Managing IT & Vendor Risk Assessments

From an IT and Information Security perspective, banks are required to perform four (4) major risk assessments. This session will cover the first two (2), including the IT Risk Assessment and the Vendor Risk Assessment. However, we don’t just want to do risk assessments for the sake of doing risk assessments, so this session will show you how to perform a risk assessment that’s valuable to your institution and helps you make informed decisions about what to do next.

• The key components of a thorough IT Risk Assessment, including how to identify, assess, and prioritize risks related to technology infrastructure, systems, and data security.
• How to conduct a comprehensive Vendor Risk Assessment, ensuring your third-party relationships are secure and compliant with regulations.
• Best practices for gathering and analyzing risk data to ensure that your risk assessments provide meaningful insights, rather than just ticking boxes.
• Practical guidance on how to use risk assessment results to make informed, strategic decisions on mitigation efforts, resource allocation, and overall risk management.
• How to align your risk assessments with regulatory expectations from supervisory agencies to ensure compliance during audits and examinations.

By the end of this session, you’ll not only understand how to conduct these essential assessments but also how to turn the results into actionable insights that drive informed decision-making and improve your institution’s overall risk management strategy.