ST0190DOJDOJ

ST0190

Evolving Updates – How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What…

Assess my company

Plain-language summary

What it actually means.

to be determined

Plain-language summary forthcoming. Source text below.

Source text

As written.

Evolving Updates – How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?

Assessed by HEXDI

What HEXDI assesses.

  • M2

    4 — PROGRAM SETUP AND ADMINISTRATION

    The Export/Import Compliance Council (or equivalent) creates working groups as needed to address specific areas, to include corrective…

  • M2

    5 — PROGRAM SETUP AND ADMINISTRATION

    Risk analysis and identification considers customer base, countries of exports/import activities, and product lines.

  • M2

    6 — PROGRAM SETUP AND ADMINISTRATION

    Risk analysis and identification considers risks posed by interactions with third parties, to include suppliers, brokers, contractors,…

  • M2

    7 — PROGRAM SETUP AND ADMINISTRATION

    Risk analysis and identification considers findings from audits, evaluations, and other assessments and history of compliance problems.

  • M2

    8 — PROGRAM SETUP AND ADMINISTRATION

    Risk analysis and identification considers risks posed by new legislation, regulations, agency opinions and rulings, and court decisions. 


  • M2

    9 — PROGRAM SETUP AND ADMINISTRATION

    Risk analysis and identification considers risks posed by business, political, or economic changes. 


Related

Other DOJ standards.

Source & revisions

First mapped
Jun 8, 2022
Last updated
May 26, 2026 (13m ago)
Source
Evaluation of Corporate Compliance Programs