Risk Assessments

Each government entity is responsible for establishing and monitoring its internal controls. An important part of establishing internal controls is identifying what assets need to be protected and what loss situations need to be prevented. Once this assessment of potential risks is completed, a government entity can set up internal controls to address those risks.


However, the government entity is not done there. This risk assessment needs to happen on an ongoing basis in connection with the internal control monitoring process. For more information, see our Avoiding Pitfall, “Monitoring Internal Controls”, which is available at:


Monitoring Internal Controls


For additional information on risk assessments, see the Office of the State Auditor’s Minnesota County Financial Accounting and Reporting Standards (COFARS), Sections 3120 and 3130, at:


Minnesota County Financial Accounting and Reporting Standards (COFARS)


In addition, a Guide to Risk Assessment and Control Activities is available for download from the website of Minnesota Management and Budget (MMB) at:



Date this Avoiding Pitfall was most recently published: 12/02/2016