Download - e-Sanhita July
July 2006Vol.-12 : Issue-7Annual Subscription
Rs. 100/-
&& `: {H«$`mdmZ² g g{Md:Ÿ&&
S
Technology... the knack of so arranging the world that we don't have to experience itTechnology... the knack of so arranging the world that we don't have to experience it
InsideInsideEditorial BoardEditorial Board
Sanhita CommitteeSanhita Committee
Kiran Chitale : ChairmanVikas Agarwal : MemberSuraj Padhiyar : MemberRashmi Limaye : MemberJaee Athavale : MemberVandana Naik : Ex-officio
1. Pune : an attractive IT and ITes destination. ..... 1
2. Secretary 2.. eSecretary - a real time transformation. ..... 3
3. Knowledge Process Outsourcing : a brief overview ..... 6
4. Stock Options to Non-Resident employees of Listed Companies ..... 7
5. Duty free import of equipment by STPI unit ..... 8
6. Drafting and Negotiating Outsourcing Contracts ..... 11
7. Information Systems Audit ..... 138. Cyber Crimes ..... 149. Chapter Report ..... 1710.Forthcoming Programmes ..... 17
Chairman’s CommuniqueChairman’s Communique
Contacts 4 UContacts 4 U
Office Reference Legislation Contact Details
The Director, Import- Export Policy Address : Plot no. P-1, Infotech Park, Software Technology Hinjawadi, Pune 411027. Maharashtra. Parks of India Tel Nos : 020-22932644, 22932645
Fax No. : 020-22932639 E-mail : [email protected] : http://www.stpp.soft.net
stCyber Crime Information Technology Address : Annex III, 1 floor, office of Commissioner of Investigation Cell Act 2000 Police, D.N. Road, Mumbai 400001
Tel Nos : 022-22630829, 022-22641261 E-mail : [email protected]
[email protected] Website : http://www.cybercellmumbai.com
Rajas Bodas, Practicing Company Secretary
JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
Dear Members and students,At the outset, I happy to present the IT Special Issue of Sanhita to all the members and students. It was planned at the beginning of the year to come out with two special issues of Sanhita in the year 2006. The committee is planning to come out with the
second special issue around Diwali. thThe Central Council Meeting was held at Pune on 9
th thand 10 June after a long gap. On the evening of 9 June, the Chapter had organized felicitation of the President and Vice-President followed by informal interaction of the members and students with all the Central Council members. The programme was well attended. The President addressed the gathering with the PUNERI PAGDI on and everyone [including the President himself], enjoyed the traditional way of welcoming him. The President and the Secretary also answered the queries raised by the members on matters relating to the profession of company secretaries, the developments that are taking place and also the efforts that the Institute is taking to create more and more opportunities for the company secretaries, in India and abroad. The Chapter had also organized the interview of the President with Ms. Gauri Athale, Senior Journalist of The Economic Times and a co-opted member on the Managing Committee, which was published in all the editions of The Economic
thTimes on 24 June 2006 throughout India.The Central Council members and the Secretary
thvisited the Pune Chapter on 10 June after the meeting. All of them expressed satisfaction over the facilities and infrastructure available at the Chapter. They also praised the spirit of camaraderie among the members from Pune, that all of them experienced during their two day stay.
thThe Chapter had organized two meetings on 4 June thand 11 June with the students who had appeared
for the HSC examination as a part of career counseling drive. I am happy to inform that quite a number of students who participated in the programme registered for the CS course.Incidentally, in the month of July and August the Chapter will be organizing career counseling / awareness programmes in various schools and colleges in and around Pune. The members who are interested in participating in the career counseling programmes are requested to get in touch with the Chapter. In the month of July, the Chapter is also organizing the Student Orientation Programme.I appeal to the students to participate in the SOP.“CS Arts Circle” is celebrating its fourth anniversary in the month of July. On behalf of the Managing Committee I take this opportunity to congratulate all the members of Arts Circle for their efforts to carrying on this activity in spite of their busy schedule and also give the best wishes for the future journey.
With Best Regards,
Nishad Umranikar
1 JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
Pune: an attractive IT and ITeS destinationVivek Sadhale, Company Secretary and Head Legal, Persistent Systems Pvt. Ltd.
Vikas Agarwal, Senior Officer Secretarial, Persistent Systems Pvt. Ltd.
Pune: an attractive IT and ITeS destination
Till some years ago,
people thought of
Pune as the ideal
place to get away for
a weekend. Pune
seemed a pleasant
place with a careless
attitude. With its hygienic climate and a
comparatively pollution-free atmosphere, Pune was
popularly billed as the 'Pensioner's Paradise'.
Today, the little town has changed into an energetic
and lively city. Pune is today fast emerging as an
InfoTech hub, challenging biggies like Bangalore
and Mumbai to emerge as one of the top contenders
for the 'Silicon Valley of India' slot.
The once sleepy town, situated in the hills of the
Sahyadri range of the Western Ghats, Pune,
described as the 'Queen of the Deccan', 'Cultural
Capital of Maharashtra' and 'Oxford of the East' has
finally been able to forge its own identity as a
business city.
Close proximity to the financial capital and rapidly
improving infrastructure have made Pune one of the
most sought-after commercial destinations in the
country today. The recent attractions have been the
expressway connecting Mumbai and Pune, which
has reduced the traveling distance and time
substantially. The evolution of modern Pune is quite
dramatic, which was only known as a hub for
automobile engineering till recently, to emerge as a
research hub for knowledge-based industries.
Pune, the place known for excellent academic and
research institutions, is fast and steadily emerging
as the most preferred destination in the country for
some of the vital industrial sectors like information
technology, pharmaceuticals, biotechnology and
healthcare. Venture capitalist are looking for more
investment opportunities.
Positioned by the State Government as the latest
and best IT destination, Pune in the past few years
has witnessed a slew of IT parks being sanctioned,
the largest of which is in Hinjewadi. The results of
the State Government's efforts are slowly coming to
light and in Hinjewadi all the major players have a
development centre. Also, a host of Multinational
Software Companies have commenced operations
in private IT and software technology parks. IBM
Global, Veritas, Parametric, Tech Mahindra,
Cognizant, P&O Nedlloyd, TCS, Infosys, Wipro,
Satyam, Tata Technologies, Kanbay are the few
examples of the growing list of successful
companies setting their shop in Pune. There are
quite a few local companies like Persistent Systems
who have also made it big in this arena.
It all started in the year 1991, when Software
Technology Parks of India (STPI), was set up as an
autonomous body under the Ministry of Information
Technology with the aim of making India a global
software leader. STPI opened its first office in Pune
and the rest as they say is history. Pune never
looked back.
Last year, Pune made an export of Rs. 9,100 Crores
which is 48% higher than what it made in the year
2004-05. While doing so, it has surpassed Mumbai.
Today, Pune is only behind Bangalore and
Hyderabad in terms of software exports and the
days are not far when Pune would catch up with
these cities.
Mr. P Venugopal, Director, Software Technology
Park of India, Pune, Maharashtra, says, “The city is
emerging as a major centre for software engineering
services. Pune is shaping up as an attractive
location for niche companies that specialize in high
end work. The city is attracting engineering services
companies and others that require special skills
sets such as testing software and for medical
implants. The growth has been phenomenal. Over
112 new units were registered in Pune for software
and services in 2005-06.”
Maharashtra State Industrial Development
Corporation (MIDC) recognized the potential of Pune
and set up a Pune Infotech Park at Hinjewadi in a
200-acre area. MIDC had to come up with Phase II at
Hinjewadi within 18 months of launching of the
Phase I. Phase II is spread across 650 acres of land.
Phase II which will also house Bio-Tech Companies,
is sold out and MIDC has initiated the process for
Phase III and Phase IV. MIDC also set up an IT park
at Kharadi and at Talawade.
Why Pune ?
Many state-of -art IT parks have come up in Pune
like:
i) Cybercity Magarpatta Hadapsar, Pune(www.magarpattacity.com)
ii) Kharadi Knowledge Park, Pune - Ahmednagar
Highway, Pune (www.midcindia.com )
iii) Pune IT Park, Aundh Road, Pune
(www.puneitpark.com)
iv) Information Technology Park, Talawade, Dehu-
Moshi Road, Pune (www.midcindia.com)
These IT parks offer ready to use infrastructure
facilities required by a software unit. Availability of
satellite link, network connectivity, optic fibre
cables, telephone lines, uninterrupted power
supply, video conferencing, electronic data
interchange is of paramount importance to the
success of a software unit which is provided by
these IT Parks.
With the enactment of SEZ Rules, Pune is set to
witness surge in corporate activities. Already many
corporates have announced their intention of
making huge investments for setting up SEZs.
With high skilled availability of manpower, IT sector
has grown leaps and bounds. The weather and
culture of Pune jells well with the requirement of the
software industry.
The city offers advantages of both, a small and big
city. Smaller distances ensure that logistics can be
managed easily. Commuting times are shorter.
Pune is also close to Mumbai, the financial capital of
the country. The clearance of an international
airport in Pune means it will soon be directly
connected with the world.
Pune being "The Oxford of the East" has no dearth of
a talent pool either. There are specialised education
institutes here and a large base of scientists working
on research and development. While Chennai,
Bangalore and Hyderabad suffer from the accent
factor, the BPO industry has Pune to look to, for a
large English speaking public.
With high percentage of young educated English-
speaking population, IT enabled services (ITeS) is
another market which is a fast growing. Pune has
again emerged as a leading city suited for ITeS
market. With Nasscom predicting a huge potential
for the ITeS, Pune is definitely going to be hub of all
such activities. Big names like WNS, GTL,
Convergys, Xansa have set up huge facilities in
Pune.
The Way Ahead:
Pune still has a huge way to go before it can take a
pause as the competition from other cities hots up.
There is a dire need for improvement of conditions of
roads. Power situation is another area requiring
attention from one and all. Pune's growing shortfall
of 150 MW to 200 MW of power is worrisome. There
are three to four hours of load shedding, five days a
week.
When Microsoft, India, wanted to expand and use
Pune as an R&D hub for high-end technologies, it
did an internal survey of six cities in the country.
Pune was an abysmal number four on the list. It
scored low on poor road conditions, high air
pollution and an appalling number of power trips
through the day. "You cannot run an IT company on
diesel generator sets," Mr. Ravi Venkatesan,
Microsoft India Chairman, says.
It is necessary for the Maharashtra Government to
promote Pune as IT hub aggressively. Pune not
being the State's capital has its own drawbacks.
Pune also needs to emulate the example set by
Bangalore where corporate participate with the local
Municipal Corporation by extending helping hands
to improve the infrastructure conditions.
Maratha Chamber of Commerce Industry and
Agriculture (MCCIA), Computer Society of India and
Software Exporter's Association of Pune (SEAP) are
some of the local bodies putting their energies
together to market Pune as the most preferred IT
and ITeS destination. Partnering with the local
government bodies and organisations responsible
for the upliftment of the image of the city, they are
leaving no stone unturned to ensure success for the
software industry.
2003 IT and ITeS policy announced by the
Maharashtra Government's has evoked favorable
response from the Industry. However, it is upto the
local Municipal Corporation and other local
government bodies to give effect and implement
these policies. Pune Municipal Corporation needs to
play a more proactive role to create infrastructure
conducive to the growth of this sunrise industry.
With the IT spending in USA catching up, Pune is
strategically poised to reap dividends of the upside
in the market. It however, would be a litmus test for
the policy makers to fast turnaround the “wrongs”
into “rights” if Pune is to become most preferred IT
and ITeS destination.
Now, after IT, ITES and the BPO revolution,
Knowledge Process Outsourcing (KPO) is the next
big thing to hit India. With its immense talent pool,
Pune is also poised to be the next KPO hub of India.
Now just wait till that happens in Pune.
� � �
2JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
Introduction:thIndian corporate world on 18
February 2006 entered into a new era of e-governance. On this day Ministry of Company Affairs has launched its MCA21 programme in Coimbatore.
MCA21 is probably the first e-governance programme of any ministry having largest stakeholders and reaching to almost all corners of India. `Tsunami' has hit all the shores of Indian corporate world.
Company Secretary profession is the most concerned profession of this e-governance programme. Company Secretaries are expected to play a greater role in this process. They need to involve themselves in training, implementation, certification and facilitation processes of MCA21.
Company Secretaries needs to be IT savvy to remain in the competition. Profession is now more demanding and needs adoption of techno legal approach. MCA21 process has opened up new avenues for the professionals. They may be in the form of providing training, doing processing, implementation, certification, to act as facilitator and single service point. Any new opportunity does have the inherent risk attached to it.
The provisions of the Information Technology (IT) Act govern use of technology in the business process. IT Act prescribes, regulates, monitor the technical process embedded in any business. Therefore understanding the IT laws of India is a must for any processional, who is consulting or helping businesses to grow. Understanding the potential exposure to risk out of use of technology is become a first priority of the professional. It is therefore very vital for all of us to understand important concepts and impacts of Information Technology Act 2000.
Preamble :
Information Technology Act 2000 came into thexistence on 17 October 2000 to provide legal
recognitions to electronic transactions, electronic communication, electronic data interchange, digital signatures, e-governance, electronic records and to regulate cyber crimes.
One of the basic objectives of this Act is to facilitate electronic filing of documents with the government authorities. This is the basis for introduction of electronic filing system partially under the Income
Secretary 2... eSecretary - a real time transformationMakarand Lele, Partner MRM Associates, Company Secretaries
Secretary 2... eSecretary - a real time transformation
Tax Act, DGFT and fully under the Companies Act. In near future, we may witness more departments like Excise, Sales tax coming under electronic filing.
Digital signatures :
Section 5 provides the recognitions to digital signatures. Digital signature is the identity of a person in eworld.
Digital signature is process whereby sender authenticates the document by putting his digital signature. He also protects the document by encoding it and the receiver who is having the Public Key supplied by the sender, decrypts the documents and read the same.
Digital signature is not a signature or impression or mark. It is a unique pair of key provided by the certifying authority. No person other than the originator can use the said pair of keys. In easy terms, application of private key is known as affixing a digital signature to the document or form. Digital signature protects the document from tampering and gives the authenticity, integrity and attribution to the document and also gives extreme speed to the transaction. Non-repudiation is the important feature of digital signature, which does not allow the originator to disown the data or document.
Now with the help of such recognition of digital signature, any person can sign the document or form without taking print out of it and at any time and at any place. Boundaries are not the barriers now. Postal department or documents transport system is not a hurdle now.
IT Act has established the offices of Certification Authorities to enroll, validate issue, publish, revoke or suspend the digital signatures. The set of rules were prescribed under the Act for Certification Authorities.
Section 35 prescribes the process of getting the digital signature. Verification of identity of the applicant for digital signature is the important step to be carried out by the Certification Authorities.
Section 73 provides for imprisonment and penalty for publishing digital signature certificates false in certain particulars.
Secure Digital Signature :
Section 15 prescribes the secure digital signature. It is possible by application of security procedure to verify that;
(a) the digital signature affixed is unique to the subscriber;
(b) it is capable of identifying the subscriber;
3 JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
(c) it is created in a manner or using means under the exclusive control of the subscriber and is link to electronic record and would be invalidated upon alteration of such record.
then such digital signature shall be deemed to be a secure digital signature.
It therefore mandatory that in each electronic transaction we use only the secure digital signature. It is essential to apply, enroll, process and download digital signature from own computer to qualify it as a secure digital signature.
After downloading the protection of digital signature is very important to avoid misuse of it. Because of non-repudiation, it will be very difficult for the originator to prove that he has not used the digital signature. Immediate communication to the Registration Authority upon loss of digital signature token is very essential.
The Central Government has the power to make rules in respect of digital signatures i.e. to prescribe the type of signature, manner and format of affixation, manner and procedure for identification of affixing digital signature, control and security process, any other matter to give legal effect to digital signature. Therefore, we observe different types and forms and methods of digital signatures for different purposes.
Electronic Record :
Section 3 provides legal recognition to electronic records by way of affixing the digital signature.
“Electronic Record” means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated microfiche;
Company secretary can now make revolutionary changes in his traditional function of maintenance of records.
Section 4 provides legal recognition to electronic records. Records prescribed under any act or statue can be maintained in the electronic form.
Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is
(a) rendered /made available in an electronic form;
(b) accessible so as to be usable for a subsequent reference.
Section 4 has the overriding effect on provisions of any other law requiring maintenance of records and documents. Therefore all secretarial records and statutory registers can be maintained in electronic form after complying with the specified norms.
Section 7 provides for the compliance of following conditions to maintain the records in electronic form.
(a) the information contained therein remains accessible for a subsequent reference;
(b) the electronic record is retained in the format in which it was originally generated, sent or received or which can be demonstrated to represent accurately the information originally generated, sent or received;
(c) the details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record:
Security of electronic record is the important aspect. Section 14 prescribes that; where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification.
Secured Electronic Process :
MCA21 is a secured electronic process for complying the provision under the Companies Act, 1956 and rules made there under.
The system has been developed under the provisions of section 6, which provides for electronic filing of forms and applications, issue and grant of licenses, sanctions and approvals and issue of receipt or payment of money. This section further provides that provisions of any law will be treated as complied if such filing, issue, grant of license, sanction or approval and issue of receipt or payment of money is effected in electronic form.
Thus the MCA21 process has got the legality even before amending the provisions of Companies Act.
Retention of Electronic Record :
MCA21 process has created a database and repository to maintain the entire registry records at one place. The information stored in it is a record as per provisions of the Companies Act.
Section 7 grants the legal recognitions to electronic records to be maintained under the provisions of any act. The essential conditions to be satisfied are
(a) the information contained therein is accessible and usable for subsequent references;
(b) the originality of the electronic record is maintained;
(c) the details of which will facilitate the identification of the origin, destination, date and time of dispatch or receipt.
Attribution of Electronic Record :
Attribution to any electronic record is the essence of any valid legal transaction. Electronic record should
4
JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
be attributed to originator.
Section 11 provides that attribution of electronic record to originator is possible only if it was sent by the originator himself or by the person authorised by the originator or by the system programmed by or on behalf of the originator.
Therefore MCA21 process requires the signer of the form to attribute that he has been authorised to sign the eform. It is also essential to use the originator's or authorised person's system and login for submission of electronic record or document.
Automated replies generated by the system will qualify for attribution, if they are generated from the system programmed by the originator. Therefore all the electronic unsigned communications received from the MCA are valid communications. Acknow-ledgement of receipt of electronic record is provided under section 12 of the IT Act.
License software :
Use of technology has triggered off the issue of IPR protection and use of license software. We need to respect the IP rights of others and need to use only license software. We do not know who is watching us on the net and collecting our system information and checking whether we are using the licensed software. If we wish to be a facilitator or Certified Filing Center for MCA21 then first priority is to have the license software.
Electronic payments :
Electronic payment by using the credit card/ debit cards or through Internet banking facility is inherent part of any electronic transaction. We need to be extremely careful while using the electronic payment facilities. We need to all the time protect our money. Utmost care is therefore essential. Avoid giving your credit card or its number to anybody. The owner should only make use of credit card.
Certification of eforms :
Certification of eforms to be done very carefully. You need to affix your digital signature as a part of your certification. Protect your signature all the time from misuse. Keep propose backups of the eforms and documents that you certify.
Penalties and Offences :
IT Act has prescribed heavy penalties for various wrong actions, which a person unknowingly commits in his daily interaction with the computers, use of Internet, visit to web sites. It is very essential to understand following sections of the IT Act.
Section 43: Penalty for damage to computer, computer systems etc.
Any person without permission of the owner or incharge of the computer/computer system/ network
(a) accesses such computer or system or network;
(b) download/copy/extract any data or information;
(c) introduce or causes the introduction of the virus;
(d) damage or cause damages ;
(e) disrupts or causes disruption ;
(f) denies or causes denial of access to any person authorized to access;
(g) provide assistance to any person to facilitate access ;
(h) charges the services availed by any person to the account of another by tampering or manipu-lating shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person affected.
Section 44 provides for the penalty for failure to furnish information, returns, documents, main-tenance of documents & books under the Act.
Section 45 is a residuary section provides for compensation not exceeding twenty five thousand rupees or a penalty not exceeding twenty five thousand rupees.
Offences :
The Act further lists down various types of offences such as hacking, tampering, accessing to protected systems etc.
Amendments made in other acts :
IT Act, for smooth implementation and functioning made amendments to I.P.C., Indian Evidence Act, Bankers Books Evidence Act and R.B.I. Act.
Rules notified under the Act :
The Information Technology (Certifying Authorities) Rules, 2000.
The Cyber Regulation Appellate Tribunal (Procedure) Rules, 2000.
Further Developments :
With an objective to review the Information Technology Act, 2000, in the light of the latest developments and to consider the feedback received for removal of certain deficiencies in the Act, Hon'ble Minister for Communications and Information Technology set-up an Expert Committee under the Chairmanship of Shri Brijesh Kumar to review the present Information Technology Act and to suggest amendments. The committee has submitted its recommendations in the month of August 2005. These recommendations are under consideration of the government.
Peaceful and real time transformation of Secretary to eSecretary is possible only by observing rules of the game and following the IT Act prudently.
� � �
5
KPO Potential:
A CII Report estimates the potential size of KPO Industry at $17 billion by 2010, creationg 2,50,000 jobs in 5 years. Analysts estimate that about 30,000-50,000 people are currently employed in this industry.
Difference between KPO and BPO:
BPO is about shifting functions that can be digitized to an offshore location, while KPO is offering work that is higher skilled and decision based. In KPO, a professional would need to apply skills and judgement to interpret data rather than just apply rules.
Scope of KPO Industry:
Preparation of Accounts, Tax Returns, Architecture, Computer aided simulation, Engineering Design and Development, Financial Services, Risk Management and Equity Research, Financial Data Mining and Modeling, Corporate and Market Research, R&D in Pharmaceuticals, Biotechnology and Healthcare, Medical Diagnosis, Education, IPR Research, Legal Support, Animation and Graphics, Writ ing and Content Development, HR Outsourcing, Supply Chain Management.
Working Areas in each KPO field of our Interest:
1. Financial Research:
a) Analytical Support Pitch Books/Company Profiles, Presentation Services, Financial Analysis and Valuation.
b) Equity Research- Financial Models, Forecasts and Updates, Report Preparation / Authoring, Earnings Calls/Q&A.
c) Corporate Finance Statistical Modeling, MIS Reporting, Credit Analysis.
d) Asset Management, Financial Modeling, Fund Accounting, Performance Reporting.
2. Legal Outsourcing:
Office operations, Litigation support, Word Processing & Secretarial, Information Systems, Marketing, Legal Research, Finance and Accounting, Library, Legal Recruiting, HR, Patent & Trademark Prosecution.
3. Market Research:
Survey Designing, Primary Data collection, Analysis, Strategic Planning, Sales Planning, Business Development, Business Research, Insight Generation & Presentation.
Who is needed in the KPO Industry?
From Graduates and Post Graduates in Arts, Science, Commerce to C.A., C.S., Lawyers, Management graduates. Those who do not have MBA can build a career here.
Ambitious, smart, articulate people who can write well and communicate well, is what this industry needs.
Liberalization, Globalization, etc. provides professionals with exposure to the systems prevalent in a variety of countries and they will be in demand.
Pay Packages:
Rs. 2-3 Lakhs p.a for Entry Level Recruits and upto Rs.8-9 Lakhs p.a. for Senior Level Management.
Companies offering exposure in the KPO Industry:
OfficeTiger, Genpact India, JP Morgan, Merill Lynch, McKinsey, Adventity, Schwegman, Lundberg, Woessner & Kluth, Pangea3, Hildebrandt, Geometric, QuEST, Atrenta, WHS Global, Mphasis, MsourcE, Copal Partners, Pipal Research, Evalueserve, AC Nielsen, Irevna, Exevo India, Annik Systems, GE Analytics, Epitome Global Services, iGate Global Solutions, Symphony Services, OnionPro, DecisionCraft Analytics, EXL, Scandent, marketRx.
(List is indicative)
� � �
Knowledge Process Outsourcing : a brief overviewAnand Arvind Wadadekar , Student Company Secretary
Knowledge Process Outsourcing : a brief overview
6JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
Members are requested to :
1. contribute articles, charts, checklists etc. to Sanhita. (email to [email protected] ).
2. communicate their academic / professional/ elevation achievement to Pune Chapter (email to [email protected]).
3. give their valuable suggestions / comments on the make over of Sanhita for our section “Bouquets and Brickbats” (email to [email protected]).
4. participate in various programmes of the Chapter.
AppealsAppeals
7
Grant of stock options by listed companies is regulated by Securities and Exchange Board of India (SEBI) through SEBI (Employee Stock Option Scheme and Employee Stock Purchase Scheme) Guidelines, 1999 (“the Guidelines”).
Eligibility :
Stock options can be granted to:
i) a permanent employee of the company working in India or out of India,
ii) a director of the company, whether a whole time director or not; or
iii) an employee as defined in sub-clauses (a) or (b) of a subsidiary, in India or out of India, or of a holding company of the company irrespective of his nationality / country of origin.
As such, a foreign national who is a permanent employee / director of the company or its subsidiary or holding company can be granted stock options under the Guidelines.
Special Resolution under certain circumstances:
According to the Guidelines approval of share-holders by way of separate resolution in the general meeting shall be obtained by the company in case of:
a) grant of option to employees of subsidiary or holding company and,
b) grant of option to identified employees, during any one year, equal to or exceeding 1% of the issued capital (excluding outstanding warrants and conversions) of the company at the time of grant of option.
FEMA Regulations :
Regulation 8 of Foreign Exchange Management (Transfer or issue of Security by a Person Resident outside India) Regulations, 2000 provides for issue of shares under Employees Stock Options Scheme to persons resident outside India. Accordingly;
1) an Indian company may issue shares under the ESOS or by whatever name called, to its employees or employees of its joint venture or wholly owned subsidiary who are resident outside India, directly or through a Trust:-
Provided that
a) the scheme has been drawn in terms of regulations issued under SEBI Act, 1992 and
Stock Options to Non-Residentemployees of Listed companies
Ninad Umranikar , Company Secretary, Kale Consultants Ltd.
Stock Options to Non-Residentemployees of Listed companies
b) face value of the shares to be allotted under the scheme to the non-resident employees does not exceed 5% of the paid-up capital of the issuing company.
2) The Trust (where the options / shares are issued through the trust route) and the issuing company shall ensure that value of shares held by persons resident outside India under the scheme does not exceed the limit specified in clause (b) of sub-regulation (1).
3) The issuing company shall furnish to the RBI, within thirty days from the date of issue of shares under the scheme, a report giving the following particulars/documents -
i) names of persons to whom shares are issued under the scheme and number of shares issued to each of them;
ii) a certificate from the Company Secretary of the issuing company that the value of shares issued under the scheme does not exceed 5% of the paid up capital of the issuing company and that the shares are issued in compliance with the regulations issued by the SEBI in this behalf.
In addition to the documents to be furnished under (3) above, the issuing company shall submit Form FC-GPR to the RBI within a period of one month from the date of allotment.
If a company proposes to allot shares in excess of 5% of its paid up capital (before allotment) to a Non-resident / Foreign National, it shall make an application to the RBI for obtaining specific permission. There is no prescribed format for making this application.
Opening of Demat account
There is no restriction on a NRI / Foreign National as regards opening of a demat account.
Remittance of Funds
The non-resident / foreign national shall be required to remit funds from abroad via wire transfer to the bank account of the company towards purchase of ESOP shares. NRI may also contribute towards shares from his NRE Account.
Restriction on sale of shares
There is no lock in period after allotment of shares as the Guidelines provide for one year vesting period
(See Page No. 10)
JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
8
One of the many advantages given
to a 100% EOU and STPI unit is
that it is allowed to import
equipment without paying import
duty to the Customs authorities.
The motive of the Government
being clear “Promotion of Exports
to boost the Economy ”.
Various schemes have been devised to import
inputs free from duty or to grant refund of the
import duty paid. In some schemes, the unit has to
be isolated from domestic production units, while in
some schemes, the units producing goods for
domestic production are also entitled to import
inputs without paying import duty.
The benefit is undoubtedly tremendous however it
also requires careful compliance of some legal
provisions. The import procedure is a challenging
task which apart from compliance of law requires
co-ordination with various agencies such as the
authorized dealers nominated by the RBI, clearing
house agents, octroi & transport authorities, STPI
and Customs authorities.
The aim of this article is to outline the legal
provisions in brief and highlight the practical
aspects of importing equipment under the
EOU/STP scheme.
General conditions in accordance with the
EXIM/Foreign Trade Policy for duty free import:
The goods are required to be imported into the
EOU/STP unit's premises directly.
The unit is required to get their premises
customs bonded. The unit is also required to
execute a B-17 bond with surety/ security with
jurisdictional Customs/ Central Excise officers
and obtain a licence under section 58 of the
Customs Act, 1962.
The B-17 Bond is a surety bond taken to cover
almost all the activities of the unit such as
transhipment of import/export goods between
port of import/export and units premises, duty
free import/procurement from the indigenous
sources as per relevant notification and
warehousing/storage in the unit, movement of
duty free goods for job work and return etc. The
Bond amount is equal to 25% of the duty
foregone of the capital goods required and is
l
l
required to be supported by a valid Surety/
security like a bank guarantee to the extent of 5%
of the Bond amount.
The importer is required to maintain a proper
account of the import & export consumption and
utilisation of all imported/locally procured
materials and submit them periodically to the
Development Commissioner/ Customs.
The STPI unit should be a Positive Exchange
earner
The importer is required to abide by the terms
and conditions of the Letter of Permission/Letter
of Intent /Industrial Licence issued to the unit.
The Import Procedure can be briefly divided in 3
stages follows:
l
l
l
Duty free import of equipments by STPI unitRashmi Limaye , Company Secretary, Great Software Laboratories Pvt. Ltd.
Duty free import of equipments by STPI unit
Importprocedure
I.Pre-shipmentCo- ordination
II.Clearance of
shipment
III.Post-shipmentprocedures and Re-warehousing
A. Obtaining permissionsand documentfrom STPI and Customs
B. Submission of documentsto the nominated clearing agent
C. Final transport and octroipayment for the equipment imported
Stage I] Pre-shipment co-ordination:
It involves co-ordination and communication
between the exporting party and the importing
party. The importing has to decide the basis The
basis of import is very important to determine the
extent of outflow of foreign exchange. An import can
be made on the following basis:
i) Purchase basis : This involves import of the
desired equipment from a foreign market and
involves outflow of foreign exchange through the
normal banking channels
ii) Loan basis : Whenever equipment is imported on
loan basis for some R & D work without outflow of
any foreign exchange with a condition to return
the equipment on completion of work.
STP units may import all required Capital Goods for
creating STP infrastructure. Unless otherwise
prohibited, STP units are allowed to import
equipment on Outright Purchase or on Loan or Free
JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
9
of Cost or Lease basis. Duty Free import of
equipment is permitted based on the import
certificate and original attested shipping invoice
granted by STPI. STP units are required to ensure
that they operate within the imported capital goods
(CG) limit as indicated in the approval letter for
setting up STPI unit.
The equipment/goods proposed to be shipped have
to be packed strictly according to the Customs
requirements. The package to be shipped must
fulfill the following conditions:
i) Equipment should be packed and sealed well so
as to preserve and safeguard its contents.
ii) Equipment should be accompanied by an invoice
that declares its value for Customs purpose.
iii) It should clearly mention the addresses of the
exporter as well the importer.
iv) The package must mention the contents and the
gross weight of the equipment/package.
The shipping agents of the exporter co-ordinates the
shipping of the equipment, and simultaneously the
documents required by the Importing party's
clearing agents for clearing the shipment duty free
from the Customs Authorities .
Stage II] Clearance of the shipment:
This is the lengthiest stage in the process of import :
A. This stage basically involves obtaining sanctions
from various statutory authorities and
submitting documents to the Customs
Authorities. STP units are placed in a special
category and are eligible for fast track clearance
through the Customs. Clearance of import
consignments is allowed at the gateway port/
Aircargo Complexes on the strength of the import
certificate issued by STPI and the procurement
certificate issued by the customs authorities of
the concerned range office within whose
jurisdiction the unit falls.
When the shipment arrives at the port of entry,
the Clearing agents generate a “Cargo Arrival
Notice” which is accompanied by the airway bill
or the shipping bill. The importer is informed
about the arrival of cargo and is requested to
produce the necessary documents required to
clear the shipment duty free through the
Customs.
It is important to clear the shipment in minimum
possible time to avoid payment of demurrage
charges or any damage to the equipment being
imported.
The following documents have to be produced by
an STPI unit and a 100% EOU to its clearing
agent unit at this stage:
Import certificate which is a simple one-page
certificate is issued by the STPI for import of
equipment against the application made and
commercial invoice submitted to the STPI.
Commercial Invoice sent by the exporting
party and attested by STPI is the shipping
invoice against which the equipment is
imported and is generated only for Customs
Purpose.
Commercial invoice submitted to the STPI must
contain the following details such as Date and
invoice number, Name of the exporter &
importer, Description and number of goods being
imported, Weight and value of the equipment,
Signature of the authorized signatory of the
exporting party and If the equipment is imported
on Loan or Free of cost the invoice should clearly
state: "Material is sent on Loan or Free of Cost
basis and the value is for custom purpose only".
Once the documents are found in order, the
Import certificate together with the attested
Commercial invoice is issued by the STPI to the
unit concerned.
Procurement certificate from the Customs
Authorities. The STP unit is required to obtain
a procurement certificate from the Customs
authorities on the basis of the import
certificate and attested commercial invoice
issued by STPI.
Following documents are required for obtaining a
procurement certificate from the office of the
Customs range in whose jurisdiction the STP
Unit falls:.
i) Simple application addressed to the
Superintendent of Central Excise and
Customs of the jurisdiction within which the
concerned STP unit falls.
ii) Certified true copy of the Import certificate.
iii)Certified true copy of the commercial invoice
attested by STPI.
iv) Procurement certificate in the prescribed
format
Once the documents are found to be in order, the
Customs office issues a Procurement certificate.
B. Submission of documents to the Clearing agents:
Once the documents mentioned above are
received from the STPI and Customs, the
l
l
l
JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
10
following documents have to be submitted to the
clearing agents by the importing unit in a sealed
envelope issued by the Customs office
i) Photocopy of the Airway bill.
ii) Photocopy of IEC certificate issued by DGFT.
iii) Original Import certificate issued by STPI,
iv) Original Commercial invoice attested by STPI.
v) Original procurement certificate issued by the
Superintendent of Central Excise and
Customs
vi) 5 blank letter heads of the Company
vii)Duly signed Form “N” (This is available with
the clearing agent concerned)
viii)Octroi Exemption certificate incase the unit
has been exempt from payment of Octroi by
the Municipal corporation.
C. Once all the documents are submitted to the
clearing agents, they undertake the clearance
formalities and arrange for transportation of the
equipment to the importers unit.
Stage III] Post shipment procedures and Re-warehousing:
Once the equipment is transported to the importers
office, it has to kept within the Custom bonded
premises of the importer. The imported equipment
can only be opened in the presence of a Customs
Inspector. The Customs Inspector checks the Bill of
Entry generated for the equipment and all the
relevant papers before authorizing opening the
equipment. Once the equipment is opened, he signs
on bill of entry and checks the entries made in the
Customs bond Register
On every duty free import made, the importing unit
has to maintain the details in a physical register.
such as Bond number and date, Date of receipt of
goods in the warehouse, Vessel name with IGM and
Index No., No. of packages, Marks/number,
Description and value of goods (as per the Bill of
entry), Amount and Rate of duty, Bonders name and
address.
Once the particulars are filled in they are checked
for correctness and counter signed by the Customs
Inspector. The STPI unit has to obtain a Re-
warehousing certificate for re-warehousing and
maintaining the imported equipment in the
company's bonded warehouse within a period of 90
days.
The application for re-warehousing certificate has to
be made to the Customs range concerned along with
the Re-warehousing certificate in the prescribed
format, Bill of entry, Lorry receipt, and the Octroi
receipt,
On receipt of the re-warehousing certificate, the
following documents need to be submitted to the
Clearing agents in a sealed envelop stamped by the
Customs authorities to complete the import
formalities:
1. Original re-warehousing certificate issued by the
Customs.
2. Original Bill of entry counter signed by the
Customs inspector
The documents mentioned above have to be
submitted through the Clearing agents to the office
of the Assistant Commissioner of the relevant Port of
Entry. The Re-warehousing certificate is cancelled
and stamped by the Customs authorities as full and
final endorsement of completion of the import
related formalities.
Conclusion:
The procedure though a little lengthy and tedious is
a blessing for STP units as they can use the benefit
provided under the scheme for import of crucial
equipment necessary for Software and Product
development absolutely duty free which in turn
boosts the export of the country and also aids in
undertaking crucial R & D work by Software Product
and Development companies.
� � �
(which can be construed as lock-in) from the date of grant of options for conversion into shares.
However, shares issued under ESPS shall be locked in for a period of one year from the date of allotment.
Documents required for remittance of funds to
the bank account of Non-resident / Foreign
National on sale of share:
Following documents shall be provided by the Non-Resident / Foreign National to the broker for remittance of funds to his bank account:
1. ESOP letter.
2. Certificate from Chartered Accountant to the effect that capital gains tax has been paid.
3. Swift Code of the bank where the funds are to be remitted through wire transfer.
4. Instruction from Non-resident / Foreign National to credit the amount to his bank account.
Once these documents are provided to the broker, funds would be remitted abroad.
� � �
(Contd. from Page No. 7)
JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
11
Contracts are the medium through
which the parties define the scope
o f wo rk , the i r r o l e s and
responsibilities and the commer-
cial terms. Before drafting any
contract we need to know comp-
letely the business our company is into. We should
coordinate with our technical team to understand
the type of work that we would be offering under a
contract. Draft a contract which takes care of any of
our future work possibility with the customer. If we
are drafting contract for a specific customer then
read the terms of the Request for Proposal (RFP)
responded to that customer to reduce the number of
iterations for negotiations. Get involved at an early
stage while the commercial or technical details are
being discussed. We should always push for our
draft as we have complete control over the clauses
being stated in the draft and it helps in negotiating
the contract and reduces the number of iterations.
We should include our draft along with our
response to RFP so that the customer becomes
aware of our contract terms.
The customer key concern in an IT contract is IP
and confidentiality.
Intellectual Property (IP):
We need to write our clauses which states that the
work done for the customer is “work for hire” and
the deliverables belong exclusively to the customer.
We need to state clearly that the deliverables will be
assigned only if the payment obligations by the
customer's are met. Define our pre-existing
intellectual property used in the project. As a service
provider, we should retain a complete ownership on
our pre-existing IP and the customer acquires a
perpetual right to use the pre-existing IP only in
connection with the deliverables. We should have a
right to use the residual knowledge in any of our
other customer's project or for our internal
development purpose.
Confidentiality:
This clause will obligate us to maintain the
confidentiality of the information that we acquire
during the term of the Agreement. As a service
provider we should always provide a definite term
for the survival of confidentiality obligations so that
we know when our liabilities under a contract will
end.
Indemnity:
The customer will try to negotiate and make us indemnify for any damages that they will suffer due to our acts and omissions. We are a service provider and our liability should ideally expire after the deliverables are accepted by the customer but this may not sell and we may have to indemnify the customer for our acts of gross negligence or willful misconduct. The customer will require us to indemnify for any intellectual property infringement or gross negligence or willful misconduct. Provide carve out to intellectual property infringement and should be only related to the deliverables and have not resulted due to any modifications to the deliverables. The term gross negligence or willful misconduct is too broad and should be only limited to death or personal injury or property damage.
Key concerns of Service Provider:
Scope of work and payments:
Define the scope of work in the statement of work. Introduce a concept of changes order to take care of any changes to the scope of work, the service provider should have a right to change the commercials terms accordingly. Define the Service level (SLA) in terms of providing services to the customer. Define the payment terms. Do not link the payment terms with the acceptance of deliverables under time and material contract. In a fixed price contract we may define the payment milestone in line with the deliverables milestone. Provide an expiry date to the rates provided in the contracts. We should keep a provision of charging interest if the customer delays in making the payments.
The contract shall also list down in detail what hardware and software will be provided by us to execute the work. If the customer requires any additional hardware and software, the contract shall clearly provided that it will be at additional cost to customer. We should always discuss the commercial issues with the technical team to understand the type of additional cost that may be passed on us while providing services and we should provide some provision in the contract to take these issues later as and when it will come up.
Approval of deliverables:
Define the approval period within which the
customer should provide its conformity for the
deliverables. If the customer fails in providing its
Drafting and Negotiating Outsourcing ContractsSonal Sharma , Legal Officer, Persistent Systems Private Limited
Drafting and Negotiating Outsourcing Contracts
JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
12
non-conformity then the deliverables should
deemed to be accepted by the customers. The
contract provides for improvement, modification
etc. of the deliverables during the time the customer
is evaluating the deliverables.
Liability:
Restrict contractual liability to maintain
equilibrium between the risk and reward ratio. We
should indemnify the customer only for the direct
damages and disclaim any third party, indirect,
consequential and incidental damages. Limit
liability to a particular value it should be either the
value of the contract or the company's insurance
coverage.
Resources:
Provide restrictions in the contract so that the
customer is not free to solicit the service provider's
employees.
No compete:
The customer may try to impose certain conditions
which may restrict us in doing business with any
third party. Avoid having such clauses in contract.
Termination Rights:
The Service Provider should have the termination
rights under the contract. The contract should
define the obligations of both the parties upon
termination.
Jurisdiction:
Ensure that the jurisdiction agreed in the contract
support the terms and conditions of the contract.
We should always push for the jurisdiction of the
countries where our company has some local
presence. Litigation may not be a preferred mode to
settle the dispute then provide an alternative for
arbitration. Define the process, mode and the venue
for arbitration.
Tips for Negotiation:
Read the clauses well. Prepare a separate list of
issues it will help in concentrating only on the
contentious issues in the contract. Make the
technical team aware of the legal issues brief them
the concerns related to the issues. We should also
do some due diligence on the customer to have an
idea about the type of business the customer is into.
Keep alternatives ready to propose during the time
of negotiations, this will help in early closure of
issues.
It is not necessary that the draft proposed by us will
be accepted by the customer. They propose their
own draft. It is necessary for the negotiation team
not to be too rigid. There were times, when certain
clauses of the customer were not negotiable but now
the scenario is changing as the service providers are
becoming aware of the impact of such one-sided
clauses on their business. While accepting such
clauses, it is necessary for the negotiation team to
have a future foresight about how the existing
clauses in the contract will govern the relationship
between the parties. In today's competitive world,
negotiating the contract is becoming more and more
difficult and challenging task. It is also necessary
that in the changing business scenario, we continue
to update our contract template. We cannot put
forward the contract template, which has no
business significance at present and we might be
forced to accept our customer's template, but if the
contract template is in line with the current
business practices, the chances of such draft being
accepted increases.
� � �
JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
The candidate should have relevant
experience of handling secretarial and
legal matters of the company. Interested
candidates may forward their resume to :
Mr. Kailash NairManager Finance
KAESER COMPRESSORS (INDIA) PVT. LTD.
Survey No. 255/1, Hinjewadi Gaon,Tal. Mulshi, Pune 411 057.
Tel. : + 91 20 22934610/616
Fax : +91 20 22934648
Email : [email protected]
Websit : www.kaeser.com
WANTED
COMPANY SECRETARY
13
'Information' plays key role in the business world today. Almost all types of decisions i n b u s i n e s s environment are taken on the basis
of reports/information generated through 'Management Information Systems'. Information Technology has integrated computers and communications, which help users to take appropriate decisions in time.
The organisations have changed its business processes. This requires information to be current, accurate and be made available to users as & when required. Information is also collected from various departments of the organisation for decision-making, legal compliance & for communication to various stakeholders e.g: shareholders. The generation of information is dependent on computer system, which is now a days well described as Information Systems. The system involves people, software, hardware, communication devices, networking & the most important data.
In the era of globalization and acute competition, most of the organizations have implemented Information Technology (IT). It has resulted into carrying lot of IT related risks, problems of internal controls as well as security of IT resources. This has necessitated review of and assurance to the top management about its Information Systems. Like other audit and assurance services, IS audit provides an assurance to top management that IT related controls, security and other measures, are in place and adequate. It is worthwhile to note that few traditional controls like segregation of duties play pivotal role even in IS audit.
Information Systems Audit :
IS audit is an independent appraisal of activities related to Computer Systems by team of professionals. IS auditor reports audit findings accompanied with recommendations. The organisation should ensure proper internal control. IS Auditor reviews the same and recommends on any deficiencies in the control system. IS audit assures management that controls embedded in the computer systems and related operations are proper and adequate. IS audit is an independent appraisal of Information System which ensures that Internal controls are effective and efficient to provide up to date, accurate, relevant information to
Information Systems Audit Uday V Kulkarni , F.C.A., CIA (USA) CISA(USA)
Abhijit V Chirputkar , M.Com, F.C.A., CISA. (USA)
Information Systems Audit
meet business objectives. The Audit of Computerised Information System & Audit through Computerised Information System are two different concepts. In this article our focus is on audit of Information & Communication system.
Objectives of IS audit :
Audit is process of colleting and evaluating evidences to authenticate and validate the data processing system. The objective of IS audit includes;
a) To provide reasonable assurance about management of IT risks;
b) To provides reasonable assurance about existence of different types of controls including internal controls (eg: in computer programs) and recommending improvement in internal and other controls;
c) Evaluation of systems and processes to ensure;
i) Safeguarding of assets ( IS assets)
ii) Data integrity
iii) System efficiency and effectiveness
d) To ensure law compliance (RBI has recognised IS audits in banks)
Need of Information System Audit:
a) Now a days all types of transactions are entered through computer systems. As transactions entered the system, these are automatically processed for recording, reporting or as input to next set of transactions. These processes are carried out by programs creating a problem of 'audit trail'. The accuracy, speed & flow of process largely depend on quality of software implemented. Software development includes process of testing however Software audit is one of the processes or part of testing. To ensure the quality of software & implementation (customization) Information System audit is necessary. Computer programs should ensure that all transactions are processed correctly.
b) Security of Information System is on the top agenda in all the organizations. Security of people, data, networking, hardware, software is most important. In absence of security measures, organization may collapse. It has led to introduction of various international standards. (e.g. BS7799/ISO17799 are available for Information Security). As a part of IS audit, auditor ensures adherence to various security norms mentioned therein.
c) The accuracy of annual financial reporting as (See Page No. 16)
JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
14
stIn 21 Century the nature of offences started taking a different way and specie of sophisticated offenders took birth, which started committing offences using Hi-tech technology. The old Indian Penal Code for the first time expressed its
inabilities to handle such offences committed through Internet and with the help of tools of Information Technology, and therefore in the year 2000 Indian Government felt necessity to have a special Act, to deal with such type of offences/ crimes and therefore Information Technology Act 2000 was passed.
Now let us see the offences (cyber crimes) committed through computer, computer systems, Internet etc.
The first reported cyber crime is of the year 1820. One Mr. Jacquard from France, a textile manufacturer produced the loom. With the help of this device repetition of series of steps in the weaving of special fabric were increased, and this created a fear amongst Jacquad's employees that their traditional employment and livelihood is threatened. Therefore they committed act of sabotage to discourage Jacquard from using technology.
Financial Crimes:
Misappropriation of Funds : Punjab National Bank was cheated to the tune of Rs. 1.39 Crores through false debit and credits in computerised accounts.
The Hyderabad police had arrested two persons. Manohar was an unemployed computer engineer and Moses was a steward in a five star hotel in the city. Moses used to note down various details of credit cards handed over by clients of the hotel for paying their meal bills. Then he used to pass on the said information to Manohar, and then Manohar used the details to make online purchases on various websites such as sify.com, rediff.com etc. On the complaint of a businessman, who handed over his credit card to Moses for payment of dinner bill the case was investigated and both were arrested
Cyber pornography : Pornographic websites, pornographic magazines produced using computers, pornographic downloads using Internet is included in this offence.
l
l
l
l
l
Cyber CrimesAdv. Rahul Risbud , B. Com, LL.B. M.LL. & L.W., Dipl. In Cyber Laws
Cyber Crimes
A student of the Air Force Balbharati School, New Delhi was teased by schoolmates for having pockmarked face. Annoyed with this, he decided to take revenge and he hosted a website at the URL www.amazing-gents.8m.net and provided in text material lucid, explicit, sexual details of various sexy girls from the school and the school teachers. The father of the girl being an Air Force officer registered a case under Section 67 of the IT Act, 2000. The police arrested the concerned student.
Sale of illegal articles : The sale of narcotics, weapons and wildlife etc. by posting information on website, would fall under this offence. E.g. many of the auction sites even in India are believed to be selling cocaine in the name of 'honey'.
Online gambling: Many websites worldwide are dedicated to gambling. Infact it is believed that many of these websites are actually fronts for money laundering.
Intellectual property crimes : These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc. One M/s Network Solutions have r e g i s t e r e d d o m a i n n a m e s s u c h a s barticellular.com and bhartimobile.com with different fictitious names. Bharati Cellular Ltd. had filed a case in Delhi High Court against M/s Network Solutions for cyber squatting, and the High Court has directed M/s Network Solutions not to transfer the domain name in question to any third party and the matter is sub-judice.
Email Spoofing : When an email appears to be generated from one source but is actually generated from another source, it is called as spoofed email. In Global Trust Bank case, some body send a spoofed email to the customers of the bank, stating that the bank is in bad financial condition, as a result numerous customers decided to withdraw all their money and close their accounts. The email which seems to be originated from one source but is actually originated from other source is known as spoofed email.
Forgery : Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using sophisticated computers, printers
l
l
l
l
l
l
JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
15
* With a minimum 6 month validity prepaid plan. Conditions apply.
and scanners. Whenever news flashes in newspaper that Mr. X arrested for selling fake mark sheet, remember that Mr. X can be punished under the I T Act, 2000.
Cyber Defamation : Whenever somebody publishes some defamatory information, about somebody using computer and/ or the internet, it amounts to cyber defamation. India's first case of cyber defamation was reported when a company's employee started sending defamatory and obscene e-mails about its Managing Director, which were sent to many business associates to tarnish the image and goodwill of the company. The Company was able to identify the person and approached to Delhi High Court.
Cyber stalking : Stalking means “pursuing stealthily”. It means following a person's movements across the internet by posting messages or bulletin boards frequented by victim, entering the chat-rooms frequented by the victim, constantly sending e-mails to the victim etc.
Unauthorised access to computer systems or
networks : This is commonly known as hacking but Indian law has given a different connotation to this i.e. unauthorised access.
Theft of information contained in electronic
form : Any information stolen which is kept in computer hard disks, any removable storage media etc. is an offence punishable under the Information Technology Act, 2000.
Email bombing : It means sending of large number of emails to the email account of an individual or to server of a company so that victims email account or server crashes.
Data diddling : It means altering data before it is processed by a computer or computer system and changing it back after the processing is completed. The NDMC Electricity Billing Fraud Case is the best example of this offence, wherein NDMC Delhi had outsourced to a computer professional work of collection of money, computerised accounting, record maintenance etc. He misappropriated huge amount of funds by manipulating data files to show less receipt and bank remittance.
Salami attacks : These attacks are used for commission of fraud. The alterations made in computer system with the help of a programme in this case are so significant that in a single case it goes unnoticed. In a case in USA an employee programmed a logic bomb to take ten cents from
l
l
l
l
l
l
l
all the accounts in the bank and put them into the account of the person whose name was alphabetically the last in the banks list. Then he went and opened an account in the name of Ziegler. The amount being withdrawn from each of the accounts in the bank was so insignificant that neither any of the account holders nor the bank officials noticed the fault. It was brought to their notice when a person by the name of Zygler opened his account in the bank. He was surprised to find a sizeable amount of money being transferred into his account every Saturday and the entire scheme was revealed.
Denial of service attack : By sending excessive demands to the victims computer/s in excess of the demands that one computer can handle, leading to crashing of computer system or computer network, and thereby causing denial of service by the resource to the authorised users is known as denial of service attack. Denial of service attacks have had brought down the websites like CNN, Yahoo, eBay, Amazon etc.
Virus/ worm attacks : Viruses are programmes which attacks to a computer or a file and them circulate themselves to other files and other computers on a network, and affects data on a computer by either altering or deleting it. Whereas worms do not need any host, and they make functional copies of themselves till they eat all available space on a computer memory.
Logic bombs : These are a virus which gets activated on doing something. They may even remain dormant for a year and get activated on doing or not doing something.
Trojan attacks : As name aptly suggest, a Trojan is an unauthorised program which seems to be harmless in nature which thereby concealing what it is actually doing, causes harm to the computer, computer system, computer network or to any files in the computer.
Internet time theft : This means usage by an unauthorised person of the internet hours paid for by another person. In Delhi one person by name Mr. Mukesh Gupta an engineer with Nicom Systems (P) Ltd. was sent to the residence of the complainant to activate his Internet connection. However, the accused used Col. Bajwa's login name and password from various places causing wrongful loss of 100 hours to Col. Bajwa. Delhi police arrested the accused for theft of internet time, on a complaint lodged by Col. Bajwa.
Web jacking : When someone by cracking a
l
l
l
l
l
l
JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
16
password gets hold of a website, thereby denying the control over the website to the real owner, are called as web jacking.
Theft of computer system and/ or physically damaging a computer system is two cyber crimes.
Ga in ing en t r y i n t o , i n s t ruc t i ng o r communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network is a cyber crime.
l
l
l
l
l
Password cracking is one of the cyber crimes.
Threatening emails : Sending threatening emails is a cyber crime.
Similarly spreading defamatory emails, a fraudulent email is a cyber offence.
These are some of cyber crimes committed by using computer, computer system and internet and are punishable under the Information Technology Act 2000.
� � �
well as submission of various reports to SEBI, CLB, and Government departments as part of compliance of laws is largely dependent on Information and communication system. Such information is generated & gathered through ERP packages or other packages. Even for statutory audit also Information System Audit may be treated as a pre-requisite. IS audit ensures reliability & accuracy of information before it is submitted to outsiders.
d) To achieve business objectives, internal controls are essential in all types of organizations. Internal controls like separation of duties etc are part of day-to-day functions. Now-a-days due to computerization and automation, various controls are also automated and embedded in the systems. IS audit ensures that the required internal controls are automated & functioning properly.
e) Post Enron circumstances led different countries to introduce laws such as SOX in US, SAS70 etc. Internal controls related declaration is also required in India. The primary objective of these laws is to provide timely accurate information to various stakeholders. Information System has become a part of Internal Control hence declaration, certification of Internal Control is largely dependent on the quality, accuracy and security of Information system. These aspects can only be evaluated and assured as a part of Information System audit.
f) Various types of frauds, malicious acts are conducted through computers. To prevent, detect & correct these types of acts Information System audit is required.
g) The quality of information largely depends on the quality of various computer controls. Proper evaluation of these controls like input controls, process controls, data integrity controls, output controls is carried out in IS Audit
h) IS audit plays key role in Business Continuity Planning.
i) Every organization, which is running its
business, processes and operations through computers, should conduct information system audit. Even now a days most of the banks are conducting IS audit on regular basis.
Types of Information System Audits:
IS Audit is not a single type of audit. It is done for different facets of Information Systems. A few types are as follows;
a) General Computer Control Audit
b) Reviewing Controls: It includes reviewing wide range of controls like environmental access controls, physical access controls, logical access controls, IS operations controls, Application controls, IT implementation controls, System Development Life Cycle controls etc.
c) Application Software Audit
d) Information & Communication System Security Audit/review
e) Information System procedural audit
f) Pre-Post software implementation audit
g) Data conversion audit
h) Review of BCP controls and disaster recovery planning
IS Audit and IS Auditor:
IS audit is conducted by professional called as IS Auditor. The skill sets required for these type of audits are certification like CISA, CISM, or qualification as ISA. IS Auditor should be technically competent and possess requisite skills to carry out IS audit. As a requirement to any professional member he should undergo Continuous Professional Education. The Audit charter should clearly state responsibility, authority and accountability of IS Auditor. Company Secretary is also required to carry out secretarial audit and in some cases system audit related to his/her area. In present scenario IS audit qualification may be of great help to understand computer processes, programs related to his/her professional work.
� � �
(Contd. from Page No. 13)
JULY 2006JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
JULY 2006JULY 2006ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
l
l
l
Study Circle Meeting
A Study circle meeting on the topic “Basic
concepts in Capital Markets” was organized at ththe Pune Chapter on Saturday the 27 May,
2006 in between 4.00 pm to 6.00 pm. Mr Amit
Modak, Director, Pune Stock Exchange Limited
delivered a lecture elaborating the basic concepts
involved in the capital markets and incidental
issues related thereto. Around 10 members were
present for the said lecture.
Free Seminar for HSC students and their parents
Every year the chapter organizes a free seminar
for the students of HSC and their parents at Pune
Chapter premises with an objective of giving
them information about career as Company
Secretary. This year two such seminars were thorganized at Pune Chapter on 4 of June, 2006
i.e. one day prior to the declaration of HSC thresults and again on 11 June, 2006. More than
50 students and their parents attended the said
free seminars. Office bearers of Pune Chapter
briefed the students present about the CS
course, its contents and scope in employment as
well as in practice.
Visit of President of ICSI
Mr H.M.Choraria , President of ICSI, Ms Preeti
Malhotra, Vice President of ICSI, Mr N.K.Jain ,
Secretary and CEO of ICSI along with other
central council members visited Pune on the
occasion of Central Council meeting, which was th thheld on 9 and 10 June, 2006. Felicitation of
President, Vice President and Secretary & CEO thwas organized on 9 May, 2006 at Hotel
President at 7 pm. More than 70 students and
members were present for the felicitation
function. Mr H M. Choraria , President was
felicitated by Mr Nishad Umranikar, Chairman
Pune Chapter by offering him “Puneri Pagdi &
Uparane” and a memento. Vice President ,
Secretary & CEO and all other central council
members were also felicitated by offering them a
memento. Mr Arvind Gaudana, Chairman WIRC
who was present at the function, was also
felicitated. An exclusive interview of the
President and Vice President was also organized
with Ms Gauri Athalye, Senior Journalist , The thEconoimc Times on 9 of June, 2006 at 6.15 pm.
Secretary & CEO, Vice President and President
addressed the gathering. President informed the
members that the Institute is planning to bring
out Post Membership Qualification course on
Corporate Governance. He added that effective
steps are being taken to obtain recognition for the
profession in Labour Law audits and Institute
would also be coming out with a guideline for
such audits for the benefit of members. Apart
from that, steps were being taken to liaison with
Professional Institutes in countries like Kenya ,
Singapore etc.
While talking to students present he informed
further that the syllabus of the course was under
review and the same would be changed in the
next year. Also efforts are being taken to
introduce seventy hours of computer training for
the students and discussions were being held
with NIIT in this regard. thOn 10 of June, 2006 President, Vice President ,
Secretary & CEO along with other central council
members visited the Pune Chapter office and had
interaction with the chapter staff.
OTC Intermediate Faculty Meeting thOn 15 of June, 2006 a meeting of Office bearers
of Pune Chapter with faculties of Intermediate
Oral Tuition Classes was held at the Chapter.
The meeting was held in order to inform the
faculty members about the guidelines issued by
ICSI, fix the lectures for the next batch of OTC ,
decide dates of CC examination and in all
conveying the expectations of the Managing
Committee to the faculty members.
� � �
l
Chapter Report Pallavi Kulkarni -Salunke , Secretary, Pune Chapter
Chapter Report
Forthcoming ProgrammesSr. No. Date Programme Venue
1. July 19, 2006 Inauguration of Intermediate OTC Pune Chapter
2. July 24, 2006 Full day programme on MCA 21 To be decided
3. July 30, 2006 Study Circle Meeting Pune Chapter
Forthcoming Programmes
For Private Circulation only. All opinions / views expressed in "Sanhita" are those of the authors only. The opinions expressed herein should not be construed as legal or professional advice. The Chapter/ICSI does not take any responsibility for the information published in "Sanhita" including intellectual property rights of third parties. Published by Mr. Nishad Umranikar for and on behalf of the Pune Chapter of the Western India Regional Council of the Institute of Company Secretaries of India, 23, Mukund Nagar, Corner of Lane No. 1, Above Joshi Hospital. Pune-411 037. Telefax:020-24263228/0341. E-mail : [email protected]
23,Mukund Nagar, Corner of Lane No.1, Above Joshi Hospital, Pune - 411 037.Ph. 020-24263228 / 0341 E-mail : [email protected]
If undelivered please return to :
PUNE CHAPTER
SIN PURSUIT OF PROFESSIONAL EXECELLENCE
Statutory body under an Act of Parliament
The Institute of
Company Secretaries of India
JULY 2006 ICSI - WIRC Pune Chapter NewsletterICSI - WIRC Pune Chapter Newsletter
Visit of President of ICSI Visit of President of ICSI
Visit of President of ICSI Visit of President of ICSI
Study Circle Meeting Free Seminar for HSC students and their parents