Date post: | 13-Sep-2014 |
Category: |
Business |
View: | 339 times |
Download: | 1 times |
1
Information Risk & Business
Continuity Management
Riskpro, India
2
Who is Riskpro… Why us?
ABOUT US
Riskpro is an organisation of member firms around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.
Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.
Managed by experienced professionals with experiences spanning various industries.
MISSION
Provide integrated risk management
consulting services to mid-large sized corporate /financial institutions in India
Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.
VALUE PROPOSITION
You get quality advisory, normally delivered by large consulting firms, at fee levels charged by independent & small firms
High quality deliverables
Multi-skilled & multi-disciplined organisation.
Timely completion of any task
Affordable alternative to large firms
DIFFERENTIATORS
Risk Management is our main focus
Over 200 years of cumulative experience
Hybrid Delivery model
Ability to take on large and complex projects due to delivery capabilities
We Hold hands, not shake hands.
3
Risk Management Advisory Services
Training Recruitment
Basel II/III Advisory Market Risk
Credit Risk
Operational Risk
ICAAP
Corporate Risks Enterprise Risk Assessment
Fraud Risk
Risk based Internal Audit
Operations Risk
Forensic services
Information Security IS Audit
Information Security
Business Continuity
IT Assurance
IT Governance
Operational Risk Process reviews
Policy/ Process Review
Process Improvement
Compliance Risk
Governance Corporate Governance
Business Strategic risk
Fraud Risk
Forensic Accounting
Other Risks Business/Strategic Risk
Reputation Risk
Outsourcing Risk
Contractual Risk
Banking – E Learning
Corporate Training
Regular Risk Management Training
Online Training material
Workshops / Events
Virtual Risk Managers
Full Time Risk Professionals
Part time Risk Professionals
Risk Managers on call – free
S E
R V
I C
E S
4
Information Risk Governance
CHALLENGES
Mitigation of risks related to information assets requires an organization to think outside of traditional
IT controls and also look at their non-IT areas for information related risks such as people risks,
compliance risks, third party/supplier risks, client related risks and physical/environmental risks.
UK’s Data Protection Act, Indian Information Technology Act, US GLB/HIPAA puts onus on the
information owners as well as information processor for the protection of the information. Aside from
fines & penalties, companies should also think of reputation issues & business loss due to a breach.
High attrition, skills/knowledge loss and valuable intellectual property in people intensive operations
such as banks, insurance firms, BPO/KPOs can exacerbate threats to information.
Most companies do not treat information as company assets and therefore there is insufficient
oversight from board, auditors etc.
BACKGROUND
In an environment of escalating information security threats, technology outages, data integrity and
quality issues, corporate governance concerns and privacy regulations, organizations need to be sure
of the integrity, confidentiality, and availability of their paper & electronic information and
underlying systems.
This requires information handling, communication & storage systems that are properly deployed,
monitored and controlled.
With increasing regulatory norms being enforced for companies, managing risks affecting
confidentiality, integrity and availability of vital information assets has become one of the most
important business drivers as well as a key differentiator from competition.
5
Information Security Assessments
Dipstick Review
Dipstick review is a high level look at the significant risks affecting
information assets and a quick look at the controls. This review is suitable for
a quick and dirty look at the low hanging fruits or for setting context for a
bigger review.
Based on the global control frameworks such as ISO 27001, COBIT & ITIL,
the IS audit service is meant to augment the regular internal audits & provide
expertise on information security controls. The audit covers regulatory
compliances, adherence to internal policies/procedures, second party vendor
audits, readiness checks for certifications, and compliances
Review of
Compliance with UK
Data Protection Act
UK’s Data Protection Act of 1998 puts onerous responsibilities on data
controllers and data processors. Penalties for noncompliance include
personal liability, penalties as well as possible reputation loss. The 7th and
8th principals are relevant to data flowing to locations outside of UK and EEA
(European Economic Area). We have experts who have dealt with DPA
compliances & data export and offer consulting on how a non-EEA company
handling UK personal data can comply with DPA principles & requirements.
Information Security
Audits
Information security awareness training Info Sec Training
6
ISO 27001 Certification Services
ISO 27001 design &
implementation
consulting
ISO 27001 consulting including gap assessments, policy & procedure design,
risk assessments, information systems controls design and evaluation. We
follow proven methodologies to enable your company get certified to ISO
27001 standard and sustain the certification. We can also provide entire
lifecycle support to ensure that after certification the client is ready for the
periodic surveillance audits.
Pre-certification
assessments
A pre-certification audit is a high level evaluation indicating where your
company currently stands in compliance with ISO 27001 before the main
certification audit. This audit is conducted under certification audit conditions
and non-conformances are identified for the client’s action. Pre-certification
ISO 27001 is a global standard for information security practices. Originating from the British
standard BS7799, ISO 27001 certification goes beyond traditional IT security & also includes
other important risk areas such as employee related risks (during hiring, employment, transfers
& termination), Physical/environmental risks, compliance related risks, business continuity
risks, senior management commitment, linkage to risk management etc. There are 133
specific controls across 11 domains & certification is given by the external certification body
only against demonstrable implementation of controls
7
Business Resiliency (BCP/DR/CM) Consulting
Business Impact
Analysis (BIA)
Identifying process criticalities, recovery priorities, recovery time
objectives (RTO), recovery points (RPO) & resource requirement.
These form the foundation of BCP planning.
Testing services
Design and development of BCP and Crisis Management program so
that BCP/CM strategies & tactics support business objectives even in a
disaster situation. We also provide entire BCP lifecycle support.
BCP Crisis
Management plan
development &
Implementation
Testing of various intensities from a walkthrough, desktop scenario to
full BCP test. We can also provide a high intensity & complex scenario
for stress testing BCP/CM teams.
All organizations should plan for contingencies so that business remains resilient and company
can provide immediate, accurate and measured response to emergency situations. A resilient
operations has sufficient planning in place and has implemented backup/recovery strategies
for its data, people & infrastructure so that Critical Business Process are continued and
negative impact on Business and revenue is reduced. Regulators & compliances such as
Basel II require robust BCP/DR/CM programs commensurate with business objectives.
BCP/CM training Various BCP/CM trainings for all employees, crisis management team
or BCP team members.
8
Riskpro Clients
Our Clients
Any trademarks or logos used throughout this presentation are the property of their
respective owners
9
Team Experiences Our Experiences
Any trademarks or logos used throughout this presentation are the property of their
respective owners
Our team members have worked at world class Companies
10
RESUMES – Our team
Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Over 10 years international experience – 6 years in Bahrain and 4 years USA
15 years exp in risk consulting and internal audits
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
Specialization in Operational Risk, Basel II, Sox and Control design
Led medium to large engagement teams
Ma
no
j Ja
in
Co- Founder - Riskpro
CA (India), MBA (Netherlands), CIA (USA)
Over 15 years of extensive internal and external audit experience in India and abroad.
Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.
Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc.
Ra
hu
l B
ha
n
Credentials
11
RESUMES - Our team
Co-Founder - Riskpro
B Tech MBA
22 years of audit, risk management, information security & Compliance experience
Most recent employment with Paternoster, a UK Insurance company as Directpr Risk & Compliance
Worked for Principal Financial Group at their Des Moines USA HO and then Birla Sun Life Insurance as CRO
Strong operational process, risks, info sec and internal controls experience
Has taken 3 companies through ISO 27001 certifications.
Sh
rira
m G
okte
Co-Founder - Riskpro
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
Ca
sp
er A
bra
ha
m
Credentials
12
Specialist Risk Consultant – Business Continuity
Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals
Founding director and first Fellow of the Business Continuity Institute
Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management
Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom
Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.
Andre
w H
iles
RESUMES - PARTNERSHIPS
Specialist Risk Consultant – Enterprise Risk Management
Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.
Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA)
Past experiences include USAA, PepsiCo, American National Red Cross ,Verizon
Chris E
. M
andel
13
Contacts and Office Locations
THANKS
Corporate Mumbai Delhi Bangalore
www.riskpro.in
Manoj Jain
Director
M- 98337 67114
Shriram Gokte
Principal - Information Risk
M- 98209 94063
Rahul Bhan
Director
M- 99680 05042
Raj Sawhney
Principal – Business Risk
M- 99711 03510
Casper Abraham
Director
M- 98450 61870
Ahmedabad Pune Agra
Maulik Manakiwala
Associate Firm
M - 91 9825640046
Gourav Ladha
Sap Risk Advisory
M- 97129 52955
M.L. Jain
Principal – Strategy Risk
M- 9822011987
Alok Kumar Agarwal
Associate Firm
M- 99971 65253