In the light of the European Banking Authority (EBA) Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (SREP), ECB Banking Supervision together with the National Competent Authorities developed a dedicated SREP IT risk assessment methodology. This includes the IT Risk Questionnaire (ITRQ) as a form of standardised information collection from supervised institutions for the comprehensive assessment of all IT risk areas.
This document presents the key observations and conclusions based on a horizontal analysis of the ITRQ, for which self-assessments were submitted to ECB Banking Supervision in the first quarter of 2019 by the significant supervised institutions. This publication is designed to share insights from the analysis and increase awareness on IT risk management overall within the supervised institutions. The desired outcome would be for institutions to further improve their resilience, which is seen as a critical factor for financial stability.
Read more here.