144. In line with the EBA Guidelines on internal governance and the EBA Guidelines on ICT and security risk management, competent authorities should assess whether the institution's information and communication technologies are effective and reliable and whether these systems fully support risk data aggregation capabilities at normal times, as well as during times of stress. In particular, competent authorities should assess whether the institution is at least able to:
a. generate accurate, consistent, complete and reliable aggregated risk data for business units and the entire institution;
b. capture and aggregate all material risk data across the institution;
c. generate aggregate and up-to-date risk data and risk reports in a timely manner with sufficient frequency; and
d. generate adaptable aggregate risk data and risk reporting to meet a broad range of on-demand requests from the management body or competent authorities, including ad hoc requests due to changing internal or exter
…