Enterprise-wide Risk Assessment Audit of NARA’s Internal Controls
Report Information
Recommendations
We recommend that the Chief Operating Officer\Chief Risk Officer develop, document, and implement a formal process to identify and prioritize risks within the organization. Risks should be tied directly to NARA’s strategic plan and mission and...
We recommend that the Chief Operating Officer\Chief Risk Officer develop, document, and implement a formal process to prioritize risk management activities including the use of limited resources based on key risks within the organization. Management’s...
We recommend that the Chief Operating Officer\Chief Risk Officer fully implement all components of NARA 160, including developing, documenting, and fully implementing NARA 162, NARA’s Enterprise Risk Management Program. Within NARA 162, roles and...
We recommend that the Chief Operating Officer\Chief Risk Officer fully implement all components of NARA 160, including Developing, documenting, and fully implementing NARA 163, NARA’s Issues Management.
We recommend that the Chief Operating Officer\Chief Risk Officer Provide additional resources to the Office of Accountability to ensure ICP activities are effectively carried out.
We recommend that the Chief Operating Officer\Chief Risk Officer develop and implement a formal process to review and evaluate the completeness and accuracy of ICP documentation submitted. Validation procedures should include a formal review: To ensure...
We recommend that the Chief Operating Officer\Chief Risk Officer develop and fully implement a formal ICP training program. NARA’s ICP training program should identify and require individuals who are involved with NARA’s ICP to complete initial training...