Power your team through continuing education with Strunk’s Skills Manager

If you are a Risk Assessor or Policy Manager user today, you may not be aware that Skills Manager is packaged with your solution. In order for your organization policies to be effective, your employees need to know the material. Skills Manager also lets you determine if your employees remember key aspects of those policies by periodically testing employee knowledge.

Through its Courses feature Skills Manager provides simple online training experiences to help your employees brush up on key policy details. For this online training you are able to create a library of training slides, either from text or exported from PowerPoint. You then will combine slides to develop courses and assign courses to your employees. It’s that simple! Users will then take courses via our online portal, with the ability to stop and pick up where they left off as needed prior to the due date.

Once Courses are complete you can then use the Exams module to test employee knowledge. Like Courses, you will create a library of exam questions that you can then assign to exams and then exams to users. Subsequently you will set parameters for frequency with which users must take exams and set parameters for a passing score or merit score. Your employees can show their knowledge of the material within each Course.

Strunk CEO Dan Roderick says “We launched Skills Manager V2 earlier this month and it’s easier to use than ever! It’s a great way to test employee policy knowledge and document results – particularly on those policies where periodic employee acknowledgement is required.”

Skills Manager also contains a user searchable document library for storing relevant reference materials that can be used as needed throughout the year.

The importance of a thorough risk management process

Managing risk is a fundamental process for any business and is crucial to achieve ongoing success for any company. Strunk’s Risk Manager solution provides a systematic process to ensure that you organization 1) knows your risks, 2) has policies to mitigate key risks, 3) is able to verify that policies are followed, and 4) can easily prove to others – management, board, examiners – that you follow this structured process. Risks may hinder or even prevent your business from achieving its goals, cause operational disruption, financial loss, or escalating cost. By performing a risk assessment, you can mitigate key risk indicators by taking them into account early on and developing action plans to reduce and effectively manage risk.

Risk management should not be confined to just one department in the organization or be the sole responsibility of a certain group of employees – it should be an integral part of everyone’s job. Strunk’s Risk Manager software will allow you to involve as many individuals in your organization as you like in the risk management process, keep all of the key components of your risk management process in one place, and gain a better understanding of the nature of the risks facing your organization. Many Risk Manager clients only use one or two modules but are not making full use of the entire solution. By using all of the modules in Risk Manager it will help you establish a more cohesive and stronger risk management environment. The new Version 2 of Risk Assessor is available and can help streamline your risk assessment process even further and save time. If you are a client that currently has Version 1, Strunk can help transfer results from Version 1 into Version 2 for no additional cost. Also, if you have staff members that have not yet been trained on any of the Risk Manager modules because they are new or their job responsibilities have changed, Strunk will do additional web based training for no additional charge.

Tracking Issues and Incidents at Financial Institutions

During the course of the daily operations of a bank, “issues” or “incidents” arise and tracking them should not be difficult or cumbersome. Managing the resolution of the problem should be tracked and Strunk’s Risk and Issues Manager solutions may be just what you need.

“Issues” that need addressed could come from an outside audit, a regulatory exam, a risk assessment or from vendors you do business with. Identifying an issue may be easy but putting a tracking solution in place that assigns ownership, provides a time stamp, departmentalizes the problem, prioritizes and assigns a corrective action plan can be more difficult. Many financial institutions use Excel spreadsheets and they may be hard to keep track of. Keeping a log of the issues is imperative for senior management and your audit team.

“Incidents” can occur in a variety of ways and they could include a system breach, attempted hacking of your website, or a debit or credit card could be compromised. Similar to issues, incidents should be resolved in an organized and timely manner and they should be tracked for audit and regulatory review.

Strunk’s ERM program includes an “issues” and “incident” tracking solution that is easy to use. It gives you the ability to attach documents, assign priority and due dates, and track the status of the problem. Reports are generated for auditors and for external use. Email alerts are sent to the owner of the issue and they can be “time based” or “update based”. “Time based” is determined by the due date or past due date. Alerts based on an “update” sends an email to the owner when the status is changed to “complete”. Employees on a “notify list” can be alerted as well so that each person along the way knows what the status of the resolution of the issue is.

Providing simple easy-to-use solutions for risk and resolution management is what Strunk does.

Strunk is pleased to announce addition of FFIEC CAT Tool assessment component

Financial institutions are at risk for an increasing amount and sophistication of cybersecurity breaches and threats. For this reason, the Federal Financial Institutions Examination Council (FFIEC) created a Cybersecurity Assessment Tool to help institutions identify the risks they face and to be sure they are prepared in the event they are faced with one of these events.

Strunk is pleased to announce the addition of this FFIEC Cybersecurity Assessment Tool to its Risk Assessor module. The feature is comprised of both the Inherent Risk Assessment and Maturity Assessment sections. Maturity Assessments are organized into domains: Cyber Risk Management and Oversight, Threat Intelligence and Collaboration, Cybersecurity Controls, External Dependency Management, and Cyber Incident Management and Resilience. Users must score their organizations on each question to determine their overall risk level. The Strunk approach to the assessment streamlines an otherwise cumbersome process so that financial institutions can much more easily complete these assessments and identify their maturity level.

Strunk CEO Dan Roderick says, “The FFIEC CAT is required for all financial institutions annually, so we are very happy to add this feature to Risk Manager at no additional charge to our clients.”

Clients have been using Risk Assessor to complete regulatory required internal risk assessments in days rather than weeks. The solution is preloaded with key risk indicators for BSA, ACH, Fair

Lending, Cybersecurity, Compliance, Asset Quality and much more. Call report data from your institution is automatically uploaded to the program quarterly to substantiate the risk. Concise board reports are easy to read and understand highlighting areas of high risk your bank faces.

Current Risk Assessor clients will receive the FFIEC CAT Tool for no change in their annual fee.  Please contact us if you are interested in viewing a demo of the tool.

No better time to implement a Cloud-Based GRC Solution

Over recent weeks, the ongoing spread of the COVID-19 coronavirus has forced companies around the country to make difficult decisions about how to protect their employees — as well as their communities as a whole.  In an effort to halt the spread of the virus, many organizations are instituting mandatory work-from-home (WFH) policies, engaging with new cloud service providers, and shifting resources toward supporting an expanding remote workforce.  The fast-moving, global reach of the coronavirus has illustrated that a forward-looking approach to risk management is more important than ever. Having a cloud-based tool that streamlines your compliance process should be in all companies’ future strategic discussions.

Strunk offers many great automated cloud-based solutions tools that streamlines compliance and risk management for our clients.  There are many benefits to these cloud-based solutions, especially in today’s environment where some many employees are working from home.  Our software is simple to implement, easy to access, very flexible and is reliable in terms of backing up data for your employees who are at different locations.  Implementing Strunk’s Risk Assessor, Policy Manager, Issue Manager and Vendor Manager software does not require extra hardware or software.  Implementing these tools can be done while business continues as usual which requires no downtime at all.  Strunk has created a new Version 2 of our Risk Assessor which is available to everyone.  Risk Assessor helps our clients complete risk assessments consistent with appropriate regulatory or standards body frameworks in days, instead of weeks.  Clients are able to upgrade for free from Version 1 to Version 2 and Strunk will help transfer results from your current Version 1 assessments.

Given the current coronavirus pandemic, the need for companies to centralize their policies and vendor management is more critical than ever.  Strunk’s Policy Manager software will organize hundreds of policy documents spread across different computer and file systems into a single editable database. With employees working remote, Policy Manager gives employee access to the companies polices for easy access and with the established review dates the system will remind employees to review the policy and make changes.  Centralizing your vendor manager process with Strunk’s Vendor Manager software will automate the process which reduces administrative burden and save time while giving employees who are working remote access to vendor due diligence, providing a practical framework for deciding which vendors to assess in depth, assessing the risks each vendor present, and the monitoring of each vendor performance.

Also, Strunk is offering additional free web training for our client’s employees.  There is no better time than now to get employees who are new or have changed job responsibilities trained on any of Strunk’s GRC software.

Strunk Policy Manager Software Now Includes GRC Policy Templates

In 2015 Strunk launched Risk Manager which has now evolved into a full featured Governance, Risk Management, and Compliance (GRC) solution including Risk Assessor, Policy Manager, Controls Manager, Vendor Manager, Issues Manager, and Skills Manager tools.  Today, as an added service for Risk Manager clients, we are announcing the availability of standard template policies for banks, credit unions, investment advisory firms and broker-dealers.

Policy requirements evolve, and often times organizations find that their existing policy has become outdated, or they don’t have a policy at all to address a particular issue.  No one wants to write a new policy from scratch – particularly regarding a complex issue. So, starting with a vetted template and customizing it to your particular organization is a big benefit both in terms of making sure the policy is complete and saving time. There are a variety of companies that provide policy templates for a fee.  But with Strunk, they are free for Risk Manager clients.

Dan Roderick, Strunk CEO said, ‘Clients have been asking us for quite some time if we can provide them with a specific policy that they don’t currently have in their existing policy manual and each time we would track down a template example for them.  Now we have assembled a database of standard documents to respond to those requests.  In fact, if a client were to ask for an entire manual of standard policies, we can now easily provide those documents.  Policy Manager has been one of the most popular components of the Risk Manager solution – it was the first module we developed five years ago.  This should be a valuable enhancement to our GRC solution.’  The current COVID-19 crisis is one example of an event that can create a need for a new or more thorough policy.  The Pandemic Policy and Plan documents have been frequently requested during the past month.

Policy Management Made Easy

Banks are required to have each and every policy approved by the board of directors on an annual basis. Many financial institutions keep their policies in Word or PDF documents on the back credenza of the officer in charge of each area of the bank. Operational and compliance policies are in the operations area of the bank; lending policies are in the chief lending officer’s file cabinet and accounting policies on the cashier’s desk.

On average, banks have between 40-60 policies that are reviewed throughout the year by the bank’s board and any changes to the policies are updated after board approval. This process can be cumbersome and hectic for most community banks. It doesn’t have to be that way!

Strunk has put together a terrific solution for managing the annual review and policy approval process. Rather than maintaining separate folders of policies, why not have them in one place with access to those who need to read, make changes, or review them periodically? That is what Strunk’s Policy Manager Program does.

Keeping a log of changes for senior management, outside auditors, or the regulators is important. Making updates or changes to policies should be easy to do. Redlined copies of the policies go to the board for approval. Your board only wants to review changes made to policies, not the entire policy. Strunk’s solution does all of this and policies are put into chapters based on each functional area of the bank. You send us your policies; we do all of the work. Access to each policy is given based on user access code. Contact us for a quick demo of the cost effective, yet comprehensive Policy Manager solution.

Cybersecurity Maturity Model Certification (CMMC) Audits Made Easy

Recently the US Federal Government announced plans to impose a cybersecurity audit and certificate program referred to as the Cybersecurity Maturity Model Certification (CMMC), which will be used as a standard requirement for all firms dealing with DoD data.  The CMMC closely follows established frameworks pulling heavily from the NIST CMF and 800-171 publications.  The obvious advantages of using a ubiquitous framework and assessment to ensure compliance with these new regulations helps to reinforce many of the best practices that firms in this space should have already been following.

Each firm must record their policies, procedures, and controls related to the NIST frameworks, showing a clearly delineated map of these relationships for auditors to follow, test, and critique.  The DoD recently announced that they plan to start the audit process in 2020 with more than 60% of firms expected to have completed their requirements by the end of the year.  This leaves firms with sparse time to evaluate and immortalize their processes, with a narrow window to fix non-compliant or lacking areas of their cybersecurity framework.

These moves by the Federal Government and the DoD are being widely celebrated by the cyber defense industry as a win against unintentional release of classified information, and as strong guidance for the industry to help ensure a curb in the currently vulnerable industry.  With a long history of leaks, and hacks, the government consulting and data analytics firms, that make up much of the cyber defense of the country, will be helping to ensure our enemies have one less tool to utilize.

With StrunkAccess Risk and Policy Manager consulting firms are finding a tool that can help navigate through the complicated process of becoming compliant with risk frameworks, helping to protect their companies and clients.  From SOC 2 to NIST to any risk framework, StrunkAccess is an elegant solution utilized to help hundreds of companies evaluate, record, and manage their risks.

Incident Reporting in the Modern Age

As web-based applications started to gain steam bugs, issues, and upgrades became a discussion point around best practices to document and distribute this vital information. With more and more sophisticated ways to streamline communication, release timelines, and as a snapshot of the backlog your team needs to complete, the usefulness of the applications started to become more appealing to industries outside of software development.  From software companies to audit firms to financial firms, closely followed and documented issue response is the most effective and indelible way to ensure your company is addressing all of your issues, from simple to complex.

The growth of users around a few big-name players is projected to explode over the next 5 years, leading to a consolidation of options, creating a homogenous and, in many cases, expensive reality.  In 2019 the average cost of Incident Reporting software was around $3,500/mo.  This mammoth monthly bill is only expected to grow over the next 5 years as firms become more entrenched in their default systems.  The sad fact is much of this Incident Reporting Software hides features behind micro-transactional pricing structures meant to increase the price for marginal benefits as your company grows.

At Strunk we develop tools meant to provide maximum value and functionality, highlighted by our renowned Risk and Compliance tools and Management Efficiency tools, like Issues Manager and Skill Manager. We believe, delivering the tools we love to use to our clients, provides the best outcome for all.  Like all of our tools and modules, Incident Reporting is included with the StrunkAccess GRC suite at no additional cost.  Sign up for a Demo to see all that StrunkAccess has to offer.

Strunk Reports Record Sales

Strunk is proud to report that October was the highest volume software sales month in our history. In addition, October 2019 YTD sales of Risk Manager, our Governance, Risk Management and Compliance management solution, are already up almost 50% relative to full-year 2018. New clients in October range in asset size from just under $100 million to over $1.2 billion.

This success was fueled by Strunk’s strategy to offer a broad range of services, allowing clients to purchase all of our GRC modules, including Risk Assessor, Policy Manager, Controls Manager, Skills Manager, Issues Manager, Vendor Manager plus our hosted ODP Manager software for one affordable price. Clients also signed up for Overdraft Privilege program reviews and implementation of new Overdraft programs.

Strunk CEO Dan Roderick commented, “In just one month we were able to add a record number of new clients across every line of our business and a broad range of software solutions. From my perspective, this is what it’s all about – providing full-featured, easy-to-use tools that also offer clients great value. Our sales team has really knocked it out of the park!”

With Strunk’s Governance, Risk Management, and Compliance (GRC) solution suite clients can greatly enhance internal control and risk management processes and save time. The suite includes:

  • Vendor Manager is a specialized tool for managing vendor risk that standardizes risk assessment methodology and organizes all vendor related documentation.
  • Risk Assessor helps prepare comprehensive risk assessments consistent with regulatory or other requirements, in days, not weeks.
  • Policy Manager organizes all existing policies into a single database, mapped to the relevant standards and control procedures.
  • Controls Manager schedules tests of policy compliance and tracks test results.
  • Issues Manager is a centralized database for tracking all compliance issues and incidents across your entire organization.
  • Skills Manager provides online testing and training to ensure employees are knowledgeable about the organization’s policies.

In addition to our GRC solutions, financial institutions should periodically review their overdraft program to ensure they are not using policies and procedures that are non-compliant with current laws and regulations. Strunk’s comprehensive Overdraft Privilege Program review includes recommendations to increase fee income and ensure compliance. Additionally, clients receive access to our state-of-the-art program management software, ODP Manager.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.