Describe a time you identified a compliance risk or control gap in a previous role. How did you document and resolve it?