Sign In
  • Question

    1. Should Procurement even be doing risk assessment for internal audit? 2. Is there anything available that discusses policies, procedures and practices for performing a risk assessment to delineate which cost reimbursable contracts should be audited? 3. Is there a risk assessment module to use to perform a risk assessment? Thanks.


    Your overarching question relates a to management decision to conduct internal organizational assessments. That question is properly directed toward your leadership.

    To understand the basics of performing risk assessments the general DoD guidance is found at  You may find it useful in developing your localized procedures. 

    Additionally, the GAO reviewed a variety of audits surrounding cost reimbursement contracts and their conclusions (and a wealth of references) are available at

    Finally, there is nothing stopping you from sitting down with your Internal Audit group to explore the parameters of their audit or the particular contracts of interest.

    Open full Question Details