The risk assessment process is part of internal controls. It should include supply chain and additional risk assessments from third parties. If you expect additional resources on anti-fraud security, navigate to this website.