Post on 14-Jun-2015
description
1
Risk Consulting & Advisory Services
ISO 31000:2009 Risk Management Standards
RiskPro India Ventures (P) Limited New Delhi, Mumbai, Bangalore
2
Who is Riskpro… Why us?
ABOUT US
Riskpro is an organisation of member firms around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.
Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.
Managed by experienced professionals with experiences spanning various industries.
MISSION
Provide integrated risk management
consulting services to mid-large sized corporate /financial institutions in India
Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.
VALUE PROPOSITION
You get quality advisory, normally delivered by large consulting firms, at fee levels charged by independent & small firms
High quality deliverables
Multi-skilled & multi-disciplined organisation.
Timely completion of any task
Affordable alternative to large firms
DIFFERENTIATORS
Risk Management is our main focus
Over 200 years of cumulative experience
Hybrid Delivery model
Ability to take on large and complex projects due to delivery capabilities
We Hold hands, not shake hands.
3
Risk Management Advisory Services
Training Recruitment
Basel II/III Advisory Market Risk
Credit Risk
Operational Risk
ICAAP
Corporate Risks Enterprise Risk Assessment
Fraud Risk
Risk based Internal Audit
Operations Risk
Forensic services
Information Security IS Audit
Information Security
IT Assurance
IT Governance
Operational Risk Process reviews
Policy/ Process Review
Process Improvement
Compliance Risk
Insurance Risk
Governance Corporate Governance
Business Strategic risk
Fraud Risk
Forensic Accounting
Other Risks Business/Strategic Risk
Reputation Risk
Outsourcing Risk
Contractual Risk
Banking – E Learning
Corporate Training
Regular Risk Management Training
Online Training material
Workshops / Events
ISO Standards
Virtual Risk Managers
Full Time Risk Professionals
Part time Risk Professionals
Risk Managers on call – free
S E
R V
I C
E S
4
ISO 31000:Future standard on Risk Management
Tackling hazards
Every organization has objectives to
achieve, and in order to achieve them,
any uncertainty that could interfere with
their realization must be effectively
managed.
ISO 31000 is clearly different from
existing guidelines in that the emphasis is
shifted from something happening – the
event – to the effect on objectives.
It sets out principles, a framework, and a
process for the management of all forms
of risk, including safety and environment,
in all organizations, regardless of size.
Key principles which includes-
Communication and Consultation,
Establishing the context, Risk
assessment steps- Identification,
Analysis, Evaluation.
Risk treatment, Monitoring and review.
5
ISO 31000: 2009 Risk Management Standards Insight…
5
RISK MANAGEMENT
INTERNATIONAL STANDARD
ISO 31000:2009
ISO Guide 73
Risk Management -
Vocabulary
IEC 31010
Risk Management Risk
Assessment Techniques
ISO 31000
Risk Management –
Principles and guidelines
Standard
Vocabulary
Principles/Guidelines
Assessment
6
Evolution of ISO 31000 Journey…
1995
AS/NZS 4360
AS/NZS 4360 AS/NZS 4360
Standards
Australia/New
Zealand
Standards
Australia/New
Zealand
Review 2
Standards
Australia/New
Zealand
Review 1
1999 2004 2002
ISO/IEC
Guide 73
Risk
Management
Vocabulary
Guideline
2004 +
Standards
Version-
Japan
2001
Guidelines
review on Standards
and released for
implementation
7
Understand ISO 31000...Future of Risk !
Historical glance - When the Standards Australia/Standards New Zealand Joint
Technical Committee developed AS/NZS 4360 – Risk Management, which was
first published in November 1995, revised in 1999 and most recently revised in
2004. Standards organizations in Canada (1997) and Japan (2001) followed
with their own versions and then in 2002, ISO and the International Electro
technical Commission (IEC) published ISO/ IEC Guide 73, Risk management –
Vocabulary – Guidelines for use in standards.
Every organization has objectives to achieve, and in order to achieve them,
any uncertainty that could interfere with their realization must be effectively
managed.
ISO 31000 is clearly different from existing guidelines in that the emphasis is
shifted from something happening – the event – to the effect on objectives.
It sets out principles, a framework, and a process for the management of all
forms of risk, including safety and environment, in all organizations, regardless
of size.
Key principles which includes- Communication and Consultation, Establishing
the context, Risk assessment steps- Identification, Analysis, and evaluation
Risk treatment, Monitoring and review.
8
ISO 31000 Elements Overview… Key Elements
9 *This presentation and its contents in part or whole should not be copied or distributed to anyone.
ISO 31000 Elements Demystified
10
Risk Management Overview : ISO 31000 Outlook
•Without risk, there is no reward or progress. Unless risk is managed effectively, organizations
cannot maximize opportunities and minimize threats.
• Applicable and Adaptable with emphasizes on tailoring the principles and guidelines to the
specific needs and structure of the organization.
• Commitment of senior top management with the overarching component of the framework is
the mandate and commitment of the organization’s board and top management to the
implementation, review and continual improvement of how risk is managed. Ultimately to
ensure risk is fully focused on the achievement of objectives.
• Organizations with a commitment to managing risk know that implementing standards can
enable them to do so more effectively and therefore maximize opportunities and minimize
losses in the course of achieving corporate objectives.
• Risk is “effect of uncertainty on objectives” – positive and negative consequences, safety,
compliance, strategy.
• Risk management process a systematic application of management policies, procedures and
practices to the tasks of communication, consultation, establishing the context, identifying,
analyzing, evaluating, treating, monitoring and reviewing risk.
Overview
11
How we Do ISO 31000 Concept & Organizational Alignment
• ISO (International Organization for Standardardization) 31000 standard sets out
principles, a framework and a process for the management of risk that are applicable to any
type of organization in public or private sector.
• Every organization is unique, yours might be a regulator, a deliverer of services, a policy
analysis shop, an enforcer of laws, a facilitator of industry and commerce, support for
education or literacy or rights, etc.
• So implementation of risk management in every organization is different but instantaneously
recognized as 31000 risk management framework, process, terminology, and other best
practices.
• So your organization’s risk management could be reviewed and evaluated by any other risk
management literate person from any organization to mutual advantage.
12
How we Do Key Principles- Clauses
Clause – 3
o Create value
o An integral part of organizational processes
o Part of decision making
o Explicitly address uncertainty
o Be systematic and structured
o Be based on the best available information
o Be tailored
o Take into account human factors
o Be transparent and inclusive
o Be dynamic, iterative and responsive to change
o Be capable of continual improvement and enhancement
13
How we Do
Clause – 4 (Mandate & Commitment)
4.3 Design of framework
o Understanding the organization and its context
o Risk management policy
o Integration into organizational processes
o Accountability
o Resources
o Establishing internal communication and reporting mechanisms
o Establishing external communication and reporting mechanisms
4.4 Implementing risk management 4.4.1 Implementing the framework
4.4.2 Implementing the risk management process
4.5 Monitoring and review of the framework
4.6 Continual improvement of the framework
Key Principles- Clauses
14
How we Do Key Principles- Clauses
Clause – 5 (Risk Management Process)
o Should be an integral part of management
o Be embedded in culture and practices and
o Tailored to the business processes of the organization.
o Communication and consultation
o Establishing the context
o Risk assessment
o Risk treatment
o Monitoring and review.
15
How we Do Risk Components and Framework…1/3
16
How we Do
Risk Components and Framework…2/3
• Setting of performance based standards that link risk management to change management
and decision making.
• Focus on risks that change and why.
• Integration of risk management with strategic and performance management.
• Risk management plans for organization/divisions & departments.
• Implementation of a training strategy to build skills and knowledge.
• Appointing embedded practitioner’s.
• Allocation of risks , controls, and action based owner’s.
• Clear focus on control assurance as a line management role.
• Learning through the application of RCA (root cause analysis) for wins/losses.
• Risk governance, treatment and reporting on RM maturity within BU’s.
17
How we Do Risk Management Process…3/3
Risk assessment (5.4 )
Communication
and
Consultation
(5.2)
Monitoring
and
Review
(5.6)
Establishing the context (5.3)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
Risk identification (5.4.2)
18
How we Do Relationship- Principles, Framework and Process
Mandate and
commitment
Framework
design for
managing risk
Framework
monitoring
and review
Risk
management
implementation
Continual
framework
improvement Process
Principles
19
How we Do Components- Principles, Framework and Process
Principles for Managing Risk
• Risk management creates value
• RM is an integral part of organisational processes
• RM is part of decision making
• RM explicitly addresses uncertainty
• RM is systematic, structured and timely
• RM is tailored/aligned to internal and external context
• RM is dynamic, iterative, responsive to change
• RM is capable of continual improvement
Framework for Managing Risk
• Embedding of RM throughout the organisation
• Should ensure effective reporting and use for decision making
• Drive policy and define performance
• Ensure alignment with strategy and objectives
• Assign accountabilities; ensure resources
• Communicate benefits to stakeholders
• Understanding the organisation and its context
• Risk management policy
• Integration into organisational processes (embedding)
• Accountability (for process as well as risks)
• Resources (people, skills, information, documentation)
• Establishing internal communication and reporting
• Establishing external communication and reporting:
Process for Managing Risk
• Identify and acknowledge stakeholder perceptions –internal and external
• Establish basis for decision making
• Optimise use of expertise
• Ensure effective change management
• Defining parameters – external and internal
• Alignment with objectives
• Alignment with stakeholder expectations
• Developing risk criteria
• Risk identification, Analysis, Evaluation
• Selection of risk treatment options
• Preparing and implementing risk treatment plans
• Recording the risk management process
• Monitoring and Review
20
How we Do Risk Implementation Approach…
1. Achieve an unequivocal Executive and Board mandate with a full appreciation of the changes required at all levels of the
organization.
2. Undertake a gap analysis and maturity evaluation.
3. Develop a carefully tailored framework, based on ISO 31000 risk management framework, principles, and process as
well as the organization's context and structure necessary for ERM to be implemented and sustained.
4. Workshop and develop a strategic risk management plan to implement the framework utilizing practical tools and best
practice methods.
5. Develop and gain senior management agreement on a set of performance base standards to codify the framework and its
implementation plan.
6. Create a tailored risk management information system, that enforces accountability for risks, controls and tasks, supports
control assurance and enables risk management performance management and reporting.
7. Cause Champions to be appointed within the organization and trained to create the confidence, skills and local management
support needed for roll-out.
8. Help Champions engage local management and implement the framework and risk management plan, generating risk
registers, etc.
9. Establish a process and structure for RM performance management and reporting, including committees and review groups,
and performance measures.
10. Periodically, review, benchmark, and revise the framework.
21
How we Do Risk Integration – Strategic ERM
Risk Management Framework and Process
Lessons learn’t
from last year
Establish the
context
Draft Plan
Strategic
Objective
Risk assessment to
stress test plan
RM Plan
Strategic Plan
Risk
treatment
plan
Perf
orm
ance M
anagem
ent
(KP
I)
Change M
anagem
ent
& O
pport
unitie
s
22
How we Do ISO 31000 Standards FAQ’s- We Answer for you !
Practical Challenges
How to create value
How to integrate
How to allocate
ownership to
management
How to ensure
assessment is current
and risk treatment is
appropriate
How to spot emerging
and changing risks
What is your
organizational Risk
Appetite
How to use your critical
success factors with
related measures of
success
What is CEN/ IEC
Guide 73 guideline
relevance to ISO 31000
& more… ?
23
Riskpro Clients
Our Clients
*Any trademarks or logos used throughout this presentation are the property of their
respective owners
24
Team Experiences Our Experiences
*Any trademarks or logos used throughout this presentation are the property of
their respective owners
Our team members have worked at world class Companies
25
RESUMES – Our Team
Co-Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Over 10 years international experience – 6 years in Bahrain and 4 years USA
15 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design
Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
Manoj Jain
Co- Founder - Riskpro
CA (India), MBA (Netherlands), CIA (USA)
Over 15 years of extensive internal and external audit experience in India and abroad.
Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.
Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc.
Rahul B
han
Credentials
26
RESUMES - Our team
Co-Founder - Riskpro
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
Casper A
bra
ham
Credentials
Vice President – Risk Management
MBA, PDFM, NSE-NCFM, PMP, CSSGB,Trained ISO 9001:2000 I.A,GARP-FBR, ITIL
Professional with 17 years of rich experience into diverse Consumer finance/ Lending operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting & Housing finance in BFSI industry having successfully led key business strategic engagements across multi-product environment in APAC, Australia and US regions.
Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank
Highly skilled and expert Trainer in Risk areas across Fraud, Credit, Operational, Corporate Risk management, GRC.
Specializes in Fraud Control, Compliance QA ,ERM and Regulatory governance.
Hem
ant S
eig
ell
27
RESUMES - Our team
Head - Insurance Risk Advisory services
B.sc, Associate of Indian Institute of Insurance
Licensed Category A Insurance surveyor
26 years of experience in Insurance advisory services, Loss adjusting for large corporates,Claims management.
Has assessed more than 4500 high value insurance claims across various industry sectors.
Risk management inspection
Valuations of fixed assets for insurance purpose.
R. G
upta
Credentials
Head - Human Capital Management
Chartered Accountant, Lead Assessor ISO 9000, Six Sigma Trained, Trained on Situational
Leadership, Trained on interviewing skills and Whole Message Model.
Over two decades of international, multi-cultural experience in finance and human resources viz. internal audit, accounting operations, accounting process review & re-designing, risk management, business solutioning, six sigma projects, talent acquisition, talent retention, organization design/redesigning, compensation and appraisal processing, employee and customer satisfaction surveys, knowledge management and finance services.
Worked with Citicorp/MGF, India Glycol, Delphi, American Express India, American Express USA, Fidelity International and Macquarie Global Finance Services India.
Nile
sh B
hatia
28
Our team
Co-founder- Riskpro
B.Com, FCA
Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra and Mehrotra
Over 19 years of experience in the field of Audit, Taxation, Company law matters.
Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of India etc.
Raje
sh J
hala
ni
Credentials
Specialist Risk Consultant – ERP & IT Compliance
SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access Controls trained (from SAP India)
Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong, etc
Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings,
Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG, Pharmaceutical, Retail, Telecommunication to IT Services
Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services
Goura
v L
adha
29
Key Contacts and Locations (India)
Corporate Mumbai Delhi Bangalore
Riskpro India
Ventures (P) Limited
info@riskpro.in
www.riskpro.in
C 561, Defence Colony
New Delhi 110024
Manoj Jain Director
M- 98337 67114
manoj.jain@riskpro.in
Shriram Gokte Principal - Information Risk
M- 98209 94063
shriram.gokte@riskpro.in
Rahul Bhan Director
M- 99680 05042
rahul.bhan@riskpro.in
Hemant Seigell VP – Risk Management
M- 99536 97905
hemant.seigell@riskpro.in
Casper Abraham Director
M- 98450 61870
casper.abraham@riskpro.in
Ahmedabad Pune Agra Gurgaon
Maulik Manakiwala Associate Firm
M - 91 98256 40046
Gourav Ladha Sap Risk Advisory
M- 97129 52955
M.L. Jain Principal – Strategy Risk
M- 98220 11987
mljain@riskpro.in
Alok Kumar Agarwal Associate Firm
M- 99971 65253
Nilesh Bhatia Head – Human Capital
M- 98182 93434
nilesh.bhatia@riskpro.in
Salem Ghaziabad
Chandrasekaran Recruitment Franchisee
M - 91 9443 599132
R Gupta Head – Insurance Risk
M- 98101 07387
Copyright- © 2012 RiskPro ,India .All rights reserved.