One of the pillars of a Compliance Management System (CMS) is Risk Assessment. Before you can even begin to mitigate potential risks, you need to know what those risks are. A risk assessment will help you do this, but it can be a little tricky as there are no mandatory risk assessment requirements and/or specific methods to conduct a risk assessment. One thing is certain; however, your risk assessment should drive your CMS. We like to say your risk assessment is like your sword and your shield. It leads you to areas that you should attack and is also your defense when attacks come at you. For instance, if examiners criticize you as to why you aren’t doing something particular, a good response could be based on our risk assessment, we don’t feel like the risk is as high for us as it might be for other institutions.
Kevin explains more in the video.