SlideShare a Scribd company logo

Roche pharma IS Audit and Management

Download as DOCX, PDF
Arsalan Humayun
Arsalan Humayun

This report was made under the course of IS(Information System) Audit and Management learned in Institute of Business Management which teaches us how to Audit a company

Education
1 of 12
Roche Pharmaceutical IS Audit Report 2015 SUBMITTED TO: SIRMUHAMMAD ASGHARKHAN ROCHE PHARMACEUTICAL | [Companyaddress] By: Arsalan Humayun Mir Hussain Mukash Kumar Aliza Aqeel
1 Table of Content  PROJECT PLAN: o COMPANY INTORDUCTION……………………………………………………. 3 o WORK BREAKDOWN STRUCTURE…………………………………………..4 o CRITICAL AREA………………………………………………………………………..5 o NETWORK DIAGRAM………………………………………………………………6 o RESOURCE ALLOCATION…………………………………………………………7 o RESPONSIBILITY MATRIX………………………………………………………..8 o BUDGETING……………………………………………………………………………8  IS AUDIT PLAN: o RISK ASSISTMENT…………………………………………………………………..9  IT AUDITING RANKING TABLE……………………………………..9  AUDIT PLANNING TABLE………………………………………………9  IDENTIFY INHERENT, CONTROL AND DETECTION RISK....10  AUDIT ENGAGEMENT RISK ANALYSIS…………………………..10 o PREPARE AUDIT ENGAGEMENT PLAN………………………………………11  OBJECTIVE…………………………………………………………………….11  SCOPE……………………………………………………………………………11  CONSTRAINTS……………………………………………………………….11  COMPLIANCE AND CRITERIA………………………………………….11  APPROCH……………………………………………………………………….11  CHECKLIST……………………………………………………………………..11
2 Section 1 Project Plan
3 Roche pharmaceutical is one of the largest and oldest pharmaceutical company of the world. It was founded by F. Hoffmann-La Roche on October 1, 1896 in Switzerland. Today, Roche creates innovative medicines and diagnostic test that help millions of patients globally. Roche pharmaceutical currently stands at 26th best in Pakistani market according to IMS. Roche has a market share of 1.08% and growth to be at -13.2%. Targeted treatments was firstly introduced by Roche pharmaceuticals. With the combined strength and diagnostics, Roche pharmaceutical is better equipped than any other company in the healthcare business. Two-third of our research and development project are being developed with companion diagnostics. Roche came in Pakistan in the year 1984. Ahmed Faraz was the managing director till 2015. Roche plant was laidin Korangi Industrial area on the outskirt of Karachi. In recent years,as Roche Pakistan strategic focus moved towards its biotechnology medicines meant for the treatment of cancer, hepatitis and chronic anemia, most of the traditional pharmaceutical business along with the factory were divested in 2010. COMPANY INTRODUCTION
4 Work breakdown structure of making auditing report is as follows: Work Breakdown Structure
5 Critical Path determines the tasks which have minimum time for their completion. In MS Project the critical path is shown in either Grant view or in the network diagram in red color. Critical path is determined when total Stack is zero. All zeros are than combined which is known as critical path and when it is drawn as a diagramthan it become network diagram. In my project the critical path is: 9-15-16-17-18-19-20-21. The network diagram is as follows: Critical Path & Network Diagram
6 Resource allocation helps you to allocate first your available resources for a task than it help you to define which resource to need which resource to be used to accomplish which task and how much efforts are needed to complete a task. The resources allocation is as follows: It shows the available resources, the effort required to do a certain job and what are the rates per effort. The resources are assigned to the task as follows: The above is the tasks which we assigned the resources needed. Resource Allocation
7 A responsibility matrix shows the number of tasks and tell you which task will be completed by whom, who will supervise the work and who will support for the completion of the task. The responsibility matrix for the group assignment is as follows: This shows who will do the tasks and who is there for support. Budgeting is what which decide what will be the costing for the completion of the task. The budget for the completion of the task given to us is: $21,196 and total daysunderwhichthe task will be completedis: 16days. Responsibility Matrix Budgeting
8 Section 2 IS Audit Plan
9 Riskassessmentisaprocess of evaluatingthe riskwhichmaybe involved inaprojectedactivityor undertakingi.e.itistocheckwhetherthe processwhichwe are doing,whatrisksare involvedinthat processand howwe can deal withit. IT Auditrankingtable isa table which tell accordingtothe pointswhichareais more importanttobe auditedandwhatare theirrankingof auditing. The followingisthe rankingtable whichis tell thatwhichareaswill be audited firstoryoucan say which area has more importance thatitshouldbe auditedfirst, inwhichdepartments they are significant,how manyissuesare known andhow manyInherentrisksare known. Potential Audit Audit Ranking Total points Known Issues Inherentrisk Benefits Mgmt. input Entity Control 1 30 8 6 8 8 Database 2 27 7 6 8 6 Data center 3 19 3 5 8 3 Auditplanningtable isatable whichshows thatwhicharea isauditedfirst, how longwill ittake toget auditedandwhois responsible toperformthe auditing activity. Thistable issignificant forauditingasit tell whichisresponsible to auditwhicharea. The followingisthe planningtable whichisshowingthe time frame whichtellonwhattime whicharea will be audited, wasthisareabeenaudited lasttime,if yesthanwhenand whoare responsible for auditingthatarea. Audit Area Time frame Date of last test Responsibility Database Day 1 2013 Arsalan, Mir Hussain and Aliza Entity control Day 2 2014 Arsalan, Mukash and Mir Hussain Data center ----- Never No one as it is not present Risk Assessment IT Audit ranking table Audit planning table
10 Auditengagementriskanalysis tellswhatare the three type of risk included inthe auditing. The three type of risksare as follows:  INHERENT RISK: Inherentriskis a riskorganizationispredisposedto. ForExample:Hacking: University isanopensystem, withnolimitations oninstalledsoftware andBYODdevices. Studenthomework mustbe protected.  CONTROL RISK: Control riskisa riskthat a control has vulnerability. ForExample:Insufficient Firewall/IPS Restrictions:Whilemuchof the universitynetwork isopen,criticaldatabases must be in a secure zone witha highlevel of restrictive access.  DETECTION RISK: Detectionriskisa risk of auditornotdetectingaproblem. ForExample: Hacker withinConfidentialZone: Thisauditmaynotdetectan infiltratedConfidential Zoneor critical vulnerability. The above three risks inherent,control anddetectionrisk involved inRoche pharmaceutical are as follows: INHERENT RISK: The inherentriskinvolved inRoche pharmaceutical is:  In pharmaceutical industry all the companiesmake the same medicineusingthe same formula and the same standards. So anycompanywhichjumpsinthisindustry will face this riskof being knockeddownasall the productsare same. CONTROL RISK: The control riskinvolvedinRoche pharmaceutical is:  R&D departmentfailstodevelop aninnovativetreatmenttogetthe competitive advantage fromthe competitors.  The formulaleakoutis alsoa risk.For R&D of a new formulacan be leakedoutto the competitors. DETECTION RISK: The detection riskinvolvedinRoche pharmaceutical is:  Change of formulawithinthe confidential zone: if aproductionmanageroranyone whois authorizedtogo inthe confidentialzone changesaformulathanit cannot be detectedby an auditor. Audit engagement Risk analysis
11 Auditorwhenhasto audita firm,he give a planwhichhe call it an engagementplan. Inthis he give him the detailsaboutwhatishisobjective, scope, constraints, compliance &criteria, approachandchecklist. Thishelp auditorto tell the companythatthisis whathe will auditandthisishow he will audit. Italso tell whenyouwill audit, whatwillbe yourapproachandwill be able totell whathave he has done. Auditengagementplan forRoche pharmaceutical isasfollows: Objective: Determine safetyof confidential zone entry. Scope: Penetrationtest on confidential zone formularoom. Constraints: Must be performedbefore factoryclosing. Compliance & Criteria: Employee entrypolicy,EFPIA, FDA, MHRA, GMP,GCP Approach: 1. Tester has validcredentials(‘employees’entryrecord). 2. Tester use manual and automated entry testingtools. Checklist:  The followingdatabase:CZ_Enty_Emp.  The followingsecurityattacks: force entry and fake illusionentry. Audit engagement Plan

Recommended

Roche pharma IS Audit and Management
Roche pharma IS Audit and ManagementRoche pharma IS Audit and Management
Roche pharma IS Audit and ManagementArsalan Humayun
 
Equipment risk management - a quality systems approach
Equipment risk management - a quality systems approachEquipment risk management - a quality systems approach
Equipment risk management - a quality systems approachPalash Das
 
483 case study
483 case study483 case study
483 case studyPalash Das
 
Risk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test ProcessRisk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test Processijtsrd
 
Arjun Thiagarajan_06_01
Arjun Thiagarajan_06_01Arjun Thiagarajan_06_01
Arjun Thiagarajan_06_01Arjun Thiagarajan
 
Safety audit and risk assessment
Safety audit and risk assessmentSafety audit and risk assessment
Safety audit and risk assessmentShailesh Dewangan
 
CAPA
CAPACAPA
CAPASAROJ BEHERA
 
Computers in Pharmaceutical formulation
Computers in Pharmaceutical formulationComputers in Pharmaceutical formulation
Computers in Pharmaceutical formulationsonalsuryawanshi2
 

Recommended

Roche pharma IS Audit and Management
Roche pharma IS Audit and ManagementRoche pharma IS Audit and Management
Roche pharma IS Audit and ManagementArsalan Humayun
 
Equipment risk management - a quality systems approach
Equipment risk management - a quality systems approachEquipment risk management - a quality systems approach
Equipment risk management - a quality systems approachPalash Das
 
483 case study
483 case study483 case study
483 case studyPalash Das
 
Risk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test ProcessRisk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test Processijtsrd
 
Arjun Thiagarajan_06_01
Arjun Thiagarajan_06_01Arjun Thiagarajan_06_01
Arjun Thiagarajan_06_01Arjun Thiagarajan
 
Safety audit and risk assessment
Safety audit and risk assessmentSafety audit and risk assessment
Safety audit and risk assessmentShailesh Dewangan
 
CAPA
CAPACAPA
CAPASAROJ BEHERA
 
Computers in Pharmaceutical formulation
Computers in Pharmaceutical formulationComputers in Pharmaceutical formulation
Computers in Pharmaceutical formulationsonalsuryawanshi2
 
18 .docx
18 .docx18 .docx
18 .docxdrennanmicah
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
Managing projects
Managing projectsManaging projects
Managing projectsNovoraj Roy
 
Productivity Improvement In Sw Industry
Productivity Improvement In Sw IndustryProductivity Improvement In Sw Industry
Productivity Improvement In Sw IndustryAmit Kumar Nayak
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxProject Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxAASTHA76
 
Risk Assessment And Risk Treatment
Risk Assessment And Risk TreatmentRisk Assessment And Risk Treatment
Risk Assessment And Risk TreatmentBen Omoakin Oguntala, developingafrica(dot)net
 
9 .docx
9 .docx9 .docx
9 .docxsleeperharwell
 
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...Robert Nardella
 
Software testing services growth report oct 11
Software testing services growth report oct 11Software testing services growth report oct 11
Software testing services growth report oct 11Transition Consulting Limited, India
 
Productivity improvement through right governance
Productivity improvement through right governanceProductivity improvement through right governance
Productivity improvement through right governanceChandan Patary
 
White paper warranty_management
White paper warranty_managementWhite paper warranty_management
White paper warranty_managementSreeram Yegappan
 
How Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us DownHow Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us DownAcumen
 
Guide to Software Estimation
Guide to Software EstimationGuide to Software Estimation
Guide to Software EstimationSantosh Ramachandran
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30pladott1
 
SAS ranks first in two categories of Chartis RiskTech 100 report
SAS ranks first in two categories of Chartis RiskTech 100 reportSAS ranks first in two categories of Chartis RiskTech 100 report
SAS ranks first in two categories of Chartis RiskTech 100 reportCezar Cursaru
 
Project Risk Management PlanPurposeThis project provides .docx
Project Risk Management PlanPurposeThis project provides .docxProject Risk Management PlanPurposeThis project provides .docx
Project Risk Management PlanPurposeThis project provides .docxbriancrawford30935
 
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThe Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThoughtworks
 
Connecting erp and ecm measuring the benefits
Connecting erp and ecm measuring the benefitsConnecting erp and ecm measuring the benefits
Connecting erp and ecm measuring the benefitsVander Loto
 
Universal Association Proposal
Universal Association ProposalUniversal Association Proposal
Universal Association ProposalCheryl Litwinczuk
 
The 10 recommended audit management solution providers, 2018
The 10 recommended audit management solution providers, 2018The 10 recommended audit management solution providers, 2018
The 10 recommended audit management solution providers, 2018Insights success media and technology pvt ltd
 
HR Department of a Pharma Company
HR Department of a Pharma CompanyHR Department of a Pharma Company
HR Department of a Pharma CompanyArsalan Humayun
 
ERP implementation at a Pharma company in Pakistan
ERP implementation at a Pharma company in PakistanERP implementation at a Pharma company in Pakistan
ERP implementation at a Pharma company in PakistanArsalan Humayun
 

More Related Content

Similar to Roche pharma IS Audit and Management

Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
Managing projects
Managing projectsManaging projects
Managing projectsNovoraj Roy
 
Productivity Improvement In Sw Industry
Productivity Improvement In Sw IndustryProductivity Improvement In Sw Industry
Productivity Improvement In Sw IndustryAmit Kumar Nayak
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxProject Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxAASTHA76
 
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...Robert Nardella
 
Productivity improvement through right governance
Productivity improvement through right governanceProductivity improvement through right governance
Productivity improvement through right governanceChandan Patary
 
White paper warranty_management
White paper warranty_managementWhite paper warranty_management
White paper warranty_managementSreeram Yegappan
 
How Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us DownHow Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us DownAcumen
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30pladott1
 
SAS ranks first in two categories of Chartis RiskTech 100 report
SAS ranks first in two categories of Chartis RiskTech 100 reportSAS ranks first in two categories of Chartis RiskTech 100 report
SAS ranks first in two categories of Chartis RiskTech 100 reportCezar Cursaru
 
Project Risk Management PlanPurposeThis project provides .docx
Project Risk Management PlanPurposeThis project provides .docxProject Risk Management PlanPurposeThis project provides .docx
Project Risk Management PlanPurposeThis project provides .docxbriancrawford30935
 
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThe Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThoughtworks
 
Connecting erp and ecm measuring the benefits
Connecting erp and ecm measuring the benefitsConnecting erp and ecm measuring the benefits
Connecting erp and ecm measuring the benefitsVander Loto
 
Universal Association Proposal
Universal Association ProposalUniversal Association Proposal
Universal Association ProposalCheryl Litwinczuk
 

Similar to Roche pharma IS Audit and Management (20)

18 .docx
18 .docx18 .docx
18 .docx
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
 
Managing projects
Managing projectsManaging projects
Managing projects
 
Productivity Improvement In Sw Industry
Productivity Improvement In Sw IndustryProductivity Improvement In Sw Industry
Productivity Improvement In Sw Industry
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxProject Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
 
Risk Assessment And Risk Treatment
Risk Assessment And Risk TreatmentRisk Assessment And Risk Treatment
Risk Assessment And Risk Treatment
 
9 .docx
9 .docx9 .docx
9 .docx
 
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
 
Software testing services growth report oct 11
Software testing services growth report oct 11Software testing services growth report oct 11
Software testing services growth report oct 11
 
Productivity improvement through right governance
Productivity improvement through right governanceProductivity improvement through right governance
Productivity improvement through right governance
 
White paper warranty_management
White paper warranty_managementWhite paper warranty_management
White paper warranty_management
 
How Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us DownHow Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us Down
 
Guide to Software Estimation
Guide to Software EstimationGuide to Software Estimation
Guide to Software Estimation
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30
 
SAS ranks first in two categories of Chartis RiskTech 100 report
SAS ranks first in two categories of Chartis RiskTech 100 reportSAS ranks first in two categories of Chartis RiskTech 100 report
SAS ranks first in two categories of Chartis RiskTech 100 report
 
Project Risk Management PlanPurposeThis project provides .docx
Project Risk Management PlanPurposeThis project provides .docxProject Risk Management PlanPurposeThis project provides .docx
Project Risk Management PlanPurposeThis project provides .docx
 
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThe Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
 
Connecting erp and ecm measuring the benefits
Connecting erp and ecm measuring the benefitsConnecting erp and ecm measuring the benefits
Connecting erp and ecm measuring the benefits
 
Universal Association Proposal
Universal Association ProposalUniversal Association Proposal
Universal Association Proposal
 
The 10 recommended audit management solution providers, 2018
The 10 recommended audit management solution providers, 2018The 10 recommended audit management solution providers, 2018
The 10 recommended audit management solution providers, 2018
 

More from Arsalan Humayun

HR Department of a Pharma Company
HR Department of a Pharma CompanyHR Department of a Pharma Company
HR Department of a Pharma CompanyArsalan Humayun
 
ERP implementation at a Pharma company in Pakistan
ERP implementation at a Pharma company in PakistanERP implementation at a Pharma company in Pakistan
ERP implementation at a Pharma company in PakistanArsalan Humayun
 
Marketing of a pharma (Basic)
Marketing of a pharma (Basic)Marketing of a pharma (Basic)
Marketing of a pharma (Basic)Arsalan Humayun
 
lack of latest machinery causing to produce low quality drugs by local pharma...
lack of latest machinery causing to produce low quality drugs by local pharma...lack of latest machinery causing to produce low quality drugs by local pharma...
lack of latest machinery causing to produce low quality drugs by local pharma...Arsalan Humayun
 
Globalization business ethics
Globalization business ethicsGlobalization business ethics
Globalization business ethicsArsalan Humayun
 
Management practices in a pharma comoany
Management practices in a pharma comoanyManagement practices in a pharma comoany
Management practices in a pharma comoanyArsalan Humayun
 

More from Arsalan Humayun (12)

HR Department of a Pharma Company
HR Department of a Pharma CompanyHR Department of a Pharma Company
HR Department of a Pharma Company
 
ERP implementation at a Pharma company in Pakistan
ERP implementation at a Pharma company in PakistanERP implementation at a Pharma company in Pakistan
ERP implementation at a Pharma company in Pakistan
 
Marketing of a pharma (Basic)
Marketing of a pharma (Basic)Marketing of a pharma (Basic)
Marketing of a pharma (Basic)
 
lack of latest machinery causing to produce low quality drugs by local pharma...
lack of latest machinery causing to produce low quality drugs by local pharma...lack of latest machinery causing to produce low quality drugs by local pharma...
lack of latest machinery causing to produce low quality drugs by local pharma...
 
Globalization business ethics
Globalization business ethicsGlobalization business ethics
Globalization business ethics
 
Ethics of technology
Ethics of technologyEthics of technology
Ethics of technology
 
Silk bank Gap analysis
Silk bank Gap analysisSilk bank Gap analysis
Silk bank Gap analysis
 
Existence of allah
Existence of allahExistence of allah
Existence of allah
 
Management practices in a pharma comoany
Management practices in a pharma comoanyManagement practices in a pharma comoany
Management practices in a pharma comoany
 
Financial statement
Financial statementFinancial statement
Financial statement
 
Child labor in Pakistan
Child labor in PakistanChild labor in Pakistan
Child labor in Pakistan
 
POM Pharma
POM PharmaPOM Pharma
POM Pharma
 

Recently uploaded

Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...KokoStevan
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 

Recently uploaded (20)

Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

Roche pharma IS Audit and Management

  • 1. Roche Pharmaceutical IS Audit Report 2015 SUBMITTED TO: SIRMUHAMMAD ASGHARKHAN ROCHE PHARMACEUTICAL | [Companyaddress] By: Arsalan Humayun Mir Hussain Mukash Kumar Aliza Aqeel
  • 2. 1 Table of Content  PROJECT PLAN: o COMPANY INTORDUCTION……………………………………………………. 3 o WORK BREAKDOWN STRUCTURE…………………………………………..4 o CRITICAL AREA………………………………………………………………………..5 o NETWORK DIAGRAM………………………………………………………………6 o RESOURCE ALLOCATION…………………………………………………………7 o RESPONSIBILITY MATRIX………………………………………………………..8 o BUDGETING……………………………………………………………………………8  IS AUDIT PLAN: o RISK ASSISTMENT…………………………………………………………………..9  IT AUDITING RANKING TABLE……………………………………..9  AUDIT PLANNING TABLE………………………………………………9  IDENTIFY INHERENT, CONTROL AND DETECTION RISK....10  AUDIT ENGAGEMENT RISK ANALYSIS…………………………..10 o PREPARE AUDIT ENGAGEMENT PLAN………………………………………11  OBJECTIVE…………………………………………………………………….11  SCOPE……………………………………………………………………………11  CONSTRAINTS……………………………………………………………….11  COMPLIANCE AND CRITERIA………………………………………….11  APPROCH……………………………………………………………………….11  CHECKLIST……………………………………………………………………..11
  • 4. 3 Roche pharmaceutical is one of the largest and oldest pharmaceutical company of the world. It was founded by F. Hoffmann-La Roche on October 1, 1896 in Switzerland. Today, Roche creates innovative medicines and diagnostic test that help millions of patients globally. Roche pharmaceutical currently stands at 26th best in Pakistani market according to IMS. Roche has a market share of 1.08% and growth to be at -13.2%. Targeted treatments was firstly introduced by Roche pharmaceuticals. With the combined strength and diagnostics, Roche pharmaceutical is better equipped than any other company in the healthcare business. Two-third of our research and development project are being developed with companion diagnostics. Roche came in Pakistan in the year 1984. Ahmed Faraz was the managing director till 2015. Roche plant was laidin Korangi Industrial area on the outskirt of Karachi. In recent years,as Roche Pakistan strategic focus moved towards its biotechnology medicines meant for the treatment of cancer, hepatitis and chronic anemia, most of the traditional pharmaceutical business along with the factory were divested in 2010. COMPANY INTRODUCTION
  • 5. 4 Work breakdown structure of making auditing report is as follows: Work Breakdown Structure
  • 6. 5 Critical Path determines the tasks which have minimum time for their completion. In MS Project the critical path is shown in either Grant view or in the network diagram in red color. Critical path is determined when total Stack is zero. All zeros are than combined which is known as critical path and when it is drawn as a diagramthan it become network diagram. In my project the critical path is: 9-15-16-17-18-19-20-21. The network diagram is as follows: Critical Path & Network Diagram
  • 7. 6 Resource allocation helps you to allocate first your available resources for a task than it help you to define which resource to need which resource to be used to accomplish which task and how much efforts are needed to complete a task. The resources allocation is as follows: It shows the available resources, the effort required to do a certain job and what are the rates per effort. The resources are assigned to the task as follows: The above is the tasks which we assigned the resources needed. Resource Allocation
  • 8. 7 A responsibility matrix shows the number of tasks and tell you which task will be completed by whom, who will supervise the work and who will support for the completion of the task. The responsibility matrix for the group assignment is as follows: This shows who will do the tasks and who is there for support. Budgeting is what which decide what will be the costing for the completion of the task. The budget for the completion of the task given to us is: $21,196 and total daysunderwhichthe task will be completedis: 16days. Responsibility Matrix Budgeting
  • 10. 9 Riskassessmentisaprocess of evaluatingthe riskwhichmaybe involved inaprojectedactivityor undertakingi.e.itistocheckwhetherthe processwhichwe are doing,whatrisksare involvedinthat processand howwe can deal withit. IT Auditrankingtable isa table which tell accordingtothe pointswhichareais more importanttobe auditedandwhatare theirrankingof auditing. The followingisthe rankingtable whichis tell thatwhichareaswill be audited firstoryoucan say which area has more importance thatitshouldbe auditedfirst, inwhichdepartments they are significant,how manyissuesare known andhow manyInherentrisksare known. Potential Audit Audit Ranking Total points Known Issues Inherentrisk Benefits Mgmt. input Entity Control 1 30 8 6 8 8 Database 2 27 7 6 8 6 Data center 3 19 3 5 8 3 Auditplanningtable isatable whichshows thatwhicharea isauditedfirst, how longwill ittake toget auditedandwhois responsible toperformthe auditing activity. Thistable issignificant forauditingasit tell whichisresponsible to auditwhicharea. The followingisthe planningtable whichisshowingthe time frame whichtellonwhattime whicharea will be audited, wasthisareabeenaudited lasttime,if yesthanwhenand whoare responsible for auditingthatarea. Audit Area Time frame Date of last test Responsibility Database Day 1 2013 Arsalan, Mir Hussain and Aliza Entity control Day 2 2014 Arsalan, Mukash and Mir Hussain Data center ----- Never No one as it is not present Risk Assessment IT Audit ranking table Audit planning table
  • 11. 10 Auditengagementriskanalysis tellswhatare the three type of risk included inthe auditing. The three type of risksare as follows:  INHERENT RISK: Inherentriskis a riskorganizationispredisposedto. ForExample:Hacking: University isanopensystem, withnolimitations oninstalledsoftware andBYODdevices. Studenthomework mustbe protected.  CONTROL RISK: Control riskisa riskthat a control has vulnerability. ForExample:Insufficient Firewall/IPS Restrictions:Whilemuchof the universitynetwork isopen,criticaldatabases must be in a secure zone witha highlevel of restrictive access.  DETECTION RISK: Detectionriskisa risk of auditornotdetectingaproblem. ForExample: Hacker withinConfidentialZone: Thisauditmaynotdetectan infiltratedConfidential Zoneor critical vulnerability. The above three risks inherent,control anddetectionrisk involved inRoche pharmaceutical are as follows: INHERENT RISK: The inherentriskinvolved inRoche pharmaceutical is:  In pharmaceutical industry all the companiesmake the same medicineusingthe same formula and the same standards. So anycompanywhichjumpsinthisindustry will face this riskof being knockeddownasall the productsare same. CONTROL RISK: The control riskinvolvedinRoche pharmaceutical is:  R&D departmentfailstodevelop aninnovativetreatmenttogetthe competitive advantage fromthe competitors.  The formulaleakoutis alsoa risk.For R&D of a new formulacan be leakedoutto the competitors. DETECTION RISK: The detection riskinvolvedinRoche pharmaceutical is:  Change of formulawithinthe confidential zone: if aproductionmanageroranyone whois authorizedtogo inthe confidentialzone changesaformulathanit cannot be detectedby an auditor. Audit engagement Risk analysis
  • 12. 11 Auditorwhenhasto audita firm,he give a planwhichhe call it an engagementplan. Inthis he give him the detailsaboutwhatishisobjective, scope, constraints, compliance &criteria, approachandchecklist. Thishelp auditorto tell the companythatthisis whathe will auditandthisishow he will audit. Italso tell whenyouwill audit, whatwillbe yourapproachandwill be able totell whathave he has done. Auditengagementplan forRoche pharmaceutical isasfollows: Objective: Determine safetyof confidential zone entry. Scope: Penetrationtest on confidential zone formularoom. Constraints: Must be performedbefore factoryclosing. Compliance & Criteria: Employee entrypolicy,EFPIA, FDA, MHRA, GMP,GCP Approach: 1. Tester has validcredentials(‘employees’entryrecord). 2. Tester use manual and automated entry testingtools. Checklist:  The followingdatabase:CZ_Enty_Emp.  The followingsecurityattacks: force entry and fake illusionentry. Audit engagement Plan