Risk assessments should be enhanced at both the headquarters level by Departmental management, and individual Components annually, and updated during the year as needed including financial accounts and transactions that are susceptible to error due to IT systems functionality issues and inability to rely on application controls supported by IT general controls that are deficient. Refer to Comment I-A, Information Technology Controls and Financial System Functionality.