B. What is data mining?
Data mining is becoming strategically important area for many business organizations including banking sector. It is a process of analyzing the data from various perspectives and summarizing it into valuable information. Data mining assists the banks to look for hidden pattern in a group and discover unknown relationship in the data.
HOW DATA MINING WORKS?
HOW DATA MINING WORKS?
1. Business Understanding: The objectives and problems of business are determined and converted to data mining problem. A preliminary plan is prepared.
2. Understanding the data: The data is collected initially. Information in relation to structure, quality and subset of data are found out.
3. Data Preparation: Final data set is constructed. After sorting and arranging the data and removing unwanted data, the modeling tools are directly applied on final data set.
4. Modeling: There are various modeling techniques like decision trees, rule induction, case base reasoning, visualization techniques, nearest neighbor technique, clustering algorithms etc. Best suited modeling technique is selected Models are combined with different parameters They are compared and ranked for validity and accuracy.
5. Evaluation: Models and steps in modeling are verified with business goals.
6. Deployment: Depending on the assessment and process review, a report is prepared or new data mining project is again set up.
APPLICATION OF DATA MINING IN BANKING SECTOR
- Marketing:
Data mining carry various analyses on collected data to determine the consumer behavior with reference to product, price and distribution channel. The reaction of the customers for the existing and new products can also be known based on which banks will try to promote the product, improve quality of products and service and gain competitive advantage. Bank analysts can also analyze the past trends, determine the present demand and forecast the customer behavior of various products and services in order to grab more business opportunities and anticipate behavior patterns. Data mining technique also helps to identify profitable customers from non-profitable ones.
Another major area of development in banking is Cross selling i.e. banks makes an attractive offer to its customer by asking them to buy additional product or service. For example, Home loan with insurance facilities and so on. With the help of data mining technique, banks are able to analyze which products and service are availed by most of the customers in cross selling and which type of consumers prefer to purchase cross selling products and so on.
- Risk Management:
Banks provide loan to its customers by verifying the various details relating to the loan such as amount of loan, lending rate, repayment period, type of property mortgaged, demography, income and credit history of the borrower. Customers with bank for longer periods, with high income groups are likely to get loans very easily. Even though, banks are cautious while providing loan, there are chances for loan defaults by customers. Data mining technique helps to distinguish borrowers who repay loans promptly from those who don't. It also helps to predict when the borrower is at default, whether providing loan to a particular customer will result in bad loans etc.
Bank executives by using Data mining technique can also analyze the behavior and reliability of the customers while selling credit cards too.It also helps to analyze whether the customer will make prompt or delay payment if the credit cards are sold to them.
- Fraud detection:
Sometimes the given demographics and transaction history of the customers are likely to defraud the bank. Data mining technique helps to analyze such patterns and transactions that lead to fraud.
- Customer Retention:
Today in this competitive environment, customers have wide range of products and services provided by different banks. Hence, banks have to cater the needs of the customer by providing such products and services which they prefer. This will result in customer loyalty and customer retention.
Data mining techniques helps to analyze the customers who are loyal from those who shift to other banks for better services. If the customer is shifting from his bank to another, reasons for such shifting and the last transaction performed before shifting can be known which will help the banks to perform better and retain its customers.
Conclusion:
Data mining techniques help companies particularly banking, telecommunication, insurance and retail marketing to build accurate customer profile based on customer behavior.Thus,it is becoming a necessity in this competitive environment to analyze the data from data warehouse containing hundreds of gigabytes or terabytes of data.
C. What is PERT? How it is useful in project Management!
INTRODUCTION
· Complex projects require a series of activities, some of which must be performed sequentially and others that can be performed in parallel with other activities. This collection of series and parallel tasks can be modeled as a network.
· In 1957 the Critical Path Method (CPM) was developed as a network model for project management. CPM is a deterministic method that uses a fixed time estimate for each activity. While CPM is easy to understand and use, it does not consider the time variations that can have a great impact on the completion time of a complex project.
· The Program Evaluation and Review Technique (PERT) is a network model that allows for randomness in activity completion times. PERT was developed in the late 1950's for the U.S. Navy's Polaris project having thousands of contractors. It has the potential to reduce both the time and cost required to complete a project.
The Network Diagram
· In a project, an activity is a task that must be performed and an event is a milestone marking the completion of one or more activities. Before an activity can begin, all of its predecessor activities must be completed. Project network models represent activities and milestones by arcs and nodes. PERT originally was an activity on arc network, in which the activities are represented on the lines and milestones on the nodes. Over time, some people began to use PERT as an activity on node network. For this discussion, we will use the original form of activity on arc.
· The PERT chart may have multiple pages with many sub-tasks. The following is a very simple example of a PERT diagram:
· The milestones generally are numbered so that the ending node of an activity has a higher number than the beginning node. Incrementing the numbers by 10 allows for new ones to be inserted without modifying the numbering of the entire diagram. The activities in the above diagram are labeled with letters along with the expected time required to complete the activity.
Steps in the PERT Planning Process
PERT planning involves the following steps:1) Identify Activities and Milestones
The activities are the tasks required to complete the project. The milestones are the events marking the beginning and end of one or more activities. It is helpful to list the tasks in a table that in later steps can be expanded to include information on sequence and duration.
2) Determine Activity Sequence
This step may be combined with the activity identification step since the activity sequence is evident for some tasks. Other tasks may require more analysis to determine the exact order in which they must be performed.
3) Construct the Network Diagram
Using the activity sequence information, a network diagram can be drawn showing the sequence of the serial and parallel activities. For the original activity-on-arc model, the activities are depicted by arrowed lines and milestones are depicted by circles or "bubbles".
If done manually, several drafts may be required to correctly portray the relationships among activities. Software packages simplify this step by automatically converting tabular activity information into a network diagram.
4) Estimate Activity Times
Weeks are a commonly used unit of time for activity completion, but any consistent unit of time can be used.A distinguishing feature of PERT is its ability to deal with uncertainty in activity completion times. For each activity, the model usually includes three time estimates:
· Optimistic time - generally the shortest time in which the activity can be completed. It is common practice to specify optimistic times to be three standard deviations from the mean so that there is approximately a 1% chance that the activity will be completed within the optimistic time.
· Most likely time - the completion time having the highest probability. Note that this time is different from the expected time.
· Pessimistic time - the longest time that an activity might require. Three standard deviations from the mean is commonly used for the pessimistic time.
PERT assumes a beta probability distribution for the time estimates. For a beta distribution, the expected time for each activity can be approximated using the following weighted average:Expected time = ( Optimistic + 4 x Most likely + Pessimistic ) / 6
This expected time may be displayed on the network diagram.To calculate the variance for each activity completion time, if three standard deviation times were selected for the optimistic and pessimistic times, then there are six standard deviations between them, so the variance is given by:
[ ( Pessimistic - Optimistic ) / 6 ]2
5. Determine the Critical Path
The critical path is determined by adding the times for the activities in each sequence and determining the longest path in the project. The critical path determines the total calendar time required for the project. If activities outside the critical path speed up or slow down (within limits), the total project time does not change. The amount of time that a non-critical path activity can be delayed without delaying the project is referred to as slack time.If the critical path is not immediately obvious, it may be helpful to determine the following four quantities for each activity:
- ES - Earliest Start time
- EF - Earliest Finish time
- LS - Latest Start time
- LF - Latest Finish time
The variance in the project completion time can be calculated by summing the variances in the completion times of the activities in the critical path. Given this variance, one can calculate the probability that the project will be completed by a certain date assuming a normal probability distribution for the critical path. The normal distribution assumption holds if the number of activities in the path is large enough for the central limit theorem to be applied.
Since the critical path determines the completion date of the project, the project can be accelerated by adding the resources required to decrease the time for the activities in the critical path. Such a shortening of the project sometimes is referred to as project crashing.
6. Update as Project Progresses
Make adjustments in the PERT chart as the project progresses. As the project unfolds, the estimated times can be replaced with actual times. In cases where there are delays, additional resources may be needed to stay on schedule and the PERT chart may be modified to reflect the new situation.· Before seeing the tips let us get to know what is banking software. The banking software are made for the purpose of easing the transaction processes and account maintenance. Banking software differs based on the factor for whom it is made; to the bank or customers. The functionality of the software varies with respect to the fact whether it is for bank or customer.
· These banking softwares are becoming increasingly popular. First let us look at the buying tips for banking software for individuals or customers. The basic function of individual banking software is to keep a track on banking activities of the individual. So the banking software of the individual is something like the electronic passbook of the individual.
· The bank software is designed such that it can manage many numbers of accounts and transactions that happens at various banks. This is because a customer may have accounts in many banks and so the software helps simultaneous record maintenance. All the members of a family can use the software with different log in details and so single software may meet your whole family needs. It is recommended to buy a banking software which has lot of facilities and combines most of the banking features.
· Now let us discuss the buying tips of banking software for banks. In present world every bank is computerized. Each day a bank faces lots of transactions and maintaining track on those transactions is made easy by the use of computers. The banking software designed for banks should have more features than the software designed for individuals.
· The banking software used in banks should be intelligent and mathematically strong. There must be certain automations in the software which on regular basis should calculate the interest, etc. based on the type of account which the customer holds. The different accounts and transactions done by the customer should be clubbed in the banking software used at banks. The software must e able to handle multi-tasking capabilities of banks like insurance, mutual funds, etc. Also, the software must facilitate the online banking and should be linked with the ATMs. There should be link between various branches of banks also.
· Some of the banking software comes with inbuilt Customer Relationship Module or Management. There are plenty of tailor-made banking softwares available in market. Buying readymade softwares mean that banks should be careful and check the software for each and every feature needed. Very importantly, the capacity or volume of transactions that the software can hold should be checked.
· The tailor-made software may suit the small banks where big banks should go in for developing their own software. The own software can be developed by outsourcing the work to some software developing company.
· Banking software is a sort of a vague term, actually. This is because there are a variety of banking softwares available in the market. The only difference is who they are made for – that is – their targeted user base. Thus, it is evident that this will change all the dynamics of the software.
· There would therefore be 2 types of banking software, one for individual users, and the other for banks themselves to use. And of course, one must not forget online banking software, which is becoming increasingly popular. So let us look at the various basic features which banking softwares must ideally have, depending upon the user type.
· Banking software designed for individuals are designed primarily for keeping a record of the banking transactions of that individual. It is more or less like a bank passbook, but it’s on the computer. And most of all, it can keep records for several different bank accounts at one time.
· Some of these softwares are often able to provide the same facilities for different users in the same household. It therefore makes sense to buy a banking software which provides this feature, especially if your family is going to be keeping a track of their records as well.
· There might be banking softwares which may also be available with portfolio management softwares as a combination. This feature can be useful if you also have a varied stocks and bonds portfolio which you would also like to track.
Some of these softwares are often compatible with the online or e-banking interfaces of different banks. Therefore, all one has to do is log in to the bank account via the software and then synchronize the transactions to get the latest up-to-date bank balance and transaction history.
C. Distinguish between MICR & OCR.
MICR vs OCR
MICR and OCR are technologies increasingly being used in businesses these days. While OCR is Optical Character recognition, MICR stands for Magnetic Ink Character recognition. Though these techniques have similarities there are difference and specific uses that will be discussed in this article to help people differentiate between these two technologies.
MICR
MICR or My-ker as it is popularly known as is used in the banking industry in many countries of the world to ensure authenticity of a check or a demand draft using simple and inexpensive machines. The bottom line on these MICR checks is printed using a special magnetic ink. It is this ink that allows the information written on the check to be authenticated through machines. This facilitates processing of a huge number of checks in a single day which is otherwise very tedious. MICR typeface has only 14 characters in it including 0-9 and four special symbols that indicate Transit, Amount, on/us, and dash. As MICR is limited to only 14 characters, it is not possible to print an entire check using this special magnetic ink.
OCR
OCR allows a machine to automatically recognize characters using an optical mechanism. Most of the OCR systems recognize numbers only and very few of them can understand the full alphanumeric range. OCR is used to enter data automatically into a computer for processing. OCR was initially used to decipher petroleum credit card sales drafts. This application allows recognition of the purchaser with the help of the credit card account number. Any standard form or document with repetitive variable data is easily read using OCR technology.
D. What are the types of large value funds transfer system?
INTRODUCTION
LVTS is Canada’s new electronic settlement system designed to facilitate same day settlement of Canadian dollar payments in Canada. Initially, it is being used to settle Canadian dollar wire payment transactions of any dollar amount. Settlement of other payment types may migrate to LVTS in the future.
LVTS is owned and operated by the Canadian Payments Association (CPA) and its development was initiated by the Bank of Canada and the federal Department of Finance (the CPA’s ultimate regulatory authority).
LVTS was developed to:
· Enhance Canada’s international reputation
LVTS was developed to enhance Canada’s international reputation and global competitive position by providing an electronic payment system that offers certainty of settlement and finality of payment on a same day basis.
Most of the G10 countries have (or are in the process of implementing) similar risk proofed settlement systems. With LVTS, the international community will have more confidence in dealing with the Canadian payment system when conducting international business transactions
· Reduce systemic risk
Previously, wire payments were settled via the Automated Clearing and Settlement System (ACSS) on a next day basis, back-dated to the previous day. In the event that a financial institution was unable to settle wires sent the previous day, those wires could have been unwound. In addition, the failure of one institution to meet its settlement obligations could have caused another institution to fail. This is referred to as "systemic risk".
LVTS removes systemic risk as all accepted LVTS payments are backed by collateral pledged to the Bank of Canada and the Bank of Canada guarantees settlement of LVTS payments. In the event of the failure of an institution, the collateral would be used to cover that institution’s settlement obligations and the Bank of Canada guarantees any shortfall. Settlement is therefore guaranteed and occurs on a same day basis.
Under LVTS rules, LVTS payments will become final and irrevocable when they pass LVTS risk control tests. A payment processed through LVTS is assigned a Payment Confirmation Reference Number (PCRN) which indicates that the payment has passed all LVTS risk control tests and is considered final and irrevocable.
· Other settlement streams vs. LVTS
While wire payments are settled under LVTS, the remaining payments such as cheques, drafts, foreign exchange wire payments, pre-authorized debits, Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT), continue to be settled via ACSS on a next day basis.
The CPA’s long term goal is to move as many large value and time sensitive payments as possible from paper to LVTS. The move to LVTS is very important as it will ensure that the majority of the value of payments exchanged within Canada during any business day will benefit from the risk proofing benefits of LVTS.
The benefits of LVTS
· system is secure and allows for same day settlement and availability of funds
· LVTS payments which pass all risk controls tests will result in funds which are guaranteed, considered final and irrevocable
· LVTS payments are assigned a Payment Confirmation Reference Number (PCRN), which provides indisputable proof of receipt of payment by your financial institution
Q.3 A. Describe e – commerce Architecture?
· E-Commerce is doing business using electronic tools and related processes. There is no packaged solution to any company. The challenge in putting together processes and E(electronic) tools is understanding and using the optimal combination of e-tools to do business with business partners and customers so that they are connected to business relationship managers in a continuous, instantaneous, and productive exchange of information. It is the vehicle, not the end result.
· It is one important part of the total infrastructure for customer interactions. In a matured E-COMMERCE environment, today’s hot e-tools may become a mismatch but the fundamental requirement of servicing the business relationship and being the master of the required strategy will stay the same.
· As tools, email and web pages will help resolve E-commerce architectural problems for some company. However, the business problems for the internal consistency of E-Commerce architecture is about productive and instantaneous exchange of information among consumers, business partners, and business relationship managers, with the business strategy of ‘Right communication and Right Relationship with the Right Partners and Right Consumers, using the Right Combination of E-Tools’
· The end result of E-COMMERCE is successful practices of business rules. It is a business advantage to reduce the cost of creating and maintaining individualized customer and business partner relationships, and possessing significant competitive advantage, by significantly creating value.
· Business rules, are relationship rules, which are directly connected to the profitability of a corporation. Some of the important business rules any corporation should have are to achieve profitability with a certain margin, know the high responsive customers vs low responsive customers, rank the current customers by the ROI, optimize assignment of channels of communication using ROI of each customer who has relationship with us, find 20% of the business partners who bring in 80% of the revenue.
· The tools are Web portals, email services, teleservices, marketing literature, and wireless communication. A particular combination of these tools with certain intensity gives raise to a specific solution for an organization.
· Every technological revolution promised the same, but for the first time, we have a technology, which is easy to use, facilitates exchange of information among customers, business partners and business relationship managers, from anywhere, any time, for fulfillment of the products and/or services.
· The footprints of communication are self-documented in the clearest possible way. The content and delivery of information among customers, partners and the business managers of a corporation, is truly at ‘Light Speed’.
· There are no packaged software solutions to any company, though there is some commonality among these solutions. Every company will have its own optimized configuration of these commonality forms.
· There are four components, which is a precursor for running best in class E-COMMERCE infrastructure.
- Best practices in data management which includes data capture, data access and data integrity for identifying, creating, and maintaining productive relationships with consumers, business partners, and employees
- Best practices in analytical capability which means not only ability to rank customers and partners on any given business metrics but also ability to rank certain business rules(business metrics) in order of importance based on data.
- Best in breed business relationship managers.
· Best in class communication tools for web portals, tele services, marketing literature, and wireless communications.
· While these tools are available in its own merit, the emergence of E-COMMERCE technology means bringing them together to organize, facilitate and fulfill the business rules in the most efficient way. Automation in the integration of these tools for information exchange is the fuel for Inter Action engine.
· Instantaneous exchange of information to solve problems, and hence the relationship facilitation is the value that every customer and business partner ultimately wants to be assured and serviced with. The reduced cost and the well being for the patients due to compliance and the proper usage of the product and services is the value generated.
B. What are the Benefits of e – billing?
Electronic billing is the electronic delivery of invoices (bills) and related information by a company to its customers. Electronic billing is referred to by a variety of terms, including the following: EBPP — electronic bill presentment & payment (typically focused on business-to-consumer billing and payment), EIPP — electronic invoice presentment and payment (typically focused on business-to-business billing and payment),"e-billing, e-invoicing, electronic invoicing, e-Payables, e-Invoice
While there are current efforts to standardize systems for electronic billing and invoicing, there is currently a wide variety of options for businesses and consumers. Most fall into one of two categories: CSPs (customer service providers) which allow a business to invoice clients electronically, bank aggregators, which allow consumers to pay multiple bills, typically through their bank
Increasing acceptance of e-billing by consumers and the business community (according to Kiplinger magazine, 77% of business owners now favor electronic billing),as well as increased concern for security and the environment, is speeding up the shift to electronic billing from paper billing.
Students and designated third parties can view their bill from a secure site - from any location worldwide, day or night...
24/7 available access - e-billing offers a fast and efficient way to view student account charges. Students and authorized payers can log on any time of the day or night to view the account and pay online.
Now with E-billing - parents and/or authorized payers can also have the convenience of viewing their son/daughter's billing detail online. If a student provides permission, the e-bill system will allow parents/authorized users to create their own login/password.
From the CASHNet system, students will invite who they want to receive the bill, by entering their parents/authorized users' e-mail address.
· Parents/authorized users will receive an e-mail with instructions on how to set up their own individual e-bill profile - with a personal login and password.
· Once signed-up, parents/authorized payers will be e-mailed each time a billing statement is available.
BENEFITS OF E-BILLING
a) Students/Parents/Authorized Payers Can
View a student's tuition bill online, Pay tuition bills automatically with an Electronic Check or Credit Card, View Current Account information real-time, Track 12 months of previous statements online, Print a copy of the billing statement, Save a copy of the billing statement to their computer
b) Private and Secure
Your e-bill cannot become lost or stolen. Billing notification that is sent to the student via mail is not always secure. Obtaining an e-bill requires a student ID number and PIN. The e-bill can also be sent to other authorized payers that the student designates by providing inviting them to set up an account in the CASH Net system
c) Easier to Track Past Activity
It can be tedious to track past paper statements. The new system allows 12 months of previous statements to be viewed online.
d) Enhances Online Services and Communication
E-mail and web-based services have become primary ways of communicating on campus and throughout the world. In addition, several University applications and processes, such as grades and registration, are already paperless or electronic. Electronic billing continues this initiative and the web culture that students have become accustomed to.
e) Environmentally Friendly
Electronic billing allows both the university and electronic bill recipient to reduce paper usage, which is friendly to the environment and the conservation of our nation's forests.
D. What are the hardware requirements for LAN setup?
Wake-on-LAN (WOL) is an Ethernet computer networking standard that allows a computer to be turned on or woken up by a network message.
The message is usually sent by a program executed on another computer on the same local area network. It is also possible to initiate the message from another network by using Subnet directed broadcasts or a WOL gateway service. Equivalent terms include Wake on WAN, Remote Wake-up, Power on by LAN, Power up by LAN, Resume by LAN, Resume on LAN, Wake up on LAN. In case the computer being woken is communicating via Wi-Fi, a supplementary standard called Wake on Wireless LAN (WoWLAN) must be employed. The WOL and WoWLAN standards are often supplemented by vendors to provide protocol-transparent on-demand services, for example in the Apple Bonjour wake-on-demand feature.
Hardware Requirement
Wake-on-LAN support is implemented on the motherboard (BIOS) of a computer and the network interface (firmware), and is consequently not dependent on the operating system (and NIC drivers) running on the hardware. Some operating systems can control Wake-on-LAN behaviour via hardware drivers. If the network interface is a plug-in card rather than being integrated into the motherboard, the card may need to be connected to the motherboard by an additional cable. Motherboards with an embedded Ethernet controller which supports Wake-on-LAN do not need a cable. The power supply must meet ATX 2.01 specifications.
Hardware implementations
Older motherboards must have a WAKEUP-LINK header onboard connected to the network card via a special 3-pin cable; however, systems supporting the PCI 2.2 standard and with a PCI 2.2 compliant network adapter card do not usually require a Wake-on-LAN cable as the required standby power is relayed through the PCI bus.
PCI version 2.2 supports PME (Power Management Events). PCI cards send and receive PME signals via the PCI socket directly, without the need for a Wake-on-LAN cable.[14]
Wake-on-LAN usually needs to be enabled in the Power Management section of a PC motherboard's BIOS setup utility, although on some systems, such as Apple computers, it is enabled by default. It may also be necessary to configure the computer to reserve power for the network card when the system is shut down.
In addition, in order to get Wake-on-LAN to work it is sometimes required to enable this feature on the interface card. Details of how to do this depend upon the operating system and the device driver.
Laptops powered by the Intel Centrino Processor Technology or newer[15] (with explicit BIOS support) allow waking up the machine using wireless Wake on Wireless LAN (WoWLAN).
In most modern PCs, ACPI is notified of the "waking up" and take control of the Power up. In ACPI, OSPM must record the "wake source" or the device that is causing the power-up. The device being the "Soft" power switch, the NIC (via Wake-on-LAN), the cover being opened, a temperature change, etc
The 3-pin WOL interface on the motherboard consist of pin-1 +5V DC (red), pin-2 Ground (black), pin-3 Wake signal (green or yellow). By supplying +5V DC to the pin-3 wake signal with +5V DC the computer will be triggered to power up provided WOL is enabled in the BIOS configuration.
The connector used is a 3 x 1 pin connector with a pitch spacing of 2 mm, like AMP - 173979-3.
Q.4 A. Explain TCP / IP Reference Model?
The OSI reference model consists of seven layers that represent a functional division of the tasks required to implement a network. It is a conceptual tool that I often use to show how various protocols and technologies fit together to implement networks. However, it's not the only networking model that attempts to divide tasks into layers and components. The TCP/IP protocol suite was in fact created before the OSI Reference Model; as such, its inventors didn't use the OSI model to explain TCP/IP architecture (even though the OSI model is often used in TCP/IP discussions today, as you will see in this Guide, believe me.)The TCP/IP Model
The developers of the TCP/IP protocol suite created their own architectural model to help describe its components and functions. This model goes by different names, including the TCP/IP model, the DARPA model (after the agency that was largely responsible for developing TCP/IP) and the DOD model(after the United States Department of Defense, the “D” in “DARPA”). I just call it the TCP/IP model since this seems the simplest designation for modern times.Regardless of the model you use to represent the function of a network—and regardless of what you call that model!—the functions that the model represents are pretty much the same. This means that the TCP/IP and the OSI models are really quite similar in nature even if they don't carve up the network functionality pie in precisely the same way. There is a fairly natural correspondence between the TCP/IP and OSI layers, it just isn't always a “one-to-one” relationship. Since the OSI model is used so widely, it is common to explain the TCP/IP architecture both in terms of the TCP/IP layers and the corresponding OSI layers, and that's what I will now do.
TCP/IP Model Layers
The TCP/IP model uses four layers that logically span the equivalent of the top six layers of the OSI reference model; this is shown in Figure 20. (The physical layer is not covered by the TCP/IP model because the data link layer is considered the point at which the interface occurs between the TCP/IP stack and the underlying networking hardware.) The following are the TCP/IP model layers, starting from the bottom.
The TCP/IP architectural model has four layers that approximately match six of the seven layers in the OSI Reference Model. The TCP/IP model does not address the physical layer, which is where hardware devices reside. The next three layers—network interface, internet and (host-to-host) transport—correspond to layers 2, 3 and 4 of the OSI model. The TCP/IP application layer conceptually “blurs” the top three OSI layers. It’s also worth noting that some people consider certain aspects of the OSI session layer to be arguably part of the TCP/IP host-to-host transport layer.
Network Interface Layer
On many TCP/IP networks, there is no TCP/IP protocol running at all on this layer, because it is simply not needed. For example, if you run TCP/IP over an Ethernet, then Ethernet handles layer two (and layer one) functions. However, the TCP/IP standards do define protocols for TCP/IP networks that do not have their own layer two implementation. These protocols, the Serial Line Internet Protocol (SLIP) and the Point-to-Point Protocol (PPP), serve to fill the gap between the network layer and the physical layer. They are commonly used to facilitate TCP/IP over direct serial line connections (such as dial-up telephone networking) and other technologies that operate directly at the physical layer.
Internet Layer
This layer corresponds to the network layer in the OSI Reference Model (and for that reason is sometimes called the network layer even in TCP/IP model discussions). It is responsible for typical layer three jobs, such as logical device addressing, data packaging, manipulation and delivery, and last but not least, routing. At this layer we find the Internet Protocol (IP), arguably the heart of TCP/IP, as well as support protocols such as ICMP and the routing protocols (RIP, OSFP, BGP, etc.) The new version of IP, called IP version 6, will be used for the Internet of the future and is of course also at this layer.
(Host-to-Host) Transport Layer
This primary job of this layer is to facilitate end-to-end communication over an internetwork. It is in charge of allowing logical connections to be made between devices to allow data to be sent either unreliably (with no guarantee that it gets there) or reliably (where the protocol keeps track of the data sent and received to make sure it arrives, and re-sends it if necessary). It is also here that identification of the specific source and destination application process is accomplishedThe formal name of this layer is often shortened to just the transport layer; the key TCP/IP protocols at this layer are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The TCP/IP transport layer corresponds to the layer of the same name in the OSI model (layer four) but includes certain elements that are arguably part of the OSI session layer. For example, TCP establishes a connection that can persist for a long period of time, which some people say makes a TCP connection more like a session.
Application Layer
This is the highest layer in the TCP/IP model. It is a rather broad layer, encompassing layers five through seven in the OSI model. While this seems to represent a loss of detail compared to the OSI model, I think this is probably a good thing! The TCP/IP model better reflects the “blurry” nature of the divisions between the functions of the higher layers in the OSI model, which in practical terms often seem rather arbitrary. It really is hard to separate some protocols in terms of which of layers five, six or seven they encompass. (I didn't even bother to try in this Guide which is why the higher-level protocols are all in the same chapter, while layers one through four have their protocols listed separately.)Numerous protocols reside at the application layer. These include application protocols such as HTTP, FTP and SMTP for providing end-user services, as well as administrative protocols like SNMP, DHCP and DNS.
B. Briefly describe ISDN Technology?
· Integrated Services Digital Network (ISDN) is a set of communications standards for simultaneous digital transmission of voice, video, data, and other network services over the traditional circuits of the public switched telephone network. It was first defined in 1988 in the CCITT red book.[1] Prior to ISDN, the phone system was viewed as a way to transport voice, with some special services available for data. The key feature of ISDN is that it integrates speech and data on the same lines, adding features that were not available in the classic telephone system. There are several kinds of access interfaces to ISDN defined as Basic Rate Interface (BRI), Primary Rate Interface (PRI) and Broadband ISDN (B-ISDN).
· ISDN is a circuit-switched telephone network system, which also provides access to packet switched networks, designed to allow digital transmission of voice and data over ordinarytelephone copper wires, resulting in potentially better voice quality than an analog phone can provide. It offers circuit-switched connections (for either voice or data), and packet-switched connections (for data), in increments of 64 kilobit/s. A major market application for ISDN in some countries is Internet access, where ISDN typically provides a maximum of 128 kbit/s in both upstream and downstream directions. Channel bonding can achieve a greater data rate; typically the ISDN B-channels of 3 or 4 BRIs (6 to 8 64 kbit/s channels) are bonded.
· ISDN should not be mistaken for its use with a specific protocol, such as Q.931 whereby ISDN is employed as the network, data-link and physical layers in the context of the OSI model. In a broad sense ISDN can be considered a suite of digital services existing on layers 1, 2, and 3 of the OSI model. ISDN is designed to provide access to voice and data services simultaneously.
· However, common use has reduced ISDN to be limited to Q.931 and related protocols, which are a set of protocols for establishing and breaking circuit switched connections, and for advanced call features for the user. They were introduced in 1986
· In a videoconference, ISDN provides simultaneous voice, video, and text transmission between individual desktop videoconferencing systems and group (room) videoconferencing systems.
· Integrated services refers to ISDN's ability to deliver at minimum two simultaneous connections, in any combination of data, voice, video, and fax, over a single line. Multiple devices can be attached to the line, and used as needed. That means an ISDN line can take care of most people's complete communications needs (apart from broadband Internet access and entertainment television) at a much higher transmission rate, without forcing the purchase of multiple analog phone lines. It also refers to Integrated Switching and Transmission[3] in thattelephone switching and carrier wave transmission are integrated rather than separate as in earlier technology.
· The entry level interface to ISDN is the Basic(s) Rate Interface (BRI), a 128 kbit/s service delivered over a pair of standard telephone copper wires. The 144 kbit/s payload rate is broken down into two 64 kbit/s bearer channels ('B' channels) and one 16 kbit/s signaling channel ('D' channel or delta channel). This is sometimes referred to as 2B+D.
· The other ISDN access available is the Primary Rate Interface (PRI), which is carried over an E1 (2048 kbit/s) in most parts of the world. An E1 is 30 'B' channels of 64 kbit/s, one 'D' channel of 64 kbit/s and a timing and alarm channel of 64 kbit/s.
· In North America PRI service is delivered on one or more T1 carriers (often referred to as 23B+D) of 1544 kbit/s (24 channels). A PRI has 23 'B' channels and 1 'D' channel for signalling (Japan uses a circuit called a J1, which is similar to a PRI). Inter-changeably but incorrectly, a PRI is referred to as T1 because it uses the T1 carrier format. A true T1 or commonly called 'Analog T1' to avoid confusion uses 24 channels of 64 Kbit/s of in band signaling. Each channel uses 56 kb for data and voice and 8 kb for signaling and messaging.
· PRI uses out of band signaling which provides the 23 B channels with clear 64 kb for voice and data and one 64 kb 'D' channel for signaling and messaging. In North America, Non-Facility Associated Signalling allows two or more PRIs to be controlled by a single D channel, and is sometimes called "23B+D + n*24B". D-channel backup allows for a second D channel in case the primary fails. NFAS is commonly used on a T3.
· PRI-ISDN is popular throughout the world, especially for connecting PBXs to PSTN. While the North American PSTN can use PRI or Analog T1 format from PBX to PBX, the POTS or BRI can be delivered to a business or residence. North American PSTN can connect from PBX to PBX via Analog T1, T3, PRI, OC3, etc.
· The bearer channel (B) is a standard 64 kbit/s voice channel of 8 bits sampled at 8 kHz with G.711 encoding. B-Channels can also be used to carry data, since they are nothing more than digital channels.
· Each one of these channels is known as a DS0. Most B channels can carry a 64 kbit/s signal, but some were limited to 56K because they traveled over RBS lines. This was commonplace in the 20th century, but has since become less so.
C. Explain the set up of an e – mail system?
· This guide will take you through the setup of a "hotmail" system, from start to completion. The process is broken down into nice bite size chunks, so you won't get technological indigestion. In addition, we have included an overview of the complete system and information on several NT and Unix utilities, which enable you to check that everything is running correctly once you have put it together.
· A hotmail system is a way for people to use email via the web.In order to provide a hotmail service, you need to setup a number of components which will work together. These include standard email services and web interfaces to them. You may also want to allow users to create their own accounts online. You may want to provide a number of domains or virtual domains.
· You may wish to allow other people to administer particular domains. This can all be provided by the NetWin suite of products. You may already have some components of the complete system, and may just want to add a web interface to them. Provided that they obey the relevant standards, this should also be possible.
First, let's review what your hotmail system needs to include:1. A Web Server of some kind, to run the web interface CGI applications and serve web pages. (CGI's = NetAuth, Cwmail, DMailWeb or WebMail)
2. A way to receive and send email from other systems, that is, an SMTP server. DSMTP is part of our DMail Mail Server.
3. A way to serve email to your users, that is, a POP server. DPOP is part of our DMail Mail Server.
4. A way for email from others to find your mail server on the internet. This requires a DNS (Domain Name Server). You need to setup records on an existing DNS or your own DNS. You will need A records, and MX (Mail Exchange) records.
5. A way to create email accounts, whether you let users create their own online through a web interface like NetAuth or do it yourself offline. You may want to use unix or NT username/passwords, or to use an email only database or an LDAP database. NetAuth can be configured to create any of these types of accounts.
6. A way for users to read and send email, i.e. a mail client program which operates via the web. CWMail / DMailWeb or WebMail are three such products. WebMail will normally be used.
7. A way to administer your system; NetAuth handles user account administration for system administrators, and specific domain administrators, so you can put control in your user's hands.
8. On the left is the outside world (the internet) and a domain name server. On the right, inside the large box, is everything in your machine or server. Normal access to web mail will be provided via your web server, although direct connections to the email services can also be made from a traditional email client. Inside your server you have a web server, two cgi's (CWMail and Netauth), POP and SMTP servers and a database of some type containing usernames and passwords.
Let's just follow through the sequence of events when someone in the outside world sends an email to someone on your hotmail system, and then gets a reply: John, on some other system, is going to send a message to Sue, who has an account on your web mail system:1. John creates a short message and addresses it to sue@yourplace.com and presses send on his email client.
2. His client software connects to his local SMTP server and gives it the message. It uses a DNS mail lookup in order to find out where email for yourplace.com should be sent. The DNS server gives his SMTP server the IP address of your machine. The two SMTP servers connect on port 25
3. Your SMTP server first checks that it has a user Sue. In order to do this, it checks the user database via and external authentication module. It then accepts the email for Sue and appends it to Sue's drop file.
4. Sue sits at her friend's computer, opens a browser and connects to http://yourplace.com/scripts/cwmail.exe Again, a DNS lookup is used to find your machine. Her web browser connects to your webserver on port 80. Your webserver starts up cwmail.exe as a subprocess, gives it the request and waits for it to return a web page in html.
5. CWMail provides a login page requesting username and password. This gets sent to the webserver and then through to the web browser. CWMail.exe then closes down.
6. Sue fills in her username and password and presses the login button. Again, this is sent to your webserver and then to cwmail.
7. CWMail connects to the POP server in order to verify account details and see if there is any new mail for her.
8. The POP server checks the user database to make sure password is correct and then checks for a drop file containing email messages which are passed to CWMail
9. CWMail passes them back to the web server, then to the web browser. Sue selects a message, reads the message and types a reply. (There are several interactions between the browser, the web server and the cgi to do this)
10. The reply is sent to CWMail which connects to your SMTP server and gives it the reply for John
11. Your SMTP server uses a DNS lookup in order to find out where John is, and sends the message to his SMTP server.
This description of a simple interchange between two people probably makes it clear that there are quite a number of components talking to each other on your behalf. In order for them to work properly, they all need setting up and need to be using the same authentication method and the same usernames etc. So now we need to look at how to install and/or setup each of these components:| Component | Options |
| DNS | External give them records to insert for you. Run your own, put your own records in. |
| Webserver | Apache, Peer Web Services, ... Lots of these. Many good free ones. |
| POP Server | DPOP...QPOP, other third party poppers |
| SMTP Server | DSMTP.... QMail, other third party smtp people. |
| WebMail Interface | CWMail, DMailWeb, WebMail, other third party systems |
| User/Password database | NT users, Unix users, Netwin's NWAuth, LDAP server, SQL database... |
D. What is a PKI?
· Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.[1] In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation.
· The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.
· Broadly speaking, there are three approaches to getting this trust: Certificate Authorities (CAs), Web of Trust (WoT), and Simple public key infrastructure (SPKI).
· The primary role of the CA is to publish the key bound to a given user. This is done using the CA's own key, so that trust in the user key relies on one's trust in the validity of the CA's key. The mechanism that binds keys to users is called the Registration Authority (RA), which may or may not be separate from the CA. The key-user binding is established, depending on the level of assurance the binding has, by software or under human supervision.
· The term trusted third party (TTP) may also be used for certificate authority (CA). Moreover, PKI is itself often used as a synonym for a CA implementation.
· This approach involves a server that acts as an online certificate authority within a single sign-on system. A single sign-on server will issue digital certificates into the client system, but never stores them. Users can execute programs, etc. with the temporary certificate. It is common to find this solution variety with x.509-based certificates
· An alternative approach to the problem of public authentication of public key information is the web of trust scheme, which uses self-signedcertificates and third party attestations of those certificates. The singular term Web of Trust does not imply the existence of a single web of trust, or common point of trust, but rather one of any number of potentially disjoint "webs of trust". Examples of implementations of this approach are PGP (Pretty Good Privacy) and GnuPG (an implementation of OpenPGP, the standardized specification of PGP).
· Because PGP and implementations allow the use of e-mail digital signatures for self-publication of public key information, it is relatively easy to implement one's own Web of Trust. One of the benefits of the Web of Trust, such as in PGP, is that it can interoperate with a PKI CA fully-trusted by all parties in a domain (such as an internal CA in a company) that is willing to guarantee certificates, as a trusted introducer.
· Only if the "web of trust" is completely trusted, and because of the nature of a web of trust, trusting one certificate is granting trust to all the certificates in that web. A PKI is only as valuable as the standards and practices that control the issuance of certificates and including PGP or a personally instituted web of trust could significantly degrade the trustability of that enterprise's or domain's implementation of PKI
· Another alternative, which however does not deal with public authentication of public key information, is the simple public key infrastructure(SPKI) that grew out of three independent efforts to overcome the complexities of X.509 and PGP's web of trust. SPKI does not associate users with persons, since the key is what is trusted, rather than the person. SPKI does not use any notion of trust, as the verifier is also the issuer. This is called an "authorization loop" in SPKI terminology, where authorization is integral to its design.
E. What are the functions of CA?
· In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes.
· Commercial CAs charge to issue certificates that will automatically be trusted by most web browsers (Mozilla maintains a list of at least 36 trusted root CAs, though multiple commercial CAs or their resellers may share the same trusted root).[1] The number of web browsers and other devices and applications that trust a particular certificate authority is referred to as ubiquity
· Aside from commercial CAs, some providers issue digital certificates to the public at no cost. Large institutions or government entities may have their own CAs.
· A CA issues digital certificates that contain a public key and the identity of the owner. The matching private key is not similarly made available publicly, but kept secret by the end user who generated the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates.
· CAs use a variety of standards and tests to do so. In essence, the Certificate Authority is responsible for saying "yes, this person is who they say they are, and we, the CA, verify that".
· If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to whoever is identified in the certificate.
· If the CA can be subverted, then the security of the entire system is lost for each user for whom the CA is attesting a link between a public key and an identity.
· For example, suppose an attacker, Eve, manages to get a CA to issue to her a certificate that claims to represent Alice. That is, the certificate would publicly state that it represents Alice, and might include other information about Alice. Some of the information about Alice, such as her employer name, might be true, increasing the certificate's credibility. Eve, however, would have the all-important private key associated with the certificate. Eve could then use the certificate to send digitally signed email to Bob, tricking Bob into believing that the email was from Alice. Bob might even respond with encrypted email, believing that it could only be read by Alice, when Eve is actually able to decrypt it using the private key.
· A notable case of CA subversion like this occurred in 2001, when the certificate authority VeriSign issued two certificates to a person claiming to represent Microsoft. The certificates have the name "Microsoft Corporation", so could be used to spoof someone into believing that updates to Microsoft software came from Microsoft when they actually did not. The fraud was detected in early 2001. Microsoft and VeriSign took steps to limit the impact of the problem
· The problem of assuring correctness of match between data and entity when the data are presented to the CA (perhaps over an electronic network), and when the credentials of the person/company/program asking for a certificate are likewise presented, is difficult. This is why commercial CAs often use a combination of authentication techniques including leveraging government bureaus, the payment infrastructure, third parties' databases and services, and custom heuristics. In some enterprise systems, local forms of authentication such asKerberos can be used to obtain a certificate which can in turn be used by external relying parties.
· Notaries are required in some cases to personally know the party whose signature is being notarized; this is a higher standard than is reached by many CAs. According to the American Bar Association outline on Online Transaction Management the primary points of US Federal and State statutes enacted regarding digital signatures has been to "prevent conflicting and overly burdensome local regulation and to establish that electronic writings satisfy the traditional requirements associated with paper documents." Further the US E-Sign statute and the suggested UETA code help ensure that:
- a signature, contract or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and
- A contract relating to such transaction may not be denied legal effect, validity or enforceability solely because an electronic signature or electronic record was used in its formation.
· In large-scale deployments, Alice may not be familiar with Bob's certificate authority (perhaps they each have a different CA server), so Bob's certificate may also include his CA's public key signed by a different CA2, which is presumably recognizable by Alice. This process typically leads to a hierarchy or mesh of CAs and CA certificates.
· Worldwide, the certificate authority business is fragmented, with national or regional providers dominating their home market. This is because many uses of digital certificates, such as for legally binding digital signatures, are linked to local law, regulations, and accreditation schemes for certificate authorities.
· However, the market for SSL certificates, a kind of certificate used for website security, is largely held by a small number of multinational companies. This market has significant barriers to entry since new providers must undergo annual security audits (such as WebTrust for Certification Authorities) to be included in the list of web browser trusted authorities.
· More than 50 root certificates are trusted in the most popular web browser versions. A 2009 market share report from Net Craft as of January of that year determined that VeriSign and its acquisitions (which include Thawte and Geotrust) have a 47.5% share of the certificate authority market, followed by GoDaddy (23.4%), and Comodo (15.44%).
F. Define cryptography, what is its use for a bank?
· Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards,computer passwords, and electronic commerce.
· Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it. Since WWI and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread.
· Modern cryptography follows a strongly scientific approach, and designs cryptographic algorithms around computational hardness assumptions, making such algorithms hard to break by an adversary. Such systems are not unbreakable in theory but it is infeasible to do so by any practical means. These schemes are therefore computationally secure. There exist information-theoretically secure schemes that provably cannot be broken—an example is the one-time pad--but these schemes are more difficult to implement than the theoretically breakable but computationally secure mechanisms.
· The development of digital computers and electronics after WWII made possible much more complex ciphers. Furthermore, computers allowed for the encryption of any kind of data representable in any binary format, unlike classical ciphers which only encrypted written language texts; this was new and significant. Computer use has thus supplanted linguistic cryptography, both for cipher design and cryptanalysis. Many computer ciphers can be characterized by their operation on binary bit sequences (sometimes in groups or blocks), unlike classical and mechanical schemes, which generally manipulate traditional characters (i.e., letters and digits) directly.
· However, computers have also assisted cryptanalysis, which has compensated to some extent for increased cipher complexity. Nonetheless, good modern ciphers have stayed ahead of cryptanalysis; it is typically the case that use of a quality cipher is very efficient (i.e., fast and requiring few resources, such as memory or CPU capability), while breaking it requires an effort many orders of magnitude larger, and vastly larger than that required for any classical cipher, making cryptanalysis so inefficient and impractical as to be effectively impossible. Alternate methods of attack (bribery, burglary, threat, torture) have become more attractive in consequence.
· Extensive open academic research into cryptography is relatively recent; it began only in the mid-1970s. In recent times, IBM personnel designed the algorithm that became the Federal (i.e., US) Data Encryption Standard; Whitfield Diffie and Martin Hellman published their key agreement algorithm and the RSA algorithm was published in Martin Gardner's Scientific American column.
· Since then, cryptography has become a widely used tool in communications, computer networks, and computer security generally. Some modern cryptographic techniques can only keep their keys secret if certain mathematical problems are intractable, such as the integer factorization or the discrete logarithm problems, so there are deep connections with abstract mathematics.
· There are no absolute proofs that a cryptographic technique is secure (but see one-time pad); at best, there are proofs that some techniques are secure if some computational problem is difficult to solve, or this or that assumption about implementation or practical use is met.
· As well as being aware of cryptographic history, cryptographic algorithm and system designers must also sensibly consider probable future developments while working on their designs. For instance, continuous improvements in computer processing power have increased the scope of brute-force attacks, thus when specifying key lengths, the required key lengths are similarly advancing. The potential effects of quantum computing are already being considered by some cryptographic system designers; the announced imminence of small implementations of these machines may be making the need for this preemptive caution rather more than merely speculative
· Essentially, prior to the early 20th century, cryptography was chiefly concerned with linguistic and lexicographic patterns. Since then the emphasis has shifted, and cryptography now makes extensive use of mathematics, including aspects of information theory, computational complexity, statistics, combinatorics, abstract algebra, number theory, and finite mathematics generally.
· Cryptography is, also, a branch ofengineering, but an unusual one as it deals with active, intelligent, and malevolent opposition (see cryptographic engineering and security engineering); other kinds of engineering (e.g., civil or chemical engineering) need deal only with neutral natural forces. There is also active research examining the relationship between cryptographic problems and quantum physics (see quantum cryptography and quantum computing).
Q.5 A. Discuss Audit plan & its various part?
· Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve theeffectiveness of risk management, control, and governance processes
· Internal auditing is a catalyst for improving an organization’s effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and businessprocesses. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.
· The scope of internal auditing within an organization is broad and may involve topics such as the efficacy of operations, the reliability of financial reporting, deterring and investigating fraud, safeguarding assets, and compliance with laws and regulations.
· Internal auditing frequently involves measuring compliance with the entity's policies and procedures. However, internal auditors are not responsible for the execution of company activities; they advise management and the Board of Directors (or similar oversight body) regarding how to better execute their responsibilities. As a result of their broad scope of involvement, internal auditors may have a variety of higher educational and professional backgrounds.
· Publicly-traded corporations typically have an internal auditing department, led by a Chief Audit Executive ("CAE") who generally reports to the Audit Committee of the Board of Directors, with administrative reporting to the Chief Executive Officer.
· The profession is unregulated, though there are a number of international standard setting bodies, an example of which is the Institute of Internal Auditors ("IIA"). The IIA has established Standards for the Professional Practice of Internal Auditing and has over 150,000 members representing 165 countries, including approximately 65,000 Certified Internal Auditors
· Internal auditing standards require the development of a plan of audit engagements (assignments) based on a risk assessment, updated at least annually. The input of senior management and the Board is typically included in this process. Many departments update their plan of engagements throughout the year as risks or organizational priorities change
· This effort helps ensure the audit activity is aligned with the organization’s objectives, by answering two key questions: First, what goals is the organization trying to accomplish in the upcoming period? Second, how can the Internal Audit Department assist the organization in achieving these goals?
· Internal auditors often conduct a series of interviews of senior management to identify potential engagements. Changes in people, processes, or systems often generate audit project ideas. Various documents are reviewed, such as strategic plans, financial reports, consulting studies, etc. Further, the results of prior audits and resolution of open issues are considered.
· For example, automated programs such as NEMEA Compliance Center can collect responses, produce and write standardized compliance reports for an organization seeking or issuing compliance rules. Even if a business area is important, prior audit work and the nature and status of open issues may render further audit effort unnecessary. If the organization has a formal enterprise risk management (ERM) program, the risks identified therein help limit the amount of separate risk assessment performed by Internal Audit.
· The measurement of the internal audit function can involve a balanced scorecard approach. Internal audit functions are primarily evaluated based on the quality of counsel and information provided to the Audit Committee and top management. However, this is primarily qualitative and therefore difficult to measure. “Customer surveys” sent to key managers after each audit engagement or report can be used to measure performance, with an annual survey to the Audit Committee.
· Scoring on dimensions such as professionalism, quality of counsel, timeliness of work product, utility of meetings, and quality of status updates are typical with such surveys. Understanding the expectations of senior management and the audit committee represent important steps in developing a performance measurement process, as well as how such measures help align the audit function with organizational priorities
B. What are the objectives of system Audit?
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
IT audits are also known as "automated data processing (ADP) audits" and "computer audits". They were formerly called "electronic data processing (EDP) audits".
Under the Framework there are three basic audit objectives:
· to determine whether controls provide reasonable assurance of effective and efficient operations
· to determine whether controls provide reasonable assurance as to the reliability of financial data and reports; and
· to determine whether controls provide reasonable assurance of compliance with laws and regulations.
Each of these objectives has five components of control:
· A sound Control Environment;
· A sound Risk Assessment Process;
· Sound Operational Control Activities;
· Sound Information and Communications System; and
· Sound Monitoring Practices
1. For the Control Environment Component auditors assess
· whether managers and employees possess integrity, ethical values and competence;
· whether the nature of management’s philosophy and operating style is appropriate;
· whether there is proper assignment of authority and responsibility;
· whether there is proper organization of available resources;
· whether there is proper training and development of people; and
· whether there is proper attention and direction from management.
2. For the Risk Assessment Component auditors assess
· whether management has established a set of objectives that integrate all the organization’s resources so that the organization operates in concert;
· whether there is an awareness of and ability to deal with the risks and obstacles to successful achievement of business objectives; and
· whether management identifies, analyzes and manages the risks and obstacles to successful achievement of business objectives.
3. For the Operational Control Activities Component auditors assess
· whether management has established and executed policies and procedures to help ensure effective implementation of the actions they have identified as being necessary to address risks and obstacles to achievement of business objectives;
4. For the Information and Communications Systems Component auditors assess
· whether the information system produces the financial, operational and compliance reports needed to run the business;
· whether the reports that are produced deal with internal and external activities, conditions and events necessary to informed business decision making and external reporting;
· whether the organizations people are able to capture and exchange the information they need to conduct, manage and control operations;
· whether pertinent information is identified, captured and communicated in a form that enables people to effectively carry out their responsibilities;
· whether communications flows in all directions throughout the organization;
· whether management has made it clear to all employees that control responsibilities are to be taken seriously;
· whether employees understand their own roles in the internal control system, as well as how their individual activities relate to the work of others;
· whether all employees have the means of communicating significant information upstream; and
· whether their is effective communication with external parties.
5. For the Effective Monitoring Component auditors assess
· whether the entire control system is monitored to assess the quality of the system’s performance over time;
· whether there is on-going monitoring in the normal course of doing business, such as regular supervisory and management activities, and actions employees take in performing their normal duties;
C. How is the segmentation of Business Markets different from that of Consumer Markets?
· Market segmentation is a concept in economics and marketing. A market segment is a sub-set of a market made up of people or organizations with one or more characteristics that cause them to demand similar product and/or services based on qualities of those products such as price or function. A true market segment meets all of the following criteria: it is distinct from other segments (different segments have different needs), it is homogeneous within the segment (exhibits common needs); it responds similarly to a market stimulus, and it can be reached by a market intervention.
· The term is also used when consumers with identical product and/or service needs are divided up into groups so they can be charged different amounts. The people in a given segment are supposed to be similar in terms of criteria by which they are segmented and different from other segments in terms of these criteria. These can broadly be viewed as 'positive' and 'negative' applications of the same idea, splitting up the market into smaller groups.Examples Gender, Price & Interests
· While there may be theoretically 'ideal' market segments, in reality every organization engaged in a market will develop different ways of imagining market segments, and create Product differentiation strategies to exploit these segments. The market segmentation and corresponding product differentiation strategy can give a firm a temporary commercial advantage.
· The division of a market into different homogeneous groups of consumers is known as market segmentation.
· Rather than offer the same marketing mix to vastly different customers, market segmentation makes it possible for firms to tailor the marketing mix for specific target markets, thus better satisfying customer needs. Not all elements of the marketing mix are necessarily changed from one segment to the next. For example, in some cases only the promotional campaigns would differ.
· A market segment should be measurable, accessible by communication and distribution channels, different in its response to a marketing mix, durable (not changing too quickly), substantial enough to be profitable
· A market can be segmented by various bases, and industrial markets are segmented somewhat differently from consumer markets, as described below.
Consumer Market Segmentation
A basis for segmentation is a factor that varies among groups within a market, but that is consistent within groups. One can identify four primary bases on which to segment a consumer market:
· Geographic segmentation is based on regional variables such as region, climate, population density, and population growth rate.
· Demographic segmentation is based on variables such as age, gender, ethnicity, education, occupation, income, and family status.
· Psychographic segmentation is based on variables such as values, attitudes, and lifestyle.
· Behavioral segmentation is based on variables such as usage rate and patterns, price sensitivity, brand loyalty, and benefits sought.
The optimal bases on which to segment the market depend on the particular situation and are determined by marketing research, market trends, and managerial judgment.
Business Market Segmentation
While many of the consumer market segmentation bases can be applied to businesses and organizations, the different nature of business markets often leads to segmentation on the following bases:
· Geographic segmentation - based on regional variables such as customer concentration, regional industrial growth rate, and international macroeconomic factors.
· Customer type - based on factors such as the size of the organization, its industry, position in the value chain, etc.
· Buyer behavior - based on factors such as loyalty to suppliers, usage patterns, and order size.
Profiling the Segments
The identified market segments are summarized by profiles, often given a descriptive name. From these profiles, the attractiveness of each segment can be evaluated and a target market segment selected.
D. What is Market Segmentation? Why is it important to Advertise?
· The marketing concept calls for understanding customers and satisfying their needs better than the competition. But different customers have different needs, and it rarely is possible to satisfy all customers by treating them alike.
· Mass marketing refers to treatment of the market as a homogenous group and offering the same marketing mix to all customers. Mass marketing allows economies of scale to be realized through mass production, mass distribution, and mass communication. The drawback of mass marketing is that customer needs and preferences differ and the same offering is unlikely to be viewed as optimal by all customers. If firms ignored the differing customer needs, another firm likely would enter the market with a product that serves a specific group, and the incumbant firms would lose those customers.
· Target marketing on the other hand recognizes the diversity of customers and does not try to please all of them with the same offering. The first step in target marketing is to identify different market segments and their needs.
Requirements of Market Segments
In addition to having different needs, for segments to be practical they should be evaluated against the following criteria:· Identifiable: the differentiating attributes of the segments must be measurable so that they can be identified.
· Accessible: the segments must be reachable through communication and distribution channels.
· Substantial: the segments should be sufficiently large to justify the resources required to target them.
· Unique needs: to justify separate offerings, the segments must respond differently to the different marketing mixes.
· Durable: the segments should be relatively stable to minimize the cost of frequent changes.
A good market segmentation will result in segment members that are internally homogenous and externally heterogeneous; that is, as similar as possible within the segment, and as different as possible between segments.Better matching of customer needs
Customer needs differ. Creating separate offers for each segment makes sense and provides customers with a better solution
Enhanced profits for business
Customers have different disposable income. They are, therefore, different in how sensitive they are to price. By segmenting markets, businesses can raise average prices and subsequently enhance profits
Better opportunities for growth
Market segmentation can build sales. For example, customers can be encouraged to "trade-up" after being introduced to a particular product with an introductory, lower-priced product
Retain more customers
Customer circumstances change, for example they grow older, form families, change jobs or get promoted, change their buying patterns. By marketing products that appeal to customers at different stages of their life ("life-cycle"), a business can retain customers who might otherwise switch to competing products and brands
Target marketing communications
Businesses need to deliver their marketing message to a relevant customer audience. If the target market is too broad, there is a strong risk that (1) the key customers are missed and (2) the cost of communicating to customers becomes too high / unprofitable. By segmenting markets, the target customer can be reached more often and at lower cost
Gain share of the market segment
Unless a business has a strong or leading share of a market, it is unlikely to be maximising its profitability. Minor brands suffer from lack of scale economies in production and marketing, pressures from distributors and limited space on the shelves. Through careful segmentation and targeting, businesses can often achieve competitive production and marketing costs and become the preferred choice of customers and distributors. In other words, segmentation offers the opportunity for smaller firms to compete with bigger ones.
Q.6 A. Explain briefly the ‘Product Life Cycle’ concept with ref. to a bank’s product?
We define a product as "anything that is capable of satisfying customer needs. This definition includes both physical products (e.g. cars, washing machines, DVD players) as well as services (e.g. insurance, banking, private health care).
Businesses should manage their products carefully over time to ensure that they deliver products that continue to meet customer wants. The process of managing groups of brands and product lines is called portfolio planning.
The stages through which individual products develop over time is called commonly known as the"Product Life Cycle".
The classic product life cycle has four stages (illustrated in the diagram below): introduction; growth; maturity and decline
At the Introduction (or development) Stage market size and growth is slight. it is possible that substantial research and development costs have been incurred in getting the product to this stage. In addition, marketing costs may be high in order to test the market, undergo launch promotion and set up distribution channels. It is highly unlikely that companies will make profits on products at the Introduction Stage. Products at this stage have to be carefully monitored to ensure that they start to grow. Otherwise, the best option may be to withdraw or end the product.
Growth Stage
The Growth Stage is characterised by rapid growth in sales and profits. Profits arise due to an increase in output (economies of scale)and possibly better prices. At this stage, it is cheaper for businesses to invest in increasing their market share as well as enjoying the overall growth of the market. Accordingly, significant promotional resources are traditionally invested in products that are firmly in the Growth Stage.
Maturity Stage
The Maturity Stage is, perhaps, the most common stage for all markets. it is in this stage that competition is most intense as companies fight to maintain their market share. Here, both marketing and finance become key activities. Marketing spend has to be monitored carefully, since any significant moves are likely to be copied by competitors. The Maturity Stage is the time when most profit is earned by the market as a whole. Any expenditure on research and development is likely to be restricted to product modification and improvement and perhaps to improve production efficiency and quality.
Decline Stage
In the Decline Stage, the market is shrinking, reducing the overall amount of profit that can be shared amongst the remaining competitors. At this stage, great care has to be taken to manage the product carefully. It may be possible to take out some production cost, to transfer production to a cheaper facility, sell the product into other, cheaper markets. Care should be taken to control the amount of stocks of the product. Ultimately, depending on whether the product remains profitable, a company may decide to end the product.
Well banks are like any other business in that they produce goods and services to customers. Like any other businesses, their products have life cycles. A couple that come to mind in various stage of their life cycle include:
Checks or Demand Deposit Accounts (DDAs). Checks are in a decline phase of their life cycle. the use of checks is declining rapidly and being replaced by electronic bill pay and debit cards......
Internet Banking and Electronic Bill pay are in their growth phase as more and more customers are using these services and using checks less and less.
Debt cards or Check Cards are in their maturity phase as they are accepted by nearly everyone.
Checks or Demand Deposit Accounts (DDAs). Checks are in a decline phase of their life cycle. the use of checks is declining rapidly and being replaced by electronic bill pay and debit cards......
Internet Banking and Electronic Bill pay are in their growth phase as more and more customers are using these services and using checks less and less.
Debt cards or Check Cards are in their maturity phase as they are accepted by nearly everyone.
B. ‘People do not just buy a bank’s product, they buy services’ – illustrate citing examples.
· With today’s cutthroat competition from big business, trying to compete on price can be a quick road to ruin for a startup company. But here’s a little secret you should know: contrary to common perception, customers will not go almost anywhere just to save a buck.
· With notable exceptions, commercial bank efforts to boost revenue by selling corporate finance and capital markets products to middle market have not met expectations. This, despite significant investments in investment banking capabilities, product training, and corporate finance training that have kept corporate finance teachers busy for several decades.
· So if you want to avoid getting beat up on price, stop trying to compete on price alone. What your business needs to stand out is better customer service and satisfied customers . But don’t make it the simple “please and thank you” variety. Aim higher. Strive for fabulous, standout, outrageously great service to set your startup business apart from the crowd.
· Will superior service trump price? Absolutely, says a dramatic new survey of over 100,000 small business and retail customers nationwide. According to a four-year study conducted by the Ohio-based market intelligence firm BIG research, most customers will put service ahead of price - if you give them the chance.
· Entrenched “wisdom” may be wrong. BIG research asked tens of thousands of shoppers how they like to shop, what they look for in customer service and what it takes for them to buy. And according to T. Scott Gross, who turned the results into a new book called “When Customers Talk,” some of the most deeply entrenched “wisdom” about what customers want may simply be wrong.
· For example, when researchers asked customers how far they’d be willing to drive for excellent service , 80 percent said they’d travel four or more miles, and nearly half said they would drive 10 miles or more for the right combination of price, quality and customer service.
· “American shoppers are not the finicky, price-conscious bargain hunters they have been made out to be,” says Gross. “Consumers will pay for good service with both their cash and their time.”
· Your job as startup entrepreneur is to deliver superior service that attracts and keeps customers day in and day out. Satisfied customers say they are willing to drive a little further for great service, but you’d better make it worth their effort.
· Just how many service slipups does it take to send a customer packing? According to the BIGresearch survey, 17 percent will bolt after a single service faux pas. Another 40 percent will jump ship after two instances of poor service, and 28 percent more are out the door after three. So for 85 percent of your customers, it’s three strikes and you’re out.
· Fair enough. But what do buyers really want from you? What keeps customers satisfied
- Knowledgeable and available staff : While a customer is making the buying decision, they want knowledgeable assistance, available when they want it . Customers place a high value on accurate information and want to be served by employees who know the product inside and out.
- Friendly people: Customers not only want product-savvy sales people, they want them to be friendly and courteous. Your staff should value each customer more than any individual sale.
- Good value: This is where price factors in. But customers surveyed see price as only one component of the bigger picture of “value” that includes the service, information and follow-up they also receive.
- Convenience: The service rule here is simple: make it easy! Says Gross, “Customers want merchandise that is well organized, attractively displayed and easy to find. That’s how today’s customers define convenience, and the easier you can make the shopping, the more money you will be lugging to the bank.”
- A fast finish: This final item is where too many businesses fall flat, right at the finish line. While customers are in the process of deciding to buy or not, they are proceeding on your time. They want thoughtful help making the right decisions. But once the buying decision is made, get out of their way because now you are working on their time, and they want to complete the transaction and be on their way as quickly as possible. At the cash register, there is no time for making additional suggestions.
Our Bottom Line
In the end, it may be your service - not your price - that dictates whether or not you secure customers for the long term. If you give people what they want, the way they want it and follow through with a fast finish when it comes time to pay up, you are much more likely to turn them into satisfied customers.
C. Describe –
i) FEMA 1999.
When a business enterprise imports goods from other countries, exports its products to them or makes investments abroad, it deals in foreign exchange. Foreign exchange means 'foreign currency' and includes:- (i) deposits, credits and balances payable in any foreign currency; (ii) drafts, travellers' cheques, letters of credit or bills of exchange, expressed or drawn in Indian currency but payable in any foreign currency; and (iii) drafts, travellers' cheques, letters of credit or bills of exchange drawn by banks, institutions or persons outside India, but payable in Indian currency.
In India, all transactions that include foreign exchange were regulated by Foreign Exchange Regulations Act (FERA),1973. The main objective of FERA was conservation and proper utilisation of the foreign exchange resources of the country. It also sought to control certain aspects of the conduct of business outside the country by Indian companies and in India by foreign companies. It was a criminal legislation which meant that its violation would lead to imprisonment and payment of heavy fine. It had many restrictive clauses which deterred foreign investments.In the light of economic reforms and the liberalised scenario, FERA was replaced by a new Act called the Foreign Exchange Management Act (FEMA),1999.The Act applies to all branches, offices and agencies outside India, owned or controlled by a person resident in India. FEMA emerged as an investor friendly legislation which is purely a civil legislation in the sense that its violation implies only payment of monetary penalties and fines. However, under it, a person will be liable to civil imprisonment only if he does not pay the prescribed fine within 90 days from the date of notice but that too happens after formalities of show cause notice and personal hearing. FEMA also provides for a two year sunset clause for offences committed under FERA which may be taken as the transition period granted for moving from one 'harsh' law to the other 'industry friendly' legislation.
Broadly,the objectives of FEMA are: (i) To facilitate external trade and payments; and (ii) To promote the orderly development and maintenance of foreign exchange market. The Act has assigned an important role to the Reserve Bank of India (RBI) in the administration of FEMA. The rules,regulations and norms pertaining to several sections of the Act are laid down by the Reserve Bank of India, in consultation with the Central Government. The Act requires the Central Government to appoint as many officers of the Central Government as Adjudicating Authorities for holding inquiries pertaining to contravention of the Act. There is also a provision for appointing one or more Special Directors (Appeals) to hear appeals against the order of the Adjudicating authorities. The Central Government also establish an Appellate Tribunal for Foreign Exchange to hear appeals against the orders of the Adjudicating Authorities and the Special Director (Appeals). The FEMA provides for the establishment, by the Central Government, of a Director of Enforcement with a Director and such other officers or class of officers as it thinks fit for taking up for investigation of the contraventions under this Act.
FEMA permits only authorised person to deal in foreign exchange or foreign security. Such an authorised person, under the Act, means authorised dealer,money changer, off-shore banking unit or any other person for the time being authorised by Reserve Bank. The Act thus prohibits any person who:-
- Deal in or transfer any foreign exchange or foreign security to any person not being an authorized person;
- Make any payment to or for the credit of any person resident outside India in any manner;
- Receive otherwise through an authorized person, any payment by order or on behalf of any person resident outside India in any manner;
- Enter into any financial transaction in India as consideration for or in association with acquisition or creation or transfer of a right to acquire, any asset outside India by any person is resident in India which acquire, hold, own, possess or transfer any foreign exchange, foreign security or any immovable property situated outside India
ii) EXIM BANK (Role, Functions, & Facilities)
· About Export-Import Bank of India The Export-Import Bank of India, also known as Exim Bank of India, is the leading export finance institution in the country. The bank was set up in the year 1982 under the Export-Import Bank of India Act 1981. The Government of India launched the Export-Import Bank Of India with an aim to augment exports from India and also to combine the country's foreign trade and investment with the overall economic growth. The bank began its operations as a supplier of export credit, but has over the period evolved into an institution that plays a major role in partnering Indian Industries including small and medium enterprises.
· Export-Import Bank of India has been one of the prime institutions that encourages project exports from India. The bank offers wide-ranging services for enhancing the prospect of Indian project exports. Exim Bank's Overseas Investment Finance program gives a variety of facilities for Indian reserves and acquirements overseas. The facilities consist of direct equity participation by the bank in the overseas venture and non-funded activities by the overseas venture and loan to the Indian companies for equity participation in the venture abroad. As part of Exim Bank's marketing Finance Program, the bank offers support to small and medium enterprises in their export marketing efforts consisting of financing the soft expenditure linking to completion of tactical and systematic export market development plans.
· The primary objective of the Export-Import Bank of India is to provide financial assistance to importers and exporters and function as the top financial institution. Some of the services of the bank include: overseas investment finance, film finance, export credit, finance for export oriented units and agricultural & SME finance. In the period of 2005- 2006 the total amount of loan given out by the bank amounted to 150,389 million, while this figure shot up to ` 220,760 million in the flowing year.
· Export-Import Bank of India plays the role of source of finance, promoter, coordinator and consultation to India's Foreign Trade. The bank is the coordinator of the Working Group Mechanism for the clearance of projects, service exports and deferred payment exports. This group comprises of Exim Bank and Government of India representatives from the Ministries of Finance, Commerce and external Affairs, Export Credit Guarantee Corporation of India Ltd, commercial banks that are certified foreign exchange dealers and the Reserve Bank of India. This working group gives clearance to contracts sponsored by Exim Bank or commercial banks and operates as a single window mechanism for clearance of export proposal terms.
The main functions of the EXIM Bank are as follows:
1. Financing of exports and imports of goods and services, not only of India but also of the third world countries
2. Financing of exports and imports of machinery and equipment on lease basis;
3. Financing of joint ventures in foreign countries;
4. Providing loans to Indian parties to enable them to contribute to the share capital of joint ventures in foreign countries;
5. to undertake limited merchant banking functions such as underwriting of stocks, shares, bonds or debentures of Indian companies engaged in export or import; and
6. To provide technical, administrative and financial assistance to parties in connection with export and import
No comments:
Post a Comment