Question 1 Techy Infrastructure & Security Pte Ltd (TIS'') was founded by Mr Ali and Mr Baba in 2008 and the company specialises in providing a diverse range of IT systems and network infrastructure management, solutions and maintenance services. TIS is a one-stop IT service provider for the IT needs of businesses including system implementation, maintenance/support services, LAN/WAN, security, server consolidation, wireless, storage, backup & archiving, disaster recovery solutions and infrastructure services TIS's IT solutions and systems is able to meet the diverse needs of different client organisations and industries. The server management team provides exceptional level of flexibility and responsive support to customers, ensuring that systems are always up and running. Over the years, TIS expanded its business and is well-recognised as a trusted partner of many local and regional businesses in Singapore and Malaysia and has a growing presence in Thailand and Indonesia. In 2013. TIS also ventured into delivery of cloud IT services, spanning strategy and design, to deployment, migration and management of IT infrastructure. Within this environment, TIS also offers 24/7 monitoring, maintenance, back-up and recovery solutions. TIS is working towards full compliance with the MAS TRM guidelines TRM-Guidelines-18- January-2021.pdf (mas.gov.sg) (Monetary Authority of Singapore Technology Risks Management Guidelines) and the Singapore Business Continuity Standard SS540:2008. As founders of the business, Mr Ali and Mr Baba has deep knowledge and expertise in the business including the solutions and services offered and are very hands-on in all aspects of the business. In 2016, a global investor, Global Tech Services Inc. ("GTI") acquired a 51% stake in TIS, leveraging on its expertise to bolster the group's businesses in multi-cloud and digital capabilities. The investment allows GTI to capitalise on increased digital transformation adoption in Asia, specifically within the enterprise space. Asian governments and companies are embracing digital innovation and this drives the demand for advanced artificial intelligence (AI) and cloud services. GIS plans to list TIS on The Singapore Exchange ("SGX) within the next 2-3 years. Currently. Mr Ali is the CEO and Mr Baba is the COO. The CEO oversees the Business Development, Human Resource, Finance and Marketing functions while the COO is in charge of Sales and Service Operations. Product and Solutions Development, Turnkey Projects & Solutions and IT Security & Operations. TIS has been has been very successful under the helm of Mr Ali and Mr Baba and its annual profits have grown by 5-10% each year over the past five years. The company's Board has given the CEO a free rein in managing the business. In 2019, TIS established an office in Vietnam and worked with a local Joint Venture (JV) partner who is a long time business associate and friend of Mr Ali. TIS contributed a capital of S$6m to invest in IT infrastructure and the IV has an annual operating budget of S$3 mil a year. However, for the past 2 years, the JV has not been able to secure the target group of customers and has yet to breakeven after 2 years. The newly appointed Board Chairman thinks that the Board has not been very effective. The Board members, include some highly qualified non-executives directors (NED) who collectively have a broad range of knowledge, experience and skills. However, the Board is not functioning as well as it should be and the Company Secretary had also shared with the Chairman there that Board has not been reviewing and managing the performance of the Vietnam business sufficiently. Explanations from the CEO to the Board about business performance especially in Vietnam, had been accepted without much questioning from any of the Board members. In addition, the CEO and the management team appear to take too many decisions without referring the matter in the first instance to the Board. The Board Chairman had a conversation with the Finance Manager when reviewing the financial performance of TIS. He has gathered that: The CEO and COO approve each other claims and it had also been brought to his attention that some travel and entertainment expenses appear excessive and supporting receipts are not complete. The Payroll Officer reports to the CEO and is not very experienced in Human Resource management (HRM) and largely works under the direction of the CEO on HRM and payroll matters. Appraisal reviews had been informal. Annual bonuses and increments were proposed by the COO, approved by the CEO and presented to Board and minuted as approved during the Board meetings. This includes the CEO and COO's remuneration. . Monthly financial reports are reviewed and approved by the CEO. All sales adjustments e.g. credit notes for sales adjustments, customer discounts and waivers are approved by the CEO. Both the CEO and COO have full access to the company's ERP system which includes the finance and management reporting, services order management, billings, procurement and fixed asset management modules. (a) Discuss what the possible weaknesses are in the board room practice and board room behaviour of TIS and develop recommendations for improvements that could create a more effective Board. (8 marks) (b) Based on the information provided in the case, discuss and develop your recommendations on what are the possible areas of improvements that can be made on the other govemance aspects of TIS, including the oversight and management structure for the enterprise risk management (ERM). (12 marks) (c) The new Board Chair has engaged you as an Internal Control Consultant to evaluate and identify the gaps in the current internal control framework of TIS and develop your recommendations for improvement of TIS internal controls on an entity level basis*. This will help prepare TIS for its listing on the SGX in 2-3 years' time. Once listed, TIS will need to comply with the SGX Listing Rule 1207(10) which requires the Board of Directors to give an annual opinion on the adequacy and effectiveness systems of internal control and risk management. * The detailed review of internal controls at the business process or functions does not need to be covered in your review as it will be undertaken as a separate exercise by the Internal Audit function that TIS plans to establish. (20 marks) (d) Based on the business and operating functions within TIS, design and develop the financial and operating authority limits policy that would be relevant for the business, indicating the different levels of authority to be considered in the different categories of financial and operating transactions (12 marks) (e) Effective management technology risks is critical for the business of TIS to mitigate risks of service disruptions and ensure systems security and availability. Appraise and assess what are the key risks and the mitigating measures that should be established by TIS. (18 marks) (f) Evaluate and identify what are the key control objectives for Business Continuity Management of TIS and the corresponding internal control measures that are relevant for the business. (16 marks) (g) Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin. It has become a significant threat to businesses and individuals in recent years. Victims are at risk of losing their files, but may also experience financial loss due to paying the ransom. lost productivity, IT costs, legal fees and network modifications. Design a ransomware incident management and recovery framework for TIS. (14 marks) Question 1 Techy Infrastructure & Security Pte Ltd (TIS'') was founded by Mr Ali and Mr Baba in 2008 and the company specialises in providing a diverse range of IT systems and network infrastructure management, solutions and maintenance services. TIS is a one-stop IT service provider for the IT needs of businesses including system implementation, maintenance/support services, LAN/WAN, security, server consolidation, wireless, storage, backup & archiving, disaster recovery solutions and infrastructure services TIS's IT solutions and systems is able to meet the diverse needs of different client organisations and industries. The server management team provides exceptional level of flexibility and responsive support to customers, ensuring that systems are always up and running. Over the years, TIS expanded its business and is well-recognised as a trusted partner of many local and regional businesses in Singapore and Malaysia and has a growing presence in Thailand and Indonesia. In 2013. TIS also ventured into delivery of cloud IT services, spanning strategy and design, to deployment, migration and management of IT infrastructure. Within this environment, TIS also offers 24/7 monitoring, maintenance, back-up and recovery solutions. TIS is working towards full compliance with the MAS TRM guidelines TRM-Guidelines-18- January-2021.pdf (mas.gov.sg) (Monetary Authority of Singapore Technology Risks Management Guidelines) and the Singapore Business Continuity Standard SS540:2008. As founders of the business, Mr Ali and Mr Baba has deep knowledge and expertise in the business including the solutions and services offered and are very hands-on in all aspects of the business. In 2016, a global investor, Global Tech Services Inc. ("GTI") acquired a 51% stake in TIS, leveraging on its expertise to bolster the group's businesses in multi-cloud and digital capabilities. The investment allows GTI to capitalise on increased digital transformation adoption in Asia, specifically within the enterprise space. Asian governments and companies are embracing digital innovation and this drives the demand for advanced artificial intelligence (AI) and cloud services. GIS plans to list TIS on The Singapore Exchange ("SGX) within the next 2-3 years. Currently. Mr Ali is the CEO and Mr Baba is the COO. The CEO oversees the Business Development, Human Resource, Finance and Marketing functions while the COO is in charge of Sales and Service Operations. Product and Solutions Development, Turnkey Projects & Solutions and IT Security & Operations. TIS has been has been very successful under the helm of Mr Ali and Mr Baba and its annual profits have grown by 5-10% each year over the past five years. The company's Board has given the CEO a free rein in managing the business. In 2019, TIS established an office in Vietnam and worked with a local Joint Venture (JV) partner who is a long time business associate and friend of Mr Ali. TIS contributed a capital of S$6m to invest in IT infrastructure and the IV has an annual operating budget of S$3 mil a year. However, for the past 2 years, the JV has not been able to secure the target group of customers and has yet to breakeven after 2 years. The newly appointed Board Chairman thinks that the Board has not been very effective. The Board members, include some highly qualified non-executives directors (NED) who collectively have a broad range of knowledge, experience and skills. However, the Board is not functioning as well as it should be and the Company Secretary had also shared with the Chairman there that Board has not been reviewing and managing the performance of the Vietnam business sufficiently. Explanations from the CEO to the Board about business performance especially in Vietnam, had been accepted without much questioning from any of the Board members. In addition, the CEO and the management team appear to take too many decisions without referring the matter in the first instance to the Board. The Board Chairman had a conversation with the Finance Manager when reviewing the financial performance of TIS. He has gathered that: The CEO and COO approve each other claims and it had also been brought to his attention that some travel and entertainment expenses appear excessive and supporting receipts are not complete. The Payroll Officer reports to the CEO and is not very experienced in Human Resource management (HRM) and largely works under the direction of the CEO on HRM and payroll matters. Appraisal reviews had been informal. Annual bonuses and increments were proposed by the COO, approved by the CEO and presented to Board and minuted as approved during the Board meetings. This includes the CEO and COO's remuneration. . Monthly financial reports are reviewed and approved by the CEO. All sales adjustments e.g. credit notes for sales adjustments, customer discounts and waivers are approved by the CEO. Both the CEO and COO have full access to the company's ERP system which includes the finance and management reporting, services order management, billings, procurement and fixed asset management modules. (a) Discuss what the possible weaknesses are in the board room practice and board room behaviour of TIS and develop recommendations for improvements that could create a more effective Board. (8 marks) (b) Based on the information provided in the case, discuss and develop your recommendations on what are the possible areas of improvements that can be made on the other govemance aspects of TIS, including the oversight and management structure for the enterprise risk management (ERM). (12 marks) (c) The new Board Chair has engaged you as an Internal Control Consultant to evaluate and identify the gaps in the current internal control framework of TIS and develop your recommendations for improvement of TIS internal controls on an entity level basis*. This will help prepare TIS for its listing on the SGX in 2-3 years' time. Once listed, TIS will need to comply with the SGX Listing Rule 1207(10) which requires the Board of Directors to give an annual opinion on the adequacy and effectiveness systems of internal control and risk management. * The detailed review of internal controls at the business process or functions does not need to be covered in your review as it will be undertaken as a separate exercise by the Internal Audit function that TIS plans to establish. (20 marks) (d) Based on the business and operating functions within TIS, design and develop the financial and operating authority limits policy that would be relevant for the business, indicating the different levels of authority to be considered in the different categories of financial and operating transactions (12 marks) (e) Effective management technology risks is critical for the business of TIS to mitigate risks of service disruptions and ensure systems security and availability. Appraise and assess what are the key risks and the mitigating measures that should be established by TIS. (18 marks) (f) Evaluate and identify what are the key control objectives for Business Continuity Management of TIS and the corresponding internal control measures that are relevant for the business. (16 marks) (g) Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin. It has become a significant threat to businesses and individuals in recent years. Victims are at risk of losing their files, but may also experience financial loss due to paying the ransom. lost productivity, IT costs, legal fees and network modifications. Design a ransomware incident management and recovery framework for TIS. (14 marks)