Frequently Asked Questions

How is the Risk Assistant software delivered?

This is an online software solution. No software needs to be installed.

 

Can multiple users access the risk assessment?

Yes, authorized users from your financial institution can be granted access to the system. Note that per user fees will apply for the optional level of log on security that will soon be available.

 

What security do you provide to protect our risk assessment information?

• Secure online access
• Hosting facilities are SAS-70 certified
• Strong encryption is applied to all user input fields and passwords
• For additional protection, an optional out-of-band authentication service is available free of charge

 

Can we add new questions to the survey?

Yes, you may add as many questions as you like to the notes sections.

 

How often will the risk assessment software and survey questions be updated?

Beavercreek Marketing will update the risk assessment for new guidance and updated regulations, major new product releases and upgrades from Fiserv, and periodically to incorporate suggestions from our clients.

 

How will we know when updates are available to the risk assessment?

Authorized users will receive an email notice. Updates to your risk assessment will be clearly marked.

 

What products are covered in this risk assessment?

Products covered by the risk assessment include:

• Personal online banking
• Business online banking with ACH/Wire
• Mobiliti mobile banking
• Business mobile banking
• Merchant Source Capture
• Consumer Source Capture
• Mobile Source Capture
• Branch Source Capture
• Online bill pay
• Business online bill pay
• eStatements
• P2P payments
• A2A transfers
• Positive pay
• Telephone banking
• Online applications

Plus: ACH operations risk assessment required by NACHA
Wire Transfers - Back Office

 

Are non-Fiserv products covered in this risk assessment?

All survey questions are written specifically for Fiserv online banking products. However, this risk assessment can also be used for any online banking products.

 

Since we have few online banking products, do we receive a discount?

No. Products cannot be removed from the risk assessment. Simply indicate “Not Applicable” for products not offered by your financial institution.

 

What is the ACH operations risk assessment?

The ACH operations risk assessment does not apply to the FFIEC guidance for customer-facing online products. Instead, it applies to the NACHA requirements for using ACH in your internal banking operation.

 

Is the ACH operations risk assessment as required by NACHA included?

Yes. A complete ACH operations risk assessment is included with your subscription. There are several unique categories specifically for the ACH risk assessment, including IAT.

 

We purchased the original ACH risk assessment tool from Beavercreek Marketing. Do we receive a free upgrade?

100% of the original purchase price will be credited toward the purchase of the new ACH risk assessment tool. All clients that are currently subscribed to the ACH risk assessment will only pay the new annual recurring fee.

 

Is the ACH risk assessment tool available as a stand-alone product?

No. The new Electronic Banking Risk Assessment replaces the ACH Risk Assessment. Both are included in the new software.

 

Is a GLBA risk assessment, or a global risk assessment included?

Not at this time.

 

Are third party venders addressed in this risk assessment?

Yes, issues surrounding third party venders of online banking services are included in the Vendors Issues Section of the survey.

 

When the user completes the survey questions, is a risk rating automatically assigned?

No. The user will review their answers to the survey and assign a risk rating based on the Likelihood of Risk, and also the Consequence of Risk. The survey questions and responses provide a useful guide for determining your own risk ratings.

 

Can inherent and residual risk assessments be performed?

Yes. An inherent risk assessment is essentially the initial risk before any controls have been added by the financial institution. The residual risk assessment is the risk after new controls are in place. Both inherent and residual risk assessments can be performed.

 

What types of printed reports are available?

Two reports are available for each online banking product. The executive summary displays your inherent (if available) and residual risk ratings, plus the controls and management findings for each risk category. The full report prints all information including each survey question and response, along with risk ratings, controls, and management findings.

 

Are the reports stored in the system?

Reports are not stored in the system. We recommend saving your reports as pdf files on your own computer or hard disk.

 

Is a history of risk ratings available?

Yes, the history of risk ratings is stored in the system.

 

Are risk ratings stamped with the date and name of the person that performed the risk rating?

Yes. Date and names can be added to each risk rating. This information is stored in the system.

 

How often should a risk assessment be prepared?

At least once a year, or more often as needed for new regulations, new products, new features, and substantial new known threats.

 

Can we complete a risk assessment for any one product?

Yes. Just select that product from the menu.