Bank Alfaha

1.
Introduction
Central Background Information
Banking is one of the most sensitive businesses all over the world. Banks play
an important role in the economy and are considered as the backbone of an economy
in every country and Pakistan is no exemption. Banks are custodian to the assets of
the general masses. The banking sector plays a significant role in a contemporary
world of money and economy. It influences and facilitates many different but
integrated economic activities like resources mobilization, poverty elimination,
production and distribution of public finance. Pakistan has a well-developed
banking system, which consists of a wide variety of institutions ranging from a
central bank to commercial banks and to specialized agencies to cater for special
requirements of specific sectors. The country started without any worthwhile banking
network in 1947 but witnessed phenomenal growth in decades to come.
By 1970, it had acquired a flourishing banking sector. Nationalization of banks
in the seventies was a major upset to domestic banking industry of the country, which
changed the whole complexion of the banking industry. With irrational decision at the
top all the commercial banks were made subservient to the political leadership and the
bureaucracy. The commercial banks thus lost their assets management equilibrium,
initiative and growth momentum. They ceased to be a business concern and became
big bureaucracies. The era of nineties was the climax of privatization, deregulation
and restructuring in the domestic banking industry and financial institutions. The
Muslim Commercial Bank waste first bank to privatize. Followed by Allied Bank
limited, United Bank Limited and Habit Bank Limited have all been privatized.
The portfolio concentrates on all aspects of conventional banking as well as
the financial needs of corporate sector. Dynamic and high value product includes Car
Financing , Funded and unfunded loans, Priority banking, Credits Cards, Debit Cards,
On line Banking, ATM and money transfer etc. In addition to this, Islamic Banking
Division is a separate working entity. The bank is committed to combine all its
energies and resources to bring high value, security and satisfaction to its customers,
employees and shareholder. The bank has invested in revolutionary technology to
have an extensive range of products and services.
This facilitates commitment to a culture of innovation and seeks out synergies with
client and service providers to ensure uninterrupted services to it customers.
2.Company Background
Bank Alfalfah Limited (BAL) is a private bank in Pakistan owned by the
Abu Dhabi Group. Bank Alfalfah was incorporated on June 21, 1997 as a public
limited company under the Companies Ordinance 1984. Bank Alfalah is registered at
both Karachi and Lahore Stock Exchange with a ticker name of BAFL. Its banking
operations commenced from November 1, 1997. The bank is engaged in commercial
banking and related services as defined in the Banking companies ordinance, 1962,
with the registered office at building, I.I.Chundrigar Road, Karachi. Since its
inception, as the new identity of H.C.E.B (Habib Credit and Exchange Bank Limited)
after the privatization in 1997, the management of the bank started implementing
strategies and policies to carve a distinct position for the bank in the market place.
Now Bank Alfalah Limited ha a network of 282 branches that include 48 Islamic
Banking branches..The portfolio concentrates on all aspects of conventional banking
as well as the financial needs of corporate sector. Dynamic and high value product
includes Car Financing ,Funded and unfunded loans, Priority banking, Credits Cards,
Debit Cards, On line Banking, ATM and money transfer etc. In addition to this,
Islamic Banking Division is a separate working entity. The bank is committed to
combine all its energies and resources to bring high value, security and satisfaction to
its customers, employees and shareholder. The bank has invested in revolutionary
technology to have an extensive range of products and services. This facilitates
commitment to a culture of innovation and seeks out synergies with client and service
providers to ensure uninterrupted services to its customers.
3.Vision
vision statement identifies where the organization intends to be in the future or

or where it should be to best meet the need of stakeholder .vision statement
incorporated a shared understanding of the nature and purposes of the organization
and uses this understanding to move the organization toward a greater purpose.
The vision of Bank Alfalah is
Vision
To be the
premier organizations
operating locally and
internationally that provided the
complete range of financial
services to all segments under
one roof
Bank alfalah is one of the leading financial institutions ,bank alfalah operates only in
Pakistan now soon it will go internationally ,and bank alfalah day by day increasing
its product for all the segment in Pakistan for business .Industrial, agricultural and for
the government bodies in the country. bank alfalah is trying to reach each segment in
Pakistan and trying to provided its product at lowest changes and easiest way, under
on roof.
4. Mission statement
Mission statement are enduring statement of purposes that distinguish one

business from other similar firm, a mission statement identifies the scope of firm
operation in product and market terms. it addresses the basic question threat faces all
strategists a clear mission statement describes the values and priorities of an
organization. mission statement broadly Charts the future direction of an organization.
MISSION
To develop and deliver the most
innovative products, manage
customers experience, deliver quality
service that contributes to brand
strength, establishes a competitive
advantage and enhances profitability,
thus providing value to the stakeholders
of the bank
To provide the new and more innovative products than the other
banks to the customers.
To take and manage the ideas of the valuable customer for the Bank
This is a one of the main component of Bank Alfalah Mission
Statement that to deliver high quality and quick services to the customers,
who are keep great value for Bank Alfalah.
Bank Alfalah tries to promote those activities which give the
fruitful result to the customers and the stakeholder of the bank.
5. Branches network
Bank Alfalah is Pakistans sixth largest Bank and now boasts a branch
network of 500 branches across 172 cities in Pakistan along with a presence in
Bangladesh, Afghanistan, Bahrain and the UAE. It is also the largest acquirer of credit
cards in Pakistan and enjoys a strong position in the SME and Islamic Banking
segments.
6. PRODUCTS & SERVICES
With the mission to provide all-encompassing banking services to the

customers, Bank Alfalah has a uniquely defined menu of financial products. Currently
it is one of the most comprehensive portfolios of personalized financial solutions that
are custom-tailored to serve the requirements not only of conventional customers but
also fulfill the needs of the corporate sector:
Product and services of bank Alfalah

Personal banking
Corporate & investment banking
Treasury& institutional banking
Business banking
Branchless banking
Self banking services
Islamic banking
Personal banking
Deposit Account
Our deposit suite has been designed keeping the diverse needs of our
customers. From basic banking accounts, term deposits, foreign currency to structured
savings products, choose the option that best suits your needs and start enjoying your
daily banking services through our vast branch network and self service banking
solutions.
Alfalah Kamyab Karobar - Online Current Account
Alfalah Kifayat Monthly Savings Account
Alfalah Mahana Amdan Term Deposits
Alfalah Current Account
Alfalah Savings Account
Alfalah Royal Profit Account
Alfalah Basic Banking Account
Alfalah Foreign Currency Accounts
Alfalah Care Senior Citizens Savings Account
Apply for Deposit Account
Alfalah Kamyab Karobar Online Current Account

Enjoy unmatched accessibility to funds anywhere in Pakistan with a host of
free services. With Alfalah Kamyab Karobar Account, you grow your business while
we take care of your banking needs.
Features & Benefits
Free online funds transfer through any Bank Alfalah branches
Free cheque book, pay orders and demand drafts
Free online cash withdrawal and deposit transactions
SMS alerts on every transaction
Up to 90% financing facility on deposited amount
Debit/ATM Card VISA accepted at over 30 million outlets and more than 2
million ATMs worldwide
Open with an initial deposit of Rs. 1,000 only by visiting your nearest Bank Alfalah
branch from a network of over 540 online branches nationwide.

If you are looking at earn monthly profits while enjoying ease and access to
your growing savings at all times? Alfalah Kifayat Savings Account is what you are
looking for!
Features
Earn profit of up to 7%* per annum
Profit is calculated on monthly average balance and paid every month
Unlimited facility for cash deposit and withdrawal
Minimum monthly balance requirement of Rs. 10,000 only
Free monthly e-statements
SMS alerts for every transaction
Convenience of online banking across all Bank Alfalah branches nationwide,

with no charges within city
VISA ATM/Debit Card accepted at more than 4500 1-Link network ATMs and
over 30 million outlets and more than 2 million ATMs worldwide.
Alfalah Mahana Amdan Term Deposits
If you looking to earn high rate of returns on your fixed deposits with the
benefit of monthly profits, then Alfalah Mahana Amdan is best suited for you.
Features and Benefits
Invest with a minimum deposit of Rs. 50,000 for1 year term deposit & Rs.
100,000 for 3 years term deposit
Attractive rate of 8.5%* on 1 year term deposit & 9%* on 3 year term deposit
Profit paid every month
Financing facility up to 90% of the deposited amount
Visa ATM/Debit Card accepted at more than 4500 1-Link network ATMs in
Pakistan and over 30 million outlets and over 2 million ATMs worldwide
Alfalah Current Account

Enjoy your everyday banking needs with absolute ease through our noninterest bearing Current Account, giving you instant access to your cash from any
branch across our growing network.
Features & Benefits
Minimum monthly balance requirement of Rs. 5,000 only.
No restriction on number of monthly deposit or withdrawal transactions.
Easy access to funds through cheque book and VISA Debit/ATM Card that can
be used globally at over 30 million outlets and at more than 2 million ATMs.
Free online banking across Bank Alfalah branches nationwide

Enjoy your basic banking needs with complete ease while you also start
earning profits on your savings for a more protected tomorrow.
Features & Benefits
Open with an initial deposit of Rs 100 only
No monthly minimum balance requirement
Profit is calculated on the average balance
Profit if paid semi-annually
No restriction on number of monthly deposit or withdrawal transactions
Easy access to funds through cheque book and VISA Debit/ATM Card that can
be used globally at over 30 million outlets and at more than 2 million ATMs
Convenience of online banking across all Bank Alfalah branches nationwide.
Alfalah Royal Profit Account
10
If you have a business that deals with large transaction volumes, then our
Royal Profit Account is the best choice to meet your daily financial requirements. It
encompasses the flexible features of a current account whilst also giving you the
benefits of a savings account.
Features & Benefits
Minimum monthly balance requirement of Rs. 50,000 only
Profit is calculated on average balance and paid on a monthly basis.
Higher returns on higher balances
Unlimited monthly deposit and withdrawal transactions.
Alfalah Basic Banking Account

If your basic banking requirements do not require multiple monthly cheque
transactions, then our non-interest bearing Basic Banking account may fulfill your day
to day banking needs with no minimum balance requirement or restrictions on ATM
withdrawals.
Features Benefits
Open with an initial deposit of Rs. 1,000 only
No monthly minimum balance requirement
2 free deposits and 2 free withdrawal transactions every month through cheque
VISA Debit/ATM Card accepted at over 30 million outlets and more than 1.5
million ATMs worldwide.
Alfalah Foreign Currency Accounts
11
To manage your foreign currency transactions with security, ease and

convenience , you can place your funds in our Foreign Currency Current and Savings
Accounts.
Foreign Currency Current Account
Non-profit bearing checking account
Account can be opened in US Dollar, Pound Sterling, Euro or Japanese Yen
Minimum balance equivalent to 100 (USD, GBP, EUR) or 5,000 Yen
Foreign Currency Savings Account
Account can be opened in US Dollar, Pound Sterling, Euro or Japanese Yen
Minimum balance equivalent to 250 (USD, GBP, EUR) or 10,000 Yen
Profit is calculated on the daily balance and paid on a semi- annual basis
Loans
We have designed our loan products keeping your individual needs in mind. With
affordable tailor-made financing options that offer you the flexibility to choose your
repayment plans, we help you stay in control of your finances and make the most of
lifes opportunities today.
12
Alfalah Car Financing

Getting your dream car was never this easy. Personalized to perfectly suit your
needs, Alfalah Car Financing offers affordable, tailor-made financing options along
with special features to help you enjoy your most preferred car in no time.
Features and Benefits
You can choose a car that is new, used or imported
Select your monthly installment plan from multiple tenure options up to 5

years
Fixed and variable rate options to cater every budget
Pay as much as you like with down payment flexibility
Enjoy special comprehensive insurance rates for complete peace of mind
No termination charges on car replacement
Apply with minimum documentation and hassle free quick processing
Credit Cards
Bank Alfalah chip based credit cards open up a world of lifestyle privileges
and financial freedom that allow you to enjoy living life today just the way you
want to! The newly designed chip based credit card offers you enhanced security
features to protect your information from fraudulent acts. The chip generates dynamic
values for each transaction, providing greater security every time you swipe.
13
Your existing Alfalah Credit Card will soon be upgraded to a chip-based credit card or
you can choose a card that best suits your lifestyle needs. Become part of the largest
credit card
family in the country and enjoy unparalleled service and discounts every time you
travel, shop or dine out
Alfalah Platinum VISA Credit Card

Welcome to the world of Alfalah Platinum. As an Alfalah Platinum Credit
Card member, you can enjoy the finest privileges and the utmost level of services
coupled with unmatched rewards and benefits.
Alfalah Titanium Master Card
14
As a Bank Alfalah Titanium Master Card member, you can enjoy countless
benefits and privileges.
Features & Benefits
Global Reach and Acceptability
Fabulous Rewards
Cash Advance
Balance Transfer Facility
E-statement Facility
SMS Alerts
Bill Payment Facility
24 Hour Customer Service
Alfalah VISA Gold & Classic Credit Cards

Welcome to the world of Alfalah VISA Credit Cards. As an Alfalah VISA
Credit Card member, you can enjoy numerous benefits and privileges.
15
Features & Benefits
Global Reach and Acceptability
Fabulous Rewards
Cash Advance
Balance Transfer Facility
E-statement Facility
SMS Alerts
Bancassurance
Our Bancassurance solutions are specially designed to help you protect and
secure a stable future with your loved ones. Partnering with leading insurance
companies in the country, we offer a diverse range of insurance plans, customized to
meet your savings, education, marriage and retirement needs at every stage in life.
16
Alfalah Qalam Education Plan

Alfalah Qalam Education Plan is an education savings plan being offered in
collaboration with EFU Life.
Benefit
Accidental Death & Disability Benefit
Accidental Death Benefit
Income Benefit
Alfalah Bandhan Marriage Plan
Features & Benefits

Fund Selection Option
Under this option the policy holder can select a unit fund based on their risk
appetite and investment objective at the inception of their policies. The policy holder
will have an option (conditions apply) to select from the following three unit funds:
EFU Managed Growth Fund
EFU Guaranteed Growth Fund
EFU Aitemad Growth Fund

Optional Benefits
Accidental death & disability benefit
Accidental death benefit
17
Income benefit
Eligibility
The plan is available to all Bank Alfalah customers between 18 to 65 years of age.
Term of Plan
Minimum Term: 10 years Maximum Term: 25 years subject to a maximum age of
75 years at the time of maturity.
Premium Limit
Minimum: Rs. 25,000 annually
Maximum: No limit
Alfalah Sakoon Retirement Plan

With this plan, your contributions are invested in accumulation units to build
up substantial capital. At retirement, this capital is applied to provide a pension
payment starting from the 60 years of age.
Optional Benefits: Available for working females only:
Waiver of premium
Family income benefit
18
Additional term assurance
Accidental death & disability benefit
Accidental death benefit
Medical recovery bene00fit
Life care benefit
Home Remittance
We offer unmatched services for overseas Pakistanis to send money home fast and
free across our large network of over 470 branches in more than 160 cities across
Pakistan. Enjoy the convenience of sending home remittances to your loved one
through our International Send Agents in any of the following modes.
Cash over Counter: Your remittance can be collected by your loved one in
cash of up to Rs. 500,000 from any of our branches across Pakistan.
Cash over Account: You can send money to Pakistan through hassle free
account credit in a Bank Alfalah maintained account or in an account in any RTGS
member bank.
Pay Order/ Demand Draft: If you are maintaining an account with a nonRTGS member bank, you can conveniently send money through Pay Order or
Demand Draft facility.
19
Money Gram Services
Our collaboration with Money Gram a global leader in worldwide money

transfer services, offers unmatched services to send and receive money from
worldwide agents in 300,000 locations across 197 countries and territories worldwide.
Our large network of over 470 branches in more than 160 cities across Pakistan gives
you the same choice and convenience locally.
Feature & Benefit
Its quick your money is where its needed in just 10 minutes.*
Its convenient with 300,000 money transfer agents around the world, youre
never far away from Money Gram.
Its available to everyone you dont need a bank account or credit card.
Its easy just visit a Money Gram agent and complete one simple form.
Its personal you can add a complimentary 10-word message.
20
Corporate banking
Working Finance
Successful businesses often experience considerable pressure on the available
finances due to timing difference of cash inflows and outflows, up-gradation of
existing facilities and business expansion.
Our dedicated team of relationship managers can structure tailor-made credit solutions
to meet your specific short-term or long-term funding requirements. The loans are
provided at competitive rates and are structured to enhance your profitability by
scheduling the repayment to match the cash flow available to repay the debt.
Bank Alfalah offers working capital finance by way of overdraft or working capital
loans suitably structured to your needs and your risk profile. These products are
designed to ease the liquidity position of our clients.
Trade Finance
We offer a wide range of trade services designed to meet a range of our corporate
clients needs. We have Industry specialists who are professional and seasoned to
make sure that all your trade finance requirements are taken care of with precision and
21
skill. The team is strongly supported by a wide and effective correspondents network
spread worldwide. Our team of specialists goes the extra mile to ensure that our
customers` experience with the below mentioned services is nothing but exceptional.
Letter of Credit
Import Finance
Export Finance
Bank Guarantee
Capital Market Operations

We provide capital market services to various companies including our
existing customers. The following services are part of Capital Market Operations;
Bankers to the Issue for Initial Public Offerings (IPOS)
Offer for Sale of Shares (OFS)
Right Share Issues
Dividend Redemption
The Bank also provides the requisite MIS of all the banker to the issue/dividend
transactions on the prescribed format as and when required by the customer.
Investment Banking
Our seasoned Investment Banking team is fully equipped to help you in the
following areas:
1.
Leveraged and Structured Finance
2.
Project and Infrastructure Financing (Recourse & Non-recourse based)
3.
Debt Syndication (Conventional and Islamic both)
4.
Capital Market Issues (Listing and private placement of corporate bonds,

sukuks, commercial papers, preference shares, right shares in addition to initial
and secondary public offering of ordinary shares)
Treasury& institutional banking

Foreign Exchange
22
Our FX desk is one of the most active participants in the interbank market
dealing in ready, spot, forward and swap transactions for all major currencies. Our
sizable FX Book allows us to be a market maker in the interbank markets of Pakistan,
Afghanistan and Bangladesh.
Fixed Income
Our dedicated fixed income trading desk is one of the most active participants
in all segments of the domestic money and bond markets.
Derivatives and Structured Products

We offer advisory support to our customers on foreign exchange and interest
rate hedging solutions.
Business banking
Alfalah SME Toolkit
Bank Alfalah is proud to be the first bank in Pakistan to introduce an SME
toolkit in partnership with International Finance Corporation (IFC). It is an online
business management tool dedicated to help small and medium enterprises to develop
sustained growth through implementation of business practices based on information,
communication and technology.
23
The need for supporting SMEs has never been stronger in Pakistan. Small businesses
are amongst the highest with growth potential and innovation, with businessmen from
all walks of life, working hard to positively impact the society and consumers with
innovative products and services.
Business Accounts
Our Business Banking team is committed to working in conjunction with our
SME clients as trusted partners in their progress and success. Whether your operations
include sole trading, manufacturing or exporter, we aim to understand your evolving
business requirements needs and offer you a broad range of customized financial
solutions and services to help you achieve your goals.
Offering a complete product menu including Business Accounts, Loans, Working
Capital Finance, Trade Finance, Transaction Banking and Financial Advisory
Services, we work to enhance your business growth, access and convenience.
Alfalah Karobar Finance

Alfalah Karobar Finance offers running finance, LG, LC and other
import/export related facilities against mortgage of residential/commercial property.
24
Feature and benefits
Stock insurance not required.
Only 25% cleanup required.
Affordable markup rates to be paid on a quarterly basis
Quick processing and loan disbursement
Minimal processing charges
Alfalah Quick Finance

With Alfalah Quick Finance you can meet your immediate personal or
business expansion needs while keeping your savings secure. A personal/business
loan which includes running finance as main limit and all other import/export related
facilities as sublimit against National Saving Certificates, Prize Bonds and PKR/FCY
deposit.
Features and benefits
Up to 90% financing against security deposit
A personal/business loan against National Saving Certificates, Prize Bonds &

PKR/FCY deposit
The amount of financing under Alfalah Quick Finance ranges from PKR.
50,000 to PKR. 300M
Quick and convenient processing.
Third party collateral acceptable
Alfalah Debit Card facility
Lease Finance
25
We work very closely with our clients and strive to deliver the most
comprehensive and tailored leasing products to meet all their business needs. With
one of the most competitively priced solutions, with flexible terms & conditions based
on your choice of assets, repayment, pricing, and tenures, we can help you preserve
working capital in your business, while benefiting from the use of the equipment.
Personal Savings & Banc assurance Products

In order to not simply grow your savings and protect your future, we offer a
diverse range of Savings and Banc assurance solutions:

Alfalah Mahana Amdan Term Deposit
Agri Loans
We realize the strong contribution of agriculture in our countrys economy and
the growing financial needs of our farmers. Our Rural Finance Program Alfalah
Zarie Sahulat offers finance facilities covering an entire spectrum of farming and
non-farming needs with a wide range of products on flexible short, medium and long
term repayment tenures at affordable markup rates.
26
Branchless banking
Mobil paisa
Bank Alfalah has joined hands with Warid Telecom to launch Mobile Paisa;
a branchless banking service which aims to provide innovative, technology based
financial solutions to customers. Mobile Paisa currently offers customers with Over
the Counter (OTC) facilities for making utility bill payments as well as Person to
Person (P2P) funds transfer services via 2000 plus agent locations across Pakistan.
With the launch of Mobile Paisa, the Bank aims to support the creation of a
branchless banking and alternate payments ecosystem which is likely to augment
financial inclusion in the country, thereby reducing the gap between the banked and
the yet-to-be-banked.
G2P
27
Bank Alfalah Limited has been selected as one of the partners for two key G2P
projects, namely, Watan Card Programmed and the Benazir Income Support Program
(BISP). In phase I, BAL disbursed Rs. 20,000 each to nearly 108,000 families. For
this effort, BAL issued VISA debit cards, called Watan Cards, to beneficiaries
identified by NADRA and GoP. BAL created 18 centers in Punjab and Gilgit-Baltistan
provinces to disburse Cards and Cash to affected persons.
Phase II of this project constitutes a disbursement of Rs. 40,000 per beneficiary in two
transactions as and when notified by NADRA/GoP. A total disbursement of
Rs.1,597.12 million, as of November 2012, has been expended in districts of Gilgit,
Hunza, Skardu, Jhang, Khushab, Sargodha, Multan and Rahim Yar Khan.
Self services banking

Alfalah VISA Debit/ATM Card
Welcome to our world of VISA Debit/ATM Cards; as an Alfalah VISA
Debit/ATM Card member, you can enjoy the following countless benefits and
services.
28
Features & Benefits

Funds Transfer
Cash Deposit & Withdrawals
SMS Alerts
Transaction Details on Statement
Alfalah VISA Debit/ATM Card Guideline
SMS Alert Service

With our SMS Alerts Service, you can keep track of your transactions 24/7. By
subscribing to the service, you can receive real-time SMS updates for transactions
conducted on your Debit Card. It also helps you keep track of all your POS, ATM, inbranch and supplementary Card transactions as and when they are conducted.
E-statements
With our e-statement service, you can receive monthly, quarterly or half-yearly
account statements directly via email. This facility is offered to you at no extra cost,
all you need is a personal e-mail address to which your e-statements will be sent.
29
7. Departments:
Cash Department
This Department is given the complete responsibility of Cash as a transaction
in touch local and foreign currencies it is also responsible for the book keeping for
these transactions and the safe custody of cash.
This department performs the main function:
Cash Receipts
Cash Payments
Cash Receipts:
In Cash Department Depositors use deposit slips for depositing the amount
into their account the officer checks if the deposit slip is properly filled up containing
title of account, A/C number and amount in words and figures.
Cash Payments:
First the cheque is presented by the customer or holder to the cash payment
officer. He confirms that it is drawn on the same branch and the particulars of cheque
are properly filled. One Signature or the holder is taken on the back of the cheque.
Clearing Department
The process by which cheque exchanged between the collecting and paying
bank and the ensuing financial settlement is called clearing. This facility is provided
by the state bank of Pakistan for offsetting of cross obligations between the different
banks.
Clearing is of two types:
Inward Clearing
When Cheque drafts etc, of our branch presented to us for clearing by the
SBP. Cheque to be honored by bank.
30
Outward Clearing
The Cheque of other banks, which the account holder deposit in their accounts
is, sends for collection.
Remittance Department
The need of remittance is commonly felt in todays business. A major function
of any bank it to transfer of funds from one place to anther. Bank Alfalah uses the
following modes of transfer of funds.
Demand Draft (DD)

Its an instrument, which is use to transfer from on city to another it can be
made on cash as well as on cheque, if it is made through cheque that it is necessary
the person must be account holder while in case of cash any person can make. It
consists on three copies.
1) Original Copy, which is given to the account holder
2) DD advice sent to the central branch
3) Third party for reconciliation. Its photocopy is kept with bank while
original is send to head office for reconciliation.
Telegraphic Transfer (TT)

It is another mode of transfer of funds. It is quickest mode of transfer of funds
from one city to another. For TT, client has to submit the application on a prescribed
form of the bank. Client can deposit money in to the bank or can request the bank to
deduct the amount against the TT along with the charges against the issuance of TT
from his account. The charges against the issuance of TT charged by Bank Alfalah.
Pay Order (PO)

Written order which is issued and received to the save book or drawn or
payable on same branch. Application form is given to the customer to fill two
31
signatures are taken on the form one for request and the other for receiving the
instrument.
Call Deposit
When the party wants to give the payment from it self to another party then its
makes call deposit the bank keeps it with itself unless it does not receive instruction
from the bank. Normally it is pain in cash and goes in party account.
Pay Slip
It is use when bank itself pay for any transaction for e.g purchase of stationary.
Money Gram
Its basically a person to person money transfer service that allows consumer to
receive money in just a few minutes.
Accounting Department
Account department is the most important department of the bank because it is
concerned with:
Revenue
Income from sales of goods and services, minus the cost associated with
things like returned or undeliverable merchandise also called & quot ales&quot
"Net Sales", "Net
Revenue&quots and just plain "
Revenue&quot.
Expenses
All operating, overhead and production costs incurred in producing gross revenue.
Assets
Assets include holdings of obvious market value (cash, real estate), harder-to-measure
value (inventory, aging equipment), and other quantities (pre-paid expenses, goodwill)
considered an asset by accounting conventions but possibly having no market value at
all.
32
Liabilities
An obligation to pay. These include accounts payables, and bond and bank
debt.
Short Term Liabilities

Which are expected to be paid with in one year.
Long Term Liabilities

Which are expected to be paid in more than one year.
Business Department
At branch level it is branch managers job to bring business. He
goes to the market and convinces customer or clients for loans and
deposits.
Operation Department:
When customer come in the branch for deposits or taking loan
here operation managers job starts he perform different functions on
such as opening an account, demand draft, issue cheque books.
Credit Department:
This department engages in the function of granting loan to
borrowersi.e. consumers, small and medium enterprises and corporate
level after scrutinizing their ability to repay and other requirements.
Credit officer deals these kinds of activities in big branches he is also
known as credit manager.
Compliance Department:
This department performs the function of checking of rules and
regulation according to which loans are granted either is it according to
33
the prudential regulations or not. This department performs regulatory

services.
Administration Department:
Administration department perform admin functions as well
like payment of salaries to employees, security and other functions.
Foreign Exchange Department:

This department does not exist in every branch of bank but also
specific main branches. This department is designed to manage the
foreign exchange transaction just like import or export Letter of Credit
and other dealings with foreign country.
IT Department
Overview:
The IT Department's mission is to provide the information technology required
for the fulfillment of the laboratorys mission in an efficient and effective manner
through building world-class competencies in the technical analysis, design,
procurement, implementation, operation and support of computing infrastructure and
services.
The IT Department is a highly demanding computing environment, maintaining
extensive networks on both local and global scales, pushing new technologies to their
limits and providing a neutral ground for carrying out advanced R&D with various
partners.
Responsibilities of IT departments:
Now a days it department is considered a brain of any organization because its
provide 24 hour services to ensure that every thing is running smoothly and bank
system are exposed to out scale the world.
All communication throughout the branches
34
Monitoring the existing application running inside the organization.
Monitoring the critical
Provide services to operation department
Network and other communication media
Security of network and critical in house security issue
Its Department
1
network and communication
service management
relationship management
security and risk
technical support system
8. Network and communication:

This department is responsible of managing existing data network, managing
the voice network, managing the fax network such as internet, intranet & extranet,
lain, ,man ,wan and medium of communication just like telephone calls etc.
Service management:
This department is responsible for providing the service to new as well as
existing customer & this department try to deliver best and reliable services to
customer such as
Online banking
Online bill payment
35
Fund transfer
Mobile recharge
This department is responsible to mentoring the critical application to avoid any
financial loss& for the betterment of employee working.
Relationship management:
This department provide services to enhance the relationship of customer with
bank and provide the services like birthday wishing, wedding wishing ,sms alerts
balance inquiry, information about the product and services and create link with
customer up to time.
Security and risk :

This department safe the organization from hacking with the help of fire wall.
This department also responsible for inside and outside security problems & manage
security with the help of cctv camera and fire wall.
Technical support system :

This department main aims to solve the problem through remote location. this
department solve the problem through reviewer softwares .If any problem occur then
we call the IT office then IT department correct it.
5. Net work topology

Network topology refers to the physical or logical layout of a network.
It defines the way different nodes are placed and interconnected with each
other.
Example of net work topology is local area net work.
36
Types of topology
Physical topology
Physical topology emphasizes the physical layout of the connected devices
lain and nodes.
Logical topology
Logical topology focuses on the pattern of data transfer between network
nodes.
Physical topology
Star topology
Bus topology
Tree topology
Mash topology
Ring topology
Star topology
37
All the nodes are connected with central hub.

Central hub control all the computer hub exchanges the information.
Transmission occurred with hub.
If a person want to send a data other device firstly send the data hub then hub
transfer the data other device.
Advantages of star topology

Less expensive.
Easy installation and configuration.
Easy to fault identify.
No disturbed the device connecting and removing the device.
Less cable need.
38
Disadvantages of star topology

Depend a whole network with single hub.
Performance depends upon a central hub.
Limited capacity of nodes.
Applications
Local area net work
High speed LAN used .
Bas topology
Every work station connected with main cable or transmission cable .

Work station directly connected with other work station .
Bus topology used for small net work.
Send and receiving the sms at same time .
Advantages of bus topology

Easy installation
Used a less cable
Easy expand the bus net work
39
Bus topology used for small business .

Well suited for temporary net work.
Disadvantages of bus topology

Difficult to administer/trouble shoot .
Difficult add new device.
If one node fails, the whole network will shut down.
Maintenance costs may be higher in the long run.
Applications
Most computer mother board
Ring topology
40
In which each node connects to exactly two other nodes.

Data travel from node to node, with each node along the way handling every
packet.
Workstations are directly connected with other stations.
Advantages of Ring topology

Don not required a central hub .
Point to point configuration easy identify problem.
Data is quickly transferred( very fast, all data traffic is in the same direction)
Adding additional nodes has very little impact on bandwidth
Disadvantages of ring topology

All computers to communicate with each other, all computers must be turned
on.
Total dependence upon the one cable.
Data packets must pass through every computer its slow.
Applications
41
Used of offices building and school campus.
Tree topology
Alternative as a star bus topology.

Two or more star networks connected together.
Tree is also link central hub that controls the traffic of all net work.
Central hub is an active hub.
Advantages of tree topology

Expansion of Network is possible and easy.
Huge devices are connected
If one segment is damaged, other segments are not affected.
Error detection and correction is easy
Disadvantages of tree topology
42
It is more expensive due to cable

Whole connection depend a central hub if the central hub stop a working all
the devices are stop.
Increase the signals of distance.
Applications
Used multinational companies
Mesh topology
Each workstation is connected directly to each of the others.

Some workstations are connected to all the others, and some are connected
only to those other nodes with which they exchange the most data.
43
Each computer connected with all the computer
Advantages of Mash topology

If a one link damage they cannot effected the other link
It gives a privacy and security.
Fault identify easy
Disadvantages of mash topology

Ports required a very large.
Headwear required connected each device is expensive.
Applications
Telephone regional office
6. What is Intranet?
A within-organization computer network that uses Internet technologies to
communicate.
Accessed only by authorized persons, especially members or employees of the
organization.
Applications of Intranet
Sharing of company policies/rules & regulations
Access employee database
Distribution of circulars/Office Orders
Access product & customer data
Sharing of information of common interest
44
Launching of personal/departmental home pages
Submission of reports
Advantages of intranet
Fast easy low cast to implement

Based on open standards
Many tools available
Improvement communication
Support links with customer and partner
Disadvantages of intranet
Security from within

New budget
Cost training
Cost maintaining
Separate software might be needed for internet and e-mail
What is Extranet
An extranet is a private network that uses Internet technology and the public
telecommunication system to securely share part of a business's information or
operations with suppliers, vendors, partners, customers, or other businesses.
Applications of Extranet
Supply-chain management
Customer communications
Distributor promotions
Online continuing education/training
Customer service
Order status inquiry
Inventory inquiry
Account status inquiry
Warranty registration
Advantages of Extranet
45
Improved quality.
Lower travel costs.
Lower administrative & other overhead costs.
Reduction in paperwork.
Delivery of accurate information on time.
Improved customer service.
Better communication.
Disadvantages of Extranet
Faceless contact.
Information can be misused by other competitors.
Fraud may be possible.
Technical Employees are required
Supplier and customer are not proper knowledge
What is Internet?
It is a Global network of computers, (servers or clients) to exchange
information.
It is a "network of networks" that includes millions of private and public,
academic, business, and government networks (local or Global),linked by
copper wires, wireless connections, and other technologies
Applications of internet
Download programs and files

E-Mail
Voice and Video Conferencing
E-Commerce
File Sharing
Information browsing
Search the web addresses for access through search engine
Chatting and many more
46
7. Network:
Network is a collection of computers and devices connected together via
communication device and transmission media. Many business network their
computers to gather to facilitate communication, share hardware, share data and
information, share software and transfer fund. A network can be internal to an
organization or span to world by connecting to the internet.
TYPES OF NETWORK:
1. LAN
2. MAN
3. WAN
the main differentiate among these classification is their area of coverage.
LAN:
It stand for local area net work.
it connects the computer and devices in a limited geographical area(in a few
meter)such as a home, school computer laboratory, office building.

Each computer/device on a network is called node.
Often share resources such as printer, large hard disk and programs.
In this type of network the communication cost is very low.
The smallest LAN consists of exactly two computers, while a large one can
accommodate many thousands of computers.

Most local area networks use Wi-Fi or Ethernet for connectivity between
devices.
MAN:
A network in a city with high speed data transfer, which connects various
locations such as campuses, offices, government, and so on.
It stand for metropolitan area network.
Is a high speed network that connects local area network in a metropolitan
area such as city, town ( in a few km mostly 10 to 50 miles) etc.
47
It handle the bulk of communication in that region.

A MAN includes one or more LAN sbutr cover smaller geographical area
than WAN.
MAN is mostly used by telephone companies, cable television operators etc.
In this type of network the communication cost is very medium.
Communication technology is ATM and frame relay, x-25 and ip.
WAN:
it stand for wide area network.
A WAN can be consist of two or more LANs connected together.
it cover the large geographical area (several thousand km) such as city country
or world by using communication channel that combine many type of media
such as telephone lines, cables, and radio waves.
The internet is the worlds largest WAN
In this type of network the communication cost is very high.
Share information/files over a larger area
Network users can communicate by email and instant messenger
9. List of hard wear

No
Name of hard wear
Modal
price
Total
Total
amount
304000
Computer
Dell
38000
quantity
8
Printer
HP LaserJet Pro P1102w
16000
32000
HP Scanjet G2410
7300
7300
14000
3
Scanner
Bar coad reader
Metrologic
5
6
Telephone
ATM
voyager
Hair
Hantel MB1700w ATM
1500
224500
4
1
6000
224500
CCTV
Swann DVR-8-1500
7500
60000
USP
SUA5000R5TXFMR
80000
80000
Router
netgear
17000
34000
MS
9520 14000
48
10
Battery
AGS
20000
100000
11
Cash counting machine
Xd 2828
19899
19899
12
13
14
15
Emergency alarm
Generator
Water cooler
AC
ZAB-898
5 KVA DENYO/HONDA
VOLTAS
BS-Q126B8A4
6000
110000
8000
47490
1
1
1
4
6000
110000
8000
189960
CCTVE
The Swann DVR8-1500 D1 4-Ch DVR With 500GB & 8 x Pro-540 Day/Night
Cameras is a basic indoor/outdoor surveillance system with an eight channel DVR
and two indoor/outdoor, day/night weatherproof cameras. The DVR features a preinstalled 500GB HDD so you can begin recording immediately back up 90 days.
Leans quality is a good.
UPS
Output Power Capacity
4000 Watts / 5000 VA
Max Configurable Power
4000 Watts / 5000 VA
Nominal Output Voltage
120V, 208V
Output Voltage Distortion
47 - 53 Hz for 50 Hz nominal, 57 - 63 Hz for 60 Hz nominal
Topology
Tree Topology
49
Computer
Dell OptiPlex 755 Desktop
Specifications
Processor
Intel I3 2.1 Ghz
Memory
4GB DDR2 (512 x 2)
Hard Drive
500GB SATA
Optical Drive
DVDRW
Printer
Wireless networking helps reduce cable clutter.
Fast, efficient printing up to 19 pages per minute in black.
Direct print lets you print on the go from your smartphone or tablet.
150-sheet paper tray capacity can handle your larger jobs.
10-sheet priority feed slot is great of letterhead, envelopes and more.
Router
Emergency alarm
50
LCD screen display with menu and voice prompt

Support 99 Wireless defense zones.
Each can be defined as one of the 5 zone types optional
Four groups scheduled arm/disarm
Store 6 alarm phone number
Support ISD automatic voice mailbox for playback message upon alert.
Maximum support 100pcs remote control and 150pcs sensors.
Remote Arming /Disarming/Monitoring by phone
Can connect wireless intelligent switch for electrical appliances, support up
remote control of up to 99 sets appliance
Built-in booking function , can control 4 sets of appliance's on /off.
Unique black box function, can display recent 56 disarmed records and 72
recent
alarmrecording.
Wireless frequency :315/433Mhz
Cash counting machine
Banknote size: 90mm x 175mm -- 50mm x 100mm

Counting & Batch number display: 4 / 3 digits LED
Counting Speed: >900pcs. / min
Gross Weight: 6.5 kg
Hopper Capacity: 300 pcs.
Net Weight: 5.0 kgs
Power Consumption: < 80W
Power supply: AC220V, 50 Hz
51
10. Security risk

To Mitigate the security risk highly focus on the internal security measures
alone with physical security staff, and have a handsome check on security, it use
CCTV Cameras, Fire alarm, smoking alarm and a fit staff of Guards. To secure
information bank also have system security measure like firewall, anti malware
safeguard.
11. Firewall
A part of a computer system or network that is designed to block unauthorized
access while permitting outward communication.
Advantage
52
A firewall defines a single choke point that keeps unauthorized users out of
the protected network.

A firewall provides a location for monitoring security-related events. Audits
and alarms can be implemented on the firewall system.

A firewall can serve as the platform for IP Security.
Disadvantage
The firewall does not protect against internal threats.

Firewall cannot protect against attacks that bypass the firewall.
The firewall cannot protect against the transfer of virus-infected programs or
files email, messages.
12. What is virus?

A piece of code which is capable of copying itself and typically has a
detrimental effect, such as corrupting the system or destroying data.
What is a Trojan Virus?

Trojans are malicious programs that perform actions that have not been authorized
by the user. These actions can include:
Deleting data
Blocking data
Modifying data
Copying data
Disrupting the performance of computers or computer networks
53
What is a Trojan horses

Trojan horses are one of the most common methods a criminal uses to infect
your computer and collect personal information from your computer.
Purposes of Trojan virus
Crashing the computer, e.g. with "blue screen of death" (BSOD)
Data corruption
Formatting disks, destroying all contents
Use
of
the
machine
as
part
of
a bonnet (e.g.
to
perform
automated spamming or to distribute Denial-of-service attacks)
Electronic money theft
Infects entire Network banking information and other connected devices
Data theft, including confidential files, sometimes for industrial espionage,

and information with financial implications such as passwords and payment
card information
Modification or deletion of files
Downloading or uploading of files for various purposes
Downloading
and
installing
software,
including
third-
party malware and ransomware
Keystroke logging
Watching the user's screen
Viewing the user's webcam
54
Controlling the computer system remotely
Encrypting files; a ransom payment may be demanded for decryption, as with

the Crypto Locker ransom ware
System registry modification
Spread the Trojan virus

Trojans are the first stage of an attack and their primary purpose is to stay hidden
while downloading and installing a stronger threat such as a bot. Unlike viruses and
worms, Trojan horses cannot spread by themselves. They are often delivered to a
victim through an email message where it masquerades as an image or joke, or by a
malicious website, which installs the Trojan horse on a computer through
vulnerabilities in web browser software such as Microsoft Internet Explorer.
Other types of Trojans include:
Trojan-ArcBomb
Trojan-Clicker
Trojan-Notifier
Trojan-Proxy
Trojan-PSW
How to protect yourself against Trojans

By installing effective anti-malware software, you can defend your devices
including PCs, laptops, Macs, tablets, and smart phones against Trojans. A rigorous
anti-malware solution such as Kasper sky Anti-Virus 2014 will detect and prevent
Trojan attacks on your PC, while Kasper sky Mobile Security can deliver world-class
virus protection for Android smart phones. Kasper sky Lab has anti-malware products
that defend the following devices against Trojans:
Windows PCs
Linux computers
Apple Macs
55
Smart phones
Tablets
What is a Computer Worm?

A computer worm is a self-replicating computer program that penetrates an operating
system with the intent of spreading malicious code. Worms utilize networks to send
copies of the original code to other computers, causing harm by consuming bandwidth or
possibly deleting files or sending documents via email. Worms can also install backdoors
on computers.
Spread the worm in computer

Most known computer worms are spread in one of the following ways:
Files sent as email attachments

Via a link to a web or FTP resource
Via a link sent in an ICQ or IRC message
Via P2P (peer-to-peer) file sharing networks
Some worms are spread as network packets. These directly penetrate the
computer memory, and the worm code is then activated.
Viruses
Viruses can be divided according to the method that they use to infect a
computer:
File viruses
Boot sector viruses
Macro viruses
Script viruses
How can viruses spread through email?

Viruses can easily be transferred from one computer to another through
sending mails.
They may come as an attachment along with the emails.
Even if you receive a mail in your inbox, it can contain virus in it.
56
When you open and run the attached file, you are indirectly allowing the virus
to into your computer system.
This will slowly affect your hard drive and the entire system.
Often there will be mails like Spot offer, Lottery money, Free loan
which will be very attractive to read through.
To prevent such virus attacks, you need to
Keep your operating system updated

Install and update the anti virus tool on a regular basis
Do not download the attachments directly
Always open the attachments in the mail only after scanning them with an anti
virus software.
Keep your Microsoft office products in a secured level
Keep your Firewall on all the times
How to avoid email viruses and worms

Use a professional and dedicated email service such as Run box with strong
virus filtering.
Make sure that your Run box virus filter is activated.
If you receive an attachment in an e-mail make sure who is sending e mail.
Make sure that firewall is turned on in order to prevent unauthorized to access
to your network.
Ignore or delete messages with attachments appearing to be sent from official
Run box email addresses.
Maintain independent email accounts. If a virus infects your business email
address, youll be in trouble.
Regularly backup your data and store them into portable media such as DVD,
and CD.
What is software Theft?

It is an unauthorized copying and distribution of copyright protected software.
When does it occur?

Steal software media
Intentionally erases the program.
Illegally copy a program.
57
Safeguard against software theft:

To protect software media from being stolen, there should be an authorized person
for the use of software.
There should be an eye to check the terminated employees and unhappy employees
also called x-time bomb or on those who are going to leave the bank in near future.
Safeguard against Information theft:

Bank use the computer media to store information and valuable data , so we need a
security system which protect our computer system.
Verify your mailing address with the post office and financial
institutions.
Identity bandits may fill out change of address forms so that delinquent credit
notices remain off your paper billing radar.
Boost your defenses against online fraud

When it comes to identity fraud, even antivirus software and a firewall aren't always
enough. That's because criminals can bypass these defences, to pry on your login
details.
How we protect and safeguard online:

Antivirus - helps to stop threats, by scanning your PC and looking for suspicious files
Firewall - hides your computer from attackers, and helps stop criminals getting data in and
out of your PC
Protecting your details, even if your computer is infected
Anti-spyware
Protect yourself from spraying eyes
58
Spyware is malicious software that monitors the activity on your computer - such
as password details or the websites you have visited.
Anti Spyware stop hi jacking of system
Information security must be managed as a separate business unit to be

effective.
Safeguard to System Failure:

Rapport
It locks down the connection between your machine and NatWest Online
banking. It checks our site is genuine, and stops your data going to counterfeit sites
Rapport works by helping to make sure you really are connected to your bank. This
protects your valuable personal information - without slowing down your PC like
some security software.
Shielding your online banking details from prying eyes
Safeguarding your identity
Updates
Windows and all of the other software on your computer systems needs to be
updated regularly to fix bugs and remove
security flaws
Backups
Back up your data regularly, either manually or using an automated backup
system. Backups can be copied onto an external hard drive or you can back up data
onto a Web-based storage area using an online service.
Physical Damage
59
Use an uninterruptible power supply so that blackouts, brown-outs and spikes

in the electricity supply don't harm your computer systems or cause data loss.
Educate staff not to place liquids, magnets or hot items on or near computers.
Safety tools for unauthorized access

Unauthorized access
Generally refers to the viewing or possession of something without legal authority.
Security Resources
Password Security
Security Procedures to Protect Your Confidential Information
Protect Your Computer
Protect Your Information
Protect Your Identity
Protect Yourself on Social Medias
Protect Your Business Bank Account
PASSWORD SECURITY
Your online passwords are the keys to protecting your personal and financial
information. Changing your password regularly will help ensure the security of all
your online accounts as well as the information. When changing your password be
sure to use strong passwords. Strong passwords are considered to be at least 8characters long and maximum 12. World Wide Banker passwords need to be a
minimum of 8 digits in length and any combination of alpha, numeric, uppercase,
lowercase and special characters up to 25 digits in length. Make your password easy
to remember but hard to guess. Use combinations that you know but wouldnt make
sense to others. A good password could be 26kDw*gm4. In addition, you should
60
never use the same password on multiple sites. If one site is compromised your other
accounts could possibly be accessed by the thieves.
SECURITY
PROCEDURES
TO
PROTECT
YOUR CONFIDENTIAL
INFORMATION
.
A basic element of safeguarding your confidential information is to guard
against unauthorized access or use of this information. The Bank of Elk River
maintains physical, electronic and procedural safeguards personal information against
unauthorized access or use.
PROTECT YOUR COMPUTER
Your computer can be a goldmine of personal information to an identity thief.
Heres how you can safeguard your computer and the personal information it stores:
Install and update your anti-virus and anti-spyware software frequently. Computer
viruses can have damaging effects, including introducing program code that causes
your computer to send out files or other stored information.
Never open or download attachments from unverified or unknown sources.
Use a firewall, especially if you have a high-speed or always on connection

to the internet. The firewall allows you to limit uninvited access to your computer.
Without a firewall, hackers can take over your computer and access sensitive
information.
When youre submitting information, look for the lock icon on the status
bar. Its a symbol that your information is secure during transmission.
Avoid using an automatic login feature that saves your user name and
password. Remember to sign-off when youre finished banking online or leave the
room for a few minutes.
Delete any personal information stored on your computer before you dispose
of it.
61
PROTECT YOUR INFORMATION

There are a number of ways to help guard against unauthorized use of your
account and protect your identity:
If you do not recognize the sender of an email or have any doubts about the
authenticity of an email, do not respond and delete it immediately.
Do not open an email or click on links or attachments, especially if they tell

you the problem is urgent or the attached file ends in
Always use secure passwords. A secure password consists of upper and lower
case letters, numbers and special characters (see: Password Security section
above). Never share your password with anyone.
Do not include personal or sensitive data in, or in response to, an email.
When you finish your online banking sessions, be sure to log out.
PROTECT YOUR IDENTITY
.
Here are some tips on how you can prevent ID theft.

Protect your Social Security number. Dont carry your Social Security card in
your wallet or write your number on a check. Give it out only when absolutely
necessary.
Dont give our personal information on the phone, through the mail or over the
internet unless youve initiated the contact or you can confirm that the individual and
company are legitimate..
PROTECT YOURSELF ON SOCIAL MEDIAS
62
Use social media wisely. Social media connects families and friends with
colleagues and businesses through powerful online communities. However, just as in
real world communities, you should be careful what you share and how you share it to
stay safe online.
Use privacy controls to restrict who can see your profile and posts. Options
change frequently and you should check and update your settings often.
Dont reveal too much information. Personal information such as where you live,
work, or go to school could be used against you. Revealing travel plans can give an
indication that your home may be unoccupied.
PROTECT YOUR BUSINESS BANK ACCOUNT
Here are some tips on how to protect your business bank accounts:
Electronic banking should be done by two different people, one to initiate and one
to confirm a transaction. It is best practice to segregate duties among two or more
people so no one person has too much access or control.
Educate your staff about risks and how to avoid them. (see: "Password Security"
section above).
Do not delay in terminating the rights to electronic banking applications of former

employees.
Punishments for hacking crime

Hacker
is
a term used by some to
mean "a
clever
programmer" and by others, especially those in popular media, to

mean "someone who tries to break into computer systems.
TERRORISM
Hacking crime will be treated under terrorism act.
63
OTHER CRIMES
Depending on the circumstances, a person who hacks into another's computer
could be punished by a number of generally applicable crimes.
For example, if the hacking is done to take personal identifying information for
certain purposes, it could be punishable as identity theft. Penalties for identity theft
range from a class D to class B felony, primarily based on the value of property taken
through the use of personal identifying information and the .A person could also hack
into a computer to commit larceny. Larceny is intentionally and wrongfully taking,
obtaining, or withholding property from an owner in order to appropriate it to himself,
herself, or another. The penalties for larceny range from a class C misdemeanor
(punishable by up to three months in prison, a fine of up to $500, or both) to a class B
felony, primarily based on the value of the property
CIVIL ACTIONS
The law specifically authorizes someone harmed by a computer or
unauthorized use crime to bring a civil lawsuit against the perpetrator. These civil
actions are in addition to any other grounds for a civil action that the injured party
may have.
Penalties
Because there are numerous different types of computer and internet crimes, there are
also a wide range of potential penalties. Some computer crimes have minor penalties
associated with them, while more serious crimes can impose significant fines and
lengthy prison sentences.
Fines. Fines for a conviction of various computer and internet crimes range
widely. fines of a few hundred dollars, and possibly up to a $1,000 to
$100,000.
64
Jail or prison. A person convicted of certain internet or computer crimes may

also face a jail or prison sentence. The most serious crimes, such as possessing
child pornography, can result in a prison sentence of 20 years or more.
Probation. Probation sentences for computer crimes are also possible as either
individual penalties or in addition to jail or fines. Probation terms can differ
widely, but typically last at least one year and require the person on probation
to not commit more crimes, maintain employment, report to a probation
officer, and pay all court
13. Prevention from hacking

Bank can provided the safe guard against hacking bank install the ant various sophos
ant various. That provide safe guard of banking software .
14. Call center

Our state-of-the-art Contact Centre is available 24 hours a day, staffed by
professionally trained consultants who can provide you with a range of customer care
and banking services.
The Standard Chartered hotline offers a wide range of customer service and support
solutions:
Account-related Services
Balance enquiry
Transaction enquiry
Account and loan statement requests
Cheque book request
Cheque book activation
65
Debit Card activation
Loan-related enquiries
Salary enquiry
Cheque stop instruction
Debit Card stop
Products Information
Deposit Accounts
Personal Loans
Savings / Current Accounts
Debit Card
Interest rates enquiry
Account Tariff enquiry
Foreign Currency Exchange rates
Lending rates
Deposit rates
Other Services
Complaint / compliments / feedback
Account opening procedure
66
Account closing procedure
Request for change of account details
Online Banking
Mobile Banking
15. Fire alarm system:

A fire alarm system is number of devices working together to detect and alert
people through visual and audio appliances when smoke/fire is present. These alarms
may be activated from smoke detectors, and heat detectors. They may also be
activated via Manual fire alarm activation devices such as manual call points or pull
stations.
16. ATM
On most modern ATMs, the customer is identified by inserting a plastic ATM
card with a magnetic stripe or a plastic smart card with a chipthat contains a unique
card number and some security information such as an expiration date
or CVVC (CVV). Authentication is provided by the customer entering a personal
identification number (PIN).
Using an ATM, customers can access their bank deposit or credit accounts in order to
make a variety of transactions such as cash withdrawals, check balances, or credit
mobile phones. If the currency being withdrawn from the ATM is different from that
in which the bank account is denominated the money will be converted at an
official exchange rate. Thus, ATMs often provide the best possible exchange rates for
foreign travelers, and are widely used for this purpose.
17. Soft ware used in ATM

majority of ATMs worldwide use a Microsoft Windows operating system,
primarily Windows XP Professional or Windows XP Embedded. A small number of
deployments may still be running older versions of Windows OS such as Windows
NT, Windows CE, or Windows 2000.
67
18. Main soft ware used in branch

Main soft ware used in branch T24 cost of the soft ware is 100 million .this soft ware
is used for all operation of a business like recording the recording sending and
receiving the transaction and perform the online function.
19. Information Systems Audit

An information technology audit, or information systems audit, is an
examination
of
the
management
controls
within
an Information
technology (IT) infrastructure. The evaluation of obtained evidence determines if the

information systems are safeguarding assets, maintaining data integrity, and operating
effectively to achieve the organization's goals or objectives. These reviews may be
performed in conjunction with a financial statement audit, internal audit, or other form
of attestation engagement.
IT audits are also known as "automated data processing (ADP) audits" and "computer
audits". They were formerly called "electronic data processing (EDP) audits".
Purpose
An IT audit is different from a financial statement audit. While a financial
audit's purpose is to evaluate whether an organization is adhering to standard
accounting practices, the purposes of an IT audit are to evaluate the system's internal
control design and effectiveness. This includes, but is not limited to, efficiency and
security protocols, development processes, and IT governance or oversight. Installing
controls are necessary but not sufficient to provide adequate security. People
responsible for security must consider if the controls are installed as intended, if they
are effective if any breach in security has occurred and if so, what actions can be done
to prevent future breaches. These inquiries must be answered by independent and
unbiased observers. These observers are performing the task of information systems
auditing.
The primary functions of an IT audit are to evaluate the systems that are in place to
68
guard an organization's information. Specifically, information technology audits are

used to evaluate the organization's ability to protect its information assets and to
properly dispense information to authorized parties. The IT audit aims to evaluate the
following:
Will the organization's computer systems be available for the business at all times
when required? (known as availability) Will the information in the systems be
disclosed only to authorized users? (known as security and confidentiality) Will the
information provided by the system always be accurate, reliable, and timely?
(measures the integrity) In this way, the audit hopes to assess the risk to the company's
valuable asset (its information) and establish methods of minimizing those risks.
History
The concept of IT auditing was formed in the mid-1960s. Since that time, IT
auditing has gone through numerous changes, largely due to advances in technology
and the incorporation of technology into business.
Currently, there are many IT dependent companies that rely on the Information
Technology in order to operate their business e.g. Telecommunication or Banking
company. For the other types of business, IT plays the big part of company including
the applying of workflow instead of using the paper request form, using the
application control instead of manual control which is more reliable or implementing
the ERP application to facilitate the organization by using only 1 application.
According to these, the importance of IT Audit is constantly increased. One of the
most important role of the IT Audit is to audit over the critical system in order to
support the Financial audit or to support the specific regulations announced e.g. SOX.
69
Types of it audit
Various authorities have
created
differing taxonomies to
distinguish
the
various types of IT audits. Goodman & Lawless state that there are three specific
systematic approaches to carry out an IT audit:[3]
Technological innovation process audit. This audit constructs a risk

profile for existing and new projects. The audit will assess the length and
depth of the company's experience in its chosen technologies, as well as its
presence in relevant markets, the organization of each project, and the
structure of the portion of the industry that deals with this project or
product, organization and industry structure.
Innovative comparison audit. This audit is an analysis of the innovative

abilities of the company being audited, in comparison to its competitors.
This requires examination of company's research and development
facilities, as well as its track record in actually producing new products.
Technological position audit: This audit reviews the technologies that the
business currently has and that it needs to add. Technologies are
characterized as being eisther "base", "key", "pacing" or "emerging".
Others describe the spectrum of IT audits with five categories of audits:
Systems and Applications: An audit to verify that systems and

applications are appropriate, are efficient, and are adequately controlled to
ensure valid, reliable, timely, and secure input, processing, and output at
all levels of a system's activity.
Information Processing Facilities: An audit to verify that the processing

facility is controlled to ensure timely, accurate, and efficient processing of
applications under normal and potentially disruptive conditions.
Systems Development: An audit to verify that the systems under

development meet the objectives of the organization, and to ensure that the
70
systems are developed in accordance with generally accepted standards

for systems development.
Management of IT and Enterprise Architecture: An audit to verify that

IT management has developed an organizational structure and procedures
to ensure a controlled and efficient environment for information
processing.
Client/Server, Telecommunications, Intranets, and Extranets: An audit

to verify that telecommunications controls are in place on the client
(computer receiving services), server, and on the network connecting the
clients and servers.
And some lump all IT audits as being one of only two type: "general control
review" audits or "application control review" audits.
A number of IT Audit professionals from the Information Assurance realm
consider there to be three fundamental types of controls regardless of the type
of audit to be performed, especially in the IT realm. Many frameworks and
standards try to break controls into different disciplines or arenas, terming
them Security Controls, Access Controls, IA Controls in an effort to
define the types of controls involved. At a more fundamental level, these
controls can be shown to consist of three types of fundamental controls:
Protective/Preventative Controls, Detective Controls and Reactive/Corrective
Controls.
In an IS system, there are two types of auditors and audits: internal and
external. IS auditing is usually a part of accounting internal auditing, and is
frequently performed by corporate internal auditors. An external auditor
reviews the findings of the internal audit as well as the inputs, processing and
outputs of information systems. The external audit of information systems is
frequently a part of the overall external auditing performed by a Certified
Public Accountant (CPA) firm.[1]
IS auditing considers all the potential hazards and controls in information
systems. It focuses on issues like operations, data, integrity, software
applications, security, privacy, budgets and expenditures, cost control, and
71
productivity. Guidelines are available to assist auditors in their jobs, such as

those from Information Systems Audit and Control Association.[1]
Areas covered by Information System Audit
Systems and Applications: an audit to verify that systems and applications are
appropriate to the entity's needs, are efficient, and are adequately controlled to
ensure valid, reliable, timely, and secure input, processing, and output at all
levels of a system's activity.
Information Processing Facilities: an audit to verify that the processing facility

is controlled to ensure timely, accurate, and efficient processing of
applications under normal and potentially disruptive conditions.
Systems Development: an audit to verify that the systems under development

meet the objectives of the organization, and to ensure that the systems are
developed in accordance with generally accepted standards for systems
development.
Management of IT and Enterprise Architecture: an audit to verify that IT

management has developed an organizational structure and procedures to
ensure a controlled and efficient environment for information processing.
Client/Server, Telecommunications, Intranets, and Extranets: an audit to verify

that controls are in place on the client (computer receiving services), server,
and on the network connecting the clients and servers.
Definitions:
Analysis and evaluation of a firm's information system (whether manual or
computerized)
of information.
to
detect
and
rectify
The objectives of
blockages,
duplication,
this audit are
and
leakage
to improve accuracy,
relevance, security, and timeliness of the recorded information.

auditing is an examination of accounting records under taken with a view to establish
true and fair view of financial system and whether they completely reflect the
transaction to which they relate.
72
Definition
Audit is systematic and scientific examination of books of accounts of the
organization.
Information systems audit
The effectiveness of an information systems controls is evaluated through an
information systems audit. An audit aims to establish whether information systems are
safeguarding corporate assets, maintaining the integrity of stored and communicated
data, supporting corporate objectives effectively, and operating efficiently.
Information Systems - Information systems audits focus on security controls of
physical and logical security of the server including change control, administration of
server accounts, system logging and monitoring, incident handling, system backup
and disaster recovery.
Definition
The purpose of an IS audit is to review and evaluate the internal controls that
protect the system.
Definition
Auditing is a process by which a competent independent person accumulates
and evaluates evidence about various assertions contained in financial statement of an
easily for the purpose of determining and reporting the quality of disclosure of
financial information.
Definition
Information systems audit, is an examination of the management controls
within an Information technology (IT) infrastructure. The evaluation of obtained
evidence determines
if the information systems
are safeguarding assets,
maintaining data integrity, and operating effectively to achieve the organization's

goals or objectives.
73
. Benefits of an Audit
The benefits of an audit are numerous. Audits can improve a companys
efficiency and profitability by helping the management better understand their own
working and financial systems. The management, as well as shareholders, suppliers
and financers, are also assured that the risks in their organization are well-studied, and
effective systems are in place to handle them.
Audits can also identify areas in an organizations financial structure that need
improvement, and how to implement the proper changes and adjustments. Having an
audit also lessens the risk and therefore the cost of capital.
An audit can uncover inaccuracies and discrepancies within an organizations records,
which may be indications of weak financial organization or even internal fraud,
although fraud detection is not the main purpose of an audit.
20. The benefits of an audit:
Analyze and understand your companys financial records.
Identify key areas for improvement in your company.
Assess risks, economy, efficiency and quality.
Evaluate new technology.
Prevention and detection of the fraudulent or other illegal activities within

your company.
Reinforce and strengthen internal control.
Its increase the owner satisfaction .
it helps you obtain an independent opinion from the auditor concerning your
business
74
It helps to keeps moral check on employees because before entering into

fraudulent activities the will be fear that their fraud will be located by audit.
75
21. Questionnaire
Sr. No.
Particulars
Observations
1.0
installed
at Data Centre /
2.0 Hardware
Installation
of Computers:
yes
Branch:
Item
Refer Annexture-1
/Computer Dos & Donts. Qty.
Average age
1.12.1
Computer
with are
Hard
Disk
WhetherSystem
computers
maintained
in dust free8
1.2
environment?
Computer
System without Hard disk
1.32.2
Servers
Whether computers were kept clean?
1 Yes
continues
1.42.3
1.72.4
Thin-client
Whether separate electrical supply line has
been
Router
provided for computer equipment with
Switches
necessary circuit breakers?
Whether computers have been housed in
Hubs
1.8
separate cabins or on kept at the counter with 3

Modems
1.9
facility of locking?
Scanners
2.5
1.10
1.15
Whether
Printer
(Dotearthing
Matrix) for electrical line is checked
No
at
Printers (Inkjet/Laserjet)
2
periodic intervals? (Reading on the voltage
Passbook Printers
meter on neutral points should show between
UPS
1
0-5 ampere)
Whether Earthing of the building is checked at
Others
No
periodic intervals?
Lease Line
2
2.7
1.16
Whether
detailed map of the cable lay out
Dial
up net work
1.5
1.6
1.11
1.12
1.13
2.6
1.14
1.17
1.18
2.8
1.19
2.9
Yes
Yes
50
5 Yes
No
including the hubs is available with the branch?

ISDN Lines
(It will facilitate fast repairs to LAN cable faults)
Wire less Network
1
1
4
1
Whether
LAN
CablingHUBS have been installed in a secured2 Yes
place? (To avoid possible physical tampering)
Whether LAN cables have been allowed to trail
No
on the floor?
2.10
2.11
Whether any heavy article is kept on the

cables?
(To avoid possible data loss)
Whether EDP department monitors Volume /
No
Yes
Space information periodically?

2.12
Whether LAN Network diagram is available?
no
(Branch/DC/DR)
76
3.0
Server Farm / Room:
3.1
Whether server room is away from the main
yes
door, windows, passage and customer area?

3.2
Whether server room is located not endangered
yes
by rain, wind, dust etc. which will reduce the

life of the server?
3.3
Whether AC provides adequate cooling and
Yes
humidity for the server farm /room?

3.4
Whether additional ACs has been installed to
Yes
work in rotation with a Timer?

3.5
Whether temperature measuring instrument
No
and smoke & fire detectors has been installed

in
server room?
Ambient
temperature normally recommended is 18 C.
3.6
Whether server room is locked?
Yes
3.7
Whether entry to server room is restricted?
Yes
3.8
Whether the new user entry policy has been

set,
Yes
3.9
documented and evaluated regularly?

Whether entry of outsiders to server room is
Yes
approved by competent official?

3.10
Whether record of visitors & reason for allowing
Yes
access to server room has been maintained?

3.11
Whether access is controlled through biometric
No
or smart cards in order to prevent authorized

access?
3.12
Whether controlling devices are in working
Yes
condition?
3.13
Whether AMC has been given for maintenance
No
of controlling devices?
3.14
Whether audit trails of key card access systems
77
is checked daily?
no
3.15
Whether failed logs are investigated?
No
3.16
Whether Monitoring or Surveillance system
Yes
(CCTV) has been installed in Data Centre?

3.17
Whether numbers of cameras are adequate to
Yes
cover the entire area?

3.18
Whether recording is done simultaneously by
Yes
all cameras?
3.19
Whether control panel displays the images from
Yes
all cameras in a single screen with a facility

change over to the particular camera?
3.20
Whether notice board namely Area is covered
No
by CCTV has been displayed in the data

3.21
centre?
How
many days recording of CCTV are made
90 days
available?
3.22
Whether server has been installed in a room
Yes
with atleast one wall of glass panel permitting

the view from outside?
3.23
Whether Data centre follows the Password
Yes
Policy at all times?

3.24
Whether is it supervised?
Yes
Refer Sr. No.15.2 / Password

3.25
Whether System Administrator access is under
Yes
the two factor access?

3.26
Group Ids should not be made but only
Yes
individual to pin responsibility. Whether

complied?
3.27
Whether server is password protected?
3.28
Whether server room is maintained clean ?
3.29
Whether printer has been kept in server room?
Yes
Yes
No
78
3.30
Whether record of failure of lease line /dial up
Yes
net work has been maintained and analyzed?
4.0
Scanner:
4.1
Whether scanner has been kept under lock,
No
when not in use?

4.2
If scanner is attached to a particular terminal,
No
whether the said terminal is password

protected?
5.0
Fire Extinguishers:
5.1
Fire extinguishers of CO2 inert gas type can

only be used on computer equipment (in the
SMIEC COMPANY( imported from

chines ) with 6 kg wiaght and 4m
pressure
event of fire breaking out)

Yes
5.2
Whether fire extinguishers have been installed?
5.3
If yes, whether in up to date condition?
yes
5.4
Next service due on
January
5.5
Whether staff members have been given
no
adequate training to use fire extinguishers in

case of need?
6.0
Physical Security:
6.1
Whether computer items are properly
yes
numbered and entered in the dead stock

register?
6.2
Whether machines under warranty period are
yes
marked separately with date of purchase?

6.3
Whether physical verification of computers etc.
yes
is done periodically?
6.4
If yes, date of last such verification & by whom?
6.5
Whether any discrepancy was noticed?
Nov 30, 2014 Auditor

no
79
6.6
Whether any items have been sent for

servicing
6.7
/ repairs?
Whether any item is in irreparable condition?
6.8
Whether any surplus hardware is lying with the
Yes
Yes
Yes
branch? With whom?
7.0
Insurance:(Electronic Equipment Policy)
7.1
Whether insurance policy has been taken?
Insurance Company
ii
Policy Number
iii
Sum insured
iv
Valid up to
Risk covered
vi
Premium
7.2
Whether movement of hardware from one

office
Rs.
Rs.
to another office is informed to Insurance

7.3
company?
Details of pending claims:
Date of incident / loss etc.
ii
Loss estimated
iii
Survey carried on
iv
Existing status
8.0
Hardware Maintenance:
8.1
Whether service contract (AMC) has been given
Rs.
Yes / No
Period
for following items?

i
Computer System with Hard Disk
yes
ii
Computer System without Hard disk
Yes
iii
Servers
Yes
continues
iv
Thin-client
Yes
Router
80
2
viii
Modems
Yes
ix
Scanners
Yes
Printer (Dot Matrix)
Yes
xi
Printers (Inkjet/Laserjet)
Yes
xii
Passbook Printers
xiii
UPS
Yes
xiv
Others
xv
Lease Line
Yes
xvi
Dial up net work
xvii
ISDN Lines
xviii
Wire less Network
Yes
xix
LAN Cabling
Yes
8.2
8.3
Whether preventive maintenance

is done?
If yes, what is the frequency?
8.4
Date of last such maintenance
8.5
Comments on quality of service

---- Preventive
Comments on quality of service

---- Breakdown
8.6
8.9
Whether a log-shee
Whether name, address,
telephone numbers,
reviewed by Branch official, EDP

department?
Deals head office
Name of the concerned engineer

8.10
etc. is noted in
Who is the system administrator
of the Branch /
Data Centre / D. R. Centre?
81
reviewed by Branch official, EDP

department?
8.9 Whether name, address,
telephone numbers,
Deals by head office
Name of the concerned engineer

etc. is noted in
8.10 Who is the system administrator
of the Branch /
Mr.Bilal Khan
Data Centre / D. R. Centre?

9.0 UPS:
9.1 Whether power supply has been
provided to
computers through UPS?
9.2 Whether UPS room is locked?
9.3 Whether entry to UPS room is
restricted?
9.4 Whether UPS system is free of
load from
Yes
no
No
Yes
electrical equipments such as

fan, , tube
9.5 Whether batteries are kept for
charging after
Yes
office hours?
9.6 Whether periodic checking of UPS
& batteries is
No
done?
9.7 Whether record to that effect has
been kept?
9.8 What is the duration for which
computer system
can function on UPS?
9.9 When UPS was put to use last?
9.10
What was the approx. 10.0
10.1 Whether Anti-virus software is

used?
10.2 Details.
No
2 hour
Daily basis
Anti-Virus:
Yes
Sophos antivirus
10.3 Whether this is the licensed copy

Yes
of software?
10.4 Whether the said version is latest?
Yes
10.5 Date of last updating.
6 mnth ago
10.6 Whether the anti-virus program is

activated at
82
10.0
Anti-Virus:
10.1
Whether Anti-virus software is used?
yes
10.2
Details.
Sphos anti virus
10.3
Whether this is the licensed copy of software?
10.4
Whether the said version is latest?
10.5
Date of last updating.
10.6
Whether the anti-virus program is activated at
Yes
Yes
6 month ago
No
fixed time?
10.7
Whether Anti-virus software has been loaded
Yes
even on PCs with hard disk?
11.0
Software:
11.1
Which software does the branch use?
11.2
Whether it is latest?
11.3
Whether it is authorized copy?
11.4
Whether MS-Office installed at the branch is an
T-twenty four
Yes
Yes
Office 2013 instaled
authorized copy of software?

11.5
Whether any unauthorized software is installed
No
at the branch? To Specify.
11.6
Whether any games have been installed in
No
server / hard disk?

11.7
Whether any Authorized Freewares is installed? Yes
12.0
Software Maintenance:
12.1
Who is responsible for software maintenance?
13.0
Back up:
13.1
Whether back up is taken of data, index &
It department
program?
83
13.2
If yes, when?
13.3
Whether back up register is kept?
13.4
Whether signed by concerned officer and time

is
13.5
recorded?
Whether Hard_disk-to-Hard_disk back up is
weekly basis
No
No
No
taken?
If yes, when?
13.6
Where back up cartridges are stored in fireproof
No
No
cabinet?
13.7
Whether back up is sent to HO, locker, nearby
Directly computer is connected by headoffi
branch etc.?
13.8
whether record is kept?
Yes
13.9
Whether back up is taken home by Manager?
No
13.10
If back up is taken on floppies, whether floppies
No
are formatted periodically and replaced at

regular intervals?
13.11
Whether back up has been taken in latest
Yes
device?
13.13
Whether monthly
14.0
Data Purging:
14.1
Whether top management authorizes data
tested periodically?
Yes
purging?
14.2
Whether back up before and after purging has
Yes
been taken?
14.3
14.4
If yes, whether tapes have been properly

labeled
indicating the date, period & other details?
Where purged data has been stored? (On the
Yes
Yes
server in another volume or on the node with

hard disk or on a standalone PC)
14.5
Whether access to the purged data has been
84
tested periodically?
14.0
Data Purging:
14.1
Whether top management authorizes data
Yes
purging?
14.2
Whether back up before and after purging has
Yes
been taken?
14.3
14.4
If yes, whether tapes have been properly

labeled
indicating the date, period & other details?
Where purged data has been stored? (On the
Yes
Yes its stored on node with hard disk
server in another volume or on the node with

hard disk or on a standalone PC)
14.5
Whether access to the purged data has been
Yes
restricted?
14.6
Whether all the required reports before purging
No
are printed and filed?

14.7
Whether manual record of the purging has been
Yes
kept?
14.8
When purging was done last?
15.0
LAN Security:
6 month ago
Whether following controls are observed?

15.1
i
Login Controls:
Whether User Management norms have been
Yes
defined and documented?

ii
Whether users are approved by HO?
Yes
Names of all staff members should be incorporated in User Master.

Login shou
Auto Log off should be

activated in case Login is not
done for 2 days.
Activation rights should be
ix
Whether the duration of inactivity before

screen
Yes
gets locked has been stipulated?
85
Auto Log off should be activated in case Login is not done for 2 days.
Activation rights should be with HO EDP only.
iii
iv
v
vi
Whether User Approval

application is
maintained?
Whether users are created by
HO ?
Whether all users are uniquely
identified?
Whether unlocking of accounts of
users whose
Yes
Yes
Yes
No
accounts are locked is carried out

after obtaining
vii
viii
ix
unlocking requests & duly

After how many unsuccessful
attempts at login,
a user is locked out?
Any restriction on number of
logins in a day?
Whether the duration of inactivity
before screen
5
Unlimited time in working hours
No
gets locked has been stipulated?

Whether any staff member
possesses multiple
No
xi
levels or more than one user-id in

Whether any dummy user-id has
been created
No
xii
in the system?
Whether branch has suspended
user-ids of staff
No
on long leave, transferred,

xiii
deputed for training

Whether branch obtains
acknowledgement from
Yes
every user at the time of creation /

15.2
iv
allotment of
Password iii
Whether user is disabled on

entering
Erroneous password on three
What is the frequency stipulated

for change of
3 times in 60 days
password?
Whether Password expires
automatically after
no
No
stipulated number of days?
86
iii
Whether user is disabled on

entering erroneous
Yes
iv
password on three consecutive

What is the frequency stipulated
for change of
Yes
password?
Whether Password expires
automatically after
No
vi
stipulated number of days?

Whether system ensures that
Password is
no
vii
alphanumeric? (Preferably)
Password is
Yes
alphanumeric & one special

viii
character?
Whether system ensures that login
Yes
id and
ix
Password is not the same?

changed Password
No
is not the same as last 12-15

Whether system ensures that the
Password
Yes and it should be combination
should of minimum 8 characters
of alpha and numeric numbers
xi
and maximum
Whether Password policy has
been
No
xii
documented?
Whether branch has maintained
Password Issue
No
xiii
and Password Changes Registers.

Whether branch official reviews
the user login
Yes
status report and record his

remark in that?
Whether undertaking is obtained
from the staff
for maintaining secrecy xvii
xviii Whether copy-paste of user id and
password
xiv
Whether Password is case

sensitive?
(Preferably)
Yes
has been disabled? (Preferably to

15.3 Data Access Controls:
i
Whether users are given only the
87
xvii Whether Password is case

sensitive?
Yes
(Preferably)
xviii Whether copy-paste of user id and
No
password
has been disabled? (Preferably to
15.
3
i
Data Access Controls:

Whether users are given only the
rights that are
no
essential for carrying out their

15.
4
i
Terminal Controls:
Whether computer system has
been instructed
Yes
to restrict particular user to

particular terminals
15.
5
i
Temporal Controls:
Whether the user and terminal is
provided with
Yes
computer facility only during

15.
6
i
specified times in
Dial up Controls:
Whether dial back provision is
made in case
Outsider are restricted only official are allowed
outsider is allowed to access a

computer
15. Back up Controls:
7
15. Firewalls:
8
i Whether comp
Refer Sr. No. 13
The placement is situation specific

and the auditor needs to be
convinced about thelogic of the
decision.
88
The placement is situation specific and the auditor needs to be convinced about the
logic of the decision.
iii
How do you secure them against

unauthorized
access from internet, extranet and
They are secure Because they are using the sphos

antivirus.
intranet
users?
The placement is situation specific and the auditor needs to be convinced about the
logic of the decision.
iv
Is the firewall placed in between

the network
Yes
router and network or given

This is the minimum security level to be achieved by such a location in addition to
its proper configuration.
v
Whether entry and exit through

any network
No
port not required by the

organization has been
Permitting entry through not required ports is leaving the back door open.
vi
vii
viii
Whether firewalls are updated at

regular
No
intervals?
If yes, How often?
Is it updated when a patch is
available?
Yes
Firewalls too need regular updation like the anti virus files which have to be
updated for the new signature list for the software to use.
ix
Whether you follow the filtering

rules?
If yes, Produce the list.
Yes
Yes
xii If users are allowed to connect from The Auditor should be convinced by
the in
the information systems engineer
about the security assurance in such
a situation.
x
Whether access to the

management interfaces of
Yes
routers, firewalls and other

network appliances
89
The Auditor should be convinced by the information systems engineer about the
security assurance in such a situation.
xi
Whether access to the

management interfaces of
Yes
routers, firewalls and other

network appliances
has been adequately secured? e.g.
Are these
devices are also subject to
All security measures would be defeated if the set up of the firewall itself was not
under a secure procedure.
16. Data Security:

0
16.1 Whether branch parameters,
subsystem codes,
Yes
standing instructions and holiday

file have been
properly created / updated by
16.2 Whether interest tables have been Yes
updated?
16.3 Whether slab rates have been up yes
dated?
16.4 If yes, whether checked by officer
Yes
& record to
that effect has been kept?
16.5 Whether any changes in the data
such as DP,
17.1 Whether following registers are
maintained & if
Registers:
Whether
Whether up to
maintained?
date?
yes, whether up to date?

i Dead stock register for computers
yes
ii Back up register
yes
iii Back up movement register
no
i Hardware problems register

v
v Software problems register
yes
v
i
vi
i
vii
i
i
Due date diary for AMC
yes
yes
no
Software release updating register Yes

Visit register for AMC personnel
no
Power failure register
90
17. Registers:
0
17.1 Whether following registers are
maintained & if
yes, whether up to date?
i Dead stock register for computers
ii Back up register
Whether
maintained?
Yes
Yes
iii Back up movement register
No
iv Hardware problems register
Yes
v Software problems register
Yes
vi Due date diary for AMC
No
vi Software release updating register

i
vii Visit register for AMC personnel
i
ix Power failure register
Whether up
Yes
No
No
x User register
Yes
xi Computer data change register
No
xi Register of computer consumables

i such as
Yes
yes
floppies, cartridges, tapes, ribbons,

printed
xii Register of destroyed floppies
i
xi Password Issue
v
x Password Changes
v
xv
i
xvii
18. Print outs:

0
18.1 Whether following print outs are
taken,
vi Balancing statements
i
vii Debit balance report
i
ix Exception transaction report
Yes
No
No
P Trial balance
r
Yes
Yes
Yes
x All O. K. Statement
Yes
xi General ledger
Yes
xi Loan ledger
i
xii Deposit ledger
Yes
91
22. Conclusion
The purpose of our project is to identify the problems and how we can a bank can
improve his performance. We observed that what type of hard ware used in bank and
how the bank keep his records .The bank is using the special software which is named
as T24 having price of 100 million for keeping the records. For security purpose
bank using antivirus named as Sophos and bank keeps his backup on weekly basis.
The bank is using the tree topology. But the bank can no keeps record of change in
password 3 time in 6 months.
92
23. Reference
1.https://www.google.com.pk/search?
q=bank+alfalah+logo&oq=bank+&aqs=chrome.0.69i59l2j69i57j0l3.1990j0j4&source
id=chrome&es_sm=93&ie=UTF-8#q=bank+alfalah+
2. http://www.bankalfalah.com/personal-banking/deposit-accounts
3. http://www.bankalfalah.com/treasury-institutional-banking/financial-institutions
id=chrome&es_sm=93&ie=UTF-8#q=topology
id=chrome&es_sm=93&ie=UTF-8#q=information+audit
6.http://www.isaca.org/knowledgecenter/research/researchdeliverables/pages/information-systems-auditing-tools-andtechniques.aspx
24. Bibliography
93
94

Bank Alfaha

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Bank Alfaha

Загружено:

Авторское право:

Доступные форматы

1.

vision statement identifies where the organization intends to be in the future or

Mission statement are enduring statement of purposes that distinguish one

6. PRODUCTS & SERVICES

With the mission to provide all-encompassing banking services to the

Product and services of bank Alfalah

Alfalah Kamyab Karobar - Online Current Account

Alfalah Kifayat Monthly Savings Account

Alfalah Mahana Amdan Term Deposits

Alfalah Current Account

Alfalah Savings Account

Alfalah Royal Profit Account

Alfalah Basic Banking Account

Alfalah Foreign Currency Accounts

Alfalah Care Senior Citizens Savings Account

Apply for Deposit Account

Alfalah Kamyab Karobar Online Current Account

Features & Benefits

Free online funds transfer through any Bank Alfalah branches

Free cheque book, pay orders and demand drafts

Free online cash withdrawal and deposit transactions

SMS alerts on every transaction

Up to 90% financing facility on deposited amount

Alfalah Kifayat Monthly Savings Account

Earn profit of up to 7%* per annum

Profit is calculated on monthly average balance and paid every month

Unlimited facility for cash deposit and withdrawal

Minimum monthly balance requirement of Rs. 10,000 only

Free monthly e-statements

SMS alerts for every transaction

Convenience of online banking across all Bank Alfalah branches nationwide,

Alfalah Mahana Amdan Term Deposits

Features and Benefits

Profit paid every month

Financing facility up to 90% of the deposited amount

Alfalah Current Account

Features & Benefits

Minimum monthly balance requirement of Rs. 5,000 only.

No restriction on number of monthly deposit or withdrawal transactions.

Free online banking across Bank Alfalah branches nationwide

Alfalah Savings Account

Features & Benefits

Open with an initial deposit of Rs 100 only

No monthly minimum balance requirement

Profit is calculated on the average balance

Profit if paid semi-annually

No restriction on number of monthly deposit or withdrawal transactions

Convenience of online banking across all Bank Alfalah branches nationwide.

Alfalah Royal Profit Account

Features & Benefits

Minimum monthly balance requirement of Rs. 50,000 only

Profit is calculated on average balance and paid on a monthly basis.

Higher returns on higher balances

Unlimited monthly deposit and withdrawal transactions.

Alfalah Basic Banking Account

Open with an initial deposit of Rs. 1,000 only

No monthly minimum balance requirement

Alfalah Foreign Currency Accounts

To manage your foreign currency transactions with security, ease and

Foreign Currency Current Account

Non-profit bearing checking account

Account can be opened in US Dollar, Pound Sterling, Euro or Japanese Yen

Minimum balance equivalent to 100 (USD, GBP, EUR) or 5,000 Yen

No restriction on number of monthly deposit or withdrawal transactions.