For years, companies have been pouring money into people, processes, and technology that can help them manage risk. Most have done a great job of containing their financial reporting and compliance risks. They may have streamlined or automated their internal controls. They might feel they have protected the business because they have completed a checklist of adherence to regulatory requirements.