Your responses will be treated confidentially and there is no cost or obligation.
For each compliance criteria, please read the three descriptions and enter the Risk Rating (1 = Very Low Risk, 2 = Low Risk, 3 = Medium Risk, 4 =Considerable Risk, 5 = High Risk) that best describes the situation at your company or organization.
Stability of Customer Base
Low Risk - Stable, well-known customer base in a localized environment.Medium Risk - Customer base changing due to branching, merger or acquisition in the domestic market.High Risk - A large, fluctuating client base in an international environment.
1
2
3
4
5
High Risk Customers
Low Risk - Few high-risk customers.Medium Risk - A moderate number of high-risk customers.High Risk - A large number of high-risk customers.
1
2
3
4
5
Internet Sales
Low Risk - Little on no Internet sales.Medium Risk - Internet sales predicated on verification of customer bona fides and customer screening.High Risk - Wide array of Internet sales and services with insufficient verification.
1
2
3
4
5
Voluntary Disclosures
Low Risk - No history of voluntary disclosures or enforcement action. No evidence of apparent violation or circumstances that might lead to a violation.Medium Risk - A small number of voluntary disclosures resulting in warning letters or civil monetary penalties. Evidence that corrective action taken to implement safeguards that will minimize future noncompliant activity.High Risk - Multiple voluntary disclosures and/or enforcement actions resulting in administrative and/or criminal penalties. No evidence that measures in place to minimize future noncompliant activity.
1
2
3
4
5
Active Export Management System (EMS)
Low Risk - Management has implemented a compliance program that includes policies, procedures, controls, and information systems; documented the compliance program; and train employees on a regular basis regarding their compliance responsibilities. Medium Risk - Management has implemented a compliance program that addresses some but not all aspects of an effective compliance program; the program is not documented; employees are generally aware of their export compliance responsibilities.High Risk - Management has NOT implemented an export management and compliance program.
1
2
3
4
5
Risk Management Strategy
Low Risk - Management has fully assessed company's level of risk based on customer base, product lines, and supply chain management and implemented a formal export management and compliance programMedium Risk - Management exhibits a reasonable understanding of the key aspects of export compliance and its commitment is generally clear and has been communicated throughout the organization, but it may lack a compliance program to address that risk on a continuous basis. High Risk - Management does not understand, or has chosen to ignore, key aspects of export compliance risk. The importance of compliance is not emphasized or communicated throughout the organization
1
2
3
4
5
Export Control Training
Low Risk - Training is appropriate and effective based on the company's risk profile, covers applicable personnel, and provides necessary up-to-date information and resources to ensure compliance.Medium Risk - Training is conducted and management provides adequate resources given the risk profile of the organization but some areas are not covered within the training program and some personnel are not included in the communication chain for up-to-date information. High Risk - Training is sporadic and does not cover important regulatory and risk areas.
1
2
3
4
5
Compliance Authority & Accountability
Low Risk - Authority and accountability for compliance functions are clearly defined.Medium Risk - Authority and accountability are defined, but some refinements are needed. High Risk - Authority and accountability for compliance have not been clearly established.
1
2
3
4
5
Sufficient Staff Resources
Low Risk - Staffing levels are adequate to effectively implement a compliance program.Medium Risk - Staffing levels appear generally adequate, but some deficiencies are noted and there is no back-up capacitHigh Risk - Management has failed to provide appropriate staffing levels to handle compliance workload.
1
2
3
4
5
Quality Control in Supply Chain
Low Risk - Strong quality control methods are employed within the supply chain.Medium Risk - Limited quality control methods are employed within the supply chain.High Risk - No quality control methods are employed within the supply chain.
1
2
3
4
5
Regulatory Awareness
Low Risk - Export control regulatory requirements are fully understood by all key stakeholders in the company's export program.Medium Risk - Export control regulatory requirements are fully understood only by certain key stakeholders in the company's export program.High Risk - Company unaware of export control regulatory requirements.
1
2
3
4
5
Overall Awareness
Low Risk - Compliance considerations are incorporated into all export policies and procedures. Medium Risk - Compliance considerations are often overlooked but not in high-risk areas.High Risk - Compliance considerations are not incorporated into numerous areas of the organization, or do not adequately cover high-risk area
1
2
3
4
5
Risk Screening Procedures
Low Risk - Effective policies for screening transactions are in place and are utilized regularly.Medium Risk - Policies for screening transactions exist but are not followed and/or not properly aligned with the company’s level of risk.High Risk - Policies for screening transactions and new accounts do not exist.
1
2
3
4
5
Internal Notification Procedures
Low Risk - Compliance systems and controls effectively identify and appropriately report potential problems and violations.Medium Risk - Compliance systems and controls generally identify potential problems and violations, but the systems are not comprehensive or have some weaknesses that allow for inconsistent reporting. High Risk - Internal compliance systems and controls are ineffective in identifying and reporting problems and violations.
1
2
3
4
5
Regular Internal Audits
Low Risk - On a periodic basis, determined by the company's level of risk, all export and compliance processes are reviewed/audited by qualified company experts.Medium Risk - Export and compliance processes are reviewed by staff experts but not often enough based on the company's level of risk. High Risk - Export and compliance processes are not audited.
1
2
3
4
5
Adaptability to Change
Low Risk - Compliance systems and controls quickly adapt to changes regardless of how frequently or infrequently those changes occur.Medium Risk - Compliance systems and controls are generally adequate and adapt to changes.High Risk - Compliance systems and controls are not current and are inadequate to comply with and adapt to changes.
1
2
3
4
5
Remedial Actions
Low Risk - Problems and potential problems are quickly identified, and management promptly implements meaningful corrective action.Medium Risk - Problems are generally corrected in the normal course of business. Management is reasonably responsive when deficiencies are identified. High Risk - Errors and weaknesses are not self-identified. Management is dependent on regulatory findings or responds only when violations are cited or penalties assessed.
1
2
3
4
5
Independent Assessments
Low Risk - Independent testing of the company's compliance program effectiveness is in place. An independent audit function tests compliance with regard to systems and procedures.Medium Risk - Independent testing occurs on an infrequent basis. High Risk - Company has never had systems and procedures independently tested.
1
2
3
4
5
The profile is complete. Hit the Submit button and the results will be sent to you shortly.
