ABSTRACT
The success of a compliance program lies in a profound analysis of the internal root causes of risks. To do that it is necessary to carry out an exhaustive investigation. The risk assessment is an effective process used to identify, analyze, evaluate, and prioritize the risks faced by an organization, which allows having a holistic view of them, and to attack their causes. To mitigate risks, for example, training activities are carried out, policies and procedures are created, audits are carried out, new technologies are adopted to improve controls, certain lines of products are discontinued, activity is suspended in some regions and countries and certain suppliers or partners. A risk matrix shows a quadrant in which the risks must be located taking into account their likelihood of occurrence and potential impact. The most critical risks should be included in the upper right quadrant.
