I believe each department has their chief audit executive, and they would be doing their individual risk-based audit plans. It would be up to the risks they identify in their departments to determine what they would look at.
On October 29th, 2024. See this statement in context.