audit projects where we can offer competitive pricing.
A company like Microsoft is very serious about fighting bribery. And we were very impressed with the efforts they put in designing and implementing their Anti-bribery Management System. Microsoft’s ABMS is best in class, no doubt about it, and based on their continual efforts to further improve, it will remain best in class for the foreseeable future. However, Microsoft is aware that the quality of an ABMS based on ISO 37001 can only be validated by auditors with extensive anti-bribery experience, who conduct an audit with a fair but critical eye.
After conducting certification audits at Microsoft, they had an interest in training their key employees within the global business unit to be ISO 37001 Lead Implementers. They wanted to do this to ensure that these key employees had the proper knowledge and foundation to maintain their ABMS. STEER was also chosen by Microsoft to conduct this training. As mentioned earlier, with clients like Microsoft you cannot fail to deliver on their expectations.
We wanted to make sure that after auditing the global business unit, there was no (perceived) conflict of interest if we would conduct a general lead implementer training for employees of the same global business unit. We reviewed the PECB training material and contacted PECB to confirm that no conflict of interest would occur, according to ISO/IEC 17021-1.
The pandemic has a severe impact on how business will be conducted. Times are changing and it is important to be open to new business approaches. We have been contacting clients to explore different ways to go forward with ISO projects, such as offering fully remote (online) training and (surveillance) audits. In difficult times like these it is comforting to have a business partner like PECB MS that is adapting to the new business environment and open minded to the development of solutions, so that certain services can still be provided.
We are part of the PECB family and we are always looking to partner with auditors that have a similar vision as ours. We think that combining our strengths and efforts leads to successful partnerships which will enable us to win engagements with Fortune 500 companies.
Note: PECB MS manages the audit and certification services. STEER’s responsibility is to follow all policies and procedures set by PECB MS for its auditors. STEER auditors are part of PECB MS certified auditors. STEER also offers consultancy services; however, STEER does not provide management consultancy services to clients referred to PECB MS, for which STEER has conducted audit services, and STEER is not involved in any management systems certification decisions. The application process, the determination of audit days, the qualification of auditors, the reports review, and certification decisions are all conducted by PECB MS, as required by ISO/IEC 17021-1.