foreign hi I'm Andrew Wilcock I'm a managing associate in the Allens Melbourne dispute team and I have a particular Focus advising on risk and compliance issues like anti-bribery and Corruption in the third session of this series we looked at the importance of developing and operationalizing a strong anti-bribery compliance system and we noted that such systems are made up of several key elements in this session I'll discuss the first of these key elements which is a robust risk assessment an enterprise-wide risk assessment is the foundation of an effective anti-bribery compliance system and if conducted properly it will assist a business into a number of things including to identify and rate its key anti-bribery risks assess whether the compliance controls the business has in place proportionate to those risks and deploy resources efficiently and effectively when strengthening compliance controls as businesses anti-bribery risk profiles can shift over time risk assessments should be conducted periodically and when there are significant changes in a business's circumstances for instance a business that faces material bribery and Corruption risks might conduct a risk assessment every two years and then outside that cycle it might also conduct a risk assessment if it requires another business Orient as a new jurisdiction risk assessment methodologies and findings should always be well documented because this both strengthens the process but it is also of assistance if a business wants or needs to disclose its risk assessment findings to a stakeholder or regulator now there are a few key steps to conducting a risk assessment a first step is to establish a compliance Baseline as mentioned earlier in this series the global anti-bribery and Corruption framework is complex and it's important that a business looks at the anti-briver and Corruption laws it's exposed to and understands the obligation that it bears as a second step a business should then consider the extent to which its geographical presence and business activity is expose it to bribery and Corruption risks it's important to consider geography because some markets pose much higher bribery and Corruption risks than others a business that only operates in Australia and New Zealand is likely to face comparatively low bribery and Corruption risks but a business that operates throughout Central and South Asia will face comparatively higher risks it's also important to consider the nature of a business's activities because some sectors and activities pose much higher bribery and Corruption risks than others for instance it's important to consider whether a business regularly engages with public officials whether it transacts with state-owned Enterprises whether it relies on licenses or permits to conduct its business whether it engages in lobbying whether it makes political donations or charitable contributions whether it gives gifts or Hospitality to stakeholders and whether it conducts its business through agents or other third-party intermediaries in some smes the person conducting a risk assessment may have a sufficient understanding of their business activities considered these issues holistically themselves but in most cases it'll be necessary to review documents in information and speak to stakeholders across a business to do so so for instance documents that you may need to look at include supplier lists customer lists permits and licenses gifts and donations registers and agreements with intermediaries agents enjoyed Adventure partners and stakeholders that you're going to want to talk to include people within operations sales and marketing procurement external Affairs and finance or Treasury once a business has identified and rated risks arising from geography and business activities as a third step the business should review its existing controls and consider whether it's necessary to strengthen them again in some smas a person conducting a risk assessment may have a holistic view of how their business is anti-bribery and compliance system operates but in most cases it will again be necessary to review documents like compliance policies procedures and processes and speak to stakeholders within the business with relevant responsibilities so that's an introduction to anti-bribery risk assessments I want to re-emphasize that a business's risk assessment should be the foundation on which the rest of its anti-bribery compliance system is built and I also want to re-emphasize that risk assessments should be refreshed regularly and should be rigorous and well documented in our next session we'll be moving on to discuss the role of the board and Senior Management in anti-bribery and Corruption compliance thanks for watching