PROJECT REPORT

OF
DISA 2.0 COURSE
2017

ASSESSING RISKS &

FORMULATING
POLICY FOR
MOBILE
COMPUTING
FOR
RADISSON LIMITED

Auditors:-
Bitcoin & Associates
Chartered Accountants
FRN :139851W

Shop no. 16A,

First floor
Popular cloth market
Gandibagh,
Nagpur - 440002
 TABLE OF CONTENTS

Appointment Letter

Engagement Letter

A. Details of Case Study/ Project (Problem)

B. Project Report (Solution)

1. Introduction
2. Auditee Environment

3. Background
4. Situation

5. Terms and Scope of assignment

6. Logistic arrangements required

7. Methodology and Strategy

Adapted for execution of assignment
8. Documents reviewed

9. References
10. Deliverables

11. Format of Report/Findings and Recommendations

12. Summary/Conclusion
 Shop no. 16A,
First floor
Popular cloth market
BITCOIN & ASSOCIATES Gandibagh,
CHARTERED ACCOUNTANTS Nagpur - 440002

Project Report

Assessing risks and formulating policy for Mobile Computing

A. Details of Case Study/ Issue(Problem)

 Background:
Radisson Ltd is a global Indian organization dealing in –
 IT solutions/services to customers
 Customized and standard product

Radisson Ltd. Has development centres in India and marketing offices across
USA, Asia and Europe with more than 15,000 employees. Organization has
employed highly skilled professionals who are in great demand in the highly
competitive market.

 Cause(Implementation of Strict Attendance policy):

The Human Resource department of Radisson Ltd. has enforced mandatory
attendance policy. The attendance policy requires mandatory physical
presence of the employees at the office premises for specified number of
hours. This implementation of strict attendance policy is strongly
condemned by the employees.

 Issue:

The implementation of strict attendance policy by the Human Resource

department has contributed in following repercussions on the organization-
Management is concerned about risk associated with use of mobile
computing from off-site location.

 Scope:

Assess the company’s working practices, technology infrastructure, HR

policies, access policy, security requirements and customer deliverables.
Recommendations on how the company can implement mobile computing
with recommendations of policies and procedures required to meet
business needs, compliance and regulatory requirements.

PAGE 4
 BITCOIN & ASSOCIATES

Chartered Accountants

B. Project Report (Solution)

INTRODUCTION:

A. Auditee Covering : Auditee (M/s. Radisson Ltd) is an India based Multinational

Companydealing in information technology with development centers across globe.
Itdevelops standard and customized product with the help of 15,000 employees
including highly skilled professionals.

Nature of Business:Radisson Ltd provides Information technology solutions to its

clients along with customized and standard products.

Organization Structure:The organizationis distributed in following departments-

 Accounts and Finance
 Technical and IT Department
 Sales and Marketing
 Human Resource

The detailed Organization structure is as below in Annexure I.

B. Technology Infrastructure:The list of some technology infrastructure in the

company is Servers& Clients, Routers, Updated Software’s, Sound network and
security policy.

C. Policies and Procedure: The IS policy of Radisson Ltd. is given below-

 Password policy- Password policy should be in place and implemented.

Password should be Alphanumeric with special character and minimum of 8
letters.
 Logical and Physical Access- All Users’ connected to the network must be
authenticated and any new connection must be approved by central IT
department. Logs should be maintained for physical access by any employees
to server room and other critical places as may be notified by management from
time to time.

PAGE 5
  Data Encryption-Confidential information along with login ID’s and passwords
should be encrypted for improved security.
 Monitoring of Data- Random monitoring of data moving out through Emails
should be performed by IT department. Unauthorized flow of confidential
information out of organization should be intimated to the management.
Confidential information should only be flowed out of organization on requisite
approval from management.
 Third Part Access- All clauses of security policy should be applicable same to
the third party accessing network. Corresponding clause should be incorporated
in every contract where access to the network needs to be provided to
contractor.
 Remote Access- Remote Access should be governed by tight access controls
so as to provide minimum access wherever necessary. Remote access must be
secured by proper level of data encryption.
 Destruction of Confidential information- Confidential information must be
properly destructed by IT Department. Path adopted for destruction andRisk
involved, if any, should be conveyed to information owner by IT department.
 USB Access- USB ports should be blocked for every client in the networks.

D. About N-Cube Associates:

N-Cube Associates is a Nagpur based auditing firm specialized in Information
Technology Audits, Direct and Indirect Taxation and Audits. The firm has wide
experience of 8 years in Information technology audits. Team composition for this
assignment is 1 Manager, 3 Team Leader and 6Articles.

Sr.
Particulars Skill Set
No.
Information System Audits, Consultancy related to
1 Manager
information Technology Implementation, etc., Risk Analysis
Risk Management of Banks and financial institutions,
2 Team Leader
Financial audits of MNC’s and Indirect Taxation

PAGE 6
 AUDITEE ENVIRONMENT

A. About “Radisson Limited”:

Radisson Limited is in the business of consulting, technology, and outsourcing
solutions. As a proven partner focused on building tomorrow's enterprise, it enables its
clients in more than 5 countries to outperform the competition and stay ahead of the
innovation curve. With 15,000+ employees, Radisson Ltd. provides enterprises with
strategic insights on what lies ahead. It helps enterprises transform and thrive in a
changing world through strategic consulting, customised software development
services and other hardware and software support services.

The detailed organisational structure of Radisson is attached as Annexure 1.

Existing
Policies:
General Policies

 All persons must be sincere and dedicated to working towards the organizational
goals and objectives.
 All persons should act and conduct free from fraud and deception. Their conduct
shall conform to the best efforts.

 All persons not to compete directly or indirectly with the Company and not to
disclose the confidential and crucial information gathered by the individuals during

PAGE 7
PAGE 1
 BITCOIN & ASSOCIATES

Chartered Accountants

 the tenure of their position in this Company even after resignation from the
directorship or leaving the services of the Company.

 The workday begins at 9.00 am and ends at 6.00 pm. Variations in the regular
workday must be approved by Senior Management.

 Employees’ physical presence is strictly required at the office premises for

specified number of hours.
 In case of customer grievances, first reply shall be given in the first two working
hours.
 Any disputes / legal matters shall be restricted to Bangalore jurisdiction only.

Information Security Policies:

 All users must be authenticated. Authentication should be appropriate and where

passwords are used, clearly defined policies should be in place and implemented.
Users must follow good security practices in the selection and use of passwords.

 Physical access should be monitored, and access records maintained.

 Confidential information should be kept secure, using, where practicable,

dedicated storage (e.g. file servers) rather than local hard disks, and an
appropriate level of physical security.

 The permission of the information owner should be sought before confidential

information is taken off site & assure that appropriate safeguards are in place.

 Email should only be used to send confidential information where the recipient is
trusted, the information owner has given their permission, and appropriate
safeguards have been taken e.g. encryption.

 Compliance with this policy should form part of any contract with a third party that
may involve access to network or computer systems or data.

 Information owners should ensure that appropriate backup and system recovery
procedures are in place. Backup copies of all important information assets should
be taken and tested regularly in accordance with such an appropriate backup
policy.

 Where remote access is required, this must be controlled via a well-defined

PAGE 8
 BITCOIN & ASSOCIATES

Chartered Accountants

 access control policy and tight access controls provided to allow the minimum
access necessary.

 Any remote access must be controlled by secure access control protocols using
appropriate levels of encryption and authentication.
 The number of copies made of confidential information, whether on portable
devices or media or in hard copy, should be the minimum required, and, where
necessary, a record kept of their distribution. When no longer needed, the copy
should be deleted or, in the case of hard copies, destroyed & all copies should be
physically secured.

 Policies and procedures must be in place for the secure disposal/destruction of

confidential information.


SITUATION & BACKGROUND

The company required the assignment to be done because the HR department of the
company had enforced a strict attendance policy which required mandatory physical
presence of the employees at the office premises for specified number of hours. This
resulted in:-

 Increasing discontent from the employees

 Increase in employee turnover
 Decrease in productivity of employees

As a result of the above changes, the company suffered:-

 Deliverables to the customers not as per quality standards of the company

 Loss of reputation and business
 Decrease in market share and profitability

Control Weakness:
There was a weakness in the control of HR policies because of which organization could
not keep a track of the physical attendance, productive work timings and the output of all
employees. Subsequently, without analyzing the risks and outcomes, they implemented

PAGE 9
 BITCOIN & ASSOCIATES

Chartered Accountants

strict control policy which resulted in discontent from the employees for such changes in
policy.
Thus, we have been appointed to provide recommendations whether the company can
implement mobile computing along with policies and procedures required to meet
business needs, compliance and regulatory requirements.

Scope of assignment

We have been appointed to “Assess risks concerned & Formulating Policies for Mobile
Computing” for the head office of Radisson Ltd. at Bangalore. As discussed with the
management, the following Audit Charter has been finalized. It includes assessment of-
 Company’s current working practices
 HR Policies and changes to be brought in
Security policy and recommendations for new policies

 Customer deliverables
Risks associated with the organization’s use of mobile computing and its approach to
managing those risks.

METHODOLOGYAND STRATEGY ADAPTED FOR EXECUTION OF ASSIGNMENT

Our audit activity is broadly divided into 6 major steps for the convenience and effective
conduct of audit-

a) Planning the Audit

b) Tests of Policies & Procedures
c) Tests of Controls
d) Exploring Mobile Computing
e) Risk Control Matrix
f) New Security Policies

PAGE 10
 a) Planning the Audit
We obtained an understanding of the auditee organization and its processes, assigned
different area of audit to appropriate staff keeping in mind their skills and aptitude to
identify the areas of risk.
During our audit, we collected background information of Radisson Ltd., reviewed
previous audit reports and papers, service level agreements, third party contracts,
interacted with the management and information systems personnel, observed activities
carried out within the organization and reviewed the policies and procedures.

b) Tests of Policies & Procedures:

Tests of Policies included whether policies regarding information security, Human

Resource (HR), regulatory and legal matters existed in the organization. Secondly, we
reviewed whether such policies were implemented as desired.

c) Tests of Controls:

Internal controls were tested to evaluate whether they are operating effectively or not.
We have conducted a compliance, substantive and penetration test to identify the real
vulnerabilities of the environment. While carrying out tests of controls, we considered the
following aspects :
 Firstly, we identified what controls were existing in the organization to have a
track of man hours worked.
 What technology was being used to provide offsite services to solve customer
grievances?
 Whether identified controls were implemented.
 Whether the controls were adequate.
 Whether all controls were documented to make them effective.
 Whether the controls were intact so that they serve the purpose, as and when
needed.
 Whether the controls were monitored by means of strict supervision, surprise
Checks Periodic Inspection etc.
On review of test of controls, some weaknesses were found out. To overcome the
weaknesses and as suggested by the auditee, we can explore the option of
implementing mobile computing.

PAGE 11
 d) Exploring Mobile Computing

In today's world, computers have rapidly grown from being confined to a single location
to going mobile. With mobile computing, people can work from the comfort of any
location they wish to as long as the connection and the security concerns are properly
factored. Being an ever growing and emerging technology, mobile computing will
continue to be a core service in information communication and technology.

Growing trend for mobile computing

PAGE 12
 BITCOIN & ASSOCIATES

Chartered Accountants

Mobile computing presents truly exciting opportunities when companies are prepared to
make the transition from doing the same things in new ways to doing fundamentally
different things. Mobile Computing is an umbrella term used to describe technologies
that enable people to access network services anyplace, anytime, and anywhere. It
allows transmission of data, voice and video via a computer or any other wireless
enabled device without being “hard-wired” to a network or location.

Mobile computing is not just about using mobile phones but it is about computing on the
move using wireless connectivity. Mobile computing is enabled by use of mobile devices
(portable and hand held computing devices) such as Personal Digital Assistants (PDA),
laptops, mobile phones, tablet PC and Palmtops on a wireless network. The key
components of mobile computing are:
a. Mobile communication
b. Mobile hardware
c. Mobile software

a. Mobile communication:
The mobile communication in this case, refers to the infrastructure put in place to ensure
that seamless and reliable communication goes on with the organisation network. These
would include Protocols, Services, Bandwidth, and Portals necessary to facilitate and
support of the stated services. The data format is also defined at this stage. This
ensures that there is no collision with other existing systems which offer the same
service.

PAGE 13
 BITCOIN & ASSOCIATES

Chartered Accountants

Since the media is unguided/ unbounded, the overlaying infrastructure is more of radio
wave oriented, i.e., the signals are carried over the air to intended devices that are
capable of receiving and sending similar kinds of signals.

b. Mobile Hardware:
Mobile hardware includes mobile devices or device components that receive or access
the service of mobility. They range from :
 Portable laptops
 Smartphones
 Tablet Pc's
 Personal Digital Assistants (PDA),etc.

PAGE 14
 BITCOIN & ASSOCIATES

Chartered Accountants

The company should select mobile computing hardware on the basis of:
(a) Size and Form Factor
(b) Weight
(c) Microprocessor
(d) Primary Storage
(e) Secondary Storage
(f) Screen Size and Type

Although a lot of mobile hardware has many eye-catching characteristics, the decision
about which hardware to employ should be based entirely on clear business needs.
These devices are configured to operate in full- duplex, whereby they are capable of
sending and receiving signals at the same time. They don't have to wait until one device
has finished communicating for the other device to initiate communications. In order to
provide communications functionality to allow the handheld device to communicate with
the Internet or Intranet infrastructure, the company should ensure that at the back end,
there are servers like Application Servers, Database Servers and Servers with wireless
support, WAP gateway, a Communications Server and/or MCSS (Mobile
communications server switch) or a wireless gateway embedded in wireless carrier's
network.

PAGE 15
 BITCOIN & ASSOCIATES

Chartered Accountants

c. Mobile software:
Mobile software is the actual program that runs on the mobile hardware. It deals with the
characteristics and requirements of mobile applications. This is the engine of that mobile
device. In other terms, it is the operating system of that appliance. It's the essential
component that makes the mobile device operate.

Since portability is the main factor, this type of computing ensures that users are not tied
or pinned to a single physical location, but are able to operate from anywhere. It will
incorporate all aspects of wireless communications.

Benefits of Mobile Computing:

Mobile computing has changed the complete landscape of human being life. Following
are the clear advantages of Mobile Computing:

1. Location flexibility:-

This has enabled user to work from anywhere as long as there is a connection
established. Their mobility ensures that they are able to carry out numerous tasks at the
same time perform their stated jobs.

2. Saves Time:-

The time consumed or wasted by travelling from different locations or to the office and
back, have been slashed. One can now access all the important documents and files
over a secure channel or portal and work as if they were on their computer.

PAGE 16
 BITCOIN & ASSOCIATES

Chartered Accountants

3. Enhanced Productivity
Productive nature has been boosted by the fact that a employee can simply work
efficiently and effectively from which every location they see comfortable and suitable.
Users are able to work with comfortable environments.
4. Ease of research:-

Research has been made easier, since users will go to the field and search for facts and
feed them back to the system. It has also made it easier for field officer and researchers
to collect and feed data from wherever they are without making unnecessary trip to and
from the office to the field.
5. Streamlining of Business Processes:-

Business processes are now easily available through secured connections. Basing on
the factor of security, adequate measures have been put in place to ensure
authentication and authorization of the user accessing those services.
Some business functions can be run over secure links and also the sharing of
information between business partners. Also it's worth noting that lengthy travelling has
been reduced, since there is the use of voice and video conferencing.

6. Greater Business Prospects:-

It provides opportunities to:

 Open up new channels
 Expand reach into new and existing markets
 Create tighter partner and customer relationship
 Gain competitive advantage
 Increase productivity and bottom-line performance

Challenges in Mobile Computing:-

 Disconnection with organization’s network/ server.

 Low bandwidth
 High bandwidth variability
 Low power and resources

PAGE 17
 BITCOIN & ASSOCIATES

Chartered Accountants

 Security risks
 Wide variety terminals and devices with different capabilities
 Device attributes
 Fit more functionality into single, smaller device

Mobile Computing Security Issues:-

Mobile computing has its fair share of security concerns as any other technology:

1. Due to their nomadic nature, it's not easy to monitor the proper usage. Improper and
unethical practices such as hacking, industrial espionage, pirating, online fraud and
malicious destruction are some but few of the problems experienced by mobile
computing.

2. Another big problem plaguing mobile computing is credential verification. It's not
possible that the person using is the true barrier. Other users share username and
passwords. This is also a major threat to security.

3. The problem of identity theft is very difficult to contain or eradicate.

4. Physical damage to devices, data corruption, data leakage, interception of data and
possible exposure of sensitive information.

5. Lost devices or unauthorized access to unsecured devices allows exposure of

sensitive data, resulting in loss to the enterprise, customers or employees.

PAGE 18
 BITCOIN & ASSOCIATES

Chartered Accountants

Controls in Mobile Computing:

Radisson Ltd. should not lay open their secrets to hacker and other intruders, who will in
terms sell them to their competitors. Therefore, it's important to take the necessary
precautions to minimize these threats from taking place. Some of recommended
measures are:
 Developing and implementing a Mobile computing security policy.
 Use of encryption technology such as virtual private networks.
 Use of power-on passwords.
 Use of encryption for stored information.
 Hiring qualified personnel.
 Installing Security Hardware and Software.
 Educating the Users on proper Mobile computing ethics.
 Auditing and developing sound and effective policies to govern mobile
computing.
 Enforcing proper access rights and permissions.
These are just but a few ways to help deter possible threats to your company’s planning
to offer mobile computing. Since information is vital, all possible measures should be
evaluated and implemented for safeguard purposes.
Various threats to security still exist in implementing this kind of technology.

e) Risk Control Matrix:

There are some risks that are associated with mobile computing. Risks can be
categorized into three types –

 Operational Risks
 Technology and Data Risks
 Legal and Regulatory Risks

Some risks can get riskier and so they should be avoided or mitigated using effective
controls.
An illustrative risk control matrix has been given below for your easy reference:-

PAGE 19
 BITCOIN & ASSOCIATES

Chartered Accountants

Sr.
Risks Controls
No.

Operational Risks :

Malicious software - It can shut down Use effective and updated anti-virus and
1
or take-over mobiles devices anti-malware
Take insurance of devices.
An inability to wipe-clean or lock
2 Implement a central management control for
stolen devices
device remote control
Ineffective vulnerability, configuration
Regularly scan and test configurations &
3 and penetration testing for mobile
settings on mobile devices.
devices
Protect sensitive information on devices with
An inability to detect or prevent
encryption.
4 rogue applications from operating on
Implementation of suggested mobile
mobile devices
computing security policy

Technology and Data Risks :

Modification of device security Installing enhanced security hardware and

1
parameters by end users software.
Installation of unapproved or corrupt Enforcing proper access rights, installation of
2
applications rights and permissions
Protect sensitive information on devices with
encryption and privilege control.
Regular back-up of sensitive information.
Prevent unauthorized devices and people
Loss of sensitive information due to
3 from accessing information/ applications by
unauthorised access
using strong passwords, two way
authentications.
Mobile devices should be disabled of USB,
Bluetooth

PAGE 20
 BITCOIN & ASSOCIATES

Chartered Accountants

Complexity of cloud-based Provide proper training and education to

4
applications users

Legal and Regulatory Challenges :

Implement a central management console to

Exposure to civil or criminal action
1 manage all stages of asset management
due to inadequate due-care findings
from installation to retirement

Other issues involved:

By implementing mobile computing, the following issues might arise and we suggest the
corresponding strategies to address them

Sr.
Issues Involved Strategies
No.
Turn to cross-platform centrally managed
1 Providing support to various Devices
mobile device managers
Contolling data flow on multiple Secure the systems that are accessed with
2
Devices authorization, encryption & privileges control
Preventing data from being Monitor & restrict data transfers to handheld
3 synchronized onto mobile devices in or removable storage devices and media
an unauthorised way from a single, centralised console.
Keeping up with the usage of the Create keen user awareness on information
4
latest and greatest devices assets, risks and value to the enterprise
Accountability, responsibility & Track the way devices are used, and provide
5
Transparency in device usage regular feedback to the management.

f) New Policies:

We have conducted audit & formed new policy considering IT process as given in
COBIT 5 as per IS audit guidelines on mobile computing, document G27.

Primary Process

PO9—Assess Risks
AI3—Acquire and Maintain Technology Architecture

PAGE 21
 BITCOIN & ASSOCIATES

Chartered Accountants

AI4—Develop and Maintain IT Procedures

AI6—Manage Changes
DS5—Ensure Systems Security
M2—Assess Internal Control Adequacy

Secondary Process

AI2—Acquire and Maintain Application Software

DS8—Assist and Advise IT Customers

The following policies should be formulated for successful implementation of

mobilecomputing :
 The employee should maintain confidentiality, integrity and availability of information
assets.
 “Work only” devices, protected with passwords, firewalls and anti-virus software,
shall be issued. The device remains the company’s property and is not to be used
for private purposes.
 Define the authentication method for mobile devices based on data classification
method depending on each assignment.
 The company will provide the insurance for the devices and will supply and pay for
a telephone line and provide internet connection for business use.
 Employees have the right to request, in writing, flexible working arrangements.
Employers are required to consider requests in a reasonable manner and within a
reasonable time. Employers can only refuse requests where there is a valid
business reason. An illustrative flowchart is given below in Annexure II.
 The employee, who opts for mobile computing, will have to undergo the necessary
training.
 A daily report of the work done will have to be sent to the concerned manager via
email.
 A meeting has to be arranged with the manager/ project head at least once in a
fortnight. Those employees who are unable to physically attend such meeting
should connect via video/ tele-conferencing.

PAGE 22
 BITCOIN & ASSOCIATES

Chartered Accountants

 The effective working hours of the employee shall be monitored by his login and
logout sessions.
 The employee must get the device scanned every fortnight with the respective
department.
 Address the approved applications by device based on data classification and data
loss risk.
 Define the authentication method for each mobile device based on the data
classification policy.
 Prescribe authentication and encryption storage/transmission (data in transit or at
rest) requirements by device type.
 Ensure a risk assessment before a device is approved for use and a risk
assessment update at least annually to determine that new threats are assessed
and new technologies considered for deployment.
 There has to be exception approval processes for corporate devices to be managed
outside the enterprise management system.
 Access authentication (single or multilevel) and complexity must be appropriate for
the device and data classification of the data stored.
 Mobile devices having storage should have restrictions as to the applications that
can be installed and the data content that can be stored on the devices.
 Mobile devices require disabling of USB, Bluetooth, according to the data
classification policy.
 Define how critical business process like customer deliverables is carried out during
disaster and down-time
 Define business continuity management procedure.

Further, the following existing policies will have to be deleted for successful
implementation of mobile computing:

 The workday begins at 9.00 am and ends at 6.00 pm. Variations in the regular
workday must be approved by Senior Management.
 Employees’ physical presence is strictly required at the office premises for specified
number of hours.

PAGE 23
 BITCOIN & ASSOCIATES

Chartered Accountants

7. Conclusion and Recommendations:

On the basis of the review of the documents available, policies and procedures and risk
analysis of Radisson, it has been observed that the HR policy for strict attendance of
employees in office is not desired. This situation has created a severe discontent among
employees resulting in high employee turnover. The employees of Radisson can be
assessed through their deliverables and output and that there is no need to implement
strict attendance policy.
Keeping in mind the benefits of mobile computing, it is recommended that it should be
implemented. There are certain risks that are involved but the same can be avoided/
mitigated using the suggested controls. Further, the suggested policies should also be
formulated for effective implementation of mobile computing.
Mobile Computing will not only help Radisson to retain its employees, but, will also keep
Radisson at par with the emerging technologies to survive in the highly competitive
market.

8. References:
 DISA 2.0 Background Material
 www.wikipedia.com
 http://www.tutorialspoint.com/mobile_computing/mobile_computing_quick_guide.ht
m
 www.infosys.com
 Western Australian auditor general’s report on information systems audit
 http://farakaran.net/en/index.php/about_chart
 http://www.isaca.org/Knowledge-
Center/Research/ResearchDeliverables/Pages/Mobile-Computing-Security-Audit-
Assurance- -
Center/Research/ResearchDeliverables/Pages/Securing-Mobile-Devices.aspx
 www.mashable.com

PAGE 24
 BITCOIN & ASSOCIATES

Chartered Accountants

 The Information Systems Audit Manual, prepared by the ‘Working Group on the
introduction of Information Systems Audit in Reserve Bank of India’.
 Guidelines for Information Systems Audit by the Information Systems Audit and
Control Association & Information Systems Audit and Control Foundation.
 ISO/IEC 27001:2005 Information technology -- Security techniques -- Information
security management system requirements.
 ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of
practice for information security management.

PAGE 25
 ANNEXURE I

CEO

MANAGING DIRECTOR

ACCOUNTS & TECHNICAL& IT SALES & HUMAN

FINANCE DEPARTMENT MARKETING RESOURCE

SALES MANAGER MARKETING

FINANCIAL EXPERT ACCOUNTS EXPERT CIO
DEPARTMENT

MARKETING
INFORMATION MARKETING
IT BUSINESS OFFICE MANAGER -
SECURITY OFFICE MANAGER - ASIA
EUROPE

MARKETING
PROJECT OFFICE
MANAGER - USA

APPLICATION CLIENT SERVICES

SERVICE EXPERT EXPERT

INFRASTRUCTUREE RESEARCH
XPERT SERVIECE EXPERT

MIDDLEWARE
SERVICE EXPERT

PAGE 26
 ANNEXURE II

PAGE 27