When I conduct a Compliance Risk Assessment for a client, I typically assess the risk of various regulations at the same time. You would look at policies/procedures, exam violations identified, audit findings, internal monitoring findings, changes in regulations, changes in staff, systems, etc., as well as anticipated LAR lines to determine criticality. If you only have 5 per year - not too critical - 5000 critical.
_________________________
"Once you learn to read, you will be forever free."
- Frederick Douglass
My Opinion Only.