Compliance resources are finite and, for most companies, scarce. Wisely deploying a company’s people, time and money requires an understanding of what risks the company faces and where it faces them. But assessing risk can be a complicated and sprawling undertaking. In this article series, we take a close look at how to tackle this foundational step in building and maintaining a compliance program. This first article looks at the DOJ’s new guidance on risk assessments in its Evaluation of Corporate Compliance Programs, and also discusses the different types of assessments a company could undertake. Future articles will look at who should be involved in the process, sources of information, techniques and pitfalls. See “A Conversation With Jeff Johnson of Cargill About Risk Assessments” (Mar. 29, 2017).