Printer Friendly, PDF & Email

Best practices for developing and executing a successful risk assessment

Stephen Martin ( is Partner, and Toby Ralston ( is Managing Director at StoneTurn in Denver, Colorado, USA.

Companies doing business across the globe today are operating in a more stringent regulatory environment. The proliferation of industry, sector, and government agency standards, as well as the increasing use of compliance as a regulatory tool, has put multinational corporations in a position to defend their compliance program and related controls; invest in additional resources meant to prevent and detect misconduct and/or incentivize compliance with laws; sanction inadvertent or deliberate wrongdoing by employees, officers and agents; and ensure effective program oversight by senior management and their boards of directors.

In addition, global organizations face the recently revised Department of Justice (DOJ) guidance[1] on anticorruption and fraud, along with further emphasis on individual prosecutions, liability for third-party relationships, joint ventures, and partnerships, which together send a clear signal to worldwide enterprises that they must carefully review, test, and enhance their compliance programs now or risk harsh legal actions, irreparable damage to their brand, and steep financial penalties for any wrongdoing.

Whether administered internally or with the help of outside experts, conducting an effective risk assessment is an essential step to develop and/or enhance a strong compliance program. An effective risk assessment framework and process helps companies to identify direct and indirect global compliance hot spots that, when used in combination with technology and data analytics, can pinpoint unknown or unwanted trends in order to maintain a world-class compliance program.

This document is only available to members. Please log in or become a member