I am developing an Access-based central database to track risk and internal control issues. This will be used to track internal control issues for FDICIA, Sarbanes Oxley, etc., and to monitor risks on an enterprise basis. The structure will be based on COSO's Internal Control - Integrated Framework and their upcoming Risk Management Framework (while I do have a life, I am anxiously awaiting COSO's draft Risk Management Framework to be published on 7/15...some would call me sick).

For those of you that fall under FDICIA and / or SOX, and for others that want to comment, how detailed are you going with your tracking and documentation. I am trying to track macro (entity level) risks / controls such as credit, IRR, liquidity, transaction, information security, technology, etc.; risks / controls by department; and risks / controls by process (i.e. wire transfer, loan payments, etc.).

Is anyone else going to this depth? If not, how are you tracking risks and controls? If you are, or would like to, is anyone interested in collaborating on this subject?

I am taking the same approach as you. I am interested in discussing, collaborating. You can private message me and we can get in touch!

I would also be interested. We already have the documentation, I did that when I first started. We look at risks really well in silos, but not so well on an enterprise basis. I have each of the silos well documented in terms of identified risks, controls and then a risk rating (probability x impact), but I'm always looking to improve my process. My risk assessments are currently word documents.

I too am looking for a good system to monitor all of the risk factors discussed. I would appreciate information on how to assess operational risk. Is their a point system that can be devised? Of course it would need to be tailored to the specific insitution. I am also interested in how other organizations are setting up their risk management departments, functions, reporting etc. Thanks

I am also interested in learning about formation the risk management function since I have just been given this responsibility. We are also going to fall under FDICIA at the end of the year which we need to plan for. Can anyone offer their assistance on a risk management or a FDICIA framework?

I sent you a Private Message regarding a group of us that are going to collaborate on this issue. Since that was your first post I didn't know if you know about PMs (check under "My Home."

Happy to share and Access database I created for this purpose. Would appreciate your feedback on it. E-mail me and I'll send you a copy.

This is my first time visiting this site. I work for a small correspondent bank. Our auditor performs a risk assessment as Compliance Officer, I am asked to define risks for each business line and integrate that into to the overall RA. I am interested in what you have done and if you have it defined for say Finance, Investments, Loans, Operations, Credit Cards, etc. Thanks