Governance, Risk & Compliance Management Solution

EMPOWERING BUSINESSES

Governance, Risk & Compliance Management

Solution

World Demands Increased Regulatory Scrutiny

Escalating Frauds

Why Regulatory Scrutiny? EMPOWERING BUSINESSES

2

Governance

ComplianceRisk

Culture

• Goals• Policies & standards• Policy Life Cycle Management

• Risk Assessment• Risk Scores• Risk Monitoring & Analysis• Risk Mitigation

Risk

• Self Assessments• Technical Controls• Business Process controls• Integrated Compliance Scores

Compliance

• Educate & Promote trust, integrity & accountability within organization

Culture

Governance

Governance – Risk – Compliance EMPOWERING BUSINESSES

3

• GRC seen in isolation from the primary business processes & decision making

• Difficult to make Infrastructure & Processes conducive for

effective risk management moves

• Lack of importance & attention to GRC in the restructuring of the processes & performance improvement

What are the Organizational Challenges? EMPOWERING BUSINESSES

4

ConsequencesFacts • Managed in Silos

• Lacks Proactive Approach

• Inconsistent Approach

• Disintegrated from decision making & core processes

• Humans as Middleware

• Insufficient IT Assets to support GRC requirements

• Lack of Information Quality

• Intensified Risk

• Increased Complexity

• Less Reliability resulting in lower confidence

• Higher Cost

Current State of GRC EMPOWERING BUSINESSES

5

Chief Compliance Officer (CCO) Chief Risk Officer (CRO) CIO

Efficient & Consistent Processes

Fees Reduction via reduced compliance violations

Better Planning of Compliance Management Resources

Identifying and implementing optimal detective & preventive controls

Reduction – total GRC Cost

Timely Notifications – issues & violations

Accessible Information – Financial Results, Compliance & Audit

Balancing the range of enterprise risks

Evaluation of Business Requirements

Evaluation of Technical Risk Capabilities

Reduction of Risk Exposure Cost

Reduction of Mitigation or Acceptance Cost

Ensuring Secure & Auditable information

GRC information Management Automation

Work towards single internal GRC Solution

Implementation of IT platform for GRC

CEO

Enterprise-Wide Responsibility

CFO/VP of Finance

GRC Management Challenges EMPOWERING BUSINESSES

6

U.S.

Germany

Japan

U.K.

France

China

Canada

India

SOX JSOX FDA Basel II EU Directives HIPAA GLBA …

Various Compliances

Across Countries

Engineering

Purchasing

Sales

Marketing

Manufacturing

Finance

Services

Customers

Across Functions

Devices, Apps, Servers & Data Sources

IT Governance

Records Retention

Financial Reporting Compliance

Market Risk Management

Legal Discovery

Audit Management

Data Privacy

Strategic Alignment

Credit Risk Management

Work Force Governance

Operational Risk Management

Service Level Compliance

Supply Chain Traceability

Global GRC Map EMPOWERING BUSINESSES

7

Basic GRC

• Manual Processes

• Weak Governance

• Minimal Adoption of IT

Rationalized GRC

• Compliance Programs

• Common Survey & Evidence Collection Processes

• Risk Management in Silos

• High Cost of GRC Programs

Optimized GRC

• GRC programs managed holistically

• Business & IT alignment

• All IT Management processes supported

• GRC analysis from IT monitoring & management apps & systems

• Reliance Control Tests for Risk Analysis

• Acceptable Levels of Risk Management

GRC – From manual, silo’d processes to fully

integrated approach

GRC Maturity Model EMPOWERING BUSINESSES

8

HRRisk Management

Capital Management/Basel II/Solvency II/BI

Learning Management

Internal Controls & SOX

Enterprise Content Management

COBIT:Security, Identity & Data Management

Actions

RCSAProcess Mapping

Economic CapitalDashboards RAPM

Documentation

Records Management Legal Discovery Change Management

Loss

KRI / KCI

Encryption Audit Segregation of Duties Identity Mgmt

Data WarehousingMaster Data

Financial Control & Reporting

Core Financials Budgeting & Planning BI

Market ALMOperationalCredit

Workflow Management

Monitoring & Compliance

AML KYC/CDD MiFIDFraud

Integrated Risk & Compliance Framework EMPOWERING BUSINESSES

9

Solutions

Oracle GRC Manager

MetricStream Enterprise Compliance Platform

OpenPages

Archer SmartSuite Framework

Axentis GRCplatform

BWise suite

ARIS Solution

Cura Enterprise

Capabilities

Installation

Configuration

Customization

Consulting

Upgradation

YES

Off-The-Shelf Solutions & Rishabh Capabilities EMPOWERING BUSINESSES

10

Our Service Lines

Implementation Services Complete Life-Cycle Re-implementation Services Implementation of new additional

functionality in core Systems Implementation of new solutions Localization Implementation Implementation of Industry Specific

Solutions Roll-out services

Implementation Services Complete Life-Cycle Re-implementation Services Implementation of new additional

functionality in core Systems Implementation of new solutions Localization Implementation Implementation of Industry Specific

Solutions Roll-out services

Upgrade / Migration Technical Upgrade Upgrade of existing solution with new

functionality implementation Migration Services Upgrade of New Dimension Solutions

Upgrade / Migration Technical Upgrade Upgrade of existing solution with new

functionality implementation Migration Services Upgrade of New Dimension Solutions

ISV services Industry Specific Solution

Development Component Development for

specific functionality Localization Development Solution Development on other

technologies and integration with other Packages

Portal Development

ISV services Industry Specific Solution

Development Component Development for

specific functionality Localization Development Solution Development on other

technologies and integration with other Packages

Portal DevelopmentHosting Services Hosting of solution Installations with

complete application maintenance

Hosting Services Hosting of solution Installations with

complete application maintenance

Application Management Services Complete Application Maintenance Services Basis Management Services Programming Support Application Functional Support

Audit Services Technical System Audit & Recommendations Process Audit & Recommendations

Integration Services Integration of multiple GRC systems Integration of GRC and non-GRC systemsProfessional Services

Providing GRC Professionals

Training Services Corporate Training

Training Services Corporate Training

Governance, Risk & Compliance Implementation of Sarbane-Oxley Act, Basel II, FDA

compliance etc.

EMPOWERING BUSINESSES

11

Dashboards – Enterprise Visibility to GRC InformationEMPOWERING BUSINESSES

12

Rishabh AML Architecture EMPOWERING BUSINESSES

13

On-site Delivery

Client

Team Leader

Project Manager

Stake Holders

Client Team

Product Manager

Project Head

NetMeeting Video Conferencing

VoIP Calls Periodic Visits

E-MailMessengers

GRC Solution Manager, Enterprise Project Management

Knowledge Management

Communication Tools

Project Management Tools

Off-shore Delivery

Distributed Delivery Framework

Global Delivery Framework Global Delivery Framework

Rishabh

Delivery Team

Activities Conducted

• Project Planning• Infrastructure• Blue-Print• Configuration• Integration /

Interfaces

ProjectManager

QA Manager

Off-shore Delivery Head

Development Center in India

Delivery Team

Activities Conducted

• Integration• Designing /

Development• Testing• Training Collateral

Preparation

Weekly Status Report Daily Review Session

Monthly Status ReportMilestone Delivery Report

Exception Report

Status ReportingTeam Leader

• Testing• Training• Go-Live Planning• Data Migration• Change Request

Management

• Change Request Management

• Support – L2 / L3 calls

QATeam

Global Delivery Model EMPOWERING BUSINESSES

14

Joint Management Council

Program Steering Committee

Operation Committee

Program Management Office

ClientClient

Program ManagerProject Managers

Program Manager Key Project Staff

Program Manager PMO Representative

Program ManagerProject Managers

Program Manager Business Stakeholders Program Manager

Engagement Manager

ExecSponsor

EngagementManager

Exec Sponsor

Program Manager

Meets on a weekly –basis for program status review

Meets on a quarterly-basisfor budget & contract reviews

Meets on a quarterly-basisto review program effectiveness w.r.t. Company’s goals & objectives

Meets on a monthly-basisfor overall program

progress review

Rishabh SoftRishabh Soft

Governance Structure EMPOWERING BUSINESSES

15

• Organizations must focus towards an integrated approach to manage GRC

• Internal Audits provide high quality information & helps management with regulatory compliance

• Owning to GRC’s broad & pervasive impact & implications, it will continue to be a significant driver for investments in upcoming years

Closing Thoughts EMPOWERING BUSINESSES

16

Business Queries

306/311, 3rd Floor, Gajanan Complex, Old Padra Road, Vadodara 390 020, Gujarat, INDIA

Tel: +91-265-2326267, 2326268, 2313056 | Fax: +91-265-2334644US Ph: +1-201-484-7302 | UK Ph: +44-0207 993 8162

Web: www.rishabhsoft.com | Email: [email protected]

Thank You