Risk Manager Software

Governance | Risk Management | Compliance

Risk Manager is our cloud-based software suite that streamlines all aspects of your compliance process in one cost effective tool. Automate the complex task of documenting your organization’s current risk profile. Organize policies and procedures through proper change management. Track issues and incidents, assigning responsibility, and monitor resolution. Maintain easy access to all vendor information while assessing the risk each vendor poses.

Software Modules

Check out how each software module in Risk Manager will help your organization manage risk and stay in compliance.

SCHEDULE A DEMO

RISKSPOLICIESCONTROLSISSUESVENDORSSKILLS

Risk Assessor

Tools to assess your current risk profile

Complete risk assessments consistent with appropriate regulatory or standards body frameworks in days, not weeks,

1
2
3
1
Risk Heatmap

Heatmap identifies risk assessment strengths and weaknesses at a glance.

2
Drill Down For Details

Drill down to Risk Category and Risk Indicator level for details, including Rating and Trend

3
PDF Reports

Generate PDF reports for Board or external use.

STEP 1 in any risk management process must be an assessment of the risk factors the organization faces and its present position relative to those risks. What factors must organizations like ours manage against? At this point in time how much risk is each factor creating for us? Do we have adequate management measures in place to manage the inherent risk? And what is the trend? Is our situation improving or getting worse?

For many organizations, especially in regulation-heavy industries, the number of risk factors to consider can run into the hundreds, often with different parts of the organization best qualified to assess each risk. The typical solution, emailing spreadsheets around the organization, is inherently cumbersome and error-prone.

Use Risk Manager to:

  • Identify the risks your organization must consider.
  • Track your risks in a database with fine-grained control over access.
  • Document your assessment of the inherent risk, the strength of your management of the risk and trend for both.
  • If you must respond to a standards-base set of risks like SOC2 or banking requirements, explicitly score yourself against these frameworks.
  • Map your policies against control activities to be sure you have appropriate policies in place that address each risk.
  • Track your risk profile over time.

In many cases regulators or standards bodies have already codified the risks that must be addressed.

  • For example, the Statement of Operations and Controls (SOC2) framework created by the American Institute of Certified Public Accountants (AICPA) is widely used by service organizations to provide information their users need to assess the risks associated with an outsourced service.
  • The ISO 9000 family of quality management systems (QMS) standards is designed to help organizations ensure that they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product or service.
  • For healthcare providers, HIPAA provides an implicit risk assessment framework that organizations must comply with or risk significant penalties.
  • Financial services regulators have identified a comprehensive list of risks banks and credit unions must address.

Testimonials

Strunk’s Risk Manager has helped our bank with the risk assessment process. Before implementing their solution, we used Excel in each functional area, independent of each other. Their software solution makes it easy to do risk assessments on a quarterly basis and provides one consistent format for reporting to our board and regulators. Great product at a great price. We highly recommend this product for your enterprise risk management efforts!

Risk Assessments can be a challenge for many community banks. Strunk’s program brings efficiency to the process and allows us to focus on areas of high risk. Our team sees great value in the process and reporting generated by the Strunk program. It is an affordable way to manage regulatory required risk assessments rather than using excel spreadsheets from each area of the bank.

Strunk’s Risk Manager program is a great product that makes the risk assessment process easy to manage and is proving to be very helpful to us.

When I was Chief Risk Officer at a $750M bank, we implemented Strunk’s ERM Solution. It brought together all areas of the risk assessment process into one easy to use format and we eliminated the Excel spreadsheets. I highly recommend it for any size bank.

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

Our implementation process was well organized and efficient. Our initial risk assessment template and policy upload were complete in only 8 weeks. The Strunk team was great and we look forward to using these tools!

Strunk’s Risk Manager solution has reduced the time and made the process of doing risk assessments easier than our old excel spreadsheets that we previously used. The overview for the board and regulators is now in one concise report that helps us identify and manage areas of high risk. I would recommend the program to any community bank.

Benefits

  • Pre-loaded industry frameworks
  • Heat map identifies risk profile at a glance
  • Fine-grained control over read/write access
  • Drill down for specifics
  • Automated trend tracking

Compliance Commandments

  1. Know your risks
  2. Ensure policies mitigate key risks
  3. Trust, but verify
  4. Prove it

Policy Manager

Create Policies That Mitigate Key Risks

Policy Manager organizes your hundreds of policy documents spread across different computers and file systems into a single database.

1
2
3
4
5
1
Organize policies into chapters

Assign editor and reader rights at the chapter level or policy level.

2
Drill down to chapter details

Summarizes policies in the chapter

3
Maintain individual policies
  • Clear ownership
  • Log all changes and approvals
  • Granular control over reader and editor access
  • Typical outline format
4
PDF versions

Generate PDFs for Board or external use. Generate final copy or redline identifying changes from prior version.

5
Criteria Based Auto-Assignment

Use specific parameters to dynamically assign documents to your users.

EVERY organization wants to be sure it has adequate policies and procedures in place to address the risks it faces. The typical solution is a patchwork of PDFs, Word documents, PowerPoints and the like.

Policy Manager provides a structured, centralized single source of truth for your organization’s policies:

  • Organize your policies into chapters
  • Automatic outlining
  • Map policies to relevant risk assessor frameworks to make sure all bases are covered
  • Granular control over read, edit and approval rights
  • Track employee acknowledgement of reading specific policies
  • Comprehensive change logging
  • Review redline versions of policy changes before and after
  • Generate PDFs for external consumption

You can then map your policies to multiple external frameworks like SOC2, NIST, etc. so you can explicitly demonstrate your adherence to the standard.

You can also use Policy Manager to document all your procedures, including links to policies, ownership responsibilities, automated change logging, and multiple file attachments.

If you don’t have documented policies, we can start you off with our recommended standard policies.

Testimonials

Our policy and control structure is very complex having both a broker/dealer and an investment advisory firm. Policy Manager allows us to easily organize a large volume of policies and maintain our control testing documentation all in one convenient place—a significant improvement over our previous process!

When I was Chief Risk Officer at a $750M bank, we implemented Strunk’s ERM Solution. It brought together all areas of the risk assessment process into one easy to use format and we eliminated the Excel spreadsheets. I highly recommend it for any size bank.

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

Strunk’s Risk Manager program is a great product that makes the risk assessment process easy to manage and is proving to be very helpful to us.

We adopted Strunk’s Policy Manager to centralize all policies and the related policy management functions into one system.  Everything is in one standard format, policy ownership and access is assigned and policy edits, approvals, employee and board review schedules are managed from one location.  Strunk was easy to work with throughout the project and was very open to adding enhancements to their program, adding value to our policy process.

Policy Manager allows our organization to have a central location for management of all bank policies. The program ensures consistent policy editing, change tracking and formatting. Owners of policies are notified automatically when a policy is to be reviewed which has saved time for our team. Also, the Board appreciates the consistent format for all policies it reviews.

We wanted a format which allowed easy access for tracking, organizing and reviewing our expanding portfolio of policies and procedures.  The Strunk Policy Manager has exceeded our expectations!

We currently use Strunk’s Policy Manager to update and track changes to our policies. We like the audit trail it leaves of changes and also the PDF Redline that indicates changes used for the Board to review and approve. Strunk Customer Support has been prompt and they always assist with any issues we might have.

Strunk Policy Manager is the most efficient policy manager tool I have come across. It provides convenient access to policies at anytime from anywhere. You can assign various ‘read’ and ‘edit’ access rights to policies based on your needs. Policies can be amended in the policy manager and you can retrieve a redline version, just with a click. This helps eliminate version control issues.

Policy Manager has provided a means to orderly store all of our policies in one place for easy access. By establishing review dates the system reminds us to review and make changes as needed. Works great for us!

Benefits

  • Organizes all your policies into a secure, reliable cloud-hosted database
  • Provides fine-grained access control for reading and editing
  • Automatically logs changes and approvals
  • PDF reports for board, auditor or external use
  • Maps policies to external risk frameworks and internal control procedures

Compliance Commandments

  1. Know your risks
  2. Ensure policies mitigate key risks
  3. Trust, but verify
  4. Prove it

Controls Manager

Trust, But Verify

Confirm your organization is following its policies

1
2
3
4
5
1
Testing status summary

Have all controls been tested timely and with passing results?

2
Policy/ Control map

Make sure you have a control in place to test every policy.

3
Drill down for details

… including testing history, related policies and attached documents.

4
Calendar

Shows all tests conducted, or scheduled to be conducted, this month, along with responsibility and scores.

5
Tests

Record results, score; attach documents if needed

POLICIES are pointless unless the organization follows them. To ensure compliance, organizations must periodically test for compliance. Controls Manager facilitates this process in two steps.

Document your controls

Essentially your ‘recipes’ for testing compliance with a particular policy or policies.

Test those controls

Run the recipes and record the results. Use Controls Manager to:

  • Document your control procedures
  • Assign responsibility for different controls
  • Automate scheduling of control tests, including alerts
  • Record test results

With Controls Manager you can see at a glance all your controls, whether your testing is on schedule and if you have had any test failures.

Testimonials

When I was Chief Risk Officer at a $750M bank, we implemented Strunk’s ERM Solution. It brought together all areas of the risk assessment process into one easy to use format and we eliminated the Excel spreadsheets. I highly recommend it for any size bank.

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

Strunk’s Risk Manager program is a great product that makes the risk assessment process easy to manage and is proving to be very helpful to us.

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

Benefits

  • Calendar provides status of control testing at a glance
  • Assign responsibility for control test
  • Provide automated alerts on upcoming or overdue control tests
  • Minimize duplicated controls by mapping controls to multiple policies/procedures
  • Tests, including attachments, are linked directly to controls

Compliance Commandments

  1. Know your risks
  2. Ensure policies mitigate key risks
  3. Trust, but verify
  4. Prove it

Issues Manager

Stay on Top of Issues and Incidents

A centralized database of all issues your organization is tracking across all departments

1
2
3
1
Issues List

Maintain database of issues and incidents

2
Issue Management

Assign responsibility; attach documents; assign priority and due dates; track status

3
PDF Reports

Generate PDF reports for auditors or external use

EFFECTIVE issue/incident management is an important contributor to effective risk management. Typical solutions, e.g. tracking issues using a collection of Excel spreadsheets, is inherently an inefficient, error-prone solution.

Use Issues Manager to:

  • Maintain a centralized database of all issues your organization is tracking
  • Organize issues by type and source
  • Assign responsibility to different users
  • Control read and edit access at the user and group level
  • Generate automated email alerts when issue status changes

Use Issue Manager to document all compliance issues from across your entire organization, including responsibility and status.

Testimonials

Strunk’s Risk Manager program is a great product that makes the risk assessment process easy to manage and is proving to be very helpful to us.

When I was Chief Risk Officer at a $750M bank, we implemented Strunk’s ERM Solution. It brought together all areas of the risk assessment process into one easy to use format and we eliminated the Excel spreadsheets. I highly recommend it for any size bank.

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

Benefits

  • Organizes all incidents and issues into secure, cloud-hosted database
  • Track issue resolution responsibility and status
  • Add attachments to any issue
  • Automated alerts for overdue issues

Compliance Commandments

  1. Know your risks
  2. Ensure policies mitigate key risks
  3. Trust, but verify
  4. Prove it

Vendor Manager

Simplify your vendor management process

Automate the process to reduce your administrative burden and save time

1
2
3
4
5
6
1
Vendor database

Keep track of all vendor relationships, including risk level and status

2
Risk Assessment

Periodically assess inherent risk from vendor relationship to identify risk areas that require further examination

3
Automated Vendor Surveys

Generate vendor surveys with questions directly derived from areas of concern identified in the inherent risk assessment.

4
Contract Management

Evaluate vendor contracts, track performance and manage renewals

5
Score Contracts

Score individual contracts based on presence and quality of key provisions. Complete periodic abbreviated reviews, unless significant changes warrant more extensive vendor evaluation.

6
Service Level Performance

Track performance on key service level agreements

IN an increasingly interdependent world, your vendors may be one of your biggest sources of risk. Your regulators, customers, and key stakeholders want evidence you are on top of your vendor risk.

Vendor Manager automates a cumbersome process into a well-organized, self-documenting work flow. Use Vendor Manager to:

  • Maintain your list of key vendors and associated contacts
  • Track the status of all your vendor contracts
  • Assess inherent risk presented by each vendor
  • Assess residual risk for high risk vendors
  • Automate vendor responses to detailed risk assessment questions
  • Complete annual contract reviews
  • Track performance against key Service Level Agreements (SLAs)

Vendor Manager automates vendor due diligence, providing a practical framework for deciding which vendors to assess in depth, assessing the risks they present, and monitoring their performance.

Testimonials

When I was Chief Risk Officer at a $750M bank, we implemented Strunk’s ERM Solution. It brought together all areas of the risk assessment process into one easy to use format and we eliminated the Excel spreadsheets. I highly recommend it for any size bank.

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

Strunk’s Risk Manager program is a great product that makes the risk assessment process easy to manage and is proving to be very helpful to us.

Benefits

  • Organizes all vendor management in secure, web-hosted database
  • Automated inherent and residual risk assessment
  • Generates online vendor surveys based on risk assessments
  • Tracks contracts, renewal dates, key provisions, and service level performance
  • Complies with all regulatory guidelines

Compliance Commandments

  1. Know your risks
  2. Ensure policies mitigate key risks
  3. Trust, but verify
  4. Prove it

Skills Manager

Train Your Staff

And make sure they are on top of the material

1
2
3
4
5
6
1
Slide Library

Maintain library of training slides, text-based or imported from PowerPoint or other graphics program.

2
Manage Courses

Assign slides to different “courses.” Re-use slides as needed for different purposes.

3
Users Take Courses

Users take assigned “courses” at their own pace.

4
Manage Question Vault

Maintain library of exam questions that test users’s knowledge of course material or general knowledge.

5
Manage Exams

Assign questions to different exams and assign exams to users.

6
Users Take Exams

System presents a random sub-set of questions to users, records responses, and confirms or corrects user answers.

FOR policies to be effective, employees need to know what they are. It follows that an organization should periodically test its employees’ knowledge of key policies. Policy Manager can track your employees’ assertions they have read your policies.

Skills Manager lets you determine if they remember key aspects of your policies. Skills Manager can also provide simple online training experiences to help your employees brush up on key policy details.

Use Skills Manager to train and test your employees’ knowledge.

Exams

  • Create a library of exam questions
  • Assign questions to exams and exams to users
  • Set parameters for frequency with which users must take exams
  • Users take exams to show their knowledge of the material

Online Training

  • Create a library of training slides, either from text or exported from PowerPoint
  • Combine slides into courses
  • Assign courses to users and set parameters like passing score and merit score
  • Users take courses online at their leisure, stopping and picking up where they left off as needed

Use Skills Manager to put together simple online courses to train your employees on key policies. Then use the Exams module to test their knowledge.

Skills Manager also contains a user searchable document library for storing relevant reference materials.

Testimonials

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

When I was Chief Risk Officer at a $750M bank, we implemented Strunk’s ERM Solution. It brought together all areas of the risk assessment process into one easy to use format and we eliminated the Excel spreadsheets. I highly recommend it for any size bank.

Strunk’s Risk Manager program is a great product that makes the risk assessment process easy to manage and is proving to be very helpful to us.

Benefits

Exams
  • Create simple online exams to demonstrate employee proficiency
  • Employees take exams from anywhere, anytime
  • System corrects employee responses as necessary and tracks results
  • Central database showing that employees are knowledgable on key policies
Online Training
  • Create library of training slides or import from PowerPoint
  • Organize slides into courses and assign to employees
  • Employees can take courses from anywhere, anytime
  • Simple method to improve employee knowledge on key policies

Compliance Commandments

  1. Know your risks
  2. Ensure policies mitigate key risks
  3. Trust, but verify
  4. Prove it

Start managing risk across your organization with the click of a mouse.

Schedule A Demo Or Call (877) 485-8808 To Learn More…

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.