As the recent joint DOJ/SEC FCPA Resource Guide makes clear, for a company to earn meaningful credit with the government in an anti-corruption investigation, its compliance program must not only be robust, but also periodically reviewed and improved. However, neither the Guide nor any other government resource provides specific direction on the appropriate frequency or depth of reviews. In lieu of specific authority, companies typically turn to best practices and industry norms when deciding how frequently to review and update their compliance programs. Best practices, though, can be hard to discern and difficult to apply. Recognizing the challenge and importance of actionable information on this topic, the Anti-Corruption Report is publishing a series of three articles on best practices for reviewing anti-corruption compliance programs. This article, the second in the series, discusses the chief obstacles companies face when conducting a review; provides strategies for creating management buy-in; describes four steps a company should take when preparing for a review; and outlines what risk areas the review should address. The first article in the series discussed the importance of regular anti-corruption compliance reviews; detailed the government’s expectations for reviews; outlined how to create an efficient and effective compliance review schedule; and specified how companies should staff their compliance reviews. See “Best Practices for Reviewing Anti-Corruption Compliance Programs: Government Expectations, Scheduling and Staffing (Part One of Three)” (Aug. 7, 2013). The third and final article in the series will provide strategies for conducting the actual review; discuss what a company should do post-review; outline issues surrounding documentation of the review; and examine how FCPA settlement agreements affect reviews.