Government procurement is exposed to the most diverse risks, such as deserted or failed bids, errors in the technical specification of the object to be acquired and inconsistencies in the market research. In view of this scenario, there is an imperative for the implementation of risk management practices in public procurement, in order to reduce exposure to risks and their consequences. Corroborating this perspective, this study aims to identify the sources of risks and the level of vulnerability existing in the processes of acquisition of goods and services within the scope of the State of Minas Gerais. An exploratory, qualitative research was carried out, which used focus groups to collect the data. The results indicate that most of the identified risks are generated from causes internal to public organizations and result mainly from three sources: (1) human failures, (2) the absence of clear and well-defined organizational processes and (3) inconsistencies in technology tools. The results also demonstrate that public organizations are the main holders of mitigation strategies to reduce the vulnerability found in the acquisition of goods and services
