Does not explicitly state how Prada assesses risks, but on page 5 (the group adopted a qualified vendor list...the list is part of the controls...which calls for mitigating risks of non-compliance). Also, I think it is likely a no because the list is about the responsibilities of the suppliers not necessarily how the company assesses risks.