Risk assessments are a key focus of examinations today and are
mandated by regulation. They are essential to an effective and appro-
priate risk management program and provide the basis for your se-
curity program, audit program, business continuity plan, not to men-
tion your vendor management program and identity theft red flag pro-
gram. Once thought to be an IT risk assessment only, today, the
focus is on the institution as a whole. Strictly an IT focus and elec-
tronic data is not sufficient.
Needless to say, many organizations are still a little unclear what is
meant by an enterprise-wide risk assessment. This presentation will
provide an approach for developing an enterprise-wide risk assess-
ment and a frame work that can be adapted to the other numerous
risk assessments now required.
If you have asked these questions, then this presentation is for you:
z What is meant by enterprise-wide?
z Where do I start?
z Can I outsource the risk assessment?
Is there an approved format or template?
z Difference between IT and enterprise-wide risk assessment
z Key elements of a successful process
z Basics on developing a risk assessment
z Sample matrix
Anyone responsible for developing a risk assessment or leading a
risk assessment team.
CE Applied: 2.5 hrs. CRCM/CFSSP w/the Institute of Certified Bankers
Susan Orr, CISA, CISM, CRP, is an industry expert with vast regu-
latory, risk management, and security knowledge. During her 14-
years as bank examiner, Susan held numerous lead positions in-
cluding Regional IT Examination Specialist, Special Assistant to the
Regional Director, and Special Assistant to the Vice Chairman of the
FDIC. Susan was lead instructor for the FDIC's technology school.
She currently consults for security providers and performs IT secu-
rity/regulatory reviews for financial institutions.
What is a Webinar?
A webinar is an enhanced telephone seminar. The audio portion is
delivered by speaker phone; however, you may now view a