Improving public sector governance requires strengthening internal control systems that are not merely compliance-oriented but also responsive to risk. The Government of Bogor City has issued Mayor Regulation Number 72 of 2022 as a guideline for risk management within the regional government, aiming to integrate risk management into the Government Internal Control System (SPIP). This study aims to evaluate the policy through a layered approach: first, by applying the Regulatory Impact Assessment (RIA) principles from the OECD to assess regulatory quality; second, by using ISO 31000:2018 as an analytical framework to evaluate the structure and processes of risk management. The research employs a qualitative evaluative method with content analysis of regulatory documents and SPIP instruments. Findings indicate that the regulation satisfies several structural and normative elements of risk governance, yet falls short in stakeholder engagement, use of evidence, and proportionality—according to OECD-RIA standards. From the ISO 31000 perspective, principles such as integration and structure are reflected in the policy; however, inclusiveness, dynamism, and continual improvement remain under-implemented. This study recommends strengthening participatory and adaptive aspects of the regulation, alongside refining SPIP evaluation instruments to better align with international standards. The findings contribute to the development of risk-based SPIP evaluation models grounded in global governance principles at the local government level.