governance, risk & compliance management solution
TRANSCRIPT
EMPOWERING BUSINESSES
Governance, Risk & Compliance Management
Solution
World Demands Increased Regulatory Scrutiny
Escalating Frauds
Why Regulatory Scrutiny? EMPOWERING BUSINESSES
2
Governance
ComplianceRisk
Culture
• Goals• Policies & standards• Policy Life Cycle Management
• Risk Assessment• Risk Scores• Risk Monitoring & Analysis• Risk Mitigation
Risk
• Self Assessments• Technical Controls• Business Process controls• Integrated Compliance Scores
Compliance
• Educate & Promote trust, integrity & accountability within organization
Culture
Governance
Governance – Risk – Compliance EMPOWERING BUSINESSES
3
• GRC seen in isolation from the primary business processes & decision making
• Difficult to make Infrastructure & Processes conducive for
effective risk management moves
• Lack of importance & attention to GRC in the restructuring of the processes & performance improvement
What are the Organizational Challenges? EMPOWERING BUSINESSES
4
ConsequencesFacts • Managed in Silos
• Lacks Proactive Approach
• Inconsistent Approach
• Disintegrated from decision making & core processes
• Humans as Middleware
• Insufficient IT Assets to support GRC requirements
• Lack of Information Quality
• Intensified Risk
• Increased Complexity
• Less Reliability resulting in lower confidence
• Higher Cost
Current State of GRC EMPOWERING BUSINESSES
5
Chief Compliance Officer (CCO) Chief Risk Officer (CRO) CIO
Efficient & Consistent Processes
Fees Reduction via reduced compliance violations
Better Planning of Compliance Management Resources
Identifying and implementing optimal detective & preventive controls
Reduction – total GRC Cost
Timely Notifications – issues & violations
Accessible Information – Financial Results, Compliance & Audit
Balancing the range of enterprise risks
Evaluation of Business Requirements
Evaluation of Technical Risk Capabilities
Reduction of Risk Exposure Cost
Reduction of Mitigation or Acceptance Cost
Ensuring Secure & Auditable information
GRC information Management Automation
Work towards single internal GRC Solution
Implementation of IT platform for GRC
CEO
Enterprise-Wide Responsibility
CFO/VP of Finance
GRC Management Challenges EMPOWERING BUSINESSES
6
U.S.
Germany
Japan
U.K.
France
China
Canada
India
SOX JSOX FDA Basel II EU Directives HIPAA GLBA …
Various Compliances
Across Countries
Engineering
Purchasing
Sales
Marketing
Manufacturing
Finance
Services
Customers
Across Functions
Devices, Apps, Servers & Data Sources
IT Governance
Records Retention
Financial Reporting Compliance
Market Risk Management
Legal Discovery
Audit Management
Data Privacy
Strategic Alignment
Credit Risk Management
Work Force Governance
Operational Risk Management
Service Level Compliance
Supply Chain Traceability
Global GRC Map EMPOWERING BUSINESSES
7
Basic GRC
• Manual Processes
• Weak Governance
• Minimal Adoption of IT
Rationalized GRC
• Compliance Programs
• Common Survey & Evidence Collection Processes
• Risk Management in Silos
• High Cost of GRC Programs
Optimized GRC
• GRC programs managed holistically
• Business & IT alignment
• All IT Management processes supported
• GRC analysis from IT monitoring & management apps & systems
• Reliance Control Tests for Risk Analysis
• Acceptable Levels of Risk Management
GRC – From manual, silo’d processes to fully
integrated approach
GRC Maturity Model EMPOWERING BUSINESSES
8
HRRisk Management
Capital Management/Basel II/Solvency II/BI
Learning Management
Internal Controls & SOX
Enterprise Content Management
COBIT:Security, Identity & Data Management
Actions
RCSAProcess Mapping
Economic CapitalDashboards RAPM
Documentation
Records Management Legal Discovery Change Management
Loss
KRI / KCI
Encryption Audit Segregation of Duties Identity Mgmt
Data WarehousingMaster Data
Financial Control & Reporting
Core Financials Budgeting & Planning BI
Market ALMOperationalCredit
Workflow Management
Monitoring & Compliance
AML KYC/CDD MiFIDFraud
Integrated Risk & Compliance Framework EMPOWERING BUSINESSES
9
Solutions
Oracle GRC Manager
MetricStream Enterprise Compliance Platform
OpenPages
Archer SmartSuite Framework
Axentis GRCplatform
BWise suite
ARIS Solution
Cura Enterprise
Capabilities
Installation
Configuration
Customization
Consulting
Upgradation
YES
Off-The-Shelf Solutions & Rishabh Capabilities EMPOWERING BUSINESSES
10
Our Service Lines
Implementation Services Complete Life-Cycle Re-implementation Services Implementation of new additional
functionality in core Systems Implementation of new solutions Localization Implementation Implementation of Industry Specific
Solutions Roll-out services
Implementation Services Complete Life-Cycle Re-implementation Services Implementation of new additional
functionality in core Systems Implementation of new solutions Localization Implementation Implementation of Industry Specific
Solutions Roll-out services
Upgrade / Migration Technical Upgrade Upgrade of existing solution with new
functionality implementation Migration Services Upgrade of New Dimension Solutions
Upgrade / Migration Technical Upgrade Upgrade of existing solution with new
functionality implementation Migration Services Upgrade of New Dimension Solutions
ISV services Industry Specific Solution
Development Component Development for
specific functionality Localization Development Solution Development on other
technologies and integration with other Packages
Portal Development
ISV services Industry Specific Solution
Development Component Development for
specific functionality Localization Development Solution Development on other
technologies and integration with other Packages
Portal DevelopmentHosting Services Hosting of solution Installations with
complete application maintenance
Hosting Services Hosting of solution Installations with
complete application maintenance
Application Management Services Complete Application Maintenance Services Basis Management Services Programming Support Application Functional Support
Audit Services Technical System Audit & Recommendations Process Audit & Recommendations
Integration Services Integration of multiple GRC systems Integration of GRC and non-GRC systemsProfessional Services
Providing GRC Professionals
Training Services Corporate Training
Training Services Corporate Training
Governance, Risk & Compliance Implementation of Sarbane-Oxley Act, Basel II, FDA
compliance etc.
EMPOWERING BUSINESSES
11
Dashboards – Enterprise Visibility to GRC InformationEMPOWERING BUSINESSES
12
Rishabh AML Architecture EMPOWERING BUSINESSES
13
On-site Delivery
Client
Team Leader
Project Manager
Stake Holders
Client Team
Product Manager
Project Head
NetMeeting Video Conferencing
VoIP Calls Periodic Visits
E-MailMessengers
GRC Solution Manager, Enterprise Project Management
Knowledge Management
Communication Tools
Project Management Tools
Off-shore Delivery
Distributed Delivery Framework
Global Delivery Framework Global Delivery Framework
Rishabh
Delivery Team
Activities Conducted
• Project Planning• Infrastructure• Blue-Print• Configuration• Integration /
Interfaces
ProjectManager
QA Manager
Off-shore Delivery Head
Development Center in India
Delivery Team
Activities Conducted
• Integration• Designing /
Development• Testing• Training Collateral
Preparation
Weekly Status Report Daily Review Session
Monthly Status ReportMilestone Delivery Report
Exception Report
Status ReportingTeam Leader
• Testing• Training• Go-Live Planning• Data Migration• Change Request
Management
• Change Request Management
• Support – L2 / L3 calls
QATeam
Global Delivery Model EMPOWERING BUSINESSES
14
Joint Management Council
Program Steering Committee
Operation Committee
Program Management Office
ClientClient
Program ManagerProject Managers
Program Manager Key Project Staff
Program Manager PMO Representative
Program ManagerProject Managers
Program Manager Business Stakeholders Program Manager
Engagement Manager
ExecSponsor
EngagementManager
Exec Sponsor
Program Manager
Meets on a weekly –basis for program status review
Meets on a quarterly-basisfor budget & contract reviews
Meets on a quarterly-basisto review program effectiveness w.r.t. Company’s goals & objectives
Meets on a monthly-basisfor overall program
progress review
Rishabh SoftRishabh Soft
Governance Structure EMPOWERING BUSINESSES
15
• Organizations must focus towards an integrated approach to manage GRC
• Internal Audits provide high quality information & helps management with regulatory compliance
• Owning to GRC’s broad & pervasive impact & implications, it will continue to be a significant driver for investments in upcoming years
Closing Thoughts EMPOWERING BUSINESSES
16
Business Queries
306/311, 3rd Floor, Gajanan Complex, Old Padra Road, Vadodara 390 020, Gujarat, INDIA
Tel: +91-265-2326267, 2326268, 2313056 | Fax: +91-265-2334644US Ph: +1-201-484-7302 | UK Ph: +44-0207 993 8162
Web: www.rishabhsoft.com | Email: [email protected]
Thank You