Relieving an ERM Headache 

The Challenge

CBC Federal Credit Union had a vendor management solution, a risk management system, a business continuity system, and an audit platform—but they were all products from different companies. 

The result was a managerial and administrative headache for Tim Rademaker, vice president of enterprise risk management, and his staff. 

Each month Rademaker would spend hours on reporting, trying to get a clear picture of risk by adding together all the pieces.

“We would generate reports from our vendor management platform and risk management platform, take audit findings from our audit platform, and then try to figure out how to connect the dots of these systems. We would then make our own reports on Excel spreadsheets and Word templates.”

The Solution

CBC FCU operates with the belief that strong risk management includes vendor management, findings, and cybersecurity. Rademaker wanted a functional, easyto-use risk management system that would put them all together and produce consistent, holistic results. Just as important, he wanted a partner that had a team and mission he felt comfortable with. 

Rademaker found that with Ncontracts’ suite of products, including Nvendor with services, Nrisk, Ncontinuity, and Ncyber. 

“We like Ncontracts’ suite of products because they are all connected. We are able to correlate risks with findings and vendor management issues,” says Rademaker, who has been a Ncontracts customer for over 18 months. 

With Ncontracts, data entered into one area is imported into other modules for seamless reporting, providing 360-degree views of risk throughout the enterprise with the push of a few buttons. For example, findings and vendor issues are automatically put into risk assessments. Mandatory risk assessments like the Bank Secrecy Act are built into the system, creating subcategorized risk assessments useful to both the examiners and the compliance department. 

Automated reminders make it easy to keep staff on task, with staff able to access the system and enter data with a single click of an email link. 

“It makes that whole experience so much easier for me to administer and present to the board and executive leadership team,” he explains. “It really allows a risk manager to simplify that whole process.”

The Results

CBC FCU is better prepared to navigate shifting economic and regulatory conditions thanks to key performance indicators that help the credit union determine where it wants to go and how it will get there. “We have a better, unified process.” 

Dramatically less time spent on reporting: Report generation went from 3 hours a month to just 15 minutes. 

Save on cost of one full-time employee: Outsourcing onerous vendor due diligence document collection and analysis eliminates the need for an additional employee. “Nobody wants to read through the SOC 2. No one wants to spend hours trying to decipher it and make a recommendation.” 

Administrative work reduced dramatically: Rademaker no longer has to constantly remind and cajole staff to work on risk assessments. “Because the system automatically sends out required alerts for what my team needs to do, we’re not dependent on users remembering to do something and asking them nicely over and over.” 

Make updates without logging in: Rather than remember a variety of passwords and systems, staff can simply click on an email notification to enter data—even participants who aren’t in the system like auditors. “It allows you to do the work quickly without a lot of cumbersome clicks.” 

Custom reporting: Rademaker quickly learned how to modify and save reports to create his own custom version and create his own risks and controls. “I pick reports that I need and they are packaged into nice, cohesive documents.” 

Cultural shift to risk optimization: Instead of avoiding conversations about risk because it’s just something else to manage, simplifying risk management has helped promote a “risk optimization” mind set. “When you have a way to make risk assessments simpler, you get much better results...I feel confident that the executive team and management are able to interact with our process more because it is simpler, quicker, better.” 

Speedy cyber assessment: After two years of attempting to use the FFIEC Cybersecurity Assessment Tool, Ncontracts helped CBC FCU finish the job. “The process is much improved because the toolset allows you to share information with multiple users, assigns tasks. At the end it spits out a lot of cool reports to share with the InfoSec committee.”

Improved business case analysis: Using the Ncontracts questionnaire tool, CBC FCU collects data from prospective and existing third-party vendors. “Due diligence begins before we have an agreement with a contractor or new provider.” 

Expert insight into risk controls: Ncontracts’ risk and controls library encourages staff to think about risk in different ways. “It helps spur thought, and it’s constantly updated and upgraded. It’s very beneficial.”