After going through the definition and nature of an ERM program, we go through the different merits of including self-assessments. We then highlight the specificities of the 3 areas mentioned: generic ERM, IT risk and internal controls.
We highlight a few specific areas within IT that need extra precautions for assessment, and the categories included, together with templates that may be used.
For internal controls risk assessment, a list of the areas to be assessed is done, highlighting the categories to include.
We then show, with a few concrete and practical examples, how the failure of assessment can translate into real disaster scenarios, and how to steer away from such scenarios.
Financial institutions, when setting up an Enterprise-Wide Risk Management program, have to include some self-assessment. The exercise, generally starting with a good, coordinated and consistent view, can get very quickly into the intricacies of IT risk and the nature and thoroughness of internal controls.
Risk assessments are at the core of an ERM program. In this webinar, we focus on developing risk self-assessments, IT risks and internal controls to be implemented or re-implemented.