by Randall Cook, Waqas Shahid and Melanie Reed

A proactive, systematic risk assessment is an essential first step to developing and implementing any corporate compliance program, regardless of your industry or the compliance areas you are targeting. As US enforcement authorities have explained, “One-size-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas.”[1] The Department of Justice specifically identified the effectiveness of a company’s compliance risk assessment as a foundational consideration when evaluating whether to bring charges against a company and in negotiating a plea or other remedies.[2] Moreover, in a corporate environment characterized by lean performance, tailoring your compliance program to your company’s actual risks is a business necessity.

A deliberate, iterative self-assessment methodology is crucial to obtaining the benefits of both mitigating enforcement risk and achieving a high-efficiency compliance program. Continue reading →