Supernal Software: A Systematic Approach to Risk Assessment Management

Peter Griffith, President, Supernal SoftwarePeter Griffith, President
Back in the early 2000s, Peter Griffith and his team were sailing smoothly in the sea of IT security, paving a niche in performing penetration tests, network security management and business continuity services. When their clients from community financial institutions approached them to perform GLBA risk assessments, the team assisted them with this regulatory compliance task for smoother exams. This success was soon governed by a proviso of keeping pace with sprawling technologies. However, “Our strategy of building numerous pivot tables for unending spreadsheets turned out to be cumbersome and inefficient. We needed a 3-dimensional database,” recalls Griffith. Laying this deterrent as the founding principle of his new venture, Griffith and his team designed a web-based tool—Scout®—based on Federal Financial Institutions Examination Council (FFIEC) and National Institute of Standards and Technology (NIST) standards delivering risk management automation horsepower to banks and credit unions.

Scout assists risk and compliance managers, dubbed as ‘scoutmasters,’ with comprehensive reporting, assessments, audits and more. The firm’s software caters to the growing complexity and severity in the risks and compliance arena. The software’s notable task management feature plays a significant role in managing the overall risk management and compliance program. “This centralized cloud repository saves times and increases accuracy by allowing the risk or compliance managers to assign tasks to employees across diverse projects based on the activities defined within the risk assessment,” illustrates Griffith, Supernal Software’s President. “This feature allows sending out email messages, calendaring, and measuring progress of individual tasks to monitor their status and timely delivery, and receive notifications on the same.”

In hindsight, Griffith recollects that the FFIEC conducted a study to assess the preparedness of financial institutions against cyber threats. As the hot-button topic of cybersecurity slipped out of the server room to the boardroom, the clients wanted to protect and prepare against cyber attacks in an automated and productive manner, similar to how they already worked in Scout.

We begin with a very logical entry point, like a roadmap, with a set of templates for pretty much any kind of risk assessment; this helps build consistency

Addressing this need, Supernal Software developed a Cybersecurity Assessment Tool to identify inherent risk vulnerable to cyber risks and enhance their cybersecurity preparedness. For institutions having numerous third-party vendors, the firm offers vendor management for streamlining the process of vendor risk assessments required for compliance.

Reflecting on the current scenario with dramatically evolving IT risks, Griffith states that the industry is plagued by “paralysis by analysis” where organizations are not confident on how to begin. “We strive for consistency in the templating processes, user interface and reporting,” he stresses. “We are focused on ease of use. We begin with a very logical entry point, like a roadmap, with a set of templates for pretty much any kind of risk assessment; this helps build consistency.”

Once, a large financial institution wanted to enhance their risk management program. They struggled with establishing their risk appetite levels as an enterprise, as well as at the branch levels. The different branches had differing severity of inherent risk, different controls and diverse vendors. They also had different staff assessing and communicating back to headquarters. Supernal’s centralized solution gave them the ability to perform and monitor these tasks individually at the risk assessment level and receive a consistent, single-pane view of the process. Now they could ensure the right work was being performed and on time.

Supernal’s prowess to standout in the competitive market exudes from customer service, as well as the transparency and fair and balanced considerations they offer to clients’ requests and concerns. Griffith’s leadership has been trusting his team to listen to and serve the customer. “As risks continue to evolve, we look forward to making our products more flexible, adaptable and functional for our clients,” concludes Griffith.