In the “Evaluation of Corporate Compliance Programs” issued by the DOJ’s Criminal Division earlier this month, risk assessment topped the list of expectations concerning effective compliance and ethics programs. Most companies claim that their compliance and ethics program addresses ethics, but according to attorney Jeffrey M. Kaplan the way the issue is addressed often amounts to window dressing. He suggests including true ethics questions in the process of risk assessment, starting with examinations of fairness and transparency in the organization. He also advises setting meaningful boundaries for the responsibility of the chief ethics and compliance officer. Those should specify areas of primary responsibility, such as conflicts of interest, and secondary responsibility, for example, insider training and workplace safety. Setting boundaries in the context of ethical concerns is risk-based, not a routine turf war. Be sure to include the C-Suite in the assessment because they create bigger risks than lower-level employees. This fact should be, but often is not, reflected in the design and implementation of the program.