ST1164
One hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment. A company’s business changes over time, as do the environments in which it operates, the nature of…
Plain-language summary
What it actually means.
Plain-language summary forthcoming. Source text below.
Source text
As written.
One hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the applicable industry standards. Accordingly, prosecutors should consider whether the company has engaged in meaningful efforts to review its compliance program and ensure that it is not stale. Some companies survey employees to gauge the compliance culture and evaluate the strength of controls, and/or conduct periodic audits to ensure that controls are functioning well, though the nature and frequency of evaluations may depend on the company’s size and complexity.
Assessed by HEXDI
What HEXDI assesses.
- M2
2 — PROGRAM SETUP AND ADMINISTRATION
Methodology includes monitoring, collecting, and reporting of information on the number of exports/imports, nature and number of…
- M2
4 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification occurs at Senior Management meetings as part of short- and long-term forecasting and strategic planning.
- M2
7 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers findings from audits, evaluations, and other assessments and history of compliance problems.
- M2
8 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers risks posed by new legislation, regulations, agency opinions and rulings, and court decisions.
- M2
9 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers risks posed by business, political, or economic changes.
- M2
10 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers risks posed by internal factors such as changes to product lines, staffing, operating processes,…
Related
Other DOJ standards.
- DOJ41 citations
ST1166
DoJ Evaluation of Corporate Compliance Programs
- DOJ25 citations
ST1160
DoJ Evaluation of Corporate Compliance Programs
- DOJ24 citations
ST1154
DoJ Evaluation of Corporate Compliance Programs
- DOJ22 citations
ST0028
Evaluation of Corporate Compliance Programs
- DOJ22 citations
ST0535
Evaluation of Corporate Compliance Programs
Source & revisions
- First mapped
- Jun 8, 2022
- Last updated
- May 26, 2026 (15m ago)
- Source
- DoJ Evaluation of Corporate Compliance Programs