Consultants’ Corner Volume 7 | Number 78 | Feb 2013 | Page 1– 13
Drawing by Mamtha D A in the Drawing competition held at NCRCL Bangalore
Work Satisfaction Index Page. 03
Information Security Management System (ISMS) Part II - A closer Look Page. 06
NCR Consultants Limited www.ncrcl.com An Associate of
Our Mission is to apply our professional capabilities with a holistic approach for the happiness of clients, through values and social commitment.
Inside Information Security Management System (ISMS) Part II- A closer Look Risk assessment is the process of identifying risks by analyzing threats to, impacts on, and vulnerabilities of information and information systems and processing facilities, and the likelihood of their occurrence....….… -read more...page 4
3
Message from Dr. RSM
4
Information Security Management System (ISMS) - A closer Look
6
10 Habits of Remarkably Charismatic People
8 Organisational resolutions 9 What’s up at NCRCL? 10 An Exclusive Talk 11 Parichay 12 Quiz Corner 12 Birthday Corner 12 Ha Ha Ha !!!☺
What’s up at NCRCL?
see more..page 10
10 Habits of Remarkably Charismatic People
Organisational resolutions
Some people instantly make us feel important. Some people instantly make us feel special. Some people light up a room just by walking in. ......
The advent of a new year brings with it resolutions, planning, and goal setting. People look at the New Year as an opportunity to wipe the slate clean and start afresh. In such a scenario, the kind of resolutions we make become very important.…....
read more..page 6
read more..page 8
An Exclusive Talk with Madangi Anand
see more..page 10
Parichay
see more..page 11
Consultants’ Corner
Message from Dr. RSM
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Work Satisfaction Index Dr. R. S. Murali muralirs@ncrcl.com
Am I satisfied with the way I am working? is a question some people often ask themselves. Such people are open to self-criticism and are in the path of self-improvement. Do you ask yourself such questions? Shall we ask ourselves this question now? Am I satisfied with the way I am working? According to me there can be only two correct answers: yes or no. In case you say “I actually do not know” or “I am not sure” - then there is a definite problem in you, but I am not going to discuss about it now. The people who say yes, I expect, are likely to be less in number and frankly I am not going to discuss about them for they could be really happy people or just bluffing. As far as I am concerned majority of the people seem not to be satisfied with the way they are working and this includes me. What are the main reasons why we are not satisfied or happy with our work?
We are not doing the work we like
We are not working the way we want to work
We do not understand the work content
We are not sure about the methodology
We are not able to get the best out of our team mates - subordinates and superiors
We find the work routine and boring
We are not being included in the main work that is interesting
And so on... I am sure there are many more reasons These indicate the differences between what we want to do and what we are really doing or what we think we are doing. These need immediate resolution, otherwise it affects us and also the organization we are working for. The resolution might lead to some drastic decision that I or the organization need to take. Suppose you already have understood the same and are keeping quiet lest it affect your daily life? If so, in such a situation only your ego gets satisfied, and you are far away from your soul. Suppose in order to understand the seriousness of the problem, we develop a work satisfaction index (WSI) that would comprehensively give a score based on which we could take immediate action. The scoring model needs to accommodate a range of thinking and hence needs to be a graded score to evaluate various elements in a Likert's scale. The variables that are chosen to evaluate the WSI need to be applicable to all sorts of persons, from the CEO to the LEO (last employee of the organization). Suppose we took the above seven questions and provided a scale of satisfaction for each question of say, 1 to 5 (1 strongly disagree to 5 strongly agree) we will get overall scores with the totally satisfied person at 5 and the totally unsatisfied person at 35. May be above a threshold of 25 or so, people may need immediate resolution. This is the general schema. Ideally this score needs to be correlated to either an internal evaluation of the organization or some equivalent in order to validate the questionnaire. Also the questionnaire needs to contain at least 20 to 30 questions with in-built validations and covering all characteristics and aspects of the WSI we are attempting to study. Is there anyone who is prepared to do this? (Oh, or is this not meant for finance professionals?!)
Art is not what you see, but what you make others see. - Edgar Degas
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Information Security Management System (ISMS) - A closer Look (Part II) Praveena K R praveena@nrcl.com
D. Risk Management i. Define method of Risk Assessment - Risk assessment is the process of identifying risks by analyzing threats to, impacts on, and vulnerabilities of information and information systems and processing facilities, and the likelihood of their occurrence. Choosing a risk assessment method is one of the most important parts of establishing an ISMS. The method chosen must help Evaluate risk based on levels of confidentiality, integrity, and availability; Set objectives to reduce risk to an acceptable level; Determine criteria for accepting risk; and Evaluate risk treatment options. The organization‟s approach to information security risk management and the criteria for information security risk evaluation and the degree of assurance required have to be clearly determined and documented.
“ Risk is a combination of the likelihood and severity or frequency that a specific threat will occur.” ii. Information Asset Inventory - Organisation has to prepare e a list of the information assets to be protected and an owner for each of those assets. It has to also identify where the information is located and how critical or difficult it would be to replace. This list should be part of the risk assessment methodology document that was created in the previous step. A sample of such a list is given in Table 1 below: Table 1: Information Asset Inventory Asset
Details
Owner
Location
CIA Profile
Replacement Value
1.
Strategic Information
Medium and long term plans
CEO
CEO PC
High
2.
Project Plans
Short Term Plans
CEO
CEO PC
Medium
3.
.....etc.
Risk Value
Control
Sufficient control?
iii.Identify Risks - For each asset defined in the previous step, risks have to be identified and classified according to their severity and vulnerability. In addition, the impact that loss of confidentiality, integrity, and availability may have on the assets has to be determined. A sample is shown in Table 2. To begin identifying risks, actual or potential threats and vulnerabilities for each asset have to be identified.
A threat is something that could cause harm. For example, a threat could be an Intentional, accidental, or man-made act that could inflict harm or an act of God (such as a hurricane or tsunami)
A vulnerability is a source or situation with a potential for harm (for example, a broken window is a vulnerability; it might encourage harm, such as a break in). contd on next page
We make a living by what we get, we make a life by what we give. Sir Winston Churchill
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Table 2: Information Asset Risk Identification Asset
Details
Owner
Strategic Information
Medium and long term plans
CEO
Project Plans
Short Term Plans
CEO
Location
CIA Profile
Replacement Value
CEO PC
C:High I: High A: Med
High
CEO PC
C: High I: High A: Low
Medium
Risk Value
Control
Sufficient control?
.....etc.
iv. Assess Risks & Probability of Occurance - After the Organisation has identified the risks, it needs to assign values to the risks. The values will help the Organisation determine if the risk is tolerable or not and whether it needs to implement a control to either eliminate or reduce the risk. To assign values to risks, the considerations will be: The value of the asset being protected, The frequency with which the threat or vulnerability might occur, and The damage that the risk might inflict on the company or its customers or partners. Table 3: Information Asset Risk Assessment Asset
Details
Owner
Location
CIA Profile
Replacement Value
C:High I: High A: Med C: High I: High A: Low
High
High
Medium
Medium
Strategic Information
Medium and long term plans
CEO
CEO PC
Project Plans
Short Term Plans
CEO
CEO PC
Risk Value
Control
Sufficient control?
.....etc.
v. Risk Mitigation - Next, for the risks that have been determined to be intolerable, the Organisation must take one of the following actions: decide to accept the risk, for example, actions are not possible because they are out of the Organisation's control (such as natural disaster or political uprising) or are too expensive.
transfer the risk, for example, purchase insurance against the risk, subcontract the activity so that the risk is passed on to the subcontractor, etc.
reduce the risk to an acceptable level through the use of controls.
To reduce the risk, it should evaluate and identify appropriate controls. These controls might be controls that an organization already has in place or controls that are defined in the ISO/IEC 27002 (ISO/IEC 17799) standard. A sample is given in Table 4. Table 4: Information Asset Risk/Control Profile Asset
Details
Owner
Location
CIA Profile
Replacement Value
Risk Value
Strategic Information Project Plans
Control
Sufficient control?
Medium and long term plans
CEO
CEO PC
High
High
Ref to ISO Clause/ Internal Control doc
Yes
Short Term Plans
CEO
CEO PC
C:High I: High A: Med C: High I: High A: Low
Medium
Medium
Ref to ISO Clause/ Internal Control doc
Yes
.....etc. Business Impact Analysis and Business Continuity Planning to be covered in the next issue of Consultants‟ Corner
The goal of life is to make your heartbeat match the beat of the universe to match your nature with Nature. - Joseph Campbell
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
10 Habits of Remarkably Charismatic People Karthik M V karthikmv@ncrcl.com
Charisma isn't something you have. It's something you earn. Read more to find out how. Some people instantly make us feel important. Some people instantly make us feel special. Some people light up a room just by walking in. We can't always define it, but some people “Be humble. Admit your have it. They're mistakes. Be the cautionary naturally charistale. And laugh at yourself. matic. They build and maintain great While you should never laugh at other people, you relationships, consistently influence should always laugh at (in a good way) the yourself” peopl e ar ou nd them, consistently make people feel better about themselves - they're the kind of people everyone wants to be around...and wants to be.
Remarkably charismatic people listen closely to everyone, and they make all of us, regardless of our position or social status or "level," feel like we have something in common with them. 3. They put their stuff away. Don't check your phone. Don't glance at your monitor. Don't focus on anything else, even for a moment. You can never connect with others if you're busy connecting with your stuff, too. Give the gift of your full attention. That's a gift few people give. That gift alone will make others want to be around you and remember you.
Fortunately we can, because being remarkably charismatic isn't about our level of success or our presentation skills or how we dress or the image we project - it's about what we do. Here are the 10 habits of remarkably charismatic people: 1. They listen way more than they talk. Ask questions. Maintain eye contact. Smile. Frown. Nod. Respond--not so much verbally, but nonverbally. That's all it takes to show the other person they're important. Then when you do speak, don't offer advice unless you're asked. Listening shows you care a lot more than offering advice, because when you offer advice in most cases you make the conversation about you, not them. Only speak when you have something important to say--and always define important as what matters to the other person, not to you. 2. They don't practice selective hearing. Some people--I guarantee you know people like this--are incapable of hearing anything said by the people they feel are somehow beneath them.
4. They give before they receive--and often they never receive. Never think about what you can get. Focus on what you can provide. Giving is the only way to establish a real connection and relationship. Focus, even in part and even for a moment, on what you can get out of the other person and you show that the only person who really matters is you.
contd on next issue
Art is a personal act of courage, something one human does that creates change in another. - Seth Godin
Consultants’ Corner 5. They don't act self-important The only people who are impressed by your stuffy, pretentious, self-important self are other stuffy, pretentious, self-important people. The rest of us aren't impressed. We're irritated, put off, and uncomfortable. And we hate when you walk in the room. 6. Because they realize other people are more important. You already know what you know. You know your opinions. You know your perspectives and points of view. That stuff isn't important, because it's already yours. You can't learn anything from yourself. But you don't know what other people know, and everyone, no matter who they are, knows things you don't know. That makes them a lot more important than you - because they're people you can learn from. 7. They shine the spotlight on others. No one receives enough praise. No one. Tell people what they did well. Wait, you say you don't know what they did well? Shame on you - it's your job to know. It's your job to find out ahead of time. Not only will people appreciate your praise, they'll appreciate the fact you care enough to pay attention to what they're doing. Then they'll feel a little more accomplished and a lot more important. 8. They choose their words. The words you use impact the attitude of others. For example, you don't have to go to a meeting; you get to go meet with other people. You don't have to create a presentation for a new client; you get to share cool stuff with other people.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
You don't have to go to the gym; you get to work out and improve your health and fitness. You don't have to interview job candidates; you get to select a great person to join your team. We all want to associate with happy, enthusiastic, fulfilled people. The words you choose can help other people feel better about themselves - and make you feel better about yourself, too. 9. They don't discuss the failings of others Granted, we all like hearing a little gossip. We all like hearing a little dirt. The problem is, we don't necessarily like - and we definitely don't respect - the people who dish that dirt. Don't laugh at other people. When you do, the people around you wonder if you sometimes laugh at them. 10. But they readily admit their failings. Incredibly successful people are often assumed to have charisma simply because they're successful. Their success seems to create a halo effect, almost like a glow. Keyword is seem. You don't have to be incredibly successful to be remarkably charismatic. Scratch the shiny surface, and many successful people have all the charisma of a rock. But you do have to be incredibly genuine to be remarkably charismatic. Be humble. Share your screwups. Admit your mistakes. Be the cautionary tale. And laugh at yourself. While you should never laugh at other people, you should always laugh at yourself. People won't laugh at you. People will laugh with you. They'll like you better for it - and they'll want to be around you a lot more. (Source: An article written by Jeff Haden in Inc.com)
Happiness is not a state to arrive at, but a manner of traveling. - Margaret Lee Runbeck
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Organisational resolutions Rekha Murali rekha@ncrcl.com (As published in „The Hindu—opportunities‟ dated January 09, 2013)
The advent of a new year brings with it resolutions, planning, and goal setting. People look at the New Year as an opportunity to wipe the slate clean and start afresh. In such a scenario, the kind of resolutions we make become very important. Besides the very personal goals such as losing weight, or hitting the gym, we need to channelise the resolutions towards development of the self as well as that of the organisation. So what are the goals we set for ourselves when it comes to the workplace? Do we look at goals that would not only benefit us but also help the organisation grow? Goals when set in tandem with the organisation, brings about a synergy for positive growth and workplace happiness. We would then feel motivated to work on our resolutions without letting it fizzle out after a week. These resolutions could involve others as a team. The team could support and egg each other on, working towards the desired goals. These collective resolutions in agreement with co workers help nurture the workplace and the individual. Some collective resolutions could be anything ranging from strengthening an area of business or adopting and implementing the latest technology such as cloud computing at the workplace. What is important is that for accomplishing such a task, development of the individuals in the team become important. It could be something as simple as acquiring the skills and knowledge on the business or technology, or building resources for development of the business. So this way, the individual enhances his/her skills and the organisation achieves a spurt in growth of its business. This planning could be for a short term of even one year or a long term extending to more than three years. Not losing focus on the goal, and setting the sight on achievable goals would be the key criterion.
How can a company achieve this? First and foremost, the organisation needs to identify individuals whose goals are in sync with the mission and vision of the company. The next step would be to arrive at a suitable goal that is mutually beneficial. To arrive at such goals, the management could through discussion list out the individual goals and then do brainstorming on how to take the company forward. This healthy discussion could help zoom in on common goals. The third and final step would involve chalking a path towards fulfilment of this goal. Sheer brainstorming and planning on paper is not a foolproof method in carrying forward the mission. The company needs to provide the necessary infrastructure, funding, clientele and support. The management must lead by example spearheading the initiatives. The team must not be allowed to forget the collective goal. For this, suitable review processes must be in place with passionate leaders at the helm to guide the team. Short term targets could be planned with suitable incentives and rewards for achievement. The review processes help identify if the project is on course and identify blind and weak spots.
How can the employee sustain and achieve his resolution? An individual can still succeed provided his goals are clear and it is in sync with the organisational goals. What is required is acceptance of his/her strengths and weaknesses and a passion to succeed and excel in the task. This drive would help stay in focus on the goal. A happy employee is one who not only derives satisfaction from his/her achievement but feels passionate about the organisational achievements. When the goals are in sync, there is a selfless need to excel and the competition within the team remains healthy. Therefore when resolutions are made which matches the organisational goals, the sky is the limit. All that is required is a supportive team leading to a happy and cheerful workplace.
What you are is what you have been. What you'll be is what you do now. - Buddha
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
What’s up at NCRCL? R S Murali and Kishore attended a week long certificate course on Forensic Accounting conducted by ICAI, Chennai. RSM was adjudged the third overall best student. Congratulations!
A team from KPMG paid a visit to NCRCL Bangalore office on 18th Jan 2013 to get insights on our Taluk Panchayat Strengthening project
A presentation on IFRS 13 being presented by Gopal Agarwal and Karthik M V during the i2i IFRS Management Services Seminar held on 03rd Jan 2013 at Bangalore
Gopal Agarwal, Ashok Rao & Shrikanth Maiya with Police Sub-Inspector discussing a point as part of “Process Mapping of Police Stations” project
NCRCL Chennai performs the Sankata Hara Chaturthi" for Lord Ganesha every month. The picture shows our very own priest Balaji performing the rituals.
NCRCL Bangalore staff during a two day picnic to Coorg in January 2013. Vinod Murali joins NCRCL® Chennai as Consultant Support.
Shrikanth Maiya joins NCRCL® Bangalore as Head Admin. We extend a very warm welcome to both of you!! Click here to see more photos
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
An Exclusive Talk with Madangi Anand
Madangi Anand Bcom, CA Inter, CS Inter Working as Consultant Support Born on 07th December Email: madangianand@gmail.com Phone No: +91 9841045680
CC. The meaning of your name. Madangi Anand: Goddess
CC. What do you most like about a person? Madangi Anand: Soft nature
CC. Nickname. Madangi Anand: Maadu/Dangima
CC. What do you most hate in a person? Madangi Anand: A person raising his/her voice in anger
CC. Your dream job. Madangi Anand: To work for a big four CC Your first impression of NCRCL. Madangi Anand: Everything in its place & a place for everything CC. What personal/emotional characteristic of yours do you want to change? Madangi Anand: Over sympathy for others CC. Money or job satisfaction? Madangi Anand: Both CC. Your Stress buster. Madangi Anand: Listening to music, eating, sleeping, spending time with loved ones, spending time with my pets CC. Do you have a small circle of close friends, rather than a large number of friends? Madangi Anand: Small circle of friends
CC. Team work vs Individual work – your comments. Madangi Anand: Team work is preferred due to synergy effect CC. Do you make efforts to get others to laugh and smile? Madangi Anand: No CC. Your heart rules your head or your head rules your heart? Madangi Anand: Heart rules my head CC. What kind of special talent do you have? Madangi Anand: Singing CC. What are your hobbies? Madangi Anand: Listening to music, visiting temples, fostering cats, reading novels.
12
13
Parichay
Know our Associates!
OBSITECH OBSITECH, the decade-old company headquartered in Chennai (India), brings with it the legacy of intelligent technologies. As an end-to-end solutions provider, the company addresses various business information needs and take you through the entire cycle of project implementation for OLTP Solutions, Business Intelligence (BI) Solutions, ERP Solutions, OLAP Solutions, Enterprise Application Integration Solutions and Database Migration/ Integration/ Management. They have in their portfolio, different services that are appropriate to both international and domestic client organizations. Their expertise spans across various domains viz. automotive, banking, finance, logistics, healthcare, and retail. They have strategic alliances with leading Business Intelligence and Data Warehousing companies to provide all-inclusive solutions for your decision challenges. Moreover, they constantly monitor and update their skills to sustain technological competence stay ahead of the rapid changes in Business Intelligence technology to guarantee value additions. NCRCL is proud to be associated with OBSITECH. NCRCL along with OBSITECH carried out a successful assignment of setting up of Business Intelligence for GATI logistics, a leading logistics company in India. NCRCL continues to look at various options of working with OBSITECH through discussion and feasibility of projects.
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Quiz Corner 1). In terms of per capita income which is the richest country in the world ? 2). Twigs from which tree were recommended by Prophet Muhammad for brushing. It is also a brand. 3). In Google, for products to be accepted they need to pass a “toothbrush test “. What is it ? 4). Which Indian co is the largest tractor manufacturer in the world ? 5). Which recently released movie has been given two awards by Indian govt for promoting Indian tourism ? Send in your answers to the editor at cc@ncrcl.com Participants with the correct entry will be awarded with a Recognition Certificate by NCRCL.
Answer To last month’s Knowledge Snippet question: The advertisement for this computer first appeared on the reverse of a pizza box. which brand are we talking about?
Answer: Dell
Ha Ha Ha !!!
Birthday Corner!
Mahesh - 3rd Feb
Rekha Murali - 19th Feb
Gopal Agarwal - 17th Feb
Namith - 21st Feb
Comment At the outset I would like to thank you for giving me the Bahula Siddhi Meditation recording of GN Reddy. I am practicing the same along with my 17 students who are NRIs and attempting this May IPCC exams. We all are finding it extremely useful. 20 mins of a day is keeping us afresh for next 20 hours. Thanks a lot!!! -CA. U R Srikaanth
Your feedback Kudos on the great work... Rekha's article on the darker side of 'Perfection' was insightful. Ashok's article on Public Works management was very interesting. -Praveena K R If you have any comment/suggestion for the editors, please write to us at cc@ncrcl.com! Your views and comments on articles featured here are also welcome!
A different language is a different vision of life. - Federico Fellini
NCR Consultants Limited
Our Business Associates
NCR & Co Chartered Accountants
www.hsbconsulting.biz
www.4spl.biz
www.mcmillanwoods.com
www.obsitech.com
www.nathaninc.com
www.deltacadd.com
www.fichtner.in/india.htm
www.altacit.com
Karnataka Institute of Public Auditors
www.ineval.org
www.fugoconsulting.com
i2i IFRS
Contact
Registered Office: 2nd Floor, New No. 4, Old No. 23, C P Ramasamy Road, Alwarpet, Chennai - 600 018 Ph: +91 44 2466 0955 Fax: +91 44 4218 5593 Email: chennai@ncrcl.com
Branch Office: #107, 1st Floor, Railway Parallel Road, Kumarapark West, Bangalore - 560 020 Ph/Fax: +91 80 23560265 Email: bangalore@ncrcl.com
Website: www.ncrcl.com