RISKPRO INDIA
• Riskpro is India’s first national practice dedicated to risk management services and training, corporate governance, and global regulatory compliances
• Risk can be defined as a prospect of loss or reduced gain that can adversely affect the achievement of an organisation’s objectives
• When greed overtakes need, it spells trouble. Manifested as ‘bankruptcy’ in much of the developed world and ‘corruption’ closer to home, greed has clearly disrupted some major industrialised economies and enhanced the risks of doing business
• In today’s world, risks are not few. The reason companies so often fail to systematically manage their key risks is rooted in the way they define the risks they face. Risks are manageable and the answer to untapped business opportunities that lie dormant waiting for risk factors to turn favourable
• Riskpro was founded in 2009 with offices in Mumbai, Delhi, and Bangalore and it has already added eight member firms in Ahmedabad, Agra, Chennai, Gurgaon, Hyderabad, Jaipur, Ludhiana, and Pune. All our offices and member firms are well equipped and staffed with qualified professionals viz. CA, CWA, CS, CPA, CIA, CISA, CFA, and MBA
• Riskpro’s founders are qualified risk management specialists with extensive work experience in Europe and USA in several industries and financial institutions
• Riskpro aims to be the preferred service provider for large and medium enterprises on risk protection, corporate governance, and global regulatory issues; delivering state-of-the-art quality and timely services at viable rates
RISKPRO SERVICES
• Our four major practice specialisations /service lines are:
Risk: Enterprise Risk Management (services and training & recruitment)
Governance: Corporate Governance and Transparency
Compliance: Global and Indian Regulatory Compliances
Training: in all of the above service lines
• The Risk Practice deals with all classes of risks and processes viz. governance, strategic, systemic /infrastructure, compliance, reporting, and financial reporting. Processes require that key risks are properly identified, measured, monitored, controlled, and reported. Processes may also require tools like risk based internal audit, information security testing, and fraud investigations, to be employed
• The Governance Practice deals with corporate oversight and risk governance issues within an organization including business continuity planning, compliance with SEBI guidelines by listed companies, regulations relating to independent directors, investor expectation and protection, Clause-49 on corporate governance, etc
• The Compliance Practice covers a wide range of regulatory and environmental compliances including Sox, IFRS, Solvency II, Basel II /III, Corporate Laws & Direct Tax Code etc
• The Training Practice comprises of a variety of structured and /or industry specific training programs and modules designed and conducted by Riskpro experts and trainers at onsite (client or other off
2. Who is Riskpro… Why us?
ABOUT US MISSION
Riskpro is an organisation of member firms
around India devoted to client service Provide integrated risk management
excellence. Member firms offer wide range consulting services to mid-large sized
of services in the field of risk management. corporate /financial institutions in India
Currently it has offices in three major cities Be the preferred service provider for
Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance
in other cities. (GRC) solutions.
Managed by experienced professionals with
experiences spanning various industries.
VALUE PROPOSITION DIFFERENTIATORS
You get quality advisory, normally delivered
by large consulting firms, at fee levels Risk Management is our main focus
charged by independent & small firms
Over 200 years of cumulative experience
High quality deliverables
Hybrid Delivery model
Multi-skilled & multi-disciplined organisation.
Ability to take on large and complex projects
Timely completion of any task due to delivery capabilities
Affordable alternative to large firms We Hold hands, not shake hands.
2
3. Risk Management Advisory Services
Basel II/III Advisory Corporate Risks Information Security
Market Risk Enterprise Risk Assessment IS Audit
Credit Risk Fraud Risk Information Security
Operational Risk Risk based Internal Audit IT Assurance
ICAAP Operations Risk IT Governance
Forensic services ERP Risk
SERVICES
Operational Risk Governance Other Risks
Process reviews Corporate Governance Business/Strategic Risk
Policy/ Process Review Business Strategic risk Reputation Risk
Process Improvement Fraud Risk Outsourcing Risk
Compliance Risk Forensic Accounting Contractual Risk
Training Recruitment
Banking – E Learning Virtual Risk Managers
Corporate Training Full Time Risk Professionals
Regular Risk Management Training Part time Risk Professionals
Online Training material Risk Managers on call – free
Workshops / Events
3
4. Our Delivery Methodology
FREE USP
―No Cost – Know Risk‖ Diagnostic Assessment
(To determine your pain points, industry benchmarking etc)
GAP ANALYSIS & PROJECT DEFINITION
(Riskpro and clients brainstorm define project)
USP
PROJECT TEAM DEFINITION
Client gets to select Riskpro team members, subject matter experts.
Riskpro uses a mix of client staff / own staff for maximum value add
PROJECT EXECUTION
Constant project updates, timely project completion and project
outcomes that are practical and easy to maintain
4
5. Risk & Challenges in an ERP System
Corporations across the world are highly concerned about the security of their Enterprise Resource
Planning (ERP) systems such as SAP, from threats like fraud, intrusion, etc that affects the integrity of
their business. They require their policies and procedures to be tightened and system to be secured.
There are some challenges that these corporations faces in their day to day business:
We should have I don‘t know how
considered SoD the vendor got Auditor declared
while granting system controls to be How do I design
paid twice?
access ineffective business
controls in my
ERP?
ERP team is Does my ERP system
spending lot of has sufficient
unproductive time password and user
Our ERP
on maintenance access security
Is my system implementation
controls
prone to access team never gave
intrusions? us the controls
What is the
Solution???
5
6. History of Financial Frauds
Year Company Audit Firm Type of Fraud
Failure to disclose Repo
2010 Lehman Brothers Ernst & Young
105 transactions to investors
Satyam Computer
2009 PWC Falsified accounts
Services
2004 AIG PWC Accounting of structured financial deals
2002 WorldCom Arthur Andersen Overstated cash flows
2002 Kmart PWC Misleading accounting practices
2001 Enron Arthur Andersen Corporate fraud and corruption
2000 Xerox KPMG Falsifying financial results
Source: www. wikipedia.org
6
8. 2009 CSI Computer Crime Survey
Per the 2009 CSI Computer Crime and Security Survey, ―…change of greatest concern is that financial
fraud increased from only 12 percent of respondents to 19.5 percent of respondents. This is reason for
concern because financial fraud consistently causes victim organizations huge losses—almost $450,000
(Rs 2 Crs) per victim organization this year…‖
8
9. Our Services
Before Go-live After Go-Live Corporate Training
Best-fit solution Quick Scan Review SAP Core team training
ERP Product selection
A quick check to identify and fix Preparing the SAP Core team for
ERP Implementation partner ‗High Risk‘ issues supporting the SAP ECC system
selection
Project risk management SAP Business Controls SAP End-user training
Review
Business Blueprint Review Preparing the SAP End-user team
A detailed review of key business for working on the SAP ECC
Identify and suggest controls as processes having financial system
part of BBP implication
Auditing an ERP system
Benchmark TO-BE process to SAP Security Controls
Leading practices training
Review Preparing the Internal audit team
A detailed review of Basis
Pre Go-Live Readiness for sustainable audit of the SAP
security, access to critical ECC system
Assessment transactions and Segregation of
A quick check of the status of duties (SoD) Fundamentals of ERP
critical master data, organizational Audit Work Program system training
elements, configurable controls, Preparing the organization for an
Documentation
process integrations, system and upcoming implementation of the
user security before Go-Live Preparation of detailed work
SAP ECC system
program that will enable the
Verify if suggested controls are
Internal Audit team to conduct
designed and implemented
rigorous audit of the SAP system
9
10. Our Value Chain Approach
Understand
business
process
Train Identify
Internal potential
Audit team risks
Basis Security &
Financial
User Accounting
Administration
Report
Develop
gaps & Sales & Materials control
suggest Distribution Management
framework
solutions
Conduct Document
test of audit
controls program
10
11. Benefits to your organization
Few of the benefits that your organization will derive from your SAP system, after our services:
Secured ERP Secured and robust SAP environment from both internal and external
system threats such as unauthorized usage, fraud, intrusion, etc
Maximizing
Leveraging the available automated controls using the existing SAP
configurable configuration and reducing the manual efforts
controls
Re-aligned user access/security practices and procedures may help the
Reduction in
management in effective utilization of ERP resources, leading to reduction
time & cost of unproductive time and cost
Compliance Controls ready SAP system to meet any existing or upcoming statutory
support compliance requirement
Leading Benchmarking your SAP system to the leading industry SoD control
practices practices to optimize your ROI
Streamlined Efficient and effective change management process considering
process procedural changes to include concerning areas like SoD
11
12. Riskpro Clients Our Clients
Any trademarks or logos used throughout this presentation are the property of their
respective owners
12
13. Team Experiences Our Experiences
Our team members have worked at world class Companies
Any trademarks or logos used throughout this presentation are the property of their
respective owners
13
14. Team Experiences Our Experiences
Our team members have worked at world class Companies
Any trademarks or logos used throughout this presentation are the property of their
respective owners
14
15. RESUMES – Our team Credentials
Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Manoj Jain
Over 10 years international experience – 6 years in Bahrain and 4 years USA
15 years exp in risk consulting and internal audits
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
Specialization in Operational Risk, Basel II, Sox and Control design
Led medium to large engagement teams
Co- Founder - Riskpro
CA (India), MBA (Netherlands), CIA (USA)
Rahul Bhan
Over 15 years of extensive internal and external audit experience in India and
abroad.
Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young
Kuwait, Deloitte Netherlands and KPMG India.
Worked with clients in a wide variety of industries and countries including trading,
retail and consumer goods, NGO, manufacturing and banking and finance. Major
clients include banks, investment companies, manufacturing organizations,
aviation etc.
15
16. RESUMES – PARTNERSHIPS Credentials
Specialist Risk Consultant – ERP & IT Compliance
SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC
Access Controls trained (from SAP India), Project Management trained (from
PMI)
Gourav Ladha
Over 7 years of experience working in the area of ERP/IT Risk advisory,
primarily focusing on SAP, for ‗Fortune 500‘ clients in around 8 countries
including US, UK, UAE, Hong Kong, etc
Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls
Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings, ERP
Audit Project Management, Sarbanes Oxley (SOX) Compliance Assistance, ERP
Product and Vendor Selection, ERP Audit Tools Development
Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG,
Pharmaceutical, Retail, Telecommunication to IT Serivces
Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL
Services
16
17. RESUMES - Our team Credentials
Co-Founder - Riskpro
Casper Abraham
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions
for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems
Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
Kumar Bhukhanwala
Co-Founder - Riskpro
B.Com, CA
30 years of accounting, finance and risk management experience
Most recent employment with Emerson, a USA Fortune 500
Worked for Hinduja, Pidilite, Excel Industries and internationally
Strong Financial Process and internal controls experience
17
18. RESUMES - PARTNERSHIPS
Specialist Risk Consultant – Business Continuity
Andrew Hiles
Founder and 15-year Chairman of Survive, the first international user group for Business
Continuity professionals
Founding director and first Fellow of the Business Continuity Institute
Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and
Business Continuity and ICT Disaster Recovery Management
Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy,
Manufacturing, Retail, Hi-Tech & Telecom
Western Press Award for services to business, 1994; BCI/CIR nomination for
lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine,
2004, Washington DC.
Specialist Risk Consultant – Internal Audits
Mr. V K Gupta
Chartered Accountant and CISA, with over 12 years of experience in business risk services.
He has advised leading national and international clients.
He was working with Ernst and Young (NZ). He has extensive experience in conducting
internal audits, risk assessment, drafting standard operating procedures, sarbanes oxley etc.
He has helped organisations to improve business processes leading to increased efficiency
and effectiveness. He specializes in industries like healthcare, manufacturing, IT/ITES,
financial services.
18
19. Contacts and Office Locations
Corporate Mumbai Delhi Bangalore
Manoj Jain Rahul Bhan Casper Abraham
Director Director Director
M- 98337 67114 M- 99680 05042 M- 98450 61870
info@riskpro.in
manoj.jain@riskpro.in rahul.bhan@riskpro.in casper.abraham@riskpro.in
www.riskpro.in
Shriram Gokte Raj Sawhney
Principal - Information Risk Principal – Business Risk
M- 98209 94063 M- 99711 03510
shriram.gokte@riskpro.in raj.sawhney@riskpro.in
Ahmedabad Pune Agra
Maulik Manakiwala M.L. Jain Alok Kumar Agarwal
Associate Firm Principal – Strategy Risk Associate Firm
M - 91 9825640046 M- 9822011987 M- 99971 65253
mljain@riskpro.in
Gourav Ladha
Sap Risk Advisory
M- 97129 52955
THANKS
19
25. Governance, Risk and Compliance Offering Our GRC Approach
Company level
•Define Risk Appetite • Reputation Risk Scorecards • Scan of Emerging Risks
•Risk Scorecard • IT Governance
•Risk Heap maps • New Product Approval Policy
Governance Risk management Compliance
• Align Corporate Governance to • Risk assessment • Compliance Risk Policy &
global practices • Process and Control Review Framework
• Board Committee reviews • Insurance & Loss Alignment • Regulatory reviews and audits
• Review and enhance Risk • Incident Reporting Process & • Global regulation compliance
Governance Tool • Compliance Reporting
• Policy and Process Framework • Implementation of 20-30 top • Contractual Risk
• IT Governance Key Risk Indicators (KRI) • 3rd party audits of units
• Whistle Blowing Framework • Fraud Risk Management • Internal Control testing Tools
Services
Support Processes
• GRC Technology Implementation – Provide recommendations and select vendor for GRC Tool
•HR Policies and Processes to minimize people risk, frauds and strengthen succession planning
•Training and Awareness build up – Targeted and Ongoing training in areas of concern.
•E Learning Courses in Risk Management, Fraud Risk Management, Governance etc
25
26. Governance, Risk and Compliance (GRC) Our GRC Approach
Risk management software implementation
• Riskpro helps organisations adapt to change,
manage risk, and effectively comply with the risks
Govern risk & and regulations which effect their businesses.
compliance with • Helps in successfully managing risk and achieving
business benefits compliance in an ever-changing environment while
reducing costs and improving corporate performance
every day.
• Riskpro has several partnerships with world leaders
in implementation of GRC software solutions.
• (BPS Resolver, Methodware, Bwise, Odondo,
Rocsys)
Riskpro Partnerships
• Riskpro is also actively interacting with other Leading
with GRC Vendors vendors for GRC Technology rollout (Bwise, Oracle)
• Riskpro can review the company‘s circumstances
and provide an unbiased opinion n the best product
for the circumstances.
26
27. Risk Based Internal Audit How we Do
Internal Auditing helps an organization
accomplish its objectives by bringing a Enterprise Risk
systematic, disciplined approach to evaluate Assessment
and improve the effectiveness of risk
management, control and governance
processes. Risk
Need of Organizations
Source: The Institute of Internal Auditors 1999 (IIA) Assessment
Process
Reviews
Fraud Benefits of Risk based Audit
Mitigation
• Traditional audit view value added
Control techniques
Reviews •Risk profile of Businesses
•Internal Controls & Ops Risk reviews
Transaction •Cost reductions recommendations
Audit •Review of Fraud Risk Controls
Increasing Enterprise Risk Focus
27
28. Enterprise Risk Management (ERM) - Methodology How we Do
You select the level and size
of ERM efforts to suit your 3 BASIC ERM 4 ENHANCED ERM
needs and budget.
Risk Identification Risk Identification
1 Foundation 2 RISK IDENTIFICATION Foundation Foundation
•FOUNDATION TASKS •Foundation Tasks
•ERM vision •Risk Assessment •RISK ASSESSMENT TASKS •RISK Identification
•Goals and objectives •Gap Analysis •Risk Mgmt for 2-3 critical risks •Enhanced Framework
•Policies •Risk Mapping •Evaluate existing RM structures
•Organization structure •Enhanced management reports
•Alignment to strategies •Dashboards
•Monitoring tools
•Risk based Communication
28
29. IT Governance How we Do
IS AUDIT
• Operating Systems Audit
• Database Audit
• Networking Audit IT GOVERNANCE
• Firewall Audit • COBIT
• IDS Audit • ValIT
• Web Application, Data Center Audit • Balanced Scorecard
• Internet Banking, Core Banking Audit • IT & Business Maturity Models
• Performance & Forensic Auditing
•Application Systems - Functional review
• Compliance with IS Policies & Procedures
IT ASSURANCE
• Business Continuity Planning
• Computer Crime Investigations
INFORMATION SECURITY • Training in IT
• Penetration Testing • Compliance with IS Policies &
• Application Systems - Security review Procedures
• Review of IS Controls
• BS 7799 / (ISO 27001) Implémentation
• Formation of IS Security Policy
• Compliance with IS Policies & Procedures
29
30. Forensic and investigation services How we Do
Based on our understanding of your requirements, we have customized a package of our solution
offerings to meet your needs, which is detailed in the ensuing slides.
Based on our understanding of your requirements, we have customized a package of our solution
To detect and prevent fraud
offerings to meet your needs, which is detailed in the ensuing slides.
and evaluate Code Of Conduct Our Solution for you Benefits To You
Compliance on following Our Solution For you
parameters :-
Fraud Detection Protects you from any
Resolve
Fraudulent Vendor Monterey or Reputational
Investigate Prioritize damage
Recruiting new dealers, solutions and
remedial
suppliers, franchisees or Analyze Source Root measures
Code Of compliance
distributors cause of
Problem establishment
Anti-Fraud Measures Understanding
Your Supply Quantify Loss
Monitoring Compliance and Auth
Chain and Suggest
possible Actions
Enables you to identify
orization
Obtaining And risks / control gaps
securing
Evidence
Workplace Practice To Monitor Your Helps you identify any
Solve
Background check for employees
Process
Compliances undisclosed production
Issues
Confidential
Background check for customers Interviews
Risk Mitigation
with vendors
Prevent default of high value Evaluating your
bills need
30