Yesterday's updated guidance from the Justice Department speaks directly to the approach published last week, "Identifying Cross-Functional Risk in a Global Environment." 

It is impossible to implement effective controls without first properly identifying sources of risk.

"Companies that operate in multiple jurisdictions and possess complex structures, functions and processes across their value chain are challenged to sufficiently meet compliance requirements due to resource limitations, diverse processes and unwieldy organizational design. Controlling and mitigating risk is even harder when there hasn’t been proper identification of potential sources of risks across people, products and locations."