Risk Identification, Assessment, and Measurement

Determine the overall adequacy of the credit union’s risk identification, assessment, and measuring functions.

Prerequisites

• Determine the risk governance framework

People to Interview

• Leadership involved in policymaking

• Head(s) of Risk Management and/or Internal Audit Departments, if applicable

• Audit Committee Chairperson, if applicable

• Supervisory Committee Chairperson, if applicable

• Board of Directors, if warranted

Documents to Review

• Risk management policies and procedures

• Risk register

• Risk assessment

• Risk oversight committee minutes

• Relevant MIS

• Strategic Plan

Questions to Consider

• Are the risk management practices sufficient to evaluate material risks across the enterprise and capture comprehensive risk on an ongoing basis?

• Does the credit union maintain and catalog risks in a risk register? Does the register assign risk rankings? If so, is the risk ranking method applied reasonable and executable?

• Is a process in place for determining materiality in the context of material risk identification for the purposes of strategic planning and policymaking?

• Are the board of director risk appetite statements and/or risk tolerances consistent with strategic plans and the credit union’s financial condition?

• Are the risk assessment and ranking practices aligned with the board of director's risk appetite and/or risk tolerances?

• Are risk appetites and/or tolerances further distilled into usable risk limits? Is this information used to set limits in operational and financial management policies to manage risk?

• Are the credit union's MIS capable of identifying, aggregating, and reporting on relevant and reliable drivers of risk for purposes of forming policies and strategies, and monitoring compliance with board-approved risk tolerances? Is data quality commensurate with the size and complexity of the credit union’s operations?

Last updated on August 23, 2022.