Information technology sector has experienced a stupendous growth lately and the outlook looks positive with return of consumer confidence and renewal of business growth which is expected to drive IT spending going forward. India accounts for less than 5 per cent of global technology spending – tremendous untapped potential for growth of IT sector, in both core as well as emerging opportunities.
Keeping pace with growing momentum and corporate needs for better IT governance and compliance, we’re pleased to launch our IT Risk Advisory Services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services. Our services are offered through our multi location delivery centres in major metros with total presence in 11 Indian cities network.
2. 2
Who is Riskpro… Why us?
ABOUT US
Riskpro is an organisation of member firms
around India devoted to client service
excellence. Member firms offer wide range
of services in the field of risk management.
Currently it has offices in three major cities
Mumbai, Delhi and Bangalore and alliances
in other cities.
Managed by experienced professionals with
experiences spanning various industries.
MISSION
Provide integrated risk management
consulting services to mid-large sized
corporate /financial institutions in India
Be the preferred service provider for
complete Governance, Risk and Compliance
(GRC) solutions.
VALUE PROPOSITION
You get quality advisory, normally delivered
by large consulting firms, at fee levels
charged by independent & small firms
High quality deliverables
Multi-skilled & multi-disciplined organisation.
Timely completion of any task
Affordable alternative to large firms
DIFFERENTIATORS
Risk Management is our main focus
Over 200 years of cumulative experience
Hybrid Delivery model
Ability to take on large and complex projects
due to delivery capabilities
We Hold hands, not shake hands.
4. 4
IT Services Landscape
The Backdrop:
o Fast changing IT services market
o Technological advances
o Rising integration of business and technology
o Corporate focus on core competencies
o Maturation of IT vendor management role
Business Need:
o Meeting cost, time-to-market
o Innovation objectives
o Realization by corporates to assemble and integrate services and solutions
o Growing demand from best-in-breed suppliers
o Acquire the right services at the right prices
o Must have deep knowledge of the IT services marketplace
o Understanding its future direction
o New trends in the application and infrastructure services marketplace
5. 5
IT Risk Advisory Service
Information
Technology
Service
Management
Information
Security
Management
Information
Security
Audit
Information
Technology
Assurance
Information
Technology
Governance
Riskpro
Service Offerings
6. 6
IT Service Management
Consulting
Standardizing
Compliances
•Service architecture Scoping
•SLA’s
•ITSM Assessment
•Control Processes
• Service Delivery
• Release & Resolution
• IT service road mapping
• GAP Analysis
• Tollgate review
• Performance metrics analysis
• Compliance review
• Standard pre-assessment
• ISO 20000
• ITIL practices
• PDCA cycle alignment
• Training- Basic / Advanced
Value Proposition
• Efficient business service delivery processes
• Reduced risk in using external service providers
• Reduced costs
• Enhanced ability to manage business complexities in a diverse operational environment
How we Do
7. 7
Information Security Management
Consulting
Standardizing
Compliances
• Risk Assessment & Management
• IS security policy framework
• Internal audit procedures
• IS controls review
• Penetration testing
• Compliance- IS policies
• IS security implementation review
• GAP analysis
• Performance metrics analysis
• Vulnerability assessment
• SAS Type II audits & compliance
• BS 7799 implementation
• ISO 27001/17799 implementation
• DPA
• GLBA
• HIPAA
Value Proposition
• Operational resilience
• Risk reduction
• Secure best practices
• Business continuity preventive approach
How we Do
8. 8
Information Security Audit
Consulting
Standardizing
Compliances
• Operating system audits
• Database audits
• Networking/ Firewall audits
• Application systems – Functionality
assessment
• Web application/Data centre audit
• Institutional risk areas review
• General Controls- Physical
security/BCP/BRP
• Change management – Controls & Tracking
• Application Controls- System edits/Access
• IS policies and procedures
• IDS
• Forensic auditing
• FERPA
Value Proposition
• Robust IT governance framework
• Strategic & operational value through business-risk focused approach
• Pre-emptive risk control capability
• Corporate IT compliance adherence for future business initiatives and IT investments
How we Do
9. 9
IT Assurance
Consulting
Standardizing
Compliances
• Business Continuity Planning
• Cyber crime investigative services
• IT external & internal audits
• IT assessment and benchmarking
• Data protection and privacy
• IT security & business flexibility
• IT project assurance reviews
• Compliances – IS policies
• SAS 70
• ISAE 3402
• ISO 27002
• PCI DSS
Value Proposition
• Advanced technologies capabilities advisory
• Proactively manage your technology risks
• Helping you to use data to fullest potential use
• Securing while delivering high performance business results
How we Do
10. 10
IT Governance
Consulting
Standardizing
Compliances
• COBIT and ITIL reviews
• Identification of IT risks exposure
• Risk mitigation controls review
• Balanced scorecard
• Val IT business valuation plan
• IT & Business Maturity models
• IT governance improvement methods
• Improving IT skills & resources
• ISO 38500/COBIT
• CMM
• TOGAF
• ISO 22301 (new standard)
Value Proposition
• Ensuring your organizational structures & business processes are complaint
• IT support framework enables to meet business strategic objectives
• Useful framework tool for benchmarking the balance and effectiveness of IT governance
practices
How we Do
12. 12
IT Service Management- Detailed Components How we Do
Process Excellence
Service Excellence
Agile Services
Lean Six Sigma
Software Estimation
- Systematic defining business case
- Assessment of current- state gaps
- Defining optimum process frameworks
- Training & process deployment
- Effective change management
- Service model assessment & design
- Process design , documentation
- Maturity evaluation and audits
- Outsourcing service model design
- Configuration management
- Lean assessment for end-to-end processes
- Opportunity assessment - Identifying improvements
- Project execution
- Coaching & mentoring for processes
- Training & Certification- GB/BB
- Agile readiness- Risk identification & mitigation
- Agile maturity assessment
- Process definition and best fit deployment
- Project manager services
- Training and mentoring services
- Baseline assessment existing vs industry best practice
- Design estimation processes and techniques
- Deployment and continuous improvement process
- Organization performance benchmarking
13. 13
Information Security Mgmt- Detailed Components How we Do
- Risk assessment /Developing mitigation strategy
- Business critical function>Outage & Recovery time
- Developing business/IT disaster recovery plan
- BS 25999 implementation support –BCM tools
- BCM audits and training
-
- Compliance assessment – GAP analysis
- Vendor/ Third party risk assessments
- ISO 27001 advisory (Controls design & Evaluation)
- IS Audit- Risk based/IT security/IT operations/ERP
- IT GRC : Software's, Strategy , framework & roadmap
-
- IAM Visualization- Feasibility/Roadmap/Business case
- IAM solution evaluation-
- IAM prioritization- TCO & Cost benefit analysis
- IAM Execution- Role management/SSO/Access
- Audit, reporting, Training
- Vulnerability & penetration testing
- Static and dynamic analysis (secure code review)
- Security configuration review
- Compliance assessment ( SOX, PCI, HIPAA)
- Remediation plan
Business Continuity
Enterprise Application Security
Identity and Access Management
IS Compliance
14. 14
Information Security Audit- Detailed Components How we Do
- Policy and Procedure Review
Security Operations
Threat Mitigation
Security Technologies
Professional Services
- Active Social Engineering
- Third Party Oversight Review
- System Inventory & Documentation
- Physical/Environmental SecurityReview
- Personnel / IT Staff Training
- Internal Vulnerability assessment
- Host/ Network Diagnostic Review
- Access Control Review
15. 15
IT Assurance - Detailed Components How we Do
- Enterprise Test Strategy
- Test process definition
- Structural code assessment
- Test automation strategy: Tools/ Framework
- Performance Test strategy: Tools
- Security Test strategy: Tools
- Test environment & Data management
- Specialized test strategy
- Tool and product evaluation
- Administration and Management
Consulting & Advisory
Functional/ Support Services
- Requirement management
- Static Analysis/Structural code evaluation
- Unit and integration testing
- Functional testing ( system, integration cycle)
- Performance testing (Load, volume, Stress , tuning)
- Security testing
- Non-functional testing ( OAT, Usability)
- Regression testing
- Test automation
- Environment management- Data, Release, UAT
16. 16
IT Governance - Detailed Components How we Do
Project Portfolio Management
Strategy & Roadmap
Process Re-engineering
Outsourcing Governance
Application Portfolio Rationalization
High Availability –Disaster
Recovery Set up
Dashboards- Predictive Analysis
Migrations-
Extract > Transport > Load
Integrations & Upgrades
Production Support-
Implementation /Maintenance
Performance Management
18. 18
Your Organization
Your Supplier
• We will assist you to ensure your information is secure
• Compliance checks – ISO27001,ITGC,SOX,PCI-DSS and
generic checks
• BCP/DRP solutions
• Long term/Short term goal setting – efficient mitigation*
• Unique reporting – Dashboard based*
• Certification is important but not everything
rather security is
• Check your IT Suppliers to ensure they follow your standards
• Check current implementation of standards (ISO27001…)
• Hand hold mitigation control implementation
• Increase security of your suppliers
• Dashboard view of all your suppliers and their status
• Checks and repeat checks to ensure security controls are
maintained
• Exit Assessments
Dash Board
Long Term
Short Term
Usually 3-4 Weeks depends on Projects
Usually 1-2 Weeks depends on Projects
Non-Compliance
Insider Attack
Manage your Compliance Needs
Compliance related Services
19. 19
Requirements
engineering
Design
Coding
Testing
Rollout
Threat model
InformationClassification
Security inRequirements
Are standards followed?
Howmuch security is enough?
Architecture Security
HOUSTONmethods
HowtoAPI’sinteract
ITPolicy compliant?
Is encryptionis needed?how?
Codereviews done?
Howtohandlebufferoverflow
Developers &Security?
Can thecodeprotect itself?
XSS,SQL Injection,CSRF?
Risks mitigated?Howtohandlebufferoverflow
ProofofConcept intrusion
Dowe have a security test plan throughout?
Does Testing involve security?
Can youconfidentlygotoProduction?
is there a Security Quality Gate Pass?
Phases Doyouwanta SecureRollout?
S (SDLC) – Secure Your Code/Information
Mobile Malware Phishing
ACHFraudInsider Attack
Services on the applications users use
Security in Software Development
21. 21
This is a unique service designed to assess the Cloud Service
Provider platform from an information security risks/threats point
of view.
• Cloud Service Operational/Governance Assessment
(Onsite Interview based): We will check for your cloud
security compliance to well known industry standards including
cloud security alliance.
• Penetration testing of the Cloud Service Provider: This
service would be a intruders perspective on your cloud setup
to see if your customers are protected from different security
risks like espionage, Information theft, customer privacy
exposure, defacements, financial data leakage, Virus/Trojan
insertion, DDoS attacks, etc. Apart from this the report would
also indicate your compliance to different industry standards
like ISO 27001, PCI-DSS, SOX etc.
DDoS Attacks
Fraud
Insider Attack
Dark Cloud
Securing the cloud that you operate on
Cloud Specific Security Services
22. 22
Riskpro Clients Our Clients
*Any trademarks or logos used throughout this presentation are the property of their respective owners
Banking/
Insurance
Corporate
MNC
Banking
Intl
Consulting
IT / Others
23. 23
Team Experiences Our Experiences
Our team members have worked at world class Companies
*Any trademarks or logos used throughout this presentation are the property of their respective owners
24. 24
RESUMES – Our team
Co-Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Over 10 years international experience – 6 years in Bahrain and 4 years USA
15 years exp in risk management consulting and internal audits, Specialization in
Operational Risk, Basel II, Sox and Control design
Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain),
Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
ManojJain
Co- Founder - Riskpro
CA (India), MBA (Netherlands), CIA (USA)
Over 15 years of extensive internal and external audit experience in India and
abroad.
Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young
Kuwait, Deloitte Netherlands and KPMG India.
Worked with clients in a wide variety of industries and countries including trading,
retail and consumer goods, NGO, manufacturing and banking and finance. Major
clients include banks, investment companies, manufacturing organizations,
aviation etc.
RahulBhan
Credentials
25. 25
RESUMES - Our team
Co-Founder - Riskpro
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions
for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems
Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
CasperAbraham
Credentials
Sr Vice President – Risk Management
MBA, PDFM,NSE-NCFM, PMP, CSSGB,ISO 9001:2000 I.A,GARP-FBR, ITILV3,CPP-BPM
Professional with 17 years of rich experience into diverse Consumer finance/ Lending
operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting &
Housing finance in BFSI industry having successfully led key business strategic
engagements across multi-product environment in APAC, Australia and US regions.
Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank
Highly skilled and expert Trainer in Risk areas across Credit, Fraud, Operational, Corporate
Risk management.
Specializes in Fraud Control, AML/KYC Compliance ,QA ,ERM and Regulatory governance.
HemantSeigell
26. 26
RESUMES - Our team
Head - Insurance Risk Advisory services
B.sc, Associate of Indian Institute of Insurance
Licensed Category A Insurance surveyor
26 years of experience in Insurance advisory services, Loss adjusting for large
corporates,Claims management.
Has assessed more than 4500 high value insurance claims across various industry
sectors.
Risk management inspection
Valuations of fixed assets for insurance purpose.
R.Gupta
Credentials
Head - Human Capital Management
Chartered Accountant, Lead Assessor ISO 9000, Six Sigma Trained, Trained on Situational
Leadership, Trained on interviewing skills and Whole Message Model.
Over two decades of international, multi-cultural experience in finance and human resources
viz. internal audit, accounting operations, accounting process review & re-designing, risk
management, business solutioning, six sigma projects, talent acquisition, talent retention,
organization design/redesigning, compensation and appraisal processing, employee and
customer satisfaction surveys, knowledge management and finance services.
Worked with Citicorp/MGF, India Glycol, Delphi, American Express India, American Express
USA, Fidelity International and Macquarie Global Finance Services India.
NileshBhatia
27. 27
RESUMES - Our team
Head Taxation Risk Advisory
B.Com, FCA
Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra
and Mehrotra
Over 19 years of experience in the field of Audit, Taxation, Company law matters.
Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of
India etc.
RajeshJhalani
Credentials
Specialist Risk Consultant – ERP & IT Compliance
SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access
Controls trained (from SAP India)
Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing
on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong,
etc
Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP
Security & Segregation of Duties Control Audit, ERP Trainings,
Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG,
Pharmaceutical, Retail, Telecommunication to IT Services
Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services
GouravLadha
28. 28
RESUMES - Our team Credentials
PhanindraPrakash
Vice President – Riskpro India
FCA [India], ACMA [India], CFE [USA], CertIFRS [UK]
Over 16 years of extensive consulting experience which includes financial & systems audit,
process transformation, implementation of internal controls, SOX compliance, fraud audits
& due diligence, US-India taxation
Engaged in consulting roles as trusted advisor to finance, internal audit and information
technology executives of multiple Fortune 1000 companies with project sites in US,
Canada, Europe & Asia
Worked with E&Y and Deloitte Consulting in USA
Some of the major clients served internationally are GE Capital, UBS, McKesson, Eaton,
Imation, Albertsons,
EVP and Head – Telecom Risk Advisory
M.Tech, IIT Kharagpur, India; IES; Doctoral study, research and teaching in Linkoping
University/Sweden; Lead Auditor (BVQI).
Over 30 years on International experience in networks and mobile Handsets from top
global companies /institutes like ISRO, Ericsson, Nokia, Nokia Siemens Networks and
based mostly in its head quarter locations in India, EU, USA.
Expertise: Setting up capability, behaviour, culture in turning Risk, Quality, Innovation for
competitive advantage, customer delight and sustainability; key skill sets are Engagement,
Handholding, Coaching, Mentoring and lot of best practices, benchmarking/standards like
CMMI, TL9000, Six Sigma, ISO, SAS 70 etc.
AsokSit
29. 29
Vice President & Head – IT Risk Advisory
Over 14+ Years of Experience in Information Security and Risk Management & CISM
certified
Headed the Global Information Security team of Daimler (Mercedes-Benz) Worldwide at
Bangalore for 9 years, previously worked at organization like Wipro, Bangalore Labs
Multi-sector experience including Banking, Insurance, Finance, Energy, Manufacturing,
Retail, Hi-Tech & Telecom, and Automobile
Well known Ethical hacker: Was featured in BusinessWorld Magazine in an article about
leading ethical hackers in India and published several articles in Print and Online Media
Rich experience in Information Security Audits across Corporations, 3rd Party Suppliers, Joint
Ventures across several countries in the world including US, UK, China, Germany
RavikiranBhandariRESUMES – Our Team
30. 30
RESUMES - Our team Credentials
SiddharthaGhosh
Executive Vice President – Riskpro India
CPA (USA), ACA, ACS, Grad CWA (India), MBA (USA), Associate ICPAS (Singapore)
Over 25 years of extensive audit and industry experience which includes 19 years with
Rolls-Royce India Pvt Ltd at New Delhi and its associate and parent companies of Rolls-
Royce in UK, USA and Singapore in all aspects of Finance, Taxation, Audit, Banking, Legal,
Company Secretarial, Statutory compliances and due diligence, Internal Control, ESOP,
Budgets, Cashflows, Forecasts, MIS Reporting, HR, Expatriate & Office Administration,
Payroll, IT, Retirement Funds Administration, Shared Services, Project Accounts, etc.
Worked with Price Waterhouse Coopers for 4 years with reputed MNCs, banks, Indian
corporate houses
Worked with McNally Bharat Engineering Company Ltd for 4 years
PritiTawari
Vice President – Riskpro India
B. Com, ACA, Dip. IFRS
Over 6 years of extensive audit and industry experience in all aspects of Finance, Taxation,
Audit, Legal, Company Secretarial, Statutory compliances and due diligence, Internal
Control, Budgets, Cash flows, Forecasts, MIS Reporting, HR, Expatriate & Office
Administration, Payroll, IT, Project Accounts, etc.
Worked with Price Waterhouse Coopers for 3 years in audit & assurance for reputed
MNCs, Indian corporate houses.
Engage in own practice since 2010 specialize in outsourcing of finance department in mid
size MNCs and consultation in Indirect Taxes and Management Reporting
31. 31
RESUMES - Our team Credentials
ManojKumar
Senior Vice President
CAIIB
20 Years of hard core banking experience in India’s most reputed banks
across wide functional areas.
Worked with Central Bank of India, ICICI Bank, HDFC Bank, and Axis
Bank as Asst Vice President, Cluster Head, and Branch Head.
Areas of expertise are Financial Risk Management, NPA-Credit-Debt
Management, Asset Reconstruction, Project Finance, and others.
Accomplished several achievements in the functional areas of banking.
32. 32
RESUMES - PARTNERSHIPS
Consultant – Information Security & IT Governance
LLB, CA, CISA, CWA, CS, CFE and others
Over 15 years of experience in the field of Audit, Taxation, Investigations.
Specializing in the field of Systems Audit, Cybrex Audit, Computer Crime
Investigations, IS Forensics
International Committee Member of Governmental and Regulatory Agencies
Board and Academic Relations Committee of ISACA, USA
AnjayAgarwal
Consultant – Quality Management
Founder of PMG, a TQM Consulting Co in Delhi
Mechanical Engineer
20+years experience in TQM concepts.
Strong skill set in various productivity & quality improvement projects including
Six Sigma offerings
Past experiences include reputed organizations like Andersen Consulting, Eicher
Consulting & Nathan & Nathan consultants
PiyushKumar
Credentials
33. 33
Specialist Risk Consultant – Business Continuity
Founder and 15-year Chairman of Survive, the first international user group for Business
Continuity professionals
Founding director and first Fellow of the Business Continuity Institute
Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and
Business Continuity and ICT Disaster Recovery Management
Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy,
Manufacturing, Retail, Hi-Tech & Telecom
Western Press Award for services to business, 1994; BCI/CIR nomination for
lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine,
2004, Washington DC.
AndrewHilesRESUMES - PARTNERSHIPS
Specialist Risk Consultant – Enterprise Risk Management
Highly skilled risk and insurance professional with 25 years of experience designing, developing and
implementing large, global corporate risk management programs for Fortune 500 firms.
Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA) Co-founder
and EVP, Professional Services, rPM3 Solutions, LLC (Maryland, USA).
Past experiences include Head of Global Risk Management for USAA, PepsiCo/Tricon Global and
American National Red Cross
Additional risk and insurance experience at Verizon Corp,. Marsh USA and Liberty Mutual Insurance
Co.
2004 Risk Manager of the Year – 2007 recipient of the Alexander Hamilton Award for “Excellence in
ERM” (at USAA) – former President, Risk and Insurance Management Society, Inc.
ChrisE.Mandel
34. 34
Key Contacts
Corporate Mumbai Delhi Bangalore
Riskpro India Ventures (P)
Limited
info@riskpro.in
www.riskpro.in
F 186, Sarita Vihar
New Delhi 110076
Manoj Jain
Director
M- 98337 67114
manoj.jain@riskpro.in
Shriram Gokte
EVP - Risk Management
M- 98209 94063
shriram.gokte@riskpro.in
Sivaramakrishnan
President – Banking & FS
M- 98690 19311
smaran.iyer@riskpro.in
Rahul Bhan
Director
M- 99680 05042
rahul.bhan@riskpro.in
Hemant Seigell
SVP – Risk Management
M- 99536 97905
hemant.seigell@riskpro.in
Casper Abraham
Director
M- 98450 61870
casper.abraham@riskpro.in
Vijayan Govindarajan
EVP – Risk Management
M- 99166 63652
vijayan.govindarajan@riskpro.in
Ravikiran Bhandari VP – IT
Risk Advisory
M- 99001 69562
ravikiran.bhandari@riskpro.in
Ghaziabad / Noida Chennai Kolkata Gurgaon
Siddhartha Ghosh
EVP - Finance
M- 9810058072
Siddhartha.Ghosh@riskpro.in
R Gupta - Insurance Risk
M- 98101 07387
R. Muralidharan
EVP – Risk Management
M- 95660 77326
murali@riskpro.in
Kashi Banerjee
EVP – Risk Management
M- 98304 75375
kashi.banerjee@riskpro.in
Nilesh Bhatia
Head – Human Capital Mgt.
M- 98182 93434
nilesh.bhatia@riskpro.in
Asok Sit
EVP – Telecom Risk Advisory
M- 98105 03463
asok.sit@riskpro.in
Pune Salem Ahmedabad Hyderabad / Agra
M.L. Jain
Principal – Strategy Risk
M- 98220 11987
mljain@riskpro.in
Priti Tawari
M- 9011054085
Chandrasekeran
Recruitment franchisee
M – 94435 99132
Manoj Kumar
M – 98983 65320
Maulik Manakiwala
M – 98256 40046
Gourav Ladha
Phanindra Prakash (Hyderabad)
Member Firm
M- 95500 61616
Alok Kumar Agarwal (Agra)
Member Firm
M- 99971 65253