Checklist - 15 Sample Questions When Performing a Risk Assessment

Checklist - 15 Sample Questions When Performing a Risk Assessment

Posted on 10-31-2017

Checklist provided by Stephen R. Martin, partner at Arnold & Porter Kaye Scholer LLP

This checklist includes key themes from the compliance program expectations of government regulators around the world and best practices broken into five essential elements of corporate compliance that should be present in every company’s compliance program: (1) Leadership; (2) Risk Assessment; (3) Standards and Controls; (4) Training and Communication; and (5) Monitoring, Auditing, and Response. This framework serves as the structure for the interview questions listed below. (This is a limited sample set of questions. Actual questions and follow-up queries posed in a risk assessment should be based on the scope and focus of the risk assessment, the company’s industry and/or business sector, the level and position of the interviewee, and information gathered from the review of internal documents.)


1.   How would you evaluate or describe the tone at the top of the organization?

2.   How does the company communicate about the compliance program and/or compliance values?

3.   Does the company take compliance seriously? Are there adequate resources?

Risk Assessment

4.   Does the company have an assessment process for identifying risks? Describe the process.

5.   What types of compliance risks exist in the operating market(s)? How severe are these risks?

6.   Do you agree or disagree with the top risks that have been identified by management?

Standards and Controls

7.   How are the risks to the organization currently managed?

8.   Are you familiar with the policies and/or procedures for the following transaction and/or activities? [Review of key activities or transactions based on the company profile.]

9.   How would you evaluate or describe the company policies regarding compliance?

Training and Communication

10.   What type of training and/or communications do employees receive regarding compliance risks?

11.   Was the training relevant to your job responsibilities and compliance risks? Are the training materials adequate?

12.   Is there compliance messaging available in your office/location?

Monitoring, Auditing, and Response

13.   What is the culture of reporting issues in the workplace? Do you think people are generally comfortable doing so? Do you think employees fear exposure from, or retaliation due to, compliance reporting?

14.   Has the company completed compliance audits? Please describe the process and significant audit findings.

15.   When is senior management updated on legal compliance issues? Do they receive written reports or oral briefing? How frequently do updates occur?

To find this article in Lexis Practice Advisor, follow this research path:

RESEARCH PATH: Corporate Counsel > Compliance, Risk Assessment and Governance > Compliance Programs and Risk Assessment > Checklists