Risk governance (including appetite definition, “ownership” of risks and the organization of control functions)
Risk management (including risk control processes, appetite and limit allocation, mitigation practices)
Risk analysis and quantification (including measures, monitoring and reporting practices)
Risk infrastructure and intelligence (including systems, data and model risk issues)