“From ignorance our comfort flows. The only wretched are the wise.” These words, written centuries ago by English poet and diplomat Matthew Prior, could be emblazoned on T-shirts worn by the modern-day chief compliance officer. After all, those sitting in corporate C-suites who are ignorant of the ethics and compliance risks their companies face certainly sleep better at night than the CCOs whose job it is to know the risks, however “wretched” it might make them.

While CCOs take many paths toward “wisdom” and the knowledge it entails, a formal ethics and compliance risk assessment is quickly becoming an essential route. However, while the term, “risk assessment” is thrown around early and often in ethics and compliance circles, it often is hard to define just what the term means and what should be included in an ethics and compliance risk assessment. Our intent is to provide some practical guidance, including a checklist of issues that should be part of any company's assessment of this kind, regardless of the business sector and geography.