We actually do a risk assessment a minimum of twice on the life of an actual project. When the project and recipient proposal first comes in, the initial risk assessment is done. It's driven by a number of factors that are built into our systems to ensure consistency of risk assessment, project to project, and across all recipients. It will then determine whether or not there's low, medium, or high risk associated with the individual project, and then the level of intervention and working with the monitoring and reporting requirements that are then projected onto the recipient to act accordingly.
At a minimum, we also review it prior to the actual processing of any claims. So before any money actually flows, we reassess. Because our average project is approximately two and half to three years in life, that risk assessment needs to be revalidated before we actually flow any funds.
The risk assessment is re-evaluated at that time, using the exact same process, to see if anything new has happened in the interim over that time period that would then require additional either beefing up or easing of the actual reporting or monitoring burden that we would then put on the recipient. In addition, if any information became available to the department in the interim that obviously required a reassessment of the risk, or that we became aware of, that would also....
So it doesn't prevent us from also reassessing during the life cycle of the project, in addition to those two steps.