There is no risk management and control process and risk management is solely tie responsibility of operational managers

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization