Kreller's Due Diligence Blog
Kreller Risk Assessment Matrix
Tuesday, October 28, 2014
Written by Chris Weiss
It is clear in the FCPA guidelines that there is no “one size fits all” approach to structuring a corporate compliance program. Whether it is time, budget, manpower, etc., we are all limited by our resources in one way or another. If you do not have the luxury of conducting annual global audits and interviews, desktop risk assessment can be a compliance officer’s best friend.
Assessing and assigning risk to your international partners is paramount to the strength of your compliance program. There are specific criteria Kreller focuses on when assessing risk, including:
These are some of the criteria that would make up the foundation for a Risk Matrix. Much like the structure of your corporate compliance program, there is no one approach to creating a risk matrix.
- Sales volume
- Government exposure
- Line of business
For example, the weight of each of the four criteria may vary. We would often place the highest emphasis on location (40%) and equal emphasis (20%) on the three remaining criteria. Because our clients vary in size and span many industries, we create a custom risk matrix for each client based on a macro level view of their international risk.
By using a risk matrix, you can plug in the above criteria for any of your international partners to determine their “risk score” or perceived level of risk. Creating tiers with corresponding numbers using the criteria above will allow you to assign a risk score to each of your engagements.
When determining risk based on your international partners location for example, use the CPI index. For the purpose of demonstration, we will tier location using the transparency country ranking. Perhaps your risk matrix outlines countries ranking 1-25 on the transparency index as low risk, 26-100 medium risk and 100+ as high risk.
Because location is more heavily weighted than the other factors in our example, we will assign a total of 6 points to location. Low risk locations would be two points, medium is four points and high is six points. You create similar low, medium and high tiers for sales volume, government exposure and line of business.
Desktop Risk Assessment is a tool too valuable to ignore. It offers a simple, common sense approach to assessing the risk of your international partners and follows the guidelines outlined by the DOJ and the SEC.
Kreller provides a complimentary risk matrix for any company looking for assistance. Please do not hesitate to contact myself or any other Kreller representatives to assist you with creating a risk matrix relative to your organization.
The Kreller Group was founded in 1988. The company provides comprehensive corporate due diligence investigation services for government entities and Fortune 100 and 500 corporations in the U.S. and abroad. The Kreller Group team is comprised of a worldwide network of investigators and business analysts with domestic and foreign expertise in all jurisdictions. For additional information about the Kreller Group Family of Companies, contact Gina M. Martin, 513.723.8902, firstname.lastname@example.org or visit www.kreller.com.
Chris Weiss is a global due diligence consultant for Kreller Group. He advises multinational Fortune 100 companies in the areas of FCPA Compliance Program Construction, Risk Management Solutions, Security Risk, Gaming & Probity and Ethical Sourcing Investigations. Weiss sub-specializes in consultation with regard to FCPA, the Patriot Act, Bank Secrecy Act and Sarbanes Oxley Act. He received his B.A. in International Affairs from the University of Cincinnati with a minor in Middle Eastern Studies.