Академический Документы
Профессиональный Документы
Культура Документы
Introduction
Central Background Information
Banking is one of the most sensitive businesses all over the world. Banks play
an important role in the economy and are considered as the backbone of an economy
in every country and Pakistan is no exemption. Banks are custodian to the assets of
the general masses. The banking sector plays a significant role in a contemporary
world of money and economy. It influences and facilitates many different but
integrated economic activities like resources mobilization, poverty elimination,
production and distribution of public finance. Pakistan has a well-developed
banking system, which consists of a wide variety of institutions ranging from a
central bank to commercial banks and to specialized agencies to cater for special
requirements of specific sectors. The country started without any worthwhile banking
network in 1947 but witnessed phenomenal growth in decades to come.
By 1970, it had acquired a flourishing banking sector. Nationalization of banks
in the seventies was a major upset to domestic banking industry of the country, which
changed the whole complexion of the banking industry. With irrational decision at the
top all the commercial banks were made subservient to the political leadership and the
bureaucracy. The commercial banks thus lost their assets management equilibrium,
initiative and growth momentum. They ceased to be a business concern and became
big bureaucracies. The era of nineties was the climax of privatization, deregulation
and restructuring in the domestic banking industry and financial institutions. The
Muslim Commercial Bank waste first bank to privatize. Followed by Allied Bank
limited, United Bank Limited and Habit Bank Limited have all been privatized.
The portfolio concentrates on all aspects of conventional banking as well as
the financial needs of corporate sector. Dynamic and high value product includes Car
Financing , Funded and unfunded loans, Priority banking, Credits Cards, Debit Cards,
On line Banking, ATM and money transfer etc. In addition to this, Islamic Banking
Division is a separate working entity. The bank is committed to combine all its
energies and resources to bring high value, security and satisfaction to its customers,
employees and shareholder. The bank has invested in revolutionary technology to
have an extensive range of products and services.
This facilitates commitment to a culture of innovation and seeks out synergies with
client and service providers to ensure uninterrupted services to it customers.
2.Company Background
Bank Alfalfah Limited (BAL) is a private bank in Pakistan owned by the
Abu Dhabi Group. Bank Alfalfah was incorporated on June 21, 1997 as a public
limited company under the Companies Ordinance 1984. Bank Alfalah is registered at
both Karachi and Lahore Stock Exchange with a ticker name of BAFL. Its banking
operations commenced from November 1, 1997. The bank is engaged in commercial
banking and related services as defined in the Banking companies ordinance, 1962,
with the registered office at building, I.I.Chundrigar Road, Karachi. Since its
inception, as the new identity of H.C.E.B (Habib Credit and Exchange Bank Limited)
after the privatization in 1997, the management of the bank started implementing
strategies and policies to carve a distinct position for the bank in the market place.
Now Bank Alfalah Limited ha a network of 282 branches that include 48 Islamic
Banking branches..The portfolio concentrates on all aspects of conventional banking
as well as the financial needs of corporate sector. Dynamic and high value product
includes Car Financing ,Funded and unfunded loans, Priority banking, Credits Cards,
Debit Cards, On line Banking, ATM and money transfer etc. In addition to this,
Islamic Banking Division is a separate working entity. The bank is committed to
combine all its energies and resources to bring high value, security and satisfaction to
its customers, employees and shareholder. The bank has invested in revolutionary
technology to have an extensive range of products and services. This facilitates
commitment to a culture of innovation and seeks out synergies with client and service
providers to ensure uninterrupted services to its customers.
3.Vision
Vision
To be the
premier organizations
operating locally and
internationally that provided the
complete range of financial
services to all segments under
one roof
Bank alfalah is one of the leading financial institutions ,bank alfalah operates only in
Pakistan now soon it will go internationally ,and bank alfalah day by day increasing
its product for all the segment in Pakistan for business .Industrial, agricultural and for
the government bodies in the country. bank alfalah is trying to reach each segment in
Pakistan and trying to provided its product at lowest changes and easiest way, under
on roof.
4. Mission statement
MISSION
To develop and deliver the most
innovative products, manage
customers experience, deliver quality
service that contributes to brand
strength, establishes a competitive
advantage and enhances profitability,
thus providing value to the stakeholders
of the bank
To provide the new and more innovative products than the other
banks to the customers.
To take and manage the ideas of the valuable customer for the Bank
This is a one of the main component of Bank Alfalah Mission
Statement that to deliver high quality and quick services to the customers,
who are keep great value for Bank Alfalah.
Bank Alfalah tries to promote those activities which give the
fruitful result to the customers and the stakeholder of the bank.
5. Branches network
Bank Alfalah is Pakistans sixth largest Bank and now boasts a branch
network of 500 branches across 172 cities in Pakistan along with a presence in
Bangladesh, Afghanistan, Bahrain and the UAE. It is also the largest acquirer of credit
cards in Pakistan and enjoys a strong position in the SME and Islamic Banking
segments.
Personal banking
Deposit Account
Our deposit suite has been designed keeping the diverse needs of our
customers. From basic banking accounts, term deposits, foreign currency to structured
savings products, choose the option that best suits your needs and start enjoying your
daily banking services through our vast branch network and self service banking
solutions.
Debit/ATM Card VISA accepted at over 30 million outlets and more than 2
million ATMs worldwide
Open with an initial deposit of Rs. 1,000 only by visiting your nearest Bank Alfalah
branch from a network of over 540 online branches nationwide.
Features
VISA ATM/Debit Card accepted at more than 4500 1-Link network ATMs and
over 30 million outlets and more than 2 million ATMs worldwide.
If you looking to earn high rate of returns on your fixed deposits with the
benefit of monthly profits, then Alfalah Mahana Amdan is best suited for you.
Invest with a minimum deposit of Rs. 50,000 for1 year term deposit & Rs.
100,000 for 3 years term deposit
Attractive rate of 8.5%* on 1 year term deposit & 9%* on 3 year term deposit
Visa ATM/Debit Card accepted at more than 4500 1-Link network ATMs in
Pakistan and over 30 million outlets and over 2 million ATMs worldwide
Easy access to funds through cheque book and VISA Debit/ATM Card that can
be used globally at over 30 million outlets and at more than 2 million ATMs.
Easy access to funds through cheque book and VISA Debit/ATM Card that can
be used globally at over 30 million outlets and at more than 2 million ATMs
10
If you have a business that deals with large transaction volumes, then our
Royal Profit Account is the best choice to meet your daily financial requirements. It
encompasses the flexible features of a current account whilst also giving you the
benefits of a savings account.
Features Benefits
2 free deposits and 2 free withdrawal transactions every month through cheque
VISA Debit/ATM Card accepted at over 30 million outlets and more than 1.5
million ATMs worldwide.
11
Profit is calculated on the daily balance and paid on a semi- annual basis
Loans
We have designed our loan products keeping your individual needs in mind. With
affordable tailor-made financing options that offer you the flexibility to choose your
repayment plans, we help you stay in control of your finances and make the most of
lifes opportunities today.
12
Credit Cards
Bank Alfalah chip based credit cards open up a world of lifestyle privileges
and financial freedom that allow you to enjoy living life today just the way you
want to! The newly designed chip based credit card offers you enhanced security
features to protect your information from fraudulent acts. The chip generates dynamic
values for each transaction, providing greater security every time you swipe.
13
Your existing Alfalah Credit Card will soon be upgraded to a chip-based credit card or
you can choose a card that best suits your lifestyle needs. Become part of the largest
credit card
family in the country and enjoy unparalleled service and discounts every time you
travel, shop or dine out
14
As a Bank Alfalah Titanium Master Card member, you can enjoy countless
benefits and privileges.
Fabulous Rewards
Cash Advance
E-statement Facility
SMS Alerts
15
Fabulous Rewards
Cash Advance
E-statement Facility
SMS Alerts
Bancassurance
Our Bancassurance solutions are specially designed to help you protect and
secure a stable future with your loved ones. Partnering with leading insurance
companies in the country, we offer a diverse range of insurance plans, customized to
meet your savings, education, marriage and retirement needs at every stage in life.
16
Benefit
Income Benefit
17
Income benefit
Eligibility
The plan is available to all Bank Alfalah customers between 18 to 65 years of age.
Term of Plan
Minimum Term: 10 years Maximum Term: 25 years subject to a maximum age of
75 years at the time of maturity.
Premium Limit
Minimum: Rs. 25,000 annually
Maximum: No limit
Waiver of premium
18
Home Remittance
We offer unmatched services for overseas Pakistanis to send money home fast and
free across our large network of over 470 branches in more than 160 cities across
Pakistan. Enjoy the convenience of sending home remittances to your loved one
through our International Send Agents in any of the following modes.
Cash over Counter: Your remittance can be collected by your loved one in
cash of up to Rs. 500,000 from any of our branches across Pakistan.
Cash over Account: You can send money to Pakistan through hassle free
account credit in a Bank Alfalah maintained account or in an account in any RTGS
member bank.
Pay Order/ Demand Draft: If you are maintaining an account with a nonRTGS member bank, you can conveniently send money through Pay Order or
Demand Draft facility.
19
Its convenient with 300,000 money transfer agents around the world, youre
never far away from Money Gram.
Its available to everyone you dont need a bank account or credit card.
Its easy just visit a Money Gram agent and complete one simple form.
20
Corporate banking
Working Finance
Successful businesses often experience considerable pressure on the available
finances due to timing difference of cash inflows and outflows, up-gradation of
existing facilities and business expansion.
Our dedicated team of relationship managers can structure tailor-made credit solutions
to meet your specific short-term or long-term funding requirements. The loans are
provided at competitive rates and are structured to enhance your profitability by
scheduling the repayment to match the cash flow available to repay the debt.
Bank Alfalah offers working capital finance by way of overdraft or working capital
loans suitably structured to your needs and your risk profile. These products are
designed to ease the liquidity position of our clients.
Trade Finance
We offer a wide range of trade services designed to meet a range of our corporate
clients needs. We have Industry specialists who are professional and seasoned to
make sure that all your trade finance requirements are taken care of with precision and
21
skill. The team is strongly supported by a wide and effective correspondents network
spread worldwide. Our team of specialists goes the extra mile to ensure that our
customers` experience with the below mentioned services is nothing but exceptional.
Letter of Credit
Import Finance
Export Finance
Bank Guarantee
Dividend Redemption
The Bank also provides the requisite MIS of all the banker to the issue/dividend
transactions on the prescribed format as and when required by the customer.
Investment Banking
Our seasoned Investment Banking team is fully equipped to help you in the
following areas:
1.
2.
3.
4.
22
Our FX desk is one of the most active participants in the interbank market
dealing in ready, spot, forward and swap transactions for all major currencies. Our
sizable FX Book allows us to be a market maker in the interbank markets of Pakistan,
Afghanistan and Bangladesh.
Fixed Income
Our dedicated fixed income trading desk is one of the most active participants
in all segments of the domestic money and bond markets.
Business banking
Alfalah SME Toolkit
Bank Alfalah is proud to be the first bank in Pakistan to introduce an SME
toolkit in partnership with International Finance Corporation (IFC). It is an online
business management tool dedicated to help small and medium enterprises to develop
sustained growth through implementation of business practices based on information,
communication and technology.
23
The need for supporting SMEs has never been stronger in Pakistan. Small businesses
are amongst the highest with growth potential and innovation, with businessmen from
all walks of life, working hard to positively impact the society and consumers with
innovative products and services.
Business Accounts
Our Business Banking team is committed to working in conjunction with our
SME clients as trusted partners in their progress and success. Whether your operations
include sole trading, manufacturing or exporter, we aim to understand your evolving
business requirements needs and offer you a broad range of customized financial
solutions and services to help you achieve your goals.
Offering a complete product menu including Business Accounts, Loans, Working
Capital Finance, Trade Finance, Transaction Banking and Financial Advisory
Services, we work to enhance your business growth, access and convenience.
24
The amount of financing under Alfalah Quick Finance ranges from PKR.
50,000 to PKR. 300M
Lease Finance
25
We work very closely with our clients and strive to deliver the most
comprehensive and tailored leasing products to meet all their business needs. With
one of the most competitively priced solutions, with flexible terms & conditions based
on your choice of assets, repayment, pricing, and tenures, we can help you preserve
working capital in your business, while benefiting from the use of the equipment.
Agri Loans
We realize the strong contribution of agriculture in our countrys economy and
the growing financial needs of our farmers. Our Rural Finance Program Alfalah
Zarie Sahulat offers finance facilities covering an entire spectrum of farming and
non-farming needs with a wide range of products on flexible short, medium and long
term repayment tenures at affordable markup rates.
26
Branchless banking
Mobil paisa
Bank Alfalah has joined hands with Warid Telecom to launch Mobile Paisa;
a branchless banking service which aims to provide innovative, technology based
financial solutions to customers. Mobile Paisa currently offers customers with Over
the Counter (OTC) facilities for making utility bill payments as well as Person to
Person (P2P) funds transfer services via 2000 plus agent locations across Pakistan.
With the launch of Mobile Paisa, the Bank aims to support the creation of a
branchless banking and alternate payments ecosystem which is likely to augment
financial inclusion in the country, thereby reducing the gap between the banked and
the yet-to-be-banked.
G2P
27
Bank Alfalah Limited has been selected as one of the partners for two key G2P
projects, namely, Watan Card Programmed and the Benazir Income Support Program
(BISP). In phase I, BAL disbursed Rs. 20,000 each to nearly 108,000 families. For
this effort, BAL issued VISA debit cards, called Watan Cards, to beneficiaries
identified by NADRA and GoP. BAL created 18 centers in Punjab and Gilgit-Baltistan
provinces to disburse Cards and Cash to affected persons.
Phase II of this project constitutes a disbursement of Rs. 40,000 per beneficiary in two
transactions as and when notified by NADRA/GoP. A total disbursement of
Rs.1,597.12 million, as of November 2012, has been expended in districts of Gilgit,
Hunza, Skardu, Jhang, Khushab, Sargodha, Multan and Rahim Yar Khan.
28
SMS Alerts
E-statements
With our e-statement service, you can receive monthly, quarterly or half-yearly
account statements directly via email. This facility is offered to you at no extra cost,
all you need is a personal e-mail address to which your e-statements will be sent.
29
7. Departments:
Cash Department
This Department is given the complete responsibility of Cash as a transaction
in touch local and foreign currencies it is also responsible for the book keeping for
these transactions and the safe custody of cash.
This department performs the main function:
Cash Receipts
Cash Payments
Cash Receipts:
In Cash Department Depositors use deposit slips for depositing the amount
into their account the officer checks if the deposit slip is properly filled up containing
title of account, A/C number and amount in words and figures.
Cash Payments:
First the cheque is presented by the customer or holder to the cash payment
officer. He confirms that it is drawn on the same branch and the particulars of cheque
are properly filled. One Signature or the holder is taken on the back of the cheque.
Clearing Department
The process by which cheque exchanged between the collecting and paying
bank and the ensuing financial settlement is called clearing. This facility is provided
by the state bank of Pakistan for offsetting of cross obligations between the different
banks.
Clearing is of two types:
Inward Clearing
When Cheque drafts etc, of our branch presented to us for clearing by the
SBP. Cheque to be honored by bank.
30
Outward Clearing
The Cheque of other banks, which the account holder deposit in their accounts
is, sends for collection.
Remittance Department
The need of remittance is commonly felt in todays business. A major function
of any bank it to transfer of funds from one place to anther. Bank Alfalah uses the
following modes of transfer of funds.
3) Third party for reconciliation. Its photocopy is kept with bank while
original is send to head office for reconciliation.
31
signatures are taken on the form one for request and the other for receiving the
instrument.
Call Deposit
When the party wants to give the payment from it self to another party then its
makes call deposit the bank keeps it with itself unless it does not receive instruction
from the bank. Normally it is pain in cash and goes in party account.
Pay Slip
It is use when bank itself pay for any transaction for e.g purchase of stationary.
Money Gram
Its basically a person to person money transfer service that allows consumer to
receive money in just a few minutes.
Accounting Department
Account department is the most important department of the bank because it is
concerned with:
Revenue
Income from sales of goods and services, minus the cost associated with
things like returned or undeliverable merchandise also called & quot ales"
"Net Sales", "Net
Revenue".
Expenses
All operating, overhead and production costs incurred in producing gross revenue.
Assets
Assets include holdings of obvious market value (cash, real estate), harder-to-measure
value (inventory, aging equipment), and other quantities (pre-paid expenses, goodwill)
considered an asset by accounting conventions but possibly having no market value at
all.
32
Liabilities
An obligation to pay. These include accounts payables, and bond and bank
debt.
Business Department
At branch level it is branch managers job to bring business. He
goes to the market and convinces customer or clients for loans and
deposits.
Operation Department:
When customer come in the branch for deposits or taking loan
here operation managers job starts he perform different functions on
such as opening an account, demand draft, issue cheque books.
Credit Department:
This department engages in the function of granting loan to
borrowersi.e. consumers, small and medium enterprises and corporate
level after scrutinizing their ability to repay and other requirements.
Credit officer deals these kinds of activities in big branches he is also
known as credit manager.
Compliance Department:
This department performs the function of checking of rules and
regulation according to which loans are granted either is it according to
33
Administration Department:
Administration department perform admin functions as well
like payment of salaries to employees, security and other functions.
IT Department
Overview:
The IT Department's mission is to provide the information technology required
for the fulfillment of the laboratorys mission in an efficient and effective manner
through building world-class competencies in the technical analysis, design,
procurement, implementation, operation and support of computing infrastructure and
services.
The IT Department is a highly demanding computing environment, maintaining
extensive networks on both local and global scales, pushing new technologies to their
limits and providing a neutral ground for carrying out advanced R&D with various
partners.
Responsibilities of IT departments:
Now a days it department is considered a brain of any organization because its
provide 24 hour services to ensure that every thing is running smoothly and bank
system are exposed to out scale the world.
34
Its Department
1
service management
relationship management
Service management:
This department is responsible for providing the service to new as well as
existing customer & this department try to deliver best and reliable services to
customer such as
Online banking
Online bill payment
35
Fund transfer
Mobile recharge
This department is responsible to mentoring the critical application to avoid any
financial loss& for the betterment of employee working.
Relationship management:
This department provide services to enhance the relationship of customer with
bank and provide the services like birthday wishing, wedding wishing ,sms alerts
balance inquiry, information about the product and services and create link with
customer up to time.
36
Types of topology
Physical topology
Physical topology emphasizes the physical layout of the connected devices
lain and nodes.
Logical topology
Logical topology focuses on the pattern of data transfer between network
nodes.
Physical topology
Star topology
Bus topology
Tree topology
Mash topology
Ring topology
Star topology
37
If a person want to send a data other device firstly send the data hub then hub
transfer the data other device.
38
Applications
Local area net work
High speed LAN used .
Bas topology
39
Applications
Most computer mother board
Ring topology
40
Applications
41
Tree topology
42
Applications
Used multinational companies
Mesh topology
43
Applications
Telephone regional office
6. What is Intranet?
A within-organization computer network that uses Internet technologies to
communicate.
Accessed only by authorized persons, especially members or employees of the
organization.
Applications of Intranet
44
Submission of reports
Advantages of intranet
Disadvantages of intranet
What is Extranet
An extranet is a private network that uses Internet technology and the public
telecommunication system to securely share part of a business's information or
operations with suppliers, vendors, partners, customers, or other businesses.
Applications of Extranet
Supply-chain management
Customer communications
Distributor promotions
Online continuing education/training
Customer service
Order status inquiry
Inventory inquiry
Account status inquiry
Warranty registration
Advantages of Extranet
45
Improved quality.
Lower travel costs.
Lower administrative & other overhead costs.
Reduction in paperwork.
Delivery of accurate information on time.
Improved customer service.
Better communication.
Disadvantages of Extranet
Faceless contact.
Information can be misused by other competitors.
Fraud may be possible.
Technical Employees are required
Supplier and customer are not proper knowledge
What is Internet?
It is a Global network of computers, (servers or clients) to exchange
information.
It is a "network of networks" that includes millions of private and public,
academic, business, and government networks (local or Global),linked by
copper wires, wireless connections, and other technologies
Applications of internet
46
7. Network:
Network is a collection of computers and devices connected together via
communication device and transmission media. Many business network their
computers to gather to facilitate communication, share hardware, share data and
information, share software and transfer fund. A network can be internal to an
organization or span to world by connecting to the internet.
TYPES OF NETWORK:
1. LAN
2. MAN
3. WAN
the main differentiate among these classification is their area of coverage.
LAN:
It stand for local area net work.
it connects the computer and devices in a limited geographical area(in a few
MAN:
A network in a city with high speed data transfer, which connects various
locations such as campuses, offices, government, and so on.
It stand for metropolitan area network.
Is a high speed network that connects local area network in a metropolitan
area such as city, town ( in a few km mostly 10 to 50 miles) etc.
47
WAN:
it stand for wide area network.
A WAN can be consist of two or more LANs connected together.
it cover the large geographical area (several thousand km) such as city country
or world by using communication channel that combine many type of media
such as telephone lines, cables, and radio waves.
The internet is the worlds largest WAN
In this type of network the communication cost is very high.
Share information/files over a larger area
Network users can communicate by email and instant messenger
Modal
price
Total
Total
amount
304000
Computer
Dell
38000
quantity
8
Printer
16000
32000
HP Scanjet G2410
7300
7300
14000
3
Scanner
Bar coad reader
Metrologic
5
6
Telephone
ATM
voyager
Hair
Hantel MB1700w ATM
1500
224500
4
1
6000
224500
CCTV
Swann DVR-8-1500
7500
60000
USP
SUA5000R5TXFMR
80000
80000
Router
netgear
17000
34000
MS
9520 14000
48
10
Battery
AGS
20000
100000
11
Xd 2828
19899
19899
12
13
14
15
Emergency alarm
Generator
Water cooler
AC
ZAB-898
5 KVA DENYO/HONDA
VOLTAS
BS-Q126B8A4
6000
110000
8000
47490
1
1
1
4
6000
110000
8000
189960
CCTVE
The Swann DVR8-1500 D1 4-Ch DVR With 500GB & 8 x Pro-540 Day/Night
Cameras is a basic indoor/outdoor surveillance system with an eight channel DVR
and two indoor/outdoor, day/night weatherproof cameras. The DVR features a preinstalled 500GB HDD so you can begin recording immediately back up 90 days.
Leans quality is a good.
UPS
Output Power Capacity
4000 Watts / 5000 VA
Max Configurable Power
4000 Watts / 5000 VA
Nominal Output Voltage
120V, 208V
Output Voltage Distortion
47 - 53 Hz for 50 Hz nominal, 57 - 63 Hz for 60 Hz nominal
Topology
Tree Topology
49
Computer
Dell OptiPlex 755 Desktop
Specifications
Processor
Memory
Hard Drive
500GB SATA
Optical Drive
DVDRW
Printer
Direct print lets you print on the go from your smartphone or tablet.
Router
Emergency alarm
50
alarmrecording.
51
11. Firewall
A part of a computer system or network that is designed to block unauthorized
access while permitting outward communication.
Advantage
52
A firewall defines a single choke point that keeps unauthorized users out of
Disadvantage
Deleting data
Blocking data
Modifying data
Copying data
53
Data corruption
Use
of
the
machine
as
part
of
a bonnet (e.g.
to
perform
Downloading
and
installing
software,
including
third-
Keystroke logging
54
Trojan-ArcBomb
Trojan-Clicker
Trojan-Notifier
Trojan-Proxy
Trojan-PSW
Windows PCs
Linux computers
Apple Macs
55
Smart phones
Tablets
Viruses
Viruses can be divided according to the method that they use to infect a
computer:
File viruses
Macro viruses
Script viruses
56
When you open and run the attached file, you are indirectly allowing the virus
to into your computer system.
This will slowly affect your hard drive and the entire system.
Often there will be mails like Spot offer, Lottery money, Free loan
which will be very attractive to read through.
virus software.
Keep your Microsoft office products in a secured level
Keep your Firewall on all the times
57
Verify your mailing address with the post office and financial
institutions.
Identity bandits may fill out change of address forms so that delinquent credit
notices remain off your paper billing radar.
Firewall - hides your computer from attackers, and helps stop criminals getting data in and
out of your PC
Anti-spyware
Protect yourself from spraying eyes
58
Spyware is malicious software that monitors the activity on your computer - such
as password details or the websites you have visited.
Updates
Windows and all of the other software on your computer systems needs to be
updated regularly to fix bugs and remove
security flaws
Backups
Back up your data regularly, either manually or using an automated backup
system. Backups can be copied onto an external hard drive or you can back up data
onto a Web-based storage area using an online service.
Physical Damage
59
Security Resources
Password Security
Security Procedures to Protect Your Confidential Information
Protect Your Computer
Protect Your Information
Protect Your Identity
Protect Yourself on Social Medias
Protect Your Business Bank Account
PASSWORD SECURITY
Your online passwords are the keys to protecting your personal and financial
information. Changing your password regularly will help ensure the security of all
your online accounts as well as the information. When changing your password be
sure to use strong passwords. Strong passwords are considered to be at least 8characters long and maximum 12. World Wide Banker passwords need to be a
minimum of 8 digits in length and any combination of alpha, numeric, uppercase,
lowercase and special characters up to 25 digits in length. Make your password easy
to remember but hard to guess. Use combinations that you know but wouldnt make
sense to others. A good password could be 26kDw*gm4. In addition, you should
60
never use the same password on multiple sites. If one site is compromised your other
accounts could possibly be accessed by the thieves.
SECURITY
PROCEDURES
TO
PROTECT
YOUR CONFIDENTIAL
INFORMATION
.
against unauthorized access or use of this information. The Bank of Elk River
maintains physical, electronic and procedural safeguards personal information against
unauthorized access or use.
PROTECT YOUR COMPUTER
Your computer can be a goldmine of personal information to an identity thief.
Heres how you can safeguard your computer and the personal information it stores:
Install and update your anti-virus and anti-spyware software frequently. Computer
viruses can have damaging effects, including introducing program code that causes
your computer to send out files or other stored information.
When youre submitting information, look for the lock icon on the status
bar. Its a symbol that your information is secure during transmission.
Avoid using an automatic login feature that saves your user name and
password. Remember to sign-off when youre finished banking online or leave the
room for a few minutes.
Delete any personal information stored on your computer before you dispose
of it.
61
If you do not recognize the sender of an email or have any doubts about the
authenticity of an email, do not respond and delete it immediately.
Always use secure passwords. A secure password consists of upper and lower
case letters, numbers and special characters (see: Password Security section
above). Never share your password with anyone.
When you finish your online banking sessions, be sure to log out.
PROTECT YOUR IDENTITY
.
your wallet or write your number on a check. Give it out only when absolutely
necessary.
Dont give our personal information on the phone, through the mail or over the
internet unless youve initiated the contact or you can confirm that the individual and
company are legitimate..
62
Use social media wisely. Social media connects families and friends with
colleagues and businesses through powerful online communities. However, just as in
real world communities, you should be careful what you share and how you share it to
stay safe online.
Use privacy controls to restrict who can see your profile and posts. Options
change frequently and you should check and update your settings often.
Dont reveal too much information. Personal information such as where you live,
work, or go to school could be used against you. Revealing travel plans can give an
indication that your home may be unoccupied.
PROTECT YOUR BUSINESS BANK ACCOUNT
Here are some tips on how to protect your business bank accounts:
Electronic banking should be done by two different people, one to initiate and one
to confirm a transaction. It is best practice to segregate duties among two or more
people so no one person has too much access or control.
Educate your staff about risks and how to avoid them. (see: "Password Security"
section above).
is
mean "a
clever
63
OTHER CRIMES
Depending on the circumstances, a person who hacks into another's computer
could be punished by a number of generally applicable crimes.
For example, if the hacking is done to take personal identifying information for
certain purposes, it could be punishable as identity theft. Penalties for identity theft
range from a class D to class B felony, primarily based on the value of property taken
through the use of personal identifying information and the .A person could also hack
into a computer to commit larceny. Larceny is intentionally and wrongfully taking,
obtaining, or withholding property from an owner in order to appropriate it to himself,
herself, or another. The penalties for larceny range from a class C misdemeanor
(punishable by up to three months in prison, a fine of up to $500, or both) to a class B
felony, primarily based on the value of the property
CIVIL ACTIONS
The law specifically authorizes someone harmed by a computer or
unauthorized use crime to bring a civil lawsuit against the perpetrator. These civil
actions are in addition to any other grounds for a civil action that the injured party
may have.
Penalties
Because there are numerous different types of computer and internet crimes, there are
also a wide range of potential penalties. Some computer crimes have minor penalties
associated with them, while more serious crimes can impose significant fines and
lengthy prison sentences.
Fines. Fines for a conviction of various computer and internet crimes range
widely. fines of a few hundred dollars, and possibly up to a $1,000 to
$100,000.
64
Probation. Probation sentences for computer crimes are also possible as either
individual penalties or in addition to jail or fines. Probation terms can differ
widely, but typically last at least one year and require the person on probation
to not commit more crimes, maintain employment, report to a probation
officer, and pay all court
Balance enquiry
Transaction enquiry
65
Loan-related enquiries
Salary enquiry
Products Information
Deposit Accounts
Personal Loans
Debit Card
Lending rates
Deposit rates
Other Services
66
Online Banking
Mobile Banking
16. ATM
On most modern ATMs, the customer is identified by inserting a plastic ATM
card with a magnetic stripe or a plastic smart card with a chipthat contains a unique
card number and some security information such as an expiration date
or CVVC (CVV). Authentication is provided by the customer entering a personal
identification number (PIN).
Using an ATM, customers can access their bank deposit or credit accounts in order to
make a variety of transactions such as cash withdrawals, check balances, or credit
mobile phones. If the currency being withdrawn from the ATM is different from that
in which the bank account is denominated the money will be converted at an
official exchange rate. Thus, ATMs often provide the best possible exchange rates for
foreign travelers, and are widely used for this purpose.
67
of
the
management
controls
within
an Information
Purpose
An IT audit is different from a financial statement audit. While a financial
audit's purpose is to evaluate whether an organization is adhering to standard
accounting practices, the purposes of an IT audit are to evaluate the system's internal
control design and effectiveness. This includes, but is not limited to, efficiency and
security protocols, development processes, and IT governance or oversight. Installing
controls are necessary but not sufficient to provide adequate security. People
responsible for security must consider if the controls are installed as intended, if they
are effective if any breach in security has occurred and if so, what actions can be done
to prevent future breaches. These inquiries must be answered by independent and
unbiased observers. These observers are performing the task of information systems
auditing.
The primary functions of an IT audit are to evaluate the systems that are in place to
68
History
The concept of IT auditing was formed in the mid-1960s. Since that time, IT
auditing has gone through numerous changes, largely due to advances in technology
and the incorporation of technology into business.
Currently, there are many IT dependent companies that rely on the Information
Technology in order to operate their business e.g. Telecommunication or Banking
company. For the other types of business, IT plays the big part of company including
the applying of workflow instead of using the paper request form, using the
application control instead of manual control which is more reliable or implementing
the ERP application to facilitate the organization by using only 1 application.
According to these, the importance of IT Audit is constantly increased. One of the
most important role of the IT Audit is to audit over the critical system in order to
support the Financial audit or to support the specific regulations announced e.g. SOX.
69
Types of it audit
Various authorities have
created
differing taxonomies to
distinguish
the
various types of IT audits. Goodman & Lawless state that there are three specific
systematic approaches to carry out an IT audit:[3]
Technological position audit: This audit reviews the technologies that the
business currently has and that it needs to add. Technologies are
characterized as being eisther "base", "key", "pacing" or "emerging".
70
And some lump all IT audits as being one of only two type: "general control
review" audits or "application control review" audits.
A number of IT Audit professionals from the Information Assurance realm
consider there to be three fundamental types of controls regardless of the type
of audit to be performed, especially in the IT realm. Many frameworks and
standards try to break controls into different disciplines or arenas, terming
them Security Controls, Access Controls, IA Controls in an effort to
define the types of controls involved. At a more fundamental level, these
controls can be shown to consist of three types of fundamental controls:
Protective/Preventative Controls, Detective Controls and Reactive/Corrective
Controls.
In an IS system, there are two types of auditors and audits: internal and
external. IS auditing is usually a part of accounting internal auditing, and is
frequently performed by corporate internal auditors. An external auditor
reviews the findings of the internal audit as well as the inputs, processing and
outputs of information systems. The external audit of information systems is
frequently a part of the overall external auditing performed by a Certified
Public Accountant (CPA) firm.[1]
IS auditing considers all the potential hazards and controls in information
systems. It focuses on issues like operations, data, integrity, software
applications, security, privacy, budgets and expenditures, cost control, and
71
Systems and Applications: an audit to verify that systems and applications are
appropriate to the entity's needs, are efficient, and are adequately controlled to
ensure valid, reliable, timely, and secure input, processing, and output at all
levels of a system's activity.
Definitions:
Analysis and evaluation of a firm's information system (whether manual or
computerized)
of information.
to
detect
and
rectify
The objectives of
blockages,
duplication,
and
leakage
to improve accuracy,
72
Definition
Audit is systematic and scientific examination of books of accounts of the
organization.
Information systems audit
The effectiveness of an information systems controls is evaluated through an
information systems audit. An audit aims to establish whether information systems are
safeguarding corporate assets, maintaining the integrity of stored and communicated
data, supporting corporate objectives effectively, and operating efficiently.
Information Systems - Information systems audits focus on security controls of
physical and logical security of the server including change control, administration of
server accounts, system logging and monitoring, incident handling, system backup
and disaster recovery.
Definition
The purpose of an IS audit is to review and evaluate the internal controls that
protect the system.
Definition
Auditing is a process by which a competent independent person accumulates
and evaluates evidence about various assertions contained in financial statement of an
easily for the purpose of determining and reporting the quality of disclosure of
financial information.
Definition
Information systems audit, is an examination of the management controls
within an Information technology (IT) infrastructure. The evaluation of obtained
evidence determines
73
. Benefits of an Audit
The benefits of an audit are numerous. Audits can improve a companys
efficiency and profitability by helping the management better understand their own
working and financial systems. The management, as well as shareholders, suppliers
and financers, are also assured that the risks in their organization are well-studied, and
effective systems are in place to handle them.
Audits can also identify areas in an organizations financial structure that need
improvement, and how to implement the proper changes and adjustments. Having an
audit also lessens the risk and therefore the cost of capital.
An audit can uncover inaccuracies and discrepancies within an organizations records,
which may be indications of weak financial organization or even internal fraud,
although fraud detection is not the main purpose of an audit.
it helps you obtain an independent opinion from the auditor concerning your
business
74
75
21. Questionnaire
Sr. No.
Particulars
Observations
1.0
installed
at Data Centre /
2.0 Hardware
Installation
of Computers:
yes
Branch:
Item
Refer Annexture-1
/Computer Dos & Donts. Qty.
Average age
1.12.1
Computer
with are
Hard
Disk
WhetherSystem
computers
maintained
in dust free8
1.2
environment?
Computer
System without Hard disk
1.32.2
Servers
Whether computers were kept clean?
1 Yes
continues
1.42.3
1.72.4
Thin-client
Whether separate electrical supply line has
been
Router
provided for computer equipment with
Switches
necessary circuit breakers?
Whether computers have been housed in
Hubs
1.8
1.9
facility of locking?
Scanners
2.5
1.10
1.15
Whether
Printer
(Dotearthing
Matrix) for electrical line is checked
No
at
Printers (Inkjet/Laserjet)
2
periodic intervals? (Reading on the voltage
Passbook Printers
meter on neutral points should show between
UPS
1
0-5 ampere)
Whether Earthing of the building is checked at
Others
No
periodic intervals?
Lease Line
2
2.7
1.16
Whether
detailed map of the cable lay out
Dial
up net work
1.5
1.6
1.11
1.12
1.13
2.6
1.14
1.17
1.18
2.8
1.19
2.9
Yes
Yes
50
5 Yes
No
1
4
1
Whether
LAN
CablingHUBS have been installed in a secured2 Yes
place? (To avoid possible physical tampering)
Whether LAN cables have been allowed to trail
No
on the floor?
2.10
2.11
No
Yes
no
(Branch/DC/DR)
76
3.0
3.1
yes
yes
Yes
Yes
No
Yes
3.7
Yes
3.8
Yes
3.9
Yes
Yes
No
Yes
condition?
3.13
No
of controlling devices?
3.14
77
is checked daily?
no
3.15
No
3.16
Yes
Yes
Yes
all cameras?
3.19
Yes
No
centre?
How
many days recording of CCTV are made
90 days
available?
3.22
Yes
Yes
Whether is it supervised?
Yes
Yes
Yes
3.28
3.29
Yes
Yes
No
78
3.30
Yes
4.0
Scanner:
4.1
No
No
Fire Extinguishers:
5.1
5.2
5.3
yes
5.4
January
5.5
no
6.0
Physical Security:
6.1
yes
yes
yes
is done periodically?
6.4
6.5
79
6.6
6.7
/ repairs?
Whether any item is in irreparable condition?
6.8
Yes
Yes
Yes
7.0
7.1
Insurance Company
ii
Policy Number
iii
Sum insured
iv
Valid up to
Risk covered
vi
Premium
7.2
Rs.
Rs.
company?
Details of pending claims:
ii
Loss estimated
iii
Survey carried on
iv
Existing status
8.0
Hardware Maintenance:
8.1
Rs.
Yes / No
Period
yes
ii
Yes
iii
Servers
Yes
continues
iv
Thin-client
Yes
Router
80
2
viii
Modems
Yes
ix
Scanners
Yes
Yes
xi
Printers (Inkjet/Laserjet)
Yes
xii
Passbook Printers
xiii
UPS
Yes
xiv
Others
xv
Lease Line
Yes
xvi
xvii
ISDN Lines
xviii
Yes
xix
LAN Cabling
Yes
8.2
8.3
8.4
8.5
8.6
8.9
Whether a log-shee
Whether name, address,
telephone numbers,
etc. is noted in
Who is the system administrator
of the Branch /
Data Centre / D. R. Centre?
81
Mr.Bilal Khan
Yes
no
No
Yes
Yes
office hours?
9.6 Whether periodic checking of UPS
& batteries is
No
done?
9.7 Whether record to that effect has
been kept?
9.8 What is the duration for which
computer system
can function on UPS?
9.9 When UPS was put to use last?
9.10
No
2 hour
Daily basis
Anti-Virus:
Yes
Sophos antivirus
6 mnth ago
82
10.0
Anti-Virus:
10.1
yes
10.2
Details.
10.3
10.4
10.5
10.6
Yes
Yes
6 month ago
No
fixed time?
10.7
Yes
11.0
Software:
11.1
11.2
Whether it is latest?
11.3
11.4
T-twenty four
Yes
Yes
Office 2013 instaled
No
11.6
No
12.0
Software Maintenance:
12.1
13.0
Back up:
13.1
It department
program?
83
13.2
If yes, when?
13.3
13.4
13.5
recorded?
Whether Hard_disk-to-Hard_disk back up is
weekly basis
No
No
No
taken?
If yes, when?
13.6
No
No
cabinet?
13.7
branch etc.?
13.8
Yes
13.9
No
13.10
No
Yes
device?
13.13
Whether monthly
14.0
Data Purging:
14.1
tested periodically?
Yes
purging?
14.2
Yes
been taken?
14.3
14.4
Yes
Yes
84
tested periodically?
14.0
Data Purging:
14.1
Yes
purging?
14.2
Yes
been taken?
14.3
14.4
Yes
Yes
restricted?
14.6
No
Yes
kept?
14.8
15.0
LAN Security:
6 month ago
Login Controls:
Whether User Management norms have been
Yes
Yes
ix
Yes
85
Auto Log off should be activated in case Login is not done for 2 days.
Activation rights should be with HO EDP only.
iii
iv
v
vi
Yes
Yes
Yes
No
viii
ix
5
Unlimited time in working hours
No
No
xi
No
xii
in the system?
Whether branch has suspended
user-ids of staff
No
Yes
iv
allotment of
Password iii
3 times in 60 days
password?
Whether Password expires
automatically after
no
No
86
iii
Yes
iv
Yes
password?
Whether Password expires
automatically after
No
vi
no
vii
alphanumeric? (Preferably)
Whether system ensures that
Password is
Yes
character?
Whether system ensures that login
Yes
id and
ix
No
xi
and maximum
Whether Password policy has
been
No
xii
documented?
Whether branch has maintained
Password Issue
No
xiii
Yes
87
Yes
(Preferably)
xviii Whether copy-paste of user id and
No
password
has been disabled? (Preferably to
15.
3
i
no
Terminal Controls:
Whether computer system has
been instructed
Yes
Temporal Controls:
Whether the user and terminal is
provided with
Yes
specified times in
Dial up Controls:
Whether dial back provision is
made in case
88
The placement is situation specific and the auditor needs to be convinced about the
logic of the decision.
iii
intranet
users?
The placement is situation specific and the auditor needs to be convinced about the
logic of the decision.
iv
Yes
No
vii
viii
No
intervals?
If yes, How often?
Is it updated when a patch is
available?
Yes
Firewalls too need regular updation like the anti virus files which have to be
updated for the new signature list for the software to use.
ix
Yes
Yes
xii If users are allowed to connect from The Auditor should be convinced by
the in
the information systems engineer
about the security assurance in such
a situation.
x
Yes
89
The Auditor should be convinced by the information systems engineer about the
security assurance in such a situation.
xi
Yes
Yes
Registers:
Whether
Whether up to
maintained?
date?
yes
ii Back up register
yes
no
yes
v
i
vi
i
vii
i
i
yes
yes
no
no
90
17. Registers:
0
17.1 Whether following registers are
maintained & if
yes, whether up to date?
i Dead stock register for computers
ii Back up register
Whether
maintained?
Yes
Yes
No
Yes
Yes
No
Whether up
Yes
No
No
x User register
Yes
No
Yes
yes
Yes
No
No
P Trial balance
r
Yes
Yes
Yes
x All O. K. Statement
Yes
xi General ledger
Yes
xi Loan ledger
i
xii Deposit ledger
Yes
91
22. Conclusion
The purpose of our project is to identify the problems and how we can a bank can
improve his performance. We observed that what type of hard ware used in bank and
how the bank keep his records .The bank is using the special software which is named
as T24 having price of 100 million for keeping the records. For security purpose
bank using antivirus named as Sophos and bank keeps his backup on weekly basis.
The bank is using the tree topology. But the bank can no keeps record of change in
password 3 time in 6 months.
92
23. Reference
1.https://www.google.com.pk/search?
q=bank+alfalah+logo&oq=bank+&aqs=chrome.0.69i59l2j69i57j0l3.1990j0j4&source
id=chrome&es_sm=93&ie=UTF-8#q=bank+alfalah+
2. http://www.bankalfalah.com/personal-banking/deposit-accounts
3. http://www.bankalfalah.com/treasury-institutional-banking/financial-institutions
4.https://www.google.com.pk/search?
q=bank+alfalah+logo&oq=bank+&aqs=chrome.0.69i59l2j69i57j0l3.1990j0j4&source
id=chrome&es_sm=93&ie=UTF-8#q=topology
5.https://www.google.com.pk/search?
q=bank+alfalah+logo&oq=bank+&aqs=chrome.0.69i59l2j69i57j0l3.1990j0j4&source
id=chrome&es_sm=93&ie=UTF-8#q=information+audit
6.http://www.isaca.org/knowledgecenter/research/researchdeliverables/pages/information-systems-auditing-tools-andtechniques.aspx
24. Bibliography
93
94