Thread Options
#70561 - 03/28/03 07:02 PM Risk Analysis Software
Anonymous
Unregistered

Can anyone help with recommending a software product that analyzes risk in most, if not all, of the function areas of a bank. This risk analysis should have a numeric grading system that ultimately helps develop a frequency schedule for audited areas.

Thank you in advance,
Don Anderson
danderson@homestbk.com

Return to Top
Audit
#70562 - 03/28/03 08:10 PM Re: Risk Analysis Software
1111 Offline
Platinum Poster
1111
Joined: Jan 2003
Posts: 580
Comprehensive risk management analysis software does not exist. There is software that assists with the analysis of the various risk elements, such as disaster recovery, etc. but that's about it.

Return to Top
#70563 - 03/29/03 05:49 AM Re: Risk Analysis Software
Deepa C Offline
Junior Member
Deepa C
Joined: Dec 2002
Posts: 27
Dubai, UAE
I haven't found any as well. I've now started the risk assessement process by taking each unit, identifying the risk, identifying the mitigants to control the risk and rating them on a scale of 0 to 4 (0 being Not Aplicable,1 being fully implemented, 2 = Partially implemented, 3 = Aware, Not implemented, 4 = Not Aware).

This is done with the help of the unit Heads. I call this a Product (or Service Risk Profile)

Return to Top
#70564 - 04/02/03 10:25 PM Re: Risk Analysis Software
Anonymous
Unregistered

I recently developed and implemented a risk assessment and risk-based auditing program for a mid size community bank. The assessment results were used to develop my 2003 audit program and cycle. I met with each department of the bank and used internal control worksheets pertinent to each area or function to identify the risks. My audit cycle is based on High Risk-12 months or less, Medium Risk-24 months or less, and Low Risk-more than 24 months. After the risks were identified they were placed on a speadsheet and senior management and I used a scoring system of 1-5 to measure each risk identified (4-5 Highest) based on the risk factors relevant (senior management oversight, human resources, and included my primary regulators risk types.....credit, interest rate, liquidity, price, transaction, compliance, strategic, and reputation. The numbers were added up and no risk weighting was necessary. The higher the number the higher the risk. Based upon the total number of risk factors you score you can work on your numbers that will equal high, medium, and low scores. I also did a section on Regulatory Compliance..identified all of the laws and regulations and risk rated them. This whole process is done in conjunction with senior management who is ultimately responsible for internal controls. I found this process to be very beneficial to the department and senior managers as it allows them to "identify and think through" the related risks and identify weaknesses. The assessment is ongoing as new products and services are developed, mahor changes occur to management, etc. and will be performed annually. Hope this helps.

Return to Top
#70565 - 04/03/03 06:12 PM Re: Risk Analysis Software
AnnRoy Offline
Platinum Poster
AnnRoy
Joined: Jun 2002
Posts: 771
South
Anonymous:

Sounds like you've done your homework.....I'm really interested in your risk assessment tool. Please give me a call at (318) 254-7411, if you don't mind. I have a couple of questions (i.e., like HELP!!!!!!).

My name is Royce.
_________________________
CAMS

Return to Top
#70566 - 05/20/03 06:17 PM Re: Risk Analysis Software
Anonymous
Unregistered

Would you be willing to share your spreadsheet for others to use as a tool??
Thanks.

Return to Top
#70567 - 07/11/03 12:40 AM Re: Risk Analysis Software
RSM Offline
New Poster
RSM
Joined: Jul 2003
Posts: 2
Dallas, Texas
I have recently developed a risk assessment and management tool, primarily to help my banking clients cope with the new FFIEC guidelines, but also to make things easier for us when we perform IT risk assessment services for our clients.

This tool is a database application that allows you to document(enter), assess and manage each subject individually, one at a time, or to enter base information for each asset, process, procedure or issue, and then perform assessments at a later time, perhaps using an assessment team. Assessments are accomplished by filling in information about each subject. Some of the required information is simply selected from drop down lists with a click of the mouse button. When all the information is entered, the software will process it and present exposure and risk ratings. Threat and risk help text is available for some of the more common assessment subjects. Data is categorized by assessment year, category and sub-category to make it easy to work on or run reports for specific areas. I developed it mainly for use with IT and operations, but you can add your own categories.

Once the subjects have been assessed, the system allows you to easily work through and document the process of managing those risks. The detail of your solutions to the risks identified is captured, and there are a myriad of reports available to document your efforts.

I am currently in the process of trying to find time to pre-load the tables with enough data to make it easy for anyone to be walked through the entire process by pointing and clicking.

I'm getting ready to put a demo on our website for download, but it's not there yet. If anyone's interested you can give me a call at 972 764-7099.

Return to Top
#70568 - 07/11/03 09:54 PM Re: Risk Analysis Software
Anonymous
Unregistered

I am also very interested in your assessment as I have been trying to develop a program as well. I sent you a PM so that we can talk.

Return to Top
#70569 - 07/14/03 01:06 PM Re: Risk Analysis Software
Anonymous
Unregistered

Check out - http://www.sans.org/rr/paper.php?id=1053

There is a great document posted for doing a Risk Assessments for financial institutions. The included database is tilted more towards the technology side, but, it can be easily adapted for Vendors or other systems.

Return to Top
#70570 - 07/17/03 07:16 PM Re: Risk Analysis Software
Anonymous
Unregistered

Check out Methodware.com. They have a fabulous Enterprise Risk Assessor (ERA) product. There's a powerpoint demo on the product too. We are purchasing this software and it's fully Sarbanes-Oxley compliant.

Return to Top

Moderator:  Andy_Z