Riskpro Information Risk Management

  • 479 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
479
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Information Risk & Business Continuity Management Riskpro, India 1
  • 2. Who is Riskpro… Why us? ABOUT US MISSION Riskpro is an organisation of member firms around India devoted to client service  Provide integrated risk management excellence. Member firms offer wide range consulting services to mid-large sized of services in the field of risk management. corporate /financial institutions in India Currently it has offices in three major cities  Be the preferred service provider for Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance in other cities. (GRC) solutions. Managed by experienced professionals with experiences spanning various industries. VALUE PROPOSITION DIFFERENTIATORS You get quality advisory, normally delivered by large consulting firms, at fee levels  Risk Management is our main focus charged by independent & small firms  Over 200 years of cumulative experience High quality deliverables  Hybrid Delivery model Multi-skilled & multi-disciplined organisation.  Ability to take on large and complex projects Timely completion of any task due to delivery capabilities Affordable alternative to large firms  We Hold hands, not shake hands. 2
  • 3. Risk Management Advisory Services Basel II/III Advisory Corporate Risks Information Security  Market Risk  Enterprise Risk Assessment  IS Audit  Credit Risk  Fraud Risk  Information Security  Operational Risk  Risk based Internal Audit  Business Continuity  ICAAP  Operations Risk  IT Assurance  Forensic services  IT GovernanceSERVICES Operational Risk Governance Other Risks  Process reviews  Corporate Governance  Business/Strategic Risk  Policy/ Process Review  Business Strategic risk  Reputation Risk  Process Improvement  Fraud Risk  Outsourcing Risk  Compliance Risk  Forensic Accounting  Contractual Risk Training Recruitment  Banking – E Learning  Virtual Risk Managers  Corporate Training  Full Time Risk Professionals  Regular Risk Management Training  Part time Risk Professionals  Online Training material  Risk Managers on call – free  Workshops / Events 3
  • 4. Information Risk GovernanceBACKGROUND In an environment of escalating information security threats, technology outages, data integrity and quality issues, corporate governance concerns and privacy regulations, organizations need to be sure of the integrity, confidentiality, and availability of their paper & electronic information and underlying systems. This requires information handling, communication & storage systems that are properly deployed, monitored and controlled. With increasing regulatory norms being enforced for companies, managing risks affecting confidentiality, integrity and availability of vital information assets has become one of the most important business drivers as well as a key differentiator from competition.CHALLENGES Mitigation of risks related to information assets requires an organization to think outside of traditional IT controls and also look at their non-IT areas for information related risks such as people risks, compliance risks, third party/supplier risks, client related risks and physical/environmental risks. UK’s Data Protection Act, Indian Information Technology Act, US GLB/HIPAA puts onus on the information owners as well as information processor for the protection of the information. Aside from fines & penalties, companies should also think of reputation issues & business loss due to a breach. High attrition, skills/knowledge loss and valuable intellectual property in people intensive operations such as banks, insurance firms, BPO/KPOs can exacerbate threats to information. Most companies do not treat information as company assets and therefore there is insufficient oversight from board, auditors etc. 4
  • 5. Information Security Assessments Dipstick review is a high level look at the significant risks affecting information assets and a quick look at the controls. This review is suitable for Dipstick Review a quick and dirty look at the low hanging fruits or for setting context for a bigger review. Based on the global control frameworks such as ISO 27001, COBIT & ITIL,Information Security the IS audit service is meant to augment the regular internal audits & provide expertise on information security controls. The audit covers regulatory Audits compliances, adherence to internal policies/procedures, second party vendor audits, readiness checks for certifications, and compliances UK’s Data Protection Act of 1998 puts onerous responsibilities on data controllers and data processors. Penalties for noncompliance include Review of personal liability, penalties as well as possible reputation loss. The 7th andCompliance with UK 8th principals are relevant to data flowing to locations outside of UK and EEAData Protection Act (European Economic Area). We have experts who have dealt with DPA compliances & data export and offer consulting on how a non-EEA company handling UK personal data can comply with DPA principles & requirements. Info Sec Training Information security awareness training 5
  • 6. ISO 27001 Certification Services ISO 27001 is a global standard for information security practices. Originating from the British standard BS7799, ISO 27001 certification goes beyond traditional IT security & also includes other important risk areas such as employee related risks (during hiring, employment, transfers & termination), Physical/environmental risks, compliance related risks, business continuity risks, senior management commitment, linkage to risk management etc. There are 133 specific controls across 11 domains & certification is given by the external certification body only against demonstrable implementation of controls A pre-certification audit is a high level evaluation indicating where your Pre-certification company currently stands in compliance with ISO 27001 before the main assessments certification audit. This audit is conducted under certification audit conditions and non-conformances are identified for the client’s action. Pre-certification ISO 27001 consulting including gap assessments, policy & procedure design,ISO 27001 design & risk assessments, information systems controls design and evaluation. We implementation follow proven methodologies to enable your company get certified to ISO consulting 27001 standard and sustain the certification. We can also provide entire lifecycle support to ensure that after certification the client is ready for the periodic surveillance audits. 6
  • 7. Business Resiliency (BCP/DR/CM) Consulting All organizations should plan for contingencies so that business remains resilient and company can provide immediate, accurate and measured response to emergency situations. A resilient operations has sufficient planning in place and has implemented backup/recovery strategies for its data, people & infrastructure so that Critical Business Process are continued and negative impact on Business and revenue is reduced. Regulators & compliances such as Basel II require robust BCP/DR/CM programs commensurate with business objectives. Business Impact Identifying process criticalities, recovery priorities, recovery time Analysis (BIA) objectives (RTO), recovery points (RPO) & resource requirement. These form the foundation of BCP planning. BCP Crisis Management plan Design and development of BCP and Crisis Management program so development & that BCP/CM strategies & tactics support business objectives even in a Implementation disaster situation. We also provide entire BCP lifecycle support. Testing of various intensities from a walkthrough, desktop scenario to Testing services full BCP test. We can also provide a high intensity & complex scenario for stress testing BCP/CM teams. Various BCP/CM trainings for all employees, crisis management team BCP/CM training or BCP team members. 7
  • 8. Riskpro Clients Our Clients *Any trademarks or logos used throughout this presentation are the property of their respective owners 8
  • 9. Team Experiences Our Experiences Our team members have worked at world class Companies *Any trademarks or logos used throughout this presentation are the property of their respective owners 9
  • 10. RESUMES – Our team Credentials  Co-Founder - Riskpro  CA, CPA, MBA-Finance (USA), FRM (GARP) Manoj Jain  Over 10 years international experience – 6 years in Bahrain and 4 years USA  15 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design  Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)  Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)  Co- Founder - Riskpro  CA (India), MBA (Netherlands), CIA (USA) Rahul Bhan  Over 15 years of extensive internal and external audit experience in India and abroad.  Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.  Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc. 10
  • 11. RESUMES - Our team Credentials  Co-Founder - Riskpro Casper Abraham  PGD (Electrical & Electronics & Computer Programming)  30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.  Has created Companies, Divisions, Products, Brands, Teams & Markets.  Consulting in Business, Technology, Marketing & Sales & Strategic Planning.  Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard  Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,  Sr Vice President – Risk Management MBA, PDFM,NSE-NCFM, PMP, CSSGB,ISO 9001:2000 I.A,GARP-FBR, ITILV3,CPP-BPM Hemant Seigell   Professional with 17 years of rich experience into diverse Consumer finance/ Lending operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting & Housing finance in BFSI industry having successfully led key business strategic engagements across multi-product environment in APAC, Australia and US regions.  Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank  Highly skilled and expert Trainer in Risk areas across Credit, Fraud, Operational, Corporate Risk management.  Specializes in Fraud Control, AML/KYC Compliance ,QA ,ERM and Regulatory governance. 11
  • 12. RESUMES - Our team Credentials  Head - Insurance Risk Advisory services  B.sc, Associate of Indian Institute of Insurance Licensed Category A Insurance surveyor R. Gupta   26 years of experience in Insurance advisory services, Loss adjusting for large corporates,Claims management.  Has assessed more than 4500 high value insurance claims across various industry sectors.  Risk management inspection  Valuations of fixed assets for insurance purpose.  Head - Human Capital Management Nilesh Bhatia  Chartered Accountant, Lead Assessor ISO 9000, Six Sigma Trained, Trained on Situational Leadership, Trained on interviewing skills and Whole Message Model.  Over two decades of international, multi-cultural experience in finance and human resources viz. internal audit, accounting operations, accounting process review & re-designing, risk management, business solutioning, six sigma projects, talent acquisition, talent retention, organization design/redesigning, compensation and appraisal processing, employee and customer satisfaction surveys, knowledge management and finance services.  Worked with Citicorp/MGF, India Glycol, Delphi, American Express India, American Express USA, Fidelity International and Macquarie Global Finance Services India. 12
  • 13. RESUMES - Our team Credentials  Head – Taxation Risk Advisory Rajesh Jhalani  B.Com, FCA  Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra and Mehrotra  Over 19 years of experience in the field of Audit, Taxation, Company law matters.  Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of India etc. President – Banking & Financial Services  A senior researcher in Applied Mathematics leading to Ph.D after MSc (Mathematics), Sivaramakrishnan CWA, CAIIB  Combined experience of 25+ years in corporate banking, risk management, international trade finance, development of risk rating models, project finance, credit monitoring and NPA management  Since 2006 conducting open / in-house training on the above domains to all Top public/ new and old private sector banks, top MNC banks (India and abroad), leading NBFCs and corporates in manufacturing and financial services space; Worked on IFC (World Bank) funded projects for MSMEs in India and abroad  Worked for Bank of Baroda and ICICI Bank – bestowed Top Performer Award continuously two years during his tenure; widely travelled abroad for business relations, seminars, offering training, investor meetings, NYSE listing and for processes involving establishment of representative Office in USA 13
  • 14. RESUMES - Our team Credentials Executive Vice President – Risk Management ( Banking & Financial Services)  A hands-on banking professional {BSc (Mathematics), CAIIB} with considerable domestic and international experienceKashi Banerjee  An aggregate experience of 24+ years across industry, mainly BFSI in several functional areas including Retail and Commercial Banking, Corporate Lending, team member of the Business Process Re-Engineering project (BPR); conceptualizing and setting up shared services centres for centralized operations for the Bank in India.  Management through ERM framework overseeing all key areas of the business through various Operational Risk tools like KRI / RCSA matrices. Managing of major project implementation of Basel II and Compliance risk framework  Directing, reviewing and advising Board of Directors on various compliance issues and representing the bank to the Central Bank regulatory offices.  Worked for ANZ Grindlays Bank, Standard Chartered, Bahraini Saudi Bank and Dubai Holdings ( subsidiary) Consultant – Information Security & IT GovernanceAnjay Agarwal  LLB, CA, CISA, CWA, CS, CFE and others  Over 15 years of experience in the field of Audit, Taxation, Investigations.  Specializing in the field of Systems Audit, Cybrex Audit, Computer Crime Investigations, IS Forensics  International Committee Member of Governmental and Regulatory Agencies Board and Academic Relations Committee of ISACA, USA 14
  • 15. RESUMES - Our team Credentials Executive Vice President – Risk Management ( Banking & Financial Services)Vijayan Govindarajan  Professional Risk Manager with considerable domestic and international experience  An aggregate experience of 30 + years across industry, mainly Banking in several functional areas including Wholesale Credit Risk, Operational Risk, Trade Finance , Retail Banking and Islamic Financial Services.  Track record of setting up of excellence in the set-up, and management of credit and operational risk, compliance and credit administration functions in retail, commercial , Islamic Banking and offshore banking entities in the Middle East.  Key strength includes Corporate Credits, Risk Management in IT, implementation of Risk Management module in core banking Bank’s Policies, procedures, Country Risk. Played an active role in 3 core banking software implementations  Worked for a Private Sector Bank in India, ABN AMRO Bank, Bahrain, Bank Muscat Bahrain and BMI Bank Bahrain as AGM Risk Management.  Specialist Risk Consultant – ERP & IT ComplianceGourav Ladha  SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access Controls trained (from SAP India)  Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong, etc  Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings,  Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG, Pharmaceutical, Retail, Telecommunication to IT Services  Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services 15
  • 16. RESUMES - Our team Credentials  Vice President & Head – IT Risk AdvisoryRavikiran Bhandari  Over 14+ Years of Experience in Information Security and Risk Management & CISM certified  Headed the Global Information Security team of Daimler (Mercedes-Benz) Worldwide at Bangalore for 9 years, previously worked at organization like Wipro, Bangalore Labs  Multi-sector experience including Banking, Insurance, Finance, Energy, Manufacturing, Retail, Hi-Tech & Telecom, and Automobile  Well known Ethical hacker: Was featured in BusinessWorld Magazine in an article about leading ethical hackers in India and published several articles in Print and Online Media  Rich experience in Information Security Audits across Corporations, 3rd Party Suppliers, Joint Ventures across several countries in the world including US, UK, China, Germany Vice President – Legal Risk AdvisoryAashish Shrivastav   B.B.A. LL.B. (Hons.)  About half a decade experience in legal services to client’s with respect to Contract and Commercial Laws, Joint Ventures, Inbound & Outbound Investments, Private Equity Investment Transactions, Real Estate & Infrastructure, Energy and General Corporate.  Have advised various social enterprises and start ups in setting up business in India.  Worked for the leading law firms of India such as FoxMandal Little. 16
  • 17. RESUMES - Our team Credentials  Vice President – Riskpro IndiaPhanindra Prakash  FCA [India], ACMA [India], CFE [USA], CertIFRS [UK]  Over 16 years of extensive consulting experience which includes financial & systems audit, process transformation, implementation of internal controls, SOX compliance, fraud audits & due diligence, US-India taxation  Engaged in consulting roles as trusted advisor to finance, internal audit and information technology executives of multiple Fortune 1000 companies with project sites in US, Canada, Europe & Asia  Worked with E&Y and Deloitte Consulting in USA  Some of the major clients served internationally are GE Capital, UBS, McKesson, Eaton, Imation, Albertsons, 17
  • 18. RESUMES - PARTNERSHIPS  Specialist Risk Consultant – Business ContinuityAndrew Hiles  Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals  Founding director and first Fellow of the Business Continuity Institute  Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management  Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom  Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.  Specialist Risk Consultant – Enterprise Risk ManagementChris E. Mandel  Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.  Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA) Co- founder and EVP, Professional Services, rPM3 Solutions, LLC (Maryland, USA).  Past experiences include Head of Global Risk Management for USAA, PepsiCo/Tricon Global and American National Red Cross  Additional risk and insurance experience at Verizon Corp,. Marsh USA and Liberty Mutual Insurance Co.  2004 Risk Manager of the Year – 2007 recipient of the Alexander Hamilton Award for “Excellence in ERM” (at USAA) – former President, Risk and Insurance Management Society, Inc. 18
  • 19. RESUMES - Advisors Credentials  Founder partner of Mehrotra and Mehrotra, a 48 year old CA firm in India Mr. MP Mehrorta  B.Com, FCA, LLB  Over 48 years of experience in audits, taxation, legal matters, loan syndication etc.  Trustee of Cochin Port Trust, Member of Task Force for MOUs, Ministry of Heavy Industries & Public Enterprises, Govt. of India, Ex- Member of Central Board of Trustees, Employees’ Provident Fund Organisation (EPFO), Ministry of Labour, Govt. of India, New Delhi.  Ex - Director, Canara Bank  Practicing chartered accountant in Delhi  CA, ICWA Mr. PK Gupta  Over 35 years of professional experience.  Trustee, Kargil Shaheed Smarak Samiti  Hon. Treasurer, World Academy of Spiritual Sciences (WASS).  Panel Arbitrator, International Centre for Alternative Dispute Resolution  Arbitrator, Cement Corporation of India  Arbitrator, Bombay Stock Exchange Limited  Arbitrator, Central Depository Services (India) Limited  Arbitrator’s Panel of Indian Council of Arbitration 19
  • 20. Key ContactsCorporate Mumbai Delhi Bangalore Riskpro India Manoj Jain Rahul Bhan Casper AbrahamVentures (P) Limited Director Director Director M- 98337 67114 M- 99680 05042 M- 98450 61870 manoj.jain@riskpro.in rahul.bhan@riskpro.in casper.abraham@riskpro.in info@riskpro.in www.riskpro.in Sivaramakrishnan Hemant Seigell Vijayan Govindarajan President – Banking & FS SVP – Risk Management EVP – Risk ManagementC 561, Defence colony M- 98690 19311 M- 99536 97905 M- 99166 63652 New Delhi 110024 smaran.iyer@riskpro.in hemant.seigell@riskpro.in vijayan.govindarajan@riskpro.inAhmedabad Pune Kolkata GurgaonMaulik Manakiwala M.L. Jain Kashi Banerjee Nilesh BhatiaAssociate Firm Principal – Strategy Risk EVP – Risk Management Head – Human Capital Mgt.M – 98256 40046 M- 98220 11987 M- 98304 75375 M- 98182 93434 mljain@riskpro.in kashi.banerjee@riskpro.in nilesh.bhatia@riskpro.inGourav LadhaSap Risk AdvisoryM- 97129 52955Salem Ghaziabad Agra HyderabadChandrasekeran R Gupta Alok Kumar Agarwal Phanindra PrakashRecruitment franchisee Head – Insurance Risk Associate Firm Member FirmM – 94435 99132 M- 98101 07387 M- 99971 65253 M- 95500 61616Copyright- © 2012 Riskpro ,India .All rights reserved. 20
  • 21. Key Contacts (Continued)Corporate Bangalore Riskpro India Ravikiran BhandariVentures (P) Limited VP – IT Risk Advisory M- 99001 69562 ravikiran.bhandari@riskpro.in info@riskpro.in www.riskpro.inC 561, Defence colony New Delhi 110024Copyright- © 2012 Riskpro ,India .All rights reserved. 21