During a certification audit of a government agency, a CB auditor criticized the timing of the agency on when actions to address risks/opportunities are evaluated for effectiveness. According to the CB auditor, evaluation should be carried out more frequently by the process owners themselves and not as practiced by the agency. The practice of the agency is: when they perform their internal audit for the scheduled processes, the internal auditors are tasked to evaluate the actions specified in the RBT planning tool (i.e. risks/opportunities register) accomplished for each process. The internal auditors look for evidences on whether the specified actions were implemented in order to achieved the process expected outputs. The results of these evaluations are reported during their quarterly management meeting. The CB auditor find this approach ineffective, since internal audits are usually performed not in a regular basis while evaluation by the process owners can be done more frequently. What's your take on this?