A risk assessment or a risk analysis has to identify companywide the actual and potential relevant risks. A risk assessment is an absolute precondition for combating against white-collar crime and other financial risks, which could face a company.
The risk assessments stands always at the beginning of the implementation of a holistic corporate compliance management. In this regard both legal risks (such as liability risks f.i.) and business risks (such as business process risks, product risks or risks in the internal control system f.i.) have to be identified.
All relevant risks have to be determined companywide in the relevant regions, legal entities and business units. At the end of a risk assessment a company-specific risk map has to be generated. The risk map shows in a transparent manner the relevant risks in relation to their risk level (high, middle, low). If the risks are disclosed adequate measures (f.i. prevention, detection, reaction) against these risks can be defined and implemented.