WolfPAC^SM

Wolf & Company's WolfPAC^SM service is a secure, on-line suite of assessment services incorporating elements of enterprise risk into a single, integrated service. Built by the professionals you already know and trust, WolfPAC^SM puts our risk management expertise at your fingertips.

Every organization must manage risk. Typically organizations do not have a centralized view of risk management initiatives. The ability to create a centralized view of operations provides managers with an understanding of their risk profile and allows them to plan and budget accordingly. WolfPAC^SM allows your organization to view its risk profile across the people, processes, and technologies deployed within the organization, decreasing risk exposure and saving time and money.

What are the benefits of WolfPAC^SM?

With WolfPAC^SM, you can assess risks and controls on-line, view centralized results across the organization and evaluate and validate your risk profile against industry practices. Significant features include:

Simple browser-based interface
Continually updated methodology
Secure hosting over the Internet
Strong authentication and password controls
Role-based user access levels and views
Detailed event tracking and history
Real-time results and peer group comparisons
Historical reporting

WolfPAC^SM provides the necessary speed, accuracy and validation you need to assess your risk and evaluate your control environment.

There are eight (8) modules to the WolfPAC^SM service. Purchase one, two, or more modules to meet your business needs. Multi-module discount pricing available.

Information Technology Risk Assessment

The information technology risk assessment methodology provides an aggregate risk rating for each technology. The aggregate risk rating is established through the evaluation of the likelihood of identified technology risk (Quantity of Risk) together with the information security controls in place (Quality of Risk Management and Controls). The information collected is analyzed against a technology risk assessment model that is built on industry knowledge and practices and provides the threat dimensions for assessment.

Customer Information Risk Assessment

The customer information risk assessment methodology provides for the identification and risk assessment related to customer information held under the organization's control. Phase 1 of the assessment identifies business processes / functions and classifies information contained in paper inputs and paper outputs, stored or transmitted electronically and transmitted or stored by vendors and service providers. Phase 2 applies an assessment framework to assess the inherent risk of the information and the controls to protect it.

Regulatory Compliance Risk Assessment

The compliance risk assessment methodology provides an aggregate risk rating for rules, laws, and regulations. The first assessment phase quantifies each regulatory requirement within each compliance topic. The second assessment phase provides a more detailed analysis to assess the organization's risk associated with each element of the regulation. The results will establish guidelines for a compliance audit and monitoring program.

Vendor Risk Assessment

A vendor risk assessment is fundamental to the maintenance of an effective and comprehensive vendor management program. It identifies where to dedicate and focus valuable resources to vendor management and will also provide a schedule to monitor vendors for financial stability and adherence to previously contracted services.

Financial Reporting Controls Assessment

The financial controls assessment methodology will tabulate the risks and controls that are pertinent to financial statement reporting and allow for the documentation, testing, and record keeping of those controls over time. The assessment will analyze the business processes that support the organization's financial statements.

Disaster Recovery

The disaster recovery methodology identifies critical threats to the organization that could render some or all business processes inoperable. Vulnerability analysis, business impact analysis, and technology dependencies are evaluated to prioritize recovery steps and establish recovery time objectives. The objective is to create and document guiding principles and polices that should be followed to address a disruption in site availability, system availability, or both.

Incident Response

The incident response methodology identifies critical information security threats to the organization that could render some or all business processes inoperable. Information on systems and classification of stored data is collected and analyzed against a security response model that is built on industry knowledge and practices and provides eight areas for response including response planning, detection, communication, evidence preservation, containment, elimination, recovery, and plan remediation. The objective is to provide a response plan for each critical technology and to document guiding principles and policies that should be followed to address a disruption in business processes due to an external hack, internal security breach, or malicious software code such as computer viruses or spyware.

Operational Risk Assessment

The operational risk assessment methodology creates a centralized view of business operations and provides an understanding of the organization's risk profiles by operating unit or department. The assessment results facilitate the design of internal audit programs and provide tools to efficiently allocate resources to confirm financial and operational controls are functioning as designed.

By providing the ability to inventory core business elements once and reuse the results across different modules, WolfPAC^SM offers valuable insight into your business while saving time and money. For more information on WolfPAC^SM contact Michael D. Cohn (617) 428–5488

To sign up for our webinar, click here.