SlideShare ist ein Scribd-Unternehmen logo

Project report disa course

D
Dinesh Bhutra, Chartered Accountant

Iindependent assurance:  On the security and usage of the technology  On protection of the IPR (Intellectual Property Rights) of AMG including Assets  That access to such provided assets (hardware, software, manuals, media, etc.) of AMG used at the AMG labs at DLF in Bangalore are adequately secured (physically and logically) from unauthorised and inappropriate use through adequate and appropriate physical, environmental and logical access controls

Daten & Analysen
1 von 29
Downloaden Sie, um offline zu lesen
CERTIFICATE Project Report of DISA 2.0 Course This is to certify that, we have successfully completed the DISA 2.0 course training conducted at: Hotel Woodland Retreat, Next to Hotel Tip Top Plaza, Opp. Raheja Garden, LBS Road, Thane (W), Batch Id- THA1708091 from 05th August, 2017 to 03rd September, 2017, and we have the required attendance. We are submitting the Project titled: Audit of Outsourced Software Development We hereby confirm that we have adhered to the guidelines issued by CIT, ICAI for the project. Also, certify that this project report is our original work and we have prepared this project. We have not shared the project details or taken help in preparing project report from anyone. Sr. No. Name DISA No. Signature 1 CA. Dinesh Bhutra 51262 2 CA. Gauri Sovani 52027 3 CA. Gopal Danee 52463 Place: Mumbai Date: 16th September, 2017
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 2 16th September, 2017 To, The Management, AMG Software, India / USA Subject: Submission of Audit & Assurance Report Dear Sir/Madam, We are pleased to attach herewith the Audit & Assurance Report carried out at DLF, India premises in accordance to our audit engagement letter 31st July, 2017 with AMG Software. We thank the entire management team and staff for the co-operation extended during the course of audit. We would be pleased to clarify any pertinent aspect. With Best Regards, Abraham & Associates, Chartered Accountants Place: Bangalore
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 3 Project Report of DISA 2.0 Course Audit of Outsourced Software Development
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 4 Table of Contents Page No. A. Introduction 4 B. Brief on Project 5 C. Data & Details Provided 6 D. Scope of Assignment 7 E. Audit Methodology & Strategy 8 F. Risk Classification Criteria 9 G. Observation Classification Criteria 10 H. Organisation Structure 11 I. Documents Reviewed 12 J. Tests Performed 13 K. Audit & Assurance Report 14 1. Executive Summary 2. Detailed Audit Findings L. References 24 M.Disclaimer & Limitations 25
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 5 A. Introduction About the Client: AMG Software is the world's leading provider of management solutions that ensure the availability, performance, and recovery of business-critical applications. AMG calls this application service assurance and it means that the applications its customers rely on most stay up and running, around the clock. For more than 20 years, the largest and most successful companies have relied on AMG Software. The company has headquarter in Houston, Texas, with offices worldwide. AMG has outsourced software development through ODS mode to DLF. AMG has supplied IT infrastructure for these services and has also recruited required personnel who work at DLF for the software projects of AMG. About us (the Auditors): We (Abraham and Associates) are a practising CA firm registered with Institute of Chartered Accountants of India based at Bangalore, having 12 FCA, 28 ACA & 250 Other staff, with presence across all metros and Tier 2 cities of India. We are committed to provide consistent, customized and workable solutions to our clients and strive to support our services with the highest level of professionalism, efficiency and technology. We offer IS Assurance services with a team of DISA and IT security professionals, who are well updated and have expertise knowledge and an extensive experience.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 6 B. Brief on Project: AMG has outsourced software development through ODS mode to DLF. AMG has supplied DLF: ▪ IT infrastructure for these services ▪ AMG Has also recruited required personnel who work at DLF for the software projects of AMG. AMG wanted an independent assurance: ▪ On the security and usage of the technology ▪ On protection of the IPR (Intellectual Property Rights) of AMG including Assets ▪ That access to such provided assets (hardware, software, manuals, media, etc.) of AMG used at the AMG labs at DLF in Bangalore are adequately secured (physically and logically) from unauthorised and inappropriate use through adequate and appropriate physical, environmental and logical access controls Hence, an independent review was to be conducted on the process and methods in place at AMG labs at DLF so as to provide assurance that there are adequate and appropriate safeguards and procedures that prevent unauthorized access, mishandling and damage to any of the assets of AMG at AMG labs at DLF and all the facilities provided by AMG are being used for the purposes of AMG's operations by personnel authorised or assigned for AMG's operations only at DLF allocated work site.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 7 C. Data & Details Provided Following related clauses from Service Level Agreement (SLA) have been provided to us (the Auditors): a. Clause 6.6: Maintenance of Records b. Clause 10.4: Disaster Recovery c. Clause 10.2: Backup and Storage d. Clause 10.1: Generally e. Clause 10.3: User and Access Restrictions
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 8 D. Scope of Assignment Based on the detailed discussions with representative of AMG Mr. Ben Crocker and visit to the AMG Labs at DLF, the primary objectives of the assignment of Security Audit are finalised as follows: ▪ Provide assurance to AMG that the intellectual property of AMG including assets and access to such assets (hardware, software, manuals, media, etc.) used at the AMG labs at DLF in Bangalore are adequately secured (physically and logically) from unauthorised and inappropriate use through adequate and appropriate physical, environmental and logical access controls ▪ Review the process and methods in place at AMG labs at DLF so as to provide assurance to AMG that there are adequate and appropriate safeguards and procedures that prevent unauthorized access, mishandling and damage to any of the assets of AMG at AMG labs at DLF ▪ Review whether all the facilities provided by AMG are being used for the purposes of AMG's operations by personnel authorised or assigned for AMG's operations only at DLF ▪ Validate the process and methods at AMG labs at BLF against available norms and standards of AMG wherever available.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 9 E. Audit Methodology & Strategy
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 10 F. Risk Classification Criteria Type of Risk Organizational Impact High Requires Management Attention Medium Requires Corrective Action Low Opportunities for Improvement H M L
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 11 G. Observation Classification Criteria Root Cause Legend Explanation of Legend Risks arising from a poor strategic business plans, inappropriate policy guidelines & business decisions and improper implementation of business decisions. Relates to the achievement of an entity's basic business objectives (including performance and profitability goals) through effective and efficient utilization of available resources and by safeguarding assets of the entity. Relates to complying with those laws and regulations to which the entity is subject. Relates to the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements and reported publicly or to the management. Strategic Operational Inefficiency Compliance Deficiency Reporting Gap
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 12 H. Organisation Structure MD & CEO CFO Accounts & Taxation Financial Controllor Treasury M&A Secretarial Procurement & Inventory COO Business Heads HR & Admin (CPO/CHO) CMO Online Mktg. Team Offline Mktg. Team CAE CTO
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 13 I. Documents Reviewed ▪ SLA Agreement ▪ Visitors Registers ▪ SoPs (Standard Operating Processes) ▪ Internal Policies & Processes ▪ IS Policy ▪ Audit Logs
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 14 J. Test Performed Different tests were executed by using Caseware IDEA and CAAT Analytical tool by getting all the data into the tool from the systems: ▪ Fuzzy Duplicate / Duplicate Transaction Identification ▪ Gap Detection ▪ Matching and Comparison Tests ▪ Missing Sequence Identification ▪ Statistical Calculations ▪ Data Queries, Sample Extraction and Analysis ▪ Utility software
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 15 K. Audit & Assurance Report Executive Summary Area Observations Possibility of Unauthorised Physical Access ▪ Lapse of Cross Checking System by the Security Guards in the basement and possibility of Misuse of Temporary Issued Card issued to DLF Employees ▪ Absence of Automatic Lock Door at First Floor may lead to access to unauthorised persons to Lab Lapses in Disaster Recovery Plan (DRP) ▪ Absence of: o Back Up Systems Available for the systems supplied by AMG o Redundancy for Telecom Equipment o Standalone Generator for AMG operations o Customised DRP for AMG Labs o DRP for AMG Supplied Systems o Annual Maintenance Contracts (AMC) for AMG supplied machines ▪ Alternative Processing Capabilities of AMG not identified Lapses in Logical Access Procedures ▪ Lack of Individual Accountability due to non- creation of individual logins. ▪ Online Access of Source Code may lead unauthorized access.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 16 Detailed Audit Findings
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 17 A. Possibility of Unauthorised Physical Access Risk: High Background: As per the SLA DLF shall be responsible for ensuring that Systems, Deliverables and other AMG data and materials in DLF’s custody are installed and used only on and/or in combination with designated Systems installed at the Centre pursuant to this Agreement as specified in the Contract Addenda. DLF will restrict access to such Systems, deliverables, data and materials at all times to DLF employees who have a “need to know” subject to acceptable undertakings of confidentiality and non-disclosure. DLF shall establish and maintain security measures and safeguards reasonably satisfactory to AMG ▪ To protect against the destruction, ▪ Loss, or alteration, and ▪ The unauthorized access, use, or disclosure, Any Systems, Deliverables, or other data and materials which DLF from time to time may have in DLF's possession, custody or control at the Centre or otherwise pursuant to this Agreement. Issue/Observation: Our review revealed that: 1. No Cross Checking by the Security Guards and Misuse of Temporary Issued Card: There can be unauthorized access from the basement as the security guards do not cross check the person and the swipe card with the employee and there are temporary cards being issued before capturing of relevant details of the employee. 2. No Automatic Lock Door at First Floor: The door for the first-floor lab does not automatically lock itself after it has been opened. If a user is not careful in ensuring the door is locked after he/she enters or leaves the lab there could be opportunities for unauthorised users to enter the lab without using the keypad device. Root Cause: ▪ No Checking by Security Guards in Recommendations: ▪ There should be only Single point of Operational Inefficiency
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 18 Basement ▪ Absence of Automatic Door Lock at First Floor entrance which should be guarded by separate security personnel who is trained to cross check the person entering the AMG labs at DLF premises. ▪ There should be a biometric access control at the entrance of AMG labs which should be combined with ‘Dead Man Doors’ entry. Risks: Unauthorised Access to Lab: ▪ From Basement using Temporary Cards ▪ From First-Floor as there is no Automatic Lock in the Door Management Comments: DLF has agreed with the flaws in the Physical Access Control and has agreed to implement the audit recommendations with immediate effect. Business / Security Impact: Unauthorised Access may lead to: ▪ Theft of Data ▪ Physical and/or Logical Damage to the Infrastructure ▪ Loss of Confidentiality, Integrity and Availability Responsibility & Timelines: CEO jointly with CTO & with immediate effect.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 19 B. Lapses in Disaster Recovery Plan (DRP) Risk: High Background: As per SLA between AMG & DLF: 1. DLF shall follow AMG conventions for protection and back up of data, including checking source code in to AMG's designated coordinator each week on or before a specified day set by AMG. 2. As requested by AMG, DLF will establish and maintain off-site disaster recovery capabilities that permit DLF to recover from a disaster and continue providing Services to and carrying out Projects for AMG, including without limitation: ▪ Storage of any AMG data, Work Product or Deliverables in an off-site protected vault for such period as AMG specifies; ▪ Such off-site protected vault having security and environmental protection systems to guard against theft, fire, humidity and temperature; ▪ Such security system providing controlled access and alarm systems restricting access to DLF employees currently working on AMG Projects; and ▪ Implementation of disaster recovery capabilities in the event of any failure of DLF information technology systems which may jeopardize AMG data, Work Product or Deliverables. Upon request, DLF will provide AMG with an executive summary of the current disaster recovery plan, which may change from time to time. DLF shall test the operation and effectiveness of DLF's disaster recovery plan at least annually. In addition, DLF shall establish and maintain a backup power supply system to guard against electrical outages so that lost or damaged data or materials can be reconstructed, 3. DLF shall establish and maintain procedures for backup on magnetic tape or other electronic media and storage at an off-site storage facility, as applicable, of Systems, Deliverables and other AMG data and materials in DLF’s custody and all storage media containing the same.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 20 Issue/Observation: Our review revealed that: 1. No Back Up Systems Available: There are no back-up systems available for the systems supplied by AMG. 2. No Redundancy for Telecom Equipment: There is no redundancy for the telecommunication equipment. 3. Common Generator for all the operations at DLF: The generator that is common for all the operations of DLF supplies power to the computers in the event of continued power disruption. The generator facility has enough stock of fuel to run continuously for a period of 6 days. 4. No Customised DRP for AMG Labs: The documented generic disaster recovery plan is the same is applicable to DLF as a whole and is not customised to AMG labs. 5. No DRP for AMG Supplied Systems: There is no Disaster recovery plan for the systems that are supplied by AMG and the communication capabilities of the labs. 6. Alternative Processing Capabilities of AMG not identified: Alternative processing capabilities for the systems supplied by AMG are not identified. 7. Lack of annual maintenance contracts (AMC) for AMG supplied machines: There are no annual maintenance contracts (AMC) are in existence for AMG supplied machines. Root Cause: ▪ Weak DRP planning. ▪ Lack of complete understanding of AMG requirement wrt DRP. Recommendations: ▪ DLF should maintain back-up systems available for systems Strategic
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 21 Risks: ▪ There could be data loss of AMG Labs at DLF, which can lead to extended time required for re-developing the lost data and to recover the data. ▪ There can be instances of data theft also. ▪ Increase time will lead to rise in cost of software development and untimely delivery of software. supplied by AMG. ▪ DLF should have an alternative telecommunication equipment in place to replace fault of ISPs. ▪ The generator facility should be enhanced and should properly cover the Recovery Point Objective(RPO) and Recovery Time Objective(RTO). ▪ DLF should have a customized recovery plan so that there least impact on AMG Labs at DLF, its systems and communication capabilities. ▪ DLF should maintain alternative processing capabilities for the systems supplied by AMG. ▪ DLF should carry out annual maintenance of AMG supplied machines. AMG should also ensure AMC of its machines are being done timely and properly, otherwise there could be physical and logical damage to AMG supplied machines. Business / Security Impact: ▪ As the software industry is changing very rapidly a delay in software delivery may make the software obsolete in the market. Management Comments: DLF has agreed with the observations of the auditor and has agreed to implement the audit recommendations with immediate effect. Responsibility & Timelines: CEO jointly with CTO & with immediate effect.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 22 C. Lapses in Logical Access Procedures Risk: Medium Background: As per SLA between AMG & DLF: 1. Source code development is undertaken on an online basis through the resources at the AMG facility in Houston. Configuration management tools that are in use at AMG perform the configuration management of software under development/maintenance. DLF here has no control over the configuration/change management procedures that are to be followed during the system development or maintenance phases of SDLC. Therefore in lieu of such practices DLF does not maintain any records/documents that record the changes incorporated to software during maintenance/ developmental activities. 2. DLF shall establish and maintain security measures and safeguards reasonably satisfactory to AMG ▪ To protect against the destruction, ▪ Loss, or alteration, and ▪ The unauthorized access, use, or disclosure, any Systems, Deliverables, or other data and materials which DLF from time to time may have in DLF's possession, custody or control at the Center or otherwise pursuant to this Agreement. 3. DLF shall be responsible for ensuring that Systems, Deliverables and other AMG data and materials in DLF’s custody are installed and used only on and/or in combination with designated Systems installed at the Center pursuant to this Agreement as specified in the Contract Addenda. 4. DLF will restrict access to such Systems, deliverables, data and materials at all times to DLF employees who have a “need to know” subject to acceptable undertakings of confidentiality and non-disclosure.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 23 Issue/Observation: Our review revealed that: 1. No Individual Login Creation leads to No Individual Accountability: There is no individual logins created and only group logins have been created as there is no individual accountability assigned to the users. 2. Online Access of Source Code may lead unauthorized access: The source code is to be accessed ONLINE and hence it could lead to any kind of unauthorized logical access to data being transmitted online between AMG, Houston and AMG Labs at DLF. Root Cause: ▪ No Creation of Individual Logins ▪ Online Sharing of Source Codes Recommendations: ▪ Each and every user should strictly have a distinct user id and password in addition to the individual workstation user id and passwords. ▪ Online access to AMG, Houston servers should be through secured and secluded from the other networks of DLF. All source codes should be transferred through Secured Sockets Layer. A clause should be added in the SLA to ensure there is secured transmission of data. Risks: Unauthorised Logical Access: ▪ Non-creation of Individual Login may lead to held responsible whole group ▪ Online Sharing of Source Codes having high risk of Wire Tapping, Hacking, Phishing etc. ▪ Online Sharing of Source Codes poses high chances of breach of IPR of AMG Business / Security Impact: Unauthorised Access may lead to: ▪ Theft of Data ▪ Logical Damage to the Infrastructure ▪ Loss of Confidentiality, Integrity and Availability ▪ DLF as group at Risk of breach of Management Comments: ▪ DLF is changing its network configuration to assign individual user id and passwords to every user in AMG labs at DLF. ▪ DLF has immediately secluded the network for AMG Labs and is working on implementing SSL. Operational Inefficiency
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 24 IPR ▪ ABG as group at Risk of loss due to breach of IPR Responsibility & Timelines: CEO jointly with CTO & with immediate effect.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 25 L. References ▪ www.cit.icai.org ▪ www.icisa.cag.gov.in ▪ www.isaca.org ▪ Institute of Chartered Accountants of India Publications on “Information Systems Audit”, “SIA 14, on Internal Audit in Information Technology Environment” ▪ “ISACA ITAF, 1201 “Engagement Planning” ▪ “Security, Audit and Control Features SAP® ERP, 3rd Edition” ▪ Information Systems Assurance Services of ICAI ISA-2 Reference. ▪ ITAF guidelines for audit of third party IT activities ▪ International Standard on Auditing ▪ Standards for IS audit and assurance issued by ISACA o 1201: Engagement Planning o 1202: Risk Assessment in Planning o 1204: Materiality o 1205: Evidence ▪ IS Auditing Guidelines o 2201: Engagement planning o 2202: Risk assessment in audit planning o 2204: Materiality o 2205: Evidence ▪ www.cloud-standards.org ▪ www.cloudaudit.org ▪ www.cloudsecurity.org
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 26 M. Disclaimer & Limitations ▪ This Report seeks to focus on some of significant issues arising from our review based on the limited scope of work as mutually agreed upon, to the extent that these may have significant impact on arrangements or matters material to the operations of the Client. The review has been carried out in accordance with and subject to the terms of engagement with the Client. It is the management’s responsibility to develop and maintain sound systems of risk management, internal control and governance. Internal audit work should not be seen as substitute of management’s responsibilities for design and operation of these systems. ▪ As the basis of sample selection for review is purely judgmental based on risk based audit approach and existence of other internal controls, the outcome of the analysis may not be exhaustive. This report does not comment on the commercial nature or effect of the transactions undertaken, contemplated or associated with any of the contracts reviewed or contractual relationships revealed. This report does not comment upon any change/development which may have taken place in the process and functioning of processes after audit date (the last date of our field work). This report has to be read in conjunction with such other reports, if any, issued separately in this regard and not in isolation. ▪ The review was based on the information and data provided to us either in physical or electronic form relating to the operations of the Client covered in their books of account, financial statements, MIS reports etc. Thus, we cannot comment on any liabilities (present or contingent) that may arise as a result of omissions from, or misrepresentations in, the financial statements / information and records provided to us by the client. ▪ It may be noted that our review was restricted to only the specific aspects of the operations of the client covered in the specific location / divisions as outlined in this Report on a standalone basis. The review is restricted to the limited Scope of Work and the subsidiaries / associates / related parties / other divisions of the Client, have not been covered within the ambit of this review. The said review has been finalized based on the documents and records produced before us and the discussions / views provided to us by the
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 27 Client’s management team. ▪ We endeavor to plan our work in such a manner so that we have reasonable expectation of detecting significant control weaknesses. However, internal audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected and our examination as internal auditors should not be relied upon to disclose all fraud, defalcations, misappropriations, misrepresentations or other irregularities which may exist. ▪ This report is not intended to provide a summary of all financial, accounting, tax, legal, technical, commercial, Information Technology, human resources and / or any other issues relevant to the Client and aims only to highlight some of the issues in respect of the Client, which, we feel may have a significant and material impact on arrangements or matters material to the Client’s operations based on scope of work being undertaken. ▪ This report is meant for use only by the Client management and the Board of Directors of the Company and should not be quoted or referred to or copied, stored, encrypted and distributed (either in physical form or in electronic form either in full or in part) without our prior written consent. We hold accountability only to the Client within the limited Scope of Work and to no other person/s. ▪ This report has been prepared on the basis of the following assumptions: o That all the opinions expressed by the Client management and its advisors are honestly held by them and that all such opinions and views expressed to us were made and continue to be based on reasonable assumptions and that all statements of fact by any of the foregoing persons were made and continue to be true, accurate, correct and not misleading in any way. o That all documents or copies thereof furnished / produced and examined by us are true and (unless otherwise indicated) complete copies of their originals of such documents were provided. That all agreements, instruments and documents entered into, executed and/or issued by or on behalf of the Client and reviewed by us, were duly authorized and were validly executed and that the relevant parties thereto had all necessary capacity under its or their constitutions to do such things. o That all information or documentation supplied to or examined in connection with the preparation of this report, or from which this report was compiled, was and remains true and is not misleading in any way. This report and our view of the arrangements and documentation contained herein are limited to certain significant regulations, accounting standards etc. as are applicable under the Indian law. We are not reporting on and express no opinion with respect to the laws of any other jurisdiction or any documents or arrangements, which may be
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 28 subject to or governed by, the laws of any other jurisdiction. The review shall not in any manner constitute to be a detailed audit / opinion / certification / confirmation of the financial statements, books of accounts, documents of the Client under any law or regulation. o The review findings are based on our view of the current provisions of the various regulations. Government or Judicial authorities may or may not subscribe to the views expressed herein. ▪ Under no circumstances, our liability in respect of this engagement shall exceed the fees received from the Client on the said matter or the actual damages (excluding any penalties) suffered by the Client whichever is less, as determined by the final court of competent jurisdiction in India.
Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 29

Empfohlen

Project audit
Project auditProject audit
Project auditSajna Fathima
 
Exploration of risks and risk management in construction project delivery
Exploration of risks and risk management in construction project deliveryExploration of risks and risk management in construction project delivery
Exploration of risks and risk management in construction project deliveryMECandPMV
 
Project Risk
Project RiskProject Risk
Project RiskRohit Kumar
 
Kick off meeting presentation
Kick off meeting presentationKick off meeting presentation
Kick off meeting presentationIsidro Sid Calayag
 
A presentaion on Panasas HPC NAS
A presentaion on Panasas HPC NASA presentaion on Panasas HPC NAS
A presentaion on Panasas HPC NASRahul Janghel
 
Risk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesRisk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesSlideTeam
 
Procedural Risk Management
Procedural Risk ManagementProcedural Risk Management
Procedural Risk ManagementLouis A. Poulin
 
PMP_Project Time Management
PMP_Project Time ManagementPMP_Project Time Management
PMP_Project Time ManagementHisham Haridy MBA, PMP®, RMP®, SP®
 

Empfohlen

Project audit
Project auditProject audit
Project auditSajna Fathima
 
Exploration of risks and risk management in construction project delivery
Exploration of risks and risk management in construction project deliveryExploration of risks and risk management in construction project delivery
Exploration of risks and risk management in construction project deliveryMECandPMV
 
Project Risk
Project RiskProject Risk
Project RiskRohit Kumar
 
Kick off meeting presentation
Kick off meeting presentationKick off meeting presentation
Kick off meeting presentationIsidro Sid Calayag
 
A presentaion on Panasas HPC NAS
A presentaion on Panasas HPC NASA presentaion on Panasas HPC NAS
A presentaion on Panasas HPC NASRahul Janghel
 
Risk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesRisk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesSlideTeam
 
Procedural Risk Management
Procedural Risk ManagementProcedural Risk Management
Procedural Risk ManagementLouis A. Poulin
 
PMP_Project Time Management
PMP_Project Time ManagementPMP_Project Time Management
PMP_Project Time ManagementHisham Haridy MBA, PMP®, RMP®, SP®
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
To Identify the Various Constraints for Delays in Construction Work and Sugge...
To Identify the Various Constraints for Delays in Construction Work and Sugge...To Identify the Various Constraints for Delays in Construction Work and Sugge...
To Identify the Various Constraints for Delays in Construction Work and Sugge...Harish Rajmane
 
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...Edureka!
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk ManagementMarkos Mulat G
 
Project Management case analysis
Project Management case analysisProject Management case analysis
Project Management case analysisWakas Khalid
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
Incident Management Framework
Incident Management FrameworkIncident Management Framework
Incident Management FrameworkJohnPereira62
 
Criterium epc project risks (5.28.13)
Criterium epc project risks (5.28.13)Criterium epc project risks (5.28.13)
Criterium epc project risks (5.28.13)Roland_Nikles
 
Claims & disputes management
Claims & disputes managementClaims & disputes management
Claims & disputes managementMohammed Tanbouz
 
1.9 _ Stakeholder Mapping & Opportunity Framing .pdf
1.9 _ Stakeholder Mapping & Opportunity Framing .pdf1.9 _ Stakeholder Mapping & Opportunity Framing .pdf
1.9 _ Stakeholder Mapping & Opportunity Framing .pdfLalitha318185
 
Chapter 6 project management
Chapter 6 project managementChapter 6 project management
Chapter 6 project managementShadina Shah
 
11.6 Implement Risk Responses
11.6 Implement Risk Responses11.6 Implement Risk Responses
11.6 Implement Risk ResponsesDavidMcLachlan1
 
Kochi Metro Rail Project.doc
Kochi Metro Rail Project.docKochi Metro Rail Project.doc
Kochi Metro Rail Project.docSuryadev Maity
 
Risk management
Risk management Risk management
Risk management Sushrut Gautam
 
Design Sequence of Works In Design & Build Projects
Design Sequence of Works In Design & Build ProjectsDesign Sequence of Works In Design & Build Projects
Design Sequence of Works In Design & Build ProjectsMuhammad El-Chammakh , PMP , PMI-SP
 
Risk management
Risk managementRisk management
Risk managementnashaat algrara
 
Risk analysis and management
Risk analysis and managementRisk analysis and management
Risk analysis and managementgnitu
 
Project communication management
Project communication managementProject communication management
Project communication managementDikshant Ghimire
 
Design & Build contracts - key points for a main contractor with technology a...
Design & Build contracts - key points for a main contractor with technology a...Design & Build contracts - key points for a main contractor with technology a...
Design & Build contracts - key points for a main contractor with technology a...Bhalindra Bath - projects & M&A law
 
Project Management Office (PMO)
Project Management Office (PMO)Project Management Office (PMO)
Project Management Office (PMO)Anand Subramaniam
 
Nukg Brief Intro
Nukg Brief IntroNukg Brief Intro
Nukg Brief IntroRobert Joseph
 
Rakesh Resume
Rakesh ResumeRakesh Resume
Rakesh ResumeRakesh Singh Thakur
 

Weitere ähnliche Inhalte

Was ist angesagt?

Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
To Identify the Various Constraints for Delays in Construction Work and Sugge...
To Identify the Various Constraints for Delays in Construction Work and Sugge...To Identify the Various Constraints for Delays in Construction Work and Sugge...
To Identify the Various Constraints for Delays in Construction Work and Sugge...Harish Rajmane
 
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...Edureka!
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk ManagementMarkos Mulat G
 
Project Management case analysis
Project Management case analysisProject Management case analysis
Project Management case analysisWakas Khalid
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
Incident Management Framework
Incident Management FrameworkIncident Management Framework
Incident Management FrameworkJohnPereira62
 
Criterium epc project risks (5.28.13)
Criterium epc project risks (5.28.13)Criterium epc project risks (5.28.13)
Criterium epc project risks (5.28.13)Roland_Nikles
 
Claims & disputes management
Claims & disputes managementClaims & disputes management
Claims & disputes managementMohammed Tanbouz
 
1.9 _ Stakeholder Mapping & Opportunity Framing .pdf
1.9 _ Stakeholder Mapping & Opportunity Framing .pdf1.9 _ Stakeholder Mapping & Opportunity Framing .pdf
1.9 _ Stakeholder Mapping & Opportunity Framing .pdfLalitha318185
 
Chapter 6 project management
Chapter 6 project managementChapter 6 project management
Chapter 6 project managementShadina Shah
 
11.6 Implement Risk Responses
11.6 Implement Risk Responses11.6 Implement Risk Responses
11.6 Implement Risk ResponsesDavidMcLachlan1
 
Kochi Metro Rail Project.doc
Kochi Metro Rail Project.docKochi Metro Rail Project.doc
Kochi Metro Rail Project.docSuryadev Maity
 
Risk analysis and management
Risk analysis and managementRisk analysis and management
Risk analysis and managementgnitu
 
Project communication management
Project communication managementProject communication management
Project communication managementDikshant Ghimire
 
Design & Build contracts - key points for a main contractor with technology a...
Design & Build contracts - key points for a main contractor with technology a...Design & Build contracts - key points for a main contractor with technology a...
Design & Build contracts - key points for a main contractor with technology a...Bhalindra Bath - projects & M&A law
 
Project Management Office (PMO)
Project Management Office (PMO)Project Management Office (PMO)
Project Management Office (PMO)Anand Subramaniam
 

Was ist angesagt? (20)

Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
To Identify the Various Constraints for Delays in Construction Work and Sugge...
To Identify the Various Constraints for Delays in Construction Work and Sugge...To Identify the Various Constraints for Delays in Construction Work and Sugge...
To Identify the Various Constraints for Delays in Construction Work and Sugge...
 
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...
PMBOK® Guide Sixth Edition | Project Management Certification | PMP® Certific...
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
 
Project Management case analysis
Project Management case analysisProject Management case analysis
Project Management case analysis
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic Planning
 
Incident Management Framework
Incident Management FrameworkIncident Management Framework
Incident Management Framework
 
Criterium epc project risks (5.28.13)
Criterium epc project risks (5.28.13)Criterium epc project risks (5.28.13)
Criterium epc project risks (5.28.13)
 
Claims & disputes management
Claims & disputes managementClaims & disputes management
Claims & disputes management
 
1.9 _ Stakeholder Mapping & Opportunity Framing .pdf
1.9 _ Stakeholder Mapping & Opportunity Framing .pdf1.9 _ Stakeholder Mapping & Opportunity Framing .pdf
1.9 _ Stakeholder Mapping & Opportunity Framing .pdf
 
Chapter 6 project management
Chapter 6 project managementChapter 6 project management
Chapter 6 project management
 
11.6 Implement Risk Responses
11.6 Implement Risk Responses11.6 Implement Risk Responses
11.6 Implement Risk Responses
 
Kochi Metro Rail Project.doc
Kochi Metro Rail Project.docKochi Metro Rail Project.doc
Kochi Metro Rail Project.doc
 
Risk management
Risk management Risk management
Risk management
 
Design Sequence of Works In Design & Build Projects
Design Sequence of Works In Design & Build ProjectsDesign Sequence of Works In Design & Build Projects
Design Sequence of Works In Design & Build Projects
 
Risk management
Risk managementRisk management
Risk management
 
Risk analysis and management
Risk analysis and managementRisk analysis and management
Risk analysis and management
 
Project communication management
Project communication managementProject communication management
Project communication management
 
Design & Build contracts - key points for a main contractor with technology a...
Design & Build contracts - key points for a main contractor with technology a...Design & Build contracts - key points for a main contractor with technology a...
Design & Build contracts - key points for a main contractor with technology a...
 
Project Management Office (PMO)
Project Management Office (PMO)Project Management Office (PMO)
Project Management Office (PMO)
 

Ähnlich wie Project report disa course

Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps EraMike Kavis
 
Good IT Project Management
Good IT Project Management Good IT Project Management
Good IT Project Management William Francis
 
CV Ahmed Adel Inservice AIM and RBI manager 2016
CV Ahmed Adel Inservice AIM and RBI manager 2016CV Ahmed Adel Inservice AIM and RBI manager 2016
CV Ahmed Adel Inservice AIM and RBI manager 2016Ahmed Elbaria
 
IBM i Application Lifecycle Management with Remain Software
IBM i Application Lifecycle Management with Remain SoftwareIBM i Application Lifecycle Management with Remain Software
IBM i Application Lifecycle Management with Remain SoftwareRemain Software
 
Rosalin Ghosh_Resume_Testing_8 Yrs Experience
Rosalin Ghosh_Resume_Testing_8 Yrs ExperienceRosalin Ghosh_Resume_Testing_8 Yrs Experience
Rosalin Ghosh_Resume_Testing_8 Yrs ExperienceRosalin Ghosh
 
Capstone & Intern Presentation - Dhruv Godara (Cummins)
Capstone & Intern Presentation - Dhruv Godara (Cummins)Capstone & Intern Presentation - Dhruv Godara (Cummins)
Capstone & Intern Presentation - Dhruv Godara (Cummins)dhruvgodara
 
B1AIP30 - Kickoff Meeting Template.pptx
B1AIP30 - Kickoff Meeting Template.pptxB1AIP30 - Kickoff Meeting Template.pptx
B1AIP30 - Kickoff Meeting Template.pptxssuser97c2dc
 
20200205 DHS Agile Center of Excellence Agile Governance Ariel Partners
20200205 DHS Agile Center of Excellence Agile Governance Ariel Partners20200205 DHS Agile Center of Excellence Agile Governance Ariel Partners
20200205 DHS Agile Center of Excellence Agile Governance Ariel PartnersCraeg Strong
 
Marjorie_Paller_CV_05172016
Marjorie_Paller_CV_05172016Marjorie_Paller_CV_05172016
Marjorie_Paller_CV_05172016Marjorie Paller
 
Platform Health Assessment at Department of Homeland Security Citizenship and...
Platform Health Assessment at Department of Homeland Security Citizenship and...Platform Health Assessment at Department of Homeland Security Citizenship and...
Platform Health Assessment at Department of Homeland Security Citizenship and...VMware Tanzu
 
AppDynamics-Certified-Associate-Performance-Analyst-Preparation-Guide.pdf
AppDynamics-Certified-Associate-Performance-Analyst-Preparation-Guide.pdfAppDynamics-Certified-Associate-Performance-Analyst-Preparation-Guide.pdf
AppDynamics-Certified-Associate-Performance-Analyst-Preparation-Guide.pdfssusere9bd3b
 
Sudhir_15 yrs_SAP FICO
Sudhir_15 yrs_SAP FICOSudhir_15 yrs_SAP FICO
Sudhir_15 yrs_SAP FICOSap World
 

Ähnlich wie Project report disa course (20)

Nukg Brief Intro
Nukg Brief IntroNukg Brief Intro
Nukg Brief Intro
 
Rakesh Resume
Rakesh ResumeRakesh Resume
Rakesh Resume
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
 
Good IT Project Management
Good IT Project Management Good IT Project Management
Good IT Project Management
 
CV Ahmed Adel Inservice AIM and RBI manager 2016
CV Ahmed Adel Inservice AIM and RBI manager 2016CV Ahmed Adel Inservice AIM and RBI manager 2016
CV Ahmed Adel Inservice AIM and RBI manager 2016
 
IBM i Application Lifecycle Management with Remain Software
IBM i Application Lifecycle Management with Remain SoftwareIBM i Application Lifecycle Management with Remain Software
IBM i Application Lifecycle Management with Remain Software
 
Rosalin Ghosh_Resume_Testing_8 Yrs Experience
Rosalin Ghosh_Resume_Testing_8 Yrs ExperienceRosalin Ghosh_Resume_Testing_8 Yrs Experience
Rosalin Ghosh_Resume_Testing_8 Yrs Experience
 
Capstone & Intern Presentation - Dhruv Godara (Cummins)
Capstone & Intern Presentation - Dhruv Godara (Cummins)Capstone & Intern Presentation - Dhruv Godara (Cummins)
Capstone & Intern Presentation - Dhruv Godara (Cummins)
 
B1AIP30 - Kickoff Meeting Template.pptx
B1AIP30 - Kickoff Meeting Template.pptxB1AIP30 - Kickoff Meeting Template.pptx
B1AIP30 - Kickoff Meeting Template.pptx
 
20200205 DHS Agile Center of Excellence Agile Governance Ariel Partners
20200205 DHS Agile Center of Excellence Agile Governance Ariel Partners20200205 DHS Agile Center of Excellence Agile Governance Ariel Partners
20200205 DHS Agile Center of Excellence Agile Governance Ariel Partners
 
Resume
ResumeResume
Resume
 
Marjorie_Paller_CV_05172016
Marjorie_Paller_CV_05172016Marjorie_Paller_CV_05172016
Marjorie_Paller_CV_05172016
 
Platform Health Assessment at Department of Homeland Security Citizenship and...
Platform Health Assessment at Department of Homeland Security Citizenship and...Platform Health Assessment at Department of Homeland Security Citizenship and...
Platform Health Assessment at Department of Homeland Security Citizenship and...
 
Abhijit_Testing
Abhijit_TestingAbhijit_Testing
Abhijit_Testing
 
AppDynamics-Certified-Associate-Performance-Analyst-Preparation-Guide.pdf
AppDynamics-Certified-Associate-Performance-Analyst-Preparation-Guide.pdfAppDynamics-Certified-Associate-Performance-Analyst-Preparation-Guide.pdf
AppDynamics-Certified-Associate-Performance-Analyst-Preparation-Guide.pdf
 
Balaji_Workday
Balaji_WorkdayBalaji_Workday
Balaji_Workday
 
Krishna Pingali_Senior Consultant - QA
Krishna Pingali_Senior Consultant - QAKrishna Pingali_Senior Consultant - QA
Krishna Pingali_Senior Consultant - QA
 
Vandana B
Vandana BVandana B
Vandana B
 
Sudhir_15 yrs_SAP FICO
Sudhir_15 yrs_SAP FICOSudhir_15 yrs_SAP FICO
Sudhir_15 yrs_SAP FICO
 
I nearshore
I nearshore I nearshore
I nearshore
 

Kürzlich hochgeladen

Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKTimothy Spann
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...only4webmaster01
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...amitlee9823
 
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...amitlee9823
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
➥🔝 7737669865 🔝▻ Ongole Call-girls in Women Seeking Men 🔝Ongole🔝 Escorts S...
➥🔝 7737669865 🔝▻ Ongole Call-girls in Women Seeking Men 🔝Ongole🔝 Escorts S...➥🔝 7737669865 🔝▻ Ongole Call-girls in Women Seeking Men 🔝Ongole🔝 Escorts S...
➥🔝 7737669865 🔝▻ Ongole Call-girls in Women Seeking Men 🔝Ongole🔝 Escorts S...amitlee9823
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...amitlee9823
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 

Kürzlich hochgeladen (20)

Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
 
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
 
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
➥🔝 7737669865 🔝▻ Ongole Call-girls in Women Seeking Men 🔝Ongole🔝 Escorts S...
➥🔝 7737669865 🔝▻ Ongole Call-girls in Women Seeking Men 🔝Ongole🔝 Escorts S...➥🔝 7737669865 🔝▻ Ongole Call-girls in Women Seeking Men 🔝Ongole🔝 Escorts S...
➥🔝 7737669865 🔝▻ Ongole Call-girls in Women Seeking Men 🔝Ongole🔝 Escorts S...
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 

Project report disa course

  • 1. CERTIFICATE Project Report of DISA 2.0 Course This is to certify that, we have successfully completed the DISA 2.0 course training conducted at: Hotel Woodland Retreat, Next to Hotel Tip Top Plaza, Opp. Raheja Garden, LBS Road, Thane (W), Batch Id- THA1708091 from 05th August, 2017 to 03rd September, 2017, and we have the required attendance. We are submitting the Project titled: Audit of Outsourced Software Development We hereby confirm that we have adhered to the guidelines issued by CIT, ICAI for the project. Also, certify that this project report is our original work and we have prepared this project. We have not shared the project details or taken help in preparing project report from anyone. Sr. No. Name DISA No. Signature 1 CA. Dinesh Bhutra 51262 2 CA. Gauri Sovani 52027 3 CA. Gopal Danee 52463 Place: Mumbai Date: 16th September, 2017
  • 2. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 2 16th September, 2017 To, The Management, AMG Software, India / USA Subject: Submission of Audit & Assurance Report Dear Sir/Madam, We are pleased to attach herewith the Audit & Assurance Report carried out at DLF, India premises in accordance to our audit engagement letter 31st July, 2017 with AMG Software. We thank the entire management team and staff for the co-operation extended during the course of audit. We would be pleased to clarify any pertinent aspect. With Best Regards, Abraham & Associates, Chartered Accountants Place: Bangalore
  • 3. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 3 Project Report of DISA 2.0 Course Audit of Outsourced Software Development
  • 4. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 4 Table of Contents Page No. A. Introduction 4 B. Brief on Project 5 C. Data & Details Provided 6 D. Scope of Assignment 7 E. Audit Methodology & Strategy 8 F. Risk Classification Criteria 9 G. Observation Classification Criteria 10 H. Organisation Structure 11 I. Documents Reviewed 12 J. Tests Performed 13 K. Audit & Assurance Report 14 1. Executive Summary 2. Detailed Audit Findings L. References 24 M.Disclaimer & Limitations 25
  • 5. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 5 A. Introduction About the Client: AMG Software is the world's leading provider of management solutions that ensure the availability, performance, and recovery of business-critical applications. AMG calls this application service assurance and it means that the applications its customers rely on most stay up and running, around the clock. For more than 20 years, the largest and most successful companies have relied on AMG Software. The company has headquarter in Houston, Texas, with offices worldwide. AMG has outsourced software development through ODS mode to DLF. AMG has supplied IT infrastructure for these services and has also recruited required personnel who work at DLF for the software projects of AMG. About us (the Auditors): We (Abraham and Associates) are a practising CA firm registered with Institute of Chartered Accountants of India based at Bangalore, having 12 FCA, 28 ACA & 250 Other staff, with presence across all metros and Tier 2 cities of India. We are committed to provide consistent, customized and workable solutions to our clients and strive to support our services with the highest level of professionalism, efficiency and technology. We offer IS Assurance services with a team of DISA and IT security professionals, who are well updated and have expertise knowledge and an extensive experience.
  • 6. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 6 B. Brief on Project: AMG has outsourced software development through ODS mode to DLF. AMG has supplied DLF: ▪ IT infrastructure for these services ▪ AMG Has also recruited required personnel who work at DLF for the software projects of AMG. AMG wanted an independent assurance: ▪ On the security and usage of the technology ▪ On protection of the IPR (Intellectual Property Rights) of AMG including Assets ▪ That access to such provided assets (hardware, software, manuals, media, etc.) of AMG used at the AMG labs at DLF in Bangalore are adequately secured (physically and logically) from unauthorised and inappropriate use through adequate and appropriate physical, environmental and logical access controls Hence, an independent review was to be conducted on the process and methods in place at AMG labs at DLF so as to provide assurance that there are adequate and appropriate safeguards and procedures that prevent unauthorized access, mishandling and damage to any of the assets of AMG at AMG labs at DLF and all the facilities provided by AMG are being used for the purposes of AMG's operations by personnel authorised or assigned for AMG's operations only at DLF allocated work site.
  • 7. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 7 C. Data & Details Provided Following related clauses from Service Level Agreement (SLA) have been provided to us (the Auditors): a. Clause 6.6: Maintenance of Records b. Clause 10.4: Disaster Recovery c. Clause 10.2: Backup and Storage d. Clause 10.1: Generally e. Clause 10.3: User and Access Restrictions
  • 8. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 8 D. Scope of Assignment Based on the detailed discussions with representative of AMG Mr. Ben Crocker and visit to the AMG Labs at DLF, the primary objectives of the assignment of Security Audit are finalised as follows: ▪ Provide assurance to AMG that the intellectual property of AMG including assets and access to such assets (hardware, software, manuals, media, etc.) used at the AMG labs at DLF in Bangalore are adequately secured (physically and logically) from unauthorised and inappropriate use through adequate and appropriate physical, environmental and logical access controls ▪ Review the process and methods in place at AMG labs at DLF so as to provide assurance to AMG that there are adequate and appropriate safeguards and procedures that prevent unauthorized access, mishandling and damage to any of the assets of AMG at AMG labs at DLF ▪ Review whether all the facilities provided by AMG are being used for the purposes of AMG's operations by personnel authorised or assigned for AMG's operations only at DLF ▪ Validate the process and methods at AMG labs at BLF against available norms and standards of AMG wherever available.
  • 9. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 9 E. Audit Methodology & Strategy
  • 10. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 10 F. Risk Classification Criteria Type of Risk Organizational Impact High Requires Management Attention Medium Requires Corrective Action Low Opportunities for Improvement H M L
  • 11. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 11 G. Observation Classification Criteria Root Cause Legend Explanation of Legend Risks arising from a poor strategic business plans, inappropriate policy guidelines & business decisions and improper implementation of business decisions. Relates to the achievement of an entity's basic business objectives (including performance and profitability goals) through effective and efficient utilization of available resources and by safeguarding assets of the entity. Relates to complying with those laws and regulations to which the entity is subject. Relates to the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements and reported publicly or to the management. Strategic Operational Inefficiency Compliance Deficiency Reporting Gap
  • 12. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 12 H. Organisation Structure MD & CEO CFO Accounts & Taxation Financial Controllor Treasury M&A Secretarial Procurement & Inventory COO Business Heads HR & Admin (CPO/CHO) CMO Online Mktg. Team Offline Mktg. Team CAE CTO
  • 13. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 13 I. Documents Reviewed ▪ SLA Agreement ▪ Visitors Registers ▪ SoPs (Standard Operating Processes) ▪ Internal Policies & Processes ▪ IS Policy ▪ Audit Logs
  • 14. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 14 J. Test Performed Different tests were executed by using Caseware IDEA and CAAT Analytical tool by getting all the data into the tool from the systems: ▪ Fuzzy Duplicate / Duplicate Transaction Identification ▪ Gap Detection ▪ Matching and Comparison Tests ▪ Missing Sequence Identification ▪ Statistical Calculations ▪ Data Queries, Sample Extraction and Analysis ▪ Utility software
  • 15. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 15 K. Audit & Assurance Report Executive Summary Area Observations Possibility of Unauthorised Physical Access ▪ Lapse of Cross Checking System by the Security Guards in the basement and possibility of Misuse of Temporary Issued Card issued to DLF Employees ▪ Absence of Automatic Lock Door at First Floor may lead to access to unauthorised persons to Lab Lapses in Disaster Recovery Plan (DRP) ▪ Absence of: o Back Up Systems Available for the systems supplied by AMG o Redundancy for Telecom Equipment o Standalone Generator for AMG operations o Customised DRP for AMG Labs o DRP for AMG Supplied Systems o Annual Maintenance Contracts (AMC) for AMG supplied machines ▪ Alternative Processing Capabilities of AMG not identified Lapses in Logical Access Procedures ▪ Lack of Individual Accountability due to non- creation of individual logins. ▪ Online Access of Source Code may lead unauthorized access.
  • 16. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 16 Detailed Audit Findings
  • 17. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 17 A. Possibility of Unauthorised Physical Access Risk: High Background: As per the SLA DLF shall be responsible for ensuring that Systems, Deliverables and other AMG data and materials in DLF’s custody are installed and used only on and/or in combination with designated Systems installed at the Centre pursuant to this Agreement as specified in the Contract Addenda. DLF will restrict access to such Systems, deliverables, data and materials at all times to DLF employees who have a “need to know” subject to acceptable undertakings of confidentiality and non-disclosure. DLF shall establish and maintain security measures and safeguards reasonably satisfactory to AMG ▪ To protect against the destruction, ▪ Loss, or alteration, and ▪ The unauthorized access, use, or disclosure, Any Systems, Deliverables, or other data and materials which DLF from time to time may have in DLF's possession, custody or control at the Centre or otherwise pursuant to this Agreement. Issue/Observation: Our review revealed that: 1. No Cross Checking by the Security Guards and Misuse of Temporary Issued Card: There can be unauthorized access from the basement as the security guards do not cross check the person and the swipe card with the employee and there are temporary cards being issued before capturing of relevant details of the employee. 2. No Automatic Lock Door at First Floor: The door for the first-floor lab does not automatically lock itself after it has been opened. If a user is not careful in ensuring the door is locked after he/she enters or leaves the lab there could be opportunities for unauthorised users to enter the lab without using the keypad device. Root Cause: ▪ No Checking by Security Guards in Recommendations: ▪ There should be only Single point of Operational Inefficiency
  • 18. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 18 Basement ▪ Absence of Automatic Door Lock at First Floor entrance which should be guarded by separate security personnel who is trained to cross check the person entering the AMG labs at DLF premises. ▪ There should be a biometric access control at the entrance of AMG labs which should be combined with ‘Dead Man Doors’ entry. Risks: Unauthorised Access to Lab: ▪ From Basement using Temporary Cards ▪ From First-Floor as there is no Automatic Lock in the Door Management Comments: DLF has agreed with the flaws in the Physical Access Control and has agreed to implement the audit recommendations with immediate effect. Business / Security Impact: Unauthorised Access may lead to: ▪ Theft of Data ▪ Physical and/or Logical Damage to the Infrastructure ▪ Loss of Confidentiality, Integrity and Availability Responsibility & Timelines: CEO jointly with CTO & with immediate effect.
  • 19. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 19 B. Lapses in Disaster Recovery Plan (DRP) Risk: High Background: As per SLA between AMG & DLF: 1. DLF shall follow AMG conventions for protection and back up of data, including checking source code in to AMG's designated coordinator each week on or before a specified day set by AMG. 2. As requested by AMG, DLF will establish and maintain off-site disaster recovery capabilities that permit DLF to recover from a disaster and continue providing Services to and carrying out Projects for AMG, including without limitation: ▪ Storage of any AMG data, Work Product or Deliverables in an off-site protected vault for such period as AMG specifies; ▪ Such off-site protected vault having security and environmental protection systems to guard against theft, fire, humidity and temperature; ▪ Such security system providing controlled access and alarm systems restricting access to DLF employees currently working on AMG Projects; and ▪ Implementation of disaster recovery capabilities in the event of any failure of DLF information technology systems which may jeopardize AMG data, Work Product or Deliverables. Upon request, DLF will provide AMG with an executive summary of the current disaster recovery plan, which may change from time to time. DLF shall test the operation and effectiveness of DLF's disaster recovery plan at least annually. In addition, DLF shall establish and maintain a backup power supply system to guard against electrical outages so that lost or damaged data or materials can be reconstructed, 3. DLF shall establish and maintain procedures for backup on magnetic tape or other electronic media and storage at an off-site storage facility, as applicable, of Systems, Deliverables and other AMG data and materials in DLF’s custody and all storage media containing the same.
  • 20. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 20 Issue/Observation: Our review revealed that: 1. No Back Up Systems Available: There are no back-up systems available for the systems supplied by AMG. 2. No Redundancy for Telecom Equipment: There is no redundancy for the telecommunication equipment. 3. Common Generator for all the operations at DLF: The generator that is common for all the operations of DLF supplies power to the computers in the event of continued power disruption. The generator facility has enough stock of fuel to run continuously for a period of 6 days. 4. No Customised DRP for AMG Labs: The documented generic disaster recovery plan is the same is applicable to DLF as a whole and is not customised to AMG labs. 5. No DRP for AMG Supplied Systems: There is no Disaster recovery plan for the systems that are supplied by AMG and the communication capabilities of the labs. 6. Alternative Processing Capabilities of AMG not identified: Alternative processing capabilities for the systems supplied by AMG are not identified. 7. Lack of annual maintenance contracts (AMC) for AMG supplied machines: There are no annual maintenance contracts (AMC) are in existence for AMG supplied machines. Root Cause: ▪ Weak DRP planning. ▪ Lack of complete understanding of AMG requirement wrt DRP. Recommendations: ▪ DLF should maintain back-up systems available for systems Strategic
  • 21. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 21 Risks: ▪ There could be data loss of AMG Labs at DLF, which can lead to extended time required for re-developing the lost data and to recover the data. ▪ There can be instances of data theft also. ▪ Increase time will lead to rise in cost of software development and untimely delivery of software. supplied by AMG. ▪ DLF should have an alternative telecommunication equipment in place to replace fault of ISPs. ▪ The generator facility should be enhanced and should properly cover the Recovery Point Objective(RPO) and Recovery Time Objective(RTO). ▪ DLF should have a customized recovery plan so that there least impact on AMG Labs at DLF, its systems and communication capabilities. ▪ DLF should maintain alternative processing capabilities for the systems supplied by AMG. ▪ DLF should carry out annual maintenance of AMG supplied machines. AMG should also ensure AMC of its machines are being done timely and properly, otherwise there could be physical and logical damage to AMG supplied machines. Business / Security Impact: ▪ As the software industry is changing very rapidly a delay in software delivery may make the software obsolete in the market. Management Comments: DLF has agreed with the observations of the auditor and has agreed to implement the audit recommendations with immediate effect. Responsibility & Timelines: CEO jointly with CTO & with immediate effect.
  • 22. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 22 C. Lapses in Logical Access Procedures Risk: Medium Background: As per SLA between AMG & DLF: 1. Source code development is undertaken on an online basis through the resources at the AMG facility in Houston. Configuration management tools that are in use at AMG perform the configuration management of software under development/maintenance. DLF here has no control over the configuration/change management procedures that are to be followed during the system development or maintenance phases of SDLC. Therefore in lieu of such practices DLF does not maintain any records/documents that record the changes incorporated to software during maintenance/ developmental activities. 2. DLF shall establish and maintain security measures and safeguards reasonably satisfactory to AMG ▪ To protect against the destruction, ▪ Loss, or alteration, and ▪ The unauthorized access, use, or disclosure, any Systems, Deliverables, or other data and materials which DLF from time to time may have in DLF's possession, custody or control at the Center or otherwise pursuant to this Agreement. 3. DLF shall be responsible for ensuring that Systems, Deliverables and other AMG data and materials in DLF’s custody are installed and used only on and/or in combination with designated Systems installed at the Center pursuant to this Agreement as specified in the Contract Addenda. 4. DLF will restrict access to such Systems, deliverables, data and materials at all times to DLF employees who have a “need to know” subject to acceptable undertakings of confidentiality and non-disclosure.
  • 23. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 23 Issue/Observation: Our review revealed that: 1. No Individual Login Creation leads to No Individual Accountability: There is no individual logins created and only group logins have been created as there is no individual accountability assigned to the users. 2. Online Access of Source Code may lead unauthorized access: The source code is to be accessed ONLINE and hence it could lead to any kind of unauthorized logical access to data being transmitted online between AMG, Houston and AMG Labs at DLF. Root Cause: ▪ No Creation of Individual Logins ▪ Online Sharing of Source Codes Recommendations: ▪ Each and every user should strictly have a distinct user id and password in addition to the individual workstation user id and passwords. ▪ Online access to AMG, Houston servers should be through secured and secluded from the other networks of DLF. All source codes should be transferred through Secured Sockets Layer. A clause should be added in the SLA to ensure there is secured transmission of data. Risks: Unauthorised Logical Access: ▪ Non-creation of Individual Login may lead to held responsible whole group ▪ Online Sharing of Source Codes having high risk of Wire Tapping, Hacking, Phishing etc. ▪ Online Sharing of Source Codes poses high chances of breach of IPR of AMG Business / Security Impact: Unauthorised Access may lead to: ▪ Theft of Data ▪ Logical Damage to the Infrastructure ▪ Loss of Confidentiality, Integrity and Availability ▪ DLF as group at Risk of breach of Management Comments: ▪ DLF is changing its network configuration to assign individual user id and passwords to every user in AMG labs at DLF. ▪ DLF has immediately secluded the network for AMG Labs and is working on implementing SSL. Operational Inefficiency
  • 24. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 24 IPR ▪ ABG as group at Risk of loss due to breach of IPR Responsibility & Timelines: CEO jointly with CTO & with immediate effect.
  • 25. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 25 L. References ▪ www.cit.icai.org ▪ www.icisa.cag.gov.in ▪ www.isaca.org ▪ Institute of Chartered Accountants of India Publications on “Information Systems Audit”, “SIA 14, on Internal Audit in Information Technology Environment” ▪ “ISACA ITAF, 1201 “Engagement Planning” ▪ “Security, Audit and Control Features SAP® ERP, 3rd Edition” ▪ Information Systems Assurance Services of ICAI ISA-2 Reference. ▪ ITAF guidelines for audit of third party IT activities ▪ International Standard on Auditing ▪ Standards for IS audit and assurance issued by ISACA o 1201: Engagement Planning o 1202: Risk Assessment in Planning o 1204: Materiality o 1205: Evidence ▪ IS Auditing Guidelines o 2201: Engagement planning o 2202: Risk assessment in audit planning o 2204: Materiality o 2205: Evidence ▪ www.cloud-standards.org ▪ www.cloudaudit.org ▪ www.cloudsecurity.org
  • 26. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 26 M. Disclaimer & Limitations ▪ This Report seeks to focus on some of significant issues arising from our review based on the limited scope of work as mutually agreed upon, to the extent that these may have significant impact on arrangements or matters material to the operations of the Client. The review has been carried out in accordance with and subject to the terms of engagement with the Client. It is the management’s responsibility to develop and maintain sound systems of risk management, internal control and governance. Internal audit work should not be seen as substitute of management’s responsibilities for design and operation of these systems. ▪ As the basis of sample selection for review is purely judgmental based on risk based audit approach and existence of other internal controls, the outcome of the analysis may not be exhaustive. This report does not comment on the commercial nature or effect of the transactions undertaken, contemplated or associated with any of the contracts reviewed or contractual relationships revealed. This report does not comment upon any change/development which may have taken place in the process and functioning of processes after audit date (the last date of our field work). This report has to be read in conjunction with such other reports, if any, issued separately in this regard and not in isolation. ▪ The review was based on the information and data provided to us either in physical or electronic form relating to the operations of the Client covered in their books of account, financial statements, MIS reports etc. Thus, we cannot comment on any liabilities (present or contingent) that may arise as a result of omissions from, or misrepresentations in, the financial statements / information and records provided to us by the client. ▪ It may be noted that our review was restricted to only the specific aspects of the operations of the client covered in the specific location / divisions as outlined in this Report on a standalone basis. The review is restricted to the limited Scope of Work and the subsidiaries / associates / related parties / other divisions of the Client, have not been covered within the ambit of this review. The said review has been finalized based on the documents and records produced before us and the discussions / views provided to us by the
  • 27. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 27 Client’s management team. ▪ We endeavor to plan our work in such a manner so that we have reasonable expectation of detecting significant control weaknesses. However, internal audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected and our examination as internal auditors should not be relied upon to disclose all fraud, defalcations, misappropriations, misrepresentations or other irregularities which may exist. ▪ This report is not intended to provide a summary of all financial, accounting, tax, legal, technical, commercial, Information Technology, human resources and / or any other issues relevant to the Client and aims only to highlight some of the issues in respect of the Client, which, we feel may have a significant and material impact on arrangements or matters material to the Client’s operations based on scope of work being undertaken. ▪ This report is meant for use only by the Client management and the Board of Directors of the Company and should not be quoted or referred to or copied, stored, encrypted and distributed (either in physical form or in electronic form either in full or in part) without our prior written consent. We hold accountability only to the Client within the limited Scope of Work and to no other person/s. ▪ This report has been prepared on the basis of the following assumptions: o That all the opinions expressed by the Client management and its advisors are honestly held by them and that all such opinions and views expressed to us were made and continue to be based on reasonable assumptions and that all statements of fact by any of the foregoing persons were made and continue to be true, accurate, correct and not misleading in any way. o That all documents or copies thereof furnished / produced and examined by us are true and (unless otherwise indicated) complete copies of their originals of such documents were provided. That all agreements, instruments and documents entered into, executed and/or issued by or on behalf of the Client and reviewed by us, were duly authorized and were validly executed and that the relevant parties thereto had all necessary capacity under its or their constitutions to do such things. o That all information or documentation supplied to or examined in connection with the preparation of this report, or from which this report was compiled, was and remains true and is not misleading in any way. This report and our view of the arrangements and documentation contained herein are limited to certain significant regulations, accounting standards etc. as are applicable under the Indian law. We are not reporting on and express no opinion with respect to the laws of any other jurisdiction or any documents or arrangements, which may be
  • 28. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 28 subject to or governed by, the laws of any other jurisdiction. The review shall not in any manner constitute to be a detailed audit / opinion / certification / confirmation of the financial statements, books of accounts, documents of the Client under any law or regulation. o The review findings are based on our view of the current provisions of the various regulations. Government or Judicial authorities may or may not subscribe to the views expressed herein. ▪ Under no circumstances, our liability in respect of this engagement shall exceed the fees received from the Client on the said matter or the actual damages (excluding any penalties) suffered by the Client whichever is less, as determined by the final court of competent jurisdiction in India.
  • 29. Project Report/DISA/THA1708091/Audit of Outsourced Software Development P a g e | 29