Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Riskpro information risk management


Published on

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

Riskpro information risk management

  1. 1. Information Risk & Business Continuity Management Riskpro, India 1
  2. 2. Who is Riskpro… Why us? ABOUT US MISSION Riskpro is an organisation of member firms around India devoted to client service  Provide integrated risk management excellence. Member firms offer wide range consulting services to mid-large sized of services in the field of risk management. corporate /financial institutions in India Currently it has offices in three major cities  Be the preferred service provider for Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance in other cities. (GRC) solutions. Managed by experienced professionals with experiences spanning various industries. VALUE PROPOSITION DIFFERENTIATORS You get quality advisory, normally delivered by large consulting firms, at fee levels  Risk Management is our main focus charged by independent & small firms  Over 200 years of cumulative experience High quality deliverables  Hybrid Delivery model Multi-skilled & multi-disciplined organisation.  Ability to take on large and complex projects Timely completion of any task due to delivery capabilities Affordable alternative to large firms  We Hold hands, not shake hands. 2
  3. 3. Risk Management Advisory Services Basel II/III Advisory Corporate Risks Information Security  Market Risk  Enterprise Risk Assessment  IS Audit  Credit Risk  Fraud Risk  Information Security  Operational Risk  Risk based Internal Audit  Business Continuity  ICAAP  Operations Risk  IT Assurance  Forensic services  IT GovernanceSERVICES Operational Risk Governance Other Risks  Process reviews  Corporate Governance  Business/Strategic Risk  Policy/ Process Review  Business Strategic risk  Reputation Risk  Process Improvement  Fraud Risk  Outsourcing Risk  Compliance Risk  Forensic Accounting  Contractual Risk Training Recruitment  Banking – E Learning  Virtual Risk Managers  Corporate Training  Full Time Risk Professionals  Regular Risk Management Training  Part time Risk Professionals  Online Training material  Risk Managers on call – free  Workshops / Events 3
  4. 4. Information Risk GovernanceBACKGROUND In an environment of escalating information security threats, technology outages, data integrity and quality issues, corporate governance concerns and privacy regulations, organizations need to be sure of the integrity, confidentiality, and availability of their paper & electronic information and underlying systems. This requires information handling, communication & storage systems that are properly deployed, monitored and controlled. With increasing regulatory norms being enforced for companies, managing risks affecting confidentiality, integrity and availability of vital information assets has become one of the most important business drivers as well as a key differentiator from competition.CHALLENGES Mitigation of risks related to information assets requires an organization to think outside of traditional IT controls and also look at their non-IT areas for information related risks such as people risks, compliance risks, third party/supplier risks, client related risks and physical/environmental risks. UK’s Data Protection Act, Indian Information Technology Act, US GLB/HIPAA puts onus on the information owners as well as information processor for the protection of the information. Aside from fines & penalties, companies should also think of reputation issues & business loss due to a breach. High attrition, skills/knowledge loss and valuable intellectual property in people intensive operations such as banks, insurance firms, BPO/KPOs can exacerbate threats to information. Most companies do not treat information as company assets and therefore there is insufficient oversight from board, auditors etc. 4
  5. 5. Information Security Assessments Dipstick review is a high level look at the significant risks affecting information assets and a quick look at the controls. This review is suitable for Dipstick Review a quick and dirty look at the low hanging fruits or for setting context for a bigger review. Based on the global control frameworks such as ISO 27001, COBIT & ITIL,Information Security the IS audit service is meant to augment the regular internal audits & provide expertise on information security controls. The audit covers regulatory Audits compliances, adherence to internal policies/procedures, second party vendor audits, readiness checks for certifications, and compliances UK’s Data Protection Act of 1998 puts onerous responsibilities on data controllers and data processors. Penalties for noncompliance include Review of personal liability, penalties as well as possible reputation loss. The 7th andCompliance with UK 8th principals are relevant to data flowing to locations outside of UK and EEAData Protection Act (European Economic Area). We have experts who have dealt with DPA compliances & data export and offer consulting on how a non-EEA company handling UK personal data can comply with DPA principles & requirements. Info Sec Training Information security awareness training 5
  6. 6. ISO 27001 Certification Services ISO 27001 is a global standard for information security practices. Originating from the British standard BS7799, ISO 27001 certification goes beyond traditional IT security & also includes other important risk areas such as employee related risks (during hiring, employment, transfers & termination), Physical/environmental risks, compliance related risks, business continuity risks, senior management commitment, linkage to risk management etc. There are 133 specific controls across 11 domains & certification is given by the external certification body only against demonstrable implementation of controls A pre-certification audit is a high level evaluation indicating where your Pre-certification company currently stands in compliance with ISO 27001 before the main assessments certification audit. This audit is conducted under certification audit conditions and non-conformances are identified for the client’s action. Pre-certification ISO 27001 consulting including gap assessments, policy & procedure design,ISO 27001 design & risk assessments, information systems controls design and evaluation. We implementation follow proven methodologies to enable your company get certified to ISO consulting 27001 standard and sustain the certification. We can also provide entire lifecycle support to ensure that after certification the client is ready for the periodic surveillance audits. 6
  7. 7. Business Resiliency (BCP/DR/CM) Consulting All organizations should plan for contingencies so that business remains resilient and company can provide immediate, accurate and measured response to emergency situations. A resilient operations has sufficient planning in place and has implemented backup/recovery strategies for its data, people & infrastructure so that Critical Business Process are continued and negative impact on Business and revenue is reduced. Regulators & compliances such as Basel II require robust BCP/DR/CM programs commensurate with business objectives. Business Impact Identifying process criticalities, recovery priorities, recovery time Analysis (BIA) objectives (RTO), recovery points (RPO) & resource requirement. These form the foundation of BCP planning. BCP Crisis Management plan Design and development of BCP and Crisis Management program so development & that BCP/CM strategies & tactics support business objectives even in a Implementation disaster situation. We also provide entire BCP lifecycle support. Testing of various intensities from a walkthrough, desktop scenario to Testing services full BCP test. We can also provide a high intensity & complex scenario for stress testing BCP/CM teams. Various BCP/CM trainings for all employees, crisis management team BCP/CM training or BCP team members. 7
  8. 8. Riskpro Clients Our ClientsAny trademarks or logos used throughout this presentation are the property of their respective owners 8
  9. 9. Team Experiences Our Experiences Our team members have worked at world class Companies Any trademarks or logos used throughout this presentation are the property of their respective owners 9
  10. 10. RESUMES – Our team Credentials  Founder - Riskpro  CA, CPA, MBA-Finance (USA), FRM (GARP) Manoj Jain  Over 10 years international experience – 6 years in Bahrain and 4 years USA  15 years exp in risk consulting and internal audits  Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)  Specialization in Operational Risk, Basel II, Sox and Control design  Led medium to large engagement teams  Co- Founder - Riskpro  CA (India), MBA (Netherlands), CIA (USA) Rahul Bhan  Over 15 years of extensive internal and external audit experience in India and abroad.  Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.  Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc. 10
  11. 11. RESUMES - Our team Credentials  Co-Founder - Riskpro  B Tech MBA Shriram Gokte  22 years of audit, risk management, information security & Compliance experience  Most recent employment with Paternoster, a UK Insurance company as Directpr Risk & Compliance  Worked for Principal Financial Group at their Des Moines USA HO and then Birla Sun Life Insurance as CRO  Strong operational process, risks, info sec and internal controls experience  Has taken 3 companies through ISO 27001 certifications.  Co-Founder - Riskpro Casper Abraham  PGD (Electrical & Electronics & Computer Programming)  30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.  Has created Companies, Divisions, Products, Brands, Teams & Markets.  Consulting in Business, Technology, Marketing & Sales & Strategic Planning.  Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard  Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA, 11
  12. 12. RESUMES - PARTNERSHIPS  Specialist Risk Consultant – Business ContinuityAndrew Hiles  Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals  Founding director and first Fellow of the Business Continuity Institute  Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management  Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom  Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.  Specialist Risk Consultant – Enterprise Risk ManagementChris E. Mandel  Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.  Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA)  Past experiences include USAA, PepsiCo, American National Red Cross ,Verizon 12
  13. 13. Contacts and Office LocationsCorporate Mumbai Delhi Bangalore Manoj Jain Rahul Bhan Casper Abraham Director Director Director M- 98337 67114 M- 99680 05042 M- 98450 61870 Shriram Gokte Raj Sawhney Principal - Information Risk Principal – Business Risk M- 98209 94063 M- 99711 03510 raj.sawhney@riskpro.inAhmedabad Pune AgraMaulik Manakiwala M.L. Jain Alok Kumar AgarwalAssociate Firm Principal – Strategy Risk Associate FirmM - 91 9825640046 M- 9822011987 M- 99971 65253 mljain@riskpro.inGourav LadhaSap Risk AdvisoryM- 97129 52955 THANKS 13