Overview
Risk management is the science and art of balancing danger and opportunity, the challenge faced by businesses is to pursue the opportunity while minimizing or controlling the dangers associated. To be able to manage risks it is important to first identify the risk scenario and assess the ‘amount’ of risk faced by the business; once the risk has been identified and measured it needs to be ‘treated’ or ‘mitigated’ to acceptable levels.
Assessment of risk is usually accomplished by qualitative analysis as it is difficult to quantify the asset beyond its intrinsic price, unfortunately qualitative analysis has a drawback as it is more subjective in nature. To minimize the subjectivity in assessment and improve consistency a risk management framework is essential.
Why Aujas?
We assist organizations develop risk management framework that are standards based (COSO ERM, NIST 800.30, ISO27005) and simple enough to be accepted and used by the business. We also assist organizations link compliance requirements with the risk treatment options to build an integrated risk and compliance framework.
These integrated frameworks provide the ability to the organization to make ‘risk intelligent’ control decisions, thus helping them provide assurance to the business on the choice or controls and control implementation. We believe that for effective implementation of the risk management framework within the organization, strong awareness has to be built into the teams across the business and our implementation service ensures that we address this need.
Services we offer
Aujas assists you to develop a comprehensive risk assessment & treatment framework that supports all information, processes, information technology assets, vendors, etc. Our holistic but modular approach allows you to leverage our services; either in an end-to-end or modular manner; to design, to transform and to sustain risk management.
Strategy and Design
During this phase, we assess your risk management strategy, policy, process, compliance requirements. We analyze your risk identification, ranking, rating mechanisms and the operational processes around it such as who performs risk management, who approves risk decisions, etc. Based on an assessment a holistic risk management framework is developed that rating, ranking, assessment, treatment and acceptance processes; the framework also outlines how risk management will be carried out and includes education sessions for the ‘risk SPOC/champions’.
Implementation and sustenance
We assist you in deploying the risk management framework, this is usually achieved by training the risk SPOC or champions, designing the risk management templates, customizing the rating and ranking mechanism to address various types of assets. We also provide project management and technical implementation (in case GRC tools are put in place) skills to effective implementation as per the design criteria. We also assist with ongoing management of the framework by lending our skills to project manage the periodic assessments and make appropriate treatment decisions.
Success Stories
Aujas provides Managed Information Risk services for Leading Asian Payment Solutions company
The client had challenges managing multiple compliances including PCI DSS, ISO27001 based ISMS and other client security policies. Aujas assisted the client by creating an integrated compliance framework and managing the same on an ongoing basis. The integrated framework helped the client with effective on-going compliance management, effective risk management, reduced time for client audits with monthly dashboard and reporting to management.
Aujas helps a leading European Financial company implement COBIT
The client wanted an alignment to COBIT control objectives as per global corporate policies and wanted to create IT policy and an effective design of Disaster Recovery plan. Aujas conducted Gap assessment of existing IT and Information Security policies against COBIT control objectives and then designed the IT & IS policies and standard operating procedures based on COBIT controls. This helped the client align their information security and business continuity management program to COBIT 4.1 best practices and gave them the ability to manage information security and business continuity in a structured and sustained manner.
Aujas defines the Risk management framework for Leading Telecom company in Japan
The client wanted to assess the existing ISO27001 specific Risk Management Process and to improve and expand the Risk Management Process to address enterprise wide framework. Aujas conducted an enterprise wide gap assessment to understand the existing risk management framework vi-a-vis the expectations and identified gaps and improvement areas in the framework. The process was benchmarked to International risk management best practices (aligned to COSO, ISO31000) with an Integrated a Control database containing four compliance requirements. (COBIT, ISO27001, ITILv3 & Japanese Personal Information Privacy Act). The client was now compliant with multiple requirements and allowed traceability between Risk and control decisions.