NCR Consultants Limited www.ncrcl.com

An Associate of

Volume 7 | Number 78 | Feb 2013 | Page 1– 13

Consultants’ Corner

Information Security Management System

(ISMS) Part II - A closer Look Page. 06

Work Satisfaction Index Page. 03

Drawing by Mamtha D A in the Drawing

competition held at NCRCL Bangalore

3 Message from Dr. RSM

4 Information Security Man-agement System (ISMS) - A closer Look

6 10 Habits of Remarkably Charismatic People

8 Organisational resolutions

9 What’s up at NCRCL?

10 An Exclusive Talk

11 Parichay

12 Quiz Corner

12 Birthday Corner

12 Ha Ha Ha !!!☺

Inside

Our Mission is to apply our professional capabilities with a holistic approach for the happiness of clients,

through values and social commitment.

Information Security Management System (ISMS) Part II- A closer Look

Risk assessment is the process of identifying risks by analyzing threats to, impacts

on, and vulnerabilities of information and information systems and processing facili-

ties, and the likelihood of their occurrence....….…

-read more...page 4

An Exclusive Talk with Madangi Anand

Parichay

see more..page 11

10 Habits of Remarkably Charismatic People

Some people instantly make us feel important. Some peo-

ple instantly make us feel special. Some people light up a

room just by walking in. ......

read more..page 6

see more..page 10

What’s up at NCRCL?

Organisational resolutions

The advent of a new year brings with it resolutions, plan-

ning, and goal setting. People look at the New Year as an

opportunity to wipe the slate clean and start afresh. In

such a scenario, the kind of resolutions we make become

very important.…....

read more..page 8

see more..page 10

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner

Work Satisfaction Index Dr. R. S. Murali

muralirs@ncrcl.com

Message from Dr. RSM

Am I satisfied with the way I am working? is a question some people often ask themselves.

Such people are open to self-criticism and are in the path of self-improvement. Do you ask

yourself such questions? Shall we ask ourselves this question now? Am I satisfied with the

way I am working?

According to me there can be only two correct answers: yes or no. In case you say “I actu-

ally do not know” or “I am not sure” - then there is a definite problem in you, but I am not going to discuss about it now.

The people who say yes, I expect, are likely to be less in number and frankly I am not going to discuss about them for

they could be really happy people or just bluffing. As far as I am concerned majority of the people seem not to be

satisfied with the way they are working and this includes me.

What are the main reasons why we are not satisfied or happy with our work?

We are not doing the work we like

We are not working the way we want to work

We do not understand the work content

We are not sure about the methodology

We are not able to get the best out of our team mates - subordinates and superiors

We find the work routine and boring

We are not being included in the main work that is interesting

And so on... I am sure there are many more reasons

These indicate the differences between what we want to do and what we are really doing or what we think we are doing.

These need immediate resolution, otherwise it affects us and also the organization we are working for. The resolution

might lead to some drastic decision that I or the organization need to take. Suppose you already have understood the

same and are keeping quiet lest it affect your daily life? If so, in such a situation only your ego gets satisfied, and you

are far away from your soul.

Suppose in order to understand the seriousness of the problem, we develop a work satisfaction index (WSI) that would

comprehensively give a score based on which we could take immediate action. The scoring model needs to

accommodate a range of thinking and hence needs to be a graded score to evaluate various elements in a Likert's scale.

The variables that are chosen to evaluate the WSI need to be applicable to all sorts of persons, from the CEO to the

LEO (last employee of the organization).

Suppose we took the above seven questions and provided a scale of satisfaction for each question of say, 1 to 5 (1

strongly disagree to 5 strongly agree) we will get overall scores with the totally satisfied person at 5 and the totally

unsatisfied person at 35. May be above a threshold of 25 or so, people may need immediate resolution. This is the

general schema. Ideally this score needs to be correlated to either an internal evaluation of the organization or some

equivalent in order to validate the questionnaire. Also the questionnaire needs to contain at least 20 to 30 questions with

in-built validations and covering all characteristics and aspects of the WSI we are attempting to study.

Is there anyone who is prepared to do this? (Oh, or is this not meant for finance professionals?!)

Art is not what you see, but what you make others see.

- Edgar Degas

Information Security Management System (ISMS)

- A closer Look (Part II)

Praveena K R

praveena@nrcl.com

We make a living by what we get, we make a life by what we give.

Sir Winston Churchill

D. Risk Management

i. Define method of Risk Assessment - Risk assessment is the process of identifying risks by analyzing threats to,

impacts on, and vulnerabilities of information and information systems and processing facilities, and the likelihood

of their occurrence. Choosing a risk assessment method is one of the most important parts of establishing an ISMS.

The method chosen must help

Evaluate risk based on levels of confidentiality, integrity, and availability;

Set objectives to reduce risk to an acceptable level;

Determine criteria for accepting risk; and

Evaluate risk treatment options.

The organization‟s approach to information security risk management and the criteria for

information security risk evaluation and the degree of assurance required have to be

clearly determined and documented.

ii. Information Asset Inventory - Organisation has to prepare e a list of the information assets to be protected and

an owner for each of those assets. It has to also identify where the information is located and how critical or difficult

it would be to replace. This list should be part of the risk assessment methodology document that was created in

the previous step. A sample of such a list is given in Table 1 below:

Table 1: Information Asset Inventory

iii. Identify Risks - For each asset defined in the previous step, risks have to be identified and classified according to

their severity and vulnerability. In addition, the impact that loss of confidentiality, integrity, and availability may have

on the assets has to be determined. A sample is shown in Table 2. To begin identifying risks, actual or potential

threats and vulnerabilities for each asset have to be identified.

A threat is something that could cause harm. For example, a threat could be an Intentional, accidental, or

man-made act that could inflict harm or an act of God (such as a hurricane or tsunami)

A vulnerability is a source or situation with a potential for harm (for example, a broken window is a vulnerability;

it might encourage harm, such as a break in).

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner

Asset Details Owner Location CIA Pro-file

Replacement Value

Risk Value

Control Sufficient control?

1. Strategic Information

Medium and long term plans

CEO CEO PC High

2. Project Plans

Short Term Plans CEO CEO PC Medium

3. .....etc.

contd on next page

“ Risk is a combination of the likelihood and severity or frequency that a

specific threat will occur.”

Table 2: Information Asset Risk Identification

iv. Assess Risks & Probability of Occurance - After the Organisation has identified the risks, it needs to assign

values to the risks. The values will help the Organisation determine if the risk is tolerable or not and whether it

needs to implement a control to either eliminate or reduce the risk.

To assign values to risks, the considerations will be:

The value of the asset being protected,

The frequency with which the threat or vulnerability might occur, and

The damage that the risk might inflict on the company or its customers or partners.

Table 3: Information Asset Risk Assessment

v. Risk Mitigation - Next, for the risks that have been determined to be intolerable, the Organisation must take one

of the following actions:

decide to accept the risk, for example, actions are not possible because they are out of the Organisation's

control (such as natural disaster or political uprising) or are too expensive.

transfer the risk, for example, purchase insurance against the risk, subcontract the activity so that the risk is

passed on to the subcontractor, etc.

reduce the risk to an acceptable level through the use of controls.

To reduce the risk, it should evaluate and identify appropriate controls. These controls might be controls that an

organization already has in place or controls that are defined in the ISO/IEC 27002 (ISO/IEC 17799) standard. A

sample is given in Table 4.

Table 4: Information Asset Risk/Control Profile

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner

Asset Details Owner Location CIA Pro-file

Replacement Value

Risk Value

Control Sufficient control?

Strategic Informa-tion

Medium and long term plans

CEO CEO PC C:High I: High A: Med

High

Project Plans Short Term Plans CEO CEO PC C: High I: High A: Low

Medium

.....etc.

Asset Details Owner Location CIA Pro-file

Replacement Value

Risk Value

Control Sufficient control?

Strategic Infor-mation

Medium and long term plans

CEO CEO PC C:High I: High A: Med

High High

Project Plans Short Term Plans CEO CEO PC C: High I: High A: Low

Medium Medium

.....etc.

The goal of life is to make your heartbeat match the beat of the universe to match your nature with Na-

ture. - Joseph Campbell

Business Impact Analysis and Business Continuity Planning to be covered in the next issue of Consultants‟ Corner

Asset Details Owner Location CIA Pro-file

Replacement Value

Risk Value

Control Sufficient control?

Strategic In-formation

Medium and long term plans

CEO CEO PC C:High I: High A: Med

High High Ref to ISO Clause/ Internal Control doc

Yes

Project Plans Short Term Plans

CEO CEO PC C: High I: High A: Low

Medium Me-dium

Ref to ISO Clause/ Internal Control doc

Yes

.....etc.

Art is a personal act of courage, some-

thing one human does that creates change

in another.

- Seth Godin

contd on next issue

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner

10 Habits of Remarkably Charismatic People Karthik M V karthikmv@ncrcl.com

Charisma isn't something you have. It's something you

earn. Read more to find out how.

Some people instantly make us feel important. Some

people instantly make us feel special. Some people light

up a room just by walking in. We can't always define it,

but some people

have it. They're

naturally charis-

matic. They build

and maintain great

relationships, con-

sistently influence

(in a good way) the

people around

them, consistently

make people feel better about themselves - they're the

kind of people everyone wants to be around...and wants

to be.

Fortunately we can, because being remarkably

charismatic isn't about our level of success or our

presentation skills or how we dress or the image we

project - it's about what we do. Here are the 10 habits of

remarkably charismatic people:

1. They listen way more than they talk.

Ask questions. Maintain eye contact. Smile. Frown. Nod.

Respond--not so much verbally, but nonverbally. That's

all it takes to show the other person they're important.

Then when you do speak, don't offer advice unless

you're asked. Listening shows you care a lot more than

offering advice, because when you offer advice in most

cases you make the conversation about you, not them.

Only speak when you have something important to

say--and always define important as what matters to the

other person, not to you.

2. They don't practice selective hearing.

Some people--I guarantee you know people like

this--are incapable of hearing anything said by the

people they feel are somehow beneath them.

Remarkably charismatic people listen closely to

everyone, and they make all of us, regardless of our

position or social status or "level," feel like we have

something in common with them.

3. They put their stuff away.

Don't check your phone. Don't glance at your monitor.

Don't focus on anything else, even for a moment. You

can never connect with others if you're busy connecting

with your stuff, too. Give the gift of your full attention.

That's a gift few people give. That gift alone will make

others want to be around you and remember you.

4. They give before they receive--and often they

never receive.

Never think about what you can get. Focus on what you

can provide. Giving is the only way to establish a real

connection and relationship. Focus, even in part and

even for a moment, on what you can get out of the other

person and you show that the only person who really

matters is you.

“Be humble. Admit your

mistakes. Be the cautionary

tale. And laugh at yourself.

While you should never

laugh at other people, you

should always laugh at

yourself”

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner

5. They don't act self-important

The only people who are impressed by your stuffy,

pretentious, self-important self are other stuffy,

pretentious, self-important people. The rest of us aren't

impressed. We're irritated, put off, and uncomfortable.

And we hate when you walk in the room.

6. Because they realize other people are more

important.

You already know what you know. You know your

opinions. You know your perspectives and points of

view. That stuff isn't important, because it's already

yours. You can't learn

anything from yourself.

But you don't know what

other people know, and

everyone, no matter who

they are, knows things

you don't know. That

makes them a lot more

important than you - be-

cause they're people you

can learn from.

7. They shine the spot-

light on others.

No one receives enough

praise. No one. Tell peo-

ple what they did well.

Wait, you say you don't know what they did well?

Shame on you - it's your job to know. It's your job to find

out ahead of time. Not only will people appreciate your

praise, they'll appreciate the fact you care enough to pay

attention to what they're doing. Then they'll feel a little

more accomplished and a lot more important.

8. They choose their words.

The words you use impact the attitude of others. For

example, you don't have to go to a meeting; you get to

go meet with other people. You don't have to create a

presentation for a new client; you get to share cool stuff

with other people.

You don't have to go to the gym; you get to work out and

improve your health and fitness. You don't have to

interview job candidates; you get to select a great

person to join your team. We all want to associate with

happy, enthusiastic, fulfilled people. The words you

choose can help other people feel better about

themselves - and make you feel better about yourself,

too.

9. They don't discuss the failings of others

Granted, we all like hearing a little gossip. We all like

hearing a little dirt. The problem is, we don't neces-

sarily like - and we definitely

don't respect - the people

who dish that dirt. Don't

laugh at other people.

When you do, the people

around you wonder if you

sometimes laugh at them.

10. But they readily admit

their failings.

Incredibly successful peo-

ple are often assumed to

have charisma simply be-

cause they're successful.

Their success seems to

create a halo effect, almost

like a glow. Keyword

is seem. You don't have to be incredibly successful to

be remarkably charismatic. Scratch the shiny surface,

and many successful people have all the charisma of

a rock. But you do have to be incredibly genuine to be

remarkably charismatic. Be humble. Share your

screwups. Admit your mistakes. Be the cautionary tale.

And laugh at yourself. While you should never laugh at

other people, you should always laugh at yourself.

People won't laugh at you. People will laugh with you.

They'll like you better for it - and they'll want to be

around you a lot more.

(Source: An article written by Jeff Haden in Inc.com)

Happiness is not a state to arrive at, but a man-

ner of traveling.

- Margaret Lee Runbeck

The advent of a new year brings with it resolutions,

planning, and goal setting. People look at the New Year

as an opportunity to wipe the slate clean and start

afresh. In such a scenario, the kind of resolutions we

make become very important. Besides the very personal

goals such as losing weight, or hitting the gym, we need

to channelise the resolutions towards development of

the self as well as that of the organisation.

So what are the goals we set for ourselves when it

comes to the work-

place? Do we look at

goals that would not

only benefit us but

also help the organi-

sation grow? Goals

when set in tandem

with the organisa-

tion, brings about a

synergy for positive

growth and work-

place happiness. We

would then feel moti-

vated to work on our

resolutions without

letting it fizzle out

after a week.

These resolutions

could involve others as a team. The team could support

and egg each other on, working towards the desired

goals. These collective resolutions in agreement with

co workers help nurture the workplace and the

individual. Some collective resolutions could be anything

ranging from strengthening an area of business or

adopting and implementing the latest technology such

as cloud computing at the workplace.

What is important is that for accomplishing such a task,

development of the individuals in the team become

important. It could be something as simple as acquiring

the skills and knowledge on the business or technology,

or building resources for development of the business.

So this way, the individual enhances his/her skills and

the organisation achieves a spurt in growth of its

business. This planning could be for a short term of

even one year or a long term extending to more than

three years. Not losing focus on the goal, and setting the

sight on achievable goals would be the key criterion.

How can a company achieve this?

First and foremost, the organisation needs to identify

individuals whose goals are in sync with the mission and

vision of the company. The next step would be to arrive

at a suitable goal that is mutually beneficial. To arrive at

such goals, the management could through discussion

list out the individual goals and then do brainstorming on

how to take the company forward. This healthy

discussion could help zoom in on common goals. The

third and final step would involve chalking a path

towards fulfilment of this goal. Sheer brainstorming and

planning on paper is not a foolproof method in carrying

forward the mission. The company needs to provide the

necessary infrastructure, funding, clientele and support.

The management must lead by example spearheading

the initiatives. The team must not be allowed to forget

the collective goal. For this, suitable review processes

must be in place with passionate leaders at the helm to

guide the team. Short term targets could be planned

with suitable incentives and rewards for achievement.

The review processes help identify if the project is on

course and identify blind and weak spots.

How can the employee sustain and achieve his

resolution?

An individual can still succeed provided his goals are

clear and it is in sync with the organisational goals.

What is required is acceptance of his/her strengths and

weaknesses and a passion to succeed and excel in the

task. This drive would help stay in focus on the goal. A

happy employee is one who not only derives satisfaction

from his/her achievement but feels passionate about the

organisational achievements. When the goals are in

sync, there is a selfless need to excel and the

competition within the team remains healthy. Therefore

when resolutions are made which matches the

organisational goals, the sky is the limit. All that is

required is a supportive team leading to a happy and

cheerful workplace.

Organisational resolutions

Rekha Murali

rekha@ncrcl.com

(As published in „The Hindu—opportunities‟ dated January 09, 2013)

What you are is what you have been. What

you'll be is what you do now.

- Buddha

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner

What’s up at NCRCL?

A team from KPMG paid a visit to NCRCL

Bangalore office on 18th Jan 2013 to get insights on

our Taluk Panchayat Strengthening project

Vinod Murali joins NCRCL®

Chennai as Consultant Support.

Shrikanth Maiya joins NCRCL®

Bangalore as Head Admin.

We extend a very warm wel-

come to both of you!!

R S Murali and Kishore attended a week long certificate course on Forensic Accounting conducted by ICAI, Chennai.

RSM was adjudged the third overall best student. Congratulations!

Gopal Agarwal, Ashok Rao & Shrikanth Maiya with Police

Sub-Inspector discussing a point as part of “Process

Mapping of Police Stations” project

A presentation on IFRS 13 being presented by

Gopal Agarwal and Karthik M V during the i2i IFRS

Management Services Seminar held on 03rd Jan

2013 at Bangalore

NCRCL Bangalore staff during a two day picnic to Coorg

in January 2013.

NCRCL Chennai performs the Sankata Hara

Chaturthi" for Lord Ganesha every month. The

picture shows our very own priest Balaji performing

the rituals.

Click here to see more photos

An Exclusive Talk with Madangi Anand

Madangi Anand Bcom, CA Inter, CS Inter Working as Consultant Support Born on 07th December Email: madangianand@gmail.com Phone No: +91 9841045680

CC. The meaning of your name.

Madangi Anand: Goddess

CC. Nickname.

Madangi Anand: Maadu/Dangima

CC. Your dream job.

Madangi Anand: To work for a big four

CC Your first impression of NCRCL.

Madangi Anand: Everything in its place & a place for

everything

CC. What personal/emotional characteristic of yours do

you want to change?

Madangi Anand: Over sympathy for others

CC. Money or job satisfaction?

Madangi Anand: Both

CC. Your Stress buster.

Madangi Anand: Listening to music, eating, sleeping,

spending time with loved ones, spending time with my

pets

CC. Do you have a small circle of close friends, rather

than a large number of friends?

Madangi Anand: Small circle of friends

1 2 3 4 5 6 7 8 9 10 11 12 13 Consultants’ Corner

CC. What do you most like about a person?

Madangi Anand: Soft nature

CC. What do you most hate in a person?

Madangi Anand: A person raising his/her voice in

anger

CC. Team work vs Individual work – your

comments.

Madangi Anand: Team work is preferred due to

synergy effect

CC. Do you make efforts to get others to laugh and

smile?

Madangi Anand: No

CC. Your heart rules your head or your head rules

your heart?

Madangi Anand: Heart rules my head

CC. What kind of special talent do you have?

Madangi Anand: Singing

CC. What are your hobbies?

Madangi Anand: Listening to music, visiting tem-

ples, fostering cats, reading novels.

Parichay Know our Associates!

OBSITECH

OBSITECH, the decade-old company headquartered in Chennai (India), brings with it the legacy of

intelligent technologies.

As an end-to-end solutions provider, the company addresses various business information needs and

take you through the entire cycle of project implementation for OLTP Solutions, Business Intelligence

(BI) Solutions, ERP Solutions, OLAP Solutions, Enterprise Application Integration Solutions and

Database Migration/ Integration/ Management.

They have in their portfolio, different services that are appropriate to both international and domestic

client organizations. Their expertise spans across various domains viz. automotive, banking, finance,

logistics, healthcare, and retail. They have strategic alliances with leading Business Intelligence and

Data Warehousing companies to provide all-inclusive solutions for your decision challenges. More-

over, they constantly monitor and update their skills to sustain technological competence stay ahead of

the rapid changes in Business Intelligence technology to guarantee value additions.

NCRCL is proud to be associated with OBSITECH. NCRCL along with OBSITECH carried out a

successful assignment of setting up of Business Intelligence for GATI logistics, a leading logistics

company in India. NCRCL continues to look at various options of working with OBSITECH through

discussion and feasibility of projects.

Ha Ha Ha !!!

Quiz Corner

Birthday Corner!

1). In terms of per capita income which is the richest country in the world ?

2). Twigs from which tree were recommended by Prophet Muhammad for brushing. It is also a brand.

3). In Google, for products to be accepted they need to pass a “toothbrush test “. What is it ?

4). Which Indian co is the largest tractor manufacturer in the world ?

5). Which recently released movie has been given two awards by Indian govt for promoting Indian tourism ?

Send in your answers to the editor at cc@ncrcl.com

Participants with the correct entry will be awarded with a Recognition Certificate by NCRCL.

A different language is a different vision of life.

- Federico Fellini

At the outset I would like to thank you for giving me the Bahula Siddhi Meditation recording of GN Reddy. I

am practicing the same along with my 17 students who are NRIs and attempting this May IPCC exams. We

all are finding it extremely useful. 20 mins of a day is keeping us afresh for next 20 hours. Thanks a lot!!!

-CA. U R Srikaanth

Kudos on the great work...

Rekha's article on the darker side of 'Perfection' was insightful. Ashok's article on Public Works management was very

interesting.

-Praveena K R

If you have any comment/suggestion for the editors, please write to us at cc@ncrcl.com! Your views and comments on

articles featured here are also welcome!

Answer To last month’s Knowledge Snippet question:

The advertisement for this computer first appeared on the reverse of a pizza box. which brand are we talking about?

Answer: Dell

1 2 3 4 5 6 7 8 9 10 11 12 13 14 Consultants’ Corner

Mahesh - 3rd Feb

Rekha Murali - 19th Feb Namith - 21st Feb

Gopal Agarwal - 17th Feb

Your feedback

Comment

Our Business Associates

NCR & Co

Chartered Accountants www.deltacadd.com

www.nathaninc.com

www.hsbconsulting.biz www.obsitech.com

www.altacit.com

www.fichtner.in/india.htm

www.4spl.biz

www.ineval.org

www.fugoconsulting.com

Karnataka Institute of

Public Auditors www.mcmillanwoods.com

Registered Office:

2nd Floor, New No. 4, Old No. 23, C P Ramasamy Road, Alwarpet,

Chennai - 600 018

Ph: +91 44 2466 0955

Fax: +91 44 4218 5593

Email: chennai@ncrcl.com

Branch Office:

#107, 1st Floor, Railway Parallel Road, Kumarapark West,

Bangalore - 560 020

Ph/Fax: +91 80 23560265

Email: bangalore@ncrcl.com

Contact

Website: www.ncrcl.com

NCR Consultants Limited

i2i IFRS