Is this just another check-box checklist?

No. Unlike a passive to-do list, this is an active assessment framework. It provides a structured template for you to systematically review risks across your industry and locations, and includes global benchmark data to contextualize your findings. Ultimately, this organizational risk assessment helps you build (and maintain) a targeted training plan, then periodically check that training in use is sufficient for addressing business risks.

What’s the best way to use this checklist?

The best approach is to use this risk and compliance self-assessment as a guide for a cross-functional discussion. Bring together leaders from HR, legal and operations to identify gaps and create a unified training action plan, then use this checklist to assess its effectiveness.

What's the most common mistake when doing a risk assessment?

The most common mistake is treating it as a one-off task. To be effective, your risk management compliance checklist must be a living document aligned with any major change requirements in your ethics and compliance training plan. We recommend completing this compliance risk self-assessment at least annually – or whenever your organization undergoes a major change that affects your risks and what you need to train your people on.

Checklist

Your Essential Compliance Risk Assessment Checklist

An outdated training plan is a quiet liability. Use this checklist to stress-test your program, find hidden risks and identify specific gaps to build a more effective ethics and compliance training plan.

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply to the reCAPTCHA services. You can learn more about how NAVEX processes your personal data by reviewing the NAVEX privacy statement.

Available in

What you’ll get from this compliance risk assessment checklist

Pinpoint gaps

Uncover hidden vulnerabilities within your current training plan

Prioritize action

Focus resources and training on your most critical compliance risks

Strengthen culture

Build a proactive, risk-aware ethics and compliance culture

A risk and compliance self-assessment to keep your program on track

Having an ethics and compliance training plan is standard practice – but a plan on paper doesn’t guarantee it’s working in reality.

This risk and compliance self-assessment checklist is designed for compliance and HR leaders who need to move from simply having a training plan to proving its effectiveness and impact over time.

This compliance risk assessment checklist helps you to:

Assess risks across key business areas, including industry, location and third-party vendors
Contextualize internal trends using global reporting benchmarks provided
Evaluate internal drivers of risk, from leadership tone to data security protocols
Pinpoint specific ethics and compliance training needs to address vulnerabilities you uncover
Structure training plan conversations with a clear, repeatable compliance risk checklist

Get your checklist

More compliance assessment resources for you to explore

Ethics and Compliance Program Performance & Impact Assessment
Quickly that your compliance program works in practice and that you have a mechanism for the timely and thorough investigation of any allegations or suspicions of misconduct.
Get your performance assessment
The Most Important and Least Understood Component of an Effective GRC Program
This article, a chapter from the 2025 Top 10 Trends in Risk & Compliance, discusses the importance of risk assessment and most common challenges.
Learn more on the importance of a compliance risk assessment
12 Steps to Conduct an Ethics & Compliance Risk Assessment
A more effective ethics and compliance assessment starts with a better process. This guide gives you a 12-step framework and template to uncover your true risk profile, and build a program that drives meaningful change.
Get your ethics and compliance risk assessment guide
Assess Your Ethics, Risk, and Compliance Maturity
Evaluate your organization’s ethics, risk, and compliance program and associated activities from multiple perspectives.
Assess your maturity

Tips to get the most out of this compliance self-assessment

Is this just another check-box checklist?
No. Unlike a passive to-do list, this is an active assessment framework. It provides a structured template for you to systematically review risks across your industry and locations, and includes global benchmark data to contextualize your findings. Ultimately, this organizational risk assessment helps you build (and maintain) a targeted training plan, then periodically check that training in use is sufficient for addressing business risks.
What’s the best way to use this checklist?
The best approach is to use this risk and compliance self-assessment as a guide for a cross-functional discussion. Bring together leaders from HR, legal and operations to identify gaps and create a unified training action plan, then use this checklist to assess its effectiveness.
What's the most common mistake when doing a risk assessment?
The most common mistake is treating it as a one-off task. To be effective, your risk management compliance checklist must be a living document aligned with any major change requirements in your ethics and compliance training plan. We recommend completing this compliance risk self-assessment at least annually – or whenever your organization undergoes a major change that affects your risks and what you need to train your people on.

Stress-test your compliance program, find hidden risks and identify specific gaps to build a more effective training plan.