1. Vendor Risk Management Services
Riskpro India Ventures (P) Limited
New Delhi, Mumbai, Bangalore
1
2. Who is Riskpro… Why us?
ABOUT US MISSION
Riskpro is an organisation of member firms
around India devoted to client service Provide integrated risk management
excellence. Member firms offer wide range consulting services to mid-large sized
of services in the field of risk management. corporate /financial institutions in India
Currently it has offices in three major cities Be the preferred service provider for
Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance
in other cities. (GRC) solutions.
Managed by experienced professionals with
experiences spanning various industries.
VALUE PROPOSITION DIFFERENTIATORS
You get quality advisory, normally delivered
by large consulting firms, at fee levels Risk Management is our main focus
charged by independent & small firms
Over 200 years of cumulative experience
High quality deliverables
Hybrid Delivery model
Multi-skilled & multi-disciplined organisation.
Ability to take on large and complex projects
Timely completion of any task due to delivery capabilities
Affordable alternative to large firms We Hold hands, not shake hands.
2
4. About Riskpro
ORM Services
Creating an Operational Risk Framework Using the Operational Risk Framework
Large talent pool of risk experts, consultants and
Analysis of Definition Aggregation Measurement
associate partners in India with deep domain skills for processes,
weak points &
of risk and
performance
and reporting of
process quality
& collection of
operational
Capital adequacy Performance
calculation measurement
control points indicators & risk levels risk loss data
domestic and global clients • To describe • To make the OR • To provide risk • Provide the • To prioritise risk • Risk must be • Risk data integrated
Objective
responsibilities status evident and information for all link between reduction measures calculated by into performance
and levels of facilitate risk management the risk rating • To understand loss business line measurement and
service for analysis for each levels aggregation incidence across • Regulatory and MIS
11 service locations across Indian region with key functions,
business units
control and risk
point
and the loss
data
the bank economic capital
calculation and
and processes
offices in New Delhi, Mumbai and Bangalore • Thorough • Risk and
collection
• Risk indicators • The process/ • Capture of losses
allocation
• A quantification • Measures include:
Outcome
assessment of control are aggregated service model and near misses methodology is - ROI
processes and indicators are into meaningful defines risk and linking to the developed - RAROC
system weak defined risk ratings that rating/loss weak points including stress - EVA
points and • Drivers and are monitored correlation • External loss data testing and - Earnings
identification of causes of OR daily for modelling can scenario analysis volatility
Deep expertise in consulting with over 200 years control points are analysed also be collected Functionality under development
of cumulative consulting experience • Design and implement an operational
risk management framework
• ORM key indicators and performance
Operating Groups: Risk-Advisory, Consulting,
Training & HCMS
Enterprise Risk Management
Service Lines : Credit, Operational, Fraud Risks,
ERM, Regulatory Compliance, Corporate
governance
We are fastest growing risk consulting company
and have realistic plans to capture coming
opportunities while competing with Big - 4’s for
superior, unmatched, low cost services to our
clients • Enhance risk-response decisions.
• Minimize operational surprises and losses.
• Identify and manage cross-enterprise risks.
• Provide integrated responses to multiple risks.
• Rationalize capital
4
5. Risk Management Advisory Services
Corporate Risks
Basel II/III Advisory Enterprise Risk Management IT Risk Advisory
Market Risk Fraud Risk IS Audit
Credit Risk Risk based Internal Audit IT Security
Operational Risk Operations Risk IT Assurance
SERVICES
ICAAP Forensic services IT Governance
Operational Risk Governance Other Risks
Process reviews Corporate Governance Business/Strategic Risk
Policy/ Process Review Business Strategic risk Reputation Risk
Process Improvement Fraud Risk Outsourcing Risk
Compliance Risk Forensic Accounting Contractual Risk
Insurance Risk
Training Recruitment
Banking – E Learning
Corporate Training Independent Directors for Corporates
Regular Risk Management Training Senior level industry professionals
Online Training material Full Time Risk Professionals
Workshops / Events Part time Risk Professionals
AML-KYC/ ISO Standards
5
6. 4. Vendor Risk Management- Perspective
Geo-political Risk Reputational Risk Business Continuity Risk
Supply Chain Risk Assessment Non compliance with laws Operations Disruption
Economic Analysis- Debt vs. GDP Public enforcement action Lack of robust BCP / DRP
Political Environment Class action law suits Unsatisfactory performance
Potential Financial Loss Negative publicity Absence of multiple vendor availability
Vendor Risk Mitigation Task List
Operational Risk Compliance Risk
-Ensure vendor is complying with laws
-Periodically analyzing its financial condition
-Performing on-site quality assurance reviews
Operational System failure Consumer protection laws -Regularly review metrics for SLA’s
-Review customer complaints for services
-Conduct anonymous testing
Service Delivery interruption Third part oversight failure
-Assessing contract terms compliance
-Testing business contingency planning
-Evaluate adequacy of training to employees
Natural hazard Insurance Restitution/Civil money penalty
-Periodic meeting s to review contract
performance and operational issues
Civil penalties Fixed duration binding contracts
6
7. High Risk Vendor Categories
Core Processors ATM Networks
Internet Banking/ Bill Network Security Providers
Payment/ Cash Management/
Web Site/Email Hosts
Etc Providers
CRM Providers
Credit/Debit Card Processors
Payroll Processors
Cheque Printers
And the list is endless.
Statement Printers
Network Security Consultants
7
8. Vendor Risk Management Framework
Planning/Risk Vendor Due Risk Measurement
Assessment Diligence and Control
Cost Benefit Analysis Pre-Contract Network & Desktop Security
Business case of outsourcing
3rd Party experience Personnel Control Security
with Risk Assessment
Client Confidentiality
Regulatory & Process
Referrals, qualifications Agreement and/or Privacy
Compliance
Policy
HR Policies - Background
Data security and member
Checks, Employee
confidentiality
Confidentiality
Info Security Policies -
Business resumption or
Physical Security,
contingency planning
Environmental Controls
8
9. Benefits of Vendor / 3rd party Risk Management
Meet regulatory requirements with respect to vendor risk management
Actually derive business value from third party relationships as
reflected in the business case
Gain insight into risk exposure through a comprehensive risk rank
score for each third-party within your ecosystem
Develop a foundation for risk mitigation tools, controls, and other
compliance efforts
Mitigate risk by targeting operationally material third-parties for
appropriate and proactive monitoring and assessments
Protect your brand and corporate reputation
9
10. 4. Vendor Risk Management – Overview & Impact
Key Risks
1 Loss of key staff or technology infrastructure Vendor Non- compliance Risks
Adverse changes in law and government affecting the
2
company’s business model
Loss of market share or revenue through competition
3
or Regulation
Introduction of competing products and technologies
4 •Responding to these ERM risks requires a robust
by other companies
vendor management program. Managing risk inherited
5 Inability to attract and retain key employees from vendors is an important component of this.
Failure to develop global management and information
6
Systems
•Associating with inappropriate vendors may result in
Exposure to litigation related to the company’s additional unforeseen risks such as wasted capital,
7
products/services product losses and reputation risks.
Deficient products/services provided resulting in loss of
8
Reputation
Inability to react to changes in overseas legal,
9
economic or regulatory environment •Any lapse in controls at 3rd party service provider
could potentially defeat the purpose of an effective in-
Increased pricing pressure from competitors and/or house ERM.
10
customers
10
11. Value Proposition
4. Vendor Risk Management - Objectives Components
Internal Process
Objectives Financial Recovery Governance Partner Education
Enhancement
How to define the objectives?
Governance structures and
Program Structure and Goals Vendor Relationships
compliance programs
Determine Risk Factors & Tolerance
11
12. Value Proposition
4. Vendor Risk Management - Approach Components
High Level Risk Assessment Approach
Vendor Spend
Further Data Analysis
Spend Analysis
Risk Assessment Control Review
Proactive Forensic Analysis Contract Review
Sales & Use Tax
IT Analysis Further Analysis
Recovery Opportunity
Recovery
Sustainability, Financial Stability
Manual Contract Review
Identify vendor risk factors Evaluate vendor risk factors Contracts Evaluation Compliance Reviews
12
13. Risks Associated with Outsourcing
Operational Risk-The operational risks arise because the intermediary loses
direct control over the activities and the processes, procedures, systems and
people engaged in these activities. Therefore, it fails to exercise due care and
diligence if the activity / service falls short of the regulatory standards.
The reputational risks- arise from failure by the third party to deliver as per
regulatory standards which may invite regulatory actions.
The legal risks emanate from the failure to enforce the contractual obligations
particularly when the contractual relationship is not redefined with every
change in basket of activities outsourced or the way these are discharged.
Some other Circumstances risk like Country Risk arise when activities are
outsourced to foreign company.
Concentration and systemic risk if a large number of market intermediaries
rely upon one or a few third parties for the same activity.
13
14. Principles To Be Followed While Outsourcing
I A comprehensive policy to guide - whether and how activities can be
appropriately outsourced.
The board of directors / equivalent body shall have the responsibility for the
outsourcing policy and all activities carried under policy.
II. A comprehensive outsourcing risk management program to address
the outsourced activities and the relationship with the third party.
Regular reviews by internal or external auditors of the outsourcing policies, risk
management system and requirements of the regulator should be mandated.
Intermediary should at least on an annual basis, review the financial and operational
capabilities of the third party in order to assess its ability to continue to meet its
outsourcing obligations
14
15. Principles To Be Followed While Outsourcing cont….
III. The intermediary should ensure that outsourcing arrangements neither
diminish its ability to fulfill its obligations to customers and regulators.
IV Due diligence(Financial soundness , compatibility with objective of
intermediary, third party business reputation etc.) in selecting the third
party.
V. Outsourcing relationships should be governed by written contracts /
agreements . All material aspects should be clearly described like
The rights, responsibilities and expectations of the parties to the contract,
Client confidentiality issues,
Termination procedures, etc.
VI. Establish and maintain contingency plans, including a plan for
disaster recovery and periodic testing of backup facilities.
15
16. 4. Vendor Risk Management – GRC Software Objectives Value Proposition
Ability to perform Structured and Eliminating current Dashboards/Reports
Objective process-oriented process
Assessments approach inefficiencies
•Create consolidated Reports
and Dashboards at an
organization level
•Quantify and objectively •Create a structured, formal •Consolidation efforts are
evaluate Vendor Risk approach to assess , manual, tedious and subject
document and evaluate to error •Utilize the reporting to
Vendor Risk provide Gap and Non
••Develop a Questionnaire Compliance. Help to
based approach to evaluate •Lacks capabilities such as prioritize areas that needs
Vendor Risk •Implement workflow based version control, log attention
system to move across the maintenance , historical
various stages of evaluation trend analysis
16
17. Value Proposition
4. Vendor Risk Management - GRC Tool Solution Components
Map Vendors and related Map Services and related Evaluate Vendors for
attributes( ID , Risk , Email Id) attributes New/Existing services
( Service Risk, Description)
Tool collates response from all Send RFP template to selected Map RFP template for a service
Vendors in interactive reports set of Vendors in the tool
Based on Responses , add Tool generates reports Based on Overall Risk
findings for Vendor responses displaying the Outsourcing select/reject a Vendor
Risk rating
(Service Risk * Finding Score)
Outsourcing Risk Reports
Vendor Compliance Management
17
18. GRC Management Solution
NIIT technologies and RiskPro offer a Unique Risk Management solution on cloud wherein NIIT provides the best in
the breed Application platform and RiskPro brings best in class integrated risk management consulting services
Platform Differentiators Risk Expertise
Cloud hosting model High performance business results
No CAPEX, Infrastructure Investment Improved portfolio optimization
No ongoing application/infrastructure Enhancing organization’s ability for
maintenance cost effective utilization of risk capital
Unique Delivery model
Extremely Fast Implementation Highly experienced team of risk
Out of the box implementation in 2-3 professionals with plethora of risk domain
weeks time knowledge and business solutions
Highly configurable and flexible platform Customized solutions as per client’s needs
Market Differentiators
Credibility Premier risk consulting firm serving top
Platform users include Cognizant , RBS , corporates/PSU’s as preferred knowledge
Fidelity , NIIT Technologies etc. partners
High CSAT ratings from existing Customers Increasing market penetration combined
with unique value proposition in risk
System Integration Capabilities consulting space
Services around solution implementation Risk Management Capability
/Application and Infrastructure support Quick client assessment and delivery
Industry packaged solution using domain proposal across ERM
expertise from NIIT’S vertical teams. Multi industry and functional domain
18 solutions
19. Vendor Risk / Third-party Assurance
Building confident & secure third-party relationships Used by
• Assurance Management
• Third-Party Risk Teams
• Centralized and definitive vendor
service catalog and secure vendor
documentation
• Custom questionnaire templates
and scoring capabilities
• Automated questionnaire
assessments and third-party
response submission workflow
• Custom Finding Templates and
remediation tools - analyst review
• Proactive notification and
collaboration support
• Increased management visibility
• Robust custom reporting tools
19
20. Riskpro Clients Our Clients
*Any trademarks or logos used throughout this presentation are the property of their respective owners
20
21. Team Experiences Our Experiences
Our team members have worked at world class Companies
*Any trademarks or logos used throughout this presentation are the property of their respective owners
21