In the February 10, 2012 edition of the Houston Business Journal, in an article entitled “In order to solve a problem, it must first be identified”, author Harvey Mackay wrote “People don’t usually buy products and services. They buy solutions to problems.” He notes that successful sales people “tailor their products and services to meet a demand”. However, in compliance the ‘demand’ that often needs to be satisfied is risk. In your role as a compliance professional, you need to be able to identify risk and then design a system to manage it. If you review a proposed transaction and concluded it would violate the Foreign Corrupt Practices Act (FCA) and then reported that to senior management, you may well be told that it is the job of compliance to manage compliance risks, now go back and figure out a way to manage that risk so that the transaction can be done within the law. The question is how to determine the compliance risk so that it can be managed. The answer is by performing a risk assessment.