Sap risk advisory presentation


Published on

• Riskpro is India’s first national practice dedicated to risk management services and training, corporate governance, and global regulatory compliances
• Risk can be defined as a prospect of loss or reduced gain that can adversely affect the achievement of an organisation’s objectives
• When greed overtakes need, it spells trouble. Manifested as ‘bankruptcy’ in much of the developed world and ‘corruption’ closer to home, greed has clearly disrupted some major industrialised economies and enhanced the risks of doing business
• In today’s world, risks are not few. The reason companies so often fail to systematically manage their key risks is rooted in the way they define the risks they face. Risks are manageable and the answer to untapped business opportunities that lie dormant waiting for risk factors to turn favourable
• Riskpro was founded in 2009 with offices in Mumbai, Delhi, and Bangalore and it has already added eight member firms in Ahmedabad, Agra, Chennai, Gurgaon, Hyderabad, Jaipur, Ludhiana, and Pune. All our offices and member firms are well equipped and staffed with qualified professionals viz. CA, CWA, CS, CPA, CIA, CISA, CFA, and MBA
• Riskpro’s founders are qualified risk management specialists with extensive work experience in Europe and USA in several industries and financial institutions
• Riskpro aims to be the preferred service provider for large and medium enterprises on risk protection, corporate governance, and global regulatory issues; delivering state-of-the-art quality and timely services at viable rates

• Our four major practice specialisations /service lines are:
 Risk: Enterprise Risk Management (services and training & recruitment)
 Governance: Corporate Governance and Transparency
 Compliance: Global and Indian Regulatory Compliances
 Training: in all of the above service lines

• The Risk Practice deals with all classes of risks and processes viz. governance, strategic, systemic /infrastructure, compliance, reporting, and financial reporting. Processes require that key risks are properly identified, measured, monitored, controlled, and reported. Processes may also require tools like risk based internal audit, information security testing, and fraud investigations, to be employed
• The Governance Practice deals with corporate oversight and risk governance issues within an organization including business continuity planning, compliance with SEBI guidelines by listed companies, regulations relating to independent directors, investor expectation and protection, Clause-49 on corporate governance, etc
• The Compliance Practice covers a wide range of regulatory and environmental compliances including Sox, IFRS, Solvency II, Basel II /III, Corporate Laws & Direct Tax Code etc
• The Training Practice comprises of a variety of structured and /or industry specific training programs and modules designed and conducted by Riskpro experts and trainers at onsite (client or other off

Published in: Business, Economy & Finance
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Sap risk advisory presentation

  1. 1. Risk Management Advisory & Consulting ERP Risk Advisory Services Riskpro, India 1
  2. 2. Who is Riskpro… Why us? ABOUT US MISSION Riskpro is an organisation of member firms around India devoted to client service  Provide integrated risk management excellence. Member firms offer wide range consulting services to mid-large sized of services in the field of risk management. corporate /financial institutions in India Currently it has offices in three major cities  Be the preferred service provider for Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance in other cities. (GRC) solutions. Managed by experienced professionals with experiences spanning various industries. VALUE PROPOSITION DIFFERENTIATORS You get quality advisory, normally delivered by large consulting firms, at fee levels  Risk Management is our main focus charged by independent & small firms  Over 200 years of cumulative experience High quality deliverables  Hybrid Delivery model Multi-skilled & multi-disciplined organisation.  Ability to take on large and complex projects Timely completion of any task due to delivery capabilities Affordable alternative to large firms  We Hold hands, not shake hands. 2
  3. 3. Risk Management Advisory Services Basel II/III Advisory Corporate Risks Information Security  Market Risk  Enterprise Risk Assessment  IS Audit  Credit Risk  Fraud Risk  Information Security  Operational Risk  Risk based Internal Audit  IT Assurance  ICAAP  Operations Risk  IT Governance  Forensic services  ERP RiskSERVICES Operational Risk Governance Other Risks  Process reviews  Corporate Governance  Business/Strategic Risk  Policy/ Process Review  Business Strategic risk  Reputation Risk  Process Improvement  Fraud Risk  Outsourcing Risk  Compliance Risk  Forensic Accounting  Contractual Risk Training Recruitment  Banking – E Learning  Virtual Risk Managers  Corporate Training  Full Time Risk Professionals  Regular Risk Management Training  Part time Risk Professionals  Online Training material  Risk Managers on call – free  Workshops / Events 3
  4. 4. Our Delivery Methodology FREE USP ―No Cost – Know Risk‖ Diagnostic Assessment (To determine your pain points, industry benchmarking etc) GAP ANALYSIS & PROJECT DEFINITION (Riskpro and clients brainstorm define project) USP PROJECT TEAM DEFINITION Client gets to select Riskpro team members, subject matter experts. Riskpro uses a mix of client staff / own staff for maximum value add PROJECT EXECUTION Constant project updates, timely project completion and project outcomes that are practical and easy to maintain 4
  5. 5. Risk & Challenges in an ERP SystemCorporations across the world are highly concerned about the security of their Enterprise ResourcePlanning (ERP) systems such as SAP, from threats like fraud, intrusion, etc that affects the integrity oftheir business. They require their policies and procedures to be tightened and system to be secured.There are some challenges that these corporations faces in their day to day business: We should have I don‘t know how considered SoD the vendor got Auditor declared while granting system controls to be How do I design paid twice? access ineffective business controls in my ERP? ERP team is Does my ERP system spending lot of has sufficient unproductive time password and user Our ERP on maintenance access security Is my system implementation controls prone to access team never gave intrusions? us the controls What is the Solution??? 5
  6. 6. History of Financial Frauds Year Company Audit Firm Type of Fraud Failure to disclose Repo 2010 Lehman Brothers Ernst & Young 105 transactions to investors Satyam Computer 2009 PWC Falsified accounts Services 2004 AIG PWC Accounting of structured financial deals 2002 WorldCom Arthur Andersen Overstated cash flows 2002 Kmart PWC Misleading accounting practices 2001 Enron Arthur Andersen Corporate fraud and corruption 2000 Xerox KPMG Falsifying financial results Source: www. 6
  7. 7. India’s Fraud Survey 2010 Source: KPMG 7
  8. 8. 2009 CSI Computer Crime SurveyPer the 2009 CSI Computer Crime and Security Survey, ―…change of greatest concern is that financialfraud increased from only 12 percent of respondents to 19.5 percent of respondents. This is reason forconcern because financial fraud consistently causes victim organizations huge losses—almost $450,000(Rs 2 Crs) per victim organization this year…‖ 8
  9. 9. Our Services Before Go-live After Go-Live Corporate Training Best-fit solution  Quick Scan Review  SAP Core team training  ERP Product selection  A quick check to identify and fix  Preparing the SAP Core team for  ERP Implementation partner ‗High Risk‘ issues supporting the SAP ECC system selection  Project risk management  SAP Business Controls  SAP End-user training Review Business Blueprint Review  Preparing the SAP End-user team  A detailed review of key business for working on the SAP ECC  Identify and suggest controls as processes having financial system part of BBP implication  Auditing an ERP system  Benchmark TO-BE process to  SAP Security Controls Leading practices training Review  Preparing the Internal audit team  A detailed review of Basis Pre Go-Live Readiness for sustainable audit of the SAP security, access to critical ECC system Assessment transactions and Segregation of  A quick check of the status of duties (SoD)  Fundamentals of ERP critical master data, organizational  Audit Work Program system training elements, configurable controls,  Preparing the organization for an Documentation process integrations, system and upcoming implementation of the user security before Go-Live  Preparation of detailed work SAP ECC system program that will enable the  Verify if suggested controls are Internal Audit team to conduct designed and implemented rigorous audit of the SAP system 9
  10. 10. Our Value Chain Approach Understand business process Train Identify Internal potential Audit team risks Basis Security & Financial User Accounting Administration Report Develop gaps & Sales & Materials control suggest Distribution Management framework solutions Conduct Document test of audit controls program 10
  11. 11. Benefits to your organizationFew of the benefits that your organization will derive from your SAP system, after our services: Secured ERP Secured and robust SAP environment from both internal and external system threats such as unauthorized usage, fraud, intrusion, etc Maximizing Leveraging the available automated controls using the existing SAP configurable configuration and reducing the manual efforts controls Re-aligned user access/security practices and procedures may help the Reduction in management in effective utilization of ERP resources, leading to reduction time & cost of unproductive time and cost Compliance Controls ready SAP system to meet any existing or upcoming statutory support compliance requirement Leading Benchmarking your SAP system to the leading industry SoD control practices practices to optimize your ROI Streamlined Efficient and effective change management process considering process procedural changes to include concerning areas like SoD 11
  12. 12. Riskpro Clients Our ClientsAny trademarks or logos used throughout this presentation are the property of theirrespective owners 12
  13. 13. Team Experiences Our Experiences Our team members have worked at world class Companies Any trademarks or logos used throughout this presentation are the property of their respective owners 13
  14. 14. Team Experiences Our Experiences Our team members have worked at world class Companies Any trademarks or logos used throughout this presentation are the property of their respective owners 14
  15. 15. RESUMES – Our team Credentials  Founder - Riskpro  CA, CPA, MBA-Finance (USA), FRM (GARP) Manoj Jain  Over 10 years international experience – 6 years in Bahrain and 4 years USA  15 years exp in risk consulting and internal audits  Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)  Specialization in Operational Risk, Basel II, Sox and Control design  Led medium to large engagement teams  Co- Founder - Riskpro  CA (India), MBA (Netherlands), CIA (USA) Rahul Bhan  Over 15 years of extensive internal and external audit experience in India and abroad.  Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.  Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc. 15
  16. 16. RESUMES – PARTNERSHIPS Credentials  Specialist Risk Consultant – ERP & IT Compliance  SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access Controls trained (from SAP India), Project Management trained (from PMI) Gourav Ladha  Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing on SAP, for ‗Fortune 500‘ clients in around 8 countries including US, UK, UAE, Hong Kong, etc  Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings, ERP Audit Project Management, Sarbanes Oxley (SOX) Compliance Assistance, ERP Product and Vendor Selection, ERP Audit Tools Development  Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG, Pharmaceutical, Retail, Telecommunication to IT Serivces  Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services 16
  17. 17. RESUMES - Our team Credentials  Co-Founder - Riskpro Casper Abraham  PGD (Electrical & Electronics & Computer Programming)  30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.  Has created Companies, Divisions, Products, Brands, Teams & Markets.  Consulting in Business, Technology, Marketing & Sales & Strategic Planning.  Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard  Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA, Kumar Bhukhanwala  Co-Founder - Riskpro  B.Com, CA  30 years of accounting, finance and risk management experience  Most recent employment with Emerson, a USA Fortune 500  Worked for Hinduja, Pidilite, Excel Industries and internationally  Strong Financial Process and internal controls experience 17
  18. 18. RESUMES - PARTNERSHIPS  Specialist Risk Consultant – Business ContinuityAndrew Hiles  Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals  Founding director and first Fellow of the Business Continuity Institute  Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management  Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom  Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.  Specialist Risk Consultant – Internal AuditsMr. V K Gupta  Chartered Accountant and CISA, with over 12 years of experience in business risk services.  He has advised leading national and international clients.  He was working with Ernst and Young (NZ). He has extensive experience in conducting internal audits, risk assessment, drafting standard operating procedures, sarbanes oxley etc.  He has helped organisations to improve business processes leading to increased efficiency and effectiveness. He specializes in industries like healthcare, manufacturing, IT/ITES, financial services. 18
  19. 19. Contacts and Office LocationsCorporate Mumbai Delhi Bangalore Manoj Jain Rahul Bhan Casper Abraham Director Director Director M- 98337 67114 M- 99680 05042 M- 98450 61870 Shriram Gokte Raj Sawhney Principal - Information Risk Principal – Business Risk M- 98209 94063 M- 99711 03510 raj.sawhney@riskpro.inAhmedabad Pune AgraMaulik Manakiwala M.L. Jain Alok Kumar AgarwalAssociate Firm Principal – Strategy Risk Associate FirmM - 91 9825640046 M- 9822011987 M- 99971 65253 mljain@riskpro.inGourav LadhaSap Risk AdvisoryM- 97129 52955 THANKS 19
  20. 20. Detailed Coverage – Sample deliverables 20
  21. 21. Sample Deliverables - Dashboard Annexure 21
  22. 22. Sample Deliverables - Reports Annexure 22
  23. 23. Sample Deliverables - Deliverables Annexure 23
  24. 24. Examples of our Services Risk 24
  25. 25. Governance, Risk and Compliance Offering Our GRC Approach Company level •Define Risk Appetite • Reputation Risk Scorecards • Scan of Emerging Risks •Risk Scorecard • IT Governance •Risk Heap maps • New Product Approval Policy Governance Risk management Compliance• Align Corporate Governance to • Risk assessment • Compliance Risk Policy & global practices • Process and Control Review Framework• Board Committee reviews • Insurance & Loss Alignment • Regulatory reviews and audits• Review and enhance Risk • Incident Reporting Process & • Global regulation compliance Governance Tool • Compliance Reporting• Policy and Process Framework • Implementation of 20-30 top • Contractual Risk• IT Governance Key Risk Indicators (KRI) • 3rd party audits of units• Whistle Blowing Framework • Fraud Risk Management • Internal Control testing Tools Services Support Processes• GRC Technology Implementation – Provide recommendations and select vendor for GRC Tool•HR Policies and Processes to minimize people risk, frauds and strengthen succession planning•Training and Awareness build up – Targeted and Ongoing training in areas of concern.•E Learning Courses in Risk Management, Fraud Risk Management, Governance etc 25
  26. 26. Governance, Risk and Compliance (GRC) Our GRC ApproachRisk management software implementation • Riskpro helps organisations adapt to change, manage risk, and effectively comply with the risks Govern risk & and regulations which effect their businesses. compliance with • Helps in successfully managing risk and achieving business benefits compliance in an ever-changing environment while reducing costs and improving corporate performance every day. • Riskpro has several partnerships with world leaders in implementation of GRC software solutions. • (BPS Resolver, Methodware, Bwise, Odondo, Rocsys) Riskpro Partnerships • Riskpro is also actively interacting with other Leading with GRC Vendors vendors for GRC Technology rollout (Bwise, Oracle) • Riskpro can review the company‘s circumstances and provide an unbiased opinion n the best product for the circumstances. 26
  27. 27. Risk Based Internal Audit How we Do Internal Auditing helps an organization accomplish its objectives by bringing a Enterprise Risk systematic, disciplined approach to evaluate Assessment and improve the effectiveness of risk management, control and governance processes. Risk Need of Organizations Source: The Institute of Internal Auditors 1999 (IIA) Assessment Process Reviews Fraud Benefits of Risk based Audit Mitigation • Traditional audit view value added Control techniques Reviews •Risk profile of Businesses •Internal Controls & Ops Risk reviews Transaction •Cost reductions recommendations Audit •Review of Fraud Risk Controls Increasing Enterprise Risk Focus 27
  28. 28. Enterprise Risk Management (ERM) - Methodology How we Do You select the level and size of ERM efforts to suit your 3 BASIC ERM 4 ENHANCED ERM needs and budget. Risk Identification Risk Identification1 Foundation 2 RISK IDENTIFICATION Foundation Foundation •FOUNDATION TASKS •Foundation Tasks•ERM vision •Risk Assessment •RISK ASSESSMENT TASKS •RISK Identification•Goals and objectives •Gap Analysis •Risk Mgmt for 2-3 critical risks •Enhanced Framework•Policies •Risk Mapping •Evaluate existing RM structures•Organization structure •Enhanced management reports•Alignment to strategies •Dashboards •Monitoring tools •Risk based Communication 28
  29. 29. IT Governance How we Do IS AUDIT • Operating Systems Audit • Database Audit • Networking Audit IT GOVERNANCE • Firewall Audit • COBIT • IDS Audit • ValIT • Web Application, Data Center Audit • Balanced Scorecard • Internet Banking, Core Banking Audit • IT & Business Maturity Models • Performance & Forensic Auditing •Application Systems - Functional review • Compliance with IS Policies & Procedures IT ASSURANCE • Business Continuity Planning • Computer Crime Investigations INFORMATION SECURITY • Training in IT • Penetration Testing • Compliance with IS Policies & • Application Systems - Security review Procedures • Review of IS Controls • BS 7799 / (ISO 27001) Implémentation • Formation of IS Security Policy • Compliance with IS Policies & Procedures 29
  30. 30. Forensic and investigation services How we Do Based on our understanding of your requirements, we have customized a package of our solution offerings to meet your needs, which is detailed in the ensuing slides. Based on our understanding of your requirements, we have customized a package of our solution To detect and prevent fraudofferings to meet your needs, which is detailed in the ensuing slides. and evaluate Code Of Conduct Our Solution for you Benefits To You Compliance on following Our Solution For you parameters :- Fraud Detection  Protects you from any Resolve Fraudulent Vendor Monterey or Reputational Investigate Prioritize damage Recruiting new dealers, solutions and remedial suppliers, franchisees or Analyze Source Root measures  Code Of compliance distributors cause of Problem establishment Anti-Fraud Measures Understanding Your Supply Quantify Loss Monitoring Compliance and Auth Chain and Suggest possible Actions  Enables you to identify orization Obtaining And risks / control gaps securing Evidence Workplace Practice To Monitor Your  Helps you identify any Solve Background check for employees Process Compliances undisclosed production Issues Confidential Background check for customers Interviews  Risk Mitigation with vendors Prevent default of high value Evaluating your bills need 30