A risk assessment, at its core, is a hunt for areas of risk a company does not already know about. That hunt will be most effective if the risk assessors are familiar with the business, the search is narrowly scoped and key areas of risk are specially targeted. Once risks are found, they need to be evaluated, ranked and compared so a company knows how best to deploy resources. In the Anti-Corruption Report’s guide to risk assessments, we have explored the different types of assessment a company can undertake and identified whom to include in a risk assessment team and the techniques that team can use to make its assessment. In this third article in our series we identify where companies should be looking for risk and how they can rank those risks. See “The Anti-Corruption Report’s Guide to Risk Assessments: Types of Assessments” (Jun. 26, 2019) and “Techniques and Building a Team” (Aug. 7, 2019).