I have heard through the grapevine that some examiners have begun asking for a Risk Management Policy. Does anyone have a general policy? We address conducting risk assessments in other policies/procedures as appropriate but have nothing that would be considered an overall risk managemtn policy. Thanks.

I can send you one if you provide me your email address. It is based on an enterprise-wide concept. You will need to adjust it a little to fit your organization. And examiners do like to see a Board approved policy with the concept in place. If you are not familiar with the enterprise-wide concept, check out COSO website. There is alot of good information there.

Opinions are mine...........

YaYa - Does your bank do an enterprise wide assessment and report - if so who heads up the team at your shop?

Yes, we do utilize an enterprise wide assessment approach. I started the risk management program for us but when I assumed the audit function the financial analyst assumed the program. We are a community bank so individuals wear multiple hats. The program was basic at first, reviewing the various areas/departments of the bank, now I am providing recommendations to the financial analyst on how to further develop the program to include ALCO, etc. From what I see thru audit, management does alot of risk management already but it is not necessarily documented in the Risk Management Program.

Besides reviewing COSO information, there is a publication by the Senior Supervisors Group called the Self-Assessment Template, A Supplement to Risk Management Lessons from the Global Banking Crisis of 2008 dated October 21, 2009 that I would recommend reading. It contains many valid points to consider in a Risk Management Program including Governance. Good info!

By the way, for what it is worth, I did have an examiner ask me if I audited the Risk Management Program yet.

Opinions are mine.............

Hi could I get a copy?

Does anyone have a template for risk assessment audit? risk based auditing?