Risk assessment fundamentals: Flexibility, accountability, more
Tailoring your risk assessments to guidance from your relevant regulators is a good idea, a panel of compliance practitioners agreed. But it certainly isn’t the place to start.
Five senior compliance professionals shared their insights as part of a session on risk assessment programs at Compliance Week’s 2023 National Conference in Washington, D.C. Stephanie Cherny, director, global enterprise compliance at Intuit, moderated the discussion.
It is beneficial to fashion your risk assessments in a way that could answer questions raised by the Department of Justice (DOJ) in its Evaluation of Corporate Compliance Programs guidance or the Securities and Exchange Commission (SEC) in staff bulletins, said Hemma Lomax, vice president, associate general counsel and head of compliance at Zendesk. But more important is first understanding what your company does and its primary risk areas.
“I don’t think the answer is what everyone else is doing—it has to be what’s right for our company,” she said.