Embed Size (px)
Citation preview
1
Vendor Risk Management Services
Riskpro India Ventures (P) Limited
New Delhi, Mumbai, Bangalore
2
Who is Riskpro… Why us?
ABOUT US
Riskpro is an organisation of member firms around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.
Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.
Managed by experienced professionals with experiences spanning various industries.
MISSION
Provide integrated risk management
consulting services to mid-large sized corporate /financial institutions in India
Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.
VALUE PROPOSITION
You get quality advisory, normally delivered by large consulting firms, at fee levels charged by independent & small firms
High quality deliverables
Multi-skilled & multi-disciplined organisation.
Timely completion of any task
Affordable alternative to large firms
DIFFERENTIATORS
Risk Management is our main focus
Over 200 years of cumulative experience
Hybrid Delivery model
Ability to take on large and complex projects due to delivery capabilities
We Hold hands, not shake hands.
3
Riskpro’s Network Presence
New Delhi
Mumbai
Bangalore
Ahmedabad
Pune
Agra
Salem
Kolkata
4
• Enhance risk-response decisions.
• Minimize operational surprises and losses.
• Identify and manage cross-enterprise risks.
• Provide integrated responses to multiple risks.
• Rationalize capital
Enterprise Risk Management
About Riskpro
Large talent pool of risk experts, consultants and
associate partners in India with deep domain skills for
domestic and global clients
11 service locations across Indian region with key
offices in New Delhi, Mumbai and Bangalore
Deep expertise in consulting with over 200 years
of cumulative consulting experience
Operating Groups: Risk-Advisory, Consulting,
Training & HCMS
Service Lines : Credit, Operational, Fraud Risks,
ERM, Regulatory Compliance, Corporate
governance
We are fastest growing risk consulting company
and have realistic plans to capture coming
opportunities while competing with Big - 4’s for
superior, unmatched, low cost services to our
clients
Aggregation
and reporting of
process quality
& risk levels
Analysis of
processes,
weak points &
control points
Definition
of risk and
performance
indicators
Measurement
& collection of
operational
risk loss data
• Provide the
link between
the risk rating
aggregation
and the loss
data
collection
• The process/
service model
defines risk
rating/loss
correlation
• To describe
responsibilities
and levels of
service for
functions,
business units
and processes
• To provide risk
information for all
management
levels
Capital adequacy
calculation
Performance
measurement
Ob
jecti
ve
Ou
tco
me • Thorough
assessment of
processes and
system weak
points and
identification of
control points
• To make the OR
status evident and
facilitate risk
analysis for each
control and risk
point
• Risk and
control
indicators are
defined
• Drivers and
causes of OR
are analysed
• Risk indicators
are aggregated
into meaningful
risk ratings that
are monitored
daily
Functionality under development
• To prioritise risk
reduction measures
• To understand loss
incidence across
the bank
• Capture of losses
and near misses
and linking to the
weak points
• External loss data
for modelling can
also be collected
• Risk must be
calculated by
business line
• Regulatory and
economic capital
calculation and
allocation
• A quantification
methodology is
developed
including stress
testing and
scenario analysis
• Risk data integrated
into performance
measurement and
MIS
• Measures include:
- ROI
- RAROC
- EVA
- Earnings
volatility
Creating an Operational Risk Framework Using the Operational Risk Framework
• Design and implement an operational
risk management framework
• ORM key indicators and performance
ORM Services
5
Risk Management Advisory Services
Training Recruitment
Basel II/III Advisory Market Risk
Credit Risk
Operational Risk
ICAAP
Corporate Risks Enterprise Risk Management
Fraud Risk
Risk based Internal Audit
Operations Risk
Forensic services
IT Risk Advisory IS Audit
IT Security
IT Assurance
IT Governance
Operational Risk Process reviews
Policy/ Process Review
Process Improvement
Compliance Risk
Insurance Risk
Governance Corporate Governance
Business Strategic risk
Fraud Risk
Forensic Accounting
Other Risks Business/Strategic Risk
Reputation Risk
Outsourcing Risk
Contractual Risk
Banking – E Learning
Corporate Training
Regular Risk Management Training
Online Training material
Workshops / Events
AML-KYC/ ISO Standards
Independent Directors for Corporates
Senior level industry professionals
Full Time Risk Professionals
Part time Risk Professionals
S E
R V
I C
E S
6
4. Vendor Risk Management- Perspective
Geo-political Risk
Supply Chain Risk Assessment
Economic Analysis- Debt vs. GDP
Political Environment
Potential Financial Loss
Operational Risk
Operational System failure
Service Delivery interruption
Natural hazard Insurance
Civil penalties
Reputational Risk
Non compliance with laws
Public enforcement action
Class action law suits
Negative publicity
Compliance Risk
Consumer protection laws
Third part oversight failure
Restitution/Civil money penalty
Fixed duration binding contracts
Business Continuity Risk
Operations Disruption
Lack of robust BCP / DRP
Unsatisfactory performance
Absence of multiple vendor availability
Vendor Risk Mitigation Task List
-Ensure vendor is complying with laws
-Periodically analyzing its financial condition
-Performing on-site quality assurance reviews
-Regularly review metrics for SLA’s
-Review customer complaints for services
-Conduct anonymous testing
-Assessing contract terms compliance
-Testing business contingency planning
-Evaluate adequacy of training to employees
-Periodic meeting s to review contract
performance and operational issues
7
High Risk Vendor Categories
Core Processors
Internet Banking/ Bill
Payment/ Cash Management/
Etc Providers
Credit/Debit Card Processors
Cheque Printers
Statement Printers
Network Security Consultants
ATM Networks
Network Security Providers
Web Site/Email Hosts
CRM Providers
Payroll Processors
And the list is endless.
8
Vendor Risk Management Framework
Planning/Risk Assessment
Cost Benefit Analysis
Business case of outsourcing with Risk Assessment
Regulatory & Process Compliance
Vendor Due Diligence
Pre-Contract
3rd Party experience
Referrals, qualifications
Data security and member confidentiality
Business resumption or contingency planning
Risk Measurement and Control
Network & Desktop Security
Personnel Control Security
Client Confidentiality Agreement and/or Privacy
Policy
HR Policies - Background Checks, Employee
Confidentiality
Info Security Policies - Physical Security,
Environmental Controls
9
Benefits of Vendor / 3rd party Risk Management
Meet regulatory requirements with respect to vendor risk management
Actually derive business value from third party relationships as
reflected in the business case
Gain insight into risk exposure through a comprehensive risk rank
score for each third-party within your ecosystem
Develop a foundation for risk mitigation tools, controls, and other
compliance efforts
Mitigate risk by targeting operationally material third-parties for
appropriate and proactive monitoring and assessments
Protect your brand and corporate reputation
10
4. Vendor Risk Management – Overview & Impact
Key Risks
1 Loss of key staff or technology infrastructure
2 Adverse changes in law and government affecting the
company’s business model
3 Loss of market share or revenue through competition
or Regulation
4 Introduction of competing products and technologies
by other companies
5 Inability to attract and retain key employees
6 Failure to develop global management and information
Systems
7 Exposure to litigation related to the company’s
products/services
8 Deficient products/services provided resulting in loss of
Reputation
9 Inability to react to changes in overseas legal,
economic or regulatory environment
10 Increased pricing pressure from competitors and/or
customers
•Any lapse in controls at 3rd party service provider could potentially defeat the purpose of an effective in-house ERM.
•Responding to these ERM risks requires a robust vendor management program. Managing risk inherited from vendors is an important component of this.
•Associating with inappropriate vendors may result in additional unforeseen risks such as wasted capital, product losses and reputation risks.
Vendor Non- compliance Risks
11
Value Proposition
Components 4. Vendor Risk Management - Objectives
Financial Recovery Objectives Governance Partner Education Internal Process
Enhancement
How to define the objectives?
Program Structure and Goals Vendor Relationships Governance structures and
compliance programs
Determine Risk Factors & Tolerance
12
Value Proposition
Components 4. Vendor Risk Management - Approach
High Level Risk Assessment Approach
Vendor Spend
Spend Analysis
Proactive Forensic Analysis
Sales & Use Tax
Risk Assessment
Recovery Opportunity
Further Analysis
Recovery
Contract Review
Further Data Analysis
Control Review
IT Analysis
Manual Contract Review
Sustainability, Financial Stability
Identify vendor risk factors Evaluate vendor risk factors Contracts Evaluation Compliance Reviews
13
Risks Associated with Outsourcing
Operational Risk-The operational risks arise because the intermediary loses
direct control over the activities and the processes, procedures, systems and
people engaged in these activities. Therefore, it fails to exercise due care and
diligence if the activity / service falls short of the regulatory standards.
The reputational risks- arise from failure by the third party to deliver as per
regulatory standards which may invite regulatory actions.
The legal risks emanate from the failure to enforce the contractual obligations
particularly when the contractual relationship is not redefined with every
change in basket of activities outsourced or the way these are discharged.
Some other Circumstances risk like Country Risk arise when activities are
outsourced to foreign company.
Concentration and systemic risk if a large number of market intermediaries
rely upon one or a few third parties for the same activity.
14
Principles To Be Followed While Outsourcing
I A comprehensive policy to guide - whether and how activities can be
appropriately outsourced.
The board of directors / equivalent body shall have the responsibility for the
outsourcing policy and all activities carried under policy.
II. A comprehensive outsourcing risk management program to address
the outsourced activities and the relationship with the third party.
Regular reviews by internal or external auditors of the outsourcing policies, risk
management system and requirements of the regulator should be mandated.
Intermediary should at least on an annual basis, review the financial and operational
capabilities of the third party in order to assess its ability to continue to meet its
outsourcing obligations
15
Principles To Be Followed While Outsourcing cont….
III. The intermediary should ensure that outsourcing arrangements neither
diminish its ability to fulfill its obligations to customers and regulators.
IV Due diligence(Financial soundness , compatibility with objective of
intermediary, third party business reputation etc.) in selecting the third
party.
V. Outsourcing relationships should be governed by written contracts /
agreements . All material aspects should be clearly described like
The rights, responsibilities and expectations of the parties to the contract,
Client confidentiality issues,
Termination procedures, etc.
VI. Establish and maintain contingency plans, including a plan for
disaster recovery and periodic testing of backup facilities.
16
Value Proposition 4. Vendor Risk Management – GRC Software Objectives
Ability to perform Objective Assessments
•Quantify and objectively evaluate Vendor Risk
••Develop a Questionnaire based approach to evaluate Vendor Risk
Structured and process-oriented approach
•Create a structured, formal approach to assess , document and evaluate Vendor Risk
•Implement workflow based system to move across the various stages of evaluation
Eliminating current process inefficiencies
•Consolidation efforts are manual, tedious and subject to error
•Lacks capabilities such as version control, log maintenance , historical trend analysis
Dashboards/Reports
•Create consolidated Reports and Dashboards at an organization level
•Utilize the reporting to provide Gap and Non Compliance. Help to prioritize areas that needs attention
17
Value Proposition
Components 4. Vendor Risk Management - GRC Tool Solution
Map Vendors and related
attributes( ID , Risk , Email Id)
Map Services and related
attributes
( Service Risk, Description)
Evaluate Vendors for
New/Existing services
Tool collates response from all
Vendors in interactive reports
Send RFP template to selected
set of Vendors
Map RFP template for a service
in the tool
Based on Responses , add
findings for Vendor responses
Tool generates reports
displaying the Outsourcing
Risk rating
(Service Risk * Finding Score)
Based on Overall Risk
select/reject a Vendor
Outsourcing Risk Reports
Vendor Compliance Management
18
GRC Management Solution
NIIT technologies and RiskPro offer a Unique Risk Management solution on cloud wherein NIIT provides the best in
the breed Application platform and RiskPro brings best in class integrated risk management consulting services
Platform Differentiators Risk Expertise
Cloud hosting model No CAPEX, Infrastructure Investment No ongoing application/infrastructure
maintenance cost
Extremely Fast Implementation Out of the box implementation in 2-3
weeks time Highly configurable and flexible platform
Credibility
Platform users include Cognizant , RBS , Fidelity , NIIT Technologies etc.
High CSAT ratings from existing Customers
System Integration Capabilities Services around solution implementation
/Application and Infrastructure support Industry packaged solution using domain
expertise from NIIT’S vertical teams.
High performance business results Improved portfolio optimization Enhancing organization’s ability for effective utilization of risk capital
Unique Delivery model Highly experienced team of risk
professionals with plethora of risk domain knowledge and business solutions
Customized solutions as per client’s needs Market Differentiators
Premier risk consulting firm serving top corporates/PSU’s as preferred knowledge partners
Increasing market penetration combined with unique value proposition in risk consulting space
Risk Management Capability Quick client assessment and delivery
proposal across ERM Multi industry and functional domain
solutions
19
Vendor Risk / Third-party Assurance
Used by
• Assurance Management
• Third-Party Risk Teams
Building confident & secure third-party relationships
• Centralized and definitive vendor
service catalog and secure vendor
documentation
• Custom questionnaire templates
and scoring capabilities
• Automated questionnaire
assessments and third-party
response submission workflow
• Custom Finding Templates and
remediation tools - analyst review
• Proactive notification and
collaboration support
• Increased management visibility
• Robust custom reporting tools
20
Riskpro Clients
Our Clients
*Any trademarks or logos used throughout this presentation are the property of their respective owners
21
Team Experiences Our Experiences
*Any trademarks or logos used throughout this presentation are the property of their respective owners
Our team members have worked at world class Companies
22
Key Contacts
Corporate Mumbai Delhi Bangalore
Riskpro India
Ventures (P) Limited
www.riskpro.in
C 561, Defence colony
New Delhi 110024
Manoj Jain Director
M- 98337 67114
Sivaramakrishnan President – Banking & FS
M- 98690 19311
Rahul Bhan Director
M- 99680 05042
Hemant Seigell SVP – Risk Management
M- 99536 97905
Casper Abraham Director
M- 98450 61870
Vijayan Govindarajan EVP – Risk Management
M- 99166 63652 [email protected]
Ahmedabad Pune Kolkata Gurgaon
Maulik Manakiwala Associate Firm
M – 98256 40046
Gourav Ladha Sap Risk Advisory
M- 97129 52955
M.L. Jain Principal – Strategy Risk
M- 98220 11987
Kashi Banerjee EVP – Risk Management
M- 98304 75375
Nilesh Bhatia Head – Human Capital Mgt.
M- 98182 93434
Salem Ghaziabad Agra
Chandrasekeran Recruitment franchisee
M – 94435 99132
R Gupta Head – Insurance Risk
M- 98101 07387
Alok Kumar Agarwal Associate Firm
M- 99971 65253
Copyright- © 2012 Riskpro ,India .All rights reserved.
