1

Information Risk & Business

Continuity Management

Riskpro, India

2

Who is Riskpro… Why us?

ABOUT US

Riskpro is an organisation of member firms around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.

Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.

Managed by experienced professionals with experiences spanning various industries.

MISSION

Provide integrated risk management

consulting services to mid-large sized corporate /financial institutions in India

Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.

VALUE PROPOSITION

You get quality advisory, normally delivered by large consulting firms, at fee levels charged by independent & small firms

High quality deliverables

Multi-skilled & multi-disciplined organisation.

Timely completion of any task

Affordable alternative to large firms

DIFFERENTIATORS

Risk Management is our main focus

Over 200 years of cumulative experience

Hybrid Delivery model

Ability to take on large and complex projects due to delivery capabilities

We Hold hands, not shake hands.

3

Risk Management Advisory Services

Training Recruitment

Basel II/III Advisory Market Risk

Credit Risk

Operational Risk

ICAAP

Corporate Risks Enterprise Risk Assessment

Fraud Risk

Risk based Internal Audit

Operations Risk

Forensic services

Information Security IS Audit

Information Security

Business Continuity

IT Assurance

IT Governance

Operational Risk Process reviews

Policy/ Process Review

Process Improvement

Compliance Risk

Governance Corporate Governance

Business Strategic risk

Fraud Risk

Forensic Accounting

Other Risks Business/Strategic Risk

Reputation Risk

Outsourcing Risk

Contractual Risk

Banking – E Learning

Corporate Training

Regular Risk Management Training

Online Training material

Workshops / Events

Virtual Risk Managers

Full Time Risk Professionals

Part time Risk Professionals

Risk Managers on call – free

S E

R V

I C

E S

4

Information Risk Governance

CHALLENGES

Mitigation of risks related to information assets requires an organization to think outside of traditional

IT controls and also look at their non-IT areas for information related risks such as people risks,

compliance risks, third party/supplier risks, client related risks and physical/environmental risks.

UK’s Data Protection Act, Indian Information Technology Act, US GLB/HIPAA puts onus on the

information owners as well as information processor for the protection of the information. Aside from

fines & penalties, companies should also think of reputation issues & business loss due to a breach.

High attrition, skills/knowledge loss and valuable intellectual property in people intensive operations

such as banks, insurance firms, BPO/KPOs can exacerbate threats to information.

Most companies do not treat information as company assets and therefore there is insufficient

oversight from board, auditors etc.

BACKGROUND

In an environment of escalating information security threats, technology outages, data integrity and

quality issues, corporate governance concerns and privacy regulations, organizations need to be sure

of the integrity, confidentiality, and availability of their paper & electronic information and

underlying systems.

This requires information handling, communication & storage systems that are properly deployed,

monitored and controlled.

With increasing regulatory norms being enforced for companies, managing risks affecting

confidentiality, integrity and availability of vital information assets has become one of the most

important business drivers as well as a key differentiator from competition.

5

Information Security Assessments

Dipstick Review

Dipstick review is a high level look at the significant risks affecting

information assets and a quick look at the controls. This review is suitable for

a quick and dirty look at the low hanging fruits or for setting context for a

bigger review.

Based on the global control frameworks such as ISO 27001, COBIT & ITIL,

the IS audit service is meant to augment the regular internal audits & provide

expertise on information security controls. The audit covers regulatory

compliances, adherence to internal policies/procedures, second party vendor

audits, readiness checks for certifications, and compliances

Review of

Compliance with UK

Data Protection Act

UK’s Data Protection Act of 1998 puts onerous responsibilities on data

controllers and data processors. Penalties for noncompliance include

personal liability, penalties as well as possible reputation loss. The 7th and

8th principals are relevant to data flowing to locations outside of UK and EEA

(European Economic Area). We have experts who have dealt with DPA

compliances & data export and offer consulting on how a non-EEA company

handling UK personal data can comply with DPA principles & requirements.

Information Security

Audits

Information security awareness training Info Sec Training

6

ISO 27001 Certification Services

ISO 27001 design &

implementation

consulting

ISO 27001 consulting including gap assessments, policy & procedure design,

risk assessments, information systems controls design and evaluation. We

follow proven methodologies to enable your company get certified to ISO

27001 standard and sustain the certification. We can also provide entire

lifecycle support to ensure that after certification the client is ready for the

periodic surveillance audits.

Pre-certification

assessments

A pre-certification audit is a high level evaluation indicating where your

company currently stands in compliance with ISO 27001 before the main

certification audit. This audit is conducted under certification audit conditions

and non-conformances are identified for the client’s action. Pre-certification

ISO 27001 is a global standard for information security practices. Originating from the British

standard BS7799, ISO 27001 certification goes beyond traditional IT security & also includes

other important risk areas such as employee related risks (during hiring, employment, transfers

& termination), Physical/environmental risks, compliance related risks, business continuity

risks, senior management commitment, linkage to risk management etc. There are 133

specific controls across 11 domains & certification is given by the external certification body

only against demonstrable implementation of controls

7

Business Resiliency (BCP/DR/CM) Consulting

Business Impact

Analysis (BIA)

Identifying process criticalities, recovery priorities, recovery time

objectives (RTO), recovery points (RPO) & resource requirement.

These form the foundation of BCP planning.

Testing services

Design and development of BCP and Crisis Management program so

that BCP/CM strategies & tactics support business objectives even in a

disaster situation. We also provide entire BCP lifecycle support.

BCP Crisis

Management plan

development &

Implementation

Testing of various intensities from a walkthrough, desktop scenario to

full BCP test. We can also provide a high intensity & complex scenario

for stress testing BCP/CM teams.

All organizations should plan for contingencies so that business remains resilient and company

can provide immediate, accurate and measured response to emergency situations. A resilient

operations has sufficient planning in place and has implemented backup/recovery strategies

for its data, people & infrastructure so that Critical Business Process are continued and

negative impact on Business and revenue is reduced. Regulators & compliances such as

Basel II require robust BCP/DR/CM programs commensurate with business objectives.

BCP/CM training Various BCP/CM trainings for all employees, crisis management team

or BCP team members.

8

Riskpro Clients

Our Clients

Any trademarks or logos used throughout this presentation are the property of their

respective owners

9

Team Experiences Our Experiences

Any trademarks or logos used throughout this presentation are the property of their

respective owners

Our team members have worked at world class Companies

10

RESUMES – Our team

Founder - Riskpro

CA, CPA, MBA-Finance (USA), FRM (GARP)

Over 10 years international experience – 6 years in Bahrain and 4 years USA

15 years exp in risk consulting and internal audits

Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)

Specialization in Operational Risk, Basel II, Sox and Control design

Led medium to large engagement teams

Ma

no

j Ja

in

Co- Founder - Riskpro

CA (India), MBA (Netherlands), CIA (USA)

Over 15 years of extensive internal and external audit experience in India and abroad.

Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.

Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc.

Ra

hu

l B

ha

n

Credentials

11

RESUMES - Our team

Co-Founder - Riskpro

B Tech MBA

22 years of audit, risk management, information security & Compliance experience

Most recent employment with Paternoster, a UK Insurance company as Directpr Risk & Compliance

Worked for Principal Financial Group at their Des Moines USA HO and then Birla Sun Life Insurance as CRO

Strong operational process, risks, info sec and internal controls experience

Has taken 3 companies through ISO 27001 certifications.

Sh

rira

m G

okte

Co-Founder - Riskpro

PGD (Electrical & Electronics & Computer Programming)

30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.

Has created Companies, Divisions, Products, Brands, Teams & Markets.

Consulting in Business, Technology, Marketing & Sales & Strategic Planning.

Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard

Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,

Ca

sp

er A

bra

ha

m

Credentials

12

Specialist Risk Consultant – Business Continuity

Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals

Founding director and first Fellow of the Business Continuity Institute

Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management

Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom

Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.

Andre

w H

iles

RESUMES - PARTNERSHIPS

Specialist Risk Consultant – Enterprise Risk Management

Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.

Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA)

Past experiences include USAA, PepsiCo, American National Red Cross ,Verizon

Chris E

. M

andel

13

Contacts and Office Locations

THANKS

Corporate Mumbai Delhi Bangalore

info@riskpro.in

www.riskpro.in

Manoj Jain

Director

M- 98337 67114

manoj.jain@riskpro.in

Shriram Gokte

Principal - Information Risk

M- 98209 94063

shriram.gokte@riskpro.in

Rahul Bhan

Director

M- 99680 05042

rahul.bhan@riskpro.in

Raj Sawhney

Principal – Business Risk

M- 99711 03510

raj.sawhney@riskpro.in

Casper Abraham

Director

M- 98450 61870

casper.abraham@riskpro.in

Ahmedabad Pune Agra

Maulik Manakiwala

Associate Firm

M - 91 9825640046

Gourav Ladha

Sap Risk Advisory

M- 97129 52955

M.L. Jain

Principal – Strategy Risk

M- 9822011987

mljain@riskpro.in

Alok Kumar Agarwal

Associate Firm

M- 99971 65253