Process Administration ERP Factory Finance Human Resource IT Infrastructure Logistics Purchase Sales Software dev.

Warehousing Audit Date 6/2/2010 6/2/2010 6/3/2010 6/4/2010 6/7/2010 6/7/2010 6/8/2010 6/9/2010 6/10/2010 6/14/2010 6/15/2010

Auditees Rakesh Kumar Pankaj K, Neha G Dipesh S, Raja P Surendranath Ritesh R, Meena M Abhijeet p, Pankaj K Ganesh K, Yogesh B Shatrughna P, Shailesh S Ganapathi, Raj Sandeep, Nirmala R Raja P, Vairavel M, Dipesh S Process Human Resource Purchase Sales Administration ERP IT Infrastructure Logistics Finance Software dev. Warehousing Factory

Chandan M

Auditors Sudhir K

Yogesh M

Auditors

Auditees

3 3.1 3.2 3.3 3.3.1 3.3.2 3.3.3 4 4.1 4.1.1 4.1.2 4.1.3

4.1.4 4.2 4.3 4.4 4.4.1 4.4.2 5 5.1 5.2 6 6.1 6.1.1

6.1.2

6.1.3 6.1.4 6.2 6.2.1 6.2.2

6.2.3 6.3 6.3.1

6.3.2 6.3.3 6.3.4 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.5 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.6.6 6.6.7 7 7.1 7.2 7.2.1 7.2.2 7.2.3 7.3 7.3.1 7.3.2 7.3.3 7.3.4 7.3.5 7.3.6 8 8.1 8.1.1 8.1.2 8.2 8.2.1 8.2.2 8.3 8.3.1 8.3.2 8.3.3 8.3.4 8.3.5 8.3.6 8.3.7

8.3.8 8.3.9 8.3.10 9 9.1 9.1.1 9.1.2 9.1.3 9.1.4 9.1.5 9.2 9.2.1 9.2.2 9.2.3 9.2.4 10 10.1 10.1.1 10.1.2 10.1.3 10.1.4 10.1.5 10.1.6 10.1.7 10.1.8 10.1.9

A management system with policies and framework to enable effective mngt. And implementation of services A Management representative supported by decision taking group with authority to define policies and enforce Policies, procedures, plans, processes and records should be documented and made avaialable for audit. These Competence, awareness andcompetence of the employee for the designated work. For this the mngt should define Management should ensure training competence for the role. Ensure that the personnel is aware of the criticality and importance of the position and how the position will contribute Identify the competency and skill level of the employee. Planning for training considering Professional development. to quality. existing requirements, future skill requirements and considering staff turnover.(Training can be courses, self study, mentoring and on job training). Individual professional and skill records should be maintained in chronological order An appropriate mix of short term and permanent recruits, with optimum mix of new with skilled staff. Also consider Plan Service management Plan implementation and delivery of service mngt Scope of the service management defined for org, location and the service rendered. A service management plan detailing implementation, delivery, changes, improvements and new services. Service management plan should be triggered by events such as service improvements, changes, standardizing infrastructure, regulatory & legislation changes, regulation resource, facilities and budgets necessary, framework of Contents of the plan. Scope, objectives and requirements, or deregulation of industry, mergers and acquisition. mngt responsibility and the process owners, interface bet'n processes. Approach to managing risks, resource allocation in terms of funds, skills and manpower. approach to change in plan, audit plans for quality control, processes and the tools to support the process. Implementing service management and providing services Monitor, measure and review the service management objectives and plans are achieved. For eg. Targets, resoure Continual improvement. Policy: Should drive the effort to make the services more effective and efficient. Awareness about the policy is a Planning for improvements: Initially define baseline for service quality and levels. With Data compare improvements Planning and implementing new or changed services Topics: Budgets, Manpower, existing service levels, SLAs / targets / service commitments, service mngt processes, Change management: Plans for recruitment, relocation, user training, communicating changes, changes in Service delivery process Service level management Service catalogue : Name of the service, targets, contact points, service hours / exceptions, on Customers business level agreements: Authorized by senior customer rep. SLA should be defined based security arrangements. needs and budget. SLAs should include appropriate subset of targets to focus attention. Min. content: Brief description, validity period / change control, authorization, communication including reporting, emergency team communication map, Service hours, scheduled and agreed interrruptions with notice details, customer responsibility, our liability and obligations, impact and priority, escalation and notification, complaints, service targets, workload limits, high level financial mngt, actionsthecase of service interruption, housekeeping procedures, glossary terms, Service level management: changes to in system due to growth, reorganization and mergers and changing customer requirements should be flexibly accomodated in the system. The process should manage and coordinate contributors of SLA i.e. agreement of service req. and workloads, service targets, measurement and reporting of service, reasons for targets not been achieved, Corrective actions and input for improving the service. Supporting service agreements : service dependency on delivered services should be documented and agreed with Servicerequirements for service reporting should bereliable,and recorded for customers and internal management. It Policy: reporting is done to produce agreed timely, agreed accurate reports for informed decision making and encompasses all measurable aspects of service, both current and historical analysis. These reports also apply to subcontractors and suppliers. Reports reports is tothe contract structure. Purpose and quality checks on service cascade on ensure timely, clear, reliable and concise reporting. Reports of both reactive as well as proactive nature shall be produced. Planned scheduled shall also be communicated in form of reports Service reports shall cover performance against Service level targets, Non-compliance, workload characteristics and volume information e.g incidents, problems, changes and tasks, classification, location, customer, seasonal trends, mix of priorities, number of requests for help. Performance reportingv following major events. Periodwise trend information. REporting on information from each process or functions. Reports to highlight future and scheduled Service continuity and available management helps to ensure agreed services continue to be provided in all Service continuity and availability requirements are assessed on the basis of customers business priorities, SLA and risk assessment. Sufficient Service capability needs to be maintianed with workable plans.

Service availability management should monitor and record avaialbility of service, maintain historical data, comparision with SLA to identify SLAs, and predict future avaialability and potential issues. Service continuity strategyplannedwith the customer on max permissible downtime, degraded and system shall be shared and tested for consistency, eg. Dependencies bet'n service service, RTO,RPO and components. Authority to invoke the plan. Backup of data, documenta and software, and any staff necessary for service restoration are quickly available following a major service failure or disaster. A minimal DR to be maintained. Budgeting and accounting for the cost of service provision Definition of what is chargeable and consideration cost types to be accounted, understood by the Service team and Fianancial management shal take in what is not should be clearly defined and breakups of overhead costs e.g. flat rate, fixed %age, based on size of the variable elements, divisions in the customer's business, rules governing the handling ofshould take into account variations, to service level management. Budgeting variances against budget and links planned changes exceeding budgeted funds. Also consider seasonal variations. Budget and cost tracking should support planning to operate and change the services sot ath SLA's are maintained throughout. Accounting process should be able to demonstrate over and under to meet the currentand understand cost of low Capacity management ensures that at all times, sufficient capacity spending/recovery and future agreed demands fo customer's business needs. A capacity plan documenting the actual performance of the infrastructure and the expected requirements should be produced at suitable frequencies. Information security management Information security is the result of a system of policies and procedures designed to identify, control and protect Asset classification security risk assessment risk to information assets. security and availability of information Controls and their application shall be managed by a personnel trained in the information security aspect. Documents and records shall be maintained relating to information security management system. Relationship Processes General Business relationship management Service reviews Service compliants Customer satisfaction measurements Supplier management Introduction Contract Management Service definition Managing mutiple suppliers Contractual disputes management Contract end Resolution processes Background Setting priorities workarounds incident management general Major incidents Problem management Scope of problem management Initiation of problem management Known errors Problem resolution Communication Tracking and escalation Incident and problem record closure

Problem reviews Topics of reviews Problem prevention Control processes Configuration management Configuration management planning and implementation Configuration identification configuration control Configuration status accounting and reporting Configuration verification and audit Change management Planning and implmentation Closing and reviewing the change request Emergency changes Change management reporting, analysis and actions Release process Release management process General Release policy Release and rollout planning Developing or acquiring software Design, build and configure release Release verification and acceptance Documentation Rollout, distribution and installation Post release and rollout