Wednesday, 19 April 2017

IT Audit & Types of IT Audit

Software Application Development Company

The word ‘Audit’ coined from the Latin word ‘audire’ which means ‘to hear’. From the time of ancient Egyptians, Greeks and Romans, the practice of accounting and auditing existed. Auditing was executed in ancient India. Kautilya’s ‘Arthashastra’ existed in 4th century BC in Mauryan period and carries great importance. He stated that the head of finance and audit should independently and individually report the king.

The Comptroller and Auditor General Of India was formerly called the Accountant General to the Government of India in 1858 and later labelled as the Auditor General of India in 1860. The Constitution Act, 1950, re-designated the Auditor General as Comptroller and Auditor General. It is understood that the first practice of a computerized accounting system was at General Electric in 1954. The industry soon recognized that they needed to develop their own software and the first of the generalized audit software (GAS) was developed. Information Technology Auditing (IT auditing) began as Electronic Data Process (EDP) Auditing and developed basically as a result of the rise in technology in accounting systems.

In 1977, the first edition of Control Objectives was issued. This publication is now identified as Control Objectives for Information and related Technology (CobiT). CobiT is the set of commonly accepted IT control objectives for IT auditors. In 1994, Electronic Data Processing Auditors Association (EDPAA) reformed its name to Information Systems Audit and Control Association.

IT Audit is defined as the procedure of collecting and evaluating evidence to decide whether a computer system safeguards assets, maintains data integrity, allows organizational goals to be achieved effectively and uses resources efficiently.

Let’s look at various types of IT audit that are conducted in software companies in India:

  • Financial audits
A third-party inspection of a company's financial records and reporting initiates. Its objective is to review the financial statements; and to state whether these statements offer factual view of transactions performed by an organization.


  • Operational audits
A future-oriented, systematic, and independent assessment of organizational activities of asp.net software companies in India. Financial data may be used, but the key sources of evidence are the operational policies and accomplishments related to organizational objectives. Internal controls and efficiencies may be assessed during this type of review.

  • Integrated Audit
This is a grouping of an operational audit, department review, and IS audit application controls review.

  • Forensic audits
An investigation and evaluation of a firm's or individual's financial facts for use as evidence in court. A forensic audit can be conducted in order to accuse a party for fraud, misuse or other financial claims.

  • Investigative audits
This is an audit that takes place as a consequence of a report of unusual or doubtful activity on the part of an individual or a department of c# software company in India. It is usually engrossed on specific aspects of the work of a department or individual.

  • Compliance audit
compliance audit is an all-inclusive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants assess the strength and thoroughness of compliance. For example, you may decide whether the business is complying with U.S. Environmental Protection Agency (EPA) standards on the clearance of toxic waste. Or you may look at whether a credit card company is ensuing federal law with regards to charging its cardholders permissible fees and interest.

IT Audit helps ASP DOT NET software companies in India in numerous was such as:

  • Protecting assets-h/w, s/w, people, files
  • Preserving data integrity
  • Letting organizational goal to be accomplished effectively and using resources efficiently
  • Obeying the Compliances of Regulatory and Legal requirement
  • Nonstop improvement

Important terminologies used in IT Audit

Software Application Development Company

IT Audit is defined as the procedure of collecting and evaluating evidence to decide whether a computer system defends assets, maintains data integrity, allows organizational goals to be achieved effectively and uses resources efficiently.

Here are important terminologies used in IT Audit by majority of software companies in India:

Audit - An audit is an evidence collecting process. Audit evidence is used to assess how well audit criteria are being met. Audits must be objective, unbiased, and independent, and the audit process must be both systematic and documented.

Auditee - An auditee is an organization (or section of an organization) that is being audited. Organizations can comprise companies, corporations, enterprises, firms, charities, associations, and institutions. Organizations can be either incorporated or unincorporated and can be privately or publicly possessed.

Auditor - An auditor is a person who conducts the audits. Auditors gather evidence in order to evaluate how well audit criteria are being met. They must be objective, unbiased, independent, and proficient.

Audit client - An audit client is any person or organization that appeals for an audit. Internal audit clients can be either the auditee or audit program leader whereas external audit clients can include regulators or customers or any other stakeholders that have a legitimate or contractual right or responsibility to carry out an audit.

Audit criteria
- Audit criteria comprise policies, procedures, and requirements. Audit evidence is used to decide how well audit criteria are being fulfilled. Audit evidence is used to decide how well policies are being implemented, how well procedures are being executed, and how well requirements are being charted.

Audit evidence
- Audit evidence includes records, actual statements, and other certifiable information that is related to the audit criteria being used. Audit criteria contain policies, procedures, and requirements.

Audit findings - Audit findings are outcome from a process that evaluates audit evidence and equates it against audit criteria. Audit findings can demonstrate that audit criteria are being fulfilled (conformity) or that they are not being fulfilled (nonconformity).

Assertion - Assertions or management assertions in audit or auditing purely means what management claims. For example, if a management declares that internal controls are effective then it is an entitlement or assertion made by management.

Confirmations - The acceptance of a documented or verbal response from an independent third party.

Reperformance
- Reperformance involves rechecking a sample of the computations and transfers of data.  Rechecking of computations comprises testing mathematical accuracy.

Audit charter – It refers to a document arranged by an organization for internal control and audit, which clearly states the management’s responsibility, authority and accountability for IS audit. An audit charter is a charter that institutes an internal audit department for an existing software company in India.

Responsibility covers :
  • Mission
  • scope
  • Independence
  • Auditee’s necessity

Authority covers:
  • Right of access to information, personnel, locations and systems applicable to the performance of audits
  • Functions to be audited
  • Organizational structure, including reporting positions to board and senior management

Accountability addresses :
  • Designated/intended recipients of the report
  • Assessment of compliance with standards
  • Agreed completion dates
  • Agreed budgets
  • Agreed actions e.g. penalties when either party fails to carry out its responsibility.


Follow-up - Review of verdicts i.e. actions taken to resolve internal audit findings. They may be tested to ensure that preferred results were achieved.

Nowadays, IT auditing has become an integral part of almost any software company in India. This has created a mandate to know the implication of important terminologies that are used in IT audit.


Friday, 10 March 2017

ITIL Service Operations

Software Application Development Company

Service Operation

The ITIL Service Operation ensures that IT services like fulfilling the user requests, carrying out the daily operational activities, resolving or fixing the service problems, are taken into account and delivered in an effective way.

The Service Operation includes different phases, namely :
  • Service Desk
  • Incident Management
  • Event Management
  • Request Fulfillment
  • Access Management
  • Problem Management
  • Technical Management
  • IT Operations Management
  • Application Management

SERVICE DESK

The objective of the Service Desk includes :
  • To serve as FIRST Point of Contact (FPOC)
  • Play a vital role in achieving Customer Satisfaction
  • First Level Fix (FLF) and First Level Diagnosis (FLD)
  • To coordinate the activities between End User and IT Service Provision Teams
  • To OWN the Logged Request and ensure the Closure.
  • Escalate as appropriate
  • To support other IT Provision Activities on need basis

Types of Service Desk :
  • Central Service Desk
  • Local or Distributed Local Service Desk
  • Virtual Service Desk
  • The Sun Model
  • Specialized Service Desk

INCIDENT MANAGEMENT

The objective of the Incident Management includes :
  • To restore the Normal service operation as fast as possible for the process continuation
  • To keep the track and log of the incidents wherever applicable
  • To deal with all incidents consistently
  • To assist Problem Management team as required
  • To assist Service Desk for any kind of RFCs
Activities :
  • Incident Management Support
  • Incident Categorization
  • Immediate resolution of the Incident by 1st Level Support
  • Incident Resolution by 2nd Level Support
  • Handling of the Major Incidents taking place
  • Incident Monitoring
  • Incident Management Reporting

EVENT HANDLING

The objective of the Event Handling includes :
  • Detect Events, Analyze them and take the appropriate action
  • Monitor, Record and filter the relevant events
  • To do trend Analysis as a part of Proactive Measure
  • Contributes to maintain SLAs.

REQUEST FULFILLEMENT

The objective of the Request Fulfillment includes :
  • To communicate the information regarding existing Standard services and the procedures
  • To provide channel and mechanism for users to avail the standard IT services
  • To provide the standard services to users
Activities :
  • Request Fulfillment Support
  • Request Log and Categorization
  • Request Model Execution
  • Request Monitoring
  • Request Closure and Evaluation

ACCESS MANAGEMENT

The objective of the Access Management includes :
  • Granting authorized users the access to their Required services
  • Ensure that the Right level of access is provided
  • To revoke the access after getting approvals
  • To prevent the non-authorized access
PROBLEM MANAGEMENT

The objective of the Problem Management includes :
  • To ensure that problems are identified and resolved
  • To eliminate incidents taking place continuously
  • To minimize the impact of the incidents or problems that cannot be prevented
IT OPERATIONS MANAGEMENT

The objective of the IT Operations Management includes :
  • Ensure the Infrastructure Stability by performing basic level jobs
  • Support day to day operational activities
  • To improve overall operational performance and saving costs
  • Initial level diagnosis of operational incidents
Activities :
  • Backup and Restore jobs, Tape Management
  • On call (telephone) or Remote Control resolution
  • Facilities Management (e.g. Printer management)
  • Basic H/W and S/W installations/configurations

TECHNICAL MANAGEMENT

The objective of the Technical Management includes :
  • Design of efficient, resilient and cost-effective IT Infrastructure for the organization
  • Maintain Technical Knowledge and Expertise as required to manage this IT Infrastructure
  • Availability of actual technical resources during failure
  • To provide all the necessary technical resources for complete lifecycle
Activities :
  • Manage the complete lifecycle of Organization's IT Infrastructure
  • Constantly update Technical expertise

APPLICATION MANAGEMENT

The objective of the IT Operations Management includes :
  • Identify the requirement of Applications
  • Design efficient, resilient and cost effective applications for managing IT Infrastructure
  • To ensure security of the applications
  • Maintain day-to-day activities operational applications
  • Provide support during Application Failures
  • Efficiently improving the functionality of applications as per organization’s needs
Activities :
  • Manage applications throughout their lifecycle
  • Assist Design, Build, Test and implement applications
  • Maintain knowledge and expertise for Managing the applications
  • Make Application resources available whenever required

Conclusion: Thus, each and every custom and software development company should implement the service operation and perform necessary activities, taking into consideration the objectives, to reach the best possible outcome. This will ease up the workflow of an IT organization with the effective and efficient outcomes and maintain the positive customer relationship.

References :

http://wiki.en.it-processmaps.com/index.php/ITIL_Service_Operation

Wednesday, 8 February 2017

Steganography

asp.net software companies in India
Steganography is the art of protected or hidden writing. The purpose of steganography is covert communication to hide the presence of a message from a third party asp.net software companies in India

Steganography methods:

Substitution Methods (Spatial-Domain): A secured robust approach of information security is planned. It presents two module based LSB (Least Significant Bit) methods for inserting secret data in the LSB’s of blue mechanisms and partial green components of random pixel places in the edges of images for the software companies in India. An adaptive LSB based steganography is planned for embedding data based on data available in MSB’s of red, green, and blue components of arbitrarily selected pixels across plane areas. It is more robust as it is linked with an Advanced Encryption Standard (AES). A new high capacity Steganography scheme using 3D geometric models is projected. The algorithm re-triangulates a part of a triangular mesh and inserts the secret information into newly added position of triangular meshes. 

Transform Domain Methods: A method that customs two gray scale images of size 128 x 128 that are used in software companies India as surreptitious images and inserting is done in RGB and YCbCr domains. The quality of stego images are decent in RGB domain by comparing the PSNR values. It uses Integer Wavelet Transform (IWT) to hide secret images in the color cover image. It compared the PSNR values and image quality when inserting is done in the RGB and YCbCr domains. Integer Wavelet Transform (IWT) have been recommended to hide multiple secret images and keys in a color cover image which is more effective. The cover image is categorized in the YCbCr color space. Two keys are found, encrypted and hidden in the cover image using IWT.

Statistical Methods: A practical methodology for minimizing additive distortion in steganography with general implanting operation which is more flexible and easy. Syndrome-Trellis Codes (STC) are used to increase the safety of the system. STC divides the samples into various bins (binning) which is a public tool used for resolving many information-theoretic and also data-hiding problems. The planned method can be used in both spatial & transform domain. A proper distortion function is selected which makes statistical detection difficult. Once the stenographer specifies the distortion function, the planned framework provides all tools for constructing practical embedding schemes. The distortion method or the embedding operations need not be shared with the receiver.

Distortion Methods: The method referred to as matrix encoding needs the sender and recipient to agree in advance on a parity check matrix H. The cover medium is processed to extract an order of symbols ѵ, which is changed into s to embed the message m, s is sometimes called the stegodata, and alterations on s are translated on the cover-medium to obtain the stego-medium. The image is blurred before hiding the message copy using special point spread function and arbitrarily generated key. Successive LSB embedding in the R plane is done in this project. The quantity of rows and columns of the message image is encrypted in the first row of the cover copy. Before inserting, the original message image is blurred using the specific PSF. The parameters used for blurring with PSF are cast-off as keys during deblurring. The secret key values are directed through a secure channel (Tunneling). The secret image is enhanced using the two keys and a third key, which is arbitrarily generated and depends on the content of the hiding message.

Steganography hides the covert message but not the detail that two parties are communicating with each other. The steganography process usually involves placing a hidden communication in some transport medium, called the carrier. The secret message is entrenched in the carrier to form the steganography standard. The use of a steganography key may be working for encryption of the hidden message and/or for randomization in the steganography system.

Tuesday, 10 January 2017

Some success stories of information systems integration during merger and acquisition

software development companies

1. Introduction

The evolution of the merger and acquisition is interesting to know over the last 100 years. Economists and historians primarily refer to 6 waves in the mergers and acquisitions activities.

These 6 waves are as follows :
  • First Wave (late 1800’s): Horizontal groupings and consolidations of several industries.
  • Second Wave (early 1900’s): Mainly horizontal pacts, but also many vertical pacts.
  • Third Wave (mid 1900’s): The conglomerate era involving acquisition of companies in different industries.
  • Fourth Wave (late 1900’s): The period of corporate raider, financed by junk bonds.
  • Fifth Wave (early 2000’s): larger mega mergers.
  • Sixth Wave (till date): More strategic mergers designed to complement company strategy. Focus on post-merger integration.

2. Factors of Successful Integration

Following are the key points of integration process:

2.1. Integration Planning: Business and IT Strategy Alignment

IT has a major impact on the complexity, cost, and time required to complete merger and acquisition planning and execution. Companies, especially software development companies, must keep a check on the complexity, cost and time.

Accenture research has found that those companies that involved IT in the pre-deal planning for the M&A not only did better in term of financial results, but also reported the overall merger integration as a success.

2.2. Integration Planning: Perform an IT due diligence

An IT due diligence should be performed before the deal is signed. Due diligence is an investigation or audit of a potential investment. IT due-diligence should be thorough.

J.P. Morgan Chase, Procter & Gamble confirmed the importance of IT due diligence.

2.3. Speed of Integration

Speed of integration is always mentioned as one of key successful factors of the M&A. The variability of the IT system can make the compliance effort very costly. Companies have to act quickly to identify the compliance list to address the same as fast as they can.

Software development companies can always adopt this success factor i.e., speed of integration, as they already have expertise about software and systems.

2.4. Effective Communication

The Culture issue has been a common concern in mergers and acquisitions integration. But if IT cultural issues are addressed properly, the success of the integration can be greatly boosted.

KPMG's surveys (KPMG 1999, KPMG 2001) found that 26% of companies had better-than-average success if they focused on resolving cultural issues and 13% more likely than average to have a successful deal when they gave priority to communications.

2.5. Application Selection

Swift and comprehensive integration of IT systems greatly enhances the chances of overall merger and acquisition success. The selection of applications is not based on individual applications, but on a group of similar applications, which is known as an application cluster.

2.6. Organization and HR: IT Organizational Fit

The IT integration of M&A includes the following components:
1. Integration of Information System that supports business units
2. Integration of IT organization itself

The success of the M&A depends on the above mentioned factors. Adopting one or more of the factors will let the organization realize the M&A success rapidly.

3. The Cisco Case Study

Mergers and acquisitions expert Cisco Systems, that has acquired more than 125 firms in the past 15 years, takes culture into consideration with acquiring smaller firms. They evaluate the culture of the target, making sure there is some chemistry between Cisco and the target.

A prime example of Cisco’s philosophy in action is their acquisition of networking star Linksys in 2004. While Cisco engineers and manufactures configurable products for the enterprise, Linksys outsourced many of its functions and sold its products through retail channels to consumers. Cisco being a Business-focused firm differed from Linksys’s culture that was consumer-focused.

Cisco staff worked with Linksys employees to determine those areas in which Cisco would more fully integrate with Linksys, as well as those areas that would remain distinct and separate, a process called “selective integration.

Ultimately, they found little commonality in application needs but were able to integrate fully in many other areas, such as sharing data-center space, productivity software, and HR functions.

Sometimes, Cisco acquires companies with different business models. This way they learn in an area where they don’t have a history of operating.

This is how Cisco leverages advantages of other companies and also lets other companies take benefit of its uniqueness of its operations and business model.

Cisco has also acquired software development companies in India. Pawaa Software, a Bengaluru based company, is one of the Indian company that Cisco has acquired.

4. Conclusion

The complete article can be concluded by dotting down the factors that each company should keep in mind at the time of their merger or acquisition. They are:

1. Early involvement of IT
2. Alignment of IT strategy with business strategy of the company, which includes the notion that business strategy, determines the integration approach
3. Know what you are buying. Conduct due diligence before the merger is closed
4. Detail planning of the integration
5. Effective communication to all the stakeholders (including its employees)
6. Perform fast integration where it matters and is feasible
7. Effective employment of application selection so as to reduce IT integration complexity
8. IT organization fit is crucial

5. Reference

http://www.tgcpinc.com/SiteData/doc/MergersAcquisitions-MBrenner-071409/976ceba14c4fae75a4bbcb514bb34762/MergersAcquisitions-MBrenner-071409.pdf
http://www.cio.com/article/2440630/mergers-acquisitions/success-factors-for-integrating-it-systems-after-a-merger.html
https://dspace.mit.edu/bitstream/handle/1721.1/35101/71356376-MIT.pdf?sequence=2
http://www.ibmsystemsmag.com/power/businessstrategy/migration/mergers_acquisitions/?page=1
http://www.itbusinessedge.com/cm/blogs/lawson/four-lessons-for-it-integration-after-a-merger-and-acquisition/?cs=34380