To be aware of and respond effectively to circumstances that could significantly delay or halt the program, the Authority needs to be involved in the development and implementation of the Program Manager's risk-management plan and ensure that Authority staff have roles and responsibilities defined in the plan, such as identifying and mitigating risks in the risk register.
The Authority stated that the new risk management program includes four general types of risk management workshops and meetings that involve Authority staff. The first type of risk management meeting serves to regularly update the risk register, identify new risks, perform qualitative risk analysis, and coordinate and track risk responses—this includes a review of all program and project risks. In addition, the Authority stated that its risk manager is assessing the current risk meeting process and will be making recommendations for enhancements that will be implemented under the Authority's updated risk management plan. (See 2013-406, p. 247)
†Response Type refers to the interval in which the auditee is providing the State Auditor with their status in implementing recommendations made in an audit report. Auditees must submit a response regarding their progress in implementing recommendations from our reports at three intervals from the release of the report: 60 days, six months, and one year or subsequent to one year.
*Agency responses received after June 2013 are posted verbatim.