This study aimed to develop an internal control model for the Iranian Social Security Organization with a risk management approach. This exploratory study is applied in terms of objective, and the statistical population comprised 340 employees in the financial department of the Iranian Social Security Organization. The data was collected using interviews and questionnaires, and the hypotheses were tested with inferential statistics and structural equation tests. The results showed that the internal control factors of the Iranian Social Security Organization include the income bank system, the legal obligations system, compensation, the financial bookkeeping system, the movable and immovable property system, the financial management system, and check issuance requirements. The results also showed that the factors affecting internal controls are among the factors influencing risk management. Considering the extent of branches, dimensions, various services including (retirement, disability) and the size and volume of financial operations, as well as the very high budget of the Social Security Organization (for example, in 1400, the budget of the Social Security Organization is 500 thousand billion Rials), there are many factors on the controls Empty and effective risk management. The most important factor affecting the efficacy of the Social Security Organization’s internal controls is the financial bookkeeping system, Payroll system And Legal requirements for issuing checks.