AUTOMATED BUSINESS PROCESS (Chart 1.37) JOrder to Cash Cyele (Es) [ti @ set of business processes thet involves |receiving & fullling Jeustomer requests for |soods or services i Customer Order i) Delivery Note lv) Collections ere eu ued Itis technology-er bled automation of acti Business Process Automation (BPA) bbe implemented for many diferent functions of company activities. BPA is tactic a business uses to automate processes to operate eficiently & effectively. BPA is tradition of analyzing, documenting, ‘optimizing & then automating business processes. ‘oF services that accomplish a spediic function & can 2) Quality & Consistency 3) visibiiey 5) Governance & Reliability 5) step 5: Engage business process consultant 7) step 7: Developing the BPA eres WUE Sura (ERM) Temay be defined a3 @ ‘process effected by an ‘entity's Board of Directors, management &| ‘other personnel, applied In strategy setting. |c) Provide integrated responses to multiple risks [s) Retionalize capitalAUTOMATED BUSINESS PROCESS (Chart 1.38) Risks any event that may result na sicant deviation Irom a planed objective esutingin an unwanted Inegative consequence. ¥ Controls ‘431 defies stem ofnternal conte aspan of enterprise & all methods & procedures adopted by managerent of an ent to asst in achieving management objetivo ensuing as faras praciable, order & fein condut ofits busines ineling adherence to management ples, safeguerding fase, prevention & detection ofaud and err, accuracy &completnes of accountng cod, & time preparation ofrelblefrarlinfrmation. Wee EE ge Prod 1} np & cess ao 1 strate 3] Regulatory 5] Operational tesed on mode of aie rai rental Litton of nema Control System contolsan be 1) control nvonment ||) Managements conierton that ost 1) Manual Control 2) Risk Assessment __{ [oF intemal control does not exceed eyvomated Conti ||) conc Aces [Pett Denes tobe dered 3) SemAutomatedContral | eeregstion of utes ||2|Mostinteral contr do not tend to i cenerlcontals [be deed at transactions of una Anintemal Conte Sytem ||) Application Controls "4° i) Faclittes effectiveness & ||4) information & [3} Collusion with employees or wth efciency of operations |Communication partes outside the entity a) Hels ensure relbty of |]s) Monts of Contr’ 4 Pon eponsileforeecngan neal & eternal acl inet conrol cul ebuse hat reporting Iesponsibility Asis compliance wih 5 Naniptions by management with eplcable lave & regulations espero transactions or estimates & Helps safeguarding judgements required in preperation of eset ofentty financial statements DCU USC em SIS Us Flowchrs re sed in desing & documenting simple processes or programs ey 1 cuicker rasp of 17) ficent program Imantenance 5 Estabishing Contr et Date Fow Diagrams | Diagrammati fre lnr eek What dae eytemAUTOMATED BUSINESS PROCESS (Chart 1.39) vy Risks And Controls For Specific Business Process Ce a Risks & Controls Human Resources ~ Lee ceca Cer ndudes following: Gene DEC eateries ee Creo Dr ceo ies cere) Greece Risks & Controls Iisa set of business processes that involve receiving & fling customer requests for goods or series Cercle cg peed ferent ees TTL 1} Customer order is documented 2 Orders fulfilled or sevice is 2) Reviewing Transactions 3) Approving Transactions 4) Posting of Transactions 5) Generating Financial 4} Termination or Transition LB, B.Com, CSA -ExpertselnowdedgeinISC, SM, LAW -Presenceall over nia at the geo 28 Also known asthe “Motvatonal Gur" Cri Poe!AUTOMATED BUSINESS PROCESS (Chart 1.40) eo Regulatory & Compliance Requirements The Companies Act, 2013 Information Technology Act (IT Act) + [1) Section 134- Financial statement, Board's report, ete 1) Advantages of Cyber Laws 2) Computer Related Offences 3) Privacy 2) Section 143- Powers & duties of auditors & auditing standards [3) Guidance Note on Audit lof Internal Financial Controls over Financial Reporting [a) Management's Responsibility Ib) Auditors’ Responsibility Ic) Corporate Governance Requirements }d) Enterprise Risk Management's Framework [a) Email would now be a valid & legal form of communication Ib) Co's shal carry out electronic commerce jusing legal infrastructure provided by Act now be able to /c) Digital signatures have been given legal validity & sanction in the Act }d) Act throws open doors for entry of corporate companies in business of being Certifying Authorities for issuing Digital Signatures Certificates Je) Allows Government to issue notification on web thus heralding e-governance [a) Common Cyber-crime scenarios b) Harassment via fake public profile on social networking site [c) Email Account Hacking |d) Credit Card Fraud Je) Web Defacement #) Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, Bugs Js) Cyber Terrorism h) Online sale of illegal Articles 1) Cyber Pornography |}) Phishing & Email Scams k) Theft of Confidential Information I) Source Code Theft 1 [4) Cyber crime ja) Traditional Theft b) Hacking 5) Sensitive Personal Data Information(SPDI) ja) Rule 3 defines sensitive personal information as: + Passwords ‘* Financial information '* Physical/physiclogical/ mental health condition '* Sexual orientat + Medical records & history| Ceara Designed By: Swapnil Patni = CA, CS, LLB, B.Com., CISA - Expertise knowledge in SCA, CLASSES EAL Pravance all over india at the age of 29 “hise known ae the Motivational Guru”FINANCIAL AND ACCOUNTING SYSTEMS (Chart 2.39) Mn hho nes What is a System? eer) Technical Concepts Integrated ERP ation t v System enna Aca) "a set of principles or | [A] Working of any software | [__B) installed Applications V/s Ttis an overall business procedures per which Web Applications Fiypical namintegratedl] | management system that caters | (i) Manufacturing lsomething is done; an ont End & Back End lenvironment where all || need of all people connected | |i) Financials erenised scheme or | Front End 1) Using Software Seeman SAS sal ii) Human Resources It is part of the overall These are two ways of using | [2 i spear ee liv) Supply Chain lsoftware which actually software including Financial & | |'s 0Essroun Tavantage: of an ERP System] |Management ine user who is Accounting Software IF ABE 6s Grriotaae bce ee + installed Applications are 1) Human Resource _| |i) Integrate business operations | |vi) Customer [eis coordinated & | |» BackEnd programs installed on hard disc | |i) Accounting lwith accounting & financial Relationship standardized flow of | |itis a part of overall software | {of user's computer ii) Marketing reporting functions Management (CRM) Jectivities performed by | lwhich does not directly + Web Applications of user's _| |iv) Production i) increased data security & | |v) Data Warehouse people or machines, | linteract with user, but computer, itis installed ona | |y) Purchase application controls feet man jinteract with Front End only | | web server & it is accessed using \vi) Logistics. iv) Build strong access & eee 2 browser &internet connection || + auatity Control _| segregation of duties controls boundaries to achieve a | {_ li) Application Software \] Automate many manual business objective & | [+ Application software ii] Cloud-baced Applications _| [Two major probleme. | processes, thus eliminating lreates value for performs many functions such | [> These days many orgonzetions| I) Communication Gaps | [°F internal or external | las receiving inputs from user, | |do not want to install Financial |) Mismatched Data | ful) Process huge volumes of data a Applications on their own IT |within short time frames infrastructure 5 5 li) Strong reporting capabilities Organizations increasingly are lwhich aids management & other }* There are three layers which| |hosting their applications on stakeholders in appropriate ltogether form application internet & outsource IT functions| {decision making (Continue on Chart 2.40)FINANCIAL AND ACCOUNTING SYSTEMS (Chart 2.40) SEEM Cie nell Ry Ey iene neeen Types of Data es een ee Types of Ledgers ert tis a documentary evidence of a ||A Voucher No. or a Document|| Accounting flow from angle of Ledgers [[ AasterData transaction Number is a unique identity software lat time of {tis relatively permanent. Types of vouchers used in of any voucher/ document v lereation of any data that isnot expected to accounting ystems lnew ledger, it must be placed lunder a particular change again & again |/1) Contra 9) Debit Note 2) Payment 10) Sales Order |1) Accounting Master Data ||3) Receipt | 11) Stock Journal a) ft must be unique 12) Separate numbering series Transadtons t i Humans Voucher Entry 2)Inventory Master Data ||4)ournal’ _|12) Physical Stock ||3) May have prefix or suffix Posting 3) Payroll Master Data 5) Sales 113) Delivery Note |}or both v |a) Statutory Master Data_||6) Purchase |14) Receipt Note ||4) All vouchers must be Balancing Software] 17} Credit Note |15) Memorandum | numbered serially v [i ereeeer eta a) Parchade |xe) attendance) |/5) a vouchers are recorded | [ial Balance Balance Sheet tis a data whichis lOrder 17) Payroll in chronological order & expected to change hence voucher recorded Jearier must have an earlier number lrequently, again & agein & not a permanent data Designed By: Swapnil Patni “Ch, 5,118, B.Com, CISA ExpertekrowedgenlSCA, TSM, LAW File Updating & Senin IMaintenance = Polling el = Contention Methods + Parity Check vii) Internetworking J+ Document/Record Counts eaeINFORMATION SYSTEMS AND ITS COMPONENTS (Chart 3.76) a) Asset Sefeguarding Objectives 2) Data integrity Objectives 3) System Effectiveness Objectives 4) System ficiency Objectives 3) Organisational Costs of Data loss 12) Cost of Incorrect Decision Iaking 3) Costs of Computer Abuse la) Value of Computer Hardware, software & Personnel 5) High Costs of Computer Error 17) Controlled evolution of Jcomputer Use 2) Means of controlling current audit work 2) Evidence of audit work performed 3) Schedules supporting or additional tem in eccounts |a) Information about business being audited, including recent history 2) Nature of financial reporting. 2) Nature of audit procedures 3) Need for audit to be conducted within a reatonable period of time & ‘ata reasonable cost |4) Matter of difficulty, time, or cost Involved is notin tee a valid for a) Snapshots 2) integrated Test Facility (ITF) 3) System Control Audit Review File (SCARF) Je) Continuous & Intermittent simulation (Cis) 5) Audit Hooks [| 1014, porscterty fraud involving ‘management or collusion 6) Existence & completeness of related party relationships & trans. 17) Occurrence of non-compliance with laws & regulations 8) Future events or conditions that may cause an entity to cease to ‘continue as a going concern = v fone a ae aa See eee |} Job titles in IT have matured & are quite consistent across organizations. This consistency helps Jorganizations in several ways iting [= Compensation = Career advancement _[Paselining Ii) Additional titles such as district manager, group. manager, of area manager Jo) Executive Management Je) Systems Management peo CTO |» Systems Architect cso = c1s0 J systems Engin + cro + Storage Engineer Jb) Sofware Development |» systems Administrator + Syotems Architect | General Operations + Systems Analyst + Operations Manager + Software Developer, | Operations Analyst Programmer + controls Analyst = Software Tester + Systems Operator Jc) Data Manegement [+ Data Entry J Database Architect | Media Librarian + Database Administrator |p) Security Operations: (oBa) + Security Architect + Database Analyst + Security Engineer |d) Network Management |+ Security Analyst + Network Architect = User Account + Network Engineer [Management = Network Administrator |» Security Auditor + Telecom Engineer Designed By: Swapnil Patni ~€8, €5, 18, 8.Com. CISA Expertise knowledge SCA, M4, LAWINFORMATION SYSTEMS AND ITS COMPONENTS (Chart 3.77) v eer ee Ce Applica I) Detecting Unauthorized orn B thelr Auat Tals acess i) Reconstructing Events i) Personal Accountability Il Risk Assessment i) Control Assessment i) Review of Documents ) Role of Auditor [auditing Environmental Controls 2} Audit of Environmental [Contrels + system accounts i) Power conditioning, 1 Auciting Password Management i) Backup power i + Password standards i) Heating, Ventilation, & c) Auditing User Access Provisioning |r Conditioning (HVAC) Paeeestten ee acer iv) Water detection + Access approvals \) Fire detection & + Hew employee provisioning suppression + Segregation of Duties (S00) hi) Cleanliness + Access eviews 4) ulting Employee Terminations + Termination process + Access reviews + Contractor access & terminationsChart 4.51 Architecture Cae Sey Cor eer} eo ed cae adE-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGY (Chart 4.52) “Sale / Purchase | Jof goods / services through electronic mode is /e-commerce.” This could include use of technology in |form of Icomputers, Desktops, Applications, etc. 1) Includes all those activities which lencourage exchange, in some way or lother of goods /services which are manual & non-electronic 3) Availability for commercial |transactions For limited time 5) Face-to-face Customer interaction }7) No uniform platform for exchange: information 9) Instant Delivery of goods eR UMC ir er eee a eu eee 1) ft means carrying out commercial transactions or exchange of inform electronically on internet 2472365 7) Provides a uniform platform for information exchange. 9) Delivery of goods Takes time, but now Je-commerce websites have created loptions of same day delivery, or delivery [within 4 hrs 3) Availability for commercial transactions 5) Screen-to-face Customer interaction Y v Y = Elimination of Time Delays To Customer/ ? To indieaial/User|| T° Pusiness/ Sellers | CO er mere = Convenience | | increased Customer ||» Reduction Base in use of Js Recurring payments | ecologically lOptions lmade easy Jdamaging Je Easytofind ||e instant Transaction | {materials reviews Provides a dynamic —_|Ithrough @ Coupon & — | marker electronic Deals J+ Reduction in costs: | coordination Je Anytime _| |= Efficiency improvement ||of activities & Access = Creation of new Imovement of information rather than physical = Better quality of goods | [objectsE-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGY (Chart 4.53) eee Types of Architecture acm erent lows user to interact 1) User 6) E-commerce Vendors 1) Presentation Ti with e-commerce / m-commerce vendor 1) Presentation Tier- Occ information related to services available on a website. 2) internet / | [a) Suppliers & Supply | |2) Database Tier- Product data /price data / _||2) Application Tier- It controls application functionality by Network Ichain Management | |customer data & other related data are kept _||performing detailed processing. 3) 3) Web portal | |b) Warehouse here. Database Tier- Information is stored & retrieved. Data in this peadana J is kept independent of application servers or business 4) Payment é ) Paymer shipping & returns Teer} Py ULC ry Gateway 1d) E - Commerce pl ieteolorr catalogue & product I Seen perlormanes Is PU PICU T cy Infrastructure *| |display ligher because business ompurer, | fe) marketing oy [logie database re een Gc eey Servers & She & off ically cl i Fe f) Showroom & offline| [physically close on presentation from server load balancing & fault se purchase programs | le Since processingis ||» There is restricted || pplication-logic tolerance }* Mobile Apps | |g) Different Ordering | |.hared between client & | {flexibility and e z iis a | n move users could |[chotee of Dams, —_|{* D¥R@mic Toad balancing. |» Current ee are relatively Libraries [Guarantees il) Jinteract with system since data language ||* Change management haicrnlatahot hse + Data Privacy Policy) _— used in server is i Pore lon, Faye aenle }+ Maintenance tools are proprietary to each vendor structure, it is easy to setup & maintain entire system smoothly currently inadequate for maintaining server libraries.E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGY (Chart 4.54) E-Commerce Architecture Vide Internet E-Commerce Architecture Vide M-Commerce Steps of E- v t v Commerce ia Tale ss Es | Work Flow Digram 1) Client / User |[1) User This Layer helps the 11) Mobile APP | [Helps e-commerce customer| |1) Customers Interface 2) Web Browser —_| e-commerce (Application) login 3) Web Server customer connect 12) User |commerce merchant 2) Product / ee 1) merchant || Through these application’s | [Service Selection merchant 2) Reseller customer logs to merchant Ey eee 2) Application 1) E-merchant Customer logs to 3) Logistics systems. This layer allows ees es - Layer 2) Reseller merchant systems. partner |customer to check products ee 3) Logistics partner | Jallows customer to 4) Payment available on merchant's Sia ie 4 check products Gateway me Shipping Process available on Information store) |This layer is accessible to | 16) petivery merchant's website house, where all |Juser through application | |r scking 3) Database Layer| Information store _ | |This layer is data relating to 7) COD tracking house, where all data relating to products, price it kept accessible to user {through application layer products, price it keptE-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGY (Chart 4.55) Risks & Controls Co Te eee cred (etc) Cee eer aeE Ey Governing E-Commerce emer co 3 cere re Cec Ways to protect risk [J Control Objectives 1) Prevent | organizational costs of dota Loss 1) Income Tax Act, 1961 cot oenrren It) Educating participant about lneture of risks Senet Pee fee 1) Users 2) Companies Act, 2013 3) Foreign Trade (Development land Regulation) Act, 1992 4) The Factories Act, 1948 a) Delay in goods & Hidden Icosts la) Needs Access to internat & lack of personal touch \s) Security & credit card issues There could be leyber security risks lwith Direct as well las Indirect impact. + A Direct Financial impact could be if Application at ICompany’s Retailers which contains financial Information has lweak passwords at| all Ost layers 12) Communication of lorganizational policies] to its customers 2) Prevent loss from Incorrect decision making 2) Sellers / Buyers / Merchants \s) The Custom Act, 1962 6) infrastructure 3) Government 3) Ensure Compliance lwith Industry Body Standards 3) Prevent loss of [Computer Hardware, |software & Personnel |6) The Goods and Services Tax lAct, 2017 (GST) la) The Custom Act, 1962 \2)/Probiem of anonymity | |4) Network Service Providers lg) Repudiation of contract 4) Protect your e- ICommerce business |4) Prevent from high costs of computer Error 5) The Goods and Services Tax lact, 2017 (GST) stack oF authenticity of || |6) Logistics Service —_||from intrusion- 5) Safeguard assets from |re.ting in SSeS rece ee rico | mai | Kring ety | ee 8 or theft or TN | a mcmcrcs Fete PRMNE|7) The Competition Act, 2002 J12) Attack from hackers jResuler sofware | le) Ensure data integrity | |Operational impact 8) Foreign Exchange 12) Denial of Service Sereda 17) System Effectiveness sasineernare’ set [EETMA325) Objectives |13) Non recognition of lelectronic transactions 14) Lack of audit trails 15) Problem of piracy 2) Reserve Bank |/9) Consumer Protes of India, 1932 |]1986 Act, 8) System Efficiency ObjectivesE-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGY (Chart 4.56) Dice Gy way of payment which s made through digital modes Payer & payee both use digital modes to send & recelve money. Also called clecronic payment. No hard cashsinvoled Al transactions are completed online, Instant & convenient way to make payments, | Advantages 1) UP Apps 2} immediate Payment Senvice MPs) 3) Mobile Apps 4) Mobile Wallets 5) Aadhar Enabled Payment Service AEPS) 6) Unstructur Supplementary service Data{USSD] 2) The risk of deta thet li) -Wellet 2) card SS —e een ira CruniCeo4(y TEE Re 4 Concept |} Application Areas Concept Types of Resources Core concept of || 1) server Consolidation | @ special kindof distributed computing. In 1/1) Computation |irualiztion ies dea rid computing sytem, every resource is inPartonng, | IDeA RORY | re, ying computer network into a Pisum jwhich divides a ||3) Testing & Training || owerful supercomputer. Every authorized 3) Communications singe physical |) aRable Apledtons computer would have access to enormous Ly) Software & Licenses eee a | ease eee 5 pedal equipment, capacities, architectures, & atl logs arable Workspaces policies servers, Once Benue physical server is ; Z ; divided, each 1) Making use of Underutilzed Resources ‘Sid Computing Seam logical server can Types Resource Balancing ) Single Sign-on fae bah 1) Hardware 3} Parallel CPU Capacity 2) Protection of Credentials. eae (Virtualization {4] Virtual resources & virtual organizations for _||3) Interoperability with local security solutions Re z Ly} Network |cllaboration, |) Exportabity pendenty | Miuazaton 5) Actes to addtional resources a) Net Banking 3) Storage Virtualization 6) Realty 7) Management 5) Suppor for secure group communication 6) Suppor for multiple implementationsE-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGY (Chart 4.57) es Cloud computing, means use of computing resources as a service through networks, typically Internet. It provides facility to access shared resources & common infrastructure offering services on demand over network to perform operations that meet changing business needs y 1 1 Resides within boundaries of an_||IT is provisioned for open use by general public. It may be| It is a combination of organisation & used exclusively for ||owned, managed, & operated by a business, academic, or||both at least one the organisation's benefits government org., or some combination of them. Services || private (internal) & at are offered on pay-per-use basis. least one public Celi luse by a specific community lof consumers from organizations that have shared concerns Characteristics (external). 2) Central Control 2) Highly Scalable 3) Less Secure: ‘Characteristics fomieeeaos 3) Weak Service Level Agreements _||2) Affordable fa) Highly Available 2) Scalable 1) Collaborative & ‘Advantages 5) Stringent SLAs 2) Partially Seaure! ||| [Distributive Maintenance 1) Improves average server es 3) Stringent SLAs utilization, higher efficiencies in low ||1) Used in development, deployment & management of ||4)(Complex Cloud cost enterprise applications, at affordable costs. Management 2) Partially Secure 3) Cost Effective ees 12) High level of security & privacy to || 2) Deliver highly scalable & reliable applications rapidly ee Oe jescal 3) No need for establishing infrastructure for setting up &||1) Highly scalable petyate cloud |3) small , controlled & maintained maintaining cloud 2) Provides better |2) Collaborative work by organization la) Strict SLAs are followed security than public ||3) sharing of responsibilities limitation 5) There is no limit for number of users pose |4) Better security than public| ITeenmsin crganzaton may ove | STS (lous to invest in buying, building & Security assurance & thereby bullding trust among Security features are managing clouds independently. clients is far from desired but slowly liable to happen. not as good as [autonomy of organization is Budget is @ constraint in private. Further, privacy & organizational autonomy are not private cloud & lost & some of security Jclouds & they also have loose SLAs || possible complex to manage | |features are not.E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGY (Chart 4.58) ea aes eee Ait ial intelligence | (Meares cua 4 4 J 1) Elasticity & Scalability 2) Pay-per-Use 3) On-demand 4) Resiliency 5) Multi Tenancy 16) Workload Movernent 1) Achieve economies of scale technology infrastructure 3) Globalize workforce 4) Streamline business processes '5) Reduce capital costs 6) Pervasive accessibility 7) Monitor projects more effectively 10) improved flexibility 1) If Internet connection is ost, link to cloud & thereby] to data & applications is lost. 2) Security is a major ‘concern as entire working. \with data & applications {depend on other cloud vendors or providers. 3) Does not permit control ion these resources as these| jare not owned by the user lor customer. 14) Customers may have to face restrictions on ‘availability of applications , ‘operating systems & Infrastructure options. 5) Applications may not reside with a single cloud vendor & two vendors may have applications that do inot cooperate with each other. y v a) JAAS Characteristics 1) Web access to resources 2) Centralized Management 3) Elasticity & Dynamic 4) Shared infrastructure 5) Metered Services Instances aywaas 3) DBAS 2)staas —|4) DTAAS b) PAAS ©) SAAS. jaytaas 3) BAAS. 2) APLAAS customer applies forcredit cadena enmcareate: facitythrough Internet Pg) rc documents are cardfacitythrough | 9} yc documentsare bankingforanch. updated/ uploaded. Internet banking/branch, updated / uploaded. RM basisthe customer KYCDocuments of the RM basis the customer request, RM basis the Customer KYCdocuments of the RM basisthe Cust. : request, proceeds CASA applcantaresignedby |__|) sendsthe CASA application for request, proceeds the applicantare signed by oud ee ae applicatonafterkvc [| thecustomer@ sharedto along with the facies creditcard applcationtor |} thecustomerandshared [) sehen aa documents areshared. thebank, approval. tothe bank. ne La e Riskteamassessesthe Risk Team ansessasthe customers background Dicision made by credit / customersbackgound/ Dicision made by credit / . credblty&alowthe [>] nskteam, [>] _leetapoteedon credbltyandalotthe [7%] Rakteam. [)—_elstapleation lis & facies. limits, Approved Applicaton Approved Applicaton On confrmationof the Risk Customer makes use of facies ‘The Creit Card dsbursement ‘twam,CASAaccourtisopened Jp} alloted with his CASA Account basis team would dsburse the in the customer account. the isk Approval, credit cardtothe customer.CORE BANKING SYSTEMS (Chart 5.56) Dei a) Homeloan PSU SU Re 1) Core areas of Treasury Operations a) Dealing Room Operations (Front office operations) lb) Process Flow of Sle - Authorization process of Credit Card soc dain ecto | (suse tartan Comat ecto ie nein |i [sas a & te st cao = Sit €] leans for Under Construction Property |b) Midale Office (Market Risk department / Product Control Group] a) Loans are provided by lender whichis 8 financial institution, There are 2 types of lor morgage & relationship manager] loan ofcer explains customer about home loan .Custemertofiloan appiation & ee eport to operations eam, |provide requisite KYC documents. on sno Jwhich ental al detalls ofan le Loan officer reviews loan application & sends to Cred risk team who will calculate financial obligation income ratio. aiong with customer documents detals re sent to underwriting team for pproval. lh) Customer agree toloen [to lender operations team 4) Underwriter will ensure that loan provided i within lending guidelines & at [this stage provide conditional approval along with list of documents required fund & prepare a cashier order |) Post disbursement of oan |e) As per property selected by customer, loan officer wil provide property details serving activity by visting the slong with requite document tothe lea] branch or vie enine mode & valuation team. amendments J) Further verification of property to determine whether property fs bullt loan widely offered to customer firsts |las per approved pan, builder has lined rate mortgage seconds variable/ _||receved requisite certificates, age of Hating rate morgage. building to determine whether will withstand loan tenure, constuction b)Bowower/Customer approaches bank luaity |) Legal & valuation team will send agreement whichis offered by signing oer eter. Loan officer will notarize allloan document & are send back I) Once signed offer letter i received operations team release or disburse Jeustomer can cary out various loan cd) Back office, 1) Process flow for Bank Treasury Operations fro fice Leda Vode iin agen, FrisiigeCORE BANKING SYSTEMS (Chart 5.57) s Core Business Flow & Relevant Risks and Controls Classification of Credit Facilities: [Customer is provided internet banking facility, which would include: a) Fund Gosed Credit Fecities 1b) Non-Fund Based Credit Facies a} Password change e) Stop payment lb) Balance inquiry In Copy of statement of account = — a |e) Fund transfer |e) ATMY/ Credit Card related oe Jd) Request for cheque book _| queries Sooner | t at Bae See fe} Most of e-Commerce transections involve advance payment either a lhrough a credit or debit card isued by @ bank i |b) flow of transaction when a customer buys online from vendor's e- —t commerce website.:- as Payment cnn ee 2 I a i a we z a pen 2 cs oe i Gee) ese) | rat i fen ee Ge Pe Se ee a : L_J z cae | ssi —_ 9 ds ered hau 4 ais aa is ‘oeatn Didysewent boa] — ovis a Bank 3 stages of Money Laundering it integration [+ Anti-Money laundering (ANIL) lusing Technology [> Financing of TerroriemCORE BANKING SYSTEMS (Chart 5.59) Ce ee a ee ee Credit Ure setupis a) Credit Line setup is unauthorized |e Incorrect customer le) Unauthorized secures |e) Credit Une setup isunauthorized |[o)Tansecion may not be |e) Timely execution & complete unauthorized &nat nine ||Rnotin ine with banks poey loan desis re —_||seupinsystoms suchas |/¬in in with banks poy. | [recorded completely or | procesing& avait of data wth banks ply jeri nesekip unshared |=Ptred which wil | ron ofcfBac ofc ||S/EREURSSEIPWRGUBRARERN Ore. Brelaredtems —||may not be ensred Sonera] |B otto with bane poy, eT" metas) /Anotnie wth bk |e core, | fTUanaaby of prenion in GBS is notin accordance ||.) Masters defined for customer are| FS processed. \) Masters defined for customer are eS [data backupsin event of a wih Pre-Diburement —||notinaccordonce wth Pe- |S RGSREEBSAIN| 2) Urouhaized notin acordancewith P|) mats tens maybe | ester can alors in [certcate, Disbursement Cette, lmountdsbured, _||confmatons are processed Oburcement Certfate, Jecordedorvatd tens may ||#desue sense info ic) Inaccurate interest / | |d) Cre Line setup ean be i Interest amount is _||d)Insuficient Securities _||dj Credit Line setup can be breached ||P inaccurately or le) Data may be lost & systems charge ing calculated in| reached, incotectycacusted & | aaableforSetlement | jnloandibursement sten/Cas. [neonate recorded, | ny act berecoversble in event ae le} accurate interest / charge being || =e le} Incomplete & inaccurate |/e)Lower rate of intrest/ Comm may [Timely & adequate technical] |°f* seious system far. This |i) UnautRerzed personnal caluloted in Creit Card system. || maura data flow between systems, | |be charged to customer, |Support may not be available [ease roca be approving CSAS Inaeiat eonliatins |) |angesmade tolown_| i fice and ar | Raunt antelmay bl [=> may not be exec, | TR, un lransaction in CBS. [peformed. Imaster data or availabe for setlements, | lunauthorized/inappropriate 4) User queries may not be Je) isccurate accounting ane le) Incorrect Nosto payments |e) Inaccurate interest / charge being | timely & adequately resolved | ij BSGkp ay Not be walabl) ens generated in BS proceed ckuatedn Loan dcr yt ert ae eet |2) Significant information | |d) Potential Loss of confidentiality, |g) Potential loss of |a) Interest may be incorrectly |f) Multiple liens in excess of ||) Failure to automate closure of resources maybe modified ||wvacbity &inteptyofdata& | |onfdentliy, eemputedlesdingtoincorect _|!depostvaue may resin _|[RE/ NRO acount on chang n inappropriately dilosed _||aytem ea inept xorg of income/ expencture._|lnabity recover oustanding | |esidence status my result in |without authorization, and/ [S]eeserennren eet eee jof data & system lo) ina EEE lin event of a default. |regulatory non-compliance & srt when ede tn er [Artmrtrnsctorst” leeappopas warty | tot et 2onen yack of management ae! =" acess stem and/or dt |lreventie measure fr lunes les 8/orloe ofrevene. | tonal over system EESssscea {ion commitmentto. | He mayest in x of Key server & IT syste e\Absenc of appropriate system | [parameter settings esutng | charges resigns of rctect infomation aes. |(Onideniliy ave & |p cage of envion- Neldotom meyreatinveton of | @unauthorted or lcaec_| een, epproprite inept of data & seem nena thes ike hat, Deen ehorges to setings. ery of charges, euking in et User accountability isnot ed, fe ood | Ea jestablished, if) Unauthorized viewing, mod- /d) Inappropriate reversal of charges ||h) Inappropriate set up of | naRRORBEG SVERIGE cation or copying of date and/or |! security breaches |esuiting in loss of revenue. Jeccounts resulting in voltion ||k incorrect classification and data aces lots & nathoized se, mofo or || may go undetee Faire ew apreprte charges uses es provoning of NPR, esukingin Imodification due tovius _ ||denial of sevice in system, area ene el nancial misstatement.