Risk Quotient Implementation Approach
Our experienced lead consultants will help you implement the Risk Quotient Enterprise Risk Management solution using a well defined roadmap.

Click here to download the roadmap   

When you entrust us with the assignment, we will deploy our full array of proprietary resources at your service as described below:

• Risk Quotient Implementation Methodology
• Risk Quotient Enterprise Risk Management software tool
• Risk Quotient Knowledge Engine
• Risk Quotient UK Centre of Excellence

Risk Quotient Implementation Methodology

Our consultants will use the proprietary implementation methodology to provide mutual assurance that the services meet baseline quality standards, which comprise:

• Division of the project into distinct work-streams
• Key deliverables by work-streams
• Activity sheets for our consultants to provide assurance consistency of solution delivery
• Stage Gate Reviews at the end of each work-stream conducted by our lead consultant with your participation to provide transparency of progress, share lessons learnt and provide clearance to proceed to the next stage of the implementation

Click here to view the Implementation Methodology   

Risk Quotient Enterprise Risk Management software tool

The web based software tool is a key enabler which sustains the risk management process in your organization. It comprises the following features:

• Centralised Web Based Repository of Risks and Risk Mitigations in one user-friendly location
• Senior Management can display web based 'Risk Heat Maps'
• Risk Owners can click on their own personalized 'My Risks' web page to track risks for which they are accountable
• Control Operators can click on their own personalized 'My Controls' web page to track controls for which they are responsible
• Our web based solution contains an 'Alert Assistant' which sends automated email reminders to Control Operators at defined frequencies and escalates actions not taken
• The 'Controls Monitoring Dashboard' provides transparency to management on results of controls operation with drill down functionality

Risk Quotient Knowledge Engine

This comprises a pre-defined pick list of risks and controls for certain areas e.g. Typical Board level risks and controls or Typical Record to Report financial risks and controls.

This offers the following value to your organisation:

• Reduces implementation cycle time
• Identifies 'missed' risks
• Learns from experience by allowing your Risk Owners to add risks based on actual experience e.g. based on fraud or 'near misses' in real life

Risk Quotient UK Centre of Excellence

Every deployment team at Risk Quotient has access to advice and guidance at no extra charge from the 'UK Centre of Excellence' comprising:

• Rakesh Dighe

The Promoter and his network of specialist associates are available to provide value added services to clients if required e.g. review of risk management process within the context of your organisation's overall corporate governance framework.

Information Management Risk Assurance

Today, most businesses are dependent on the confidentiality, security and availability of their information assets. Therefore, businesses invest significant resources to setup and maintain a strong and reliable information technology (IT) infrastructure that effectively manages and mitigates key risks. This activity is becoming increasingly complex and many companies fail to obtain a full understanding of their organizations’ Information Management risks to address them adequately.

Businesses face a significant challenge due to the fast pace of IT change, regulatory pressures and increasing dependency on business critical information. They need a broad approach to information risk management and controls that identifies and mitigates risk and improves overall business performance.

Key Information Management Issues Faced By Businesses:

• Does information management properly identify and control the technology risks within your organization?
• Does Internal Audit team have the credibility and the capabilities to deliver required assurance to the key stakeholders?
• Is the impact of the information management risks on the organization fully understood?
• Does the organization feel the need to re-implement application controls in Enterprise Resource Planning systems (such as SAP and Oracle) to ensure that risks are identified and addressed?
• Do the projects undertaken by the organization include complex outsourcing arrangements and therefore assurance is required that key risks are identified, measured and managed effectively?
• Has the organization suffered a recent embarrassing lapse in security or become more sensitive to IT security issues?
• Is poor data quality impacting the effectiveness of your processes and decision-making?

How We Can Help Your Business :

We can help you design and implement Information Management risk and control solutions that protect vital business information and reduce compliance costs.

We provide support by:

• Identifying information management risks and understanding their impact on your business objectives
• Helping businesses by providing them with fresh perspectives on how to integrate its approach to governance, regulation and compliance
• Setting up a robust risk assessment and information management framework to manage information risks,
• Assisting your business in controls optimization
• Analyzing the ERP and business systems in use to provide assurance on governance, implementation, data migration and overall alignment with business objectives
• Reviewing the existing software application controls and make changes if necessary
• Protecting information technology assets against external viruses, cyber terrorism and other malicious attacks and internal security threats
  Areas of focus

Areas of focus

ERP Application Controls and Security

ERP Implementations re-engineer business processes and replace existing business processes with new ways of working. This has an impact on ‘tried and tested’ legacy control frameworks, as they now need to be replaced with new ‘fit for purpose’ risk based control frameworks.

Our specialist ERP Application Control and Security specialists can help you analyse your new ERP enabled business processes to design a fit for purpose control framework. We can also help you design, build, test, implement, embed and sustain the controls framework after system go live.

An ERP risk based control framework would typically include the following key elements:

• Segregation of duties rules built into the ERP Security Architecture
• Segregation of duties monitoring tools
• Application controls or system-enabled controls built into ERP business process applications, which are intended to enforce specific activites
• Pre and post implementation controls reviews
• Post implementation controls ‘anchoring’ programs where the newly implemented ERP processes are not working

Information Technology Infrastructure Security Assurance Services

The information technology infrastructure of any organization can be divided into three levels:

1. Network Level – It is the ‘peripheral level’ of any organization’s information technology Infrastructure and consists of hubs, routers, firewalls, switches etc.
2. System Level – It is the ‘middle level’ and consists of anti spyware, antivirus, Operating System patches, authentication etc.
3. Application Level - It is the inner most layer and consists of various applications. These applications may be for internal use in an organization or could be used by customers, employees and are visible on internet and accessible to all.

We provide the following technical ‘risk assurance services’ covering information technology infrastructures in collaboration with our strategic partners:

• Vulnerability Assessment and Penetration Testing
• Network Security Architecture Review and Design
• Application Security Testing
• Wireless Security Audit
• Computer Forensics
• Desktop Audits

Contact

Please contact us at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it