Skill

legalcode-compliance-risk-assessment

Conducts systematic enterprise compliance risk assessments aligned with ISO 37301:2021 (Clause 6.1.2), DOJ Evaluation of Corporate Compliance Programs (ECCP) September 2024 risk assessment element, COSO ERM Framework (20 principles), and ISO 31000 risk management principles. Identifies and maps regulatory obligations across applicable frameworks and jurisdictions; assesses inherent risk using a 5×5 likelihood-impact matrix; evaluates control design effectiveness and operational effectiveness using a five-level maturity model; calculates residual risk scores with confidence scoring; and generates board-ready risk heat maps. Covers regulatory/legal risk domains (anti-corruption/FCPA, AML/CTF, sanctions/OFAC, data privacy/GDPR, cybersecurity/NIS2, export controls, employment/labor, competition/antitrust, tax, ESG/supply chain/CSDDD, AI/emerging tech), plus operational, financial, reputational, and strategic compliance risks. Supports risk heat mapping, control testing methodology, key risk indicator (KRI) development, risk appetite framework definition, trend analysis, and peer benchmarking. Produces board-ready risk assessment reports with CRITICAL/HIGH/MEDIUM/LOW classifications, confidence-scored findings, Glass Box audit trail, KRI monitoring dashboard, and prioritized remediation roadmap. Use when preparing for DOJ/regulatory examination, conducting annual compliance risk review, building or validating risk appetite statements, identifying compliance program investment priorities, responding to an enforcement trigger, or satisfying ISO 37301 Clause 6.1.2 documentation requirements. Jurisdiction-agnostic with [JURISDICTION-SPECIFIC] markers; cross-references ISO 37301:2021, COSO ERM, ISO 31000, OCEG Red Book 3.5, US Sentencing Guidelines §8B2.1, DOJ ECCP 2024, NIS2 Directive 2022/2555, GDPR, FATF 40 Recommendations, and sector-specific overlays.