Many compliance practitioners are aware of the Johnson & Johnson (J&J) Deferred Prosecution Agreement (DPA), which contained “Enhanced Compliance Obligations” including those around mergers and acquisitions (M&A). While many have focused on the ‘safe harbors” of compliance training within 12 months and a full Foreign Corrupt Practices Act (FCPA) audit within 18 months, there are other requirements that the compliance practitioner needs to consider, in the compliance context, in the post-acquisition phase. Today we consider the post-acquisition risk assessment and note that the above quoted ancient adage holds true today, particularly in the area of risk assessment related to the integration of compliance in an acquisition. This issue was recently explored in the Houston Business Journal by Connie Barnba, in her Mergers & Acquisition column, in an article entitled “Risky details are the devil when marry business operations”.