The Official Website of the Comptroller of the Commonwealth (CTR)

Risk Management

The Statewide Risk Management Team (SRMT) uses data analytics to identify risks in the business activities for which the Office of the Comptroller (CTR) has oversight, recommends mitigating controls for such risks, and ultimately protects against fraud, waste and abuse. SRMT also works with departments to ensure Comptroller regulations, policies and procedures are followed for Commonwealth fiscal, business and administrative enterprises. SRMT has six areas of responsibilities:

(1) Risk Mitigation, (2) Internal Control guidance, review and assistance, (3) Statewide and Single Audit Coordination, (4) CTR Internal Audit, (5) Enterprise System Security Administration, and (6) Departmental Quality Assurance Reviews.

  • Risk Management Reviews

    Risk Management Reviews are comprehensive - encompassing all fiscal transactions and CTR business areas. The program has two components - Departmental Risk Management Review and Issue-Specific Review.
  • Internal Controls

    Under Chapter 647 of the Acts of 1989, the Comptroller is responsible for developing internal control guidelines for Commonwealth departments.

  • Audit Coordination

    The Risk Management Team's  audit coordination responsibilities include tracking the activities of various auditing entities, monitoring potential auditor independence issues and following up on findings. The most significant of these outside reviews is the Commonwealth's Statewide Single Audit (SSA). The SSA is an annual comprehensive review, by fiscal year, of the Commonwealth's strengths and weaknesses in the areas of internal controls and compliance with federal grant regulations. The Office of the Comptroller procures audit services for, and directs the operation of, the SSA. As part of its coordination responsibilities, the Risk Management Team represents the Comptroller at Single Audit entrance and exit conference meetings with departments. Departments that receive notice of a program or other department-specific audit, other than the SSA, should in turn notify the Risk Management Team of same.

    Audit Policies

  • Comptroller Internal Audit

    The Risk Management Team reviews the internal operations of the Comptroller business areas. These reviews check the effectiveness of the policies and procedures under which the business areas operate in their capacity as oversight agents (CTR) for the activities of other Commonwealth departments. RMT recommends clarifications to policies and procedures when necessary. RMT will also conduct periodic reviews of the Comptroller's day-to-day activity as a Commonwealth department (OSC).