With growing risk complexities in business environment and volatile markets, there is an imperative need for attaining quality standards in critical functions, processes & framework. Fortunately with the advent of a new International Standard, ISO 31000:2009, Risk Management – Principles and guidelines, will help organizations of all types and sizes to manage risk effectively. ISO 31000 provides principles, framework and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context.
In continuation of our fast growing presence and business trajectory, we’re pleased to commence our ISO 31000 Risk Management Training Services in addition to our existing bouquet of Risk advisory , Consulting, Training & Human Capital Services to corporates across India currently being serviced through our multi location delivery centres in major metros with total presence in 11 Indian cities network already.
1. Risk Consulting & Advisory Services
ISO 31000:2009 Risk Management Standards
RiskPro India Ventures (P) Limited
New Delhi, Mumbai, Bangalore
1
2. Who is Riskpro… Why us?
ABOUT US MISSION
Riskpro is an organisation of member firms
around India devoted to client service Provide integrated risk management
excellence. Member firms offer wide range consulting services to mid-large sized
of services in the field of risk management. corporate /financial institutions in India
Currently it has offices in three major cities Be the preferred service provider for
Mumbai, Delhi and Bangalore and alliances complete Governance, Risk and Compliance
in other cities. (GRC) solutions.
Managed by experienced professionals with
experiences spanning various industries.
VALUE PROPOSITION DIFFERENTIATORS
You get quality advisory, normally delivered
by large consulting firms, at fee levels Risk Management is our main focus
charged by independent & small firms
Over 200 years of cumulative experience
High quality deliverables
Hybrid Delivery model
Multi-skilled & multi-disciplined organisation.
Ability to take on large and complex projects
Timely completion of any task due to delivery capabilities
Affordable alternative to large firms We Hold hands, not shake hands.
2
3. Risk Management Advisory Services
Basel II/III Advisory Corporate Risks Information Security
Market Risk Enterprise Risk Assessment IS Audit
Credit Risk Fraud Risk Information Security
Operational Risk Risk based Internal Audit IT Assurance
ICAAP Operations Risk IT Governance
Forensic services
SERVICES
Operational Risk Governance Other Risks
Process reviews Corporate Governance Business/Strategic Risk
Policy/ Process Review Business Strategic risk Reputation Risk
Process Improvement Fraud Risk Outsourcing Risk
Compliance Risk Forensic Accounting Contractual Risk
Insurance Risk
Training Recruitment
Banking – E Learning
Corporate Training Virtual Risk Managers
Regular Risk Management Training Full Time Risk Professionals
Online Training material Part time Risk Professionals
Workshops / Events Risk Managers on call – free
ISO Standards
3
4. ISO 31000:Future standard on Risk Management
Every organization has objectives to
achieve, and in order to achieve them,
any uncertainty that could interfere with
their realization must be effectively
managed.
ISO 31000 is clearly different from
existing guidelines in that the emphasis is
shifted from something happening – the
Tackling event – to the effect on objectives.
hazards It sets out principles, a framework, and a
process for the management of all forms
of risk, including safety and environment,
in all organizations, regardless of size.
Key principles which includes-
Communication and Consultation,
Establishing the context, Risk
assessment steps- Identification,
Analysis, Evaluation.
Risk treatment, Monitoring and review.
4
5. ISO 31000: 2009 Risk Management Standards Insight…
RISK MANAGEMENT
INTERNATIONAL STANDARD
ISO 31000:2009
ISO Guide 73 ISO 31000
Risk Management - Risk Management –
Vocabulary Principles and guidelines
IEC 31010
Standard Risk Management Risk
Vocabulary Assessment Techniques
Principles/Guidelines
Assessment
5 5
6. Evolution of ISO 31000 Journey…
1995 1999 2002 2004 2004 +
Standards Guidelines
Australia/New review on Standards
Zealand and released for
Review 2 implementation
Risk
Management
Vocabulary AS/NZS 4360
Guideline
2001
ISO/IEC
Standards
Guide 73
Standards Version-
Australia/New Japan
Standards Zealand
Australia/New Review 1
Zealand
AS/NZS 4360
AS/NZS 4360
6
7. Understand ISO 31000...Future of Risk !
Historical glance - When the Standards Australia/Standards New Zealand Joint
Technical Committee developed AS/NZS 4360 – Risk Management, which was
first published in November 1995, revised in 1999 and most recently revised in
2004. Standards organizations in Canada (1997) and Japan (2001) followed
with their own versions and then in 2002, ISO and the International Electro
technical Commission (IEC) published ISO/ IEC Guide 73, Risk management –
Vocabulary – Guidelines for use in standards.
Every organization has objectives to achieve, and in order to achieve them,
any uncertainty that could interfere with their realization must be effectively
managed.
ISO 31000 is clearly different from existing guidelines in that the emphasis is
shifted from something happening – the event – to the effect on objectives.
It sets out principles, a framework, and a process for the management of all
forms of risk, including safety and environment, in all organizations, regardless
of size.
Key principles which includes- Communication and Consultation, Establishing
the context, Risk assessment steps- Identification, Analysis, and evaluation
Risk treatment, Monitoring and review.
7
9. ISO 31000 Elements Demystified
*This presentation and its contents in part or whole should not be copied or distributed to anyone.
9
10. Risk Management Overview : ISO 31000 Outlook Overview
•Without risk, there is no reward or progress. Unless risk is managed effectively, organizations
cannot maximize opportunities and minimize threats.
• Applicable and Adaptable with emphasizes on tailoring the principles and guidelines to the
specific needs and structure of the organization.
• Commitment of senior top management with the overarching component of the framework is
the mandate and commitment of the organization’s board and top management to the
implementation, review and continual improvement of how risk is managed. Ultimately to
ensure risk is fully focused on the achievement of objectives.
• Organizations with a commitment to managing risk know that implementing standards can
enable them to do so more effectively and therefore maximize opportunities and minimize
losses in the course of achieving corporate objectives.
• Risk is “effect of uncertainty on objectives” – positive and negative consequences, safety,
compliance, strategy.
• Risk management process a systematic application of management policies, procedures and
practices to the tasks of communication, consultation, establishing the context, identifying,
analyzing, evaluating, treating, monitoring and reviewing risk.
10
11. ISO 31000 Concept & Organizational Alignment How we Do
• ISO (International Organization for Standardardization) 31000 standard sets out
principles, a framework and a process for the management of risk that are applicable to any
type of organization in public or private sector.
• Every organization is unique, yours might be a regulator, a deliverer of services, a policy
analysis shop, an enforcer of laws, a facilitator of industry and commerce, support for
education or literacy or rights, etc.
• So implementation of risk management in every organization is different but instantaneously
recognized as 31000 risk management framework, process, terminology, and other best
practices.
• So your organization’s risk management could be reviewed and evaluated by any other risk
management literate person from any organization to mutual advantage.
11
12. Key Principles- Clauses How we Do
Clause – 3
o Create value
o An integral part of organizational processes
o Part of decision making
o Explicitly address uncertainty
o Be systematic and structured
o Be based on the best available information
o Be tailored
o Take into account human factors
o Be transparent and inclusive
o Be dynamic, iterative and responsive to change
o Be capable of continual improvement and enhancement
12
13. Key Principles- Clauses How we Do
Clause – 4 (Mandate & Commitment)
4.3 Design of framework
o Understanding the organization and its context
o Risk management policy
o Integration into organizational processes
o Accountability
o Resources
o Establishing internal communication and reporting mechanisms
o Establishing external communication and reporting mechanisms
4.4 Implementing risk management
4.4.1 Implementing the framework
4.4.2 Implementing the risk management process
4.5 Monitoring and review of the framework
4.6 Continual improvement of the framework
13
14. Key Principles- Clauses How we Do
Clause – 5 (Risk Management Process)
o Should be an integral part of management
o Be embedded in culture and practices and
o Tailored to the business processes of the organization.
o Communication and consultation
o Establishing the context
o Risk assessment
o Risk treatment
o Monitoring and review.
14
16. Risk Components and Framework…2/3 How we Do
• Setting of performance based standards that link risk management to change management
and decision making.
• Focus on risks that change and why.
• Integration of risk management with strategic and performance management.
• Risk management plans for organization/divisions & departments.
• Implementation of a training strategy to build skills and knowledge.
• Appointing embedded practitioner’s.
• Allocation of risks , controls, and action based owner’s.
• Clear focus on control assurance as a line management role.
• Learning through the application of RCA (root cause analysis) for wins/losses.
• Risk governance, treatment and reporting on RM maturity within BU’s.
16
17. Risk Management Process…3/3 How we Do
Establishing the context (5.3)
Risk assessment (5.4 )
Risk identification (5.4.2)
Communication Monitoring
and and
Consultation Risk analysis (5.4.3) Review
(5.2) (5.6)
Risk evaluation (5.4.4)
Risk treatment (5.5)
17
18. Relationship- Principles, Framework and Process How we Do
Mandate and
commitment
Framework
design for
managing risk
Continual Risk
framework Principles management
improvement implementation Process
Framework
monitoring
and review
18
19. Components- Principles, Framework and Process How we Do
Principles for Managing Risk Framework for Managing Risk Process for Managing Risk
• Embedding of RM throughout the • Identify and acknowledge
• Risk management creates value organisation stakeholder perceptions –internal
• Should ensure effective reporting and external
and use for decision making • Establish basis for decision
• RM is an integral part of making
organisational processes • Drive policy and define
performance • Optimise use of expertise
• Ensure alignment with strategy • Ensure effective change
• RM is part of decision making and objectives management
• Assign accountabilities; ensure • Defining parameters – external
resources and internal
• RM explicitly addresses
uncertainty • Communicate benefits to • Alignment with objectives
stakeholders
• Alignment with stakeholder
• Understanding the organisation expectations
• RM is systematic, structured and and its context
timely • Developing risk criteria
• Risk management policy
• Risk identification, Analysis,
• Integration into organisational Evaluation
• RM is tailored/aligned to internal processes (embedding)
and external context • Selection of risk treatment
• Accountability (for process as options
well as risks)
• RM is dynamic, iterative, • Preparing and implementing risk
• Resources (people, skills, treatment plans
responsive to change information, documentation)
• Recording the risk management
• Establishing internal process
• RM is capable of continual communication and reporting
improvement • Monitoring and Review
• Establishing external
communication and reporting:
19
20. Risk Implementation Approach… How we Do
1. Achieve an unequivocal Executive and Board mandate with a full appreciation of the changes required at all levels of the
organization.
2. Undertake a gap analysis and maturity evaluation.
3. Develop a carefully tailored framework, based on ISO 31000 risk management framework, principles, and process as
well as the organization's context and structure necessary for ERM to be implemented and sustained.
4. Workshop and develop a strategic risk management plan to implement the framework utilizing practical tools and best
practice methods.
5. Develop and gain senior management agreement on a set of performance base standards to codify the framework and its
implementation plan.
6. Create a tailored risk management information system, that enforces accountability for risks, controls and tasks, supports
control assurance and enables risk management performance management and reporting.
7. Cause Champions to be appointed within the organization and trained to create the confidence, skills and local management
support needed for roll-out.
8. Help Champions engage local management and implement the framework and risk management plan, generating risk
registers, etc.
9. Establish a process and structure for RM performance management and reporting, including committees and review groups,
and performance measures.
10. Periodically, review, benchmark, and revise the framework.
20
21. Risk Integration – Strategic ERM How we Do
Risk Management Framework and Process
Change Management & Opportunities
Performance Management (KPI)
Establish the RM Plan
context
Lessons learn’t Risk assessment to
Draft Plan Strategic Plan
from last year stress test plan
Risk
Strategic treatment
Objective plan
21
22. ISO 31000 Standards FAQ’s- We Answer for you ! How we Do
How to allocate What is your
ownership to organizational Risk
Practical Challenges management Appetite
How to ensure How to use your critical
assessment is current success factors with
How to create value and risk treatment is related measures of
appropriate success
What is CEN/ IEC
How to spot emerging Guide 73 guideline
How to integrate
and changing risks relevance to ISO 31000
& more… ?
22
23. Riskpro Clients Our Clients
*Any trademarks or logos used throughout this presentation are the property of their
respective owners
23
24. Team Experiences Our Experiences
Our team members have worked at world class Companies
*Any trademarks or logos used throughout this presentation are the property of
their respective owners
24
25. RESUMES – Our Team Credentials
Co-Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Manoj Jain
Over 10 years international experience – 6 years in Bahrain and 4 years USA
15 years exp in risk management consulting and internal audits, Specialization in
Operational Risk, Basel II, Sox and Control design
Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain),
Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
Co- Founder - Riskpro
CA (India), MBA (Netherlands), CIA (USA)
Rahul Bhan
Over 15 years of extensive internal and external audit experience in India and
abroad.
Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young
Kuwait, Deloitte Netherlands and KPMG India.
Worked with clients in a wide variety of industries and countries including trading,
retail and consumer goods, NGO, manufacturing and banking and finance. Major
clients include banks, investment companies, manufacturing organizations,
aviation etc.
25
26. RESUMES - Our team Credentials
Co-Founder - Riskpro
Casper Abraham
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions
for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems
Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
Vice President – Risk Management
MBA, PDFM, NSE-NCFM, PMP, CSSGB,Trained ISO 9001:2000 I.A,GARP-FBR, ITIL
Hemant Seigell
Professional with 17 years of rich experience into diverse Consumer finance/ Lending
operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting &
Housing finance in BFSI industry having successfully led key business strategic
engagements across multi-product environment in APAC, Australia and US regions.
Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank
Highly skilled and expert Trainer in Risk areas across Fraud, Credit, Operational, Corporate
Risk management, GRC.
Specializes in Fraud Control, Compliance QA ,ERM and Regulatory governance.
26
27. RESUMES - Our team Credentials
Head - Insurance Risk Advisory services
B.sc, Associate of Indian Institute of Insurance
Licensed Category A Insurance surveyor
R. Gupta
26 years of experience in Insurance advisory services, Loss adjusting for large
corporates,Claims management.
Has assessed more than 4500 high value insurance claims across various industry
sectors.
Risk management inspection
Valuations of fixed assets for insurance purpose.
Head - Human Capital Management
Nilesh Bhatia
Chartered Accountant, Lead Assessor ISO 9000, Six Sigma Trained, Trained on Situational
Leadership, Trained on interviewing skills and Whole Message Model.
Over two decades of international, multi-cultural experience in finance and human resources
viz. internal audit, accounting operations, accounting process review & re-designing, risk
management, business solutioning, six sigma projects, talent acquisition, talent retention,
organization design/redesigning, compensation and appraisal processing, employee and
customer satisfaction surveys, knowledge management and finance services.
Worked with Citicorp/MGF, India Glycol, Delphi, American Express India, American Express
USA, Fidelity International and Macquarie Global Finance Services India.
27
28. Our team Credentials
Co-founder- Riskpro
B.Com, FCA
Rajesh Jhalani
Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra
and Mehrotra
Over 19 years of experience in the field of Audit, Taxation, Company law matters.
Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of
India etc.
Specialist Risk Consultant – ERP & IT Compliance
SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access
Gourav Ladha
Controls trained (from SAP India)
Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing
on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong,
etc
Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP
Security & Segregation of Duties Control Audit, ERP Trainings,
Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG,
Pharmaceutical, Retail, Telecommunication to IT Services
Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services
28