2023 IT Examiner School

Why have a Risk Assessment? Helps organizations identify inherent business risks and provide measures, processes and controls to reduce the impact of these risks to business operations • Without a Risk Assessment: • Not in compliance with GLBA (Appendix B of Part 364 of the FDIC Rules and Regulations) • Protection of information assets are not aligned with business objectives or regulatory requirements • Loss (or compromise) of critical information can be catastrophic • Loss of trust between a financial institution and its customers • Harms the safety and soundness of institution

Risk Appetite

Risk appetite is the amount of risk, on a broad level, an organization is willing to accept in pursuit of its mission.

How much risk is an organization willing to accept to achieve its objectives?

Risk appetite is not just a part of risk and risk management discussions, it is a key component in strategic planning and day-to-day decision making.