Our Services

Challenges

Whether launching an ethics and compliance program for the fist time, or refreshing an existing one, it’s important that it be aimed at the risks that matter most. Government enforcement standards have long insisted that compliance program activity should be grounded in risk assessment.  For example: 

• The Federal Sentencing Guidelines require companies to “periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement [of the compliance program] to reduce the risk of criminal conduct.”

• The Department of Justice corporate charging policies require prosecutors to consider “[t]he effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment.”

These baseline expectations are rising.  For example, the Department of Justice has added to its latest guidance on evaluating compliance programs the following questions for its prosecutors to consider:

• Risk Management Process – What methodology has the company used to identify, analyze, and address the particular risks it faces?

• Risk-Tailored Resource Allocation – Does the company devote a disproportionate amount of time to policing low-risk areas instead of high-risk areas…? Does the company give greater scrutiny, as warranted, to high-risk transactions (for instance, a large-dollar contract with a government agency in a high-risk country) than more modest and routine hospitality and entertainment?

• Updates and Revisions – Is the risk assessment current and subject to periodic review? Has the periodic review led to updates in policies, procedures, and controls?

• Lessons Learned - Does the company have a process for tracking and incorporating into its periodic risk assessment lessons learned either from the company’s own prior issues or from those of other companies operating in the same industry and/or geographical region?

Benefits

We help clients who are seeking the following types of benefits:

• Satisfy risk assessment expectations established by various government enforcement authorities.

• Establish an overall view of the potential fraudulent, illegal or unethical acts that can undermine the organization’s reputation for integrity.

• Gain deeper insights of particular risk areas, operating units or geographies.

• Prioritize risks based on likelihood, significance and existing control effectiveness.

• Build internal consensus on priority needs and action plans.

• Receive support from a trusted advisor with the independence, credibility, methods and resources to perform the project efficiently and effectively.