Professional Documents
Culture Documents
Riskpro India
Risk Management Advisory and Consulting
2021
2
3
You need to find a balance between RISK and REWARD
and Connect
4
Our Service Verticals
Risk Advisory
IT Advisory
Technology
Trainings
Recruitment 5
Risk Based Internal Legal Compliance Enterprise Risk
Audit Audit Management
▪ Riskpro provides flexible internal audit ▪ Regulations and legal / compliance ▪ Riskpro has strong domain expertise
services on out-sourced basis or as an burden is affecting organizations of when it comes to Enterprise Risk
integral part of your organization or all sizes and across industry sectors. Management ranging from Financial
both. Services to specialized
▪ Riskpro, along with its member firm, manufacturing businesses.
▪ Our services are top class and provided has developed an effective and
by knowledgeable professionals with comprehensive Legal and ▪ We have unique ERM
deep industry expertise. Compliance Audit (LCA) procedure Methodologies and develop ERM
which ensures that your organization Frameworks using COSO ERM and
▪ Riskpro has a team of experienced is periodically reviewed for non- ISO 31000 helping with Risk
internal auditors in major cities across compliance and process gaps. Assessments and building key risk
India. metrics ensuring a successful
project.
6
Internal Financial Operational Risk Financial Risk
Controls (IFC) Management Management
▪ Internal Controls are the backbone of ▪ Riskpro can review risk management ▪ Riskpro can help clients on matters
any organization. structures & infrastructure relating to Basel II framework using
basic, standard and advanced
▪ We develop operational risk policies,
▪ Riskpro helps to develop a framework frameworks, terms of reference and
approaches for Market, Credit and
for assessing and reporting on the Operational risk.
implementation project plans.
operating effectiveness of the internal
▪ We can assess the Pillar II (ICAAP) gaps
controls, Gap Analysis and adequacy of ▪ Development of Risk Control Self
and help identify vendors and
internal control documentation. Assessment (RCSA) methodology and
professionals who can assist.
Risk Register
▪ We help with all your SOP and ▪ Review and enhancement of Loss and ▪ We can help with Market Risk
flowcharts in place and a mechanism to Event Reporting framework Framework, Policies and procedures,
test these controls. Current State Assessment, Gap Analysis
▪ Comparison done against best practices and can support requirements of Risk
of risk modelling, strategic objectives Measures Modeling, Metrics, Model
and regulations. Validation, Stress Testing etc
7
Loan File Hind Sighting Branch Audits Fraud and Forensic
▪ Loan File Hind Sighting requires a ▪ Riskpro has done PAN India checklist- ▪ Riskpro helps companies to perform a
detailed verification of and reporting on based audits for the depots, branches of gap analysis and undertake a
loan files of various products as per the NBFC, Insurance companies etc. through comprehensive fraud risk assessment.
laid down policies. our associate firm.
▪ Our forensic accountants delve deep
▪ Riskpro develops a detailed product ▪ We design a standard checklist which into the facts to provide an
wise hind sighting checklist and reflects regulatory, conduct issues and independent, thorough, and insightful
identifies the criticality and the owner of operational compliances. report of the situation and help with
the check point by performing monthly
audit of files disbursed to ensure ▪ We ensure: fraud investigation and unearth
• Compliance to the checklist defined important aspects of the fraud.
compliance with policies and reports on
deviations and action plan. and the laid down policies and
procedures. ▪ Other Fraud related services include
• Report the process gaps, operating Fraud Detection, Anti-Fraud Measures
inefficiencies, non compliances with and Background checks
applicable laws, handling of conduct
issues etc. and issue final report
with recommendations.
8
Reputation Risk Integrity and Ethics Insider Trading
▪ Although reputation risk assessment is ▪ Riskpro has expertise in developing a ▪ Riskpro has introduced a unique offering
typically important for valuable brands comprehensive Anti-Bribery & for compliance audit which will include:
and large entities, managing reputation Corruption (ABC) compliance program • 3-5 days of review/ Health Check or
is equally important for small and mid that would ringfence your organization evaluation of the adequacy of
sized organisation from the risk of corruption, fraud and internal controls.
other ethical misconduct. • Review of policies and procedures to
▪ Riskpro has a good understanding of determine compliance with the
how to effectively implement a ▪ Our program implementation takes framework.
reputation risk management framework minimal time as well cost effective. It • Compliance Report - Third party
encompasses broadly four elements - compliance Report on the findings.
▪ We can help companies in the survival
Risk assessment & governance; ▪ We assist clients in developing internal
game. Our risk event database relating
Investigations & enforcement; Training policies for complying with the
to reputation risk can help companies
& Communications and Monitoring & regulations as mandated by the SEBI
to build components to identify, assess
Auditing (Prohibition Of Insider Trading)
and manage reputation risk
Amendment Regulation 2018.
9
Standard Operating
Procedures (SOP)
10
Our Service Verticals
Risk Advisory
IT Advisory
Technology
Trainings
Recruitment 12
Personal Data
SSAE 18 (SOC Audits) GDPR
Protection (PDP)
▪ Organizations continue to outsource ▪ GDPR is a sweeping change. Effective ▪ Riskpro has a strong team of
parts of their business to realize potential May 2018, if you are not ready, you will experienced and certified data privacy
cost benefits, to alleviate the need for not be able to do business, if you hold and data protection professionals who
hiring or retaining internal specialists Personal data of any EU citizen and are have thorough industry and technical
and/or to create more flexibility to not GDPR compliant. knowledge and can assist you with:
realize their business strategy. • Highlighting gaps in your framework/
▪ This may be as simple as an email in a policies/ processes and suggest an
▪ Assurance reports play an important role marketing email list. You will not be able effective mitigation plan.
as a management control. In the USA, the to send marketing mailers unless there is • Define/review procedures to ensure
new SSAE 18 standard was introduced in explicit consent or a lawful purpose/ updates in the bill are identified
2016 and implemented in 2017. legitimate business purpose. timely.
• Ensure the controls/ framework
▪ Riskpro has done more than 100+ SSAE ▪ If you are recruiters, you will not be able defined are adequate and in
engagements and we have an inhouse to forward the CVs, download and save accordance with PDP Bill
CPA to perform these attestations. candidate data without their consent. requirements.
• Define and/or implement a bill
compliant data protection governance
framework.
13
Cyber Security
ISO 27001 SOX Compliance
Advisory
▪ ISO 27001 specifies a management ▪ A company should adopt leading ▪ In 2002, the United States Congress
system that is intended to bring framework to evaluate their passed the Sarbanes-Oxley Act (SOX) to
information security under management preparedness against cyber risks. protect shareholders and the general
control and gives specific requirements. public from accounting errors and
▪ Riskpro helps companies to develop a fraudulent practices in enterprises, and
▪ Riskpro helps to review current practices board approved Cyber Security Policy to improve the accuracy of corporate
against ISO 27001 requirements and and Cyber Crisis Management Policy. disclosures.
establish frameworks to address
▪ We can develop Key Risk Indicators to ▪ An Audit of Internal Control over
Information Security.
track risks and preparedness. Financial Reporting performed in
▪ We carry out a self assessment review of conjunction with an audit of financial
your ISMS implementation against the ▪ We conduct Periodic cyber risk audits.
statements.
requirement and issue a review /
▪ We also provide cyber security services
certification report. ▪ All public companies now must comply
for Urban Cooperative Banks and for
with SOX, both on the financial side and
other BFSI sectors.
on the IT side.
14
End User Computing Business Continuity/
CMMC
(EUC) Disaster Recovery
▪ Riskpro develops EUC/ IPE Framework ▪ Riskpro helps with, ▪ Cyber Security Maturity Model
and Gap Assessment against best Certification (CMMC) Framework is the
practices relating to EUC/IPE using • project initiation and latest development in IT Security in USA.
Control policy. management.
▪ It provides assurance to the DoD that a
▪ We help with EUC Risk Assessment by • risk evaluation & control. DIB contractor can adequately protect
testing of majors EUCs and preparing CUI. Mandatory for any organization/
▪ We develop continuity strategies and
audit report with results and company who wants to do business with
help in the disaster stages & process
recommendations. DoD.
management by developing and
▪ We develop critical risk reporting implementing The Business Continuity ▪ Riskpro assist companies with expertise
templates for various committees and Plan. and guidance in achieving CMMC.
senior management. Riskpro can support an organization
through implementation to certification
and continuous work with security.
15
IT General Controls
HIPAA Compliance Data Analytics
(ITGC)
▪ Companies that deal with protected ▪ Data analytics refers to qualitative and ▪ Riskpro assists organizations in
health information (PHI) must have quantitative techniques and processes designing ITGC frameworks and provides
physical, network, and process security used to enhance productivity and operating effectiveness assurance
measures in place and follow them to business gain. through ITGC audits.
ensure HIPAA Compliance.
▪ We have dedicated IT audit
▪ We perform gap assessment and give a ▪ Riskpro offers comprehensive data professionals having experience working
gap report against HIPAA compliance. analytics services to convert historical with a wide variety of industries of all
and real-time, traditional and big data sizes to mitigate ITGC risks within your IT
▪ We help with documentation, fixing into actionable insights for you to take environment.
documentation related gaps. timely corrective actions if necessary.
▪ Our ITGC services are tailored to the
▪ We help with security consulting and ▪ We proactively identify the indicators of organizations risk appetite and
implementation support and provide frauds and trigger automatic resolution. compliance requirements.
HIPAA Compliance Report.
16
21 CFR Part 11 NIST Compliance Microsoft SSPA
▪ Riskpro helps with the 21 CFR Part 11 ▪ NIST guidance provides the set of ▪ The Supplier Security and Privacy
requirements for Electronic records and standards for recommended security Assurance (SSPA) is an assessment for
Electronic signatures to the companies controls for information systems at Microsoft suppliers/vendors who
related to Life science community and federal agencies. The NIST guidelines process their data on their behalf.
other FDA regulated industries to ensure and recommendations will help federal
adequate maintaining of document ▪ Riskpro provides assistance in consulting
agencies ensure compliance with other
security and authenticity. as well as responding to the DPR
regulations, such as HIPAA, FISMA, or
questionnaire.
SOX.
▪ We can help with the 21 CFR ▪ Riskpro has an inhouse CPA that
compliances like GAP assessment, performs DPR audits incase you are in
▪ We can help with the Gap Assessment
Computer System Validation (CSV), high risk profile and independent audits
against NIST / FISMA Framework,
Auditing services, Healthcare and Life are required.
Consulting/ implementation support
Science Offerings like HIPAA, ISO 27001,
and Report / Compliance Letter issued
SOC etc, Recruitment, Training &
by Riskpro.
awareness.
17
Our Service Verticals
Risk Advisory
IT Advisory
Technology
Trainings
Recruitment 18
Legal Compliance
Internal Audit Software Risk Management Software
Software
▪ Riskpro has partnered with ▪ Riskpro has partnered with technology ▪ Legal compliance can no longer be
technology companies to provide companies to provide various software managed manually in excel and on
various software to clients. to clients. email.
▪ Risk Management software provides ▪ The software comes populated with
▪ Audit Software provides the
following features: latest compliance library which is
following modules as part of the
• Workflow based system to actively updated on a real time basis.
standard offerings:
manage and link all Risks, Incidents,
• Audit planning Controls, Actions, and KRIs with ▪ The software is user friendly – web
• Work paper quick visibility of any status change based and fully secured which is
• Observations creation to remove information latency. accessible from anywhere.
• Follow up • Extremely intuitive & flexible system
• Automated Audit Reporting. ▪ Product can be implemented in 1-5 days
with pixel perfect reports that can
(Average time)
be tailored to exact specifications.
• It provides evidence and reports to ▪ Lowest price in India for similar
satisfy Regulators that controls are technology
in place and are monitored.
19
Third Party risk
Document o Contract Management
Management (TPRM)
Management Software Software Software
▪ Document Management software can ▪ Riskpro has a centralised automated ▪ A Contracts and Obligations
manage any number of versions for a solution offering management of all Management System would assist you in
given compliance document / working third party vendors under one roof with end to end management of your
file and supports 47 document types. features like: contracts and obligations.
• A collaborative, secure environment ▪ Riskpro helps you with,
▪ Our software ensures review by the for customers/vendors to share • centralized, accurate and quick view
Superior before any approval. information and a well defined of your contracts and obligations.
access control for key risk
management stakeholders. • Customize your contract type and
▪ Our software is tamper proof as it does metadata.
not allow any deletion or modification • Prioritizes vendors according to the
organizational importance. • Role based access to multiple users.
of any uploaded document.
• Tracks and monitors ongoing vendor • Efficient management of your
risks. contract repository.
• Provide complete reporting and
• Alerts and notifications to
analysis of vendor risks and
proactively manage your obligations.
benchmarking against industry
standards. • Option to capture contract litigation.
20
Litigation Management Treasury Management
Software Software (TMS)
21
Our Service Verticals
Risk Advisory
IT Advisory
Technology
Trainings
Recruitment 22
Personal Data Protection
Risk Training ERM Training Awareness Training
▪ Riskpro is a leading Risk Management ▪ Riskpro regularly conducts trainings on ▪ PDP training helps your staff and
Training Company and has conducted ERM and Operational Risk across their need to be aware of the risks
20+ Open House programs across various cities as two days training. involved in processing personal data and
major metros and 25+ in house how to mitigate those risks.
trainings to major Corporates, BFSI ▪ The course provides participants the
Cos. understanding of risk management ▪ We provide Online or in-person
concepts and provides them with trainings on regulatory requirements of
▪ We have a variety of training programs practical tools and methods required the PDP Bill.
across Info Security, Credit, Basel, ERM, for implementation framework.
Governance, BCM etc. ▪ We highlight the importance of their
▪ ERM Trainings are also offered as in duty while handling personal/ sensitive
▪ Riskpro is a Corporate Entity with House Trainings for Companies. data.
expert Trainers and our programs are
cost effective compared to most
companies.
23
Fraud Risk Training ISO 31000 Training Cyber Security Training
▪ Riskpro has conducted both open and ▪ Riskpro regularly conducts trainings on ▪ Riskpro provides training on awareness
inhouse programs for major PSU, ISO 31000 across various cities as two on Cyber security risk trends, types or
Corporates and BFSI clients. days training. controls and make them aware of their
responsibilities in relation to fraud
▪ We conduct one to three days program ▪ The course provides participants the prevention.
for Fraud Risk Training. understanding of risk management ▪ We provide training on Vendor
concepts and provides them with Awareness Programs on information
▪ We provide in-depth understanding of practical tools and methods required for security.
fraud schemes, fraud prevention implementation framework.
measures, etc. ▪ We provide quarterly Information
▪ This is an instructor led course designed security risk assessments and Annual IS
to provide a practical understanding of Audits are conducted by experienced
risk management. professionals.
24
Anti bribery/ Corruption Operational/ Credit
Training
AML Training
Risk Training
▪ Riskpro provides one-hour FCPA / Anti ▪ We have the most successful programs ▪ Riskpro conducts one to three days
Bribery training for Leadership. across Chennai, Mumbai, Bangalore and program on Operational Risk.
Pune. ▪ We conduct foundational training which
▪ We help with FCPA Overview and
Compliance Requirements like the law’s ▪ We conduct two Days program on AML, can be designed and rolled out across
key Anti-Bribery and Accounting KYC, Terrorist Financing, Trade Based ML the Company.
Provisions, how to avoid FCPA risk and and Customer profile covering the ▪ We have four effective programs for
reputational harm etc. following aspects: Credit Risk:
• Introduction and emerging trends • Credit management for Credit
▪ We provide training regarding ISO 37001 in AML. Risk Analysts
– Anti Bribery Management Systems-
• Customer profiling and high risk • Credit management workshop for
Important Framework elements.
customers. Relationship Managers
▪ We help with the Assessment and • Senior Management course on
• Designing an effective AML
Certification. Credit Strategy
framework.
• Risk Management program for
• Suspicious transactions and Branch Managers.
detection.
25
Our Service Verticals
Risk Advisory
IT Advisory
Technology
Trainings
Recruitment 27
Independent Director Full/ Part Time Risk Internal
Virtual Risk Manager Audit Professionals
for Corporates
▪ We link Right People as professional ▪ Riskpro provides Virtual Risk Managers • Riskpro is constantly building its
decision mentors for your organization. (VRM) who would be on our payroll but network of Risk Professionals across
are fully dedicated to you for the time India whose experience starts from 2
▪ We provide Qualified Industry period like hourly, per week etc. that years to 20 years.
professionals with systematic you have hired them for.
assessment of needs, comparing the • Being Risk Professionals ourselves, we
company’s strategic plan with an up-to- ▪ Our VRMs can be contacted any time for are able to match your requirements
date profile of the skills and experience anything that you need to be done and and candidate experience better.
of the current board. small conversations with our VRM are
• The Project employees pool will be
always free. available as per your needs and the
▪ We understand the specific needs of employees on site can start/stop
projects as per your master project plan.
the board and an insight into the unique
nature of a company.
28
Corporate / MNCs
Riskpro Clients
*Any trademarks or logos used throughout this presentation are the property of their respective owners 29
Corporate / MNCs
Riskpro Clients
*Any trademarks or logos used throughout this presentation are the property of their respective owners 30
Banking / Insurance
Riskpro Clients
“Helped banks to
implement Basel II
covering credit risk,
market risk,
Operational Risk, cyber
security and many
more”
*Any trademarks or logos used throughout this presentation are the property of their respective owners 32
NBFC
Riskpro Clients
“Helped banks to
implement Basel II
covering credit risk,
market risk,
Operational Risk, cyber
security and many
more”
*Any trademarks or logos used throughout this presentation are the property of their respective owners 33
Banking - International
Riskpro Clients
*Any trademarks or logos used throughout this presentation are the property of their respective owners 34
IT Companies / SSAE Clients
Riskpro Clients
“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”
*Any trademarks or logos used throughout this presentation are the property of their respective owners
35
IT Companies / SSAE Clients
Riskpro Clients
“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”
*Any trademarks or logos used throughout this presentation are the property of their respective owners
36
IT Companies / SSAE Clients
Riskpro Clients
“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”
37
*Any trademarks or logos used throughout this presentation are the property of their respective owners
GDPR Clients
Riskpro Clients
“Served Market
Research, Analytics,
SaaS platform
companies and more
with compliance to
GDPR”
41
*Any trademarks or logos used throughout this presentation are the property of their respective owners
GDPR Clients
Riskpro Clients
“Served Market
Research, Analytics,
SaaS platform
companies and more
with compliance to
GDPR”
42
*Any trademarks or logos used throughout this presentation are the property of their respective owners
Software & Training
Riskpro Clients
43
*Any trademarks or logos used throughout this presentation are the property of their respective owners
New decisions bring new risks and to manage them
better, connect with one of our team members!
46
Manoj Jain Casper Abraham Laxmikant Gupta Rita Shewakramani
49
Niveditha Hampiholi Rekha Daga Ashish Kumar Swati Phadke
VP – IT Risk Advisory
AVP - Risk and AVP Risk Advisory AVP – Risk Advisory
Compliance ▪ A Science Graduate from Mumbai
University and a DSCI Certified
▪ Certified Internal Auditor, Certified • B Com (Hons) & C.A- Intermediate
Privacy Professional (DCPP).
▪ MBA (Finance) Fraud Examiner Levels (ICAI). He has 17 years of
▪ Rekha has over 12 years of experience which includes- ▪ She has around 18 years of
experience in advisory engagements Operational Risk, Sarbanes Oxley experience in the domains of Data
▪ She has over 14 years experience in
with global clients in areas of Compliance, Internal Audits & BPO Protection, Demand Generation, &
Risk Management and Internal
Internal Audit, SOX compliance, Operations. He has worked with E-commerce. She has post
Audits (mainly in Banking and
Quality Assurance. She has worked American Express, EXL Services, qualification experience into Data
Financial Sector).
extensively on Financial and Barclays Shared Services HCL Protection Implementation &
operational control evaluation, Technologies, KPMG (Melbourne) & Audits, Data Protection Impact
▪ She also has specialization in
Process mapping, documentation, Grant Thornton Assessment, Operations/Process
operational risk, Sarbanes Oxley and
testing & reporting. She has • He has experience in functions such Reviews, Data Protection Training
Internal Controls.
provided trainings on SOX, IA as- SOX Advisory; Internal Audit and & Awareness.
▪ She has prior experience with methodology, etc ERM; Data Analytics & Business ▪ She has handled multiple roles
Northern Trust, Ocwen Financial ▪ She has prior experience with Process Improvement & and BPO over the years at organizations
Services & ADC Telecommunications MetLife Global IA team, EY Risk operations of Accounts Payable like Arrka Consulting, Ugam
Inc. Advisory & EXL Consulting. process Solutions, Sterlite Foundation, and
Datamatics.
50
Key Contacts
Corporate Mumbai Mumbai Pune
Riskpro India Ventures (P) Limited Manoj Jain Laxmikant Gupta Vivek Dixit
Director Principal EVP- Risk and Governance
info@riskpro.in M- 98337 67114 M- 98330 00436 880 667 3322
www.riskpro.in manoj.jain@riskpro.in laxmikant.gupta@riskpro.in vivek.dixit@riskpro.in
54
Connect with Risk Professionals
www.riskpro.in
info@riskpro.in 55