Embed Size (px)
Citation preview
1
PRAY People Risk Assessment & Yield
Riskpro, India
2
Who is Riskpro… Why us?
ABOUT US
Riskpro is an organisation of member firms around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.
Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.
Managed by experienced professionals with experiences spanning various industries.
MISSION
Provide integrated risk management
consulting services to mid-large sized corporate /financial institutions in India
Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.
VALUE PROPOSITION
You get quality advisory, normally delivered by large consulting firms, at fee levels charged by independent & small firms
High quality deliverables
Multi-skilled & multi-disciplined organisation.
Timely completion of any task
Affordable alternative to large firms
DIFFERENTIATORS
Risk Management is our main focus
Over 200 years of cumulative experience
Hybrid Delivery model
Ability to take on large and complex projects due to delivery capabilities
We Hold hands, not shake hands.
3
Risk Management Advisory Services
Training Recruitment
Basel II/III Advisory Market Risk
Credit Risk
Operational Risk
ICAAP
Corporate Risks Enterprise Risk Assessment
Fraud Risk
Risk based Internal Audit
Operations Risk
Forensic services
Information Security IS Audit
Information Security
IT Assurance
IT Governance
Operational Risk Process reviews
Policy/ Process Review
Process Improvement
Compliance Risk
Governance Corporate Governance
Business Strategic risk
Fraud Risk
Forensic Accounting
Other Risks Business/Strategic Risk
Reputation Risk
Outsourcing Risk
Contractual Risk
Banking – E Learning
Corporate Training
Regular Risk Management Training
Online Training material
Workshops / Events
Virtual Risk Managers
Full Time Risk Professionals
Part time Risk Professionals
Risk Managers on call – free
S E
R V
I C
E S
4
Operational Risk Management
CHALLENGES
Main challenge is how to motivate & incentivize various risks owners to
manage Operational Risk. Operational risks do erode the corporate earnings &
affect the reputation in the marketplace.
Velocity & momentum of operational risk events can take company by surprise
and its exposure is difficult to manage, without a robust framework
Operational risk success is largely linked to People Risk and “Human Factor”.
Sometimes addressing people issues is a way to manage operational risk.
BACKGROUND
Operational risk is everywhere.
Losses from operational failures can be devastating
No single person in the organisation can manage Operational Risk. It requires
commitment from each and every person.
Operational Risk is not rocket science. It is a culture change. Training and
awareness are the best solutions for sustained ORM.
5
Operational Risk Management – Building Blocks
Operational Risk
Governance
Review risk management structures & infrastructure
Compare against best practices, strategic objectives and regulations.
Develop operational risk policies, frameworks, terms of reference and
implementation project plans.
Development of Risk Control Self Assessment (RCSA) methodology,
Risk Register to assess the gross & net risks and identify/scoring the relevant
controls.
Risks reporting, CRO dashboards & heat maps showing RAG status.
KRI Capture and analysis key risks metrics (and controls) leading to the validation of
the risk and control assessments.
Issues and action plan, remediation of KRI breaches
ORM Framework
Operational Loss
Database
Loss and incident reporting framework
Process to analyze operational losses & near misses.
Best practices in valuation and risk modeling.
Basel II
Basel II ORM Framework
Capital computation and modeling.
AMA and capital calculation
Establishing AMA framework in accordance with regulatory requirements
6
Background and Challenges to People Risk
CHALLENGES
People risk is often forgotten, neglected. Companies build models, frameworks to manage risk..but
ignore People themselves
People are, indirectly or directly, at the core of all risks
Starting with the way they are; their background, early childhood, how they got to be where they are; personal &
family life. Debt, Gambling, indulgent to the good life?
Unlike Logistics, Finance, Marketing, Sales, Distribution etc. the risk related to People has a range of
‘different’ local, regional, enterprise, cultural & global implications.
Most companies do not have quantitative score or metric that measures people risk levels.
BACKGROUND
India is People-centric. In a global context; manpower outsourcing comes to India and
has to be a part of their Global Solution.
All companies rely on efficient, honest and effective people to grow and create business
value
People risk management goes beyond hiring good people and carrying out annual
performance evaluation.
7
The People Risk Landscape
People Actions Costs
Employees
Suppliers
Customers
TEMPS
Catering Staff
Housekeeping
Security Staff
Drivers
Ghost Employees
Order Acceptance
Procurement
Wrong Vendor
Wrong Hiring
Poor Decisions
Direct OR Indirect
Fixed OR Variable
Liable for Litigation Negligence
Graft (CORRUPTION)
Cartel
Behavioural
Not Insured
100% Revenue Loss
Increased Cost
Lower Profits
High Risk Behavour
Stopped Learning
Ego – Alpha-Male
Long term consequence
Personal Debt
Greed
Clinical Problem(s)
No Succession Planning
Poor Due-Diligence
Obsolescence
Re-work & Waste
8
How People’s ACTIONS increases or decreases risks
EVERY Decision that a person takes affects Revenue, Collection, Expenses, Payables, project
or ultimately the bottom-line of the company.
Negligence OR wanton 'delay' adds to inefficiencies, project delays, increased cycle times,
lower customer or supplier satisfaction and can even jeopardize the Transaction
Once a thief always a thief
Failure to properly verify a cheque payment for a large sum.
Misbehavior with colleagues
Writing degrading emails about companies to external parties
News and print news about employees due to their personal lifestyle, behavior
All such behaviors are noted by management, employees warned or a note made in their
personal files. But no tracking taken to consolidate this information, see an overall risk
score of that each employee or at the company level.
Decision making delays, process inefficiencies, bad leadership all require some quantification and
aggregation to highlight your STAR performing employees and the bad ones.
9
Bottom Up Approach to People Risk Management
Company Level Risk Score
Business Line 1
Behavioral
Performance Evaluation
Supervisor Assessment
Actions
Incident Reports
Profitability parameters
Business targets
Business Line 2
Behavioral
Performance Evaluation
Supervisor Assessment
Actions
Incident Reports
Other input sources
Other Aggregation
Category
Other sources of
inputs
Entity Level
HR Dept Risk
See examples on next slide
10
People Risk Management – Other Inputs to the Model
HR Dept Inputs
Skills set gap, succession planning, outstanding jobs unfilled. All HR inputs can be considered by
PRAY to model some level of risk score at entity level.
Recruitment Verification
Results of internal, external verification, due diligence
Risk Register
Inventory of known risks relating to people risk. Aggregate score of company wide HR Risk
register
Incident Reporting and Issues Management Database
Responsible for how much of financial losses, number of events by the persons, all incidents
with evidence support. Audio, Video, Documents etc
Performance Appraisal System
Add risk elements to existing Systems, Methods & Practice
Reporting System
Predictive and Pre-empts. Real-time Alerts. Yesterday, Last-week, Last-month, Last-quarter and
Last-year knowledge. Why? Who? What for?
11
Examples of Parameters for modeling people risk
Beyond Working-Hour Factors
Involving Self
High-Risk Hobbies; Alpha; Aggressive
Gambling; Speculation
Drinking; Drugs
Greedy
Opposite Sex Issues
Beliefs such as Faith/Religion
Involving Family
Emotional Pressures
Financial Pressure
Dysfunctional Factors
Involving Others
Bad company
Risk Rating
Track-Record
Litigation - Legal Action Risk
Above are just some of the hundreds of parameters and inputs that re used to model people risk score.
All parameters can be customized s per client requirement, or can be easily configured (ON/OFF) by
company’s administrator.
Rating weights and score can be configured in consultation with company management so that important
factors are given more weightage and thus arriving at an accurate risk indicator
12
OUTSOURCING
13
Outsourcing Activity - Detailed Checklist to monitor Risks
Sr. No. Checklist Yes/No Risk Covered Remarks
A General Guidelines-
1
Ensure completion of this checklist for all outsourcing contracts within RBI scope of
outsourced arrangements.
Compliance and
Operational Risk
2
Ensure appropriate management structure/ appointment of an outsourcing coordinator
within Bank/department to oversee the outsourcing arrangement process from start to end
Management risk
3
If outsourcing is a regular activity, build and maintain a database of potential service
providers to avoid single vendor dependency Concentration risk
4
Exhaustive list of outsourced arrangements with relevant details like - name of the vendor,
nature of activity outsourced, name of department utilizing services of vendor, start and end
dates of contracts, Bank coordinator name/ Outsourcing relationship manager, Vendor
coordinator name, value of contract Compliance risk
5
Ensure that there are no conflicting process notes, circulars etc prepared by the Business
Unit that conflict with Bank's Outsourcing Policy, other process notes, procedures with
respect to outsourcing. Compliance risk
B Decision making process -
6
Business Unit should do adequate research to support the business case for outsourcing
Strategic risk
7
Documentation of outsourcing proposal/business case and sign-off from all concerned on
Cost Benefit Anaylsis, other tangible and intangible benefits arising from the arrangement,
vendor selection criterias Management risk
MANAGING OUTSOURCING RISK
Outsourced Activity:
Business Unit:
14 14
Outsourcing of Financial Services - Monitoring and Review
RBI Guidelines -Outsourcing of Financial Services by banks –
RBI/2006/167 DBOD.NO.BP. 40/ 21.04.158/ 2006-07 dated November3, 2006
Due due diligence, in relation to outsourcing, should consider all relevant laws
In considering or renewing an outsourcing arrangement, appropriate due diligence should be
performed to assess the capability of the service provider to comply with obligations in the
outsourcing agreement. Due diligence should take into consideration qualitative and
quantitative, financial, operational and reputational factors
A central record of all material outsourcing should be maintained to facilitate Board/Senior
Management review
Half yearly reviews of material Outsourcing be placed before the Board
Regular audits to assess the adequacy of the risk management practices adopted in
overseeing and managing the outsourcing arrangement
Banks should, at least on an annual basis, review the financial and operational condition of
ALL the service provider to assess its ability to continue to meet its outsourcing obligations.
Such due diligence reviews, should highlight any deterioration or breach in performance
standards, confidentiality and security, and in business continuity preparedness.
15
Knowledge Management Program
Problem Statement
High attrition rate means that exiting employees and entering employees upset the
environment as follows:
Exiting employees take critical and confidential data
New employees take significant time to learn the process
Background checks become time consuming given the large volume of recruitments
Data access controls may be absent
Work flows and user guides are not available
Riskpro Solution
Comprehensive review of requirements and establish a proper Knowledge Management
Program
Implement Desktop instructions, user guides so that new employees can start off quickly
and minimize mistakes
Proper access control and archival of digital data in secure folders
Tool enablers to manage the recruitment, background verification
EXAMPLE OFFERING
16
17
ANNEXURE II - Legal Compliance
18
Legal compliance
Stage 1 – CAC
Preparation of Compliance Audit Checklist (CAC) covering all relevant laws
applicable to the target unit.
Stage 2 - Visit to location
Verification of relevant records and documents available.
Compilation of draft report based upon findings and observations of the audit
team
Review meeting with the unit head / work directors to discussion on the
finding of audit.
Stage 3 – Report
Submission of detailed Non Compliance (NC) report to the company (Board
of Directors or Compliance Head)
Follow up with the unit to verify action taken
19
Legal compliance (Acts covered - HR)
Factories Act, 1948 Shop & Establishment Act (state acts)
Payment of Wages Act, 1936 Maternity Benefits Act, 1961
Minimum Wages Act, 1948 Gratuity Act, 1972
Equal Remuneration Act, 1976 ESI Act, 1948
Payment of Bonus Act, 1965 Apprentices Act, 1961
Provident Fund & Misc Provisions Act,
1952
Employment Exchanges (Compulsory
Notification of Vacancies Act), 1959
Contract Labour (Regulation & Abolition) act, 1970
Trade Unions Act, 1926
Workmen Compensation Act, 1923 Private Security Agencies Regulation
Act, 2005
Prevention of Sexual Harassment
(Guidelines) Industrial Disputes Act, 1947
Labour Welfare Act (state acts)
20
Legal compliance (Acts covered - Engg.)
Electricity Act, 2003 Environment Protection Act, 1986
Petroleum Act, 1934 Water (Prevention and Control of
Pollution) Act, 1981
Explosives Act, 1884 Air (Prevention and Control of
Pollution) Act, 1981
Boilers Act, 1923 Water Cess Rules, 1977
Legal Meteorology Act, 2011 Hazardous Waste Handling &
Management Rules, 1989
Essential Commodity Act, 1945
21
Legal compliance (Acts covered – Tax & Misc)
Micro, Small & Medium
Enterprises Devel. Act, 2006 Central Excise Act, 1944
Central Sales Tax Act, 1956 State VAT Acts
Customs Act, 1962 (export and import
documentation) Service Tax Act, 1955
Income Tax Act (payment of Tax, TDS) Foreign Exchange Management Act
Negotiable Instruments Act, 1881 Industries (Development & Regulation)
Act, 1951
Information Technology Act, 2000 Motor Vehicles Act, 1988
Competition Act, 2002
22
Riskpro Clients
Our Clients
Any trademarks or logos used throughout this presentation are the property of their
respective owners
23
Team Experiences Our Experiences
Any trademarks or logos used throughout this presentation are the property of their
respective owners
Our team members have worked at world class Companies
24
RESUMES – Our team
Co-Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Over 10 years international experience – 6 years in Bahrain and 4 years USA
15 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design
Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
Ma
no
j Ja
in
Co- Founder - Riskpro
CA (India), MBA (Netherlands), CIA (USA)
Over 15 years of extensive internal and external audit experience in India and abroad.
Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.
Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc.
Ra
hu
l B
ha
n
Credentials
25
RESUMES - Our team
Co-Founder - Riskpro
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
Ca
sp
er A
bra
ha
m
Credentials
Vice President – Risk Management (Fraud Risk, BFSI)
MBA, PDFM, NSE-NCFM, PMP, CSSGB,Trained ISO 9001:2000 I.A
Professional with 17 years of rich experience into diverse Consumer finance/ Lending operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting & Housing finance in BFSI industry having successfully led key business strategic engagements across multi-product environment in APAC, Australia and US regions.
Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank
Highly skilled and expert Trainer in Fraud Risk areas across Credit, Corporate Risk management.
Specializes in Fraud Control, Compliance QA ,ERM and Regulatory governance.
He
ma
nt S
eig
ell
26
RESUMES - Our team
Co-founder- Riskpro
B.Com, FCA
Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra and Mehrotra
Over 19 years of experience in the field of Audit, Taxation, Company law matters.
Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of India etc.
Ra
jesh
Jh
ala
ni
Credentials
Specialist Risk Consultant – ERP & IT Compliance
SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access Controls trained (from SAP India)
Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong, etc
Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings,
Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG, Pharmaceutical, Retail, Telecommunication to IT Services
Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services Go
ura
v L
ad
ha
27
RESUMES - PARTNERSHIPS
Consultant – Information Security & IT Governance
LLB, CA, CISA, CWA, CS, CFE and others
Over 15 years of experience in the field of Audit, Taxation, Investigations.
Specializing in the field of Systems Audit, Cybrex Audit, Computer Crime Investigations, IS Forensics
International Committee Member of Governmental and Regulatory Agencies Board and Academic Relations Committee of ISACA, USA
An
jay A
ga
rwa
l
Consultant – Quality Management
Founder of PMG, a TQM Consulting Co in Delhi
Mechanical Engineer
20+years experience in TQM concepts.
Strong skill set in various productivity & quality improvement projects including Six Sigma offerings
Past experiences include reputed organizations like Andersen Consulting, Eicher Consulting & Nathan & Nathan consultants
Piy
ush
Ku
ma
r Credentials
28
Specialist Risk Consultant – Business Continuity
Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals
Founding director and first Fellow of the Business Continuity Institute
Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management
Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom
Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.
Andre
w H
iles
RESUMES - PARTNERSHIPS
Specialist Risk Consultant – Enterprise Risk Management
Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.
Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA) Co-founder and EVP, Professional Services, rPM3 Solutions, LLC (Maryland, USA).
Past experiences include Head of Global Risk Management for USAA, PepsiCo/Tricon Global and American National Red Cross
Additional risk and insurance experience at Verizon Corp,. Marsh USA and Liberty Mutual Insurance Co.
2004 Risk Manager of the Year – 2007 recipient of the Alexander Hamilton Award for “Excellence in ERM” (at USAA) – former President, Risk and Insurance Management Society, Inc.
Chris E
. M
andel
29
RESUMES - Advisors
Founder partner of Mehrotra and Mehrotra, a 48 year old CA firm in India
Bcom, FCA, LLB
Over 48 years of experience in audits, taxation, legal matters, loan syndication etc.
Trustee of Cochin Port Trust, Member of Task Force for MOUs, Ministry of Heavy
Industries & Public Enterprises, Govt. of India, Ex- Member of Central Board of
Trustees, Employees’ Provident Fund Organisation (EPFO), Ministry of Labour,
Govt. of India, New Delhi.
Ex - Director, Canara Bank Mr.
MP
Me
hro
rta
Practicing chartered accountant in Delhi
CA, ICWA
Over 35 years of professional experience.
Trustee, Kargil Shaheed Smarak Samiti
Hon. Treasurer, World Academy of Spiritual Sciences (WASS).
Panel Arbitrator, International Centre for Alternative Dispute Resolution
Arbitrator, Cement Corporation of India
Arbitrator, Bombay Stock Exchange Limited
Arbitrator, Central Depository Services (India) Limited
Arbitrator’s Panel of Indian Council of Arbitration
Mr.
PK
Gu
pta
Credentials
30
Contacts and Office Locations
THANKS
Corporate Mumbai Delhi Bangalore
Riskpro India
Ventures (P) Limited
www.riskpro.in
C 561, Defence colony
New Delhi 110024
Manoj Jain Director
M- 98337 67114
Shriram Gokte Principal - Information Risk
M- 98209 94063
Rahul Bhan Director
M- 99680 05042
Hemant Seigell VP – Risk Management
M- 99536-97905
Casper Abraham Director
M- 98450 61870
Ahmedabad Pune Agra
Maulik Manakiwala Associate Firm
M - 91 9825640046
Gourav Ladha Sap Risk Advisory
M- 97129 52955
M.L. Jain Principal – Strategy Risk
M- 9822011987
Alok Kumar Agarwal Associate Firm
M- 99971 65253
