SAN JUAN BAUTISTA PRIVATE UNIVERSITY

FACULTY OF COMMUNICATION AND ADMINISTRATIVE SCIENCES

ACCOUNTING PROGRAM

RESEARCH WORK
Internal controls against mistakes and theft
STUDENTS

ICA - PERÚ
2021
 DEDICATION

This present work is dedicated to

my parents for having forged me
with good feelings, habits and
values, which has helped me to
always get ahead.
index
DEDICATION.............................................................................................................................2

Introduction.................................................................................................................................4

CONTROL AND SURVEILLANCE PROCEDURES.............................................................................8

Internal control in companies against theft and errors............................................................11

Structure of internal controls................................................................................................13

1.The control environment................................................................................................13

Conclusion.................................................................................................................................19

Bibliographic references............................................................................................................20
 Introduction
All types of business companies should have this internal control system, to
safeguard the entity's information. Each company must create the item
according to the plan of the entity, the distribution of work that implies the
adequate separation of responsibilities and functions, in which the decisions
that management makes in relation to maintaining them at all levels of the
company. in the following A comprehensive fraud risk management program
should start with an assessment of what these risks are in the organization and
qualify them according to the probability of occurrence and the magnitude of the
impact. The process has to be adequate and designed for each organization.
The risk exposure of Financial Institutions has intensified considerably, as a
consequence of the significant increase in the volume of operations and the
wide variety of services they provide. Risk is inherent to the financial business,
so it is essential that Financial Institutions have adequate internal control
systems. In addition, information and communication systems are essential for
internal and external communication and collaboration in the company. They
allow employees to share information and knowledge, collaborate on projects,
coordinate activities, and communicate with customers and suppliers. Effective
communication and collaboration are key to a successful business, and
information and communication systems provide the tools necessary to achieve
these goals. The proposed internal control procedures consist of monitoring,
surveillance and verification of the acts and results of the department, in
attention to the degree
efficiency, effectiveness, transparency and economy in the use and destination
of resources and
assets of the Institution, as well as compliance with the rules, evaluating the
systems
of administration, management and control, with the purpose of its improvement
through the
adoption of pertinent preventive and corrective actions.
Risk assessment
Mitigating the risk of being a victim of fraud requires a system of activities and
controls that, as a whole, reduce the probability of fraud and misconduct, but
that, at the same time, maximize the possibility of detecting them, before they
mean a significant economic loss.
All companies are susceptible to some type of fraud, since when there is
collusion and intention, it is difficult to detect and stop it. Despite this, it has
been seen that this risk is substantially mitigated when companies have a
comprehensive program that allows combining mechanisms of cultural change
with internal controls in business processes.
An adequate risk management system must be based on a solid corporate
governance structure. Everyone in the organization plays an important role in
the oversight and monitoring process, both the Board of Directors and the Audit
Committee, management and internal auditors.
A comprehensive fraud risk management program should begin with assessing
what these risks are in the organization, and rating them by the likelihood of
occurrence and magnitude of impact. The process has to be suitable and
designed for each organization, since there is no common inventory or menu of
fraud risks, from which you can choose what applies to you. Therefore, it is
recommended to consider, both the external factors that create fraud risks:
product substitutes, changes in the industry and in the economy, change in
legislation, needs and expectations of customers, etc.; such as internal factors:
incentives and pressures on employees, low morale, new systems, new
products, staff turnover
A common example in fraud investigations is the receipt of materials. For
example, a signature on the invoice is sufficient, and it is common to hear the
argument that: it is the signature of the operations manager. But, no one checks
whether the operations manager authorizes the purchase of an African elephant
for an operation that manufactures nuts, so the specific control of the
authorization firm has already lost value.
Controls, as an effective anonymous reporting mechanism, reduce the risk of
fraud by up to 50%, according to statistics from the Association of Certified
Fraud Examiners (ACFE), whose function is twofold, since on the one hand it
helps to detect problems perceived by employees and, on the other, It deters
the potential perpetrator as he can be reported.
Consideration of segregation of duties in the design and implementation of all
controls and mechanisms to prevent, deter and detect fraud will help mitigate
risk to a minimum.

The emphasis of effective and responsible management of companies must be

placed on the deterrence of crimes or improper conduct. The investigation of
fraud, abuse and error should not be the primary interest of the top
management of companies, as it is a reactive rather than proactive position. Its
main interest should be aimed at strengthening effective corporate governance,
based on a risk control system, which prevents the abuse of trust and
decreases the likelihood of error and deception.

Organizations need to stop seeing internal control as a long list of unrelated

"locks" that create the perception of overregulation or bureaucracy, but as a
complement to a cultural change, that is, a combination of the necessary
controls or locks, according to the risks, participation and tone of management
on ethical and value issues.

The permanence of societies and their successful management increasingly

depend on the creative capacity to anticipate threats, face them and adapt as
best as possible to a reality that demands the use of improved decision-making
and execution capabilities.

The risk assessment and management process thus becomes a priority point to
be addressed within the agendas of most companies, in order to achieve
adequate alignment between the fulfillment of institutional objectives and the
dangers, contingencies and insecurities prevailing in the environment.

The creation and implementation of comprehensive risk management models is

a fundamental issue for the practice of public accounting and in particular for
the tasks of internal control and internal audit in companies, whether public or
private.
Risk assessment is defined as a dynamic and interactive process specifically
aimed at identifying and managing them, with the guiding axis of guaranteeing
the achievement of the objectives defined and agreed for the company within
the Board of Directors.
The risk assessment component is composed of four principles and 24 points of
interest, the latter being those that show in detail the main characteristics that
distinguish, in practice, each principle. Within this set of COSO
recommendations we cannot fail to mention the fraud risk assessment that
deals in detail with how to protect against fraudulent information, loss of assets,
cases of corruption, as well as incentives and pressures to commit irregular
behavior.
The exposure to risk of Financial Institutions has intensified considerably, as a
result of the significant increase in the volume of operations and the wide
variety of services they provide. Risk is inherent to the financial business, which
is why it is essential that Financial Institutions have adequate internal control
systems. A formal internal control system must be established, whose main
concern is oriented to the efficient management of risks associated with
business, in direct accordance with the strategic business objectives. In case of
dispensing with this type of system, it could put at risk not only the continuity of
the organization, but also the balance and development of the sector in which it
is inserted.
Risk assessment is a process focused on estimating the impact of those risks
that may affect the normal exercise of an entity, collecting the necessary
information so that the organization can make an adequate decision on the
need to adopt preventive measures.
In this regard, it should be noted that the existence of a general risk
management policy is necessary, which must be established and known by all
participants in the process, especially by management levels. The responsibility
for risk management lies exclusively with the senior management of Banking
Institutions, so it is necessary to develop adequate systems that identify,
measure, control and monitor the financial and non-financial risks inherent to
their activities, all according to their size and complexity of the activities they
carry out.
In recent years, companies have been highly focused on risk management,
going so far as to ensure that there is a need for a stronger framework that
identifies, determines and effectively manages risks. The period of development
of this structure was marked by a series of scandals and high-profile financial
failures, where investors, staff of the organizations and other supporters
suffered gigantic losses. After these misfortunes, important government
corporations were summoned in relation to risk management, with new policies,
regulations and standards. The need for an operational risk framework in the
company, which delivered fundamental keys and concepts, a common
language, direction and clear guidance, became increasingly essential.
 CONTROL AND SURVEILLANCE PROCEDURES
Organizations face a series of risks that can jeopardize the fulfillment of their
strategic objectives, and even generate a great negative impact on their
different interest groups. Through Internal Control, a structured scheme can be
established, which helps senior management to keep them focused on the
pursuit of their operational and financial objectives, while the company operates
reasonably, minimizing surprises.
Internal Control is a process that must be executed by the board of directors,
management, and staff, that is, by the entire company. It is designed primarily
to provide reasonable assurance about the entity's operational reporting and
compliance objectives.
The risks are increasing for a company with control problems in the
handling of your information, it has been feasible to develop a solution to the
problem.
which deals with an internal administrative and financial control procedure,
This solution delivers results that benefit the institution, where Managers
can be part of a continuous improvement for the development of the institution.

The proposed internal control procedures consist of monitoring, surveillance

and verification of the acts and results of the department, in attention to the
degree efficiency, effectiveness, transparency and economy in the use and
destination of resources and assets of the Institution, as well as compliance with
the rules, evaluating the systems of administration, management and control,
with the purpose of its improvement through the adoption of pertinent preventive
and corrective actions.

Internal control is a process executed by an entity's board of directors,

management and all personnel, designed to provide reasonable assurance
regarding the achievement of objectives in the following areas:
• Effectiveness and efficiency in operations.
• Reliability in financial information.
• Compliance with applicable laws and regulations.
Internal control includes the organizational plan and the set of methods and
measures adopted within an entity to safeguard its resources, verify the
accuracy and veracity of its financial and administrative information, promote
efficiency in operations, stimulate the observation of policies prescribed and
achieve compliance with the goals and objectives programmed.
Procedures to maintain good internal control:
1. Delimitation of responsibilities.
2. Delimitation of general and specific authorizations.
3. Segregation of functions of an incompatible nature.
4. Healthy practices in the development of the exercise.
5. Division of processing of each transaction.
6. Selection of suitable, skillful, capable and moral officials.
7. Rotation of duties.
8. Policies.
9. Written instructions.
10. Control accounts.
11. Evaluation of computerized systems.
12. Prenumbered documents.
13. Avoid using cash.
14. Minimal use of bank accounts.
15. Immediate and intact deposits of funds.
16. Order and cleanliness.
17. Identification of key control points in each activity, process or cycle.
18. Control charts.
19. Frequent physical inspections and inventories.
20. Update of security measures.
21. Proper recording of all information.
22. Preservation of documents.
23. Use of indicators.
24. Self-control practices.
25. Defining clear goals and objectives.
26. Let staff know why you do things.
Some internal control procedures in a company:
1. Periodic cash counts to verify that the transactions made are correct.
2. Employee attendance control.
3. When acquiring responsibility with third parties, these are made only by
authorized persons, also having a logical foundation.
4. Define functions and responsibilities in all levels of the entity.
5. Make a physical count of the assets that actually exist in the company and
compare them with those that are registered in the accounting books.
6. Analyze whether the people who do the work inside and outside the company
are adequate and are doing it effectively.
7. Have a numbering of accounting receipts consecutively and easy to use for
the people in charge of obtaining information from them.
8. Control the access of unauthorized persons to the different departments of
the company.
9. Verify that all tax, fiscal and civil regulations are being complied with.
10. Analyze whether the financial returns and investments made are giving the
expected results
There are many more and varied internal control procedures that can be applied
to the company, since each one implements those that best suit the activity it
develops and provide the greatest benefit.
 Internal control in companies against theft and errors.
One way to have a great defense against financial failures that can arise in
business, also as an important driver of the entity's performance, is to have an
effective internal control system in your operations, which manages the risks
that may occur in the company, allows the creation and conservation of value.
The most relevant and successful entities know how to take advantage of
opportunities and counter threats, in large case, through the effective
application of internal controls and thus improve their performance. Internal
control becomes a very important part of an entity's overall governance system
and the ability to manage risk, which is understood, modified, and actively
supervised by the entity's body, management, and other personnel to take
advantage of opportunities and counter threats so that the company can
achieve its objectives smoothly and effectively. Accounting professionals in
companies in a large part of the world are involved in the design,
implementation, operation, monitoring, evaluation and improvement of the
internal control system of the entity in which they operate. Well, the concept of
what internal control means is understood as a set of procedures that are
necessary for the company to control its risks, which through this mechanism
seeks to avoid dangers such as fraud, embezzlement, loss of the company's
assets, breaches of legal regulations, among more. A good internal control
implemented makes the company's processes more efficient, but they must be
appropriate to the entity's operations, so that in this way it can achieve optimal
financial, operational and administrative management to meet its objectives. All
types of business companies should have this system, to safeguard the
information of the entity. Each company must create the item according to the
plan of the entity, the distribution of work that implies the adequate separation of
responsibilities and functions, finally the decisions that management makes in
relation to maintaining them at all levels of the company. The internal control
system must be approved by management. This must convey to the staff the
importance of it and ensure its operation. It will depend on the good
communication carried out by management on the subject, so that the controls
are carried out properly and last over time. That is why it is of vital and utmost
importance to have internal control in your operations, which allows the entity to
capitalize on opportunities, while reducing threats, being able to save a lot of
preparation time for the company, as well as costs, first and foremost. the
creation and conservation of value; Creating many more advantages to the
entity that uses internal control, such as competitive effectiveness, because a
company with effective control can assume additional risk. Some companies
only focus on certain types of operations in their entity, whether relative to the
size of the company, since they only decided to focus on activities that they
considered of value only, since many companies that took these actions had
certain problems, such as , some of the companies only designated in the
financial information, which are of important relevance for the company, but
even so, the risks that the entities had were not so much in that activity but in
other of them that included operations and external circumstances. For this
reason, the entity must have a broader vision of internal controls, covering both
internal and external operations, taking into account that companies are often
attacked or affected by many variables that are outside the direct control of the
entity. Effective risk management and internal control must be an essential part
of good governance operations at all levels of activities carried out by the
company. More recently, in many entities, risk management guidance is
generally isolated from internal control guidance. A first step to be able to
strengthen these areas is to make a single set of them, that is to say that they
do not work separately, that they are included, thus helping to increase the
general understanding that both management and controls Internals are integral
parts of an effective government. Although despite the stocks on the
orientations of a more solid internal control, it is common that, during the
application of these, it may happen that such orientations have failures or are
inefficient and inoperative. For this reason, there are principles that must be
taken into account when implementing internal controls. Such that they
represent good practices to evaluate and improve the internal control systems
of the company, these principles are made to facilitate only the evaluation and
improvement of the internal control systems, where a series of areas in which
the applications are often highlighted. companies fail. For example, some of
these principles are, to support the objectives of the company, in which internal
control must be used to support the entity to achieve the expected objectives
through risk management, while complying with the regulations. and
organization policies; Determining functions and responsibilities, the entity must
be in charge of determining the activities, responsibilities and functions with
respect to internal control, including the direction of all levels, employees,
internal and external assurance providers, as well as coordinating the
collaboration between the participants; Promote a motivational culture, the
company must be in charge of motivating its members to act in line with the
internal control strategy established by the entity, so that in this way the
objectives can be achieved; Provide transparency and accountability, the
government body, together with management, must be in charge of periodically
informing the interested parties of the organization's risk profile, as well as the
structure and operation of the organization's internal control system; And to
ensure sufficient competencies, the members that make up the entity must be
sufficiently qualified to fulfill the responsibilities of internal control which is
associated with their functions.

Structure of internal controls.

After having seen some principles that can help to have a good internal control,
now the part that makes up one will be seen, its structure, they define the
structure of internal control of an entity as that which consists of the established
policies and procedures to provide reasonable assurance of achieving the
entity's specific objectives. Said structure consists of the following elements:

1.The control environment. It includes a series of risk factors present in the

company and that manage to define certain parameters, both specific and tacit,
for the operation of the internal control system. Such factors include formal
aspects, such as the company's organizational structure, human resource
management policies, and hierarchical, authority, and responsibility
relationships. And the informal ones, such as integrity, the values of all the
members of the company, as well as the administrative philosophy and the type
of management that is applied in the company, by the hierarchs and the
subordinates that constitute it. Managers and subordinates or the rest of the
staff establish and maintain the control environment factors, which can be
exhaustively and gradually adjusted or through identification, formative, gradual
and progressive modeling. Being a task in which all institutional levels will
intervene, with different roles, and with a depth with respect to their degree of
authority and responsibility with respect to the internal control system in the
company. The factors of the internal control environment allow to provide the
development of positive attitudes and to support the internal control system,
thus being able to achieve a scrupulous administration. In this way they get the
way of organization and be able to influence the awareness that the staff has
about internal control and its relevance when it comes to achieving the main
objectives that the company seeks. All these factors must serve as a foundation
for the successful operation of the other components and of the system as a
single or a whole of activities. In effect, the control environment is considered
the base of the system and the foundation of the other components that the
internal control structure has in companies, because it imports the orientations
and the structure by virtue of its relationship with the attitudes, the actions,
values, competencies, and other functions according to the levels of work of the
company, as well as the means that carry out the activities. For this reason, it is
shown in the lower level of the internal control structure and it is insisted on
being able to strengthen this point constantly and permanently, estimating that
the stronger the values, commitment, aptitude, and other characteristics of the
entity, of the structure and that of the personnel, the stronger, more consistent
and systemic will be the other components of the system, together with their
interactions, without prejudice to the attention that the active administration
must pay to each one of them. But for this control environment to work, it is also
necessary for it to have different elements that facilitate it. For example, the first
of them is the philosophy of administration, where every entity must have a
uniform philosophy for risk management, it has to do with the assignment of
responsibilities that facilitate the fulfillment of the objectives and the company
mission, such as it must also establish whether adequate risk management is
prioritized over the search for profitability; the second risk appetite, the company
must determine if it is willing to expose a high risk to achieve its objectives, or if
it is contrary to it, before planning an activity the entity must evaluate the
scenario in order to carry out adequate management; the third is the integrity of
ethical values, in this the company determines the ethical values and behaviors
that allow the consistency of internal control, in this sense the entity must
ensure that all values are binding, that is, that it reaches all levels and Areas of
the company; The fourth is the organizational structure, it being essential that
 every company have an established structure with clearly defined
responsibilities. Therefore, it must have a board of directors, managers, an audit
committee, a compliance officer, and specialized units that support
management. The fifth is human resource standards, being able to establish
practices for hiring, orientation, education, training and compensation is a
fundamental process of the internal control environment, in this way the entity
must determine the rules that will be used when breaches of the rules by of its
members; and, finally, the sixth, which is the assignment of authority and
responsibility, the people who belong to the organization must be authorized to
carry out their tasks. For this reason, hierarchical levels are essential to decide
and supervise. Thus, the powers for decision-making will be centralized and
decentralized.

Information and communication systems

Information and communication systems are of vital importance today due to the
increasing reliance of companies on technology and information. With the advancement of
technology and globalization of markets, companies face greater competition and a more
complex and dynamic business environment. To survive and thrive in this environment,
companies need to have effective information and communication systems that allow them
to efficiently manage their data, communicate effectively, and collaborate with other
companies and stakeholders.

Information and communication systems are essential for a company's management and
decision-making. They allow managers and leaders to access real-time information,
analyze data, identify trends and opportunities, and make informed and accurate
decisions. Information and communication systems also improve efficiency and
productivity by automating processes, minimizing errors, and reducing wait times.

Additionally, information and communication systems are fundamental for internal and
external communication and collaboration within the company. They allow employees to
share information and knowledge, collaborate on projects, coordinate activities, and
communicate with customers and suppliers. Effective communication and collaboration are
key to a successful company, and information and communication systems provide the
necessary tools to achieve these goals.
Today, there are various information and communication technologies (ICTs) that can be
implemented in a company. Some of the most common include:

- Enterprise Resource Planning (ERP) software: This type of software allows the
integration of various areas of the company, such as finance, human resources,
purchasing, and sales, into one system. This facilitates data management and analysis
and enables better decision-making.
- Customer Relationship Management (CRM) systems: These systems allow for more
effective management of customer relationships, which in turn improves customer
satisfaction and loyalty.
- Online collaboration and communication tools: Online collaboration and communication
tools, such as email, instant messaging, and video conferencing platforms, allow for
more effective and efficient communication among members of the company, as well
as with customers and suppliers.
- Content Management Systems (CMS): Content Management Systems allow for the
management of online content, such as websites and social media. These systems
facilitate the creation, publication, and updating of content and allow for better
interaction with customers and followers.

The implementation of information and communication systems can significantly contribute

to the growth and sustainability of a company. These systems allow for more effective
management of data and information, which improves decision-making and efficiency.
Additionally, communication systems allow for better internal and external communication
within the company, which improves collaboration and customer satisfaction. It is important
to note that choosing the right systems should be a strategic and careful decision, taking
into consideration the specific needs of the company and the available budget.

In addition to the technologies mentioned above, there are other information and
communication systems and tools that can be implemented in a company, depending on
its needs and objectives. Some of these systems include:

- Supply Chain Management (SCM) systems: Supply Chain Management systems allow
for the effective integration and management of supply chain operations, including
purchasing, production, and logistics. This allows for greater efficiency and cost
reduction.
- Big Data analysis systems: Big Data analysis systems allow for the collection,
processing, and analysis of large amounts of data, which can help the company identify
trends, opportunities, and challenges. This, in turn, contributes to more informed and
accurate decision-making.
- Project management systems: Project management systems allow for more effective
management of projects, including planning, task assignment, resource and time
tracking, and control. This allows for greater efficiency and achievement of project
goals.
- Human Resource Management (HRM) systems: Human Resource Management
systems allow for the effective management of the company's human resources,
including recruitment, selection, training, and evaluation of personnel. This allows for
greater efficiency and employee satisfaction, which in turn contributes to greater
productivity.

It is important to emphasize that the implementation of information and communication

systems not only involves the acquisition of technology, but also the training and cultural
change of the company. Training personnel in the use of systems and promoting a culture
of innovation and collaboration are key elements for success in implementing these
systems.

In summary, the importance of information and communication systems lies in their ability
to improve management and decision-making in a company, increase efficiency and
productivity, and improve internal and external communication and collaboration. As a
result, information and communication systems are essential for the competitiveness and
success of any company today. Choosing the right systems should be a strategic and
careful decision, considering the specific needs of the company and the available budget.

Information and communication systems can face different types of errors, from software
errors to hardware or human errors. Therefore, the operation of these systems against
errors depends on the type of error and the measures that have been implemented to
prevent or correct them.

In general, information and communication systems are designed to be as resilient as

possible to errors and to minimize their impact on system performance. In this sense,
different measures can be implemented to prevent or correct errors, such as:
- Backups and redundancy: Information and communication systems can make regular
backups of information and have backup copies in different locations to minimize data
loss in case of errors or failures.
- Testing and monitoring: Before putting a system into production, exhaustive tests are
carried out to detect and correct errors. In addition, real-time monitoring can be
implemented to detect errors and take quick measures to correct them.
- Updates and patches: Software and hardware manufacturers usually issue updates
and patches to correct errors and improve system performance.
- Training and security protocols: Human errors can be a common source of problems in
information and communication systems, so it is important to train personnel in the
correct use of systems and establish security protocols to prevent errors.

Information and communication systems are designed to be resilient to errors and

minimize their impact on system performance. However, it is important to implement
measures to prevent and correct errors to ensure
 Conclusion
the factors of the internal control environment allow to provide the development
of positive attitudes and to support the internal control system, thus being able
to achieve a scrupulous administration. Therefore, it must have a board of
directors, managers, an audit committee, a compliance officer, and specialized
units that support management. Based on your risk assessments

Mitigating the risk of being a victim of fraud requires a system of activities and
controls that, taken together, reduce the probability of fraud and misconduct,
but, at the same time, maximize the possibility of detecting them, before they
have a significant impact. . economic loss.

All companies are susceptible to some type of fraud, since when there is
collusion and intention it is difficult to detect and stop it. Information and
communication systems are of vital importance today due to the growing
dependence of companies on technology and information. With the
advancement of technology and the globalization of markets, companies face
greater competition and a more complex and dynamic business environment
are essential for the management and decision-making of a company. Allow
company managers and leaders to access information in real time, analyze
data, identify trends and opportunities, and make informed and correct
decisions. Through Internal Control, a structured scheme can be established,
which allows to help high management to keep them focused on the pursuit of
their objectives
 Bibliographic references
Author: Beatriz Lorena Rodríguez Montenegro, Introduction To The Systems Of Information And
Communications:

http://virtualnet2.umb.edu.co/virtualnet/archivos/open.php/133/modulo1/pdf/tecinfcom.pdf

Author: Consuelo Belloch Ortí, INFORMATION TECHNOLOGIES AND COMMUNICATION (T.I.C.):

https://www.uv.es/~bellochc/pdf/pwtic1.pdf

Author: Rosella Urdanegui. From UPC, Professor of Introduction to Accounting Management of Accounting
and Administration Faculty of Business. Source: file:///C:/Users/usuario/Downloads/911-Texto%20del
%20art%C3%ADculo-4173-1-10-20190405.pdf

Authors: International Federation of Accountants, IFAC. Date: February 2016. Source:

https://www.ifac.org/_flysystem/azure-private/publications/files/Evaluar-y-mejorar-el-control-interno-en-
las-organizaciones.pdf

Author: Judith Yadhyra Galván Rodríguez. Edition date: January 3, 2020. Source:
https://www.auditool.org/blog/fraude/control-interno-impor-tancia-en-la-prevencion-de-fraudes

Authors: Grace Madrigal Castro, Jorge Suárez Esquivel. Source:

https://www.pgr.go.cr/wp-content/uploads/2017/04/Ambiente-de-control_teoria.pdf

Author: Juan Pablo Calle. Publication date: October 06, 2022. Source:
https://www.piranirisk.com/es/blog/que-elementos-debe-tener-un-ambiente-interno-de-control?
utm_term=&utm_campaign=Matriz+de+Riesgos+-+General+-
+Julio+2022&utm_source=adwords&utm_medium=ppc&hsa_acc=9508207643&hsa_cam=17802451156&h
sa_grp=138377008319&hsa_ad=611541611264&hsa_src=g&hsa_tgt=dsa19959388920&hsa_kw=&hsa_mt=
&hsa_net=adwords&hsa_ver=3&gclid=CjwKCAjw__ihBhADEiwAXEazJiwNU58NBtzbtDe8xUrixLxPdpZAdeU5
HWhvhOA6ifI1h2vhAzmYVxoCwrYQAvD_BwE

Auditionorl.03 January,2020. Internal Control, importance in fraud prevention.

https://www.auditool.org/blog/fraude/control-interno-impor-tancia-en-la-prevencion-de-fraudes

Auditionorl.05 April,2016. Internal control and risk assessment” Risk assessment is a dynamic and
interactive process aimed at identifying and managing risks to ensure the achievement of objectives"
https://www.auditool.org/blog/control-interno/el-control-interno-y-la-evaluacion-de-riesgos

Thesis .universidad de chile.2005. Seminar on Management Methods and Risk Assessment

https://repositorio.uchile.cl/tesis/uchile/2005/garcia_j2/sources/garcia_j2.pdf