It risk advisory brochure 2013


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

It risk advisory brochure 2013

  1. 1. IT Risk Advisory ServicesRiskpro India Ventures (P) Limited New Delhi, Mumbai, Bangalore 1
  2. 2. Who is Riskpro… Why us? ABOUT US MISSION Riskpro is an organisation of member firms around India devoted to client service  Provide integrated risk management excellence. Member firms offer wide range consulting services to mid-large sized of services in the field of risk management. corporate /financial institutions in India Currently it has offices in three major cities  Be the preferred service provider for Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance in other cities. (GRC) solutions. Managed by experienced professionals with experiences spanning various industries. VALUE PROPOSITION DIFFERENTIATORS You get quality advisory, normally delivered by large consulting firms, at fee levels  Risk Management is our main focus charged by independent & small firms  Over 200 years of cumulative experience High quality deliverables  Hybrid Delivery model Multi-skilled & multi-disciplined organisation.  Ability to take on large and complex projects Timely completion of any task due to delivery capabilities Affordable alternative to large firms  We Hold hands, not shake hands. 2
  3. 3. Riskpro’s Network Presence New Delhi Agra Ahmedabad Kolkata Mumbai Pune Hyderabad Bangalore Salem 3
  4. 4. IT Services Landscape The Backdrop:o Fast changing IT services marketo Technological advanceso Rising integration of business and technologyo Corporate focus on core competencieso Maturation of IT vendor management role Business Need:o Meeting cost, time-to-marketo Innovation objectiveso Realization by corporates to assemble and integrate services and solutionso Growing demand from best-in-breed supplierso Acquire the right services at the right priceso Must have deep knowledge of the IT services marketplaceo Understanding its future directiono New trends in the application and infrastructure services marketplace 4
  5. 5. RiskproIT Risk Advisory Service Service Offerings Information Information Information Information Information Technology Security Security Technology Technology Service Management Audit Assurance Governance Management 5
  6. 6. IT Service Management How we Do •Service architecture Scoping •SLA’s Consulting •ITSM Assessment •Control Processes • Service Delivery • Release & Resolution • IT service road mapping • GAP Analysis Standardizing • • • Tollgate review Performance metrics analysis Compliance review • Standard pre-assessment • ISO 20000 Compliances • • • ITIL practices PDCA cycle alignment Training- Basic / Advanced Value Proposition • Efficient business service delivery processes • Reduced risk in using external service providers • Reduced costs • Enhanced ability to manage business complexities in a diverse operational environment 6
  7. 7. Information Security Management How we Do • Risk Assessment & Management • IS security policy framework Consulting • • Internal audit procedures IS controls review • Penetration testing • Compliance- IS policies • IS security implementation review Standardizing • • • GAP analysis Performance metrics analysis Vulnerability assessment • SAS Type II audits & compliance • BS 7799 implementation • ISO 27001/17799 implementation Compliances • • DPA GLBA • HIPAA Value Proposition • Operational resilience • Risk reduction • Secure best practices • Business continuity preventive approach 7
  8. 8. Information Security Audit How we Do • Operating system audits • Database audits Consulting • • Networking/ Firewall audits Application systems – Functionality assessment • Web application/Data centre audit • Institutional risk areas review • General Controls- Physical Standardizing security/BCP/BRP • Change management – Controls & Tracking • Application Controls- System edits/Access • IS policies and procedures Compliances • • • IDS Forensic auditing FERPA Value Proposition • Robust IT governance framework • Strategic & operational value through business-risk focused approach • Pre-emptive risk control capability • Corporate IT compliance adherence for future business initiatives and IT investments 8
  9. 9. IT Assurance How we Do • Business Continuity Planning • Consulting • Cyber crime investigative services IT external & internal audits • IT assessment and benchmarking • Data protection and privacy • Standardizing • IT security & business flexibility IT project assurance reviews • Compliances – IS policies • SAS 70 • ISAE 3402 Compliances • ISO 27002 • PCI DSS Value Proposition • Advanced technologies capabilities advisory • Proactively manage your technology risks • Helping you to use data to fullest potential use • Securing while delivering high performance business results 9
  10. 10. IT Governance How we Do • COBIT and ITIL reviews • Consulting • Identification of IT risks exposure Risk mitigation controls review • Balanced scorecard • Val IT business valuation plan • Standardizing • IT & Business Maturity models IT governance improvement methods • Improving IT skills & resources • ISO 38500/COBIT • Compliances • CMM TOGAF • ISO 22301 (new standard) Value Proposition • Ensuring your organizational structures & business processes are complaint • IT support framework enables to meet business strategic objectives • Useful framework tool for benchmarking the balance and effectiveness of IT governance practices 10
  11. 11. Annexure- IT Advisory Offerings 11
  12. 12. IT Service Management- Detailed Components How we Do - Systematic defining business case - Assessment of current- state gaps Process Excellence - Defining optimum process frameworks - Training & process deployment - Effective change management - Agile readiness- Risk identification & mitigation - Agile maturity assessment Agile Services - Process definition and best fit deployment - Project manager services - Training and mentoring services - Lean assessment for end-to-end processes - Opportunity assessment - Identifying improvements Lean Six Sigma - Project execution - Coaching & mentoring for processes - Training & Certification- GB/BB - Service model assessment & design - Process design , documentation Service Excellence - Maturity evaluation and audits - Outsourcing service model design - Configuration management - Baseline assessment existing vs industry best practice - Design estimation processes and techniques Software Estimation - Deployment and continuous improvement process - Organization performance benchmarking 12
  13. 13. Information Security Mgmt- Detailed Components How we Do - Risk assessment /Developing mitigation strategy - Business critical function>Outage & Recovery time Business Continuity - Developing business/IT disaster recovery plan - BS 25999 implementation support –BCM tools - BCM audits and training - Vulnerability & penetration testing - Static and dynamic analysis (secure code review) Enterprise Application Security - Security configuration review - Compliance assessment ( SOX, PCI, HIPAA) - Remediation plan - IAM Visualization- Feasibility/Roadmap/Business case - IAM solution evaluation- Identity and Access Management - IAM prioritization- TCO & Cost benefit analysis - IAM Execution- Role management/SSO/Access - Audit, reporting, Training - - Compliance assessment – GAP analysis - Vendor/ Third party risk assessments IS Compliance - ISO 27001 advisory (Controls design & Evaluation) - IS Audit- Risk based/IT security/IT operations/ERP - IT GRC : Softwares, Strategy , framework & roadmap - 13
  14. 14. Information Security Audit- Detailed Components How we Do - Policy and Procedure Review - Active Social Engineering Security Operations - Third Party Oversight Review - System Inventory & Documentation Threat Mitigation - Physical/Environmental SecurityReview Security Technologies - Personnel / IT Staff Training - Internal Vulnerability assessment Professional Services - Host/ Network Diagnostic Review - Access Control Review 14
  15. 15. IT Assurance - Detailed Components How we Do - Enterprise Test Strategy - Test process definition - Structural code assessment - Test automation strategy: Tools/ Framework - Performance Test strategy: Tools Consulting & Advisory - Security Test strategy: Tools - Test environment & Data management - Specialized test strategy - Tool and product evaluation - Administration and Management - Requirement management - Static Analysis/Structural code evaluation - Unit and integration testing - Functional testing ( system, integration cycle) - Performance testing (Load, volume, Stress , tuning) Functional/ Support Services - Security testing - Non-functional testing ( OAT, Usability) - Regression testing - Test automation - Environment management- Data, Release, UAT 15
  16. 16. IT Governance - Detailed Components How we Do Project Portfolio Management High Availability –Disaster Strategy & Roadmap Recovery Set up Process Re-engineering Dashboards- Predictive Analysis Migrations- Outsourcing Governance Extract > Transport > Load Application Portfolio Rationalization Integrations & Upgrades Production Support- Performance Management Implementation /Maintenance 16
  17. 17. Annexure – Service Sample 17
  18. 18. Compliance related Services Insider AttackManage your Compliance Needs Non-Compliance Dash Board Your Organization• We will assist you to ensure your information is secure• Compliance checks – ISO27001,ITGC,SOX,PCI-DSS and generic checks• BCP/DRP solutions• Long term/Short term goal setting – efficient mitigation*• Unique reporting – Dashboard based*• Certification is important but not everything rather security is Usually 3-4 Weeks depends on Projects Long Term Your Supplier• Check your IT Suppliers to ensure they follow your standards Short Term• Check current implementation of standards (ISO27001…)• Hand hold mitigation control implementation• Increase security of your suppliers• Dashboard view of all your suppliers and their status• Checks and repeat checks to ensure security controls are maintained• Exit Assessments Usually 1-2 Weeks depends on Projects 18
  19. 19. Security in Software Development Mobile Malware PhishingServices on the applications users use Insider Attack ACH Fraud S (SDLC) – Secure Your Code/Information Phases Do you want a Secure Rollout? Threat model How much security is enough? Requirements Security in Requirements engineering Information Classification Are standards followed? Architecture Security Is encryption is needed? how? Design How to API’s interact HOUSTON methods IT Policy compliant? XSS,SQL Injection, CSRF? Coding Code reviews done? Developers & Security? How to handle buffer overflow Can the code protect itself? Does Testing involve security? Proof of Concept intrusion Testing How to handle buffer overflow Risks mitigated? Do we have a security test plan throughout? Rollout Can you confidently go to Production? is there a Security Quality Gate Pass? 19
  20. 20. Vulnerability Assessment and Penetration Testing DDoS AttacksYour network, servers, computers Fraud Ethical Hack and Fix Services Hackers/Disgruntled Employees/Competition/Insider Attacks Our Services• Focus on critical business systems for your enterprise How Can I get access to• Ethical hacking into your network to find out security issues before a hacker does Your• Routers/Switches/UPS/Videoconference systems/Servers/VOIP systems/Firewalls/ and most connected Network/People/Money? devices on the network, the information can be stolen anywhere if we don’t take proper care• Dashboard view of vulnerabilities v/s the security risks• Vulnerabilities mapped to actual business risks (not just telling you to fix the issue but also why to fix it?, can you live with a risk?)• Training your IT teams to understand vulnerabilities May be I should get in How about, the receptionist,• Year long support in fixing the issues and ensuring your systems stay up to dated with latest security through the WLAN, it seems can I coax her into revealing patches to be unsecure some info? May be it is better I access the router… SNMP? MD 5 Hash 1-2 Weeks onsite & 4 Weeks Offshore Usually Decryption? Looks like their Videoconference has a public That user could be a good IP target for key logger Trojan! I We don’t call it Vulnerability can get credit cards! Hey I have administrator Scanning, We say “hacking” Access locally so, it’s a gold mine! How about launching a attack That webserver is not at all on the government using their patched, lets Deface them! systems? 20
  21. 21. Cloud Specific Security ServicesSecuring the cloud that you operate on DDoS Attacks Insider Attack Fraud Dark Cloud This is a unique service designed to assess the Cloud Service Provider platform from an information security risks/threats point of view. • Cloud Service Operational/Governance Assessment (Onsite Interview based): We will check for your cloud security compliance to well known industry standards including cloud security alliance. • Penetration testing of the Cloud Service Provider: This service would be a intruders perspective on your cloud setup to see if your customers are protected from different security risks like espionage, Information theft, customer privacy exposure, defacements, financial data leakage, Virus/Trojan insertion, DDoS attacks, etc. Apart from this the report would also indicate your compliance to different industry standards like ISO 27001, PCI-DSS, SOX etc. 21
  22. 22. Riskpro Clients Our Clients *Any trademarks or logos used throughout this presentation are the property of their respective owners 22
  23. 23. Team Experiences Our Experiences Our team members have worked at world class Companies*Any trademarks or logos used throughout this presentation are the property of their respective owners 23
  24. 24. RESUMES – Our team Credentials  Co-Founder - Riskpro  CA, CPA, MBA-Finance (USA), FRM (GARP) Manoj Jain  Over 10 years international experience – 6 years in Bahrain and 4 years USA  15 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design  Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)  Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)  Co- Founder - Riskpro  CA (India), MBA (Netherlands), CIA (USA) Rahul Bhan  Over 15 years of extensive internal and external audit experience in India and abroad.  Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.  Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc. 24
  25. 25. RESUMES - Our team Credentials  Co-Founder - Riskpro Casper Abraham  PGD (Electrical & Electronics & Computer Programming)  30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.  Has created Companies, Divisions, Products, Brands, Teams & Markets.  Consulting in Business, Technology, Marketing & Sales & Strategic Planning.  Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard  Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,  Sr Vice President – Risk Management  MBA, PDFM,NSE-NCFM, PMP, CSSGB,ISO 9001:2000 I.A,GARP-FBR, ITILV3,CPP-BPM Hemant Seigell  Professional with 17 years of rich experience into diverse Consumer finance/ Lending operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting & Housing finance in BFSI industry having successfully led key business strategic engagements across multi-product environment in APAC, Australia and US regions.  Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank  Highly skilled and expert Trainer in Risk areas across Credit, Fraud, Operational, Corporate Risk management.  Specializes in Fraud Control, AML/KYC Compliance ,QA ,ERM and Regulatory governance. 25
  26. 26. RESUMES - Our team Credentials  Head - Insurance Risk Advisory services , Associate of Indian Institute of Insurance Licensed Category A Insurance surveyor R. Gupta   26 years of experience in Insurance advisory services, Loss adjusting for large corporates,Claims management.  Has assessed more than 4500 high value insurance claims across various industry sectors.  Risk management inspection  Valuations of fixed assets for insurance purpose.  Head - Human Capital Management Nilesh Bhatia  Chartered Accountant, Lead Assessor ISO 9000, Six Sigma Trained, Trained on Situational Leadership, Trained on interviewing skills and Whole Message Model.  Over two decades of international, multi-cultural experience in finance and human resources viz. internal audit, accounting operations, accounting process review & re-designing, risk management, business solutioning, six sigma projects, talent acquisition, talent retention, organization design/redesigning, compensation and appraisal processing, employee and customer satisfaction surveys, knowledge management and finance services.  Worked with Citicorp/MGF, India Glycol, Delphi, American Express India, American Express USA, Fidelity International and Macquarie Global Finance Services India. 26
  27. 27. RESUMES - Our team Credentials  Head Taxation Risk Advisory Rajesh Jhalani  B.Com, FCA  Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra and Mehrotra  Over 19 years of experience in the field of Audit, Taxation, Company law matters.  Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of India etc.  Specialist Risk Consultant – ERP & IT Compliance  SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access Gourav Ladha Controls trained (from SAP India)  Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong, etc  Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings,  Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG, Pharmaceutical, Retail, Telecommunication to IT Services  Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services 27
  28. 28. RESUMES - Our team Credentials  Vice President – Riskpro India Phanindra Prakash  FCA [India], ACMA [India], CFE [USA], CertIFRS [UK]  Over 16 years of extensive consulting experience which includes financial & systems audit, process transformation, implementation of internal controls, SOX compliance, fraud audits & due diligence, US-India taxation  Engaged in consulting roles as trusted advisor to finance, internal audit and information technology executives of multiple Fortune 1000 companies with project sites in US, Canada, Europe & Asia  Worked with E&Y and Deloitte Consulting in USA  Some of the major clients served internationally are GE Capital, UBS, McKesson, Eaton, Imation, Albertsons,  EVP and Head – Telecom Risk Advisory  M.Tech, IIT Kharagpur, India; IES; Doctoral study, research and teaching in Linkpoing University/Sweden; Lead Auditor (BVQI). Asok Sit  Over 30 years on International experience in networks and mobile Handsets from top global companies /institutes like ISRO, Ericsson, Nokia, Nokia Siemens Networks and based mostly in its head quarter locations in India, EU, USA.  Expertise: Setting up capability, behaviour, culture in turning Risk, Quality, Innovation for competitive advantage, customer delight and sustainability; key skill sets are Engagement, Handholding, Coaching, Mentoring and lot of best practices, benchmarking/standards like CMMI, TL9000, Six Sigma, ISO, SAS 70 etc. 28
  29. 29. RESUMES – Our Team  Vice President & Head – IT Risk Advisory Ravikiran Bhandari  Over 14+ Years of Experience in Information Security and Risk Management & CISM certified  Headed the Global Information Security team of Daimler (Mercedes-Benz) Worldwide at Bangalore for 9 years, previously worked at organization like Wipro, Bangalore Labs  Multi-sector experience including Banking, Insurance, Finance, Energy, Manufacturing, Retail, Hi-Tech & Telecom, and Automobile  Well known Ethical hacker: Was featured in BusinessWorld Magazine in an article about leading ethical hackers in India and published several articles in Print and Online Media  Rich experience in Information Security Audits across Corporations, 3rd Party Suppliers, Joint Ventures across several countries in the world including US, UK, China, Germany 29
  30. 30. RESUMES - PARTNERSHIPS Credentials Consultant – Information Security & IT Governance  LLB, CA, CISA, CWA, CS, CFE and others Anjay Agarwal  Over 15 years of experience in the field of Audit, Taxation, Investigations.  Specializing in the field of Systems Audit, Cybrex Audit, Computer Crime Investigations, IS Forensics  International Committee Member of Governmental and Regulatory Agencies Board and Academic Relations Committee of ISACA, USA  Consultant – Quality Management Founder of PMG, a TQM Consulting Co in Delhi Piyush Kumar   Mechanical Engineer  20+years experience in TQM concepts.  Strong skill set in various productivity & quality improvement projects including Six Sigma offerings  Past experiences include reputed organizations like Andersen Consulting, Eicher Consulting & Nathan & Nathan consultants 30
  31. 31. RESUMES - PARTNERSHIPS  Specialist Risk Consultant – Business ContinuityAndrew Hiles  Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals  Founding director and first Fellow of the Business Continuity Institute  Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management  Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom  Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.  Specialist Risk Consultant – Enterprise Risk ManagementChris E. Mandel  Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.  Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA) Co-founder and EVP, Professional Services, rPM3 Solutions, LLC (Maryland, USA).  Past experiences include Head of Global Risk Management for USAA, PepsiCo/Tricon Global and American National Red Cross  Additional risk and insurance experience at Verizon Corp,. Marsh USA and Liberty Mutual Insurance Co.  2004 Risk Manager of the Year – 2007 recipient of the Alexander Hamilton Award for “Excellence in ERM” (at USAA) – former President, Risk and Insurance Management Society, Inc. 31
  32. 32. Strategic Alliance - ‘AssureEasy’ GRC Tool NIIT technologies and RiskPro offer a Unique GRC Management solution on cloud wherein NIIT provides the best in the breed Application platform and RiskPro brings best in class integrated risk management consulting services Platform Differentiators Risk Expertise  Cloud hosting model  High performance business results  No CAPEX, Infrastructure Investment  Improved portfolio optimization  No ongoing application/infrastructure  Enhancing organization’s ability for maintenance cost effective utilization of risk capital  Unique Delivery model  Extremely Fast Implementation  Highly experienced team of risk professionals with  Out of the box implementation in 2-3 weeks time plethora of risk domain knowledge and business  Highly configurable and flexible platform solutions  Customized solutions as per client’s needs  Credibility  Market Differentiators  Platform users include Cognizant , RBS , Fidelity ,  Premier risk consulting firm serving top NIIT Technologies etc. corporates/PSU’s as preferred knowledge  High CSAT ratings from existing Customers partners  Increasing market penetration combined with  System Integration Capabilities unique value proposition in risk consulting space  Services around solution implementation  Risk Management Capability /Application and Infrastructure support  Quick client assessment and delivery proposal  Industry packaged solution using domain across ERM expertise from NIIT’S vertical teams.  Multi industry and functional domain solutions 32
  33. 33. Key Contacts Corporate Mumbai Delhi Bangalore Riskpro India Manoj Jain Rahul Bhan Casper Abraham Ventures (P) Limited Director Director Director M- 98337 67114 M- 99680 05042 M- 98450 61870 Sivaramakrishnan Hemant Seigell Vijayan Govindarajan President – Banking & FS SVP – Risk Management EVP – Risk Management C 561, Defence colony M- 98690 19311 M- 99536 97905 M- 99166 63652 New Delhi 110024 Ahmedabad Pune Kolkata Gurgaon Maulik Manakiwala M.L. Jain Kashi Banerjee Nilesh Bhatia Associate Firm Principal – Strategy Risk EVP – Risk Management Head – Human Capital Mgt. M – 98256 40046 M- 98220 11987 M- 98304 75375 M- 98182 93434 Gourav Ladha Sap Risk Advisory M- 97129 52955 Salem Ghaziabad Agra Hyderabad Chandrasekeran R Gupta Alok Kumar Agarwal Phanindra Prakash Recruitment franchisee Head – Insurance Risk Associate Firm Member Firm M – 94435 99132 M- 98101 07387 M- 99971 65253 M- 95500 61616Copyright- © 2012 Riskpro ,India .All rights reserved. 33
  34. 34. Key Contacts (Continued) Corporate Bangalore Gurgaon Riskpro India Ravikiran Bhandari Asok Sit Ventures (P) Limited VP – IT Risk Advisory M- 99001 69562 EVP, Head – Telecom Risk Advisory M- 98105 03463 C 561, Defence colony New Delhi 110024Copyright- © 2012 Riskpro ,India .All rights reserved. 34