AuditLink Suite VM Package

Assessment of Vendors
We will assess up to fifty of your financial institution’s vendors to determine how critical they are to the financial institution’s operations and reputation. The assessment will rate each vendor and determine if on-going monitoring will be required. You will be able to scan in all vendor contracts and create automated notices for important dates such as annual reviews, pre-termination notices, and termination dates. The operative word with G2Link is that the system is dynamic, not static like most paid for vendor management systems, or free ones such as our own Risk Management Report Generator.

Creating and Categorizing Vendors in the AuditLink VM System
We will create important milestones and vendor requirements for the on-going monitoring of vendors. We will monitor for and collect new financial statements, insurance certificates, annual third party audits, network penetration testing results, and more. These are defined in the AuditLink VM software as certificates of trust and is the basis for the alert and scoring system.

These certificates are actively reviewed by the system and AuditLink team. When one is breached the team goes into action by contacting the vendor to remedy the situation. Currently financial institutions bare 100% of the cost to collect and compile the required data, but G2Link provides a means for vendors to push the data to the financial institution, which is then automatically associated with the applicable compliance requirements.

Community Curation
One of the most powerful tools in the system is its ability to continuously monitor the net and public repositories for anything related to a vendor. Curation teams build an active community around the financial institution and its vendors where key data is continually generated and monitored. Currently there are over 10,000 users tracking 100,000 companies. In a sense it is a search engine that is continuously monitoring the vendor for anything that is associated with their operations. By building a network of companies it strengthens the available data feeds provided by and for the business community. The platform actively pulls data from many sources including news, industry events, and subjective and objective data sources. This information, in turn, is fed into the vendor’s profile and the financial institution’s dashboards for instant evaluation.

This is where AuditLink really goes to work for the financial institution. AuditLink will have dedicated staff reviewing your vendors on a daily basis. This monitoring includes the management of alerts relative to requirements established at the time of vendor set-up, news and important happenings relative to curation, scoring movements, violations of trust, and more. This will serve as the on-going due diligence the financial institution is required to maintain and manage. Why? Namely for the protection of the financial institution’s operations, reputation, and business resilience. Surprises in the area of vendor management are never good and in many cases can have dramatic implications on the financial institution’s operations, income statement, reputation, and even capital.

Working with your vendors is a key component of the monitoring services. AuditLink VM is designed to be used not only by the AuditLink team, but also your staff and your vendors. For example, you might give your vendors the ability to sign onto the system and upload their annual financial statement. All components of your vendor relationship will live in a single space and it will be unnecessary for you to maintain physical files. Every component is easily indexed through a graphical historical time line for instantaneous access.

Reporting and Communicating
AuditLink will report to you on a regular basis for alert activity, but will also provide a comprehensive report at the end of each month. Additionally, you will have your own sign on to the site we use for reporting and can instantaneously generate your own reports. Your administrator will be able to dictate what each user has authority to see and do, making it possible to create different user profiles based on role or responsibility. You could even allow external auditors and/or regulatory supervisors the ability to access the site to view the institution’s progress on vendor management, or provide access to your IT manager with a dashboard relevant to their responsibilities.

Review of Existing and New Vendors
On an annual basis, the AuditLink team will review existing vendor relationships for your financial institution, and evaluate and curate each as deemed necessary through the risk assessment process using components from our continuous monitoring. New vendors added during the year will undergo a similar evaluation process, during which time we will determine the criticality of that vendor. Remember though, this annual evaluation in and of itself does not constitute a full due diligence process; continuous monitoring is required.

The application is hosted on a cloud-based infrastructure that is designed to be one of the most scalable, reliable and secure environments available. It is ISO 27001 certified and has been validated as a Level 1 service provider under the Payment Card Industry Data Security Standard (PCI DSS). Additionally, we

Since signing on with AuditLink 2 years ago, Northern Hills FCU has saved thousands of dollars in compliance and audit services. AuditLink performs the daily log management and saves us time by helping us concentrate on only those transactions that require further scrutiny. They help us keep pace with the regulatory changes on the horizon and provide valuable advice about potential changes we need to implement.