Next, I will review how to use the risk assessment you have performed as a tool to provide a structured approach to establishing effective internal controls. After preparation of the risk assessment, the next step is to prioritize the listing of the risks and which locations they are common. This begins by mapping existing internal controls to risks and then assess whether the internal controls are sufficient to mitigate the risks.