Whether your organization falls under HIPAA, FISMA or PCI DSS you need to do a risk assessment. Yes it's a good thing to do self-assessment but in order to prepare for a full compliance audit it's important to get an independent outside consultant to perform this critical assessment.
It's no secret that data breaches are on the rise, just look for the headlines that mention Target, eBay, JP Morgan Chase, Home Depot, etc. The 2014 Verizon PCI DSS report states that only 11% of companies were fully compliant. The JP Morgan breach was said to have been caused by an employee working from home, the VPN connection was then used to extract the data. We all know that for Target it was the HVAC vendor and a phishing email that started the extraction of millions of credit cards.