Risk Assessor

Tools to assess your current risk profile

Know Your Risks

Complete risk assessments consistent with appropriate regulatory or standards body frameworks in days, not weeks,

Risk Heatmap

Heatmap identifies risk assessment strengths and weaknesses at a glance.

Drill Down For Details

Drill down to Risk Category and Risk Indicator level for details, including Rating and Trend

PDF Reports

Generate PDF reports for Board or external use.

STEP 1 in any risk management process must be an assessment of the risk factors the organization faces and its present position relative to those risks. What factors must organizations like ours manage against? At this point in time how much risk is each factor creating for us? Do we have adequate management measures in place to manage the inherent risk? And what is the trend? Is our situation improving or getting worse?

For many organizations, especially in regulation-heavy industries, the number of risk factors to consider can run into the hundreds, often with different parts of the organization best qualified to assess each risk. The typical solution, emailing spreadsheets around the organization, is inherently cumbersome and error-prone.

Use Risk Manager to:

  • Identify the risks your organization must consider.
  • Track your risks in a database with fine-grained control over access.
  • Document your assessment of the inherent risk, the strength of your management of the risk and trend for both.
  • If you must respond to a standards-base set of risks like SOC2 or banking requirements, explicitly score yourself against these frameworks.
  • Map your policies against control activities to be sure you have appropriate policies in place that address each risk.
  • Track your risk profile over time.

In many cases regulators or standards bodies have already codified the risks that must be addressed.

  • For example, the Statement of Operations and Controls (SOC2) framework created by the American Institute of Certified Public Accountants (AICPA) is widely used by service organizations to provide information their users need to assess the risks associated with an outsourced service.
  • The ISO 9000 family of quality management systems (QMS) standards is designed to help organizations ensure that they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product or service.
  • For healthcare providers, HIPAA provides an implicit risk assessment framework that organizations must comply with or risk significant penalties.
  • Financial services regulators have identified a comprehensive list of risks banks and credit unions must address.


Strunk’s Risk Manager has helped our bank with the risk assessment process. Before implementing their solution, we used Excel in each functional area, independent of each other. Their software solution makes it easy to do risk assessments on a quarterly basis and provides one consistent format for reporting to our board and regulators. Great product at a great price. We highly recommend this product for your enterprise risk management efforts!

Risk Assessments can be a challenge for many community banks. Strunk’s program brings efficiency to the process and allows us to focus on areas of high risk. Our team sees great value in the process and reporting generated by the Strunk program. It is an affordable way to manage regulatory required risk assessments rather than using excel spreadsheets from each area of the bank.

Strunk’s Risk Manager program is a great product that makes the risk assessment process easy to manage and is proving to be very helpful to us.

When I was Chief Risk Officer at a $750M bank, we implemented Strunk’s ERM Solution. It brought together all areas of the risk assessment process into one easy to use format and we eliminated the Excel spreadsheets. I highly recommend it for any size bank.

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

Our implementation process was well organized and efficient. Our initial risk assessment template and policy upload were complete in only 8 weeks. The Strunk team was great and we look forward to using these tools!

Strunk’s Risk Manager solution has reduced the time and made the process of doing risk assessments easier than our old excel spreadsheets that we previously used. The overview for the board and regulators is now in one concise report that helps us identify and manage areas of high risk. I would recommend the program to any community bank.


  • Pre-loaded industry frameworks
  • Heat map identifies risk profile at a glance
  • Fine-grained control over read/write access
  • Drill down for specifics
  • Automated trend tracking

Compliance Commandments

  1. Know your risks
  2. Ensure policies mitigate key risks
  3. Trust, but verify
  4. Prove it