Elec

tro

raud cF ni

Dear Members The present financial conditions that are prevailing worldwide throw out quite challenging thoughts that emphasize the need for a healthy assurance role to evolve in the organization. The theme for this issue is focused on 'frauds'. This brings to mind some thoughts: Do frauds happen only because of weak systems? or weak controls ? or weak audit processes ? or is there an underlying thread that interleaves all these three aspects. Or is human behavioural science also a contributory agent? Generally when frauds are committed, they are either attributed to one of the above mentioned weaknesses. In this issue we endeavour to highlight the need for 'ethics' and the relationship to audit.. and how being a CISA can contribute towards establishing a more ethically assured environment. The auditor's role necessarily goes beyond the assurance that the organization seeks. Success in the challenging times Assurance beyond Audit' is also the theme of the Annual Conference that the Chapter is organizing in September. I earnestly solicit your support and whole hearted participation to make it a grand success. It has been the endeavor of the Mumbai Chapter to provide Chapter meetings, programs, events and workshops to members at different venues apart from the chapter premises. We successfully conducted review classes and crash course for aspiring students for our professional examinations. The Chapter is planning a host of workshops & seminars as part of the Continuing Education facility for the members. It has been our endeavor to bring quality speakers & sessions so that the members can take maximum benefit. At the beginning of the year we had embarked on quite ambitious plans to provide quality education to our members, to reach out to our members by having programs in the suburbs, etc. We have been able to achieve success in good measure thanks to the cooperation and enthusiasm of members, the efforts of the volunteers and of Team ISACA Mumbai chapter. We continue to actively seek the cooperation of all our members to assist us both in terms of being faculty at our training sessions; speakers at our seminars & chapter meetings, and more importantly volunteer to assist the chapter to serve the community better. Signing off for this issue once again wishing you all the best. Regards Ravikiran Mankikar President

Esteemed members of the ISACA Mumbai Chapter,

Your newsletter continues to cover extremely important and timely topics, and this issue, which focuses on fraud, is no exception. Nearly all business sectors and geographic areas have been affected at some level by incidents of fraudulent behavior, and with the current economic climate, there are no signs of this abating soon. The current challenging economy has often led to reductions in workforces. At the same time, employees and management are experiencing increased pressure to compete and succeed in a quickly changing marketplace. This pressure has often been the catalyst for individuals to engage in these fraudulent acts. Many reports over the years have shown that employees are often the leading perpetrators of fraud. Whether they believe they will soon lose their job, are unhappy because of the extra work created after layoffs or are disgruntled for other reasons, it is more important than ever for all organizations to increase monitoring and awareness programs. An enterprise employing fewer staff members who are being asked to do more, may also inadvertently reduce the focus on controls, thereby again increasing opportunity for fraud. External hacking and security threats also continue to impact the reputation and bottom line of enterprises around the world. IT security and governance activities that once were adequate in protecting organizations' information may no longer be sufficient. We must learn to manage in an era of uncertainty and be prepared for continuous change. As always, ISACA and the IT Governance Institute are important resources for expert guidance on reducing fraud, including through its globally recognized guidance in COBIT, Val IT and COBIT for Risk. The ISACA Journal publishes in-depth articles on the subject, the ISACA Bookstore carries several excellent titles, and fraud detection and prevention are frequent topics of presentations at many of ISACA's conferences and educational events. As members of ISACA, you receive this extensive expertise at a valuable discount, and even sometimes as complimentary downloads from the www.isaca.org and www.itgi.org web sites. By working together to share our experiences and recommendations, we can make great strides toward continuously improved protection for our enterprises and our information. Respectfully,

Marios Damianides, CISA, DISM, CA, CPA Past International President, ISACA and the IT Governance Institute and Partner, Technology and Security Risk Services (TSRS) group Ernst & Young, New York, New York, USA

Dear Readers, I have great pleasure in placing the special issue of ISACA Mumbai Chapter newsletter in your hands on behalf of the editorial board. The current issue focuses on 'Frauds'. The world is passing through turbulent times. We in India and our profession of information system security and audit are no exception to it. The global meltdown, severe economic downturn, financial crisis, rising unemployment, - all these have made growth and survival difficult. It is in such testing times that corporates and leaders succumb to temptation and the easy path / way out of window dressing, creative accounting and outright fraud. The Satyam saga has unfolded and stage one is now over. It is a long haul for all concerned: the regulatory authorities, the corporates, professionals, stakeholders, investigating agencies and the judiciary. It is time to look at our framework both legislative and regulatory, the ethical and moral fabric, the systems and the players to discover what went wrong, and set the system right. The current issue has an interesting article that looks at ethics and the CISA. It also brings into focus the moral and ethical dimension of fraud and the role of professionals from the moral and ethical viewpoint. In this context, the appeal to deal with this difficult aspect is very significant and needs to be addressed seriously. Aberrant behavior, and that includes frauds, are here to stay and cannot be completely eliminated in any society or system. What is needed is better, more effective ways of curbing it and keeping it in check. The 150 year sentence handed out to Bernard L. Madoff who perpetrated one of the most blatant Ponzi Scheme Frauds in the US, shows that Frauds are being dealt with very seriously. This can be achieved through a proactive way of creating awareness, putting in place an ethical framework, red flag indicators, preventive, detective, deterrent and corrective controls, effective regulation, and enforcement and continual proactive monitoring and maintenance of an anti-fraud framework based on effective whistleblowing and helplines. The issue continues with the usual features like readers write, from the ISACA family and meet the member. The IS auditing profession is growing by leaps and bounds and we need to keep pace with the changing times to meet people's expectations. This can be achieved through capacity building, providing proactive value added services beyond routine audit and venturing beyond compliance. Echoing the appeal of our President, I reiterate my request for greater participation in chapter activities in general and in contributing to the journal by way of news, views and your articles and contributions, in particular. Happy Reading!

Managing Committee

Dr. Vishnu Kanhere Editor in Chief Editorial Committee Dr. Vishnu Kanhere - Editor in chief Ms. Jayshree Dhere Mr Ravikiran Mankikar

C/o Welingkar Institute of Management Development & Research Room No. 317, 3rd Flr., Lakhamsi Napoo Rd., Opp. Matunga Gymkhana, Matunga C.R., Mumbai - 400 019 Telephone: 91-22-65527187 Website: www.isacamumbai.org Email: isaca@vsnl.com, isaca@isacamumbai.org

Can you tell me Socrates can Virtue be taught? Or if not, does it come by Practice? Or does it come neither by practice nor by Teaching? but do people get it by Nature or some other way? - The Great Dialogues of Plato
Introduction 1. If one were to replace the word Virtue by the word Morality or by the word Ethics one would discover that the dilemma posed to Plato is as relevant today if not more so, as it was in the days of The Academy, as far back as 386 BC. Until fairly recently, Ethics was a topic of study for students of philosophy, but since the last decade or so there has been an increase of interest in the subject, one of the many reasons for this, is the media exposure for all actions considered 'Unethical' which would have earlier gone unnoticed. 2. The Satyam scandal has once again highlighted the need for Ethical Standards Moral and Values. The Role / functioning of the Audit Community / profession has come, under the scanner.! Most Professions have a written or unwritten Code of Conduct / Ethics like the Medical Profession has the HIPPOCRATES OATH. It is unfortunate but true that the use and reliance on IT in the profession has made it relatively easy to be unethical and at the same time made the detection of unethical behaviour more difficult. It is therefore for the consideration whether the IT fraternity needs to introspect and see if there is a need for more emphasis of ethical values and that of a formalized / stated Code of conduct. 3. On my part I have been associated with / studied this subject due to my association with the Moral Re-armament Association (MRA) at Panchgani which concerns itself with Issues Ethical be they Corporate or Governance. I therefore felt that it would be desirable to share views on this subject so that we can see the subject in the right perspective and judge the actions of others and our own rationally, and more importantly to understand what abets people to act 'unethically. It shall be my endeavour to highlight 'Ethics' in the Indian context. What is Ethics? 4. Ethics is derived from the Greek word 'Ethos'. Morals is derived from the Latin word 'Mores' both these are derived from the word Culture. Ethics therefore is Moral philosophy which is concerned with what is good or bad and right or wrong. Since it is derived from culture it is important to know what Culture means. Culture can be defined as the Concepts of Beliefs, Values, Customs and Rituals or a set of psychological pre-dispositions i.e basic assumptions or ethos that members of a group possess and which leads them to think and act in certain ways. Beliefs, values and attitude are intimately connected with moral and ethical codes. They are not visible, but apparent, as they are ingrained unconscious behaviour. 5. Ethics deals with truth (good / bad right / wrong) and as all truth is Relative and since all human behaviour is either Culture Specific or Situation Specific, perceptions of what is Ethical and what is not would differ, Bertrand Russel said All Ethics however defined remains more or less subjective based on how it is interpreted. Hence to have a Universal Code of Ethics for a particular calling or profession is possible, but for the whole of mankind it is not . While Ethics may be built into mans existence, it need not be the same and perceptions of what is ethical and what is not would differ. 6. Ethics studies mans behaviour within a framework of common moral rules, that have been mutually agreed to. Ethics is created by man with a broad religious and moral foundation for the purpose of facilitating co- existence. One is ethical when one obeys rules and laws agreed to by Society the laws and guidelines for Social behaviour, one is ethical when ones behaviour is based on moral principles. Basically, being ethical means to be Dependable, Consistent, Truthful and Socially Acceptable. Development of Ethical Behaviour. 7. Ethical norms can be taught through Parental Guidance early in life. Aristotle taught that moral Virtue is acquired by Practice. The root of the word Ethics - Ethike means habit. Knowledge of values and attribute is not enough. A person must live them (practice them) until they become habit. The habits of a man are reflected in his behaviour, a behaviour often repeated becomes a style and style over a period becomes Character. One interpretation of character is doing the right thing when nobodys looking. Character is formed by habit. 8. Historically the strength of character of a person has been the indicator of his potential for leadership. President Roosevelt observed that Character in the long run, is the decisive factor in the life of an individual and nations alike. According to Gen. Ridgeway Character stands for Self discipline, Loyalty, Readiness to accept responsibility, and willingness to admit mistakes. It stands for Selflessness, Modesty, Humility, and Willingness to sacrifice when necessary and in my opinion the ability to Care. 9. There is a point of view that needs to be highlighted that, Ethical conduct should only be expected only after the basic Maslowian Needs have been met. Hence ethical behaviour is pre-conditioned by the fact that the Basic needs have been met and a person is not forced to be corrupt (un-ethical) to maintain a minimum acceptable level of subsistence (life) for himself and his family. The Society which expects its members to behave ethically has the responsibility to ensure that their basic needs are met. There are however instances when persons rise above the mundane and prove the Maslowian Theory of motivation wrong. Ethics and Religion 10. Ethics is seldom if ever divorced from Values, which are invariably rooted in some form of religion. All Religions have a Perennial Philosophy and their ethical corollaries, all in some form or the other state that 'Virtue is not the end but the indispensable means to the knowledge of Divine Reality. You can be virtuous (ethical) but not religious (spiritual), but you cannot be religious without being virtuous. Shankara, the greatest of the Indian commentators on the Gita, holds the same doctrine Right action is the way to knowledge; for it purifies

the mind. A more practical example is Buddhas Eight fold path called Right livelihood, which stresses on following the 'Middle Path'. The Gita regards no action as of absolute value, either for good or evil and emphasises Moderation. An absolute virtue is no different from a Vice. The Gita warns us not to judge others. It states that all good and evil is relative to the individual's point of growth, for each individual certain acts are wrong. Whether an act is ethical or unethical is relative to / dependent upon the motive with which the act is performed, and unless the motive of an action is known, it is difficult to determine whether the act is ethical or not, and since ethical behaviour is nothing but the response of an individual to a given situation or reality it is by definition relative. Impact of the Indian Socio Economic Environment. 11. As has been stated earlier Ethics is culture specific. To be able to understand Indian Ethics i.e. the Indian Psyche and the 'why and how' of Indian behaviour a brief examination of the Indian Socio Economic environment is relevant. 12. In the Gita we find that the Caste System is presented as a kind of natural order. Men are divided into four groups, according to their capacities and characteristics. Each group has its peculiar duties, ethics and responsibilities, and these must be accepted. It is the way of spiritual growth. A man must go forward from where he stands. He cannot jump to the Absolute. He must move toward it. Though the Caste system is being progressively diluted, it will, for sometime to come impact on Indian Culture. 13. Indian Society has always had a Feudal character. The role of a king, a Guru, the village Head or Family Head has always had a strong influence on the society / family. The Feudal hangover is reflected in how even today, Families tend to dominate the Political, Economic or cultural life of present day India. Indians need a leader to follow in mostly all facets of life, there is near blind obedience of orders. Next, India has always been a region wherein diversity of beliefs, faith and ideologies have poured in from all over the world and have all been absorbed. The social fabric is one of multiplicity and diversity. In fact many informed analyst had predicted the disintegration of India. If we are still unified it can be primarily attributed to our capacity for tolerance. We apparently appear to be compromising. 14. The Indian Economy has largely been based on Agriculture and the design of living and social structure has been centered around the imperatives of agriculture. In an agrarian life style people know to live together and work independently. They tend to emphasise on Family values rather than Workplace Values. 15. Family ties tend to be extended and are strong - Family / Caste obligations are demanding and tend to override other considerations when it comes to decision making. Unlike the western ethos wherein most relationships have a significant contractual element, in India relationships are heavily tilted towards an affiliate nature. Rudyard Kipling once said A Westerner can be friendly without being intimate while an Easterner tends to be intimate without being friendly. The Indian Ethics therefore tends to be quite comfortable in accepting many shades of Grey between White and Black. Reasons for Unethical Behaviour. 16. How and why does a normally honest and intelligent professional act unethically? The answer (reason) is found in

human nature in the way ambition and duty are distorted under pressure. The border between Right and Wrong shifts in convenient directions or is even ignored. A Study of cases involving unethical behaviour brings out the main motivators for unethical behaviour are :(a) A Belief that the Activity is in the best interest of the Organisation / Family. (b) A Belief that the Activity is within legal limits that it is really not illegal or immoral. (c) A Belief that because the Activity helps the Organisation, the organization will condone it. (d) A Belief that the activity is 'Safe' because it would never be found out. 16. The dilemma is How Far is Too Far. Seniors will seldom ask their Juniors to do things that both know to be imprudent, but sometimes they leave things unsaid or convey the impression that the job needs to be done how they do it, is their business and they do not want to know about it- which means that they are distancing themselves from any unethical behaviour. Therefore how does one avoid crossing a line that is seldom precise? Unfortunately most know that they have overstepped it only when they have gone too far. The most reliable guideline is an old principle WHEN IN DOUBT DONT. Therefore the answer to the question HOW FAR IS TOO FAR is DON'T TRY TO FIND OUT The need for Formalised Training Capsules. 17. Despite the continual discussion of Ethics the subject is a challenging one to address. It is difficult to teach ethical behaviour, but it is possible to introduce situations about which one might contemplate the most ethical response. This could be done, as being done, by introduction of Training Capsules / Seminars, which highlight the need for ethical conduct. It is organizations such as Isaca that should sponsor / conduct such Training. Conclusion. 18. I can think of no better way of concluding this article but by quoting Mr JRD Tata in his Inaugural Speech at the Tata Foundation for Business Ethics in XLRI, There is indeed a need to rekindle old principles and ethical values which, also have too often been ignored or neglected in recent years in the belief that quicker profits and greater accumulation of wealth will be the result. As an important player in Corporate affairs, any steps taken by Isaca would directly impact on all Organisations and therefore the need for Isaca as a Body and its Members as Individuals to make a deliberate and concerted effort to address this very vital issue.

Lt Gen (Retd) Mahesh Vij, PVSM, AVSM has had a distinguished Military Career spanning over 40 years with rich experience. He retired as the Military Secretary of the Indian Army and has been decorated with the Param Vishisht Seva Medal, the highest award for distinguished service. During his career he has held several distinguished appointments to include being a Corps Commander and Chairman, Joint Operations Group for the North Eastern States and the Director General of Military Training. He has also been a Faculty at the Army War College and the Defence Services Staff College. He has a Doctorate in Defence Management. Presently he is Director of the Army Institute of Technology. He has a vast foreign exposure and is an expert in Disaster Management.

VK: Good morning Mr. Gajendra Sampat. As a senior CISA you have been associated with ISACA and the Mumbai Chapter for a long time. We value your views very much and wish to hear from you first hand your experience of being a part of the ISACA system audit community. GS: My exposure to Systems Audit concepts got formalized when I attended ISACA annual convention in 1999. All along, I was associated with application systems development / maintenance and operations on IBM Mainframe & SAP ERP environments in L & T. In those roles, I had the privilege of being an auditee by our Systems auditor Mr Anantah Sayana one of our legends. Inspired by him, I passed CISA exam in 2000. CISA study & exam preparation enhanced my macro level perspective about IT - as viewed by management. This helped me in applying certain concepts in my on going assignments. Ever since, it has been a very fascinating experience to be a part of ISACA Systems Audit community. Continuous on going exposure to Systems audit concepts - in the diverse components of any system - along with practical experiences shared by various faculties has provided me with a great learning experience. I have also derived considerable value through in depth exposure to concepts like COBIT 4.1, IT service management, Val IT & GRC. VK: Given the current Global Meltdown, what is the current scenario for system audit and security professionals and what role do you think they can play? GS: Information Systems are the lifelines for functioning of any business. In many cases, IS becomes the enabler for growth. So, irrespective of global meltdown, effective and efficient functioning of Information System assumes greater importance in this global competitive business scenario. Current global meltdown & Satyam like episode have enhanced the need for improved corporate / IT governance and for the companies to be more transparent. This provides a greater opportunities and challenges to the IS audit community world over. Systems audit & security professionals can play an important role through generating awareness in corporate management about operational risks of Information systems and demonstrating tangible results within the stipulated timeframe. Such reviews by system auditors and security professionals can provide confidence to investors and stake holders. This can, in turn, help in enhanced credibility of the systems audit function. VK: What areas are you involved in at present? What are your specializations? Where do you see our profession 10 years from now? GS: After the prolonged experience of working with L & T group in diverse areas like discrete manufacturing, materials management, sales, accounts etc. on varieties of technology platforms and also on SAP ERP, I am now involved more in professional experience sharing with CA students / other professionals on a non commercial basis. I also enjoy sharing TQM related approaches in manufacturing environment with some of my friends having factory setup. I, however, have an understanding with a local consultant to take up assignment on a selective basis. My primary focus areas are IT Governance using COBIT and Service management. I see a great future for our profession in the time to come. As discussed earlier, greater emphasis on corporate / IT governance will definitely bring in stringent regulatory compliances for business entities. I believe that 'GRAB task force' initiative at all India level is a commendable step in this respect. IS audit will ultimately play as important a role as statutory audit.

Need for statutory compliance / audit is bound to make business entities more & more concerned about internal audits. Role of IS auditors may see an enlargement to also be a catalyst for improved effectiveness & efficiency of business processes. Professionals in consulting areas having good enterprise level & marketing skills may expand their activities to other countries. I won't be surprised if some Indian multinational features amongst big names in global consulting companies in the years to come. VK: We would also like to have a frank response about how the chapter is doing and what you expect from us. What would you like us to be doing? GS: Recognition by ISACA as 'the best chapter' for two consecutive years speaks for the diverse activities our chapter is effectively carrying out. Year after year, new leadership emerges with innovative ideas and enthusiasm. It may be good idea to constitute certain cross functional task force/s to address specific objective/s in a given business vertical. VK: Finally, can you tell us something about yourself, your family, your interests, hobbies and pursuits and the way you spend your leisure time? GS: Academically, I am a Mechanical Engineer from VJTI but have switched over to IT and worked with L & T for over three decades. I also completed part time Dip in Systems Management. As stated above, I passed my CISA exam in 2000. I also passed Foundation examination in IT Service Management in early 2007. At L & T, I participated in various skills & behavioral training programs both as student & as faculty. Our family is very small. My wife Gita was earlier working with IBM / IDM. We are blessed with a daughter Dipali who is a CA and she is married to Brijesh - MBA Finance professional. Right from my college days, my interest is in listening spiritual discourses mainly about Bhagwat Gita. I consider myself fortunate to have listened to Pujya Pandurangshastri Athavale for over four decades. I strongly feel that everyone must have some source of getting good spiritual thoughts related to governance of life as narrated by almighty god. Besides sports like indoor games, cricket / tennis & music, I enjoy touring places in which I generally combine pleasure with pilgrim. In 2008, I visited Dubai after attending Asia CACS at Muscut. I am also fond of walking & Yoga. I also enjoy watching CNBC which helps me in my personal portfolio management - besides updating me with global business scenario. I sincerely thank yourself & the chapter for providing me this opportunity to share my views. Regards.

Synopsis:
This paper tries to look at various aspects of application of information technology to fight insurance fraud. The paper is not about theory; it discusses practical use of such tools by industry in UK, USA, Australia etc. and the various types of use it can be put to. It shows that information technology (IT) can be a great tool in fighting fraud and can provide substantial leverage. Evolution of fraud detection technology is also discussed. A brief discussion on what enabling factors make the transition to a meaningful regime of IT use are is also included. It concludes with some suggestions for developing markets like India. It is to be noted that the article does not cover all the aspects of fraud detection technology or all the countries or regions; it gives overview of the most important ones.
i) Matching of two sets of data: This can be quite an effective tool in fighting fraud. National Insurance Crime Bureau (NICB) of US a nonfor profit organization that is supported by 1000+ property/ casualty insurers of US - ran a programme called DAFT (Data Analysis for Fraud and Theft). On request of a law enforcement agency often an Anti-Car Theft Unit of a state, it would get an extract of motor vehicle title and registration details from registering authority. It ran the details through NMVTIS theft file and its own data contributed by insurers of theft, export & salvage vehicles. It may be noted here that stolen vehicle can get sold in US only if it has valid title documents. So, in most cases, the thieves would alter the VIN and replicate (clone) the VIN of a salvage or exported vehicle. The DAFT also finds out aberrant VINs, where say, a vehicle variant on paper does not match with that coded in VIN. The requesting unit got a dump of all such matching and discrepant vehicles, along with registered vehicle data, allowing it to zero in on a set of vehicles, in a particular area, maximizing returns. It is also pertinent to note that, as per Anti Car Theft Act, 1992 of US, selling vehicle by mis-declaring its title information is an offence, called as 'Title Fraud'. Thus, the DAFT helps law enforcement agencies to detect fraud, catch criminals and recover vehicles. Results of DAFT for 'Miami-Dude MultiAgency Auto Theft Task Force, as given on NICB's site, are mentioned below: Result of NICBs DAFT Miami-Dade Multi-Agency Auto Theft Task Force Year No. of Vehicles recovered Cumulative recovery value $1,704,610 $1,770,700 $20,82,800 $21,54,600

1. Introduction:
Technology, it goes without saying, is a force multiplier. So is information technology harnessing the ever increasing power of computers. No wonder, it can and does get applied in the fight against fraud. The usage can be simple ones like matching of two sets of data to detect fraud, maintenance of various databases and finally usage of sophisticated fraud detection softwares. Lets see them one by one.

2. How is information technology helping insurance industry fight fraud?

There is a general tendency in the minds of individuals to think of IT as something 'hi-tech'. It need always be so; simple tools can also be very effective, as we would see in this section. We will see insurance industrys effort from the simple ones to the more advanced ones below. 8

1999 122 2000 94 2001 100 2002 81

In the UK, the insurers have come together and formed a Motor Insurance Bureau (MIB). MIB maintains a Motor Insurance Database (MID). It helps Great Britain (GB) Police forces fight various frauds & theft relating to motor vehicles. GB Police forces are equipped with Automatic Number Plate Recognition (ANPR) cameras. The cameras spot a vehicle, run it through database of Police National Computers (PNC), MID and Driving & Vehicle Licensing Authority (DVLA). If the vehicle is stolen, uninsured, if tax is not paid, or if the owner/ driver is wanted by police in any offence, the vehicle is stopped at next intersection and impounded for further investigation. In Canada, AutoFind, a joint initiative of Insurance Bureau of Canada (IBC) and a number of police forces, the Police use automatic license plate scanning technology to compare registration numbers of vehicles parked to a list of stolen vehicles. It helps achieve much faster turnout for the police forces in scanning a large number of vehicles parked on road or other parking places. Between January 2003 and August 2006, the AutoFind program helped to recover over 5,400 vehicles with an actual cash value of $25 million. ii) Maintenance of databases: Flood Vehicle Database: Not only fight against title fraud of stolen vehicles, NICB also helps maintain database of vehicles flooded in Katrina. These vehicles were a tempting opportunity for fraudsters who bought them, dried them, altered documents and sold them without declaring them as flooded. So, a customer can check if a vehicle he is buying is stolen, declared salvage or is flooded. National Equipment Register (NER): This Register in the US is helpful in tackling heavy equipment theft. It started its services from Aug 2001. An owner can register his vehicle on NER and also intimate theft. It helps law enforcement officers often frustrated by lack of knowledge about vehicle identification numbers found in different and often inaccessible places on various equipments trace the same via 24x7 toll free number and also provides them access to ownership and stolen vehicle records. It helps owners and insurers with quicker identification of a suspicious vehicle found by law enforcement. It helps financial institutions by minimizing the risk of financing stolen equipments. Art Loss Register: Born in 1991 in London, its roots go back to 1976 when International Foundation for Art Research (IFAR) a notfor-profit organization based in New York created an archive of stolen works of art to deter art theft. The Art Loss Register (ALR) offers registration of an item of art (to the owner), search & recovery services to law enforcement,

insurers & the art trade and due diligence services for sellers of art. Apart from utilizing state-of-the-art & powerful IT solutions to capture details of a work of art and match two such works, it also employs professionally trained art historians. It has been able to return works of art worth 160 mn ($230 mn) to the rightful owners. NICBs Claims Database: As discussed earlier, the data is contributed by 1000+ property/casualty insurers in US. It allows insurers to search by driver/ lawyer/ physician/ doctor name or by Driving License Number and find out all past or current claims matching the search criteria. It helps tackle non-disclosure of such information, a kind of fraud. CLUE Personal Auto (Comprehensive Loss & Underwriting Exchange) a service offered by ChoicePoint Inc of US contains claims history database of automobile claims up to 5 years. Various services offered by ChoicePoint help insurers in claims and underwriting as well. An underwriter can discover past claims, which may not have been declared by the applicant. Based on the details, he can form a judgment whether to accept risk and, if so, at what premium. For claims, it has many services which help find past claims, trace VIN from incomplete details, trace insurance carrier for vehicles involved in accident (allowing it to recover part of the claim from the carrier, thereby minimizing loss). It, thus, helps in investigations of claims and frauds. Insurance Reference Service (IRS) of Australia began in 1991 and is said to contain 13 mn records of claims and publicly available information on bankruptcy. Subscribed by 39 insurers and 400 loss adjusters, it receives 50,000 searches a month. A study found that, about 9% of the people had not disclosed their complete claims history a material misrepresentation, or fraud which could now be detected through IRS. Claims and Underwriting Exchange (CUE) of UK is a database similar to CLUE of US. In addition to motor claims, it also contains data of personal injury and home claims, allowing fight a greater range of frauds to insurers. iii) Use of sophisticated detection tools: The technology buffs will find the discussion till this point to be dull, not very attractive. The discussion about sophisticated tools is important enough to warrant it to be discussed under a separate section next.

3. Use of sophisticated detection tools - Evolution of fraud detection technology:

A White Paper by ChoicePoint on the topic very nicely sums up the evolution of fraud detection technology in insurance. It talks of four phases through which fraud detection

technology has evolved. In Phase I, says the paper, the claim files are manually reviewed, generally by experienced claims staff. It rightly notes that the reviews happen only on a sample of data, thereby leaving many transactions because of sheer volume. They also happen at back end and not in real-time. As systems become more automated, in Phase II came the use of Automated Exception Processing. It reduces the number of files to be manually reviewed but, suffers from the same drawback of Phase I being reactive, not happening in real time. It also threw a number of 'false positives' and can catch only the most obvious and simple frauds. Phase III is marked by Rules Engines and Scorecards. Based on past frauds experienced, 'if-then' kind of rules are built into the business (claims) processing system. It represents an important advance over the earlier ones it samples the entire set of transactions, happens in real-time and it also removes the subjectivity in handling of claims & spotting of frauds by various employees. However, rules are static while fraud is dynamic. Is it not said that 'Policeman is a critic and Thief, an artist'? So, fraudsters are always a few steps ahead of anti-fraud community and change tactic to evade detection. Thus, the latest technologies arrived on scene in Phase IV with Pattern Recognition & Predictive Technologies. Unlike static 'if-then' rules, it uses powerful algorithms to find newer patterns of fraud, called predictive analytics. Companies/products like SAS, SPSS and Detica NetReveal are market leaders in these areas. These softwares combine various tools like claims scoring, Benford laws, regression analysis, text mining, social network analysis etc. to give a realtime picture of fraud patterns. These softwares also have a vivid, graphical depiction of links amongst various players, making the fraud 'visible', further allowing the analyst to probe deep. Though it is beyond the scope of this paper to discuss in detail the various techniques mentioned here, some of them are described in brief. Claims Scoring refers to assigning a score to all claims, based on certain set parameters; higher the score, higher is the possibility of fraud. Advanced softwares can assign and combine scores for a claim, customer and network, making it very powerful. Benford laws refer to simple laws given by Benford who predicted frequency distribution of last digits in any natural population. A deviation from the frequencies indicates a deliberate disturbance, or a possible fraud. Social Network Analysis started first with defence sector is now applied to fraud detection. It uses multiple fields of data to create links amongst various groups. For example, the fields used could be vehicle registration number, insured name, his mobile number, email ID etc. The softwares are even able to detect minor changes made in say, mobile numbers or email IDs and show the links. The UK insurance industry has come together to form an Insurance Fraud Bureau (IFB). It uses Detica

NetReveal software to work on the pooled claims data of various insurers. This increases the efficacy of the software manifold, as it is able to spot and throw up multi-carrier frauds.

4. Enabling factors for having a state-of-art detection technology regime:

The technologies described in the preceding paras could be the dream come true of any fraud investigator. It is, therefore, not out of place to discuss some of the factors that influence this goal. First and foremost, it will depend on availability of digitized data, that too at a central place within insurance companies. For instance, there are insurance companies in India who have computerized records but the offices are not networked, thus rendering the task of pooling in data very difficult. Second, insurers need to see value in going in for fraud detection technology, which does not come cheap. In developing markets, where insurers are trying to set up operations, ramp up market share, the focus on profitability and, by extension, the need to save money on account of fraud comes much later in company evolution. In other words, anti-fraud efforts are much higher on the Maslow's pyramid of organizational needs. Further, as we have seen, fraud detection technology offers greatest value when the tools run on industry-wide databases. These kinds of databases are not easily forthcoming in many markets, where many insurers wrongly perceive others as 'competitors'. While they may compete for business and ushering in newer technologies and processes to derive maximum shareholder value and customer satisfaction, they have to realize that, when it comes to fighting fraud, they have to unite. The mantra in anti-fraud efforts is collaboration and not competition. Lastly, tougher regulations by the Regulator like the Financial Services Authority (FSA) of UK are also seen to propel industry initiatives in fighting fraud.

5. Conclusion & Recommendations:

Though it has not been possible to discuss each of the techniques, or state of fraud detection in majority of the countries, we have been able to have a glimpse of the most prominent flavours of the trade. The conclusion is beyond doubt that information technology gives a clear edge in detecting fraud and is a great force multiplier. Developing markets like India need to harness the tremendous opportunities information technology provides in fighting fraud and making substantial savings. Data in electronic form is available at multiple points financed vehicle data with financers, registered vehicle data with registering authorities, serviced vehicle data with vehicle manufacturers, insured vehicle & claims data with insurers. Banking sector has seen birth and taking root of a credit 10

information bureau. It is time insurers also came together and formed a claims database. After all, it is well known that death claims, flood or fire claims, travel claims, total loss claims are being lodged simultaneously or serially on various insurers. They remain undetected as the data is scattered. Once a claims database if formed, it will provide a powerful platform for deploying state-of-art fraud detection technology. There is also no point in harbouring an old-world mindset of anti-fraud efforts being perceived customer-unfriendly. After all, fight against fraud is not against genuine customers; it is against fraudulent customers, who increase the cost of premiums to honest policyholders.
Disclaimer: 1. The views in the article are personal. 2. The various trademarks mentioned in the paper belong to the respective trademark owners.

3. Mention of any specific product does not constitute its endorsement by the author and the reference is for academic purposes only.

Ashish Vinod Joshi is a B. E. (Mining Engg.), M. Tech. (Mine Planning). He is also a CFE (Certified Fraud Examiner, a certification given by Association of Certified Fraud Examiner, Austin, Texas, USA and recognized by the FBI as a skill set for its 'special agent' recruitment programme). Currently Head, Special Investigations Unit (SIU) (Claims), Tata AIG General Insurance Company Ltd., Mumbai, Ashish has worked as Deputy Superintendent of Police in the Central Bureau of Investigation (CBI). Worked at CBI, Animal Husbandry Dept Unit, Patna and supervised investigation of MSD Scam, involving illegal purchases of medicines worth Rs. 120 crores by hospitals of Dept. of Health, Govt. of Bihar from Medical Stores Depot, Kolkata & Mumbai. He has written several papers and is a wellknown speaker at major conferences and seminars on fraud. ashish.joshi@tata-aig.com

TAXONOMY OF SATYAM FRAUD

Company Equity Capital Share Value : Listed Multinational Heavy weight software / IT giant : Rs. 134.77 crores. : Face value:- Face value per share is Rs. 2 Market Value:- The stock hit a high of Rs. 156.90 and a low of Rs. 145 on 30th December 2008. The stock had hit a 52-week high of Rs. 544 on 30th May, 2008 and th a 52-week low of Rs. 114.65 on 24 December, 2008. Exposure Fraud Size : Confession by Mr. Ramalinga Raju on 5-01-2009 precipitated by threat of discovery : Estimated at Rs. 7,800 crores

Modus Operandi : Fictitious billing data entered into billing software through excel files. : Fake Invoices. : Invoice hiding to prevent detection. : Fictitious receipts entered into system through excel files. : Forgery of Bank statements adding fake amounts received on fictitious invoices. : Forgery of Fixed Deposit Receipts. : Fake entries in financial statements on the basis of forged bank statements. : Forged bank conformations to support verification. : Auditors rely on confirmations, audited accounts released.

11

Editor

The Satyam scam came as a big shock. One had seen overseas multi-nationals and large global firms collapsing one after another- WorldCom, Enron,,, in a welter of scams. This was the first time an Indian corporate, the poster boy of Indian IT/ITES-BPO Industry had admitted to management fraud, fudging accounts leading to falsification and a massive fraud of more than 1.5 billion dollars. It shocked the Indian Government, the regulators, the establishment, the administration, the media, the professionals, the stock markets, the analysts, the pundits and the general public. The time lines of how the fraud unfolded are given in a separate box that shows how, the fraud was exposed, how it was dealt with right up to the Satyam rescue act. But all this raises some very serious questions and the objective here is not to answer them, for that will take some serious introspection on the part of all of us and probably quite a few months if not years of painful yet necessary soul searching and brain racking.
12

So here are some questions for all of us to ponder over think of these and give courageous, bold yet real answers that are true to your self. What went wrong? Was it the system? the regulators? the law? the enforcement? the auditors? the accountants? the owners? the directors? the professional management? the employees? the bureaucracy? the public? Was it a failure of corporate governance mechanism like clause 49A? Was it a failure of independent directors? Was it a failure of statutory auditors? If not was it a failure of vigilant small shareholders? To tell the truth it was probably all this and moreAccountants and Auditors whether financial or system auditors, rather than upholding standards are busy with financial engineering. Top managements are reliant more on window dressing than trying for genuine growth. Owners have only one aim - of maximizing shareholder value.

Regulators and the government are busy devising rules, regulations and compliances but seldom bothered about true follow up of cases and results. Finally the general public loves to fall prey to tall claims and tend to blindly trust rosy pictures and ponzi schemes, however unreliable or unbelievable they may seem.

Probably all this and more has led to the present dilemma. The real way out is to be proactive and for each of us in our respective positions to uphold ethical values, probity, independence, professionalism and competence; and ultimately to use all our energies to conquer and defeat this monster of fraud.

SATYAM TIMELINE
December 16, 2008 Satyam announces plan to buy two realty firms part-owned by its founders for $1.6 billion, but does a U-turn after negative investor fallout December 17: Under pressure Satyam does a U-turn and 12 hours later, the deal is off. December 23: The World Bank confirms it has banned Satyam for eight years for bribery and data theft. December 25: Satyam demands an apology and a full explanation from the World Bank for the statements, which the outsourcer said damaged investor confidence. December 26: Mangalam Srinivasan, an independent director at Satyam, resigns following the World Bank's critical statements. December 28: Satyam postpones a board meeting, where it is expected to announce a management shake up, from December 29 to January 10. Satyam also appoints Merrill Lynch to review strategic options to enhance shareholder value. December 29: Three more independent directors resign. January 7, 2009: Ramalinga Raju resigns, admits to fraud. He says the company's cash and bank balance in the balance sheet has been inflated and fudged to the tune of Rs 5,040 crore. January 8: Chief financial officer (CFO) Vadlamani Srinivas resigns. January 9 Andhra Pradesh police arrest Raju and his brother and former company managing director B. Rama Raju on charges of cheating and forgery. January 10: Finance head Srinivas arrested January 11 The central government reconstitutes board January 12: The new board at Satyam holds a press conference, where it discloses that it is looking at ways to raise funds for the company and keep it afloat during the crisis. January 14: Deloitte, KPMG named new joint auditors January 14: Satyam's former auditor, PricewaterhouseCoopers (PwC), says its opinion on the IT firm's financials may be rendered 'inaccurate and unreliable' January 19: The government orders probe into possible 'nexus' between the fraud-hit Satyam and Raju's two family-run firms Maytas Properties and Maytas Infrastructure January 21: Ramalinga Raju confesses diverting funds to the Maytas firms

13

January 23: The Raju brothers, Srinivas sent to judicial custody till Jan 31 January 23: Court rejects SEBI plea to record statements of Raju brothers January 24: Former auditor PWC's S. Gopalakrishnan and Srinivas Talluri arrested January 27: The board appoints Goldman Sachs and Avendus, an Indian investment bank, to identify strategic investors January 31: A Hyderabad court extends judicial custody of all accused to Feb 7 February 3: The Supreme Court allows SEBI to grill the Rajus February 5: gets Rs.600 crore ($130 million) from banks to meet working capital requirements. A.S. Murty appointed new CEO February 6: Former Nasscom chairman Kiran Karnik appointed chairman February 7: Court extends the judicial custody of Ramaling a Raju and four other accused to Feb 21 February 10: Andhra Pradesh Chief Minister Y.S. Rajasekhara Reddy writes to Prime Minister Manmohan Singh, seeking a Central Bureau of Investigation (CBI) probe into the fraud February 13: SEBI relaxes takeover norms for, giving their reconstituted boards the power to lower the target price for open offers

February 14: The Serious Fraud Investigation Office (SFIO) joins probe February 16: The central government hands over investigations to the CBI February 21: The government-appointed board, meeting for the seventh time, decides to invite strategic investors March 6: gets permission from SEBI to sell 51 percent majority stake March 9: The court allows CBI to take custody of Raju brothers, Srinivas and sacked PWC auditors Gopalakrishnan and Talluri Srinivas March 13: L&T, Tech Mahindra, Spice Group and US outsourcer iGate Corp say they have registered as potential bidders March 13: The company appoints former chief justice S.P. Bharucha to oversee the bidding, selection process March 20: The board receives bids. iGate Corp says it will not bid March 27: Spice Group says it will not proceed as it has not got the desired level of transparency April 7: CBI files a 2,315 page chargesheet against the Raju brothers and seven other accused April 13: Tech Mahindra selected as strategic investor

14

ISACA-Mumbai chapter has been delivering commendable educational services to its members since its inception. Our chapter is fortunate to get the honorary services of selfless professionals from time to time. The chapter board deserves a pat on their back. Im glad that present team is also engaged in creating next line of volunteers to take up the chapter responsibilities. The system audit profession has undergone a sea change from its inception days. Couple of domains where chapter board needs to look into for improvement are : (a) Quality check of Saturday lectures for the members- The invited speaker must be a professional speaker/established domain expert else he/she should be subjected to a rehearsal/QA well before the session (b) Chapter premises- This matter has been eluding our chapter since long. The cost of delay is very high. The present team should be satisfied with just a Reading Room-

cum-Library and a two-seater office. About 800-1000 square feet office space at/around Dadar-Matunga would be a best decision. Chapter president and vice president should fulfill this long pending requirement as a top priority. (c ) Remodeling Annual Conference on International Conference style- Till date, we are organizing several sessions of short duration (30-45 minutes) whereas International Conference has slots of 90-180 minutes. Since I have been attending and speaking at both the events, I found that 90-180 minute sessions are delivering much more value to the participants. Let us try this in our next conference. (d) Displaying performance on our website- Chapter members have a right to know what their elected representatives have delivered. Hence, all the chapter board members who are seeking another term should be subjected to show their performance card. Such display should be organized by the nomination committee, well before the election. By Haridas Raigaga (May 25, 2009)

16

Written by Mr. Venugopal Iyengar Published by Himalaya Publishing House Price: Rs. 150/Pages: 130 ISBN: (not mentioned) As ISACA members we all know the importance of information security for organizations, since it is the key concept of our practice area and many of us are quite well versed with the techniques of implementing information security, assessing information security implementation and providing assurance services to organizations with respect to information security. Yet, when it comes to drawing management's attention towards information security aspects within organization and to involving participation of stakeholders in information security implementation, it does provide a challenge of explaining the importance of information security to all in lucid, jargon free terms. With this aspect in mind, Shri. Venugopal Iyengar has written a book on information security especially for management, right from C level executives up to all those involved in day-to-day operations. In the preamble, the author explains the need for establishing IT governance practice in today's organizations and then goes on to setting a goal of providing a holistic approach towards information security by creating appreciation, awareness and application of information security principles to organizations day-to-day operations. The author explains the concept of security life-cycle by briefly describing each of the three stages such as understanding business, aligning IT and risk management. Risk management concepts are explained by detailing various steps such as risk assessment, identification and design of IT controls, risk treatment by implementation of IT controls, measurement and monitoring of controls and identification of changes for improvement. Further, the author lays stress on different levels at which security professionals are required in organizations Governance level, Management level and Operational level. The author talks about various certifications that are available for individuals to become recognized as information security professionals and then also describes various international

Mr. Venugopal Iyengar is Past President of ISACA Mumbai Chapter. He is a Director of IOTM and a senior Information Security, Enterprise Security, IS Audit and Assurance and IT Governance professional.

standards such as ISO27001, ITIL Level 3, IEEE standards, COBIT etc., based on which information security framework can be implemented within organization. There is a separate chapter that addresses various security threats. These threats are explained in detail in layman's terms for easy understanding. The book goes on to explaining a concept of building well-designed information security architecture in to the IT applications thereby creating best of breed information model for information security. Sometimes there is a misconception that information is more important than data, but the words 'data' and 'information' are quite often used interchangeably and one person's information can be another person's data and vice versa, and hence, a full chapter is devoted to clarifying the concept of Data Security and Privacy along with detailed description of preventive, detective and corrective controls. Chapter on Enterprise Security provides details of various components of the enterprise security and the required security measures. Outsourcing aspects are given special attention from security perspective and finally the author goes on to explaining the concept of information security governance and the challenge of business continuity management. The book includes a separate annexure to address information security specifications and good practices along with a check list for bankers for implementing information security in computerized environment. The book is available at a competitive price and makes an informative reading and is certainly useful for all those desirous of learning about implementing information security in todays IT enabled organizations.
Mrs. Jayshree A. Dhere, Education Chair of ISACA Mumbai Chapter, is an information systems professional having more than 23 years of experience in varied areas such as software architecture, software projects, information systems audit, IT governance and assurance.

OBITUARY
With a heavy heart we announce the sad demise of Mr. Dharmesh Joshi, Chartered Accountant, one of the founder members of our chapter. Mr. Dharmesh Joshi, was instrumental in forming the constitution of our chapter way back in the time when chapter was being formed. He also served the chapter by being on the managing committee of the chapter as honorary

treasurer for 2 years and as honorary secretary for 1 year. Later he settled in Canada and recently expired during his visit to USA for attending a conference. We on behalf of the chapter, its office bearers and members offer our heartfelt condolences to the bereaved family. May God grant them the strength and courage to bear this irreparable loss. May his soul rest in peace.

17

Growmore Ltd. is a well-known chain of garment and readymade clothing/apparel stores. The company had entered the business few years back with four outlets one in Mumbai, the second in the suburbs and one each in Panvel and Pune. The accounting and records in respect of purchases, inventory, sales and finances are maintained on a central computer located at Mumbai head office that can be accessed and used from all the outlets. In the last two years the number of stores has gone up to 30 spread over five cities. The company has also diversified from mens ready-mades and apparels to include clothing for children and womens wear. The outlets in Mumbai city also stock footwear and leather accessories. Recently a new CFO has taken over. He reviews the working of the company and is convinced that there is a possibility of revenue leakages. Especially he notes the following areas Purchase function involving sourcing of apparel from suppliers possibility of nexus leading to frauds and revenue leakage can not be ruled out. Possibility of over or under invoicing in purchase Occurs when there is deliberate misstatement of the invoice value as compared with goods or services received or supplied. Inventory function Possibility of good quality clothing disposed as scrap, pilferage of goods is an issue. Sales function Substitution of goods of different quality leading to loss of revenue. Recovery from debtors The company supplies clothing to certain franchise holders. The recoveries from them are less and is an area for concern due to possible teeming and lading activity/fraud. As the CIO/CISO of your company the CFO approaches you for suggesting systems / controls to prevent / minimize occurrences of fraud in these areas. Give in a brief executive summary of your suggestions/ recommendations. Do send in your answers to vkanhere@gmail.com The solution to the case will be given in the next issue. The solution of the last case study is given in this issue.

E-Quiz

Dr. Vishnu Kanhere

1. What is a good way to protect sensitive information sent via email? (a) Encrypt it (b) Write it in another language (c) Don't include your return address (d) All of the above. 2. What is the best way to find someone's email address? (a) Look it up in an email directory (b) Take a guess (c) Call the person (d) Do a google search. 3. Why would your email message return to you? (a) The recipient's address is misspelled (b) The recipient has changed his address (c) The recipient's mailbox is full (d) All of the above. 4. Why are email attachments potentially dangerous? (a) They may contain viruses (b) They cost you money (c) They can overload your computer hard drive (d) All of the above.

Answers to E-Quiz - January 2009 1. Cyclotrimethylene trinitramine better known as RDX, in its pure synthesized state is d) White crystalline solid 2. AK 47 rifle the well known commonly used assault rifle is short form of (d) Avtomat Kalashnikova 3. A satellite phone system based in the UAE which currently provides coverage to most of Eurasia, Africa and Australia is known as a) Thuraya 4. The National Security Guards [NSG], India's premier counter-terrorist force was established following b) 1984 Operation Bluestar

Dr. Vishnu Kanhere

18

1) Two visuals of railway track: The first photograph shows a railway track that has no fencing; hence there is free access on rail track to anybody. This raises concern as people may cross the rail track increasing the chances of accidents. Also since there is free access stray cattle may cause accidents. More serious concern will be that of anti social elements that may sabotage / damage the rail track leading to serious accidents resulting in loss of human life. The second photograph shows good fencing work on railway track preventing easy access to outsiders hence minimizing the chances of accidents. This is more secure and will reduce the likelihood of sabotage. Only concern is that during flood situation there is need for adequate provision for storm water to escape. 2) Elevated road structure (flyover): In the photograph of the flyover we can see a central column supporting the entire flyover structure. There is a possibility that a heavy vehicle passing on the road may hit the column either accidentally or intentionally, causing serious damage to the flyover as well as vehicle. There is need to construct a buffer iron grill fence so that even if a vehicle hits, it will first hit the buffer iron grill minimizing the flyover column damage. 3) Elevated rail track road overbridge: In the photograph of elevated rail track road over bridge, signaling system at the crossing needs to be strong to avoid mishaps. Further a derailment during track change may also lead to serious damage to vehicles and people using the road below. Also at the turn, a strong iron fencing will be required. 4) Layout of office building: In the first photograph the entry for office facing the main road is an issue. Anti social elements can enter/exit the building easily and quickly. A car bomb can directly target the entrance. Office building layout in second picture is

better, because building entry is not facing main road. Entry/exit to the building is not direct. More security facility can be incorporated in second layout. 5) Freeway / Highway passing through the city: The photograph shows a freeway/ highway passing through the city. Ideally the highway should not pass through city and a bypass should be created. If it is not avoidable, then proper fencing or elevation is required to separate the highway traffic from city traffic because the speed of the vehicles is very fast. 6) Picture depicting part of an office: The photograph shows a corner of the office where some unwanted materials such as steel tank, unidentified stuff is lying. If any combustible material is kept there then there is an issue of fire. It is found that access to the exit door is blocked. A solution is not to keep such unidentified material and keep the exits free of any stuff and easily accessible at all times.. 7) Entrance to subway station: The picture shows an entrance to the sub way train station. The issue is during a terrorist attack, terrorists/ attackers can hide on staircase, making it difficult to trace them. Also mirror location does not show the blind corner making it ineffective. 8) Wall of railway station yard and path: The photograph shows the wall of railway station yard. Any passerby can have easy access to the yard and the path and blind corner provides ample scope for ambush, surprise attack and attackers / terrorists can easily hide themselves. Since any one can reach to the wall, terrorists can also throw a hand grenade over the wall. A separator is required between pedestrian path way and station wall with adequate protection and surveillance. The answers are only suggestive in nature and multiple options exist of dealing with the situation. 19

IT Governance Profession in India / On Identity Mgnt / On Commercialisation of Intellectual Rights 18.03.09 - Speaker - Mr. Peter Jaco.

Maximizing ROI on IT Investment through Dynamic Infrastructure IT optimization and cloud Computing 18.04.09 - Speaker - Mr. Ashit Dalal

Benefits of Implementation of Management Systems 14.03.09 - Speaker - Mr. Ranjan Banerjee