VIDEO CALL SERVICE CALL GIRL LIVE SERVICE REAL GIRL LIVE VIDEO CALL SERVICE C...
Enterprise Risk Management
1. Confidential Slide
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by our partners and
extended team of industry experts
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: neha@continuityandresilience.com
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: info@continuityandresilience.com
4. Confidential Slide 444
Enterprise wide Risk Management – The Building BlocksEnterprise wide Risk Management – The Building Blocks
Identification Measurement MonitoringGovernance
Self Assessment
Capture of Losses
Improve
Processes
Improve
Controls
Enhance
Technology /
BCP
Enhance
Business
Controls
Project
Quality
Assurance
Project
Readiness
Assessment
Committees
Regulatory
Reporting
Quality
Assurance of
GRC processes
Consistency
across Group
Group Risk
Group Audit
Independent
Review and
Audit Control
Group Legal &
Compliance
framework
Asset Liability
Management
Governance, Risk & Compliance (GRC)
Framework – people, process & technology
Key Risk Indicators
Process Mapping
Strategy /
Design
Implementation Mitigation
Mitigation
Governance: Establishment
of policies and the definition of
the framework to implement
these policies
Identification: Stipulation and
documentation of risk
exposure along process and
project lines
Measurement: Qualification
and quantification of risk and
loss in financial value and
quality
Monitoring: Identification,
tracking and control of risk
events and resolution thereof
Mitigation: Proactive
management of risk exposure
Source: Reliance Life
16. Confidential Slide
Actual Incidents
Virus Attack in 2010 – systems were down for 2 - 3 days
Short circuit and fire on Electrical box of the Andheri Corporate office building
leading to no electrical supply to the office building for 4-5 days in 2011.
Fire at one of the floors at Corporate office in 2014 leading to office evacuation
Fire at Kolkatta Branch Office in 2015 due to short circuit
Nepal Earthquake – impacted few branches and they worked for alternate
locations
17. Confidential Slide
Key Issues or Challenges in Implementing Business
Continuity Projects
Senior Management Commitment and involvement
Lack of thorough understanding of data dynamics and dependencies involved in
data recovery by BCM practitioners
Inappropriate approach in executing BCM processes
Incorrect and / or inappropriate assumptions in formulating business continuity
and disaster recovery plans
18. Confidential Slide
Resolutions to implementation of Effective BCM
• Set up a cross functional steering committee of key stakeholders and meetings to
be held regularly
• Systematic planning and collaboration between business and IT
• Consistency in documentation and approach can be achieved by adopting an
international BCM standard / framwork across the enterprise
• Adoption of service / product based approach for risk assessment is more
effective and sustainable
19. Confidential Slide
Business Continuity Management System (BCMS) and Information
Security Management System (ISMS) – an integrated approach
ISO27001:2013 ISO22301:2012
22. Confidential Slide 22
Credit Risk FrameworkCredit Risk Framework
• Evaluation done based on 4C’s of Credit
•Conduct review with the following
Issue reports with key action points to the Executive Investment committee
24. Confidential Slide 24
Information Security Risk Management (ISRM)
Business
Strategy
Business
Strategy
Business
Process
IncidentIncident
RiskRisk
IT Systems &
Assets
ControlsControls
Policies
(Principles &
Objectives)
Policies
(Principles &
Objectives)
Laws &
Regulations
Laws &
Regulations
IT StrategyIT Strategy
achieved
through
guides
informs
informs
requires
protects
ThreatsThreats
VulnerabilityVulnerability
exposed
to
has
specific
affects
may
lead to
impacts
25. Confidential Slide 25
ISRM Framework
PHASE PROCESS OUTPUT
Define
Objective: Study current state enterprise IS View of the current
state of the basic
elements of
information security in
the considered
enterprise
Input: Collect information about enterprise basic elements
Assets Tangible/intangible/owner/location
Threats Deliberate/accidental/natural
Vulnerabilities Technical/organizational
Controls Existing/planned
Identify
Objective: Assess the current state of information security View of the critical
assets, associated
with the assessment
of the threats &
vulnerabilities they
are facing, and with
the security controls
used
Input: Define stage outputs/expert or owner view
Assets Valuation (direct/indirect), Identify key components
Manpower, information systems & facility
Threats/assets Possible damage it may cause.
Vulnerability/asset Weakness in the security measures and identify
risk
Controls / assets Identify control currently in use
Requirements Confidentiality/Availability/Integrity
Assess
Objective: Find the gap between the current state and the required state of
protection
View of the gap
between security
requirements and the
current state of
security, considering
all critical assets
Input: Assessment of enterprise current state from “measure” phase; and
“required security protection criteria
Identification Control gap analysis
Evaluation Evaluate impact of the current state of security
versus required one
Gap Determination of the security gap that needs to be
closed, so that the required improvement is
achieved
26. Confidential Slide 26
PHASE PROCESS OUTPUT
Plan
Objective: Specify required improvements to close the gap between the current
state and required state
View of a plan of
action of what
should be done to
close the gap and
achieve the
required security
Input: Required state and current state
Directions Development of directions to close the security
gap and achieve the required improvement.
Recommended controls.
Cost-benefit analysis and selection of controls
Plan Designing an action plan that follows the
directions.
Implementation & risk treatment
Implement,
Monitor & Control
Objective: Implement improvement, monitor and evaluate; repeat process.
Implementation of
the plan,
operation,
performance,
process activation
Input: Action plan for improvement
Implementing The action plan for improvement
Monitoring The changing state
Documentation Documenting the work
Re-initiating Continuous process
ISRM Framework
31. Confidential Slide 31
In view of the recent developments in the macro economic scenarios across the world,
it has become essential to find ways to improve capital efficiency of the insurance
companies without threatening solvency. Too much capital will reduce the capital
efficiency and too little capital may threaten the solvency. Economic capital is a way of
ensuring proper balance between capital adequacy and capital efficiency. Economic
capital is the amount of capital required to keep the balance sheet solvent on a going
concern basis under a stress event.
“Sufficient surplus to cover potential losses at a given risk tolerance level over a
specified time horizon.”
Economic Capital- The journey ahead
32. Confidential Slide 32
Determining Economic Capital- The journey ahead
Determining Economic Capital
+
–
Selected risk
tolerance
Ranked distribution of present values of future profits from each simulation
Cumulative probability
0
$m
Economic Capital: At the enterprise level, EC is typically
defined as “Sufficient surplus capital to
cover potential losses at a given risk
tolerance level, over a specified time
horizon”
Source: Tillinghast
Types of Risks to be considered
Insurance Operational Market Credit Liquidity