consultants corner-feb 2013
Post on 31-Mar-2016
215 Views
Preview:
DESCRIPTION
TRANSCRIPT
NCR Consultants Limited www.ncrcl.com
An Associate of
Volume 7 | Number 78 | Feb 2013 | Page 1– 13
Consultants’ Corner
Information Security Management System
(ISMS) Part II - A closer Look Page. 06
Work Satisfaction Index Page. 03
Drawing by Mamtha D A in the Drawing
competition held at NCRCL Bangalore
3 Message from Dr. RSM
4 Information Security Man-agement System (ISMS) - A closer Look
6 10 Habits of Remarkably Charismatic People
8 Organisational resolutions
9 What’s up at NCRCL?
10 An Exclusive Talk
11 Parichay
12 Quiz Corner
12 Birthday Corner
12 Ha Ha Ha !!!☺
Inside
Our Mission is to apply our professional capabilities with a holistic approach for the happiness of clients,
through values and social commitment.
Information Security Management System (ISMS) Part II- A closer Look
Risk assessment is the process of identifying risks by analyzing threats to, impacts
on, and vulnerabilities of information and information systems and processing facili-
ties, and the likelihood of their occurrence....….…
-read more...page 4
An Exclusive Talk with Madangi Anand
Parichay
see more..page 11
10 Habits of Remarkably Charismatic People
Some people instantly make us feel important. Some peo-
ple instantly make us feel special. Some people light up a
room just by walking in. ......
read more..page 6
see more..page 10
What’s up at NCRCL?
Organisational resolutions
The advent of a new year brings with it resolutions, plan-
ning, and goal setting. People look at the New Year as an
opportunity to wipe the slate clean and start afresh. In
such a scenario, the kind of resolutions we make become
very important.…....
read more..page 8
see more..page 10
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner
Work Satisfaction Index Dr. R. S. Murali
muralirs@ncrcl.com
Message from Dr. RSM
Am I satisfied with the way I am working? is a question some people often ask themselves.
Such people are open to self-criticism and are in the path of self-improvement. Do you ask
yourself such questions? Shall we ask ourselves this question now? Am I satisfied with the
way I am working?
According to me there can be only two correct answers: yes or no. In case you say “I actu-
ally do not know” or “I am not sure” - then there is a definite problem in you, but I am not going to discuss about it now.
The people who say yes, I expect, are likely to be less in number and frankly I am not going to discuss about them for
they could be really happy people or just bluffing. As far as I am concerned majority of the people seem not to be
satisfied with the way they are working and this includes me.
What are the main reasons why we are not satisfied or happy with our work?
We are not doing the work we like
We are not working the way we want to work
We do not understand the work content
We are not sure about the methodology
We are not able to get the best out of our team mates - subordinates and superiors
We find the work routine and boring
We are not being included in the main work that is interesting
And so on... I am sure there are many more reasons
These indicate the differences between what we want to do and what we are really doing or what we think we are doing.
These need immediate resolution, otherwise it affects us and also the organization we are working for. The resolution
might lead to some drastic decision that I or the organization need to take. Suppose you already have understood the
same and are keeping quiet lest it affect your daily life? If so, in such a situation only your ego gets satisfied, and you
are far away from your soul.
Suppose in order to understand the seriousness of the problem, we develop a work satisfaction index (WSI) that would
comprehensively give a score based on which we could take immediate action. The scoring model needs to
accommodate a range of thinking and hence needs to be a graded score to evaluate various elements in a Likert's scale.
The variables that are chosen to evaluate the WSI need to be applicable to all sorts of persons, from the CEO to the
LEO (last employee of the organization).
Suppose we took the above seven questions and provided a scale of satisfaction for each question of say, 1 to 5 (1
strongly disagree to 5 strongly agree) we will get overall scores with the totally satisfied person at 5 and the totally
unsatisfied person at 35. May be above a threshold of 25 or so, people may need immediate resolution. This is the
general schema. Ideally this score needs to be correlated to either an internal evaluation of the organization or some
equivalent in order to validate the questionnaire. Also the questionnaire needs to contain at least 20 to 30 questions with
in-built validations and covering all characteristics and aspects of the WSI we are attempting to study.
Is there anyone who is prepared to do this? (Oh, or is this not meant for finance professionals?!)
Art is not what you see, but what you make others see.
- Edgar Degas
Information Security Management System (ISMS)
- A closer Look (Part II)
Praveena K R
praveena@nrcl.com
We make a living by what we get, we make a life by what we give.
Sir Winston Churchill
D. Risk Management
i. Define method of Risk Assessment - Risk assessment is the process of identifying risks by analyzing threats to,
impacts on, and vulnerabilities of information and information systems and processing facilities, and the likelihood
of their occurrence. Choosing a risk assessment method is one of the most important parts of establishing an ISMS.
The method chosen must help
Evaluate risk based on levels of confidentiality, integrity, and availability;
Set objectives to reduce risk to an acceptable level;
Determine criteria for accepting risk; and
Evaluate risk treatment options.
The organization‟s approach to information security risk management and the criteria for
information security risk evaluation and the degree of assurance required have to be
clearly determined and documented.
ii. Information Asset Inventory - Organisation has to prepare e a list of the information assets to be protected and
an owner for each of those assets. It has to also identify where the information is located and how critical or difficult
it would be to replace. This list should be part of the risk assessment methodology document that was created in
the previous step. A sample of such a list is given in Table 1 below:
Table 1: Information Asset Inventory
iii. Identify Risks - For each asset defined in the previous step, risks have to be identified and classified according to
their severity and vulnerability. In addition, the impact that loss of confidentiality, integrity, and availability may have
on the assets has to be determined. A sample is shown in Table 2. To begin identifying risks, actual or potential
threats and vulnerabilities for each asset have to be identified.
A threat is something that could cause harm. For example, a threat could be an Intentional, accidental, or
man-made act that could inflict harm or an act of God (such as a hurricane or tsunami)
A vulnerability is a source or situation with a potential for harm (for example, a broken window is a vulnerability;
it might encourage harm, such as a break in).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner
Asset Details Owner Location CIA Pro-file
Replacement Value
Risk Value
Control Sufficient control?
1. Strategic Information
Medium and long term plans
CEO CEO PC High
2. Project Plans
Short Term Plans CEO CEO PC Medium
3. .....etc.
contd on next page
“ Risk is a combination of the likelihood and severity or frequency that a
specific threat will occur.”
Table 2: Information Asset Risk Identification
iv. Assess Risks & Probability of Occurance - After the Organisation has identified the risks, it needs to assign
values to the risks. The values will help the Organisation determine if the risk is tolerable or not and whether it
needs to implement a control to either eliminate or reduce the risk.
To assign values to risks, the considerations will be:
The value of the asset being protected,
The frequency with which the threat or vulnerability might occur, and
The damage that the risk might inflict on the company or its customers or partners.
Table 3: Information Asset Risk Assessment
v. Risk Mitigation - Next, for the risks that have been determined to be intolerable, the Organisation must take one
of the following actions:
decide to accept the risk, for example, actions are not possible because they are out of the Organisation's
control (such as natural disaster or political uprising) or are too expensive.
transfer the risk, for example, purchase insurance against the risk, subcontract the activity so that the risk is
passed on to the subcontractor, etc.
reduce the risk to an acceptable level through the use of controls.
To reduce the risk, it should evaluate and identify appropriate controls. These controls might be controls that an
organization already has in place or controls that are defined in the ISO/IEC 27002 (ISO/IEC 17799) standard. A
sample is given in Table 4.
Table 4: Information Asset Risk/Control Profile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner
Asset Details Owner Location CIA Pro-file
Replacement Value
Risk Value
Control Sufficient control?
Strategic Informa-tion
Medium and long term plans
CEO CEO PC C:High I: High A: Med
High
Project Plans Short Term Plans CEO CEO PC C: High I: High A: Low
Medium
.....etc.
Asset Details Owner Location CIA Pro-file
Replacement Value
Risk Value
Control Sufficient control?
Strategic Infor-mation
Medium and long term plans
CEO CEO PC C:High I: High A: Med
High High
Project Plans Short Term Plans CEO CEO PC C: High I: High A: Low
Medium Medium
.....etc.
The goal of life is to make your heartbeat match the beat of the universe to match your nature with Na-
ture. - Joseph Campbell
Business Impact Analysis and Business Continuity Planning to be covered in the next issue of Consultants‟ Corner
Asset Details Owner Location CIA Pro-file
Replacement Value
Risk Value
Control Sufficient control?
Strategic In-formation
Medium and long term plans
CEO CEO PC C:High I: High A: Med
High High Ref to ISO Clause/ Internal Control doc
Yes
Project Plans Short Term Plans
CEO CEO PC C: High I: High A: Low
Medium Me-dium
Ref to ISO Clause/ Internal Control doc
Yes
.....etc.
Art is a personal act of courage, some-
thing one human does that creates change
in another.
- Seth Godin
contd on next issue
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner
10 Habits of Remarkably Charismatic People Karthik M V karthikmv@ncrcl.com
Charisma isn't something you have. It's something you
earn. Read more to find out how.
Some people instantly make us feel important. Some
people instantly make us feel special. Some people light
up a room just by walking in. We can't always define it,
but some people
have it. They're
naturally charis-
matic. They build
and maintain great
relationships, con-
sistently influence
(in a good way) the
people around
them, consistently
make people feel better about themselves - they're the
kind of people everyone wants to be around...and wants
to be.
Fortunately we can, because being remarkably
charismatic isn't about our level of success or our
presentation skills or how we dress or the image we
project - it's about what we do. Here are the 10 habits of
remarkably charismatic people:
1. They listen way more than they talk.
Ask questions. Maintain eye contact. Smile. Frown. Nod.
Respond--not so much verbally, but nonverbally. That's
all it takes to show the other person they're important.
Then when you do speak, don't offer advice unless
you're asked. Listening shows you care a lot more than
offering advice, because when you offer advice in most
cases you make the conversation about you, not them.
Only speak when you have something important to
say--and always define important as what matters to the
other person, not to you.
2. They don't practice selective hearing.
Some people--I guarantee you know people like
this--are incapable of hearing anything said by the
people they feel are somehow beneath them.
Remarkably charismatic people listen closely to
everyone, and they make all of us, regardless of our
position or social status or "level," feel like we have
something in common with them.
3. They put their stuff away.
Don't check your phone. Don't glance at your monitor.
Don't focus on anything else, even for a moment. You
can never connect with others if you're busy connecting
with your stuff, too. Give the gift of your full attention.
That's a gift few people give. That gift alone will make
others want to be around you and remember you.
4. They give before they receive--and often they
never receive.
Never think about what you can get. Focus on what you
can provide. Giving is the only way to establish a real
connection and relationship. Focus, even in part and
even for a moment, on what you can get out of the other
person and you show that the only person who really
matters is you.
“Be humble. Admit your
mistakes. Be the cautionary
tale. And laugh at yourself.
While you should never
laugh at other people, you
should always laugh at
yourself”
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner
5. They don't act self-important
The only people who are impressed by your stuffy,
pretentious, self-important self are other stuffy,
pretentious, self-important people. The rest of us aren't
impressed. We're irritated, put off, and uncomfortable.
And we hate when you walk in the room.
6. Because they realize other people are more
important.
You already know what you know. You know your
opinions. You know your perspectives and points of
view. That stuff isn't important, because it's already
yours. You can't learn
anything from yourself.
But you don't know what
other people know, and
everyone, no matter who
they are, knows things
you don't know. That
makes them a lot more
important than you - be-
cause they're people you
can learn from.
7. They shine the spot-
light on others.
No one receives enough
praise. No one. Tell peo-
ple what they did well.
Wait, you say you don't know what they did well?
Shame on you - it's your job to know. It's your job to find
out ahead of time. Not only will people appreciate your
praise, they'll appreciate the fact you care enough to pay
attention to what they're doing. Then they'll feel a little
more accomplished and a lot more important.
8. They choose their words.
The words you use impact the attitude of others. For
example, you don't have to go to a meeting; you get to
go meet with other people. You don't have to create a
presentation for a new client; you get to share cool stuff
with other people.
You don't have to go to the gym; you get to work out and
improve your health and fitness. You don't have to
interview job candidates; you get to select a great
person to join your team. We all want to associate with
happy, enthusiastic, fulfilled people. The words you
choose can help other people feel better about
themselves - and make you feel better about yourself,
too.
9. They don't discuss the failings of others
Granted, we all like hearing a little gossip. We all like
hearing a little dirt. The problem is, we don't neces-
sarily like - and we definitely
don't respect - the people
who dish that dirt. Don't
laugh at other people.
When you do, the people
around you wonder if you
sometimes laugh at them.
10. But they readily admit
their failings.
Incredibly successful peo-
ple are often assumed to
have charisma simply be-
cause they're successful.
Their success seems to
create a halo effect, almost
like a glow. Keyword
is seem. You don't have to be incredibly successful to
be remarkably charismatic. Scratch the shiny surface,
and many successful people have all the charisma of
a rock. But you do have to be incredibly genuine to be
remarkably charismatic. Be humble. Share your
screwups. Admit your mistakes. Be the cautionary tale.
And laugh at yourself. While you should never laugh at
other people, you should always laugh at yourself.
People won't laugh at you. People will laugh with you.
They'll like you better for it - and they'll want to be
around you a lot more.
(Source: An article written by Jeff Haden in Inc.com)
Happiness is not a state to arrive at, but a man-
ner of traveling.
- Margaret Lee Runbeck
The advent of a new year brings with it resolutions,
planning, and goal setting. People look at the New Year
as an opportunity to wipe the slate clean and start
afresh. In such a scenario, the kind of resolutions we
make become very important. Besides the very personal
goals such as losing weight, or hitting the gym, we need
to channelise the resolutions towards development of
the self as well as that of the organisation.
So what are the goals we set for ourselves when it
comes to the work-
place? Do we look at
goals that would not
only benefit us but
also help the organi-
sation grow? Goals
when set in tandem
with the organisa-
tion, brings about a
synergy for positive
growth and work-
place happiness. We
would then feel moti-
vated to work on our
resolutions without
letting it fizzle out
after a week.
These resolutions
could involve others as a team. The team could support
and egg each other on, working towards the desired
goals. These collective resolutions in agreement with
co workers help nurture the workplace and the
individual. Some collective resolutions could be anything
ranging from strengthening an area of business or
adopting and implementing the latest technology such
as cloud computing at the workplace.
What is important is that for accomplishing such a task,
development of the individuals in the team become
important. It could be something as simple as acquiring
the skills and knowledge on the business or technology,
or building resources for development of the business.
So this way, the individual enhances his/her skills and
the organisation achieves a spurt in growth of its
business. This planning could be for a short term of
even one year or a long term extending to more than
three years. Not losing focus on the goal, and setting the
sight on achievable goals would be the key criterion.
How can a company achieve this?
First and foremost, the organisation needs to identify
individuals whose goals are in sync with the mission and
vision of the company. The next step would be to arrive
at a suitable goal that is mutually beneficial. To arrive at
such goals, the management could through discussion
list out the individual goals and then do brainstorming on
how to take the company forward. This healthy
discussion could help zoom in on common goals. The
third and final step would involve chalking a path
towards fulfilment of this goal. Sheer brainstorming and
planning on paper is not a foolproof method in carrying
forward the mission. The company needs to provide the
necessary infrastructure, funding, clientele and support.
The management must lead by example spearheading
the initiatives. The team must not be allowed to forget
the collective goal. For this, suitable review processes
must be in place with passionate leaders at the helm to
guide the team. Short term targets could be planned
with suitable incentives and rewards for achievement.
The review processes help identify if the project is on
course and identify blind and weak spots.
How can the employee sustain and achieve his
resolution?
An individual can still succeed provided his goals are
clear and it is in sync with the organisational goals.
What is required is acceptance of his/her strengths and
weaknesses and a passion to succeed and excel in the
task. This drive would help stay in focus on the goal. A
happy employee is one who not only derives satisfaction
from his/her achievement but feels passionate about the
organisational achievements. When the goals are in
sync, there is a selfless need to excel and the
competition within the team remains healthy. Therefore
when resolutions are made which matches the
organisational goals, the sky is the limit. All that is
required is a supportive team leading to a happy and
cheerful workplace.
Organisational resolutions
Rekha Murali
rekha@ncrcl.com
(As published in „The Hindu—opportunities‟ dated January 09, 2013)
What you are is what you have been. What
you'll be is what you do now.
- Buddha
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner
What’s up at NCRCL?
A team from KPMG paid a visit to NCRCL
Bangalore office on 18th Jan 2013 to get insights on
our Taluk Panchayat Strengthening project
Vinod Murali joins NCRCL®
Chennai as Consultant Support.
Shrikanth Maiya joins NCRCL®
Bangalore as Head Admin.
We extend a very warm wel-
come to both of you!!
R S Murali and Kishore attended a week long certificate course on Forensic Accounting conducted by ICAI, Chennai.
RSM was adjudged the third overall best student. Congratulations!
Gopal Agarwal, Ashok Rao & Shrikanth Maiya with Police
Sub-Inspector discussing a point as part of “Process
Mapping of Police Stations” project
A presentation on IFRS 13 being presented by
Gopal Agarwal and Karthik M V during the i2i IFRS
Management Services Seminar held on 03rd Jan
2013 at Bangalore
NCRCL Bangalore staff during a two day picnic to Coorg
in January 2013.
NCRCL Chennai performs the Sankata Hara
Chaturthi" for Lord Ganesha every month. The
picture shows our very own priest Balaji performing
the rituals.
Click here to see more photos
An Exclusive Talk with Madangi Anand
Madangi Anand Bcom, CA Inter, CS Inter Working as Consultant Support Born on 07th December Email: madangianand@gmail.com Phone No: +91 9841045680
CC. The meaning of your name.
Madangi Anand: Goddess
CC. Nickname.
Madangi Anand: Maadu/Dangima
CC. Your dream job.
Madangi Anand: To work for a big four
CC Your first impression of NCRCL.
Madangi Anand: Everything in its place & a place for
everything
CC. What personal/emotional characteristic of yours do
you want to change?
Madangi Anand: Over sympathy for others
CC. Money or job satisfaction?
Madangi Anand: Both
CC. Your Stress buster.
Madangi Anand: Listening to music, eating, sleeping,
spending time with loved ones, spending time with my
pets
CC. Do you have a small circle of close friends, rather
than a large number of friends?
Madangi Anand: Small circle of friends
1 2 3 4 5 6 7 8 9 10 11 12 13 Consultants’ Corner
CC. What do you most like about a person?
Madangi Anand: Soft nature
CC. What do you most hate in a person?
Madangi Anand: A person raising his/her voice in
anger
CC. Team work vs Individual work – your
comments.
Madangi Anand: Team work is preferred due to
synergy effect
CC. Do you make efforts to get others to laugh and
smile?
Madangi Anand: No
CC. Your heart rules your head or your head rules
your heart?
Madangi Anand: Heart rules my head
CC. What kind of special talent do you have?
Madangi Anand: Singing
CC. What are your hobbies?
Madangi Anand: Listening to music, visiting tem-
ples, fostering cats, reading novels.
Parichay Know our Associates!
OBSITECH
OBSITECH, the decade-old company headquartered in Chennai (India), brings with it the legacy of
intelligent technologies.
As an end-to-end solutions provider, the company addresses various business information needs and
take you through the entire cycle of project implementation for OLTP Solutions, Business Intelligence
(BI) Solutions, ERP Solutions, OLAP Solutions, Enterprise Application Integration Solutions and
Database Migration/ Integration/ Management.
They have in their portfolio, different services that are appropriate to both international and domestic
client organizations. Their expertise spans across various domains viz. automotive, banking, finance,
logistics, healthcare, and retail. They have strategic alliances with leading Business Intelligence and
Data Warehousing companies to provide all-inclusive solutions for your decision challenges. More-
over, they constantly monitor and update their skills to sustain technological competence stay ahead of
the rapid changes in Business Intelligence technology to guarantee value additions.
NCRCL is proud to be associated with OBSITECH. NCRCL along with OBSITECH carried out a
successful assignment of setting up of Business Intelligence for GATI logistics, a leading logistics
company in India. NCRCL continues to look at various options of working with OBSITECH through
discussion and feasibility of projects.
Ha Ha Ha !!!
Quiz Corner
Birthday Corner!
1). In terms of per capita income which is the richest country in the world ?
2). Twigs from which tree were recommended by Prophet Muhammad for brushing. It is also a brand.
3). In Google, for products to be accepted they need to pass a “toothbrush test “. What is it ?
4). Which Indian co is the largest tractor manufacturer in the world ?
5). Which recently released movie has been given two awards by Indian govt for promoting Indian tourism ?
Send in your answers to the editor at cc@ncrcl.com
Participants with the correct entry will be awarded with a Recognition Certificate by NCRCL.
A different language is a different vision of life.
- Federico Fellini
At the outset I would like to thank you for giving me the Bahula Siddhi Meditation recording of GN Reddy. I
am practicing the same along with my 17 students who are NRIs and attempting this May IPCC exams. We
all are finding it extremely useful. 20 mins of a day is keeping us afresh for next 20 hours. Thanks a lot!!!
-CA. U R Srikaanth
Kudos on the great work...
Rekha's article on the darker side of 'Perfection' was insightful. Ashok's article on Public Works management was very
interesting.
-Praveena K R
If you have any comment/suggestion for the editors, please write to us at cc@ncrcl.com! Your views and comments on
articles featured here are also welcome!
Answer To last month’s Knowledge Snippet question:
The advertisement for this computer first appeared on the reverse of a pizza box. which brand are we talking about?
Answer: Dell
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner
Mahesh - 3rd Feb
Rekha Murali - 19th Feb Namith - 21st Feb
Gopal Agarwal - 17th Feb
Your feedback
Comment
Our Business Associates
NCR & Co
Chartered Accountants www.deltacadd.com
www.nathaninc.com
www.hsbconsulting.biz www.obsitech.com
www.altacit.com
www.fichtner.in/india.htm
www.4spl.biz
www.ineval.org
www.fugoconsulting.com
Karnataka Institute of
Public Auditors www.mcmillanwoods.com
Registered Office:
2nd Floor, New No. 4, Old No. 23, C P Ramasamy Road, Alwarpet,
Chennai - 600 018
Ph: +91 44 2466 0955
Fax: +91 44 4218 5593
Email: chennai@ncrcl.com
Branch Office:
#107, 1st Floor, Railway Parallel Road, Kumarapark West,
Bangalore - 560 020
Ph/Fax: +91 80 23560265
Email: bangalore@ncrcl.com
Contact
Website: www.ncrcl.com
NCR Consultants Limited
i2i IFRS
top related