ST0538DOJDOJ

ST0538

Control Testing – Has the company reviewed and audited its compliance program in the area relating to the misconduct? More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third parties does the company undertake? How are the results…

Assess my company

Plain-language summary

What it actually means.

Plain-language summary forthcoming. Source text below.

Source text

As written.

Control Testing – Has the company reviewed and audited its compliance program in the area relating to the misconduct? More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third parties does the company undertake? How are the results reported and action items tracked?

Assessed by HEXDI

What HEXDI assesses.

M1
7 — MANAGEMENT COMMITMENT
Senior Management reviews audit reports and recommendations and regularly evaluates effectiveness of the program.
M2
4 — PROGRAM SETUP AND ADMINISTRATION
The Export/Import Compliance Council (or equivalent) creates working groups as needed to address specific areas, to include corrective…
M2
5 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers customer base, countries of exports/import activities, and product lines.
M2
7 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers findings from audits, evaluations, and other assessments and history of compliance problems.
M11
1 — AUDITS AND ASSESSMENTS
Program requires both internal and external audits to confirm whether procedures are performed as written and to determine effectiveness of…
M11
2 — AUDITS AND ASSESSMENTS
Program requires unit/functional level audits.

Other DOJ standards.

Source & revisions

First mapped: Jun 8, 2022
Last updated: May 26, 2026 (14m ago)
Source: Evaluation of Corporate Compliance Programs