Risk assessment: From burden to benefit

by Steve Soukup, NAFCU Services

Risk assessments. Tedious, compulsory, and painful. Just some of the words used to describe a process that is critical to your institution’s cybersecurity and compliance efforts. Yes, the risk assessment process can be daunting, but mostly because of an outdated perspective that disconnects it from the ever-evolving changes in risk and compliance. Some credit unions look at risk assessment as a ‘check the box’ task instead of a valuable exercise that significantly enhances the completeness of their security program and ability to satisfy regulatory requirements. Some credit unions still manually gather data from disjointed systems, resulting in a stale and ineffective risk assessment.

So, while your institution is under constant pressure to remain cyber risk ready and compliant, how can you effectively tackle the critical task of risk assessment without suffering through the process?

The first step is to adopt the new mindset that risk assessment is a living document, not something that gathers dust on a shelf. It must constantly be amended to address emerging threats and changing regulations. Credit unions who update their risk assessment infrequently, e.g., annually, miss the opportunity for modifications that will positively affect their cyber readiness and compliance efforts.

The second step is to utilize industry-specific resources and technology. Move beyond the typical two-person manual approach used to aggregate and evaluate data for risk assessments by using the right technology. If your CFO runs a financial report, would they use an abacus? Of course not! Technology enables it to be done in a manner that accounts for all the unique operating requirements of a financial institution. So, why are FIs that use modern technology for other functions still using a static and inefficient approach for such an important process as risk assessment? Yes, we’re talking to you – the one still using Excel for risk assessments. Are you ready to reevaluate your approach?

 

continue reading »

Featured