STRATEGIC HUMAN

RESOURCE
PROJECT REPORT

ASSIGNED BY: DR. ATIF AZIZ

Sidat Hyder Morshed Associates (Pvt) Ltd

GROUP MEMBERS:

ANUM AHMER (64331)

AREEBA NADEEM (62895)

SIMREN SAYANI (62824)

SUMEKA BEDI (62823)

Table of Contents

INTRODUCTION:...................................................................................................................3

HISTORY:.................................................................................................................................4

SERVICES:...............................................................................................................................4

Employee Benefit Planning..................................................................................................4

Pension, Gratuity, Provident Fund and Benevolent Fund Schemes................................5

Medical Benefits....................................................................................................................5

Group Life and Disability Benefits.....................................................................................6

PERFORMANCE APPRAISAL……………………………………………………………..6
ACTUARIAL AND INSURANCE SYSTEMS CONSULTING:............................................7

Insurance Consulting...........................................................................................................7

Employee Benefit Planning..................................................................................................7

Insurance Solutions..............................................................................................................7

HR CONSULTING...................................................................................................................7

Major Projects......................................................................................................................8
RECRUITMENT & SELECTION………………………………………………………….8
ASSESSMENTS & PSYCHOMETRIC TESTING.................................................................8

Assessment Center and Development Center....................................................................9

Psychometric Testing...........................................................................................................9

COMPENSATION & REWARD MANAGEMENT:............................................................10

Compensation Surveys.......................................................................................................11

Compensation Structure Design.......................................................................................11

Executive Compensation....................................................................................................11

TRAINING & DEVELOPMENT:.........................................................................................11

Conferences and Seminars.................................................................................................12

TRAINING SERVICES:........................................................................................................12

1|Page
 In-house Training Programs.............................................................................................13

Standard Courses...............................................................................................................13

Tailored Courses.................................................................................................................13

Training Consultancy.........................................................................................................13

OUTSOURCING SERVICES:...............................................................................................14

AUDIT AND ASSURANCE SERVICES:.............................................................................15

Information Systems Audit................................................................................................15

Information Security Audit...............................................................................................16

Penetration Testing / Ethical Hacking..............................................................................17

Internal Penetration Testing.............................................................................................17

External Penetration Testing.............................................................................................18

Network Security Assessment...........................................................................................18

Internal Audit Outsourcing...............................................................................................19

Forensic Analysis................................................................................................................20

QUESTIONNAIRE................................................................................................................21

2|Page
INTRODUCTION:

Sidat Hyder Morshed Associates (Pvt) Ltd is a management consulting, technology services

and outsourcing practice established and operating since 1986.

As Actuaries SHMA offer services for Pension, gratuity, Provident fund and Benevolent

funds, Medical benefits, Group life and disability benefits and more. With a multi-

disciplinary team of professionals, SHMA offer a full range of HR services to assist clients in

attracting, retaining, motivating and developing an optimum mix of people. Their Business

Systems Consulting practice, leads with dedicated teams on SAP, Oracle and BPCS.

Their specialty areas are Information Systems Strategic Planning, Business Process

Reengineering and Vendor Assessment & Selection.

As a group, SHMA also enjoy technology partnerships with Oracle, Microsoft, Sybase and

SSA Global Technologies.

Their strength is in their proven ability to execute large turnkey projects including

customized/bespoke software development. They offer a tried, tested, proven and well-

groomed team for offshore and near shore development projects.

Simplicity, modern technology and cost efficiency are three key attributes that SHMA

Information Solutions practice embeds into each and every software product to meet the ever

changing and growing demands of their customers.

Committed to delivering innovation, SHMA collaborates with its clients to help them become

high-performance businesses and governments. With deep industry and business process

expertise, access to broad global resources and a proven track record, they can mobilize the

right people, skills, and technologies to help their clients improve their performance.

Their core specialty areas include:

3|Page
  Strategic Human Resource Consulting

 Actuarial & Insurance Consulting

 Business Systems Consulting

 Information Solutions & Services

HISTORY:

Sidat Hyder Morshed Associates (Pvt) Ltd completed its 25 years of operations in February

2011.

Incorporated as the Management Consulting arm of an associated firm of chartered

accountants (then Sidat Hyder Aslam & Company), the company served as a representative

firm of Arthur Andersen here in Pakistan and subsequently as a member of Ernst & Young

International together with an associated firm of chartered accountants (now Ernst & Young

Ford Rhodes Sidat Hyder & Co*). Effective 01 November 2005, SHMA totally separated

from Ernst & Young Ford Rhodes Sidat Hyder and became independent of Ernst & Young.

This new dimension has extended their frontiers and opened up new practice areas for the

firm which has significantly increased its international presence since the separation.

*Sidat Hyder Morshed Associates and Ernst & Young Ford Rhodes Sidat Hyder are

independent firms with totally independent ownership and management.

SERVICES:

Employee Benefit Planning

With increasing awareness in the HR market and growing competition among employers for

competent employees, employee benefit schemes as part of the total compensation package

have assumed a highly significant consideration. The need for such schemes is accentuated

by cultural and moral factors and also the vagaries of modern day living shrouded in a variety

of uncertainties of personal losses and distress. No less important is the manner in which such

4|Page
schemes are articulated with optimized tax effectiveness, both, to the employer and employee

and the way these are communicated to the employees at large.

The monetary, tax and relevant legal issues of compensation and retirement benefits involve

decisions of immediate and far reaching consequence from the standpoint of industry

competitiveness and bottom-line management that no business enterprise can afford to be

passive or indifferent in availing consistently high-quality professional expertise and

experience relevant to the subject.

A well-defined Employee Benefit plan analyzes employee exposure in various areas such as

retirement, death, disability, medical expenses and other possible risk areas. A complete

solution for this requires an integrated approach in benefits planning considering all other

aspects of compensation structures as well. Actuarial and insurance management services

combined with other expertise provide the following services relating to employee benefit

plans:

Pension, Gratuity, Provident Fund and Benevolent Fund Schemes

 Designing of a comprehensive and tax efficient Retirement Benefits plan

 Actuarial Valuation of Retirement Benefit Schemes to work out funding requirements

 Drafting of Trust Deeds and Rules and setting up of a Trust Fund

 Approval from Income Tax authorities to maximize the tax advantages

 Assets valuation and Investment advice to maximize yield on funds

 Benefits communication booklets for better appreciation and understanding of each

benefit

Medical Benefits

 Designing of Benefit Structure to cover the employee’s financial risk exposure and

optimize the return of the employer spending on this key employee benefit

 Cost Containment Strategies for Medical Plans to control costs and abuses
5|Page
  Claims Administration Services and Systems for self-managed schemes

 Evaluation of Medical Insurance Proposals of different Insurance Companies and

negotiations to obtain the best terms

 Evaluation of Self-insurance as an alternative

 Benefits communication booklets

Group Life and Disability Benefits

 Designing of Benefit Structure to cover financial risk from death or disability of an

employee

 Evaluation of Group Insurance proposals of different Insurance Companies and

negotiations to obtain the best terms

 Evaluation of self-insurance as an alternative

 Benefits communication booklets

PERFORMANCE APPRAISAL

Performance appraisals are generally conducted once a year, with a single appraiser. They are

using competencies, KPIs and interactive face to face discussions as the main features of their

performance appraisal systems. About 28% competency-based skills are present in their

appraisals. They conduct trainings on performance management. The performance appraisal

process takes on average, 2 to 3 months. They are using the forced bell curve, and 66%

respondents use a 5-point scale for their appraisals.

6|Page
ACTUARIAL AND INSURANCE SYSTEMS CONSULTING:

Human capital management by any organization, regardless of its size or nature, aims to

achieve the twin objectives of consistently addressing employee compensation and benefit

schemes as also the retirement plans in all its comprehensive dimensions relying heavily on

actuaries acting in concert with other related disciplines, such as tax experts, HR specialists,

financial and management experts.

In particular, companies engaged in the business of life and general insurance, health and

welfare benefit services require insurance-industry-specific knowledge and expertise to deal

with complex and multi-faceted issues having current and potential financial implications.

The Actuarial and Insurance systems consulting practice is broadly segmented into the

following core specialty areas:

Insurance Consulting

 Specialty in Takaful based life products

 Life insurance consulting

 General insurance consulting

Employee Benefit Planning

 Pension, Gratuity, Provident Fund and Benevolent Fund Schemes

 Medical Benefits

7|Page
  Group Life and Disability Benefits

Insurance Solutions

SHMA Insurance Solutions for Life group Life and General Insurance embodies years of

cumulative experience in design and implementation of automated insurance solutions.

their rare combination of Actuarial and IT professionals under one umbrella serves as a major

strength to address the business needs and user requirements from both the functional and

technical aspects. Engaged with the Insurance sector and across region, their consultants

bring with them considerable value addition resulting in software implementation and

positive returns on their client’s investment.

HR CONSULTING

Sidat Hyder has a dedicated Human Resources Consulting Practice. It comprises a multi-

disciplinary team of professionals who believe in working with clients using participative

methodologies and tools, which are simultaneously adaptive and structured. We offer a full

range of HR services to assist clients in attracting; retaining, motivating and developing an

optimum mix of people, including manpower outsourcing services.

The emphasis is on the need to develop an HR culture wherein HR strategies are

synchronized with the overall business strategy of the enterprise. Their objective is to ensure

that the HR function is handled by suitably qualified professionals who compete for corporate

resources and contribute to the bottom-line. Such an approach is essential if HR is to occupy

a place in the corporate boardroom along with marketing, production and finance. We are

confident that once this happens, training and development efforts will be regarded as

an investment in human capital and treated as a key business decision from which return is

maximized for sustained growth.

8|Page
Their mission is to work with clients to reinforce an HR culture, wherein investment in

Human Capital is a key business decision from which return is maximized for sustained

growth.

Major Projects

 Institutional Strengthening Studies

 Manpower Outsourcing Services

 Manpower Transition Studies

 HR Due Diligence

 HR Audit (people and/or process audit)

 Organization Design and Structuring

 Job Analysis and Design

 Workload Analysis Study

 Redundancy Plans

RECRUITMENT

Recruitment is a comprehensive module taking care of the recruitment process starting from

job requests placed by department managers to candidate selection and orientation.

ONLINE-CV COMPONENT

Online-CV is a web hosted component designed for capturing applicant CVs electronically.

The idea of this component is to provide a secure databank that can be searched on demand

for best suited candidates. Candidates can create and update their CVs using their own login

id, password.

EXTENSIVE SEARCH FACILITY

9|Page
Extensive search facility to find desired candidates in applicant database using parameters

like qualifications (professional, academic), experience, skills, other parameters like age,

gender etc. You can perform strict search using parameter values defined in job code

alternatively you can create custom search by specifying parameter values that are different

from job code parameter values.

ASSESMENT SCHEDULES AND CANDIDATE EVALUTAIONS

Assessment schedules can be generated for candidates selected from databank. Candidate

evaluations can be performed by using custom defined interview sheets, MCQ's, job related

tests.

ASSESSMENTS & PSYCHOMETRIC TESTING

High performance corporate entities benefit tremendously by employing objective, thorough

and standardized assessment tools in order to make better decisions vis-a-vis recruitment,

promotion, employee development, career planning and reward management. These decisions

are helpful to organizations in meeting current workforce needs and in planning for future

aspirations.

SHMA offers different combinations of assessment services to cater to specific client needs,

based on their unique requirements. These tools have been acquired and adapted or developed

in-house through research and their industry experience, ensuring a high level! of validity and

objectivity.

Assessment Center and Development Center

Depending on client’s specific requirements, we design and deliver Assessment or

Development Center solutions which typically involves a one or two-day intervention. The

design/content of an assessment or development center may differ depending on the

objectives and purpose. Their methodology ensures that each competency is measured in

10 | P a g e
multiple exercises / tests and each participant is observed by multiple assessors to ensure a

consistent high quality and objective assessment.

In addition, an assessment or development center may also employ the following:

 Behavioral Interview

 Psychometric tests (ability and personality)

 Feedback Session

We emphasize on the use of behavioral interviewing techniques with a view to minimize

subjectivity. The focus is on past behavior that may be used to infer and predict future

behavior of the employee. Interviewing as an assessment technique may either be employed

as a stand-alone technique or may be coupled with other assessment techniques, depending

on the client's requirement.

One to one discussion, and interviews are also used in client engagements requiring work

relationship counseling, stress counseling, career counseling and motivational counseling.

Psychometric Testing

We believe that Psychometric Tests are a powerful and versatile assessment tool, and we

subscribe to their increasing use by organizations for enhancing the quality of assessment and

development of employees. Their in-house psychologists are trained and qualified to identify,

administer and interpret psychometric tests and we keep ourselves abreast of emerging

additions to the battery of tests available in the international market.

Over the years, clients have engaged us to conduct different personality and ability tests on

existing and potential employees. The increasing frequency and volume of test administered

has now prompted their in-house team to focus attention on developing culture-based norms

which may be more relevant in the local context in situations requiring us to predict job

performance on the basis of local norms. Their team is in the process of developing these

norms.

11 | P a g e
COMPENSATION & REWARD MANAGEMENT:

Employee compensation issues typically dealt with by Human Resources Practice address

questions such as:

 Compensation strategies and policies in line with competitive trends and responsive to

domestic and cultural needs.

 Allowances, benefits and perquisites and the retirement plan sensitive to the corporate

objectives and their realization.

 Compensation practices competitive and cost effective and yet responsive to corporate

goals and philosophy.

 Compensation packages responsive to the advantages and benefits conferred by the

tax law for optimization of tax benefits.

 Employment contracts and documentation of retirement schemes designed in a

manner benefiting the business enterprise and the employees.

The Compensation Management services provided by the HR Consulting Practice of SHMA

can assist clients in ensuring that clients compensation structures and practices are consistent

with market norms and trends and are internally consistent across functions and at various

hierarchical levels.

Compensation Surveys

Discover what the latest trends in compensation are in the market and in your industry. We

conduct compensation surveys specifically designed and conducted to measure how you

stand with respect to the market and to your competition. Make an informed decision about

your company and about the future of your employees.

Compensation Structure Design

The HR Consulting Practice and SHMA is routinely called upon to design compensation

structures and benefits packages for their clients. Their approach to is to ensure that the

12 | P a g e
structure thus created for the client is internally consistent with the organization's own goals

and objectives externally responsive to changes in the market place. We try to ensure that the

designed compensation and benefits structure conforms not only to industry norms but also

rewards initiative and productivity from the employees. But above all else, we ensure that the

structure you receive from us is geared to help you attract and retain the quality manpower

you need to succeed.

Executive Compensation

Executive Compensation is key component of the Compensation Management services

offered by the HR Consulting Practice at SHMA. Decision makers and Boards of Directors

determine the ideal balance by which senior executives are to be attracted and compensated.

Some of the key considerations we evaluate when designing an executive compensation

package include governance, equity and shareholding, profit sharing, bonuses, memberships,

perks and privileges.

SALARY (COMPENSATION) ACTION PLANNING:

 Experience required on current post

 Experience required on similar post

 Promote if Assessment score >=75%

 Increase Salary if Assessment score >=60%

KEY ISSUES IN COMPENSATION

The market is highly volatile due to stiff competition for skills in demand. There have been
many cases where employees have been offered twice their existing pay as premium to
change employment.
● Cost of manpower increasing at a high rate due to the tendency to outbid competition.
● The structuring of total compensation package is gaining enhanced focus as employees are

13 | P a g e
demonstrating preference for cash components more than perks and “end of employment”
benefits, while Employers are looking for lower fixed salary budget and more variable
pay/incentive based pays.

POSSIBLE SOLUTIONS

To advise on pay policy

● To attract and retain
talent
● To maintain internal and
external consistency
● To keep up with the competition
Establish compensation levels and reward practices
● Keep an eye on market trends
● Follow on compensation developments

TRAINING & DEVELOPMENT:

Training is a huge investment for organizations and the Return on Investment must be more

than equivalent.

Their Training and Development Programs focus on enhancing the skills, competencies, and

knowledge of human capital deployed in client organizations through in-house and open

audience workshops and programs. A training calendar for the year is prepared offering a

variety of open-audience workshops and nominations are received from different

organizations who wish to participate in the programs.

In addition to the "open audience" courses offered by SHMA in the Training Calendar for

the year, they are available to develop specific tailor-made training interventions for specific

clients as and when required.

14 | P a g e
Conferences and Seminars

SHMA also manages events for corporate clients. These events essentially feature as

sponsored conferences and Seminars on a variety of topics which are either selected by the

sponsoring clients or are initiated proactively by SHMA.

Some of the recent events organized / managed by SHMA include the following:

 Best Practices Day (Annual Event)

 Roadmap for Strategic HR Management

 Strengthening Professional Management

 Use of Psychometric Tools

 SMEs - The Future of Pakistan

 Public Sector Transformation - Success Stories

TRAINING SERVICES:

Investment in Human Capital is a key business decision which enables the maximization of

returns through sustained growth. Keeping this in view, we at Sidat Hyder Morshed

Associates have been actively involved in developing and delivering in-house trainings

customized to meet client requirements, as well as open-audience trainings conducted for the

professional development of personnel belonging to various organizations.

In-house Training Programs

We conduct in-house training programs for organizations that are interested in training larger

groups of employees in various technical and soft skills. The logistics, venue etc. for these

courses may be arranged by yourself or by us, depending on your preference. Since different

clients have different training requirements, we provide mainly two types of in-house training

programs, as follows:

15 | P a g e
Standard Courses

The course content and format are based on the open audience programs. Minor

modifications are made to ensure that the program is fit for your organization.

Tailored Courses

The course length, content and format are tailored to reflect the nature of your business and

specific requirements. Case studies and scenarios related to your organization may be

incorporated to reflect practical and real issues happening in your organization.

Training Consultancy

Before you decide what training courses your employees should attend, you have to be aware

of the areas in which they require skill improvement. Such an approach helps to ensure that

your training investment is targeted. We offer consultancy services in conducting Training

Needs Assessments (TNA) for organizations, to help you in identifying the skill gaps of your

employees.

In addition, we can help you to assess the effectiveness of your training interventions, by

conducting a Post-training Effectiveness Evaluation. Such tools can help you to assess the

effect that training is having on actual skills improvement in your organization.

We may also join hands with you to devise a comprehensive Training Strategy for your

organization, starting with a TNA, a training implementation plan as well as a Post-Training

Effectiveness Evaluation. Such a strategy will enable you to focus on Employee

Development in a structured and planned manner, with a focus on maximizing return on

training investment.

OUTSOURCING SERVICES:

There is an increasing trend for sound business reasons for managements of large and small

companies alike, including the dot-coms, to concentrate their resources and energies on core

16 | P a g e
business activities and strategies by availing and hiring external professional help for

undertaking certain non-core activities, routine functions, processes and activities.

Outsourcing has thus come to be recognized as a distinct class of service in itself prompted

by considerations of cost control, judicious use of enterprise’s own human capital and

conservation of its own valuable time and resources for focusing on sound business planning

and execution of action for excelling in performance and profitability.

Outsourcing of non-core activities and functions, on a complete or partial basis, customized

to the specific needs of various clients, have assumed a wide dimension embracing

multifarious tasks and services which include:

 Managing finance and accounting department

 Undertaking book keeping and accounting tasks, both manual and technology-based

systems including preparation and processing of underlying documents

 Payroll preparation and related services

 Internal audit on a comprehensive, continuing or need-specific basis restricted to

specific departments, divisions, functions and activities prompted by risk orientation

and risk assessment.

 Staff secondment on short- or long-term basis for carrying out various designated

functions under management’s own control and supervision

 Processing of high-volume transactions involving repetitive functions and processes,

such as data input for stand-alone or networking solutions.

 Preparation and handling of:

o - Monthly and periodical returns/statements prescribed under Income Tax

Law.

o - Withholding tax statements, challans and related tasks.

17 | P a g e
 o - Monthly and quarterly sales tax returns and reconciliations with related

records.

o - Handling of expatriates’ executive remuneration matters.

 Support services to international lending and donor agencies

 Computer facility management

o - Management of computer department

o - Provision of support, contract staff and data entry operators

o - Documentation

 Assistance and coordination in determining and handling payment and tax aspects of

dues payable to employees under severance and retirement benefit schemes, “Golden

Handshake Schemes” or any other voluntary retirement or severance scheme.

AUDIT AND ASSURANCE SERVICES:

Information Systems Audit

SHMA’s Technology Risk Management practice provides Information Systems Audit

services to its clients; their audit approach is based on a defined audit framework referencing

CobiT Framework and Audit Guidelines. Their IS Audit service provides management and

business process owners with assurance and advice regarding controls in the organization;

provides reasonable assurance that relevant control objectives are being met; identify where

there are significant weaknesses in those controls; substantiate the risk that may be associated

with such weaknesses; and, finally, advise the executive management on the corrective

actions that should be taken.

Each IS Audit assignment is scoped vigilantly by their team and is tailored according to the

client’s business requirements and defined audit objectives

18 | P a g e
CobiT provides clear policies and good practices for control and security of information and

related technology. The audit process applies CobiT’s recommended detailed control

objectives to provide management assurance and/or advice for improvement.

The Information Systems audit comprises the following broad sections;

CobiT, helps meet multiple needs of management by bridging the gaps between business

risks, control needs and technical issues. It provides good practices across a domain and

process framework and presents activities in a manageable and logical structure.

Information Security Audit

Information security audit is a systematic, measurable technical assessment of how the

organization's information systems security is employed throughout the organization or a

specific site. Information security audit is performed through understanding the information

technology environment by conducting interviews, vulnerability scans, examination of

system settings, network and communication analyses, and historical data.

The objective to conduct the Information Security Audit is to determine the information

systems and information technology control weaknesses, i.e. security level of the Servers,

Software’s, Business Applications, OS & Databases, and Network & Communications;

identify the weaknesses if any; and make recommendations for improvements. Their

Information Security Audit’s main focus is to:

 Highlight the level of compliance;

 List vulnerabilities and associated risks;

 Identify high risk areas requiring immediate attention;

 Recommend remedial countermeasures and improvements, including security best

practices and infrastructure;

 Identify requirements for improving your security policies; and other required

measures.

19 | P a g e
Penetration Testing / Ethical Hacking

Network Penetration Testing is the process of proactively identifying and evaluating the

information security risks to information assets. It is performed by attempting to gain access

to a network, systems and data through activities simulating attacks from various threat

groups. The overall objectives of this activity are:

 To perform a detailed analysis of current exposure to breaches that threatens

information assets.

 To provide an outsider's point-of-view of the information security practices in place.

 To review the configuration of access points & wireless networks.

 To conduct vulnerability testing of access points and to validate the perimeters of

wireless networks.

 To determine the degree of exposure and identify the problems with the network,

including downtime, poor performance of network applications and any other security

weaknesses.

We perform Network & Perimeter Security Assessment of the organization, which include a

complete network security assessment, exposing to any / all vulnerabilities. These

vulnerabilities may be exposed from internal or external sources.

Internal Penetration Testing

A thorough study of internal network infrastructure is performed. This includes the review of

the critical information assets, network topology, security policies of network devices

including firewall, routers, IDS etc and security policies of servers located inside the network.

A detailed analysis is also performed focusing on current exposure to breaches that threatens

information assets.

Wireless technologies pose unique threats because their signals propagate outside physical

boundaries and are therefore difficult to control. Weakness in configurations and security

20 | P a g e
protocols allow for unauthorized eavesdropping and easy access. We conduct a vulnerability

testing of access points and validate the perimeters of wireless networks.

External Penetration Testing

We perform the external testing of network components which are accessible via public IPs.

The tests involve discovering weaknesses in the following four key components of the

Information Systems infrastructure:

 The Network architecture and components, including the networking devices like

routers, switches and firewalls;

 The Servers, including the underlying operating systems, web servers and transaction

servers;

 The Database Management Systems; and

 The applications, including transactional components, if any.

SHMA uses the international standards and techniques for network penetration testing. We

use various renowned tools as well as their customized testing scripts while performing the

penetration testing.

Network Security Assessment

Securing and operating today’s complex systems is challenging and demanding. No matter

how well a given system may have been developed, the nature of today’s complex systems

with large volumes of code, complex internal interactions, interoperability with uncertain

external components, unknown interdependencies coupled with vendor cost and schedule

pressures, means that exploitable flaws will always be present or surface over time.

Network security assessment is an essential component of improving the security posture of

your organization. Organizations that have an organized, systematic, comprehensive, on-

going, and priority driven network security assessment program are in a much better position

to make prudent investments to enhance the security posture of their systems.

21 | P a g e
The additional costs for performing network security assessment are offset by;

 The identification of existing security vulnerabilities of the organization;

 Improved security practices or infrastructure;

 Identification of required controls and hence minimization of risks of future security

breaches; and

 Overall reduction in the costs incurred for incident response.

SHMA uses the international standard and framework such as CobiT for network security

assessment. We perform a network security assessment which includes the review of the

critical information assets, network topology, security policies of network devices including

firewall, routers, IDS etc and security policies of servers.

Internal Audit Outsourcing

In the recent years, the needs of internal audit are increasing and vary from organization to

organization due to demand of high level of services and expertise. Many organizations

prefer to outsource internal audit function because of its benefits. Internal audit outsourcing

gives the following benefits:

 It offers potential cost benefits.

 It reduces overlapping positions and audit effort by creating more flexibility in

increasing and decreasing workloads.

 It allows an organization to replace “fixed” cost with “variable” fees for services.

 Finally, it provides a wide range of expertise that would be too expensive for an

organization to maintain internally.

SHMA covers all needs of internal audit under a continuous, full-service outsourcing

arrangement. SHMA reports to an appropriate corporate officer in order to assure the proper

degree of objectivity and independence.

22 | P a g e
SHMA uses its standard methodology for internal auditing and covers organization’s existing

methodology as the framework for internal auditing. SHMA’s internal audit service provides

the following benefits:

 Provides assurance to external parties and compliance with applicable laws and

regulations.

 Provides completely independent process and IT internal audit sourcing capabilities

using industry leading practices.

 Provides deep technical and analytical skills related to core process and related

control assessments.

 Eliminates the time and cost associated with sourcing, hiring, training, and retaining

skilled personnel in non-core competency areas.

 Enables management to focus on more strategic initiatives, improving resource

utilization.

Forensic Analysis

Forensic Analysis is the process of capturing, processing, preservation, and analysis of

information obtained from a system, network, application, or other computing resource, to

determine the source of an attack on those resources. These activities are undertaken in the

course of a computer forensic investigation of a perceived or actual attack on computer

resources.

The primary goals of the forensic analysis process are;

 To help participants determine when, how and what undesirable events occurred.

 To gather, process, store, and preserve evidence to support the prosecution of the

culprit(s) if required.

 To use that knowledge to prevent future occurrences.

 To determine the motivation and intent of the attackers.

23 | P a g e
During the forensic analysis, we work closely with the client organization to define a list of

data sources to focus on, based on the dynamics of the case. Sometimes it is necessary to

analyze a large number of machines, or sometimes focusing on a few key data sources is

sufficient.

We follow a methodical approach to draw conclusions based on the available data, and

determine the conclusion. The analysis includes identifying people, places, items, and events,

and determining how they are related so that a conclusion can be reached. Often this includes

correlating data among multiple sources.

24 | P a g e
QUESTIONNAIRE

2. What strategies do you implement for your organization?

Change is the most important strategy in Sidat Hyder Associates. Change can often be a good
thing, it's something that many individuals are uncomfortable with, or even fear, But in
SHMA employees understand where the organization is, where it's been, and where it's
going. So, they do not. When the change involves shifts in technologies or processes, provide
adequate training for your employees to help them master the new way of doing things. This
won't always be possible, giving employees the opportunity to participate in, or give feedback
on, decisions can be a really positive strategy. 

3. What is the procedure of job analysis?

The process of analyzing jobs in SHMA starts with job descriptions development. Job
analysis techniques include the use of interviews, questionnaires, and observation.
4. In your point of view, what do you think that how managers can use management process
effectively?

your employees are the ones making your vision a reality, and your job is to make sure they
do it efficiently.

But being an effective manager is about more than just driving your employees to work
harder -- or more efficiently. Forcing employees to work a certain way can breed resentment,
even disloyalty, while being too soft can lead to bad habits, laziness or boredom. 

1. Be Consistent: You must reward the same behaviors every time they appear,
discourage the same behaviors when they appear and treat every member of
your team with an equal, level-headed view.

6.Job Description & Job specification?

25 | P a g e
Job descriptions in SHMA includes the responsibilities, requirements, functions, duties,
location, environment, conditions, and other aspects of jobs. 
7. What is the procedure about Performance appraisal?
Performance appraisals are generally conducted once a year, with a single appraiser. They are
using competencies, KPIs and interactive face to face discussions as the main features of their
performance appraisal systems.
8.Formats of interview (structure or unstructured)?
Unstructured and behavior-based interviews are most preferred assessment tools, as are
technical testing and psychometric testing. Generally, carry out 2 to 3 interviews before
selecting a suitable candidate.
Recruitment & Selection
1.How does your company recruit your staff? What are the steps for recruiting?
In recruitment, unstructured and behavior-based interviews are most preferred assessment
tools, as are technical testing and psychometric testing. Generally, carry out 2 to 3 interviews
before selecting a suitable candidate. HR enjoys veto power in recruitment mostly for junior
and middle management positions, but not for senior management.
2. What is the performance evaluation process?
Testing & Selection
1.What types of test does your company use?
 Technical Testing
 Psychometric Testing
2. What are the methods for interviewing candidates?
 LinkedIn
 Skype/Facetime: Due to COVID-19 but normally use to interview a candidate If
he/she is not local.
 Phone Interviews
 In-person interviews: Commonly used strategy for Conducting Interviews

Compensation Management
1.How do you plan your yearly compensation procedure?
In compensation strategy;
Budget allocation
• 90% is salary
• 10% is benefits: (7% on health benefits, 2% on retirement savings and 1% on tuition
reimbursement)
Types of Compensation;

26 | P a g e
 • Medications and treatment
• Travel and accommodation expenses (For Trainings)
• Compensation for pay for the period of Voluntarily leaves
• Compensation for pay for a period of physiotherapy (Health issues)

Clear Compensation Strategy

 Compensate on the basis of performance, Training & Certifications
 In compensation Budget their strategy is;
90% is salary
10% is benefits:
(7% on health benefits, 2% on retirement savings and 1% on tuition reimbursement)

Training & Development

1. Can you share your company’s training process?

2. How do you identify training requirement in your company?

3. Have you ever faced challenges or difficulties regarding any area? Share your experience?
Questions for Employees
1. Which of the following methods of recruitment did you use for your recruitment?
a. Employee referrals b. Advertisement in social media platforms/news paper
3. Which of the following methods of selection did you face for your selection?
All the given test is used depend on situation (position) Aptitude test, Personal interview,
Written test, Practical test.

_________________________________________________________________

27 | P a g e