Sign up to save your podcasts
Or
Share Day 4 of 30 Days to a Better Compliance Program, Risk Assessments
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Day 4 of 30 Days to a Better Compliance Program, Risk Assessments
Welcome to Day 4 of 30 Days to a Better Compliance Program. Today we tackle risk assessments. One cannot really say enough about risk assessments in the context of anti-corruption programs. The FCPA Guidance stated it succinctly when it said, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” The simple reason is straightforward; one cannot define, plan for, or design an effective compliance program to prevent bribery and corruption unless you can measure the risks you face.
What Should You Assess?
What risks should you assess? There are a number of ways you can slice and dice your basic inquiry. The FCPA Guidance states, “Factors to consider, for instance, include risks presented by: the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” Another way is to break the risk areas to evaluate down into the following categories: (1) Company Risk, (2) Country Risk, (3) Industry-Sector Risk, (4) Transaction Risk and (5) Third-Party Risk.
How Should You Assess Your Risks?
Risk assessments can be performed in a variety of ways. You can use some basic tools such as personal or telephone interviews of key employees; surveys and questionnaires of employees; and review of historical compliance information such as due diligence files for third parties and mergers and acquisitions, as well as internal audits of key offices. Another level might be a deeper dive into high risk countries, high risk business areas an more detailed review of your third party representatives.
How do You Evaluate a Risk Assessment?
Once risks are identified, they are then rated according to their significance and likelihood of occurring, and then plotted on a heat map to determine their priority. The most significant risks with the greatest likelihood of occurring are deemed the priority risks, which become the focus of the audit/monitoring plan. You should prepare a risk matrix detailing the specific risks you can relative remediation requirements identified and relevant mitigating controls.
Three Key Takeaways
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Assessment of risk is fundamental to developing a strong compliance program.
Click to tweet
View all episodes
By Thomas Fox
4.7
2020 ratings
Welcome to Day 4 of 30 Days to a Better Compliance Program. Today we tackle risk assessments. One cannot really say enough about risk assessments in the context of anti-corruption programs. The FCPA Guidance stated it succinctly when it said, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” The simple reason is straightforward; one cannot define, plan for, or design an effective compliance program to prevent bribery and corruption unless you can measure the risks you face.
What Should You Assess?
What risks should you assess? There are a number of ways you can slice and dice your basic inquiry. The FCPA Guidance states, “Factors to consider, for instance, include risks presented by: the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” Another way is to break the risk areas to evaluate down into the following categories: (1) Company Risk, (2) Country Risk, (3) Industry-Sector Risk, (4) Transaction Risk and (5) Third-Party Risk.
How Should You Assess Your Risks?
Risk assessments can be performed in a variety of ways. You can use some basic tools such as personal or telephone interviews of key employees; surveys and questionnaires of employees; and review of historical compliance information such as due diligence files for third parties and mergers and acquisitions, as well as internal audits of key offices. Another level might be a deeper dive into high risk countries, high risk business areas an more detailed review of your third party representatives.
How do You Evaluate a Risk Assessment?
Once risks are identified, they are then rated according to their significance and likelihood of occurring, and then plotted on a heat map to determine their priority. The most significant risks with the greatest likelihood of occurring are deemed the priority risks, which become the focus of the audit/monitoring plan. You should prepare a risk matrix detailing the specific risks you can relative remediation requirements identified and relevant mitigating controls.
Three Key Takeaways
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.
Assessment of risk is fundamental to developing a strong compliance program.
Click to tweet
More shows like FCPA Compliance Report
View all
The Rachel Maddow Show
37,304 Listeners
Corruption Crime & Compliance
42 Listeners
UnJustified
7,674 Listeners
Compliance into the Weeds
12 Listeners
Daily Compliance News
7 Listeners
31 Days to a More Effective Compliance Program
1 Listeners
Think Fast Talk Smart: Communication Techniques
826 Listeners
Main Justice
7,036 Listeners