Proposal audit risk and compliance


Published on

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Proposal audit risk and compliance

  1. 1. Proposal to provide Risk based internal audit and compliance services Riskpro, India 1
  2. 2. Make Decisions……Take Risks……....... Experience Success! Your partner in Risk Management / compliance / audit 2
  3. 3. ContentsBackground 4Your requirements 5Our commitment 6About Riskpro India 7Our differentiating factors 9Our key clients 10Team experiences 11Quality assured 12Clear and continuous communication 13Our fees 14Detailed CV‟s of senior team members, Partners and advisors 15Contact details 20Annexure I - Our audit methodology 21Annexure II - Legal compliance 30 3
  4. 4. Background - Who is Riskpro… Why us? ABOUT US MISSION Riskpro is an organisation of member firms around India devoted to client service  Provide integrated risk management excellence. Member firms offer wide range consulting services to mid-large sized of services in the field of risk management. corporate /financial institutions in India Currently it has offices in three major cities  Be the preferred service provider for Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance in other cities. (GRC) solutions. Managed by experienced professionals with experiences spanning various industries. VALUE PROPOSITION DIFFERENTIATORS You get quality advisory, normally delivered by large consulting firms, at fee levels  Risk Management is our main focus charged by independent & small firms  Over 200 years of cumulative experience High quality deliverables  Hybrid Delivery model Multi-skilled & multi-disciplined organisation.  Ability to take on large and complex projects Timely completion of any task due to delivery capabilities Affordable alternative to large firms  We Hold hands, not shake hands. 4
  5. 5. Your requirements ● You require a firm with not only demonstrable skills and experience in your sector, but also the ability to deliver seamless compliance and business support services that match your development plans; ● You also wish to work with a firm that is personable and easy to deal with. While we operate in an environment that demands honed technical ability and a degree of formality, arising from the professional standards we observe, we regard ourselves as a flexible and responsive team that has client relationships at its heart; and ● You, also wish to ensure that your auditors, consultants and advisers are appropriate for tomorrows environment. 5
  6. 6. Our commitment We commit to you that we will: ● dedicate our best resources to ensure that your needs are met; ● provide an effective, efficient and smart consulting services; ● adhere to timeliness and reporting deadlines; ● provide constructive suggestions on improving processes and controls; ● work closely with your management in a co-operative environment; and ● keep you regularly updated on significant changes in regulatory, accounting and other compliance sectors. 6
  7. 7. About Riskpro IndiaRiskpro is India‟s first national practice dedicated to risk management services andtraining, corporate governance, and global regulatory compliancesRisk can be defined as a prospect of loss or reduced gain that can adversely affect theachievement of an organisation‟s objectivesWhen greed overtakes need, it spells trouble. Manifested as „bankruptcy‟ in much of thedeveloped world and „corruption‟ closer to home, greed has clearly disrupted some majorindustrialised economies and enhanced the risks of doing businessIn today‟s world, risks are not few. The reason companies so often fail to systematicallymanage their key risks is rooted in the way they define the risks they face. Risks aremanageable and the answer to untapped business opportunities that lie dormant waitingfor risk factors to turn favourableRiskpro was founded in 2009 with offices in Mumbai, Delhi, and Bangalore and it hasalready added eight member firms in Ahmedabad, Agra, Chennai, Gurgaon, Hyderabad,Jaipur, Ludhiana, and Pune. All our offices and member firms are well equipped andstaffed with qualified professionals viz. CA, CWA, CS, CPA, CISA, CFA, and MBARiskpro‟s founders are qualified risk management specialists with extensive workexperience in Europe and USA in several industries and financial institutions 7
  8. 8. About Riskpro India (cont…)RISKPRO SERVICESOur four major practice specialisations /service lines are:• Risk: Enterprise Risk Management (services and training & recruitment)• Governance: Corporate Governance and Transparency• Compliance: Global and Indian Regulatory Compliances• Training: in all of the above service linesThe Risk Practice deals with all classes of risks and processes viz. governance, strategic,systemic /infrastructure, compliance, reporting, and financial reporting. Processes requirethat key risks are properly identified, measured, monitored, controlled, and reported.Processes may also require tools like risk based internal audit, information security testing,and fraud investigations, to be employedThe Governance Practice deals with corporate oversight and risk governance issues within anorganization including business continuity planning, compliance with SEBI guidelines bylisted companies, regulations relating to independent directors, investor expectation andprotection, Clause-49 on corporate governance, etcThe Compliance Practice covers a wide range of regulatory and environmental compliancesincluding Sox, IFRS, Solvency II, Basel II /III, Corporate Laws & Direct Tax Code etcThe Training Practice comprises of a variety of structured and /or industry specific trainingprograms and modules designed and conducted by Riskpro experts and trainers at onsite(client or other offices) and offsite (Riskpro Training Centre) training facilities 8
  9. 9. Our differentiating factors ● Adding value to the client and protecting their business is paramount and our logo symbolizes that bond of protection ● Unique combination of International, senior, hands on industry experience, across all areas of the requirement. ● Mature and deep domain expertise, along with current involvement in strategic business growth activity. ● Strengths in relation to Business Model and Objectives - Track Record of Ethical Practice ● Strengths in relation to Implementation Plan - Proven Success in taking businesses from Vision to Reality through tactical Implementation across all aspects of the plan ● Strengths in relation to Requirements- Track Record in geographical, Professional and Business areas. ● Value for money ● Building enduring relationships with all our clients as a trusted business partner 9
  10. 10. Riskpro Clients Our ClientsAny trademarks or logos used throughout this presentation are the property of theirrespective owners 10
  11. 11. Team Experiences Our Experiences Our team members have worked at world class Companies Any trademarks or logos used throughout this presentation are the property of their respective owners 11
  12. 12. Quality assured We place great emphasis on quality control and quality management. Our quality process Direction and supervision Our Quality Process is designed to provide a quality The firm provides for appropriate direction and culture, to analyze the processes used to hire, train and supervision at all levels, together with appropriate retain staff, to develop and deliver services to our clients and to administer our own business. consultation procedures, to give reasonable assurance that the work performed meets the highest standards. We: CONTINUOUS IMPROVEMENT  employ and retain only those persons with the intelligence, education, character and diligence necessary to assume professional responsibility; Human Leadership Information Resource Measure Client and Quality Analysis and Processes Service Satisfaction  assign engagement responsibility to only those Culture Planning External Delivery and Business persons sufficiently trained and supervised to ` Service Processes Business Results discharge those responsibilities;  not accept or continue a client relationship in Processes circumstances incompatible with the firm’s integrity;  adopt promptly policies necessary to realise the Skills and competence objective of professional standards and applicable Personnel in the firm adhere to the standards of regulatory requirements; independence, integrity, objectivity and confidentiality.  maintain policies to ensure that the firm and its The firm is staffed by personnel who have attained, and professionals are free of conflicts of interest and who maintain, the skills and competence required to that professional excellence is achieved; enable them to fulfill their responsibilities. To assist in maintaining these skills the firm has procedures for:  not tolerate any act that can damage the firm’s  training of staff at all levels, through both formal credibility. courses and on-the-job experience;  continuing professional education;  assigning work to personnel who have the degree Confidentiality of technical training and proficiency required in the We are well aware of the importance that you place on circumstances; and confidentiality requirements and we have a proven  evaluating the performance of staff and counseling record of maintaining a strict code of confidentiality. staff as to their progress and career opportunities. Our firm policy requires that affairs of clients be confidentially kept at all times. 12
  13. 13. Clear and continuous communicationAt Riskpro India, open and honest communication is a Core Value. Our experienceleaves us in no doubt that a successful relationship is based on trust and candid,proactive communication.Regular and open two-way communication is fundamental to all aspects of our serviceto you. As an initial priority, we will agree with you an annual Communication Plan forall our key meetings. This will help ensure there are formal and informal opportunitiesfor all key stakeholders to be kept informed of the issues that matter, and that there willbe “no surprises”. Meeting/stakeholders Key objectives Bi-annual meetings (or as requested) with the  Present annual audit plan Board / Audit Committee  Report key findings  Updated assessments of key risks, including emerging risks  Discuss new regulatory and corporate governance requirements Quarterly meetings with the Chief Executive  Discuss strategy Officer  Discuss operational matters and performance  Raise and consider emerging issues Regular meetings with Head of Financial  Discuss operational matters and financial performance Control  Discuss implications of changes to the reporting and internal control framework Meetings with operational management  Discuss operational and business matters 13
  14. 14. Our feesOur aim is to build a long-term relationship with you. We believe that the essence ofbuilding such a relationship is the quality of the service and expertise that we provide.We also believe that the combination of our international expertise with local marketknowledge enables us to propose a fee that provides value to you.Accordingly our fee will be structured as a fixed fee which would be payable in twoequal instalments, on commencement of the engagement and on submission of thedraft report. No Particulars Number of Man Days Per Diem Rate - INR 1 Staff Category Partner 8,000 - 30,000 Manager 4,000 - 6,000 Staff Accountant ~ Rs 2,000 2 Expenses Travel and Conveyance Actual Cost Board and Lodging ex Delhi, and ex Mumbai 14
  15. 15. RESUMES – Our team Credentials  Founder - Riskpro  CA, CPA, MBA-Finance (USA), FRM (GARP) Manoj Jain  Over 10 years international experience – 6 years in Bahrain and 4 years USA  15 years exp in risk consulting and internal audits  Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)  Specialization in Operational Risk, Basel II, Sox and Control design  Led medium to large engagement teams  Co- Founder - Riskpro  CA (India), MBA (Netherlands), CIA (USA) Rahul Bhan  Over 15 years of extensive internal and external audit experience in India and abroad.  Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.  Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc. 15
  16. 16. RESUMES - Partners  Consultant – Corporate Governance  FCA, FCS, ACIS (UK), CFC (USA), PHD (Corporate Governance) Sanjiv Agarwal  25 yrs of professional experience as a Chartered Accountant with exposure in accounting, auditing, corporate laws, service tax matters and banking/ financial services.  Large number of published articles on subjects such as Service Tax, Accountancy and Auditing, Capital Market, Merchant Banking, Taxation, Corporate Governance and Corporate laws. He has authored/ edited twenty five books.  He has been a SEBI nominated Director on the Boards of Jaipur Stock Exchange Ltd. and JSEL Securities Ltd. He has also been an independent Director on the Board of Compucom Software Limited for a period of 3 years and has also been an independent Director of State Bank of Bikaner & Jaipur for 6 years since August 2004, where he held various positions including that of audit committee chairman.  Corporate Consultant Rakesh Kochar  25 years of work experience both In India and Middle-East with some of the largest audit and assurance, software and trading companies in the world.  Some of the companies where he created his reputation were, Senior Director (Global Revenues), Oracle India; Bangalore, EFunds International, Ernst & Young, Dubai, U.A.E, Jumbo Electronics Co. Ltd. (LLC), Dubai, U.A.E., Price Waterhouse Coopers.  Rakesh is an expert on Financial & Accounts outsourcing and operations of all aspects of “shared centers” including HR processes and people strategy catering to global operations across Order to Cash, Procure to Pay and Reporting and Analysis. 16
  17. 17. RESUMES - Partners  Corporate Consultant and chartered accountant (UK) – ex PwC Canada  Four decades of work experience in business accounting, auditing, consulting, and managing business enterprises in the „new and old economy‟. Raj Sawhney  Relevant experience includes private equity (UK based Indian mid-cap fund), information technology (hardware and software), infrastructure (highway, SEZ, township)  Leadership roles:  CMD – Fertilizer Corporation of India;  Group CEO – The Maharaja Organisation, Colombo, SL;  Executive Director (Finance) – CMC Ltd (now TCS);  Investment Director – private equity fund;  Director – Ernst & Young Consulting India 17
  18. 18. RESUMES - Partners  Specialist Risk Consultant – Business Continuity Andrew Hiles  Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals  Founding director and first Fellow of the Business Continuity Institute  Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management  Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom  Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.  Specialist Risk Consultant – Enterprise Risk Management Chris E. Mandel  Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.  Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA)  Past experiences include USAA, PepsiCo, American National Red Cross ,Verizon 18
  19. 19. RESUMES - Advisors Credentials  Founder partner of Mehrotra and Mehrotra, a 48 year old CA firm in India Mr. MP Mehrorta  Bcom, FCA, LLB  Over 48 years of experience in audits, taxation, legal matters, loan syndication etc.  Trustee of Cochin Port Trust, Member of Task Force for MOUs, Ministry of Heavy Industries & Public Enterprises, Govt. of India, Ex- Member of Central Board of Trustees, Employees‟ Provident Fund Organisation (EPFO), Ministry of Labour, Govt. of India, New Delhi.  Ex - Director, Canara Bank  Director - Riskpro Rajesh Jhalani  B.Com, FCA  Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra and Mehrotra  Over 19 years of experience in the field of Audit, Taxation, Company law matters.  Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of India etc. 19
  20. 20. Contacts MUMBAI DELHI DelhiManoj Jain, Director Rahul Bhan, Director Rajesh Jhalani, DirectorB-44 Glaxo Building, Near C-561, Defence Colony, C-561, Defence Colony,Mt. Mary’s Steps, Bandra New Delhi-110 024 New Delhi-110 024(W), Mumbai 400050M- 98337 67114 M- 99680 05042 M- 98103 94611E- E- E- Email : Web: THANKS 20
  21. 21. ANNEXURE I - Our Audit Methodology 21
  22. 22. Our audit methodologyOur audit methodology is risk-based and systematic which focuses on the organizationalobjectives and any impediment to achieving those objectives. We recognise fully the need toprovide assurance on your business operations. Equally, we recognise the importance ofmanaging compliance issues, particularly in today‟s evolving regulatory environment. Understanding of BusinessThe key benefits of our audit approach are: ●Risk-based, & systematic approach; Risk Assessment ●Focus on areas considered as potentially & most likely to lead to material errors in financial statements; Audit Strategy / Planning ●Our audit control procedures are based on project planning techniques, including the use of automated processes and document templates, and the agreement of objectives, Fieldwork timetables, responsibilities and careful resource planning; ●The focus of our reports are to generate constructive and value added advice; and Dealing with critical issues ●Identifies performance improvement and cost reduction opportunities. Reporting 22
  23. 23. Our audit methodology - Risk Based Internal Audit How we Do Internal Auditing helps an organization accomplish its objectives by bringing a Enterprise Risk systematic, disciplined approach to evaluate Assessment and improve the effectiveness of risk management, control and governance processes. Risk Need of Organizations Source: The Institute of Internal Auditors 1999 (IIA) Assessment Process Reviews Fraud Benefits of Risk based Audit Mitigation • Traditional audit view value added Control techniques Reviews •Risk profile of Businesses •Internal Controls & Ops Risk reviews Transaction •Cost reductions recommendations Audit •Review of Fraud Risk Controls Increasing Enterprise Risk Focus 23
  24. 24. Our audit methodology (cont..)UNDERSTANDING THE BUSINESSOur top-down risk-based approach ensures that the audit focus is on the issues thatare of greatest importance to you and that we are in the most appropriate position torespond to them. Our audit starts with a detailed understanding of your industry andbusiness.Our approach is based on a top-down examination of the key drivers of your business.The output is a balanced picture of how the company interacts with customers andexternal industry forces. We consider the audit implications of this analysis and use itto identify significant audit risks.We use industry specific business models to gain information on: • industry background including major players, regulatory changes and trends, • risks and drivers, • geographic issues, • descriptions of business processes, • benchmarks and best practice and • audit risks. 24
  25. 25. Our audit methodology (cont..)RISK ASSESSMENTIn order to run your business, you develop processes to manage the factors that driveperformance and help control internal and external risks that could prevent you from meetingyour objectives. We focus on those processes where significant risks have been identified anddiscuss with management its perception of how these risks are controlled. This phase of ourwork enables us to obtain information on the processes supporting the achievement of thecompany‟s goals.AUDIT STRATEGY AND PLANNINGBased on the understanding of business and risk assessment we devise the audit strategy. Wethen develop detailed audit programs to test the transactions, processes and balances.AUDIT FIELD WORKThe audit test work flows from strategic planning and risk assessment. The key element is toreview and test the high level controls embedded in your processes, as significant weaknessesin your key processes could cost, both in terms of financial impact and reputational damage. Wealso carry out necessary substantive audit procedures.DEALING WITH CRITICAL ISSUES AND REPORTINGWe identify and discuss all critical issues with management. We then determine whether theCompany‟s financial statements and related disclosures meet our expectations.We provide the audit report, management letter and any other deliverables and formally presentthese to the Audit Committee / Board. 25
  26. 26. Our audit methodology (cont..) IT AUDIT PROCESSES AND METHODOLOGY We see IT as an enabler of the operational and financial processes and we incorporate IT audit professionals into our audit to facilitate the identification and testing of IT controls. We use our focused IT audit methodologies and tools as part of our core audit process to evaluate and test whether the Company‟s information systems are configured for data integrity, are secure and are effectively managing the business needs. We work with key business and IT management to identify aspects of IT that pose the highest risk to the Company. We then conduct a systematic, detailed review of those areas in which we: • identify appropriate IT control objectives that map to key business processes; • identify relevant IT policies and procedures and/or industry IT standards; and • evaluate the design of controls and test whether they are in place and operating effectively. 26
  27. 27. Our audit methodology (cont..) We use the following types of IT methodologies: IT AUDIT METHODOLOGIES  Continuity management  Process Documentation  System capacity and availability  Control Risk Analysis  Back up and recovery  Control Design & Implementation  Data storage  Network penetration testing  Project risk assessment  Information security assessment  Quality Assurance  Enterprise security architecture and  Project management methodology integration  Programme management  Ongoing monitoring processes 27
  28. 28. Our audit methodology (cont..)INTELLIGENT USE OF TECHNOLOGYTechnology is only one component of an integrated approach that combinesmethodology, knowledge and technology into our tailored service to you.We deliver our external audit services using a fully automated audit software. Thissoftware is designed specifically to integrate knowledge management into the auditprocess. Technology can never be a substitute for face-to-face communications andwe continue to rely on meetings with management to identify, resolve andcommunicate issues. Know ledge Technology M ethodology 28
  29. 29. Strategic questions with regard to the engagement• Have you had any personnel changes that have impacted your area?• Have you had any computer system/computer software changes and are any projected for your area?• Has your area experienced any losses in recent years? If so, please describe.• Do any third parties such as the external auditors or regulatory auditors review your area? If so, please provide the report.• Do you have any regulatory reporting requirements? Describe the frequency and sensitivity of the filing.• How much do you rely on manual processing in lieu of computer processing?• What areas have you experienced poor performance?• Has the volume of transactions processed in your area changed?• What type of impact could your unit have on the Association‟s reputation, if you did not meet your mission?• Do you have any Program performance issues that you want reviewed? 29
  30. 30. ANNEXURE II - Legal Compliance 30
  31. 31. Legal compliance Stage 1 – CAC  Preparation of Compliance Audit Checklist (CAC) covering all relevant laws applicable to the target unit. Stage 2 - Visit to location  Verification of relevant records and documents available.  Compilation of draft report based upon findings and observations of the audit team  Review meeting with the unit head / work directors to discussion on the finding of audit. Stage 3 – Report  Submission of detailed Non Compliance (NC) report to the company (Board of Directors or Compliance Head)  Follow up with the unit to verify action taken 31
  32. 32. Legal compliance (Acts covered - HR)Factories Act, 1948 Shop & Establishment Act (state acts)Payment of Wages Act, 1936 Maternity Benefits Act, 1961Minimum Wages Act, 1948 Gratuity Act, 1972Equal Remuneration Act, 1976 ESI Act, 1948Payment of Bonus Act, 1965 Apprentices Act, 1961Provident Fund & Misc Provisions Act, Employment Exchanges (Compulsory1952 Notification of Vacancies Act), 1959Contract Labour (Regulation & Abolition) act, Trade Unions Act, 19261970 Private Security Agencies RegulationWorkmen Compensation Act, 1923 Act, 2005Prevention of Sexual Harassment Industrial Disputes Act, 1947(Guidelines)Labour Welfare Act (state acts) 32
  33. 33. Legal compliance (Acts covered - Engg.)Electricity Act, 2003 Environment Protection Act, 1986 Water (Prevention and Control ofPetroleum Act, 1934 Pollution) Act, 1981 Air (Prevention and Control ofExplosives Act, 1884 Pollution) Act, 1981Boilers Act, 1923 Water Cess Rules, 1977 Hazardous Waste Handling &Legal Meteorology Act, 2011 Management Rules, 1989Essential Commodity Act, 1945 33
  34. 34. Legal compliance (Acts covered – Tax & Misc)Micro, Small & Medium Central Excise Act, 1944Enterprises Devel. Act, 2006Central Sales Tax Act, 1956 State VAT ActsCustoms Act, 1962 (export and import Service Tax Act, 1955documentation)Income Tax Act (payment of Tax, TDS) Foreign Exchange Management Act Industries (Development &Negotiable Instruments Act, 1881 Regulation) Act, 1951Information Technology Act, 2000 Motor Vehicles Act, 1988Competition Act, 2002 34