The corporate sector has learnt some expensive lessons in recent decades on the costs of inadequate auditing systems to ensure compliance with the law — the Lockheed bribery scandal, thalidomide, Bhopal, Allied Chemical and Kepone, A. H. Robins and the Dalkon Shield, asbestos; and these are just the high-profile cases which generate newspaper headlines. The upshot of this realisation has been that many companies are now responding constructively with preventive law programmes which draw on the experience of managerial auditing. As Clinard found, unreasonable pressure on middle managers comes from the top, and most top managers have a fairly clear idea of how hard they can squeeze without creating a criminogenic organisation. Risk identification can be conducted at an ethereal mathematical level, but legal risk management typically requires the use of check-lists, systematic reviews of corporate operations, “what if” projections and other down-to-earth techniques of managerial control.