Risk Assessment

The bcp_risk entry in the FFIEC IT Examination Handbook outlines how examiners evaluate an institution's risk-assessment processes for information technology. It details the requirements for identifying, analyzing, and mitigating threats to systems, data, and operations, and sets expectations for documentation, governance, and ongoing monitoring to ensure effective risk management.