Our Approach
We lead with our approach and risk assessment tools…
ON-LINE DATA COLLECTION
Multiple-choice, multiple-answer questions are targeted to ask about risks and controls relevant to the manager’s area of responsibility. Questions cover the many controls and control features included in published guidance from regulators and standard-setting organizations and include cross-references to sources.
ORGANIZATION ALIGNMENT
Surveys are tailored to managers’ roles and responsibilities within the organization (e.g., CIO/Director of IT, network manager, Chief Risk Officer, BSA officer, Chief Information Security Officer, vendor contracts manager, retail branch managers, retail banking products manager, mortgage loan officers, commercial account relationship managers).
CONTROL FRAMEWORKS
Controls reporting can be organized to align with the examination controls framework defined by the relevant regulator(s), or follow a structure defined by the financial institution or other standard-setting organization (e.g., department-by- department, ISACA’s Control Objectives for Information Technologies, or NIST’s AI Risk Management Framework).
SUPPORTING DOCUMENTS AND INTERVIEWS
Managers can upload supporting documents, such as policies and procedures, for assessment and review against survey responses. Follow up interviews to walk through survey responses, supporting documents, and scoring, can be via video/voice conference calls or in-person.
TAILORED REPORTS
Our reports are customized to the financial institution; they include specific references to the institution’s products, departments, steering committees, information systems, vendors, and policies and procedures documents.
100% ONLINE OPTION
Risk assessments can be conducted 100% remotely using on-line surveys and video/voice conference calls.
(Works best with DSA access to client’s intranet / videoconferencing, e.g. Microsoft Teams).