The OIG considers the following based on a risk analysis consistent with the standards prescribed by the Institute of Internal Auditors (IIA). The OIG considered the following criteria to determine the level of risk:
- Financial exposure
- Regulatory, safety and security compliance
- Audit history
- Image and reputation
- Maturity of process and management
- Information technology and cybersecurity
- Mission-critical operations
2025
2024
2023
2022
