Embed Size (px)
Citation preview
Risk, Compliance and Audit
(Cloud based automated solution forCorporate Governance Activities)
About Avantis
Avantis Technologies is an Information Technology firm with offices in Pune & Mumbai (Maharashtra) and Bangalore(Karnataka) with specific focus on developing software(s) to help organizations manage their business issuessystematically.
Currently, Avantis is focusing on providing automated solutions to Large / Mid Sized Corporates to manage their Risk andCompliances (as required under the Companies’ Act 2013).
We also have extensive experience in conducting business process reviews and legal / compliance audits.
Avantis is founded by experienced senior professionals from various backgrounds (including IT and risk management), whohave specialized knowledge in their respective fields and are passionate about providing cutting edge advisory and Risk /Compliance solutions & services.
Avantis’ Founders
Chetan ParanjpeRishi Agrawal(MBA, B. Tech)
Sandeep Agrawal(CA, CISA, M Com)
Sandeep is an experienced risk management professional and has extensive experience in Risk Management.Sandeep is a Chartered Accountant (CA) and Certified Information Systems Auditor (CISA).
Sandeep has previously worked with PricewaterhouseCoopers (PwC) in its Risk Management Practice and was alsoseconded to PwC USA for one year in their Risk Advisory Practice.
Rishi is a senior technology professional with extensive experience in application development & delivery, globalinfrastructure services and data centers. Rishi has done his Masters from Indian Institute of Management,Calcutta (IIM Calcutta) and Engineering from IIT Varanasi. He has also pursued an advanced “LeadershipDevelopment Program” at Wharton School of Business.
Rishi has previously worked with BNY Mellon and last served as Executive Leadership team.
Our Service Offerings
Avantis has extensive experience in providing comprehensive Governance, Risk and Compliance (GRC) managementsolutions. Avantis provides a complete and integrated enterprise GRC platform that consists of:
Avantis’ Legal Compliance System
Avantis’ Risk Management System
Avantis’ Internal Controls Management System
Avantis’ Audit Reporting SystemCorporate
Governance
ERM
InternalControls
AuditManagement
ComplianceManagement
Avantis’ Legal Compliance System (AVACOM)
Compliance Scenario in India
What should be the Solution?
AVACOM providesa Solution!!!
Process Oriented andAutomated
Accountable
Timely Traceable andComplete
Management Reporting
Software Features
Can be created facilitatingus to add / update a newentity at any level:
Group
Legal Entities
Relationship – Parent /Subsidiaries / JV
Locations –Manufacturing, MarketingOffice, Warehouse,Branches
Scalable OrganizationStructure
Defined with a Unique userId and Passwords for eachuser Company Admin
Performer (Personresponsible forCompliance)
Reviewer (ReportingPerson)
Approver (Senior Personresponsible for a location)
Management Role (CEO,CFO, Board Members)
Multiple Roles/Unique user Id andPasswords
Dashboards for each UserProfile with specificfeature on “PerformanceSummary”
Dashboards for SeniorManagement reflecting acomprehensivecompliance position forthe company as a whole
Dashboards
Drilled-downReporting Engine
Canned Reports
Can be accessed anywhereusing Internet and unique Idand Password
Web-basedSoftware
Software Features (Contd.)
Ability to assign multipleroles / multiple locations /multiple compliances to asingle User
Multiple –Roles / Locations /compliances
Reminders for compliancesdue Escalation notifications to
reporting supervisors Change Password
reminders Account created notification
Automated Emailnotifications
Mandatory review ofcompleted compliances bythe Reporting authority andmandatory upload of thecompliance documents
MandatoryReview
DocumentationManagement facilitating acomprehensive databasewith archival and retrievaloptions
DocumentationManagement
Feature assigningperformance parameters foran entity wherein systemautomatically rates anentity / location into“High/Medium/Low”
Compliance Ratings
Internal Compliancefacilitating monitoring oninternal activities which arecurrently tracked manually
InternalCompliance
Supports creation /updates of regulationsand compliances. Comprehensive Database
of Central and State Acts
ComprehensiveFramework
Configure your reminders
Configure thresholdparameters forcompliances
Configurations
Legal Coverage
Covers Direct and IndirectTax Laws like Income Tax,Excise, VAT, CST, Service Tax,Customs, etc.
Finance Acts
Covers Central and StateLabour laws like welfare,salaries, factories, contractlabour compliances, etc.
Human Resource andLabour
Covers EnvironmentProtection Act and alliedrules, Water and Airpollution Act and alliedrules.
Environment, Healthand Safety
Covers compliancesgoverned by CompaniesAct 2013 and allied Rules,SEBI regulations and RBIcompliances
Corporate
Covers specific industryregulated compliances likeFood, Banking, Fertilizers,Chemical, etc.
Regulatory
Covers commercial laws asregulated by the CentralGovernment
Commercial
Covers Foreign ExchangeManagement compliancesand Import-exportCompliances
FEMA and EXIM
Covers Gram Panchayat /local industrial area specificcompliances
Local Laws
Software Screenshot (Management Dashboard)
11
Summary of the complete status of the compliance for a particular Unit
Software Screenshot (Management Dashboard)Summary of Compliance Ratings for each location
Software Screenshot (User Dashboard)
13
Dashboards provides specific “Action Pointers” to Users
Implementation Approach
We adopt the following approach for implementation of the Compliance Software:
Train the employeesabout the Softwareusage
Validate theapplicability of thecompliances inconsultation with theorganization and add /remove the additional /non-applicablecompliances;
Create the Entity andUser Masters in thesoftware (the saidactivity can be done bythe Company’s Adminhimself)
Understand theorganization structureand “Assign” theapplicable compliancesto respectiveemployees
1 2 3 4
Post Implementation Support
We will support the organization continuously for the following:
Periodic intimation ofrevisions / additionsof regulations andtimely updation ofsoftware
Timely support forspecific request interms of reporting andadditional features
Other technical supportwith respect to thesoftware
1 2 3
Avantis’ Risk Management System (AVARMS)
Basic Features
Risk Management Tool is a Cloud based solution which facilitates central risk management system covering thefollowing:
Risk identification Process:Tool provides features like Incident reporting at any level of organization, review and assessment of the incident andcategorization of the same as a Risk. This process facilitates creation of “Inherent Risk Library”
Risk Assessment Process:Facilitates Qualitative assessment of identified risk at “Inherent” and “Residual” level and generates Risk Registersand related control measures against each identified risk.
Risk Monitoring Process:Tools facilitates continuous monitoring of identified risks, validation of the defined control measures andmanagement reporting of the validation testing.
Illustrative Risk Assessment Scale
I5 5 10 15 20 25
M4 4 8 12 16 20
P3 3 6 9 12 15
A2 2 4 6 8 10
C1 1 2 3 4 5
T 0 1 2 3 4 5
P R O B A B I L I T Y
5 Catastrophic Certain
4 High Almost Certain
3 ProbableModerate
2 Low Somewhat
1 Very Low Unlikely
The risk scale and exposure matrix are depicted below:
Scale Impact Probability
Exposure Score Risk RatingUpto 4 Low5 to 10 Moderate
12 to 25 High
Illustrative Heat Maps
Illustrative Comparative Heat Maps
Inherent Exposure Residual Exposure
I5 5 10 15 20 25
M4 4 8 12 16 20
P3 3 6 9 12 15
A2 2 4 6 8 10
C1 1 2 3 4 5
T 0 1 2 3 4 5
P R O B A B I L I T Y
I5 5 10 15 20 25
M4 4 8 12 16 20
P3 3 6 9 12 15
A2 2 4 6 8 10
C1 1 2 3 4 5
T 0 1 2 3 4 5
P R O B A B I L I T Y
Illustrative Risk Assessment Results
Inherent RiskExposure
No. ofRisks
Risk % toTotal
Low 28 35%
Moderate 36 45%
High 16 20%
Total 80 100%
35%
45%
20%
Low
Moderate
High
Functional Area Low Medium High Total
Strategy Planning (STR) 4 3 2 9
Marketing and Sales (MKT) 1 5 - 6
Procurements and Inventory (PUR) 4 4 - 8
Operations – Production, Maintenance and Quality (OPMQ) 5 9 6 20
Human Resource (HRS) - 7 3 10
Finance, Accounting, Costing & Financial Reporting (FIN) 8 3 - 11
Environment, Health and Safety (EHS) 2 2 1 5
Legal & Regulatory Compliance (LRC) 4 - - 4
Information Technology & Systems (ITS) - 3 4 7
Total 28 36 16 80
I5 5 10 15 20 25
M4 4 8 12 16 20
P3 3 6 9 12 15
A2 2 4 6 8 10
C1 1 2 3 4 5
T 0 1 2 3 4 5
P R O B A B I L I T Y
Avantis’ Internal Controls Management System
Internal Financial Controls (Requirements)
Companies Act 2013 casts responsibility to ensure existence and operating effectiveness of InternalFinancial Controls for various stakeholders
Ensure adequacy andoperating effectiveness of
IFC
To comment on adequacyand operating effectiveness
of IFC
Auditors
Audit CommitteeDirectors
Evaluation of internalfinancial controls
InternalFinancialControl
Independent Directors
Satisfy themselves on therobustness of internal
financial controlsframework
Rule 8 [Companies (Accounts) Rules, 2014]“Requires the Board of Directors’ report of all companies tostate in details the adequacy of internal financial controlswith reference to the financial statements”
Rule8
Under Section 143(3)(i), Statutory Auditors are required tomake a statement in their Auditors Report, whether thecompany has adequate IFC system in place and theoperating effectiveness of such controls
Under Section 177(4)(vii), the duties of the AuditCommittee include evaluation of internal financial controls& to make a report to the board
Sec.143
Sec.177
The roles and functions codified in Schedule IV of TheCompanies Act 2013 clearly state that independent directorsshall satisfy themselves on the integrity of financial informationand that financial controls and the systems of risk managementare robust and defensible
Sch.IV
Implications for Non Compliance: <INR 5 Lacs on Company; <INR 1 Lacs on Officers; <1 year imprisonment
Basic Features
Internal Controls Management Tool is a Cloud based solution which facilitates the following:
Risk Registers:Tool facilitates creation of Entity-wise / location-wise / process-wise Risk Registers.
Risk and Control Matrix:Existing control activities can be defined against each business process risk to facilitate creation of a detailed “Riskand Control Matrix”.
Continuous Testing and Reporting:Facilitates updation of sample testing templates within the system and assignment of testing responsibilities. Also,provides a Summarized / Detailed Testing results at all level.
Illustrative Risk Registers
Illustrative Screen for Control Testing
Illustrative Screen for Control Testing
Illustrative Screen for Testing Review
Avantis’ Audit Management Tool
Basic Features
Audit Management Tools automates the entire internal audit life cycle by a systematic, disciplined and a uniform process forinternal audit management. The tool provides the following features:
Audit Planning Audit Scheduling Creation / upload of Audit Programs Creation of detailed Working Papers for the audit conducted Workflows for submission of work done to the reviewer with multiple stages (Execution / Review / Discussed /
Closed) and also facility to update review comments and responses Workflows for submission of reviewed work to be submitted to the Audittee for review and management comments,
action plan and timelines Standardized Audit Reports Location Rating based on pre-defined parameters.
Technology Overview
Multi-tenant SAS based CloudApplication
On-premises installation
Product can be installedand leveraged in twoways:
ASP.NET,
ASP.NET Routing
Entity Framework,
Ajax,
jQuery,
LINQ
SQL Server 2008 R2,
IIS web server
Architected and Built on MicrosoftPlatform, leveraging the mostcurrent technology stack
Application is distributed in a 3Layer architecture(Presentation layer, Data layerand Business Logic layer)
Architecture Overview
Technology Overview - Security
Product has been designedfor the highest levels of datasecurity:
All confidential information is stored inencrypted format in the database
All the attachments (uploadeddocuments) are stored on the server inencrypted format
ASP.Net routing is used to cleanlydecouple URLs from Web Page file namesto create clean SEO friendly URLs
Cloud based SAS solution is secure withSSL certificates
Information and data is passed betweenpages in secure and encrypted manner
Database recovery mode in SQL server isset as Full Recovery Mode
Auto-Back up of database is configuredat a regular interval
In on premise installation, back up canbe configured based on the firm’spolicies
Disaster Recovery
Product can be installed andconfigured in high availabilitymode
High Availability
Credentials
Siddheshwar Industries(3 Manufacturing Plants in Maharashtra)
FS Curtis(2 Manufacturing locations in
Maharashtra & Karnataka)
Treo Engineering(18 Centres across India)
Fine Group(5 Entities and 7 Locations in Maharashtra)
Excel Industries Limited(3 Manufacturing Plants and Mumbai Office)
Credila Financial Services Pvt Ltd(Offices across 9 States)
Gadre Marine Exports(3 Entities & 4 Manufacturing Plants inMaharashtra, Gujarat and Karnataka)
Magneti Marelli Motherson Auto Systems Ltd.(3 Manufacturing Plants across
Maharashtra, Gujarat and Noida)
KRSNAA Diagnostics(30 Locations across India)
Bramha Builders(Multiple legal Entities in Maharashtra)
Le Meridian Hotels(3 Locations in Maharashtra)
Bluefin Corporation India
(IT Company in Pune)
THANK YOU
