e-sanhita july

July 2006Vol.-12 : Issue-7Annual Subscription

Rs. 100/-

&& `: {H«$`mdmZ² g g{Md:Ÿ&&

S

Technology... the knack of so arranging the world that we don't have to experience itTechnology... the knack of so arranging the world that we don't have to experience it

InsideInsideEditorial BoardEditorial Board

Sanhita CommitteeSanhita Committee

Kiran Chitale : ChairmanVikas Agarwal : MemberSuraj Padhiyar : MemberRashmi Limaye : MemberJaee Athavale : MemberVandana Naik : Ex-officio

1. Pune : an attractive IT and ITes destination. ..... 1

2. Secretary 2.. eSecretary - a real time transformation. ..... 3

3. Knowledge Process Outsourcing : a brief overview ..... 6

4. Stock Options to Non-Resident employees of Listed Companies ..... 7

5. Duty free import of equipment by STPI unit ..... 8

6. Drafting and Negotiating Outsourcing Contracts ..... 11

7. Information Systems Audit ..... 138. Cyber Crimes ..... 149. Chapter Report ..... 1710.Forthcoming Programmes ..... 17

Chairman’s CommuniqueChairman’s Communique

Contacts 4 UContacts 4 U

Office Reference Legislation Contact Details

The Director, Import- Export Policy Address : Plot no. P-1, Infotech Park, Software Technology Hinjawadi, Pune 411027. Maharashtra. Parks of India Tel Nos : 020-22932644, 22932645

Fax No. : 020-22932639 E-mail : [email protected] : http://www.stpp.soft.net

stCyber Crime Information Technology Address : Annex III, 1 floor, office of Commissioner of Investigation Cell Act 2000 Police, D.N. Road, Mumbai 400001

Tel Nos : 022-22630829, 022-22641261 E-mail : [email protected]

[email protected] Website : http://www.cybercellmumbai.com

Rajas Bodas, Practicing Company Secretary

JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter

Dear Members and students,At the outset, I happy to present the IT Special Issue of Sanhita to all the members and students. It was planned at the beginning of the year to come out with two special issues of Sanhita in the year 2006. The committee is planning to come out with the

second special issue around Diwali. thThe Central Council Meeting was held at Pune on 9

th thand 10 June after a long gap. On the evening of 9 June, the Chapter had organized felicitation of the President and Vice-President followed by informal interaction of the members and students with all the Central Council members. The programme was well attended. The President addressed the gathering with the PUNERI PAGDI on and everyone [including the President himself], enjoyed the traditional way of welcoming him. The President and the Secretary also answered the queries raised by the members on matters relating to the profession of company secretaries, the developments that are taking place and also the efforts that the Institute is taking to create more and more opportunities for the company secretaries, in India and abroad. The Chapter had also organized the interview of the President with Ms. Gauri Athale, Senior Journalist of The Economic Times and a co-opted member on the Managing Committee, which was published in all the editions of The Economic

thTimes on 24 June 2006 throughout India.The Central Council members and the Secretary

thvisited the Pune Chapter on 10 June after the meeting. All of them expressed satisfaction over the facilities and infrastructure available at the Chapter. They also praised the spirit of camaraderie among the members from Pune, that all of them experienced during their two day stay.

thThe Chapter had organized two meetings on 4 June thand 11 June with the students who had appeared

for the HSC examination as a part of career counseling drive. I am happy to inform that quite a number of students who participated in the programme registered for the CS course.Incidentally, in the month of July and August the Chapter will be organizing career counseling / awareness programmes in various schools and colleges in and around Pune. The members who are interested in participating in the career counseling programmes are requested to get in touch with the Chapter. In the month of July, the Chapter is also organizing the Student Orientation Programme.I appeal to the students to participate in the SOP.“CS Arts Circle” is celebrating its fourth anniversary in the month of July. On behalf of the Managing Committee I take this opportunity to congratulate all the members of Arts Circle for their efforts to carrying on this activity in spite of their busy schedule and also give the best wishes for the future journey.

With Best Regards,

Nishad Umranikar

1 JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter

Pune: an attractive IT and ITeS destinationVivek Sadhale, Company Secretary and Head Legal, Persistent Systems Pvt. Ltd.

Vikas Agarwal, Senior Officer Secretarial, Persistent Systems Pvt. Ltd.

Pune: an attractive IT and ITeS destination

Till some years ago,

people thought of

Pune as the ideal

place to get away for

a weekend. Pune

seemed a pleasant

place with a careless

attitude. With its hygienic climate and a

comparatively pollution-free atmosphere, Pune was

popularly billed as the 'Pensioner's Paradise'.

Today, the little town has changed into an energetic

and lively city. Pune is today fast emerging as an

InfoTech hub, challenging biggies like Bangalore

and Mumbai to emerge as one of the top contenders

for the 'Silicon Valley of India' slot.

The once sleepy town, situated in the hills of the

Sahyadri range of the Western Ghats, Pune,

described as the 'Queen of the Deccan', 'Cultural

Capital of Maharashtra' and 'Oxford of the East' has

finally been able to forge its own identity as a

business city.

Close proximity to the financial capital and rapidly

improving infrastructure have made Pune one of the

most sought-after commercial destinations in the

country today. The recent attractions have been the

expressway connecting Mumbai and Pune, which

has reduced the traveling distance and time

substantially. The evolution of modern Pune is quite

dramatic, which was only known as a hub for

automobile engineering till recently, to emerge as a

research hub for knowledge-based industries.

Pune, the place known for excellent academic and

research institutions, is fast and steadily emerging

as the most preferred destination in the country for

some of the vital industrial sectors like information

technology, pharmaceuticals, biotechnology and

healthcare. Venture capitalist are looking for more

investment opportunities.

Positioned by the State Government as the latest

and best IT destination, Pune in the past few years

has witnessed a slew of IT parks being sanctioned,

the largest of which is in Hinjewadi. The results of

the State Government's efforts are slowly coming to

light and in Hinjewadi all the major players have a

development centre. Also, a host of Multinational

Software Companies have commenced operations

in private IT and software technology parks. IBM

Global, Veritas, Parametric, Tech Mahindra,

Cognizant, P&O Nedlloyd, TCS, Infosys, Wipro,

Satyam, Tata Technologies, Kanbay are the few

examples of the growing list of successful

companies setting their shop in Pune. There are

quite a few local companies like Persistent Systems

who have also made it big in this arena.

It all started in the year 1991, when Software

Technology Parks of India (STPI), was set up as an

autonomous body under the Ministry of Information

Technology with the aim of making India a global

software leader. STPI opened its first office in Pune

and the rest as they say is history. Pune never

looked back.

Last year, Pune made an export of Rs. 9,100 Crores

which is 48% higher than what it made in the year

2004-05. While doing so, it has surpassed Mumbai.

Today, Pune is only behind Bangalore and

Hyderabad in terms of software exports and the

days are not far when Pune would catch up with

these cities.

Mr. P Venugopal, Director, Software Technology

Park of India, Pune, Maharashtra, says, “The city is

emerging as a major centre for software engineering

services. Pune is shaping up as an attractive

location for niche companies that specialize in high

end work. The city is attracting engineering services

companies and others that require special skills

sets such as testing software and for medical

implants. The growth has been phenomenal. Over

112 new units were registered in Pune for software

and services in 2005-06.”

Maharashtra State Industrial Development

Corporation (MIDC) recognized the potential of Pune

and set up a Pune Infotech Park at Hinjewadi in a

200-acre area. MIDC had to come up with Phase II at

Hinjewadi within 18 months of launching of the

Phase I. Phase II is spread across 650 acres of land.

Phase II which will also house Bio-Tech Companies,

is sold out and MIDC has initiated the process for

Phase III and Phase IV. MIDC also set up an IT park

at Kharadi and at Talawade.

Why Pune ?

Many state-of -art IT parks have come up in Pune

like:

i) Cybercity Magarpatta Hadapsar, Pune(www.magarpattacity.com)

ii) Kharadi Knowledge Park, Pune - Ahmednagar

Highway, Pune (www.midcindia.com )

iii) Pune IT Park, Aundh Road, Pune

(www.puneitpark.com)

iv) Information Technology Park, Talawade, Dehu-

Moshi Road, Pune (www.midcindia.com)

These IT parks offer ready to use infrastructure

facilities required by a software unit. Availability of

satellite link, network connectivity, optic fibre

cables, telephone lines, uninterrupted power

supply, video conferencing, electronic data

interchange is of paramount importance to the

success of a software unit which is provided by

these IT Parks.

With the enactment of SEZ Rules, Pune is set to

witness surge in corporate activities. Already many

corporates have announced their intention of

making huge investments for setting up SEZs.

With high skilled availability of manpower, IT sector

has grown leaps and bounds. The weather and

culture of Pune jells well with the requirement of the

software industry.

The city offers advantages of both, a small and big

city. Smaller distances ensure that logistics can be

managed easily. Commuting times are shorter.

Pune is also close to Mumbai, the financial capital of

the country. The clearance of an international

airport in Pune means it will soon be directly

connected with the world.

Pune being "The Oxford of the East" has no dearth of

a talent pool either. There are specialised education

institutes here and a large base of scientists working

on research and development. While Chennai,

Bangalore and Hyderabad suffer from the accent

factor, the BPO industry has Pune to look to, for a

large English speaking public.

With high percentage of young educated English-

speaking population, IT enabled services (ITeS) is

another market which is a fast growing. Pune has

again emerged as a leading city suited for ITeS

market. With Nasscom predicting a huge potential

for the ITeS, Pune is definitely going to be hub of all

such activities. Big names like WNS, GTL,

Convergys, Xansa have set up huge facilities in

Pune.

The Way Ahead:

Pune still has a huge way to go before it can take a

pause as the competition from other cities hots up.

There is a dire need for improvement of conditions of

roads. Power situation is another area requiring

attention from one and all. Pune's growing shortfall

of 150 MW to 200 MW of power is worrisome. There

are three to four hours of load shedding, five days a

week.

When Microsoft, India, wanted to expand and use

Pune as an R&D hub for high-end technologies, it

did an internal survey of six cities in the country.

Pune was an abysmal number four on the list. It

scored low on poor road conditions, high air

pollution and an appalling number of power trips

through the day. "You cannot run an IT company on

diesel generator sets," Mr. Ravi Venkatesan,

Microsoft India Chairman, says.

It is necessary for the Maharashtra Government to

promote Pune as IT hub aggressively. Pune not

being the State's capital has its own drawbacks.

Pune also needs to emulate the example set by

Bangalore where corporate participate with the local

Municipal Corporation by extending helping hands

to improve the infrastructure conditions.

Maratha Chamber of Commerce Industry and

Agriculture (MCCIA), Computer Society of India and

Software Exporter's Association of Pune (SEAP) are

some of the local bodies putting their energies

together to market Pune as the most preferred IT

and ITeS destination. Partnering with the local

government bodies and organisations responsible

for the upliftment of the image of the city, they are

leaving no stone unturned to ensure success for the

software industry.

2003 IT and ITeS policy announced by the

Maharashtra Government's has evoked favorable

response from the Industry. However, it is upto the

local Municipal Corporation and other local

government bodies to give effect and implement

these policies. Pune Municipal Corporation needs to

play a more proactive role to create infrastructure

conducive to the growth of this sunrise industry.

With the IT spending in USA catching up, Pune is

strategically poised to reap dividends of the upside

in the market. It however, would be a litmus test for

the policy makers to fast turnaround the “wrongs”

into “rights” if Pune is to become most preferred IT

and ITeS destination.

Now, after IT, ITES and the BPO revolution,

Knowledge Process Outsourcing (KPO) is the next

big thing to hit India. With its immense talent pool,

Pune is also poised to be the next KPO hub of India.

Now just wait till that happens in Pune.

� � �

2JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter

Introduction:thIndian corporate world on 18

February 2006 entered into a new era of e-governance. On this day Ministry of Company Affairs has launched its MCA21 programme in Coimbatore.

MCA21 is probably the first e-governance programme of any ministry having largest stakeholders and reaching to almost all corners of India. `Tsunami' has hit all the shores of Indian corporate world.

Company Secretary profession is the most concerned profession of this e-governance programme. Company Secretaries are expected to play a greater role in this process. They need to involve themselves in training, implementation, certification and facilitation processes of MCA21.

Company Secretaries needs to be IT savvy to remain in the competition. Profession is now more demanding and needs adoption of techno legal approach. MCA21 process has opened up new avenues for the professionals. They may be in the form of providing training, doing processing, implementation, certification, to act as facilitator and single service point. Any new opportunity does have the inherent risk attached to it.

The provisions of the Information Technology (IT) Act govern use of technology in the business process. IT Act prescribes, regulates, monitor the technical process embedded in any business. Therefore understanding the IT laws of India is a must for any processional, who is consulting or helping businesses to grow. Understanding the potential exposure to risk out of use of technology is become a first priority of the professional. It is therefore very vital for all of us to understand important concepts and impacts of Information Technology Act 2000.

Preamble :

Information Technology Act 2000 came into thexistence on 17 October 2000 to provide legal

recognitions to electronic transactions, electronic communication, electronic data interchange, digital signatures, e-governance, electronic records and to regulate cyber crimes.

One of the basic objectives of this Act is to facilitate electronic filing of documents with the government authorities. This is the basis for introduction of electronic filing system partially under the Income

Secretary 2... eSecretary - a real time transformationMakarand Lele, Partner MRM Associates, Company Secretaries

Secretary 2... eSecretary - a real time transformation

Tax Act, DGFT and fully under the Companies Act. In near future, we may witness more departments like Excise, Sales tax coming under electronic filing.

Digital signatures :

Section 5 provides the recognitions to digital signatures. Digital signature is the identity of a person in eworld.

Digital signature is process whereby sender authenticates the document by putting his digital signature. He also protects the document by encoding it and the receiver who is having the Public Key supplied by the sender, decrypts the documents and read the same.

Digital signature is not a signature or impression or mark. It is a unique pair of key provided by the certifying authority. No person other than the originator can use the said pair of keys. In easy terms, application of private key is known as affixing a digital signature to the document or form. Digital signature protects the document from tampering and gives the authenticity, integrity and attribution to the document and also gives extreme speed to the transaction. Non-repudiation is the important feature of digital signature, which does not allow the originator to disown the data or document.

Now with the help of such recognition of digital signature, any person can sign the document or form without taking print out of it and at any time and at any place. Boundaries are not the barriers now. Postal department or documents transport system is not a hurdle now.

IT Act has established the offices of Certification Authorities to enroll, validate issue, publish, revoke or suspend the digital signatures. The set of rules were prescribed under the Act for Certification Authorities.

Section 35 prescribes the process of getting the digital signature. Verification of identity of the applicant for digital signature is the important step to be carried out by the Certification Authorities.

Section 73 provides for imprisonment and penalty for publishing digital signature certificates false in certain particulars.

Secure Digital Signature :

Section 15 prescribes the secure digital signature. It is possible by application of security procedure to verify that;

(a) the digital signature affixed is unique to the subscriber;

(b) it is capable of identifying the subscriber;

3 JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter

JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter

(c) it is created in a manner or using means under the exclusive control of the subscriber and is link to electronic record and would be invalidated upon alteration of such record.

then such digital signature shall be deemed to be a secure digital signature.

It therefore mandatory that in each electronic transaction we use only the secure digital signature. It is essential to apply, enroll, process and download digital signature from own computer to qualify it as a secure digital signature.

After downloading the protection of digital signature is very important to avoid misuse of it. Because of non-repudiation, it will be very difficult for the originator to prove that he has not used the digital signature. Immediate communication to the Registration Authority upon loss of digital signature token is very essential.

The Central Government has the power to make rules in respect of digital signatures i.e. to prescribe the type of signature, manner and format of affixation, manner and procedure for identification of affixing digital signature, control and security process, any other matter to give legal effect to digital signature. Therefore, we observe different types and forms and methods of digital signatures for different purposes.

Electronic Record :

Section 3 provides legal recognition to electronic records by way of affixing the digital signature.

“Electronic Record” means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated microfiche;

Company secretary can now make revolutionary changes in his traditional function of maintenance of records.

Section 4 provides legal recognition to electronic records. Records prescribed under any act or statue can be maintained in the electronic form.

Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is

(a) rendered /made available in an electronic form;

(b) accessible so as to be usable for a subsequent reference.

Section 4 has the overriding effect on provisions of any other law requiring maintenance of records and documents. Therefore all secretarial records and statutory registers can be maintained in electronic form after complying with the specified norms.

Section 7 provides for the compliance of following conditions to maintain the records in electronic form.

(a) the information contained therein remains accessible for a subsequent reference;

(b) the electronic record is retained in the format in which it was originally generated, sent or received or which can be demonstrated to represent accurately the information originally generated, sent or received;

(c) the details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record:

Security of electronic record is the important aspect. Section 14 prescribes that; where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification.

Secured Electronic Process :

MCA21 is a secured electronic process for complying the provision under the Companies Act, 1956 and rules made there under.

The system has been developed under the provisions of section 6, which provides for electronic filing of forms and applications, issue and grant of licenses, sanctions and approvals and issue of receipt or payment of money. This section further provides that provisions of any law will be treated as complied if such filing, issue, grant of license, sanction or approval and issue of receipt or payment of money is effected in electronic form.

Thus the MCA21 process has got the legality even before amending the provisions of Companies Act.

Retention of Electronic Record :

MCA21 process has created a database and repository to maintain the entire registry records at one place. The information stored in it is a record as per provisions of the Companies Act.

Section 7 grants the legal recognitions to electronic records to be maintained under the provisions of any act. The essential conditions to be satisfied are

(a) the information contained therein is accessible and usable for subsequent references;

(b) the originality of the electronic record is maintained;

(c) the details of which will facilitate the identification of the origin, destination, date and time of dispatch or receipt.

Attribution of Electronic Record :

Attribution to any electronic record is the essence of any valid legal transaction. Electronic record should

4

JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter

be attributed to originator.

Section 11 provides that attribution of electronic record to originator is possible only if it was sent by the originator himself or by the person authorised by the originator or by the system programmed by or on behalf of the originator.

Therefore MCA21 process requires the signer of the form to attribute that he has been authorised to sign the eform. It is also essential to use the originator's or authorised person's system and login for submission of electronic record or document.

Automated replies generated by the system will qualify for attribution, if they are generated from the system programmed by the originator. Therefore all the electronic unsigned communications received from the MCA are valid communications. Acknow-ledgement of receipt of electronic record is provided under section 12 of the IT Act.

License software :

Use of technology has triggered off the issue of IPR protection and use of license software. We need to respect the IP rights of others and need to use only license software. We do not know who is watching us on the net and collecting our system information and checking whether we are using the licensed software. If we wish to be a facilitator or Certified Filing Center for MCA21 then first priority is to have the license software.

Electronic payments :

Electronic payment by using the credit card/ debit cards or through Internet banking facility is inherent part of any electronic transaction. We need to be extremely careful while using the electronic payment facilities. We need to all the time protect our money. Utmost care is therefore essential. Avoid giving your credit card or its number to anybody. The owner should only make use of credit card.

Certification of eforms :

Certification of eforms to be done very carefully. You need to affix your digital signature as a part of your certification. Protect your signature all the time from misuse. Keep propose backups of the eforms and documents that you certify.

Penalties and Offences :

IT Act has prescribed heavy penalties for various wrong actions, which a person unknowingly commits in his daily interaction with the computers, use of Internet, visit to web sites. It is very essential to understand following sections of the IT Act.

Section 43: Penalty for damage to computer, computer systems etc.

Any person without permission of the owner or incharge of the computer/computer system/ network

(a) accesses such computer or system or network;

(b) download/copy/extract any data or information;

(c) introduce or causes the introduction of the virus;

(d) damage or cause damages ;

(e) disrupts or causes disruption ;

(f) denies or causes denial of access to any person authorized to access;

(g) provide assistance to any person to facilitate access ;

(h) charges the services availed by any person to the account of another by tampering or manipu-lating shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person affected.

Section 44 provides for the penalty for failure to furnish information, returns, documents, main-tenance of documents & books under the Act.

Section 45 is a residuary section provides for compensation not exceeding twenty five thousand rupees or a penalty not exceeding twenty five thousand rupees.

Offences :

The Act further lists down various types of offences such as hacking, tampering, accessing to protected systems etc.

Amendments made in other acts :

IT Act, for smooth implementation and functioning made amendments to I.P.C., Indian Evidence Act, Bankers Books Evidence Act and R.B.I. Act.

Rules notified under the Act :

The Information Technology (Certifying Authorities) Rules, 2000.

The Cyber Regulation Appellate Tribunal (Procedure) Rules, 2000.

Further Developments :

With an objective to review the Information Technology Act, 2000, in the light of the latest developments and to consider the feedback received for removal of certain deficiencies in the Act, Hon'ble Minister for Communications and Information Technology set-up an Expert Committee under the Chairmanship of Shri Brijesh Kumar to review the present Information Technology Act and to suggest amendments. The committee has submitted its recommendations in the month of August 2005. These recommendations are under consideration of the government.

Peaceful and real time transformation of Secretary to eSecretary is possible only by observing rules of the game and following the IT Act prudently.

� � �

5

KPO Potential:

A CII Report estimates the potential size of KPO Industry at $17 billion by 2010, creationg 2,50,000 jobs in 5 years. Analysts estimate that about 30,000-50,000 people are currently employed in this industry.

Difference between KPO and BPO:

BPO is about shifting functions that can be digitized to an offshore location, while KPO is offering work that is higher skilled and decision based. In KPO, a professional would need to apply skills and judgement to interpret data rather than just apply rules.

Scope of KPO Industry:

Preparation of Accounts, Tax Returns, Architecture, Computer aided simulation, Engineering Design and Development, Financial Services, Risk Management and Equity Research, Financial Data Mining and Modeling, Corporate and Market Research, R&D in Pharmaceuticals, Biotechnology and Healthcare, Medical Diagnosis, Education, IPR Research, Legal Support, Animation and Graphics, Writ ing and Content Development, HR Outsourcing, Supply Chain Management.

Working Areas in each KPO field of our Interest:

1. Financial Research:

a) Analytical Support Pitch Books/Company Profiles, Presentation Services, Financial Analysis and Valuation.

b) Equity Research- Financial Models, Forecasts and Updates, Report Preparation / Authoring, Earnings Calls/Q&A.

c) Corporate Finance Statistical Modeling, MIS Reporting, Credit Analysis.

d) Asset Management, Financial Modeling, Fund Accounting, Performance Reporting.

2. Legal Outsourcing:

Office operations, Litigation support, Word Processing & Secretarial, Information Systems, Marketing, Legal Research, Finance and Accounting, Library, Legal Recruiting, HR, Patent & Trademark Prosecution.

3. Market Research:

Survey Designing, Primary Data collection, Analysis, Strategic Planning, Sales Planning, Business Development, Business Research, Insight Generation & Presentation.

Who is needed in the KPO Industry?

From Graduates and Post Graduates in Arts, Science, Commerce to C.A., C.S., Lawyers, Management graduates. Those who do not have MBA can build a career here.

Ambitious, smart, articulate people who can write well and communicate well, is what this industry needs.

Liberalization, Globalization, etc. provides professionals with exposure to the systems prevalent in a variety of countries and they will be in demand.

Pay Packages:

Rs. 2-3 Lakhs p.a for Entry Level Recruits and upto Rs.8-9 Lakhs p.a. for Senior Level Management.

Companies offering exposure in the KPO Industry:

OfficeTiger, Genpact India, JP Morgan, Merill Lynch, McKinsey, Adventity, Schwegman, Lundberg, Woessner & Kluth, Pangea3, Hildebrandt, Geometric, QuEST, Atrenta, WHS Global, Mphasis, MsourcE, Copal Partners, Pipal Research, Evalueserve, AC Nielsen, Irevna, Exevo India, Annik Systems, GE Analytics, Epitome Global Services, iGate Global Solutions, Symphony Services, OnionPro, DecisionCraft Analytics, EXL, Scandent, marketRx.

(List is indicative)

� � �

Knowledge Process Outsourcing : a brief overviewAnand Arvind Wadadekar , Student Company Secretary

Knowledge Process Outsourcing : a brief overview

6JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter

Members are requested to :

1. contribute articles, charts, checklists etc. to Sanhita. (email to [email protected] ).

2. communicate their academic / professional/ elevation achievement to Pune Chapter (email to [email protected]).

3. give their valuable suggestions / comments on the make over of Sanhita for our section “Bouquets and Brickbats” (email to [email protected]).

4. participate in various programmes of the Chapter.

AppealsAppeals

7

Grant of stock options by listed companies is regulated by Securities and Exchange Board of India (SEBI) through SEBI (Employee Stock Option Scheme and Employee Stock Purchase Scheme) Guidelines, 1999 (“the Guidelines”).

Eligibility :

Stock options can be granted to:

i) a permanent employee of the company working in India or out of India,

ii) a director of the company, whether a whole time director or not; or

iii) an employee as defined in sub-clauses (a) or (b) of a subsidiary, in India or out of India, or of a holding company of the company irrespective of his nationality / country of origin.

As such, a foreign national who is a permanent employee / director of the company or its subsidiary or holding company can be granted stock options under the Guidelines.

Special Resolution under certain circumstances:

According to the Guidelines approval of share-holders by way of separate resolution in the general meeting shall be obtained by the company in case of:

a) grant of option to employees of subsidiary or holding company and,

b) grant of option to identified employees, during any one year, equal to or exceeding 1% of the issued capital (excluding outstanding warrants and conversions) of the company at the time of grant of option.

FEMA Regulations :

Regulation 8 of Foreign Exchange Management (Transfer or issue of Security by a Person Resident outside India) Regulations, 2000 provides for issue of shares under Employees Stock Options Scheme to persons resident outside India. Accordingly;

1) an Indian company may issue shares under the ESOS or by whatever name called, to its employees or employees of its joint venture or wholly owned subsidiary who are resident outside India, directly or through a Trust:-

Provided that

a) the scheme has been drawn in terms of regulations issued under SEBI Act, 1992 and

Stock Options to Non-Residentemployees of Listed companies

Ninad Umranikar , Company Secretary, Kale Consultants Ltd.

Stock Options to Non-Residentemployees of Listed companies

b) face value of the shares to be allotted under the scheme to the non-resident employees does not exceed 5% of the paid-up capital of the issuing company.

2) The Trust (where the options / shares are issued through the trust route) and the issuing company shall ensure that value of shares held by persons resident outside India under the scheme does not exceed the limit specified in clause (b) of sub-regulation (1).

3) The issuing company shall furnish to the RBI, within thirty days from the date of issue of shares under the scheme, a report giving the following particulars/documents -

i) names of persons to whom shares are issued under the scheme and number of shares issued to each of them;

ii) a certificate from the Company Secretary of the issuing company that the value of shares issued under the scheme does not exceed 5% of the paid up capital of the issuing company and that the shares are issued in compliance with the regulations issued by the SEBI in this behalf.

In addition to the documents to be furnished under (3) above, the issuing company shall submit Form FC-GPR to the RBI within a period of one month from the date of allotment.

If a company proposes to allot shares in excess of 5% of its paid up capital (before allotment) to a Non-resident / Foreign National, it shall make an application to the RBI for obtaining specific permission. There is no prescribed format for making this application.

Opening of Demat account

There is no restriction on a NRI / Foreign National as regards opening of a demat account.

Remittance of Funds

The non-resident / foreign national shall be required to remit funds from abroad via wire transfer to the bank account of the company towards purchase of ESOP shares. NRI may also contribute towards shares from his NRE Account.

Restriction on sale of shares

There is no lock in period after allotment of shares as the Guidelines provide for one year vesting period

(See Page No. 10)


8

One of the many advantages given

to a 100% EOU and STPI unit is

that it is allowed to import

equipment without paying import

duty to the Customs authorities.

The motive of the Government

being clear “Promotion of Exports

to boost the Economy ”.

Various schemes have been devised to import

inputs free from duty or to grant refund of the

import duty paid. In some schemes, the unit has to

be isolated from domestic production units, while in

some schemes, the units producing goods for

domestic production are also entitled to import

inputs without paying import duty.

The benefit is undoubtedly tremendous however it

also requires careful compliance of some legal

provisions. The import procedure is a challenging

task which apart from compliance of law requires

co-ordination with various agencies such as the

authorized dealers nominated by the RBI, clearing

house agents, octroi & transport authorities, STPI

and Customs authorities.

The aim of this article is to outline the legal

provisions in brief and highlight the practical

aspects of importing equipment under the

EOU/STP scheme.

General conditions in accordance with the

EXIM/Foreign Trade Policy for duty free import:

The goods are required to be imported into the

EOU/STP unit's premises directly.

The unit is required to get their premises

customs bonded. The unit is also required to

execute a B-17 bond with surety/ security with

jurisdictional Customs/ Central Excise officers

and obtain a licence under section 58 of the

Customs Act, 1962.

The B-17 Bond is a surety bond taken to cover

almost all the activities of the unit such as

transhipment of import/export goods between

port of import/export and units premises, duty

free import/procurement from the indigenous

sources as per relevant notification and

warehousing/storage in the unit, movement of

duty free goods for job work and return etc. The

Bond amount is equal to 25% of the duty

foregone of the capital goods required and is

l

l

required to be supported by a valid Surety/

security like a bank guarantee to the extent of 5%

of the Bond amount.

The importer is required to maintain a proper

account of the import & export consumption and

utilisation of all imported/locally procured

materials and submit them periodically to the

Development Commissioner/ Customs.

The STPI unit should be a Positive Exchange

earner

The importer is required to abide by the terms

and conditions of the Letter of Permission/Letter

of Intent /Industrial Licence issued to the unit.

The Import Procedure can be briefly divided in 3

stages follows:

l

l

l

Duty free import of equipments by STPI unitRashmi Limaye , Company Secretary, Great Software Laboratories Pvt. Ltd.

Duty free import of equipments by STPI unit

Importprocedure

I.Pre-shipmentCo- ordination

II.Clearance of

shipment

III.Post-shipmentprocedures and Re-warehousing

A. Obtaining permissionsand documentfrom STPI and Customs

B. Submission of documentsto the nominated clearing agent

C. Final transport and octroipayment for the equipment imported

Stage I] Pre-shipment co-ordination:

It involves co-ordination and communication

between the exporting party and the importing

party. The importing has to decide the basis The

basis of import is very important to determine the

extent of outflow of foreign exchange. An import can

be made on the following basis:

i) Purchase basis : This involves import of the

desired equipment from a foreign market and

involves outflow of foreign exchange through the

normal banking channels

ii) Loan basis : Whenever equipment is imported on

loan basis for some R & D work without outflow of

any foreign exchange with a condition to return

the equipment on completion of work.

STP units may import all required Capital Goods for

creating STP infrastructure. Unless otherwise

prohibited, STP units are allowed to import

equipment on Outright Purchase or on Loan or Free


9

of Cost or Lease basis. Duty Free import of

equipment is permitted based on the import

certificate and original attested shipping invoice

granted by STPI. STP units are required to ensure

that they operate within the imported capital goods

(CG) limit as indicated in the approval letter for

setting up STPI unit.

The equipment/goods proposed to be shipped have

to be packed strictly according to the Customs

requirements. The package to be shipped must

fulfill the following conditions:

i) Equipment should be packed and sealed well so

as to preserve and safeguard its contents.

ii) Equipment should be accompanied by an invoice

that declares its value for Customs purpose.

iii) It should clearly mention the addresses of the

exporter as well the importer.

iv) The package must mention the contents and the

gross weight of the equipment/package.

The shipping agents of the exporter co-ordinates the

shipping of the equipment, and simultaneously the

documents required by the Importing party's

clearing agents for clearing the shipment duty free

from the Customs Authorities .

Stage II] Clearance of the shipment:

This is the lengthiest stage in the process of import :

A. This stage basically involves obtaining sanctions

from various statutory authorities and

submitting documents to the Customs

Authorities. STP units are placed in a special

category and are eligible for fast track clearance

through the Customs. Clearance of import

consignments is allowed at the gateway port/

Aircargo Complexes on the strength of the import

certificate issued by STPI and the procurement

certificate issued by the customs authorities of

the concerned range office within whose

jurisdiction the unit falls.

When the shipment arrives at the port of entry,

the Clearing agents generate a “Cargo Arrival

Notice” which is accompanied by the airway bill

or the shipping bill. The importer is informed

about the arrival of cargo and is requested to

produce the necessary documents required to

clear the shipment duty free through the

Customs.

It is important to clear the shipment in minimum

possible time to avoid payment of demurrage

charges or any damage to the equipment being

imported.

The following documents have to be produced by

an STPI unit and a 100% EOU to its clearing

agent unit at this stage:

Import certificate which is a simple one-page

certificate is issued by the STPI for import of

equipment against the application made and

commercial invoice submitted to the STPI.

Commercial Invoice sent by the exporting

party and attested by STPI is the shipping

invoice against which the equipment is

imported and is generated only for Customs

Purpose.

Commercial invoice submitted to the STPI must

contain the following details such as Date and

invoice number, Name of the exporter &

importer, Description and number of goods being

imported, Weight and value of the equipment,

Signature of the authorized signatory of the

exporting party and If the equipment is imported

on Loan or Free of cost the invoice should clearly

state: "Material is sent on Loan or Free of Cost

basis and the value is for custom purpose only".

Once the documents are found in order, the

Import certificate together with the attested

Commercial invoice is issued by the STPI to the

unit concerned.

Procurement certificate from the Customs

Authorities. The STP unit is required to obtain

a procurement certificate from the Customs

authorities on the basis of the import

certificate and attested commercial invoice

issued by STPI.

Following documents are required for obtaining a

procurement certificate from the office of the

Customs range in whose jurisdiction the STP

Unit falls:.

i) Simple application addressed to the

Superintendent of Central Excise and

Customs of the jurisdiction within which the

concerned STP unit falls.

ii) Certified true copy of the Import certificate.

iii)Certified true copy of the commercial invoice

attested by STPI.

iv) Procurement certificate in the prescribed

format

Once the documents are found to be in order, the

Customs office issues a Procurement certificate.

B. Submission of documents to the Clearing agents:

Once the documents mentioned above are

received from the STPI and Customs, the

l

l

l


10

following documents have to be submitted to the

clearing agents by the importing unit in a sealed

envelope issued by the Customs office

i) Photocopy of the Airway bill.

ii) Photocopy of IEC certificate issued by DGFT.

iii) Original Import certificate issued by STPI,

iv) Original Commercial invoice attested by STPI.

v) Original procurement certificate issued by the

Superintendent of Central Excise and

Customs

vi) 5 blank letter heads of the Company

vii)Duly signed Form “N” (This is available with

the clearing agent concerned)

viii)Octroi Exemption certificate incase the unit

has been exempt from payment of Octroi by

the Municipal corporation.

C. Once all the documents are submitted to the

clearing agents, they undertake the clearance

formalities and arrange for transportation of the

equipment to the importers unit.

Stage III] Post shipment procedures and Re-warehousing:

Once the equipment is transported to the importers

office, it has to kept within the Custom bonded

premises of the importer. The imported equipment

can only be opened in the presence of a Customs

Inspector. The Customs Inspector checks the Bill of

Entry generated for the equipment and all the

relevant papers before authorizing opening the

equipment. Once the equipment is opened, he signs

on bill of entry and checks the entries made in the

Customs bond Register

On every duty free import made, the importing unit

has to maintain the details in a physical register.

such as Bond number and date, Date of receipt of

goods in the warehouse, Vessel name with IGM and

Index No., No. of packages, Marks/number,

Description and value of goods (as per the Bill of

entry), Amount and Rate of duty, Bonders name and

address.

Once the particulars are filled in they are checked

for correctness and counter signed by the Customs

Inspector. The STPI unit has to obtain a Re-

warehousing certificate for re-warehousing and

maintaining the imported equipment in the

company's bonded warehouse within a period of 90

days.

The application for re-warehousing certificate has to

be made to the Customs range concerned along with

the Re-warehousing certificate in the prescribed

format, Bill of entry, Lorry receipt, and the Octroi

receipt,

On receipt of the re-warehousing certificate, the

following documents need to be submitted to the

Clearing agents in a sealed envelop stamped by the

Customs authorities to complete the import

formalities:

1. Original re-warehousing certificate issued by the

Customs.

2. Original Bill of entry counter signed by the

Customs inspector

The documents mentioned above have to be

submitted through the Clearing agents to the office

of the Assistant Commissioner of the relevant Port of

Entry. The Re-warehousing certificate is cancelled

and stamped by the Customs authorities as full and

final endorsement of completion of the import

related formalities.

Conclusion:

The procedure though a little lengthy and tedious is

a blessing for STP units as they can use the benefit

provided under the scheme for import of crucial

equipment necessary for Software and Product

development absolutely duty free which in turn

boosts the export of the country and also aids in

undertaking crucial R & D work by Software Product

and Development companies.

� � �

(which can be construed as lock-in) from the date of grant of options for conversion into shares.

However, shares issued under ESPS shall be locked in for a period of one year from the date of allotment.

Documents required for remittance of funds to

the bank account of Non-resident / Foreign

National on sale of share:

Following documents shall be provided by the Non-Resident / Foreign National to the broker for remittance of funds to his bank account:

1. ESOP letter.

2. Certificate from Chartered Accountant to the effect that capital gains tax has been paid.

3. Swift Code of the bank where the funds are to be remitted through wire transfer.

4. Instruction from Non-resident / Foreign National to credit the amount to his bank account.

Once these documents are provided to the broker, funds would be remitted abroad.

� � �

(Contd. from Page No. 7)


11

Contracts are the medium through

which the parties define the scope

o f wo rk , the i r r o l e s and

responsibilities and the commer-

cial terms. Before drafting any

contract we need to know comp-

letely the business our company is into. We should

coordinate with our technical team to understand

the type of work that we would be offering under a

contract. Draft a contract which takes care of any of

our future work possibility with the customer. If we

are drafting contract for a specific customer then

read the terms of the Request for Proposal (RFP)

responded to that customer to reduce the number of

iterations for negotiations. Get involved at an early

stage while the commercial or technical details are

being discussed. We should always push for our

draft as we have complete control over the clauses

being stated in the draft and it helps in negotiating

the contract and reduces the number of iterations.

We should include our draft along with our

response to RFP so that the customer becomes

aware of our contract terms.

The customer key concern in an IT contract is IP

and confidentiality.

Intellectual Property (IP):

We need to write our clauses which states that the

work done for the customer is “work for hire” and

the deliverables belong exclusively to the customer.

We need to state clearly that the deliverables will be

assigned only if the payment obligations by the

customer's are met. Define our pre-existing

intellectual property used in the project. As a service

provider, we should retain a complete ownership on

our pre-existing IP and the customer acquires a

perpetual right to use the pre-existing IP only in

connection with the deliverables. We should have a

right to use the residual knowledge in any of our

other customer's project or for our internal

development purpose.

Confidentiality:

This clause will obligate us to maintain the

confidentiality of the information that we acquire

during the term of the Agreement. As a service

provider we should always provide a definite term

for the survival of confidentiality obligations so that

we know when our liabilities under a contract will

end.

Indemnity:

The customer will try to negotiate and make us indemnify for any damages that they will suffer due to our acts and omissions. We are a service provider and our liability should ideally expire after the deliverables are accepted by the customer but this may not sell and we may have to indemnify the customer for our acts of gross negligence or willful misconduct. The customer will require us to indemnify for any intellectual property infringement or gross negligence or willful misconduct. Provide carve out to intellectual property infringement and should be only related to the deliverables and have not resulted due to any modifications to the deliverables. The term gross negligence or willful misconduct is too broad and should be only limited to death or personal injury or property damage.

Key concerns of Service Provider:

Scope of work and payments:

Define the scope of work in the statement of work. Introduce a concept of changes order to take care of any changes to the scope of work, the service provider should have a right to change the commercials terms accordingly. Define the Service level (SLA) in terms of providing services to the customer. Define the payment terms. Do not link the payment terms with the acceptance of deliverables under time and material contract. In a fixed price contract we may define the payment milestone in line with the deliverables milestone. Provide an expiry date to the rates provided in the contracts. We should keep a provision of charging interest if the customer delays in making the payments.

The contract shall also list down in detail what hardware and software will be provided by us to execute the work. If the customer requires any additional hardware and software, the contract shall clearly provided that it will be at additional cost to customer. We should always discuss the commercial issues with the technical team to understand the type of additional cost that may be passed on us while providing services and we should provide some provision in the contract to take these issues later as and when it will come up.

Approval of deliverables:

Define the approval period within which the

customer should provide its conformity for the

deliverables. If the customer fails in providing its

Drafting and Negotiating Outsourcing ContractsSonal Sharma , Legal Officer, Persistent Systems Private Limited

Drafting and Negotiating Outsourcing Contracts


12

non-conformity then the deliverables should

deemed to be accepted by the customers. The

contract provides for improvement, modification

etc. of the deliverables during the time the customer

is evaluating the deliverables.

Liability:

Restrict contractual liability to maintain

equilibrium between the risk and reward ratio. We

should indemnify the customer only for the direct

damages and disclaim any third party, indirect,

consequential and incidental damages. Limit

liability to a particular value it should be either the

value of the contract or the company's insurance

coverage.

Resources:

Provide restrictions in the contract so that the

customer is not free to solicit the service provider's

employees.

No compete:

The customer may try to impose certain conditions

which may restrict us in doing business with any

third party. Avoid having such clauses in contract.

Termination Rights:

The Service Provider should have the termination

rights under the contract. The contract should

define the obligations of both the parties upon

termination.

Jurisdiction:

Ensure that the jurisdiction agreed in the contract

support the terms and conditions of the contract.

We should always push for the jurisdiction of the

countries where our company has some local

presence. Litigation may not be a preferred mode to

settle the dispute then provide an alternative for

arbitration. Define the process, mode and the venue

for arbitration.

Tips for Negotiation:

Read the clauses well. Prepare a separate list of

issues it will help in concentrating only on the

contentious issues in the contract. Make the

technical team aware of the legal issues brief them

the concerns related to the issues. We should also

do some due diligence on the customer to have an

idea about the type of business the customer is into.

Keep alternatives ready to propose during the time

of negotiations, this will help in early closure of

issues.

It is not necessary that the draft proposed by us will

be accepted by the customer. They propose their

own draft. It is necessary for the negotiation team

not to be too rigid. There were times, when certain

clauses of the customer were not negotiable but now

the scenario is changing as the service providers are

becoming aware of the impact of such one-sided

clauses on their business. While accepting such

clauses, it is necessary for the negotiation team to

have a future foresight about how the existing

clauses in the contract will govern the relationship

between the parties. In today's competitive world,

negotiating the contract is becoming more and more

difficult and challenging task. It is also necessary

that in the changing business scenario, we continue

to update our contract template. We cannot put

forward the contract template, which has no

business significance at present and we might be

forced to accept our customer's template, but if the

contract template is in line with the current

business practices, the chances of such draft being

accepted increases.

� � �


The candidate should have relevant

experience of handling secretarial and

legal matters of the company. Interested

candidates may forward their resume to :

Mr. Kailash NairManager Finance

KAESER COMPRESSORS (INDIA) PVT. LTD.

Survey No. 255/1, Hinjewadi Gaon,Tal. Mulshi, Pune 411 057.

Tel. : + 91 20 22934610/616

Fax : +91 20 22934648

Email : [email protected]

Websit : www.kaeser.com

WANTED

COMPANY SECRETARY

13

'Information' plays key role in the business world today. Almost all types of decisions i n b u s i n e s s environment are taken on the basis

of reports/information generated through 'Management Information Systems'. Information Technology has integrated computers and communications, which help users to take appropriate decisions in time.

The organisations have changed its business processes. This requires information to be current, accurate and be made available to users as & when required. Information is also collected from various departments of the organisation for decision-making, legal compliance & for communication to various stakeholders e.g: shareholders. The generation of information is dependent on computer system, which is now a days well described as Information Systems. The system involves people, software, hardware, communication devices, networking & the most important data.

In the era of globalization and acute competition, most of the organizations have implemented Information Technology (IT). It has resulted into carrying lot of IT related risks, problems of internal controls as well as security of IT resources. This has necessitated review of and assurance to the top management about its Information Systems. Like other audit and assurance services, IS audit provides an assurance to top management that IT related controls, security and other measures, are in place and adequate. It is worthwhile to note that few traditional controls like segregation of duties play pivotal role even in IS audit.

Information Systems Audit :

IS audit is an independent appraisal of activities related to Computer Systems by team of professionals. IS auditor reports audit findings accompanied with recommendations. The organisation should ensure proper internal control. IS Auditor reviews the same and recommends on any deficiencies in the control system. IS audit assures management that controls embedded in the computer systems and related operations are proper and adequate. IS audit is an independent appraisal of Information System which ensures that Internal controls are effective and efficient to provide up to date, accurate, relevant information to

Information Systems Audit Uday V Kulkarni , F.C.A., CIA (USA) CISA(USA)

Abhijit V Chirputkar , M.Com, F.C.A., CISA. (USA)

Information Systems Audit

meet business objectives. The Audit of Computerised Information System & Audit through Computerised Information System are two different concepts. In this article our focus is on audit of Information & Communication system.

Objectives of IS audit :

Audit is process of colleting and evaluating evidences to authenticate and validate the data processing system. The objective of IS audit includes;

a) To provide reasonable assurance about management of IT risks;

b) To provides reasonable assurance about existence of different types of controls including internal controls (eg: in computer programs) and recommending improvement in internal and other controls;

c) Evaluation of systems and processes to ensure;

i) Safeguarding of assets ( IS assets)

ii) Data integrity

iii) System efficiency and effectiveness

d) To ensure law compliance (RBI has recognised IS audits in banks)

Need of Information System Audit:

a) Now a days all types of transactions are entered through computer systems. As transactions entered the system, these are automatically processed for recording, reporting or as input to next set of transactions. These processes are carried out by programs creating a problem of 'audit trail'. The accuracy, speed & flow of process largely depend on quality of software implemented. Software development includes process of testing however Software audit is one of the processes or part of testing. To ensure the quality of software & implementation (customization) Information System audit is necessary. Computer programs should ensure that all transactions are processed correctly.

b) Security of Information System is on the top agenda in all the organizations. Security of people, data, networking, hardware, software is most important. In absence of security measures, organization may collapse. It has led to introduction of various international standards. (e.g. BS7799/ISO17799 are available for Information Security). As a part of IS audit, auditor ensures adherence to various security norms mentioned therein.

c) The accuracy of annual financial reporting as (See Page No. 16)


14

stIn 21 Century the nature of offences started taking a different way and specie of sophisticated offenders took birth, which started committing offences using Hi-tech technology. The old Indian Penal Code for the first time expressed its

inabilities to handle such offences committed through Internet and with the help of tools of Information Technology, and therefore in the year 2000 Indian Government felt necessity to have a special Act, to deal with such type of offences/ crimes and therefore Information Technology Act 2000 was passed.

Now let us see the offences (cyber crimes) committed through computer, computer systems, Internet etc.

The first reported cyber crime is of the year 1820. One Mr. Jacquard from France, a textile manufacturer produced the loom. With the help of this device repetition of series of steps in the weaving of special fabric were increased, and this created a fear amongst Jacquad's employees that their traditional employment and livelihood is threatened. Therefore they committed act of sabotage to discourage Jacquard from using technology.

Financial Crimes:

Misappropriation of Funds : Punjab National Bank was cheated to the tune of Rs. 1.39 Crores through false debit and credits in computerised accounts.

The Hyderabad police had arrested two persons. Manohar was an unemployed computer engineer and Moses was a steward in a five star hotel in the city. Moses used to note down various details of credit cards handed over by clients of the hotel for paying their meal bills. Then he used to pass on the said information to Manohar, and then Manohar used the details to make online purchases on various websites such as sify.com, rediff.com etc. On the complaint of a businessman, who handed over his credit card to Moses for payment of dinner bill the case was investigated and both were arrested

Cyber pornography : Pornographic websites, pornographic magazines produced using computers, pornographic downloads using Internet is included in this offence.

l

l

l

l

l

Cyber CrimesAdv. Rahul Risbud , B. Com, LL.B. M.LL. & L.W., Dipl. In Cyber Laws

Cyber Crimes

A student of the Air Force Balbharati School, New Delhi was teased by schoolmates for having pockmarked face. Annoyed with this, he decided to take revenge and he hosted a website at the URL www.amazing-gents.8m.net and provided in text material lucid, explicit, sexual details of various sexy girls from the school and the school teachers. The father of the girl being an Air Force officer registered a case under Section 67 of the IT Act, 2000. The police arrested the concerned student.

Sale of illegal articles : The sale of narcotics, weapons and wildlife etc. by posting information on website, would fall under this offence. E.g. many of the auction sites even in India are believed to be selling cocaine in the name of 'honey'.

Online gambling: Many websites worldwide are dedicated to gambling. Infact it is believed that many of these websites are actually fronts for money laundering.

Intellectual property crimes : These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc. One M/s Network Solutions have r e g i s t e r e d d o m a i n n a m e s s u c h a s barticellular.com and bhartimobile.com with different fictitious names. Bharati Cellular Ltd. had filed a case in Delhi High Court against M/s Network Solutions for cyber squatting, and the High Court has directed M/s Network Solutions not to transfer the domain name in question to any third party and the matter is sub-judice.

Email Spoofing : When an email appears to be generated from one source but is actually generated from another source, it is called as spoofed email. In Global Trust Bank case, some body send a spoofed email to the customers of the bank, stating that the bank is in bad financial condition, as a result numerous customers decided to withdraw all their money and close their accounts. The email which seems to be originated from one source but is actually originated from other source is known as spoofed email.

Forgery : Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using sophisticated computers, printers

l

l

l

l

l

l


15

* With a minimum 6 month validity prepaid plan. Conditions apply.

and scanners. Whenever news flashes in newspaper that Mr. X arrested for selling fake mark sheet, remember that Mr. X can be punished under the I T Act, 2000.

Cyber Defamation : Whenever somebody publishes some defamatory information, about somebody using computer and/ or the internet, it amounts to cyber defamation. India's first case of cyber defamation was reported when a company's employee started sending defamatory and obscene e-mails about its Managing Director, which were sent to many business associates to tarnish the image and goodwill of the company. The Company was able to identify the person and approached to Delhi High Court.

Cyber stalking : Stalking means “pursuing stealthily”. It means following a person's movements across the internet by posting messages or bulletin boards frequented by victim, entering the chat-rooms frequented by the victim, constantly sending e-mails to the victim etc.

Unauthorised access to computer systems or

networks : This is commonly known as hacking but Indian law has given a different connotation to this i.e. unauthorised access.

Theft of information contained in electronic

form : Any information stolen which is kept in computer hard disks, any removable storage media etc. is an offence punishable under the Information Technology Act, 2000.

Email bombing : It means sending of large number of emails to the email account of an individual or to server of a company so that victims email account or server crashes.

Data diddling : It means altering data before it is processed by a computer or computer system and changing it back after the processing is completed. The NDMC Electricity Billing Fraud Case is the best example of this offence, wherein NDMC Delhi had outsourced to a computer professional work of collection of money, computerised accounting, record maintenance etc. He misappropriated huge amount of funds by manipulating data files to show less receipt and bank remittance.

Salami attacks : These attacks are used for commission of fraud. The alterations made in computer system with the help of a programme in this case are so significant that in a single case it goes unnoticed. In a case in USA an employee programmed a logic bomb to take ten cents from

l

l

l

l

l

l

l

all the accounts in the bank and put them into the account of the person whose name was alphabetically the last in the banks list. Then he went and opened an account in the name of Ziegler. The amount being withdrawn from each of the accounts in the bank was so insignificant that neither any of the account holders nor the bank officials noticed the fault. It was brought to their notice when a person by the name of Zygler opened his account in the bank. He was surprised to find a sizeable amount of money being transferred into his account every Saturday and the entire scheme was revealed.

Denial of service attack : By sending excessive demands to the victims computer/s in excess of the demands that one computer can handle, leading to crashing of computer system or computer network, and thereby causing denial of service by the resource to the authorised users is known as denial of service attack. Denial of service attacks have had brought down the websites like CNN, Yahoo, eBay, Amazon etc.

Virus/ worm attacks : Viruses are programmes which attacks to a computer or a file and them circulate themselves to other files and other computers on a network, and affects data on a computer by either altering or deleting it. Whereas worms do not need any host, and they make functional copies of themselves till they eat all available space on a computer memory.

Logic bombs : These are a virus which gets activated on doing something. They may even remain dormant for a year and get activated on doing or not doing something.

Trojan attacks : As name aptly suggest, a Trojan is an unauthorised program which seems to be harmless in nature which thereby concealing what it is actually doing, causes harm to the computer, computer system, computer network or to any files in the computer.

Internet time theft : This means usage by an unauthorised person of the internet hours paid for by another person. In Delhi one person by name Mr. Mukesh Gupta an engineer with Nicom Systems (P) Ltd. was sent to the residence of the complainant to activate his Internet connection. However, the accused used Col. Bajwa's login name and password from various places causing wrongful loss of 100 hours to Col. Bajwa. Delhi police arrested the accused for theft of internet time, on a complaint lodged by Col. Bajwa.

Web jacking : When someone by cracking a

l

l

l

l

l

l


16

password gets hold of a website, thereby denying the control over the website to the real owner, are called as web jacking.

Theft of computer system and/ or physically damaging a computer system is two cyber crimes.

Ga in ing en t r y i n t o , i n s t ruc t i ng o r communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network is a cyber crime.

l

l

l

l

l

Password cracking is one of the cyber crimes.

Threatening emails : Sending threatening emails is a cyber crime.

Similarly spreading defamatory emails, a fraudulent email is a cyber offence.

These are some of cyber crimes committed by using computer, computer system and internet and are punishable under the Information Technology Act 2000.

� � �

well as submission of various reports to SEBI, CLB, and Government departments as part of compliance of laws is largely dependent on Information and communication system. Such information is generated & gathered through ERP packages or other packages. Even for statutory audit also Information System Audit may be treated as a pre-requisite. IS audit ensures reliability & accuracy of information before it is submitted to outsiders.

d) To achieve business objectives, internal controls are essential in all types of organizations. Internal controls like separation of duties etc are part of day-to-day functions. Now-a-days due to computerization and automation, various controls are also automated and embedded in the systems. IS audit ensures that the required internal controls are automated & functioning properly.

e) Post Enron circumstances led different countries to introduce laws such as SOX in US, SAS70 etc. Internal controls related declaration is also required in India. The primary objective of these laws is to provide timely accurate information to various stakeholders. Information System has become a part of Internal Control hence declaration, certification of Internal Control is largely dependent on the quality, accuracy and security of Information system. These aspects can only be evaluated and assured as a part of Information System audit.

f) Various types of frauds, malicious acts are conducted through computers. To prevent, detect & correct these types of acts Information System audit is required.

g) The quality of information largely depends on the quality of various computer controls. Proper evaluation of these controls like input controls, process controls, data integrity controls, output controls is carried out in IS Audit

h) IS audit plays key role in Business Continuity Planning.

i) Every organization, which is running its

business, processes and operations through computers, should conduct information system audit. Even now a days most of the banks are conducting IS audit on regular basis.

Types of Information System Audits:

IS Audit is not a single type of audit. It is done for different facets of Information Systems. A few types are as follows;

a) General Computer Control Audit

b) Reviewing Controls: It includes reviewing wide range of controls like environmental access controls, physical access controls, logical access controls, IS operations controls, Application controls, IT implementation controls, System Development Life Cycle controls etc.

c) Application Software Audit

d) Information & Communication System Security Audit/review

e) Information System procedural audit

f) Pre-Post software implementation audit

g) Data conversion audit

h) Review of BCP controls and disaster recovery planning

IS Audit and IS Auditor:

IS audit is conducted by professional called as IS Auditor. The skill sets required for these type of audits are certification like CISA, CISM, or qualification as ISA. IS Auditor should be technically competent and possess requisite skills to carry out IS audit. As a requirement to any professional member he should undergo Continuous Professional Education. The Audit charter should clearly state responsibility, authority and accountability of IS Auditor. Company Secretary is also required to carry out secretarial audit and in some cases system audit related to his/her area. In present scenario IS audit qualification may be of great help to understand computer processes, programs related to his/her professional work.

� � �

(Contd. from Page No. 13)



l

l

l

Study Circle Meeting

A Study circle meeting on the topic “Basic

concepts in Capital Markets” was organized at ththe Pune Chapter on Saturday the 27 May,

2006 in between 4.00 pm to 6.00 pm. Mr Amit

Modak, Director, Pune Stock Exchange Limited

delivered a lecture elaborating the basic concepts

involved in the capital markets and incidental

issues related thereto. Around 10 members were

present for the said lecture.

Free Seminar for HSC students and their parents

Every year the chapter organizes a free seminar

for the students of HSC and their parents at Pune

Chapter premises with an objective of giving

them information about career as Company

Secretary. This year two such seminars were thorganized at Pune Chapter on 4 of June, 2006

i.e. one day prior to the declaration of HSC thresults and again on 11 June, 2006. More than

50 students and their parents attended the said

free seminars. Office bearers of Pune Chapter

briefed the students present about the CS

course, its contents and scope in employment as

well as in practice.

Visit of President of ICSI

Mr H.M.Choraria , President of ICSI, Ms Preeti

Malhotra, Vice President of ICSI, Mr N.K.Jain ,

Secretary and CEO of ICSI along with other

central council members visited Pune on the

occasion of Central Council meeting, which was th thheld on 9 and 10 June, 2006. Felicitation of

President, Vice President and Secretary & CEO thwas organized on 9 May, 2006 at Hotel

President at 7 pm. More than 70 students and

members were present for the felicitation

function. Mr H M. Choraria , President was

felicitated by Mr Nishad Umranikar, Chairman

Pune Chapter by offering him “Puneri Pagdi &

Uparane” and a memento. Vice President ,

Secretary & CEO and all other central council

members were also felicitated by offering them a

memento. Mr Arvind Gaudana, Chairman WIRC

who was present at the function, was also

felicitated. An exclusive interview of the

President and Vice President was also organized

with Ms Gauri Athalye, Senior Journalist , The thEconoimc Times on 9 of June, 2006 at 6.15 pm.

Secretary & CEO, Vice President and President

addressed the gathering. President informed the

members that the Institute is planning to bring

out Post Membership Qualification course on

Corporate Governance. He added that effective

steps are being taken to obtain recognition for the

profession in Labour Law audits and Institute

would also be coming out with a guideline for

such audits for the benefit of members. Apart

from that, steps were being taken to liaison with

Professional Institutes in countries like Kenya ,

Singapore etc.

While talking to students present he informed

further that the syllabus of the course was under

review and the same would be changed in the

next year. Also efforts are being taken to

introduce seventy hours of computer training for

the students and discussions were being held

with NIIT in this regard. thOn 10 of June, 2006 President, Vice President ,

Secretary & CEO along with other central council

members visited the Pune Chapter office and had

interaction with the chapter staff.

OTC Intermediate Faculty Meeting thOn 15 of June, 2006 a meeting of Office bearers

of Pune Chapter with faculties of Intermediate

Oral Tuition Classes was held at the Chapter.

The meeting was held in order to inform the

faculty members about the guidelines issued by

ICSI, fix the lectures for the next batch of OTC ,

decide dates of CC examination and in all

conveying the expectations of the Managing

Committee to the faculty members.

� � �

l

Chapter Report Pallavi Kulkarni -Salunke , Secretary, Pune Chapter

Chapter Report

Forthcoming ProgrammesSr. No. Date Programme Venue

1. July 19, 2006 Inauguration of Intermediate OTC Pune Chapter

2. July 24, 2006 Full day programme on MCA 21 To be decided

3. July 30, 2006 Study Circle Meeting Pune Chapter

Forthcoming Programmes

For Private Circulation only. All opinions / views expressed in "Sanhita" are those of the authors only. The opinions expressed herein should not be construed as legal or professional advice. The Chapter/ICSI does not take any responsibility for the information published in "Sanhita" including intellectual property rights of third parties. Published by Mr. Nishad Umranikar for and on behalf of the Pune Chapter of the Western India Regional Council of the Institute of Company Secretaries of India, 23, Mukund Nagar, Corner of Lane No. 1, Above Joshi Hospital. Pune-411 037. Telefax:020-24263228/0341. E-mail : [email protected]

23,Mukund Nagar, Corner of Lane No.1, Above Joshi Hospital, Pune - 411 037.Ph. 020-24263228 / 0341 E-mail : [email protected]

If undelivered please return to :

PUNE CHAPTER

SIN PURSUIT OF PROFESSIONAL EXECELLENCE

Statutory body under an Act of Parliament

The Institute of

Company Secretaries of India

JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter

Visit of President of ICSI Visit of President of ICSI

Visit of President of ICSI Visit of President of ICSI

Study Circle Meeting Free Seminar for HSC students and their parents