Patancheru,

Hyderabad - 502 324

Proposal for providing "Audit Log Review" Services

1. Background

1.1. International Crops Research Institute for the Semi-arid Tropics ("ICRISAT") is a
renowned global organization that works for the betterment of a wide range of communities
in the country. Based in Hyderabad, ICRISAT has been in existence for several decades.

1.2. ICRISAT has embraced information technology extensively to manage crop research and
associated support operations. As such, ICRISAT has implemented various computerised
systems and software applications that include in-house developed, customised software
and standard software solutions on a (SaaS) platform

1.3. Sun Systems is the financial application software system used at ICRISAT which is hosted
on-premise. This system was implemented during 2017-18 by and external party. Sun
Systems is used by Finance department and Purchase & Supplies department primarily for
Financial Accounting, Purchase & Supplies Operations and Stores Management.
Authentication to Sun Systems is enabled by user id and password. Users are created and
maintained by Information Systems Unit (!SU).

1.4. In addition to its Head Office at Hyderabad, India, ICRISAT has presence and operations at
locations outside India i.e., Kenya, Malawi, Zimbabwe, Mozambique, Ethiopia, Mali, Niger,
Nigeria. Sun Systems is used as the financial application at all these locations.

1.5. ICRISAT has implemented audit logs for key activities in Sun Systems as a control
measure. In order to improve the effectiveness of internal controls, management team is
keen to enhance the monitoring of these audit logs in Sun Systems.

1.6. It is in this context that ICRISAT is considering review of audit logs in Sun Systems, by
engaging specialists having the required competence and independence

2. Scope of Work
2.1 Provide "Audit Log Review" services to ICRISAT for their Sun Systems application. The
key activities for which audit log shall be reviewed are as follows:

Audit Logs in Scope Need Period3 Location4

1 Chart of Accounts
2 Account Balances
3 Ledger Setup Definition
4 Currency Periodic Rates Head Office
(Patancheru)
and Locations -
5 Journal Definition Kenya, Malawi,
01-Jan-2022 to
6 Address Master Log Review1 Zimbabwe,
llPage
 7 Analysis Codes Mozambique,
31-Dec-2022 Ethiopia, Mali,
8 Fixed Assets Creation
Niger, Nigeria,
9 Bank Details
EPF, and RPF.
10 Suppliers Master
11 User Creation
12 Sun Systems Application
Server
- Windows Server Log
Configuration Head Office
13 Sun Systems Database Server Point in time
Review2 (Patancheru)
Windows Server Log
14 Sun Systems Database Server
- MS-SQL Server Log

Notes:
1 Log Review will involve review of historical audit log for the given period.

2Configuration Review will involve checking the point-in-time configuration of log report
if the log is enabled or not enabled. A historical log review will not be performed where the
configuration is found to be enabled.

3Period of coverage will be calendar year 2022, which is also the financial year for

ICRISAT. Coverage depends upon the extent of log that is available for review in Sun
System. Where log is available only for part of the year, review will be performed for the
log available period and not the full year.

Locations where Sun Systems is implemented only will be in-scope.

4

21Page
71Page