1. IT Risk Advisory Services
Riskpro India Ventures (P) Limited
New Delhi, Mumbai, Bangalore
1
2. Who is Riskpro… Why us?
ABOUT US MISSION
Riskpro is an organisation of member firms
around India devoted to client service Provide integrated risk management
excellence. Member firms offer wide range consulting services to mid-large sized
of services in the field of risk management. corporate /financial institutions in India
Currently it has offices in three major cities Be the preferred service provider for
Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance
in other cities. (GRC) solutions.
Managed by experienced professionals with
experiences spanning various industries.
VALUE PROPOSITION DIFFERENTIATORS
You get quality advisory, normally delivered
by large consulting firms, at fee levels Risk Management is our main focus
charged by independent & small firms
Over 200 years of cumulative experience
High quality deliverables
Hybrid Delivery model
Multi-skilled & multi-disciplined organisation.
Ability to take on large and complex projects
Timely completion of any task due to delivery capabilities
Affordable alternative to large firms We Hold hands, not shake hands.
2
3. Our Network Presence
New Delhi
Agra
Ahmedabad
Kolkata
Mumbai
Pune
Bangalore
Salem
3
4. IT Services Landscape
The Backdrop:
o Fast changing IT services market
o Technological advances
o Rising integration of business and technology
o Corporate focus on core competencies
o Maturation of IT vendor management role
Business Need:
o Meeting cost, time-to-market
o Innovation objectives
o Realization by corporates to assemble and integrate services and solutions
o Growing demand from best-in-breed suppliers
o Acquire the right services at the right prices
o Must have deep knowledge of the IT services marketplace
o Understanding its future direction
o New trends in the application and infrastructure services marketplace
4
5. Riskpro
IT Risk Advisory Service Service Offerings
Information Information Information Information Information
Technology Security Security Technology Technology
Service Management Audit Assurance Governance
Management
5
6. IT Service Management How we Do
•Service architecture Scoping
•SLA’s
Consulting •ITSM Assessment
•Control Processes
• Service Delivery
• Release & Resolution
• IT service road mapping
• GAP Analysis
Standardizing •
•
•
Tollgate review
Performance metrics analysis
Compliance review
• Standard pre-assessment
• ISO 20000
Compliances •
•
•
ITIL practices
PDCA cycle alignment
Training- Basic / Advanced
Value Proposition
• Efficient business service delivery processes
• Reduced risk in using external service providers
• Reduced costs
• Enhanced ability to manage business complexities in a diverse operational environment
6
7. Information Security Management How we Do
• Risk Assessment & Management
• IS security policy framework
Consulting •
•
Internal audit procedures
IS controls review
• Penetration testing
• Compliance- IS policies
• IS security implementation review
Standardizing •
•
•
GAP analysis
Performance metrics analysis
Vulnerability assessment
• SAS Type II audits & compliance
• BS 7799 implementation
• ISO 27001/17799 implementation
Compliances •
•
DPA
GLBA
• HIPAA
Value Proposition
• Operational resilience
• Risk reduction
• Secure best practices
• Business continuity preventive approach
7
8. Information Security Audit How we Do
• Operating system audits
• Database audits
Consulting •
•
Networking/ Firewall audits
Application systems – Functionality
assessment
• Web application/Data centre audit
• Institutional risk areas review
• General Controls- Physical
Standardizing security/BCP/BRP
• Change management – Controls & Tracking
• Application Controls- System edits/Access
• IS policies and procedures
Compliances •
•
•
IDS
Forensic auditing
FERPA
Value Proposition
• Robust IT governance framework
• Strategic & operational value through business-risk focused approach
• Pre-emptive risk control capability
• Corporate IT compliance adherence for future business initiatives and IT investments
8
9. IT Assurance How we Do
• Business Continuity Planning
•
Consulting •
Cyber crime investigative services
IT external & internal audits
• IT assessment and benchmarking
• Data protection and privacy
•
Standardizing •
IT security & business flexibility
IT project assurance reviews
• Compliances – IS policies
• SAS 70
• ISAE 3402
Compliances • ISO 27002
• PCI DSS
Value Proposition
• Advanced technologies capabilities advisory
• Proactively manage your technology risks
• Helping you to use data to fullest potential use
• Securing while delivering high performance business results
9
10. IT Governance How we Do
• COBIT and ITIL reviews
•
Consulting •
Identification of IT risks exposure
Risk mitigation controls review
• Balanced scorecard
• Val IT business valuation plan
•
Standardizing •
IT & Business Maturity models
IT governance improvement methods
• Improving IT skills & resources
• ISO 38500/COBIT
•
Compliances •
CMM
TOGAF
• ISO 22301 (new standard)
Value Proposition
• Ensuring your organizational structures & business processes are complaint
• IT support framework enables to meet business strategic objectives
• Useful framework tool for benchmarking the balance and effectiveness of IT governance
practices
10
12. IT Service Management- Detailed Components How we Do
- Systematic defining business case
- Assessment of current- state gaps
Process Excellence - Defining optimum process frameworks
- Training & process deployment
- Effective change management
- Agile readiness- Risk identification & mitigation
- Agile maturity assessment
Agile Services - Process definition and best fit deployment
- Project manager services
- Training and mentoring services
- Lean assessment for end-to-end processes
- Opportunity assessment - Identifying improvements
Lean Six Sigma - Project execution
- Coaching & mentoring for processes
- Training & Certification- GB/BB
- Service model assessment & design
- Process design , documentation
Service Excellence - Maturity evaluation and audits
- Outsourcing service model design
- Configuration management
- Baseline assessment existing vs industry best practice
- Design estimation processes and techniques
Software Estimation - Deployment and continuous improvement process
- Organization performance benchmarking
12
13. Information Security Mgmt- Detailed Components How we Do
- Risk assessment /Developing mitigation strategy
- Business critical function>Outage & Recovery time
Business Continuity - Developing business/IT disaster recovery plan
- BS 25999 implementation support –BCM tools
- BCM audits and training
- Vulnerability & penetration testing
- Static and dynamic analysis (secure code review)
Enterprise Application Security - Security configuration review
- Compliance assessment ( SOX, PCI, HIPAA)
- Remediation plan
- IAM Visualization- Feasibility/Roadmap/Business case
- IAM solution evaluation-
Identity and Access Management - IAM prioritization- TCO & Cost benefit analysis
- IAM Execution- Role management/SSO/Access
- Audit, reporting, Training
-
- Compliance assessment – GAP analysis
- Vendor/ Third party risk assessments
IS Compliance - ISO 27001 advisory (Controls design & Evaluation)
- IS Audit- Risk based/IT security/IT operations/ERP
- IT GRC : Software's, Strategy , framework & roadmap
-
13
14. Information Security Audit- Detailed Components How we Do
- Policy and Procedure Review
- Active Social Engineering
Security Operations
- Third Party Oversight Review
- System Inventory & Documentation
Threat Mitigation
- Physical/Environmental SecurityReview
Security Technologies - Personnel / IT Staff Training
- Internal Vulnerability assessment
Professional Services - Host/ Network Diagnostic Review
- Access Control Review
14
15. IT Assurance - Detailed Components How we Do
- Enterprise Test Strategy
- Test process definition
- Structural code assessment
- Test automation strategy: Tools/ Framework
- Performance Test strategy: Tools
Consulting & Advisory - Security Test strategy: Tools
- Test environment & Data management
- Specialized test strategy
- Tool and product evaluation
- Administration and Management
- Requirement management
- Static Analysis/Structural code evaluation
- Unit and integration testing
- Functional testing ( system, integration cycle)
- Performance testing (Load, volume, Stress , tuning)
Functional/ Support Services - Security testing
- Non-functional testing ( OAT, Usability)
- Regression testing
- Test automation
- Environment management- Data, Release, UAT
15
16. IT Governance - Detailed Components How we Do
Project Portfolio Management High Availability –Disaster
Strategy & Roadmap Recovery Set up
Process Re-engineering Dashboards- Predictive Analysis
Migrations-
Outsourcing Governance
Extract > Transport > Load
Application Portfolio Rationalization Integrations & Upgrades
Production Support-
Performance Management
Implementation /Maintenance
16
17. Riskpro Clients Our Clients
*Any trademarks or logos used throughout this presentation are the property of their respective owners
17
18. Team Experiences Our Experiences
Our team members have worked at world class Companies
*Any trademarks or logos used throughout this presentation are the property of their respective owners
18
19. RESUMES – Our team Credentials
Co-Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Manoj Jain
Over 10 years international experience – 6 years in Bahrain and 4 years USA
15 years exp in risk management consulting and internal audits, Specialization in
Operational Risk, Basel II, Sox and Control design
Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain),
Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
Co- Founder - Riskpro
CA (India), MBA (Netherlands), CIA (USA)
Rahul Bhan
Over 15 years of extensive internal and external audit experience in India and
abroad.
Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young
Kuwait, Deloitte Netherlands and KPMG India.
Worked with clients in a wide variety of industries and countries including trading,
retail and consumer goods, NGO, manufacturing and banking and finance. Major
clients include banks, investment companies, manufacturing organizations,
aviation etc.
19
20. RESUMES - Our team Credentials
Co-Founder - Riskpro
Casper Abraham
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions
for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems
Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
Sr Vice President – Risk Management
MBA, PDFM,NSE-NCFM, PMP, CSSGB,ISO 9001:2000 I.A,GARP-FBR, ITILV3,CPP-BPM
Hemant Seigell
Professional with 17 years of rich experience into diverse Consumer finance/ Lending
operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting &
Housing finance in BFSI industry having successfully led key business strategic
engagements across multi-product environment in APAC, Australia and US regions.
Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank
Highly skilled and expert Trainer in Risk areas across Credit, Fraud, Operational, Corporate
Risk management.
Specializes in Fraud Control, AML/KYC Compliance ,QA ,ERM and Regulatory governance.
20
21. RESUMES - Our team Credentials
Head - Insurance Risk Advisory services
B.sc, Associate of Indian Institute of Insurance
Licensed Category A Insurance surveyor
R. Gupta
26 years of experience in Insurance advisory services, Loss adjusting for large
corporates,Claims management.
Has assessed more than 4500 high value insurance claims across various industry
sectors.
Risk management inspection
Valuations of fixed assets for insurance purpose.
Head - Human Capital Management
Nilesh Bhatia
Chartered Accountant, Lead Assessor ISO 9000, Six Sigma Trained, Trained on Situational
Leadership, Trained on interviewing skills and Whole Message Model.
Over two decades of international, multi-cultural experience in finance and human resources
viz. internal audit, accounting operations, accounting process review & re-designing, risk
management, business solutioning, six sigma projects, talent acquisition, talent retention,
organization design/redesigning, compensation and appraisal processing, employee and
customer satisfaction surveys, knowledge management and finance services.
Worked with Citicorp/MGF, India Glycol, Delphi, American Express India, American Express
USA, Fidelity International and Macquarie Global Finance Services India.
21
22. RESUMES - Our team Credentials
Head Taxation Risk Advisory
Rajesh Jhalani
B.Com, FCA
Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra
and Mehrotra
Over 19 years of experience in the field of Audit, Taxation, Company law matters.
Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of
India etc.
Specialist Risk Consultant – ERP & IT Compliance
SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access
Gourav Ladha
Controls trained (from SAP India)
Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing
on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong,
etc
Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP
Security & Segregation of Duties Control Audit, ERP Trainings,
Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG,
Pharmaceutical, Retail, Telecommunication to IT Services
Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services
22
23. RESUMES - PARTNERSHIPS Credentials
Consultant – Information Security & IT Governance
LLB, CA, CISA, CWA, CS, CFE and others
Anjay Agarwal
Over 15 years of experience in the field of Audit, Taxation, Investigations.
Specializing in the field of Systems Audit, Cybrex Audit, Computer Crime
Investigations, IS Forensics
International Committee Member of Governmental and Regulatory Agencies
Board and Academic Relations Committee of ISACA, USA
Consultant – Quality Management
Founder of PMG, a TQM Consulting Co in Delhi
Piyush Kumar
Mechanical Engineer
20+years experience in TQM concepts.
Strong skill set in various productivity & quality improvement projects including
Six Sigma offerings
Past experiences include reputed organizations like Andersen Consulting, Eicher
Consulting & Nathan & Nathan consultants
23
24. RESUMES - PARTNERSHIPS
Specialist Risk Consultant – Business Continuity
Andrew Hiles
Founder and 15-year Chairman of Survive, the first international user group for Business
Continuity professionals
Founding director and first Fellow of the Business Continuity Institute
Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and
Business Continuity and ICT Disaster Recovery Management
Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy,
Manufacturing, Retail, Hi-Tech & Telecom
Western Press Award for services to business, 1994; BCI/CIR nomination for
lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine,
2004, Washington DC.
Specialist Risk Consultant – Enterprise Risk Management
Chris E. Mandel
Highly skilled risk and insurance professional with 25 years of experience designing, developing and
implementing large, global corporate risk management programs for Fortune 500 firms.
Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA) Co-founder
and EVP, Professional Services, rPM3 Solutions, LLC (Maryland, USA).
Past experiences include Head of Global Risk Management for USAA, PepsiCo/Tricon Global and
American National Red Cross
Additional risk and insurance experience at Verizon Corp,. Marsh USA and Liberty Mutual Insurance
Co.
2004 Risk Manager of the Year – 2007 recipient of the Alexander Hamilton Award for “Excellence in
ERM” (at USAA) – former President, Risk and Insurance Management Society, Inc.
24
25. Strategic Alliance - ‘AssureEasy’ GRC Tool
NIIT technologies and RiskPro offer a Unique GRC Management solution on cloud wherein NIIT provides the best in
the breed Application platform and RiskPro brings best in class integrated risk management consulting services
Platform Differentiators Risk Expertise
Cloud hosting model
High performance business results
No CAPEX, Infrastructure Investment
Improved portfolio optimization
No ongoing application/infrastructure
Enhancing organization’s ability for
maintenance cost
effective utilization of risk capital
Unique Delivery model
Extremely Fast Implementation
Highly experienced team of risk professionals with
Out of the box implementation in 2-3 weeks time
plethora of risk domain knowledge and business
Highly configurable and flexible platform
solutions
Customized solutions as per client’s needs
Credibility
Market Differentiators
Platform users include Cognizant , RBS , Fidelity ,
Premier risk consulting firm serving top
NIIT Technologies etc.
corporates/PSU’s as preferred knowledge
High CSAT ratings from existing Customers
partners
Increasing market penetration combined with
System Integration Capabilities
unique value proposition in risk consulting space
Services around solution implementation
Risk Management Capability
/Application and Infrastructure support
Quick client assessment and delivery proposal
Industry packaged solution using domain
across ERM
expertise from NIIT’S vertical teams.
Multi industry and functional domain solutions
25
