People Risk Collateral


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

People Risk Collateral

  1. 1. PRAYPeople Risk Assessment & Yield Riskpro, India 1
  2. 2. Who is Riskpro… Why us? ABOUT US MISSION Riskpro is an organisation of member firms around India devoted to client service  Provide integrated risk management excellence. Member firms offer wide range consulting services to mid-large sized of services in the field of risk management. corporate /financial institutions in India Currently it has offices in three major cities  Be the preferred service provider for Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance in other cities. (GRC) solutions. Managed by experienced professionals with experiences spanning various industries. VALUE PROPOSITION DIFFERENTIATORS You get quality advisory, normally delivered by large consulting firms, at fee levels  Risk Management is our main focus charged by independent & small firms  Over 200 years of cumulative experience High quality deliverables  Hybrid Delivery model Multi-skilled & multi-disciplined organisation.  Ability to take on large and complex projects Timely completion of any task due to delivery capabilities Affordable alternative to large firms  We Hold hands, not shake hands. 2
  3. 3. Risk Management Advisory Services Basel II/III Advisory Corporate Risks Information Security  Market Risk  Enterprise Risk Assessment  IS Audit  Credit Risk  Fraud Risk  Information Security  Operational Risk  Risk based Internal Audit  IT Assurance  ICAAP  Operations Risk  IT Governance  Forensic servicesSERVICES Operational Risk Governance Other Risks  Process reviews  Corporate Governance  Business/Strategic Risk  Policy/ Process Review  Business Strategic risk  Reputation Risk  Process Improvement  Fraud Risk  Outsourcing Risk  Compliance Risk  Forensic Accounting  Contractual Risk Training Recruitment  Banking – E Learning  Virtual Risk Managers  Corporate Training  Full Time Risk Professionals  Regular Risk Management Training  Part time Risk Professionals  Online Training material  Risk Managers on call – free  Workshops / Events 3
  4. 4. Operational Risk ManagementBACKGROUND Operational risk is everywhere. Losses from operational failures can be devastating No single person in the organisation can manage Operational Risk. It requires commitment from each and every person. Operational Risk is not rocket science. It is a culture change. Training and awareness are the best solutions for sustained ORM.CHALLENGES Main challenge is how to motivate & incentivize various risks owners to manage Operational Risk. Operational risks do erode the corporate earnings & affect the reputation in the marketplace. Velocity & momentum of operational risk events can take company by surprise and its exposure is difficult to manage, without a robust framework Operational risk success is largely linked to People Risk and “Human Factor”. Sometimes addressing people issues is a way to manage operational risk. 4
  5. 5. Operational Risk Management – Building Blocks  Review risk management structures & infrastructureOperational Risk  Compare against best practices, strategic objectives and regulations.Governance  Develop operational risk policies, frameworks, terms of reference and implementation project plans.  Development of Risk Control Self Assessment (RCSA) methodology,ORM Framework  Risk Register to assess the gross & net risks and identify/scoring the relevant controls.  Risks reporting, CRO dashboards & heat maps showing RAG status.  Capture and analysis key risks metrics (and controls) leading to the validation ofKRI the risk and control assessments.  Issues and action plan, remediation of KRI breaches Loss and incident reporting frameworkOperational Loss Process to analyze operational losses & near misses.Database Best practices in valuation and risk modeling. Basel II ORM FrameworkBasel II Capital computation and modeling. AMA and capital calculation Establishing AMA framework in accordance with regulatory requirements 5
  6. 6. Background and Challenges to People RiskBACKGROUND India is People-centric. In a global context; manpower outsourcing comes to India and has to be a part of their Global Solution. All companies rely on efficient, honest and effective people to grow and create business value People risk management goes beyond hiring good people and carrying out annual performance evaluation.CHALLENGES People risk is often forgotten, neglected. Companies build models, frameworks to manage risk..but ignore People themselves People are, indirectly or directly, at the core of all risks  Starting with the way they are; their background, early childhood, how they got to be where they are; personal & family life. Debt, Gambling, indulgent to the good life? Unlike Logistics, Finance, Marketing, Sales, Distribution etc. the risk related to People has a range of ‘different’ local, regional, enterprise, cultural & global implications. Most companies do not have quantitative score or metric that measures people risk levels. 6
  7. 7. The People Risk Landscape People Actions Costs Behavioural Employees Order Acceptance Direct OR Indirect Stopped Learning TEMPS Procurement Fixed OR Variable Ego – Alpha-Male Ghost Employees Wrong Vendor Not Insured No Succession Planning Wrong Hiring Obsolescence Suppliers High Risk Behavour Re-work & Waste Catering Staff Poor Due-Diligence Personal Debt Housekeeping Liable for Litigation Negligence Greed Security Staff Graft (CORRUPTION) Clinical Problem(s) Drivers 100% Revenue Loss Cartel Increased Cost Long term consequence Customers Poor Decisions Lower Profits 7
  8. 8. How People’s ACTIONS increases or decreases risks EVERY Decision that a person takes affects Revenue, Collection, Expenses, Payables, project or ultimately the bottom-line of the company. Negligence OR wanton delay adds to inefficiencies, project delays, increased cycle times, lower customer or supplier satisfaction and can even jeopardize the Transaction Once a thief always a thief Failure to properly verify a cheque payment for a large sum. Misbehavior with colleagues Writing degrading emails about companies to external parties News and print news about employees due to their personal lifestyle, behavior All such behaviors are noted by management, employees warned or a note made in their personal files. But no tracking taken to consolidate this information, see an overall risk score of that each employee or at the company level. Decision making delays, process inefficiencies, bad leadership all require some quantification and aggregation to highlight your STAR performing employees and the bad ones. 8
  9. 9. Bottom Up Approach to People Risk Management Performance Evaluation Behavioral Supervisor HR Dept Assessment Risk Business Entity Line 1 Incident Level Reports Profitability Actions parameters Business targets Performance Evaluation Company Level Behavioral Risk Score Supervisor Assessment Incident Business Reports Line 2 Actions Other input sources Other Other Aggregation sources of See examples on next slide Category inputs 9
  10. 10. People Risk Management – Other Inputs to the Model HR Dept Inputs  Skills set gap, succession planning, outstanding jobs unfilled. All HR inputs can be considered by PRAY to model some level of risk score at entity level. Recruitment Verification  Results of internal, external verification, due diligence Risk Register  Inventory of known risks relating to people risk. Aggregate score of company wide HR Risk register Incident Reporting and Issues Management Database  Responsible for how much of financial losses, number of events by the persons, all incidents with evidence support. Audio, Video, Documents etc Performance Appraisal System  Add risk elements to existing Systems, Methods & Practice Reporting System  Predictive and Pre-empts. Real-time Alerts. Yesterday, Last-week, Last-month, Last-quarter and Last-year knowledge. Why? Who? What for? 10
  11. 11. Examples of Parameters for modeling people risk Beyond Working-Hour Factors Involving Self High-Risk Hobbies; Alpha; Aggressive Gambling; Speculation Drinking; Drugs Greedy Opposite Sex Issues Beliefs such as Faith/Religion Involving Family Emotional Pressures Financial Pressure Dysfunctional Factors Involving Others Bad company Risk Rating Track-Record Litigation - Legal Action Risk Above are just some of the hundreds of parameters and inputs that re used to model people risk score. All parameters can be customized s per client requirement, or can be easily configured (ON/OFF) by company’s administrator. Rating weights and score can be configured in consultation with company management so that important factors are given more weightage and thus arriving at an accurate risk indicator 11
  12. 12. OUTSOURCING 12
  13. 13. Outsourcing Activity - Detailed Checklist to monitor Risks MANAGING OUTSOURCING RISK Outsourced Activity: Business Unit:Sr. No. Checklist Yes/No Risk Covered Remarks A General Guidelines- Ensure completion of this checklist for all outsourcing contracts within RBI scope of Compliance and 1 outsourced arrangements. Operational Risk Ensure appropriate management structure/ appointment of an outsourcing coordinator within Bank/department to oversee the outsourcing arrangement process from start to end 2 Management risk If outsourcing is a regular activity, build and maintain a database of potential service 3 providers to avoid single vendor dependency Concentration risk Exhaustive list of outsourced arrangements with relevant details like - name of the vendor, nature of activity outsourced, name of department utilizing services of vendor, start and end dates of contracts, Bank coordinator name/ Outsourcing relationship manager, Vendor 4 coordinator name, value of contract Compliance risk Ensure that there are no conflicting process notes, circulars etc prepared by the Business Unit that conflict with Banks Outsourcing Policy, other process notes, procedures with 5 respect to outsourcing. Compliance risk B Decision making process - Business Unit should do adequate research to support the business case for outsourcing 6 Strategic risk Documentation of outsourcing proposal/business case and sign-off from all concerned on Cost Benefit Anaylsis, other tangible and intangible benefits arising from the arrangement, 7 vendor selection criterias Management risk 13
  14. 14. Outsourcing of Financial Services - Monitoring and Review RBI Guidelines -Outsourcing of Financial Services by banks – RBI/2006/167 DBOD.NO.BP. 40/ 21.04.158/ 2006-07 dated November3, 2006  Due due diligence, in relation to outsourcing, should consider all relevant laws  In considering or renewing an outsourcing arrangement, appropriate due diligence should be performed to assess the capability of the service provider to comply with obligations in the outsourcing agreement. Due diligence should take into consideration qualitative and quantitative, financial, operational and reputational factors  A central record of all material outsourcing should be maintained to facilitate Board/Senior Management review  Half yearly reviews of material Outsourcing be placed before the Board  Regular audits to assess the adequacy of the risk management practices adopted in overseeing and managing the outsourcing arrangement  Banks should, at least on an annual basis, review the financial and operational condition of ALL the service provider to assess its ability to continue to meet its outsourcing obligations. Such due diligence reviews, should highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity preparedness. 14 14
  15. 15. Knowledge Management Program EXAMPLE OFFERINGProblem StatementHigh attrition rate means that exiting employees and entering employees upset theenvironment as follows: Exiting employees take critical and confidential data New employees take significant time to learn the process Background checks become time consuming given the large volume of recruitments Data access controls may be absent Work flows and user guides are not availableRiskpro Solution Comprehensive review of requirements and establish a proper Knowledge Management Program Implement Desktop instructions, user guides so that new employees can start off quickly and minimize mistakes Proper access control and archival of digital data in secure folders Tool enablers to manage the recruitment, background verification 15
  16. 16. 16
  17. 17. ANNEXURE II - Legal Compliance 17
  18. 18. Legal compliance Stage 1 – CAC  Preparation of Compliance Audit Checklist (CAC) covering all relevant laws applicable to the target unit. Stage 2 - Visit to location  Verification of relevant records and documents available.  Compilation of draft report based upon findings and observations of the audit team  Review meeting with the unit head / work directors to discussion on the finding of audit. Stage 3 – Report  Submission of detailed Non Compliance (NC) report to the company (Board of Directors or Compliance Head)  Follow up with the unit to verify action taken 18
  19. 19. Legal compliance (Acts covered - HR)Factories Act, 1948 Shop & Establishment Act (state acts)Payment of Wages Act, 1936 Maternity Benefits Act, 1961Minimum Wages Act, 1948 Gratuity Act, 1972Equal Remuneration Act, 1976 ESI Act, 1948Payment of Bonus Act, 1965 Apprentices Act, 1961Provident Fund & Misc Provisions Act, Employment Exchanges (Compulsory1952 Notification of Vacancies Act), 1959Contract Labour (Regulation & Abolition) act, Trade Unions Act, 19261970 Private Security Agencies RegulationWorkmen Compensation Act, 1923 Act, 2005Prevention of Sexual Harassment Industrial Disputes Act, 1947(Guidelines)Labour Welfare Act (state acts) 19
  20. 20. Legal compliance (Acts covered - Engg.)Electricity Act, 2003 Environment Protection Act, 1986 Water (Prevention and Control ofPetroleum Act, 1934 Pollution) Act, 1981 Air (Prevention and Control ofExplosives Act, 1884 Pollution) Act, 1981Boilers Act, 1923 Water Cess Rules, 1977 Hazardous Waste Handling &Legal Meteorology Act, 2011 Management Rules, 1989Essential Commodity Act, 1945 20
  21. 21. Legal compliance (Acts covered – Tax & Misc)Micro, Small & Medium Central Excise Act, 1944Enterprises Devel. Act, 2006Central Sales Tax Act, 1956 State VAT ActsCustoms Act, 1962 (export and import Service Tax Act, 1955documentation)Income Tax Act (payment of Tax, TDS) Foreign Exchange Management Act Industries (Development &Negotiable Instruments Act, 1881 Regulation) Act, 1951Information Technology Act, 2000 Motor Vehicles Act, 1988Competition Act, 2002 21
  22. 22. Riskpro Clients Our ClientsAny trademarks or logos used throughout this presentation are the property of theirrespective owners 22
  23. 23. Team Experiences Our Experiences Our team members have worked at world class Companies Any trademarks or logos used throughout this presentation are the property of their respective owners 23
  24. 24. RESUMES – Our team Credentials  Co-Founder - Riskpro  CA, CPA, MBA-Finance (USA), FRM (GARP) Manoj Jain  Over 10 years international experience – 6 years in Bahrain and 4 years USA  15 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design  Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)  Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)  Co- Founder - Riskpro  CA (India), MBA (Netherlands), CIA (USA) Rahul Bhan  Over 15 years of extensive internal and external audit experience in India and abroad.  Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.  Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc. 24
  25. 25. RESUMES - Our team Credentials  Co-Founder - Riskpro Casper Abraham  PGD (Electrical & Electronics & Computer Programming)  30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.  Has created Companies, Divisions, Products, Brands, Teams & Markets.  Consulting in Business, Technology, Marketing & Sales & Strategic Planning.  Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard  Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,  Vice President – Risk Management (Fraud Risk, BFSI)  MBA, PDFM, NSE-NCFM, PMP, CSSGB,Trained ISO 9001:2000 I.A Hemant Seigell  Professional with 17 years of rich experience into diverse Consumer finance/ Lending operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting & Housing finance in BFSI industry having successfully led key business strategic engagements across multi-product environment in APAC, Australia and US regions.  Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank  Highly skilled and expert Trainer in Fraud Risk areas across Credit, Corporate Risk management.  Specializes in Fraud Control, Compliance QA ,ERM and Regulatory governance. 25
  26. 26. RESUMES - Our team Credentials  Co-founder- Riskpro Rajesh Jhalani  B.Com, FCA  Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra and Mehrotra  Over 19 years of experience in the field of Audit, Taxation, Company law matters.  Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of India etc.  Specialist Risk Consultant – ERP & IT Compliance  SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access Controls trained (from SAP India) Gourav Ladha  Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong, etc  Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings,  Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG, Pharmaceutical, Retail, Telecommunication to IT Services  Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services 26
  27. 27. RESUMES - PARTNERSHIPS Credentials Consultant – Information Security & IT Governance  LLB, CA, CISA, CWA, CS, CFE and others Anjay Agarwal  Over 15 years of experience in the field of Audit, Taxation, Investigations.  Specializing in the field of Systems Audit, Cybrex Audit, Computer Crime Investigations, IS Forensics  International Committee Member of Governmental and Regulatory Agencies Board and Academic Relations Committee of ISACA, USA  Consultant – Quality Management Founder of PMG, a TQM Consulting Co in Delhi Piyush Kumar   Mechanical Engineer  20+years experience in TQM concepts.  Strong skill set in various productivity & quality improvement projects including Six Sigma offerings  Past experiences include reputed organizations like Andersen Consulting, Eicher Consulting & Nathan & Nathan consultants 27
  28. 28. RESUMES - PARTNERSHIPS  Specialist Risk Consultant – Business ContinuityAndrew Hiles  Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals  Founding director and first Fellow of the Business Continuity Institute  Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management  Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom  Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.  Specialist Risk Consultant – Enterprise Risk ManagementChris E. Mandel  Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.  Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA) Co-founder and EVP, Professional Services, rPM3 Solutions, LLC (Maryland, USA).  Past experiences include Head of Global Risk Management for USAA, PepsiCo/Tricon Global and American National Red Cross  Additional risk and insurance experience at Verizon Corp,. Marsh USA and Liberty Mutual Insurance Co.  2004 Risk Manager of the Year – 2007 recipient of the Alexander Hamilton Award for “Excellence in ERM” (at USAA) – former President, Risk and Insurance Management Society, Inc. 28
  29. 29. RESUMES - Advisors Credentials  Founder partner of Mehrotra and Mehrotra, a 48 year old CA firm in India Mr. MP Mehrorta  Bcom, FCA, LLB  Over 48 years of experience in audits, taxation, legal matters, loan syndication etc.  Trustee of Cochin Port Trust, Member of Task Force for MOUs, Ministry of Heavy Industries & Public Enterprises, Govt. of India, Ex- Member of Central Board of Trustees, Employees’ Provident Fund Organisation (EPFO), Ministry of Labour, Govt. of India, New Delhi.  Ex - Director, Canara Bank  Practicing chartered accountant in Delhi  CA, ICWA Mr. PK Gupta  Over 35 years of professional experience.  Trustee, Kargil Shaheed Smarak Samiti  Hon. Treasurer, World Academy of Spiritual Sciences (WASS).  Panel Arbitrator, International Centre for Alternative Dispute Resolution  Arbitrator, Cement Corporation of India  Arbitrator, Bombay Stock Exchange Limited  Arbitrator, Central Depository Services (India) Limited  Arbitrator’s Panel of Indian Council of Arbitration 29
  30. 30. Contacts and Office LocationsCorporate Mumbai Delhi Bangalore Riskpro India Manoj Jain Rahul Bhan Casper AbrahamVentures (P) Limited Director Director Director M- 98337 67114 M- 99680 05042 M- 98450 61870 Shriram Gokte Hemant Seigell Principal - Information Risk VP – Risk ManagementC 561, Defence colony M- 98209 94063 M- 99536-97905 New Delhi 110024 hemant.seigell@riskpro.inAhmedabad Pune AgraMaulik Manakiwala M.L. Jain Alok Kumar AgarwalAssociate Firm Principal – Strategy Risk Associate FirmM - 91 9825640046 M- 9822011987 M- 99971 65253 mljain@riskpro.inGourav LadhaSap Risk AdvisoryM- 97129 52955 THANKS 30