In all organisations, public and private, it is essential to systematically and effectively manage product and service quality, information security and occupational health and safety, just to mention some key areas of management. With regard to compliance management, the single most important legal risk to many organisations remains corruption, be it on the supply side or the demand side of corruption. According to the World Bank, around US$1 trillion is paid each year in bribes, causing and cementing poverty and depriving countries and their citizens of development and prosperity. Still, when it comes to managing risk and compliance, and in particular combatting bribery, most organisations do not yet appear to follow a transparent standards-based approach, preferring rather to mix and match outdated bits and pieces of anti-corruption practices instead: governmental and enforcement agency compliance guidelines are mixed with topical guidelines issued by trade or political organisations and then matched to the organisation’s own management concepts. The final product is then often spiced up using ‘home-made’ ingredients, such as flawed and incomplete third-party due diligence data bases. The result is that most organisations that manage risks and compliance continue to apply management practices that are couched in undefined terms and are based on discretionary principles and approaches, priorities and instruments. These home-made programmes are therefore often completely non-transparent and de facto non-auditable.