Revenue Management


The client was a rapidly growing food chain based in a metro city in South India. They are focused on the premium cafe customers who are looking for a/c, beautiful interiors and a South Indian menu.

The rapid expansion throughout India has caused their revenues to drop in 3 successive quarters. Most of the newly opened locations have not broken even after 3 months of operations.

Business Need

The client has done a thorough study on the viability of their shop at each new location so they are confident that the location has potential. The client needs to know what changes to make so that their overall revenue per location is increased.


The initial knee jerk reaction of the client to the current situation was to increase the advertising budget and start localised advertising, such as flyers and local newspaper and TV channels. Our team had to convince the client’s management to pull back on all the advertising spend and evaluate the entire source of revenue before committing to an advertising budget.

From our expertise in the food and retail industries, we selected a range of parameters to collect data. Most of the parameters that we had selected, such as customer age range, frequency, etc. were available with the client. Some of the parameters such as local events, tourism related customers, etc were not available and therefore we had to setup the collection for the same. Most of the analysis pointed to weak product-market fit for the entire range of menu that was presented.


The client was instructed to cut back on all menu items to just the ones that were not present in the locality of each cafe. The remaining items on the menu formed the base framework to understand the taste palate of the local customer. We were quite surprised to see the difference between the menu items from location to location. This cut back was held for a few weeks before offering customers additional menu range as a free sample. All new items were provided free for a couple of months until there were some customers who specifically asked for the new menu item. We recommended this ‘ask’ as a trigger to place the item on the menu permanently.


The results were significant to the client as they did not expect the variation in menu items from location to location. The assumption was that the local cafe from a particular location could thrust the opinion of taste to another geographic region and maintain the revenue. 

The client was aware of the taste requirements at their original location but refused to accept that their taste would not be accepted in its native form to another location. 

Once we had shown the client the cut back menu item and only when a customer ‘asked’ for a new item, the results were rather evident to the client. The revenues bounced back to healthy numbers and they have now become a well known eatery in nearly all their locations.

From Risks to Audits

Risk management and audit management are distinctly separate in terms of personnel involved and the techniques used. Most organisations that have ventured into assessing risks, have found that moving from risk assessment to audit (control and test creation) is quite a daunting task. Conceptually, moving from risk assessment to audits is the ideal and logical step to take, but there has be considerable hesitation from numerous organisations.

The GRC Envelop tool has a risk management module for the enterprise version. Risk registers, associated risks, stakeholders, risk opinions/scoring, risk treatments and many more features are present in the risk module. However, there is no connection between the risk management module and audits module.Why is this left out?

Once there is a decision by the business management as to which risks exist and which are to be assessed, the next step is vague for most of the clients. Here are some of the approaches that have been noticed when we implement GRC Envelop at organisations who have started risk-based auditing:

  • create a new audit and define a “relatively” new set of controls that will assess the risks
  • map the risks to a department or division and create a new set of controls
  • modify existing controls and tests to cover the new risks, but later realise there are control gaps

Over time we have observed two aspects that should help overcome the hesitation while moving from risks to audit creation; first, the understanding that risks are part of a process that exists in the organisation and second, the overlap between existing controls/tests and the new ones has to be taken care of.

Risk as a part of a process

Risks do not exist independently within an organisation.

The recommendation is to attach a risk that needs to be handled, to an existing process. This existing process forms the basis of the risk based audit. Attaching the risk to a process is the most efficient mechanism to track where the risk would fall within the entire organisation.

However, attaching risks directly to a process may not be the ideal situation because risk exists with reference to an objective. A risk is the situation when an objective fails to achieve the desired output of a process. Therefore, attaching the risk to an objective is a much better alternative. This results in the overall structure being: Process (at the top), having numerous objectives, and each objective having numerous risks.

Do keep in mind that risks may span multiple objectives.

Control and test overlap

Though it is true that newly identified risk may need a new set of controls and tests to capture the assurance that business management needs, it is not true that these controls and tests have to be new completely new. Most large organisation have quite stable processes and keeping this assumption means that the newly identified risks may have been implicitly captured in some other control.

Understanding control overlap caused by the newly identified risk is a painful process of weeding out controls and tests that are no longer needed. This also maintains an optimised number of controls and tests for each process (not to mention control owner satisfaction).

Not so easy to find a common path

To conclude, I agree that moving from risk assessment to audit execution is not a straight forward task, but the framework of using the process/objective hierarchy will help ease the transition and help manage the ever growing risk control matrices in large organisations.

One aspect that I’d like to throw in is, the feedback from audit results back to risk assessment, but I think I’ll keep it for another post.

I look forward to your feedback on how you move from risk assessment to audit definition!

Data analysis in Sales and Marketing


The client was a small mutual fund company whose parent company was a medium sized Bank based in Western Europe. As part of a major restructuring and cost reduction, a majority of the internal workforce was reduced at the mutual fund company. The marketing department was almost eliminated and the sales department was reduced by more than 50%.

Business Need

The client needed to show that they still have the ability to grab market share in the tight economy in Europe in 2011. The sales force was strained significantly because of the workforce reduction. The client needed a different strategy to approach the market.


The reduced sales force needed much more quality data to fill the sales pipeline. There was no other alternative. Buying market data sets would lead to large volume of cold calls and turnaround would be very slow.

Based on numerous conversations with the management of the mutual fund company, we found a majority of the board members and operational heads, also reported to the parent Bank. Using this as a key stepping stone to enter the parent Bank we were able to access the customer data of the bank.

We proposed to use the data of all the customers in the parent Bank and map them to the existing clients of the mutual fund company. Using data analytics tools we found potential customers from the parent Bank data that have similar characteristics as those who had bought mutual funds. Using this inference, we were able to rank the potential bank customers who had not yet bought mutual funds.


The results were extremely pleasing to the client. The list of potential customers had a very high propensity to buy mutual funds and in turn the sales team found it very easy and efficient to approach and close new mutual fund accounts

Within a period of 3 months we were able to deliver the entire data set from the parent Bank, rank ordered for potential customers.

There was a 300% increase in new mutual fund account creation for the mutual fund company.

Looking for an Audit management tool at low cost?

When looking for a GRC software, how much would price affect your decision? Would you try a free open source, but reduced feature software?

An interesting comment on the Norman Marks blog asks why you would stick to a fixed set of features rather than look for “á la carte” GRC software. At what “point” would you choose product that covers a fixed feature set over a pick-and-choose approach to software or visa versa?

The GRC Envelop is a risk and audit management tool that is web – based and has risk and audit work flows. To answer the price issue, GRC Envelop tool is available in 2 licences: an open source licence and an enterprise licence. The open source licence is referred to as the community version. The enterprise licence is refer to as the enterprise version. The enterprise version has commercial support and many additional features to help with risk and audits. Please take a look at the feature list to decide which one is better for you.

GRC Envelop tries to blend the price and feature set issue by the classic software design of breaking the tool into modules. For example, the risk management module that can be swapped for another risk management tool, using APIs provided.

Audit and risk management tools are quite common in the enterprise, and they help structure the audit work flow, maintain a common repository of audit/risk related information (such as objectives, risks, controls, and tests) and manage the people around the audit/risk activities. Assuming we look at audit management for now, there are four basic areas for every audit management tool should have:

  1. Creating audits – Title, description, start and end dates are of some of the features that are available while creating an audit. You can also attached work papers to an Audit. While creating an audit, you can create the processes, the objectives, the risks, the controls and the tests. At each of these levels you can attach work papers too.
  2. Managing and executing audits – to manage or execute an Audit, the GRC Envelop tool provides a separate workflow to ensure that auditors can only enter test results and test descriptions. While executing the audit you can create findings and actions. The ability to make control and test assessment is only available in the enterprise version.
  3. Report generation – the main use of this tool is to provide easy report generation at the end of an auditing exercise. report generation template can be modified according to your needs. The community version has only one default report generation template. The enterprise version has the ability to have multiple templates.
  4. User management – Restricting users to their areas is an important task for a tool. The community version has only one user type ( auditor) whereas the enterprise version has 6 user types (Audit manager, auditor, external viewer, internal business user, repository manager and risk manager)

The GRC Envelop provides all these basic areas. Paid support is also available for the community version. The community version has to be downloaded and installed on your machine or server. The enterprise version can be run on your servers or hosted on a public server. Please take a look at the feature list to understand which version will be most suitable for your use. Here are a few questions that we’d like to pose:

  1. Do you think there are other basic areas that was missed out?
  2. How would you define if a audit tool is easy or complex to use (steep learning curve)? The time it takes to learn a tool is one aspect, what else affects complexity?

Let us know in the comments below.

Point a web domain to the server

There are two ways you could point your web domain to our servers:

  • Change name servers (preferred)

  • Set the A/AAAA records

Change name servers

  1. Log into your web domain account.
  2. Look for the link or tab that states manage DNS (Domain Name Service) or manage NS (Name Server)
  3. You will now see a list of settings such as A Records, Hosts, CName (alias), MX (Mail servers), TXT (Text records), SRV (service), NS (Name Servers)
  4. We are looking for the NS (Name Servers) settings. It will look something this:
  5. Name ServersChange the values to the following:
  6. Save your settings and exit from your domain account
  7. Email support or use the contact form so the we can complete the steps from our side.

Set A/AAAA records

  1.  Similar to changing Name servers first you should log into your web domain account.
  2. Look for the link or tab that states manage DNS (Domain Name Service).
  3. You will now see a list of settings such as A Records, Hosts, CName (alias), MX (Mail servers), TXT (Text records), SRV (service), NS (Name Servers)
  4. We are looking for A record or Hosts setting. It is usually the first in the list and would look something like this
  5. A Records

    A Records

  6. Change to value of the field to the value the is mentioned in your email. The value is four numbers separated by a dot. For example (Do NOT use this value but take the one from your email!)
  7. Save your settings and exit from your web domain account.
  8. Email support or use the contact form so the we can complete the steps from our side.

At any point if you get stuck or get confused, we are here to help! Just mail support or use the Contact Us


Here are the details for making payments for you web hosting accounts

  • Indian Rupees (INR) only accepted
  • Please transfer to ICICI Bank via NEFT
  • Add your reference number (from the email you received) with your payment details

Name: Arambankudyil Consultancy Private Limited

Account Number: 626405018655

IFSC: ICICI0006264 (ICICI Edapally Branch)

Do not forget to add your reference number

A basic supplier information sheet

I have been asked numerous times as to what comprises a basic supplier information. What are bare minimum pieces of information that has to be tracked for each supplier that a firm deals with? Here is a small list that I think will help get you started with managing your suppliers.

Description Additional Information
Supplier # Unique Number for each supplier
Name 2  
Name 3  
Name 4  
PO Box  
Postal Code  
Created on  
Created by  
Last Update On  
Bank # Bank number of supplier
SWIFT / BIC Routing number
Bank #2  
Account group  
Customer If Supplier is also a customer
Block Payment Block supplier
Tax Number 1  
Tax Number 2 Some Suppliers have multiple tax numbers
Telephone 1  
Telephone 2  
Fax Number  
Telex number  
Contact Person 1  
Contact Person 2  
Credit Information Identifier  
Transportation zone  
Currency Usual currency amount
Account with supplier This is your account # on the supplier’s system
Advance Payment If this supplier requires advance payment

Uniquely identifying the Unique Identification process

Unique identification for every citizen of India is an ambitious project that is currently underway. The project is carried out by the Unique Identification Authority of India (UIDAI) and the unique identification is called Aadhar. It is my personal opinion that the process of uniquely identifying all Indian citizens (at a National level) is long overdue. Here are some of the finer aspects of UID’s project that are yet to be cleared up.

Obtaining data at a grass root level
Identifying citizens have been done numerous times by a myriad of agencies with in the government such as Income Tax (by creating Permanent Account Numbers) and External Affairs (by providing passports). What lies common to both these agencies is a need that is created for the citizen; to operate a bank account you need a PAN or to travel outside India you need a passport. In the case of UID the need is not clearly attached or maybe not clearly communicated. Hopefully soon all government interactions will require an Aadhar but, I think Aadhar should start at birth (at registering a new born).

Collecting biometric information such as finger prints and iris scans is definitely a leap forward in unique identification. Although codifying biometric information is not that difficult, however finding duplicates is an enormous task. I’m not sure if India has the computing power to find duplicates from the biometric data that is being collected, within a reasonable time frame. This is not to say that duplicate Aadhars will not be found, but for the short-run, it maybe possible to get multiple Aadhars! Watch out

Financial feasibility
A few weeks ago, my company got an enquiry to collect data for the UIDAI. A sub vendor was looking for a company that has the ability to invest resources (people and money) to help UIDAI collect data within a few specified districts. Initially I was shocked to learn that sensitive data collection was being outsourced to private companies. Later I learnt that there are security measures embedded within the data collection that may prevent tampering. Though I shall not question the eligibility of these companies to collect data, I question their ability to collect so much data in a sane and verifiable manner.

Why would these companies need to outsource this function and still maintain the risk of data tampering? My guess would be that these companies would be on priority for further projects, and most of the data cannot be verified by the government unless the citizen complains (who complains about their biometrics?)

Here are some numbers to keep this article interesting: the offer to my company was Rs 22 per registered citizen. Assuming an 8 hour day and around 8-9 minutes per registration (each registration includes, a photo, finger print, retinal / iris scan, document verification and some brief data entry) will result in a revenue of Rs 171600 per month for a single station. To make a nice round figure let’s look at 5 station and the initial expenses as fees and equipment for 5 stations comes to Rs 2154705.

Taking 3 years as depreciation for electronic equipment, and doing some math, the loss is approximately 1.26 lakhs per month! Now, if we work backwards, to break even, we should be able to process each registration under 4.5 minutes. What is the feasibility that the 5 step registration process will be completed at an average of 4.5 minutes? My experience with getting a voter’s ID having 3 steps was nearly 15 minutes! With these numbers there is going to massive cost over runs and selected private companies will have the opportunity to make a killing profit.

Data access and data sharing
According to UIDAI website, the security of data that resides with UIDAI seems to be rather well done. However, having a central data repository is of no use if data is not allowed to be extracted from it! The querying mechanism is not yet clear but the query response to see if an Aadhar is true is just a yes or no. No other data seems to be shared.

So on one hand the biometric data that we provide of ourselves is secure, but it is of no use, other than saying, yes a particular Aadhar number exists. However, if the reverse were true, i.e. if I provide a retinal scan a government agency can pull up my Aadhar number and associated information, then it’s a worthwhile system.

When there is a centralised system about individual information, there are numerous social implications if this system fails. I shall not go into privacy laws, so here are some links for further reading:

Existing Data
What about all the data about individual identity that is already collected, for example, on state ration card, voters ID, LPG connections. How will Aadhar connect all these different databases? Will it be the responsibility of the individual to go and present their Aadhar number to each government agency and update their information? This is definitely going to create a messy situtation!

Overall, I eagerly look forward to my Aadhar number!