Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Attention colleges: ISO 37001 can help

Colleges implicated in Operation Varsity Blues (and those not yet named) can act to prevent similar bribery situations and restore trust without reinventing the wheel: the ISO 37001 anti-bribery system is uniquely suited to help manage these bribery-risk situations.

ISO 37001 addresses the operational risks by a systematic and documented bribery risk assessment. (The domain of “high-bribery risk environments” now appears to include some domestic college admissions offices and athletic departments — as well as the traditional FCPA-related overseas resource extraction and pharma operations in lesser developed regions.)

ISO 37001 certification shows that a college voluntary submitted to and passed a rigorous audit of its anti-bribery management system, conducted by an accredited independent certifying body — applying a “reasonable assurance” standard of review (as is applied by public accounting firms when auditing the financial statements of U.S. public companies.)

Certification publicly communicates a simple trust-rebuilding message: “consistent with the seriousness of the situation and our values, we took action — we’ve implemented and become certified under the leading global anti-bribery management system: ISO 37001.”

Among the issues likely to be faced by colleges in the course of implementing ISO 37001: 

Actual or pending lawsuits and/or investigations – ISO 37001-related activities will largely be prospective, but litigation concerning past events has begun in some cases, and legal counsel’s opinion on any possible privilege-related issues is advisable.

Due diligence – What due diligence procedures should be applied to verify that applicants with claimed special (athletic or other) skills actually have these skills and accomplishments/awards?

Process improvement – Should “accurate and truthful” parent/guardian certifications and/or representations concerning use of an outside college advisor be part of the college’s application package?   

External stakeholders and scope of anti-bribery policy – As part of the standard’s bribery risk assessment consideration of external stakeholder’s views and/or requirements, applicable contractual and/or statutory boundaries will need to be considered — including those related to federal or state grants, the NCAA and major donors. Should a complete policy also contain provisions dealing with the risk of college athletes, researchers or other college community members as bribe targets?


The country is fascinated and appalled by the breadth of the scandal — the brazen circumvention and exploitation of existing college admission practices, the amounts involved and the “right in our backyard” aspects of these cases.

As additional facts come to light — approximately 800 persons are reportedly involved and only around 50 have been identified to date — the value of a thorough, standards-based anti-bribery methodology applied to the college admissions process will only become more apparent.

ISO 37001 copies can be licensed here.


Worth MacMurray was formerly general counsel of several public companies, a leader within PwC’s DC anti-corruption office, and a member of the U.S. Technical Advisory Group that worked with other countries over a 3-year period to create ISO 37001. He is now Principal at Governance & Compliance Initiatives. He is PECB Certified as both an ISO 37001 Lead Auditor and ISO 37001 Lead Implementer. He can be contacted here.

Share this post


1 Comment

  1. An excellent resource for colleges and universities. However, university compliance programs tend to "stop at the door of the athletic department," so that may be a challenge that needs to be faced first.

Comments are closed for this article!