“Enterprisewide risk management” requires that correctional intelligence systems provide more varied information than has traditionally been provided. Prison intelligence systems must be capable of collecting security-threat-group information from more than one area. Risk management efforts should monitor human resource issues, infrastructure vulnerability, and outside radical influences related to the security threat groups inside prisons. In addressing these tasks, audit teams assess whether the facility meets the effectiveness standards mandated by its agency. An operational audit team has the capabilities for collecting and analyzing information on prison facilities and inmate activity. In managing security-threat-group challenges, the personnel of audit teams are trained in finding deficiencies, weaknesses, and vulnerabilities in the prison’s security system. The audit team should be a small unit consisting of only a few personnel, with most being uniformed line staff. The correctional experiences of unit personnel will enable them to observe and interpret the features and dynamics of prison operations, whether on the cellblocks or in other areas of the prison. The audit team should be provided with the computer hardware and software needed to collect, analyze, and disseminate information. The audit team prepares reports after each audit, portraying the overall security status of a facility, including information on security treat groups. The report should identify security deficiencies, vulnerabilities, and existing security gaps. 4 notes