riskpro iso 31000 services

29
1 Risk Consulting & Advisory Services ISO 31000:2009 Risk Management Standards RiskPro India Ventures (P) Limited New Delhi, Mumbai, Bangalore

Upload: rahul-bhan-ca-cia-mba

Post on 05-Aug-2015

165 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Riskpro Iso 31000 Services

1

Risk Consulting & Advisory Services

ISO 31000:2009 Risk Management Standards

RiskPro India Ventures (P) Limited New Delhi, Mumbai, Bangalore

Page 2: Riskpro Iso 31000 Services

2

Who is Riskpro… Why us?

ABOUT US

Riskpro is an organisation of member firms around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.

Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.

Managed by experienced professionals with experiences spanning various industries.

MISSION

Provide integrated risk management

consulting services to mid-large sized corporate /financial institutions in India

Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.

VALUE PROPOSITION

You get quality advisory, normally delivered by large consulting firms, at fee levels charged by independent & small firms

High quality deliverables

Multi-skilled & multi-disciplined organisation.

Timely completion of any task

Affordable alternative to large firms

DIFFERENTIATORS

Risk Management is our main focus

Over 200 years of cumulative experience

Hybrid Delivery model

Ability to take on large and complex projects due to delivery capabilities

We Hold hands, not shake hands.

Page 3: Riskpro Iso 31000 Services

3

Risk Management Advisory Services

Training Recruitment

Basel II/III Advisory Market Risk

Credit Risk

Operational Risk

ICAAP

Corporate Risks Enterprise Risk Assessment

Fraud Risk

Risk based Internal Audit

Operations Risk

Forensic services

Information Security IS Audit

Information Security

IT Assurance

IT Governance

Operational Risk Process reviews

Policy/ Process Review

Process Improvement

Compliance Risk

Insurance Risk

Governance Corporate Governance

Business Strategic risk

Fraud Risk

Forensic Accounting

Other Risks Business/Strategic Risk

Reputation Risk

Outsourcing Risk

Contractual Risk

Banking – E Learning

Corporate Training

Regular Risk Management Training

Online Training material

Workshops / Events

ISO Standards

Virtual Risk Managers

Full Time Risk Professionals

Part time Risk Professionals

Risk Managers on call – free

S E

R V

I C

E S

Page 4: Riskpro Iso 31000 Services

4

ISO 31000:Future standard on Risk Management

Tackling hazards

Every organization has objectives to

achieve, and in order to achieve them,

any uncertainty that could interfere with

their realization must be effectively

managed.

ISO 31000 is clearly different from

existing guidelines in that the emphasis is

shifted from something happening – the

event – to the effect on objectives.

It sets out principles, a framework, and a

process for the management of all forms

of risk, including safety and environment,

in all organizations, regardless of size.

Key principles which includes-

Communication and Consultation,

Establishing the context, Risk

assessment steps- Identification,

Analysis, Evaluation.

Risk treatment, Monitoring and review.

Page 5: Riskpro Iso 31000 Services

5

ISO 31000: 2009 Risk Management Standards Insight…

5

RISK MANAGEMENT

INTERNATIONAL STANDARD

ISO 31000:2009

ISO Guide 73

Risk Management -

Vocabulary

IEC 31010

Risk Management Risk

Assessment Techniques

ISO 31000

Risk Management –

Principles and guidelines

Standard

Vocabulary

Principles/Guidelines

Assessment

Page 6: Riskpro Iso 31000 Services

6

Evolution of ISO 31000 Journey…

1995

AS/NZS 4360

AS/NZS 4360 AS/NZS 4360

Standards

Australia/New

Zealand

Standards

Australia/New

Zealand

Review 2

Standards

Australia/New

Zealand

Review 1

1999 2004 2002

ISO/IEC

Guide 73

Risk

Management

Vocabulary

Guideline

2004 +

Standards

Version-

Japan

2001

Guidelines

review on Standards

and released for

implementation

Page 7: Riskpro Iso 31000 Services

7

Understand ISO 31000...Future of Risk !

Historical glance - When the Standards Australia/Standards New Zealand Joint

Technical Committee developed AS/NZS 4360 – Risk Management, which was

first published in November 1995, revised in 1999 and most recently revised in

2004. Standards organizations in Canada (1997) and Japan (2001) followed

with their own versions and then in 2002, ISO and the International Electro

technical Commission (IEC) published ISO/ IEC Guide 73, Risk management –

Vocabulary – Guidelines for use in standards.

Every organization has objectives to achieve, and in order to achieve them,

any uncertainty that could interfere with their realization must be effectively

managed.

ISO 31000 is clearly different from existing guidelines in that the emphasis is

shifted from something happening – the event – to the effect on objectives.

It sets out principles, a framework, and a process for the management of all

forms of risk, including safety and environment, in all organizations, regardless

of size.

Key principles which includes- Communication and Consultation, Establishing

the context, Risk assessment steps- Identification, Analysis, and evaluation

Risk treatment, Monitoring and review.

Page 8: Riskpro Iso 31000 Services

8

ISO 31000 Elements Overview… Key Elements

Page 9: Riskpro Iso 31000 Services

9 *This presentation and its contents in part or whole should not be copied or distributed to anyone.

ISO 31000 Elements Demystified

Page 10: Riskpro Iso 31000 Services

10

Risk Management Overview : ISO 31000 Outlook

•Without risk, there is no reward or progress. Unless risk is managed effectively, organizations

cannot maximize opportunities and minimize threats.

• Applicable and Adaptable with emphasizes on tailoring the principles and guidelines to the

specific needs and structure of the organization.

• Commitment of senior top management with the overarching component of the framework is

the mandate and commitment of the organization’s board and top management to the

implementation, review and continual improvement of how risk is managed. Ultimately to

ensure risk is fully focused on the achievement of objectives.

• Organizations with a commitment to managing risk know that implementing standards can

enable them to do so more effectively and therefore maximize opportunities and minimize

losses in the course of achieving corporate objectives.

• Risk is “effect of uncertainty on objectives” – positive and negative consequences, safety,

compliance, strategy.

• Risk management process a systematic application of management policies, procedures and

practices to the tasks of communication, consultation, establishing the context, identifying,

analyzing, evaluating, treating, monitoring and reviewing risk.

Overview

Page 11: Riskpro Iso 31000 Services

11

How we Do ISO 31000 Concept & Organizational Alignment

• ISO (International Organization for Standardardization) 31000 standard sets out

principles, a framework and a process for the management of risk that are applicable to any

type of organization in public or private sector.

• Every organization is unique, yours might be a regulator, a deliverer of services, a policy

analysis shop, an enforcer of laws, a facilitator of industry and commerce, support for

education or literacy or rights, etc.

• So implementation of risk management in every organization is different but instantaneously

recognized as 31000 risk management framework, process, terminology, and other best

practices.

• So your organization’s risk management could be reviewed and evaluated by any other risk

management literate person from any organization to mutual advantage.

Page 12: Riskpro Iso 31000 Services

12

How we Do Key Principles- Clauses

Clause – 3

o Create value

o An integral part of organizational processes

o Part of decision making

o Explicitly address uncertainty

o Be systematic and structured

o Be based on the best available information

o Be tailored

o Take into account human factors

o Be transparent and inclusive

o Be dynamic, iterative and responsive to change

o Be capable of continual improvement and enhancement

Page 13: Riskpro Iso 31000 Services

13

How we Do

Clause – 4 (Mandate & Commitment)

4.3 Design of framework

o Understanding the organization and its context

o Risk management policy

o Integration into organizational processes

o Accountability

o Resources

o Establishing internal communication and reporting mechanisms

o Establishing external communication and reporting mechanisms

4.4 Implementing risk management 4.4.1 Implementing the framework

4.4.2 Implementing the risk management process

4.5 Monitoring and review of the framework

4.6 Continual improvement of the framework

Key Principles- Clauses

Page 14: Riskpro Iso 31000 Services

14

How we Do Key Principles- Clauses

Clause – 5 (Risk Management Process)

o Should be an integral part of management

o Be embedded in culture and practices and

o Tailored to the business processes of the organization.

o Communication and consultation

o Establishing the context

o Risk assessment

o Risk treatment

o Monitoring and review.

Page 15: Riskpro Iso 31000 Services

15

How we Do Risk Components and Framework…1/3

Page 16: Riskpro Iso 31000 Services

16

How we Do

Risk Components and Framework…2/3

• Setting of performance based standards that link risk management to change management

and decision making.

• Focus on risks that change and why.

• Integration of risk management with strategic and performance management.

• Risk management plans for organization/divisions & departments.

• Implementation of a training strategy to build skills and knowledge.

• Appointing embedded practitioner’s.

• Allocation of risks , controls, and action based owner’s.

• Clear focus on control assurance as a line management role.

• Learning through the application of RCA (root cause analysis) for wins/losses.

• Risk governance, treatment and reporting on RM maturity within BU’s.

Page 17: Riskpro Iso 31000 Services

17

How we Do Risk Management Process…3/3

Risk assessment (5.4 )

Communication

and

Consultation

(5.2)

Monitoring

and

Review

(5.6)

Establishing the context (5.3)

Risk analysis (5.4.3)

Risk evaluation (5.4.4)

Risk treatment (5.5)

Risk identification (5.4.2)

Page 18: Riskpro Iso 31000 Services

18

How we Do Relationship- Principles, Framework and Process

Mandate and

commitment

Framework

design for

managing risk

Framework

monitoring

and review

Risk

management

implementation

Continual

framework

improvement Process

Principles

Page 19: Riskpro Iso 31000 Services

19

How we Do Components- Principles, Framework and Process

Principles for Managing Risk

• Risk management creates value

• RM is an integral part of organisational processes

• RM is part of decision making

• RM explicitly addresses uncertainty

• RM is systematic, structured and timely

• RM is tailored/aligned to internal and external context

• RM is dynamic, iterative, responsive to change

• RM is capable of continual improvement

Framework for Managing Risk

• Embedding of RM throughout the organisation

• Should ensure effective reporting and use for decision making

• Drive policy and define performance

• Ensure alignment with strategy and objectives

• Assign accountabilities; ensure resources

• Communicate benefits to stakeholders

• Understanding the organisation and its context

• Risk management policy

• Integration into organisational processes (embedding)

• Accountability (for process as well as risks)

• Resources (people, skills, information, documentation)

• Establishing internal communication and reporting

• Establishing external communication and reporting:

Process for Managing Risk

• Identify and acknowledge stakeholder perceptions –internal and external

• Establish basis for decision making

• Optimise use of expertise

• Ensure effective change management

• Defining parameters – external and internal

• Alignment with objectives

• Alignment with stakeholder expectations

• Developing risk criteria

• Risk identification, Analysis, Evaluation

• Selection of risk treatment options

• Preparing and implementing risk treatment plans

• Recording the risk management process

• Monitoring and Review

Page 20: Riskpro Iso 31000 Services

20

How we Do Risk Implementation Approach…

1. Achieve an unequivocal Executive and Board mandate with a full appreciation of the changes required at all levels of the

organization.

2. Undertake a gap analysis and maturity evaluation.

3. Develop a carefully tailored framework, based on ISO 31000 risk management framework, principles, and process as

well as the organization's context and structure necessary for ERM to be implemented and sustained.

4. Workshop and develop a strategic risk management plan to implement the framework utilizing practical tools and best

practice methods.

5. Develop and gain senior management agreement on a set of performance base standards to codify the framework and its

implementation plan.

6. Create a tailored risk management information system, that enforces accountability for risks, controls and tasks, supports

control assurance and enables risk management performance management and reporting.

7. Cause Champions to be appointed within the organization and trained to create the confidence, skills and local management

support needed for roll-out.

8. Help Champions engage local management and implement the framework and risk management plan, generating risk

registers, etc.

9. Establish a process and structure for RM performance management and reporting, including committees and review groups,

and performance measures.

10. Periodically, review, benchmark, and revise the framework.

Page 21: Riskpro Iso 31000 Services

21

How we Do Risk Integration – Strategic ERM

Risk Management Framework and Process

Lessons learn’t

from last year

Establish the

context

Draft Plan

Strategic

Objective

Risk assessment to

stress test plan

RM Plan

Strategic Plan

Risk

treatment

plan

Perf

orm

ance M

anagem

ent

(KP

I)

Change M

anagem

ent

& O

pport

unitie

s

Page 22: Riskpro Iso 31000 Services

22

How we Do ISO 31000 Standards FAQ’s- We Answer for you !

Practical Challenges

How to create value

How to integrate

How to allocate

ownership to

management

How to ensure

assessment is current

and risk treatment is

appropriate

How to spot emerging

and changing risks

What is your

organizational Risk

Appetite

How to use your critical

success factors with

related measures of

success

What is CEN/ IEC

Guide 73 guideline

relevance to ISO 31000

& more… ?

Page 23: Riskpro Iso 31000 Services

23

Riskpro Clients

Our Clients

*Any trademarks or logos used throughout this presentation are the property of their

respective owners

Page 24: Riskpro Iso 31000 Services

24

Team Experiences Our Experiences

*Any trademarks or logos used throughout this presentation are the property of

their respective owners

Our team members have worked at world class Companies

Page 25: Riskpro Iso 31000 Services

25

RESUMES – Our Team

Co-Founder - Riskpro

CA, CPA, MBA-Finance (USA), FRM (GARP)

Over 10 years international experience – 6 years in Bahrain and 4 years USA

15 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design

Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)

Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)

Manoj Jain

Co- Founder - Riskpro

CA (India), MBA (Netherlands), CIA (USA)

Over 15 years of extensive internal and external audit experience in India and abroad.

Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.

Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc.

Rahul B

han

Credentials

Page 26: Riskpro Iso 31000 Services

26

RESUMES - Our team

Co-Founder - Riskpro

PGD (Electrical & Electronics & Computer Programming)

30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.

Has created Companies, Divisions, Products, Brands, Teams & Markets.

Consulting in Business, Technology, Marketing & Sales & Strategic Planning.

Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard

Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,

Casper A

bra

ham

Credentials

Vice President – Risk Management

MBA, PDFM, NSE-NCFM, PMP, CSSGB,Trained ISO 9001:2000 I.A,GARP-FBR, ITIL

Professional with 17 years of rich experience into diverse Consumer finance/ Lending operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting & Housing finance in BFSI industry having successfully led key business strategic engagements across multi-product environment in APAC, Australia and US regions.

Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank

Highly skilled and expert Trainer in Risk areas across Fraud, Credit, Operational, Corporate Risk management, GRC.

Specializes in Fraud Control, Compliance QA ,ERM and Regulatory governance.

Hem

ant S

eig

ell

Page 27: Riskpro Iso 31000 Services

27

RESUMES - Our team

Head - Insurance Risk Advisory services

B.sc, Associate of Indian Institute of Insurance

Licensed Category A Insurance surveyor

26 years of experience in Insurance advisory services, Loss adjusting for large corporates,Claims management.

Has assessed more than 4500 high value insurance claims across various industry sectors.

Risk management inspection

Valuations of fixed assets for insurance purpose.

R. G

upta

Credentials

Head - Human Capital Management

Chartered Accountant, Lead Assessor ISO 9000, Six Sigma Trained, Trained on Situational

Leadership, Trained on interviewing skills and Whole Message Model.

Over two decades of international, multi-cultural experience in finance and human resources viz. internal audit, accounting operations, accounting process review & re-designing, risk management, business solutioning, six sigma projects, talent acquisition, talent retention, organization design/redesigning, compensation and appraisal processing, employee and customer satisfaction surveys, knowledge management and finance services.

Worked with Citicorp/MGF, India Glycol, Delphi, American Express India, American Express USA, Fidelity International and Macquarie Global Finance Services India.

Nile

sh B

hatia

Page 28: Riskpro Iso 31000 Services

28

Our team

Co-founder- Riskpro

B.Com, FCA

Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra and Mehrotra

Over 19 years of experience in the field of Audit, Taxation, Company law matters.

Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of India etc.

Raje

sh J

hala

ni

Credentials

Specialist Risk Consultant – ERP & IT Compliance

SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access Controls trained (from SAP India)

Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong, etc

Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings,

Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG, Pharmaceutical, Retail, Telecommunication to IT Services

Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services

Goura

v L

adha

Page 29: Riskpro Iso 31000 Services

29

Key Contacts and Locations (India)

Corporate Mumbai Delhi Bangalore

Riskpro India

Ventures (P) Limited

[email protected]

www.riskpro.in

C 561, Defence Colony

New Delhi 110024

Manoj Jain Director

M- 98337 67114

[email protected]

Shriram Gokte Principal - Information Risk

M- 98209 94063

[email protected]

Rahul Bhan Director

M- 99680 05042

[email protected]

Hemant Seigell VP – Risk Management

M- 99536 97905

[email protected]

Casper Abraham Director

M- 98450 61870

[email protected]

Ahmedabad Pune Agra Gurgaon

Maulik Manakiwala Associate Firm

M - 91 98256 40046

Gourav Ladha Sap Risk Advisory

M- 97129 52955

M.L. Jain Principal – Strategy Risk

M- 98220 11987

[email protected]

Alok Kumar Agarwal Associate Firm

M- 99971 65253

Nilesh Bhatia Head – Human Capital

M- 98182 93434

[email protected]

Salem Ghaziabad

Chandrasekaran Recruitment Franchisee

M - 91 9443 599132

R Gupta Head – Insurance Risk

M- 98101 07387

Copyright- © 2012 RiskPro ,India .All rights reserved.