In depth assessment and analysis of the vast amount of data captured (or not) within the Risk Organisation. For example, how many of multiple data elements required for Basel II are not only captured, but are able to be mined and used? Where does the data reside? Are different systems holding this data able to communicate and consolidate? How much manual interface / error opportunity is there? How accurate are the reports prepared for Senior Management and the Board? To what extent are the processes automated? How secure are the systems and the data? Is there a workable disaster recovery and business continuity plan in place and is this tested?