S
w
909E24
ENGRO CHEMICALS PAKISTAN LIMITED — BUSINESS DISASTER
OVERCOME
Muntazar Bashir Ahmed wrote this case solely to provide material for class discussion. The author does not intend to illustrate
either effective or ineffective handling of a managerial situation. The author may have disguised certain names and other identifying
information to protect confidentiality.
Ivey Management Services prohibits any form of reproduction, storage or transmittal without its written permission. Reproduction of
this material is not covered under authorization by any reproduction rights organization. To order copies or request permission to
reproduce materials, contact Ivey Publishing, Ivey Management Services, c/o Richard Ivey School of Business, The University of
Western Ontario, London, Ontario, Canada, N6A 3K7; phone (519) 661-3208; fax (519) 661-3882; e-mail cases@ivey.uwo.ca.
Copyright © 2009, Ivey Management Services
Version: (A) 2009-12-14
On October 20, 2007, Ruhail Mohammed, vice-president and chief financial officer (CFO) of Engro
Chemical Pakistan Limited (Engro) was preparing his notes to present at the management committee
meeting on November 1, 2007. A critical item on the agenda was that on August 19, 2007, a fire in the
PNSC building, which housed the Engro head office, had destroyed a substantial portion of the company’s
hard-copy records relating to the financial years 2004/05 and 2005/06, as well as the period from January
1, 2007, to August 19, 2007; however, the electronic data had remained largely intact. The end of the
company’s financial year was December 31, and the external auditors were due to commence their work in
December 2007, as the deadline to publish the annual financial report was February 20, 2008. The
company was listed on the Karachi Stock Exchange (KSE) and, being a blue chip company, had informed
the stock exchange of the date it would announce its final results for 2007.
Mohammed had to update the management committee on the progress that had been made under a plan
according to which the company’s critical accounting and control systems and data would be restored, so
as to keep company operations uninterrupted. The auditors had pointed out that, since they had earlier
conducted a review of the financial records as of June 30, 2007, they would rely on that work and not need
any records for the first six months. Their main focus would be on the second half of the year, and this
would require that the company provide them with all the information that they requested in order to form
an opinion for the annual audit report. As the records for 2005/06 were also destroyed, they were
concerned that the company could be in breach of the statutory provisions in the Companies Ordinance1
relating to the minimum period that a publicly-listed company’s records were required to be retained.
Engro was launching a number of new projects, and the auditors needed to be satisfied that the plans would
1
The corporate sector in Pakistan is governed by the Companies Ordinance 1984, which was promulgated on October 8,
1984 and major amendments made via the Companies (Amendment) Ordinance, 2002. The objectives of the Companies
Ordinance 1984 were inter alia to consolidate and amend the law relating to companies and certain other associations for
the purpose of healthy growth of corporate enterprises, protection of investors and creditors, promotion of investment and
development of economy. The detailed provisions of the Companies Ordinance, 1984 sought to meet these objectives and
have been amended and updated from time to time to keep in line with the changing circumstances.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 2
9B09E024
not be affected by the loss of records. The CFO was confident in the company’s documented disaster
recovery plan (DRP) that had been activated, and he felt that matters were under control.
COMPANY BACKGROUND
Engro Chemical Pakistan Ltd. had been incorporated in 1965 as Esso Pakistan Fertilizer Company Ltd.
The core business of Engro was the manufacturing and marketing of fertilizers and it was the second
largest producer of urea in the country, which was produced at the plant site in Daharki (a small town 570
kilometers from Karachi). Engro also produced NPK2 (Zarkhez) at the plant in Port Qasim, a few
kilometers from Karachi, and marketed two other brands of fertilizer: MAP under the brand name Zorawar
and DAP. Owing to the continuously declining margins in seed business, the management had decided to
exit from this business in a phased manner. This demonstrated the management’s proactive business
approach of conducting a continuous review of operations and realigning corporate strategy according to
changing business dynamics.
During 2007, all of Engro’s businesses grew rapidly. The principal business of the company remained in
the manufacturing and marketing of fertilizers. Its joint ventures and subsidiary companies were engaged
in a variety of businesses: chemical terminals and storage, PVC resin manufacturing and marketing,
control and automation, foods and energy businesses. A brief review of the main business and the new
projects underway follows:
The fertilizer sold by the company was of two types:
Urea: During 2007, a total of 4.76 million tons of urea was produced in the country, of which Engro
produced 954,000 tons while in the process of further expansion. The urea plant expansion was the largest
private sector investment that had been made in the history of Pakistan. In 2007, it was on track for
completion in 2010, and with key contracts and financing in place, the construction work had begun.
Phosphates: Engro sales up to the third-quarter of 2007 indicated that it would be in a good position as the
market leader, as it expected to capture 35 per cent of the phosphates market for the full year. This
fertilizer was imported and its price was susceptible to fluctuations in the international market.
The activities of subsidiary and joint venture companies were as follows:
Engro Polymer & Chemicals Ltd (EPCL): This subsidiary was involved in the manufacturing and sales of
poly vinyl chloride (PVC) and was also being expanded: its backward integration project was expected to
be completed by mid-2009.
Engro Vopak Terminal Ltd (EVTL): This was a 50:50 joint venture with Royal Vopak of the Netherlands.
This subsidiary had commenced building the country’s first cryogenic ethylene storage facility.
Avanceon: Engro owned 63 per cent of Avanceon, which was a leader in industrial automation business. It
had acquired facilities in the United States and was in the process of seeking to serve customers as an
offshore outsourced vendor.
2
NPK is a fertilizer consisting of nitrogen , phosphorus and potassium.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 3
9B09E024
Engro Foods Limited (EFL) : This was a wholly-owned subsidiary of Engro and 2007 was its first
complete year of operations. It had continued its expansion by adding to its brand portfolio, milk
production and distribution capacity.
Engro Energy (Pvt) Ltd: This was also a wholly-owned subsidiary of Engro and had concluded the
formalities to set up an innovative and cost-effective power plant: their target was to add 217 megawatts to
the national grid.
Engro Eximp (Pvt) Ltd: This was a wholly-owned subsidiary of Engro and was engaged in the trading of
phosphatic fertilizers.
Engro was publically listed on the three stock exchanges in Pakistan: Karachi, Lahore and Islamabad. Its
earnings had grown steadily over the last 10 years (see Exhibit 1), as shown by the increasing trend in the
annual earnings per share (see Exhibit 2).
A leading Pakistani business conglomerate known as the Dawood Group (DG) held the majority 42 per
cent of shares in Engro, while the ownership of Engro employees and employee trust shareholding was
eight per cent. Engro’s board of directors comprised five members from its own management: two from
DG and three other non-executive directors (see Exhibit 3). During 2006, Hussain Dawood, chairman of
DG, was elected as the chairman of Engro. The association of DG, which also owned other chemical
businesses, had augmented the capacity of the board to guide the management in formulating its long-term
strategy.
MANAGEMENT
The company was managed through the following principle management committees:
Board Compensation Committee: This committee was responsible for reviewing and recommending all the
elements of compensation, organization and employee development policies relating to the executives and
approving all matters relating to remuneration of executive directors and members of the management
committee. This committee (see Exhibit 3) consisted mainly of non-executive directors and had met four
times during 2007.
Board Audit Committee: This committee consisted of four independent non-executive directors (see
Exhibit 3). The chief executive officer (CEO) and the CFO only attended if they were invited. As part of its
work, the committee met with the external auditors at least once per year. During 2007, this committee had
met seven times and had been informed by the CFO of the data loss the company had incurred, and that the
DRP was being implemented.
In addition, the following committees were set up at the operational level and functioned in advisory
capacity in order to provide recommendations to the CEO relating to business and employee matters.
Corporate HSE Committee: This committee was responsible for providing leadership and strategic
guidance on all health, safety and environment (HSE) improvement initiatives and was responsible for
monitoring compliance against regulatory standards and selected international benchmarks.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 4
9B09E024
Management Committee: This committee was responsible for reviewing and endorsing long-term strategic
plans, capital and expenses budgets, development and stewardship of business plans and reviewing the
effectiveness of the risk management processes and the system of internal control (see Exhibit 3).
COED Committee: This committee was responsible for the review of compensation, organization and
employee development (COED) matters for all employees excluding directors and executives.
BUSINESS RISKS
During 2007, the management committee undertook a review of the major financial and operating risks
faced by the company. Internal controls were recognized by the company as being an important
responsibility of the board of directors. As no system could be totally risk-free, the company recognized
that the system of controls was there to minimize risk of material misstatement or loss, but could not
eliminate it completely. The detailed design and operation of the system of internal control had been
delegated to the CEO while the board retained the overall responsibility of the risks involved. The control
framework consisted of:
•
•
•
•
Clear organization structure;
Established authority limits and accountabilities;
Well-understood policies and procedures;
Budgeting and review processes.
The external and internal auditors’ reports were received by the board audit committee (BAC), and the
managing committee reviewed the processes and ensured that the controls were effective.
BUSINESS CONTROL SYSTEMS
Engro’s business transaction data processing and communications was based on using information
technology (IT) resources at two locations:
1. Head office in PNSC Building at Karachi.
2. Plant site at Daharki, which was 570 kilometers away.
All systems were linked so that the IT applications installed on servers in the head office were being
accessed by users at various locations:
•
•
•
Daharki plant;
Zarkhez plant at Port Qasim;
Other regional offices.
IT INFRASTRUCTURE AT HEAD OFFICE
The IT assets at the head office consisted of computer equipment linked via an online data communication
network on which different application systems were being used. The company staff occupied three floors,
in the multistory PNSC building, and computer users were spread over all three floors. Computing
equipment on each of these floors was connected by means of a fibre optics backbone and each floor had
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 5
9B09E024
its own network control equipment such as switches. The head office was also connected to different
locations through a wide area network (WAN) (see Exhibit 4). The details of these links for various
locations were as follows:
•
•
•
•
•
256 kilobits per second (kbps) DXX3 link with plant site at Daharki;
64 kbps radio link with Zarkhez plant at Port Qasim;
64 kbps DXX link with regional office at Multan;
64 kbps DXX link with regional office at Hyderabad;
64 kbps data link with regional office at Lahore.
The server room was on the seventh floor where all communication links terminated onto the central router
in that room.
Engro’s two joint venture companies EPCL and EVTL had their head offices close to Engro in the Bahria
Complex4. Systems of these two companies were also connected with the Engro network by a digital
subscriber line (DSL) link through a firewall mainly for exchanging e-mails with Engro and to access the
Internet.
There were two Internet connections: one with the Internet service provider (ISP) CyberNet over radio link
for Internet bound e-mails and connectivity with Lahore regional office, the other based on DSL
technology with the ISP Multinet and being used for Internet traffic. A firewall was used to protect Engro’s
network from various Internet threats.
The following Engro communication and financial application systems were located at the head office:
•
•
•
Lotus Notes-based e-mail system;
MIDAS system for sales;
SAP ERP system (see Exhibit 5) for accounting transactions.
IT INFRASTRUCTURE AT DAHARKI PLANT
All the key buildings at the Daharki plant were connected through optical fibre backbone and each building
had its own network equipment. All servers were located in a server room which was located in the
administration building. The Daharki network was connected to the head office network by a data
communication link. This link was based on DXX technology and consisted of a last mile radio link
between the plant and the local Daharki telephone exchange. The staff at the Daharki plant connected to
the router in the server room over dial-up telephone lines to access the Internet.
3
Digital cross-connect: A network device used by telecom carriers and large enterprises to switch and multiplex low-speed
voice and data signals onto high-speed lines and vice versa. It is typically used to aggregate several T1 lines into a higherspeed electrical or optical line as well as to distribute signals to various destinations; for example, voice and data traffic may
arrive at the cross-connect on the same facility, but be destined for different carriers. Voice traffic would be transmitted out
one port, while data traffic goes out another. Cross-connects come large and small, handling only a few ports up to a few
thousand. Narrowband, wideband and broadband cross-connects support channels down to DS0, DS1 and DS3
respectively.
4
Bahria Complex was a set of office buildings, owned by the Pakistan Navy, in which various companies had rented space
for their offices.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 6
9B09E024
APPLICATION SYSTEMS AT HEAD OFFICE
E-mail Setup
Engro’s e-mail system was based on IBM’s Lotus Domino technology, and Lotus Notes was used as a
front-end client to access the e-mail server (see Exhibit 4). Users in the Karachi office, Zarkhez plant and
all the regional offices except the Daharki region accessed the e-mail server in the head office.
The head office server was connected to the e-mail server in Daharki over a wide area network (WAN). It
was also connected to EVTL and EPCL’s e-mail servers over a DSL-based virtual private network (VPN)
link. All Internet e-mails for Engro Karachi staff, plant staff at Daharki and regional office users EVTL,
EPCL and EFL were received by the head office server through a firewall. Similarly, all outgoing e-mails
were sent to the relay server by the e-mail server at the head office. The Engro infrastructure was used by a
number of subsidiaries to route their business communications.
MIDAS Setup
MIDAS was an in-house application developed using Oracle Developer, linking to the back-end Oracle
database. MIDAS used two servers in the head office: an application server and a database server. The
head office users accessed the database server through the Oracle client directly while all remote users
(regional offices and Zarkhez plant staff) accessed MIDAS through the application server via an Internet
browser. There was one MIDAS server at the plant, which was accessed by the plant distribution
department for the detailing of urea orders to the truckers and for processing their invoices.
Key activities performed by different users through MIDAS at the head office were the following:
•
•
•
•
•
•
Master data (new-product setup, urea pricing);
Bank guarantee handling;
Management of dealers account;
Payroll allowance entry;
Product shipment from the port and Zarkhez plant;
Monthly closing.
All information entered in the head-office MIDAS server was automatically replicated to the plant MIDAS
server using a replication feature created by Oracle. Similarly, any information entered at the plant (such as
trucker detailing, etc.) was replicated to the head-office MIDAS database server automatically.
SAP Setup
SAP was being used by the finance and human resource (HR) sections at the head office and by the
Industrial Relations Department at the plant to facilitate their operational needs (see Exhibit 5). Only two
modules of SAP — namely HR and financial control (FICO) — were in use on the Red Hat Linux
Advanced Server operating system. The following key tasks were performed using SAP at head office:
•
•
•
Accounts payable (invoice processing, payments, vendor payment, cash receipts, cheque printing);
General ledger;
Financial control;
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 7
•
•
•
9B09E024
Asset management;
Payroll processing (all Engro employees);
Compensation and benefit administration (all Engro employees).
APPLICATION SYSTEMS AT PLANT
The applications installed on servers at the Daharki plant were accessed mainly by users at the plant,
consisting of the following systems:
•
•
•
MAXIMO computerized maintenance management system (CMMS), also used by the purchasing
section at the head office.
MIDAS sales and distribution system which was used to update the shipments of goods and other
related information.
E-mail systems.
MAXIMO SETUP
MAXIMO was a state of the art CMMS software system used by various organizations worldwide for
computer-based maintenance management: this system was installed at the Engro plant. The main modules
that were used kept a detailed record of company assets, controlled the use of the stores and spares
inventories and assisted in purchasing functions. The manufacturing division located at the plant and the
purchasing section located at the head office used this software extensively. All other departments that
used MAXIMO were at the plant: maintenance, operations and technology and the warehouse section.
DISASTER RECOVERY PLAN
As the August 2007 fire at Engro head office had spread very quickly, it destroyed everything, including
all desktop computers and high-performance servers that contained daily business transaction data. Earlier
in 2005, as part of a risk mitigation effort, the IT department had developed a DRP to recover from a
disaster (see Exhibit 6). In accordance with the DRP instructions, the plan was activated by Mohammed on
August 20, as the company senior management realized that quick actions were required by all concerned.
TEMPORARY OFFICES
The IT department consisted of two sections, each with its own particular skill: one section was dedicated
to managing the IT infrastructure, and the other consisted of functional specialists dealing with information
systems (IS) applications (SAP, MAXIMO and MIDAS). The DRP required that the recovery site be at the
Daharki plant, where spare servers similarly configured to the destroyed servers had been kept for use in an
emergency. Management revised the plan, however, by deciding to use the following four locations:
1. Engro guest houses in Karachi: There were two guest houses, one of which became a base for HR
functions and the executives, while the other became a temporary base for accounting and other
transactional functions.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 8
9B09E024
2. Engro plant at Daharki: The sales accounting staff that used the internally-developed MIDAS system
were moved there as the complete backup of MIDAS and the necessary computing capacity was
already in place.
3. Engro Polymer offices at the Bahria building in Karachi: The backup servers kept at Daharki, with
SAP software already installed, were brought to the Bahria building in order to set up the critical
accounting systems. The related staff were also shifted to the offices of this subsidiary company. As
there was a computing infrastructure already available, Engro’s e-mail system was expected to become
functional quickly,establishing all communication as before.
The IT infrastructure staff then had to make sure that adequate computing facilities were available. This
was a monumental task, as sophisticated servers and other peripherals were required quickly. They asked
their key vendor Inbox Business Technologies (Pvt) Limited (Inbox) for assistance and Inbox staff worked
closely with Engro IT staff to reestablish the infrastructure. The Inbox team ensured timely and swift
delivery of the required services, workstations, laptops, low-end servers, wireless LAN/WAN,
uninterruptible power supplies (UPS), printers and other necessary products.
DATA RECOVERY
The Engro core accounting system consisted of the following:
1. Three modules of SAP (HR, financial accounting (FI) and controlling (CO), the last two jointly
referred to as FICO);
2. The MIDAS system;
3. The MAXIMO system.
The top priority was to make all the SAP modules operational on the backup servers at the Engro Polymer
offices in Karachi. The sales system, MIDAS, was being operated from the plant in Daharki where all the
head office sales staff had relocated. MAXIMO was located at the plant and had not been affected by the
disaster.
The backup regime for SAP applications data had consisted of saving copies of the data on a weekly,
monthly and annual basis using tapes that were stored at an off-site location. The data was also backed up
on tapes by the IT staff on a daily basis and kept in the head office in a fire-proof storage cabinet. On a
weekly basis, the tape relating to the last business day in the week was sent off-site for storage.
The daily backup was destroyed as it was in the head office building. Some data relating to a short period
of time was also lost due to corruption of weekly data tapes, and this had to be carefully identified and
recreated.
The MIDAS sales system was installed at the head office and at Daharki. The backup regime, in addition
to daily, weekly and monthly tape backups, included the data synchronization between head office and
Daharki servers using Oracle’s replication feature, so that there was complete backup available at both
locations. Hence the sales staff were sent to Daharki to use the MIDAS system from there.
Accounting records that were destroyed included the physical records such as vendor invoices, contracts
and working papers.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 9
9B09E024
Engro used an outsourced service provider for processing the share and corporate secretarial records,
therefore protecting that information. After setting up temporary offices, the company then launched an
initiative to recreate significant lost records for the period January 1, 2007, onwards.
EXTERNAL AUDIT
The external auditors were due to carry out their final audit checks in December, and the senior accounts
advisor Farhan Akram, who was in charge of recreating the documents related to SAP, was confident that
the documents supporting the transactions data for the period of January to August 19, 2007 would be fully
recreated. He had split his finance team located at the guest house into two sections:
1. Day to day accounting staff: The ongoing daily business transactions related to accounting of sales and
purchases were processed on the reinstalled systems, including MIDAS, MAXIMO and SAP. This was
facilitated by the reestablished electronic links, e-mail and Internet in the Bahria building office. As the
systems were not fully integrated, their restart and recovery was simpler than if all the systems had
been integrated.
2. Data recreation staff: One of the leading public accounting firms was hired to provide temporary
accounting staff who had four to five years of training experience. This staff was given the specific
task of reconciling duplicate invoices received from all major vendors. Once the veracity had been
thoroughly checked, the documents were passed on to Engro employees for entry into the SAP
modules. Similarly, the payment records for the lost data were obtained from the banks that were used
for payment, and after checking and reconciling this data, the payments were entered in the systems.
Data had to be recreated only for SAP applications, and that too was facilitated as the company was
able to obtain the records from its banks.
The company found the process of generating document records to be a tedious and time-consuming task
requiring external resources, and it was therefore decided that only the current year’s data needed to be
recreated, as it was necessary for the year’s audit. The company felt that there would be no purpose in
incurring a huge cost for regenerating physical documents, as the prior years’ records had been audited and
the data was safe in electronic form. The company had also informed their taxation office, the Large
Taxpayers Unit, of the fire and its consequences.
The auditors insisted that the physical records for 2005 and 2006 would be required, as Companies
Ordinance stipulated that data must be kept for 10 years. They said that a qualified audit opinion stating
noncompliance with the statutory regulations related to historic data would be given.
CORPORATE GOVERNANCE AT ENGRO
In its draft annual report for 2007, the company intended to include the compliance statement required for
statutory purposes. This specifically addressed the following areas:
Risk Management Process
In 2007, a major review of the financial and operating risks facing the company was undertaken by the
management committee. As soon as the fire broke out and it was clear that the office accounting records
would be destroyed, the company activated its DRP, which was developed by the IT section in 2005.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 10
9B09E024
Internal Control Framework
The board audit committee received the reports on the system of internal controls from the external and
internal auditors, and also reviewed the process of monitoring the internal controls. The internal audit
function carried out reviews on the financial, operational and compliance controls, and reported the
findings to the CEO and divisional management. The annual internal audit program was based on an
annual risk assessment of the operating areas. The board audit committee approved the audit program and,
during the year, it received reports related to all material issues which were discovered.
There was a company-wide policy regarding approval of investment expenditure and asset disposals, and
post-completion reviews were performed on all material investment expenditure.
CONCLUSION
Mohammed assessed the situation and started writing his report for the meeting. It began, “All computers
and the data on them in the head office was destroyed and the company has had to rely on backup copies of
the data.” Mohammed related the following data recreation steps:
•
•
•
•
•
A core team had been formed which analyzed gaps in the electronic data.
Help had been obtained from a public accounting firm, which provided temporary accounting staff.
Banks, through which payments had been made, were approached to obtain copies of their records.
All key vendors had been asked to send duplicate invoices.
Data consisting of the necessary details was being re-entered into the related SAP modules based on
the cut-off date.
The meeting of the management committee on November 1 was the regularly scheduled meeting, but
Mohammed knew that all senior management was concerned over the tremendous loss of entire office
facilities and that they were scrutinizing the progress of data recovery. He felt that simply focusing on the
accounting data was inadequate, as the destruction had been catastrophic and the entire office had been
destroyed. The board audit committee had suggested that Mohammed start working to create
comprehensive security policies to manage all kinds of business risk. The DRP was related to the IT
section only, and it was clear that the plan would need to be revised to cover other areas of business
operations. Mohammed wanted to address the various aspects of how the DRP was to be converted into a
business continuity plan. He was writing a brief report on the steps that had been taken and those that were
planned. A new office building had been chosen, and alterations to meet Engro’s requirements were to
begin: Mohammed wanted to list the key risk factors that had to be met by the new office building.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 11
9B09E024
Exhibit 1
ENGRO CHEMICAL PAKISTAN LIMITED: RECENT PERFORMANCE
(in millions of rupees)
Half
Year
2007
2006
2005
2004
2003
2002
2001
2000
Net sales revenue
9,031
17,602
18,276
12,798
11,884
10,620
8,006
8,080
Operating profit
1,230
2,756
2,641
2,233
2,534
2,327
1,736
1,914
Profit before tax
997
3,445
3,220
2,315
2,323
1,836
1,191
1,350
Profit after tax
650
2,547
2,319
1,611
1,557
1,133
1,064
1,126
950
804
795
749
673
594
544
4,633
4,168
3,911
3,457
3,062
2,266
1,762
251
215
156
168
113
69
71
6,643
6,462
823
-
435
-
578
--
Employee costs
Taxes, duties and
development surcharge
Workers funds
Assets and Liabilities
Property, plant and
equipment
10,770
Capital expenditure
6,318
6,351
391
377
6,492
520
-
6,648
370
6,865
Long-term investments
5,056
1,480
748
85
Long-term liabilities
8,840
1,800
2,890
2,580
3,236
3,323
2,992
3,070
Net current assets
1,871
2,042
2,211
1,618
1,796
1,252
1,194
993
Shareholders’ funds
Shares at year-end
(millions)
Dividend per share
(rupees)
8,248
9,370
7,376
6,586
6,199
5,817
5,727
5,582
na
168
153
153
153
139
139
121
na
9.0
11.0
8.5
8.0
7.5
7.5
7.0
Dividend payout ratio
na
59%
73%
81%
79%
92%
98%
75%
Bonus shares
na
0
0
0
0
10%
0%
15%
na
969
912
870
955
852
790
808
na
945
890
891
930
846
779
800
na
108
157
121
72
73
31
0
Dividends And Shares
Engro urea production
(thousands of metric tons)
Engro urea sales
(thousands of metric tons)
Zarkez/ Engro NP
(thousands of metric tons)
Source: Company financial statements.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 12
9B09E024
Exhibit 2
ANNUAL EARNINGS PER SHARE
Amount in rupees
Earnings per share
Dividend per share
2004
(restated)
10.12
8.50
2005
(restated)
13.82
11.00
2006
(restated)
15.13
9.00
2007
(restated)
16.51
7.00
Source: Company records.
Exhibit 3
PRINCIPAL BOARD COMMITTEES AND MEMBERS
Name
Title
Hussain Dawood
Chairman
Non-executive director
Non-executive director
Non-executive director
Chief executive officer
Non-executive director
Non-executive director
Shabbir Hashmi
Arshad Nasar
Asad Umar
Shahzada Dawood
Isar Ahmad
Board Compensation
Committee
Member
Board Audit
Committee
Member
Member
Member
Member
Member
Member
Member
Source: Company records.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 13
9B09E024
Exhibit 3 (continued)
PRINCIPAL OPERATION COMMITTEES AND MEMBERS
Name
Title in Engro
Asad Umar
Chief executive officer
Asif Qadir
Khalid S.Subhani
Senior vice-president
Senior vice-presidentmanufacturing
Senior vice-president
General managermarketing
General manager
Legal and company
secretary
Vice-president
Vice-president
Khalid Mansoor
Khalid Mir
Andalib Alavi
S.Imran ul Haq
Syed Ahsan
Uddin
Sarfaraz
A.Rehman
Ruhail
Mohammed
Asif Tajik
Imranullah
Naveed Khan
Tahir Jawaid
Chief executive officer
- Engro Foods Limited
Chief financial officer
General manager manufacturingDaharki
General manager of
expansion project
General managerHuman resources and
public affairs
Management
Committee
Member
(chairman)
Member
Member
Corporate HSE
Committee
Member
COED
Committee
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Member
Source: Company records.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 14
9B09E024
Exhibit 4
SYSTEMS INFRASTRUCTURE
NETWORK AT HEAD OFFICE
MIDAS
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 15
9B09E024
Exhibit 4 (continued)
EMAIL AT HEAD OFFICE
Source: Company records.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 16
9B09E024
Exhibit 5
SAP MODULES: FI AND CO
The SAP FI module has the capability of meeting all the accounting and financial needs of an
organization. It is within this module that financial managers as well as other managers within your
business can review the financial position of the company in real-time, as opposed to legacy systems,
which often requires overnight updates before financial statements can be generated and run for
management review.
The real-time functionality of the SAP modules allows for better decision-making and strategic planning.
The FI module integrates with other SAP modules such as materials management, production planning,
sales and distribution, plant maintenance and project systems.
The FI Module also integrates with HR, which includes personnel management, time management, and
travel management. Payroll transactions occurring within the specific modules generate account postings
via account determination tables.
The FI Module Components
The FI Module comprises several sub-modules as follows:
•
•
•
•
•
•
•
•
•
Accounts receivables;
Accounts payable;
Asset accounting;
Special purpose ledger;
Travel management;
Bank accounting;
Consolidation;
Funds management;
General ledger.
The SAP CO module provides supporting information to management for the purpose of planning,
reporting and monitoring the operations of their business. Management decision-making can be achieved
with the level of information provided by this module.
Components of the CO module are as follows:
•
•
•
•
•
•
•
Cost element accounting;
Cost centre accounting;
Internal orders;
Activity-based costing (ABC);
Product cost controlling;
Profitability analysis;
Profit centre accounting.
Note: The above exhibit lists all the functionality of SAP, not all of which was being used by Engro.
Source: SAP literature.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 17
9B09E024
Exhibit 6
EXTRACT FROM THE IT DISASTER RECOVERY PLAN
1.2
Objective:
The primary objective of this Disaster Recovery Plan (DRP) is to document the various recovery steps to
be followed in order to resume key IT operations as quickly as possible, in the following scenarios:
1. Disaster at head office (making the location unavailable for use)
2. Disaster at Daharki server room / administration building
(making the Daharki (DHK) IT setup unavailable for use)
1.3
Scope:
The DRP acts as a working document in the event of the above-mentioned disaster scenarios and
provides specific routines for action that will assist in the early and effective response to disaster(s).
This document does not provide any plans for:
•
The recovery of business functions / operations other than IT
Circumstances that produce the following results shall indicate a disaster situation for Engro:
- Non-availability of MIDAS at Karachi or Daharki for one week
- Non-availability of MAXIMO at Karachi of Daharki for one week
- Non-availability of SAP for one week
Engro IT DRP (extracts)
Assumption: Head office building is not available for use as a result of a disaster (such as a fire incident,
an earth quake or an act of terrorism).
Key points of the plan:
1. DHK plant site shall be used as recovery site for IT applications.
2. Only MIDAS, MAXIMO and SAP applications shall be made available to the organization for
usage at the recovery site.
3. Key users of SAP, MIDAS and MAXIMO shall move to the DHK recovery site.
4. An IT recovery team will be formed that will supervise all DRP related activities.
5. SAP recovery team shall be responsible for the recovery of SAP.
6. MIDAS recovery team shall be responsible for the recovery of MIDAS.
7. The following measures have been taken to minimize the recovery time:
a. Spare servers have been placed at the DHK plant site in the security building outside
plant (to be used to recover SAP, MIDAS and MAXIMO).
b. Complete backup of SAP (FICO and HR modules) and MIDAS system is sent to recovery
site on tape cartridges on a weekly basis.
Limitations:
1. No e-mails within as well as outside the organization for head office, Zarkhez plant and all
regional office users (excluding DHK).
2. No Internet e-mail exchange for DHK, EFL project site, SUK (Engro Foods plant at Sukkur),
EVTL, EPCL and regional office DHK users.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Page 18
9B09E024
Exhibit 6 (continued)
Invoking the Plan:
Following Individuals are authorized to invoke the IT services recovery plan in case of disaster at head
office:
1. Chief Executive Officer
Engro
2. GM Finance & IT
Engro
IT Recovery Team:
IT Recovery team primarily shall be responsible to:
•
•
Review the action plan given in manual and to make necessary amendments if deemed
necessary before its commencement.
Review the project progress and to take necessary corrective actions.
The IT Recovery Team shall consist of the following individuals:
1.
2.
3.
4.
5.
6.
GM Finance
Team Leader
I & E Manager – DHK
Member
Admin Manager – KHI
Member
Admin Manager – DHK
Member
IT Coordinator
Secretary
(IS Advisor shall be the IT Coordinator. His backup would be Systems Officer – DHK)
MIDAS Recovery:
1. MIDAS shall be available at recovery site (DHK) only, therefore, all key users from KHI and
regional offices shall move to DHK.
2. Each regional office (except DHK) shall send one Office Assistant to recovery site to do all the
data entry for his region.
3. As soon as MIDAS is available to users at recovery site, they will run the relevant reports from the
list in Appendix II to find out the last document entered in the system. All missing documents will
have to be re-entered.
4. Regional office shall send all the documents (such as Customer orders, PER, PDAs, Payment
Instruments – DDs etc) to the recovery site at DHK.
5. Required MIDAS reports shall be either faxed or couriered to regional office.
The MIDAS Recovery Team shall be responsible to start the MIDAS related operations as quickly as
possible.
SAP Recovery:
One server for SAP recovery has been placed at plant site – DHK. Complete backup of SAP server in
head office is sent to DHK on tape cartridge on weekly basis (Every Monday).
In order to give the latest data to the SAP users, the SAP data from the weekly tape cartridge (at DHK)
shall be uploaded to the SAP recovery server. SAP client shall be installed on PCs to enable the access
to SAP recovery servers.
All SAP users shall run the relevant reports to find out the last document / vouchers (such as vendor
payment etc) available in the system.
Source: Company records.
This document is authorized for use only in Angela Montgomery's CMBA SP003-Risk Management and Business Information Systems course at Laureate Education - Baltimore, from
September 2017 to November 2018.
Academic Writing Expectations Checklist
The faculty Assessor will use this checklist to evaluate whether your written responses adhere to the
conventions of scholarly writing. Review this checklist prior to submitting your Assessment to ensure your
writing follows academic writing expectations. Click the links to access Writing Center resources:
Sentence-Level Skills
Constructing complete and correct sentences
Note: See an explanation of sentence components and how to avoid sentence fragments and run-ons.
Using and spelling words correctly
Note: See a list of commonly misused words and information on MS Word’s spell check.
Using punctuation appropriately
Note: See the different types of punctuation and their uses.
Using grammar appropriately
Note: See a Grammarly tutorial to catch further errors.
Paragraph-Level Skills
Using paragraph breaks
Note: See a description of paragraph basics.
Focusing each paragraph on one central idea (rather than multiple ideas)
Note: See an explanation of how topic sentences work.
Use of Evidence
Using resources appropriately
Note: See examples of integrating evidence in a paper.
Citing and referencing resources accurately
Note: See examples of citing and referencing resources in a paper.
Paraphrasing (explaining in one’s own words) to avoid plagiarizing the source
Note: See paraphrasing strategies.
Formatting Written Assignments
Using appropriate APA formatting, including title page, margins, and font
Note: See APA overview and APA template from the Writing Center.
Comments:
©2014 Walden University
1
SP003: Risk Management and Business Information Systems
Competency Statement: Assess information systems security, legal, and ethical risks and develop plans for mitigating information systems risks.
Assessment Rubric
0
Not Present
1
Needs Improvement
2
Meets Expectations
3
Exceeds Expectations
Part I: Risk Management and Analysis and Evaluation
Sub-Competency 1: Identify and describe business information systems security, legal, and ethical risks and their potential impact on
organizations.
Learning Objective 1.1:
Identify and describe
global and domestic
security, legal, and
ethical risks in business
information systems
management.
Learning Objective 1.2:
Describe the potential
impacts of security,
legal, and ethical risks.
Identification and
description of security,
legal, and ethical risks in
business information
systems management is
missing.
Description of the
potential impacts of
security, legal, and ethical
risks is missing.
Response provides a vague
or partial description of
security risks, legal risks,
and/or ethical risks.
Response is not supported
academic/professional
resources or the resources
are not relevant.
Response provides a vague
or partial description of
potential impacts.
Response is not supported
academic/professional
resources or the resources
are not relevant.
©2015 Walden University
Response provides a clear
and complete description
of at least two security
risks, at least two legal
risks, and at least two
ethical risks.
Response is supported by
relevant
academic/professional
resources.
Response provides a clear
and complete description
of at least one potential
impact for each risk
identified.
Response is supported by
relevant
academic/professional
resources.
Response demonstrates
the same level of
achievement as “2,” plus
the following:
The risks identified are
further justified with
evidence and supportive
reasoning explaining why
they are more important
than other risks not
selected.
Response demonstrates
the same level of
achievement as “2,” plus
the following:
The impacts described are
further justified with
evidence and supportive
reasoning explaining why
they are more significant
1
0
Not Present
1
Needs Improvement
2
Meets Expectations
3
Exceeds Expectations
than other impacts not
selected.
Sub-Competency 2: Evaluate approaches for managing business information systems risks.
Learning Objective 2.1:
Identify and describe
approaches to
mitigating security,
legal, and ethical risks.
Identification and
description of the
approaches to mitigating
security, legal, and ethical
risks is missing.
Response provides a vague
or partial description of
approaches to mitigating
security risks, legal risks,
and ethical risks.
Response is not supported
academic/professional
resources or the resources
are not relevant.
Learning Objective 2.2:
Evaluate and compare
approaches to
mitigating security,
legal, and ethical risks.
Evaluation and comparison
of the approaches is
missing.
Response provides a vague
or partial evaluation and
comparison of approaches
to mitigating security risks,
legal risks, and ethical
risks.
Response is not supported
academic/professional
resources or the resources
are not relevant.
Response provides a clear
and complete description
of at least two approaches
each to mitigating security
risks, legal risks, and
ethical risks.
Response is supported by
relevant
academic/professional
resources.
Response provides a clear
and complete evaluation
and comparison of at least
two approaches each to
mitigating security risks,
legal risks, and ethical
risks.
Response is supported by
relevant
academic/professional
resources.
Response demonstrates
the same level of
achievement as “2,” plus
the following:
The approaches identified
are further justified with
evidence and supportive
reasoning explaining why
they are more effective
than other approaches not
selected.
Response demonstrates
the same level of
achievement as “2,” plus
the following:
Response includes
recommendations for
implementing the
approaches and
suggestions and
overcoming potential
obstacles and threats to
their implementation.
Part II: Disaster Recovery and Business Continuity Planning
Sub-Competency 3: Develop plans for disaster recovery and business continuity.
©2015 Walden University
2
Learning Objective 3.1:
Evaluate options for
disaster recovery and
business continuity.
Learning Objective 3.2:
Develop a plan for
disaster recovery and
business continuity.
0
Not Present
The evaluation of options
for disaster recovery and
business continuity is
missing.
The plan for disaster
recovery and business
continuity is missing.
1
Needs Improvement
Response provides a vague
or partial evaluation and
comparison of options for
disaster recovery and
business continuity.
2
Meets Expectations
Response provides a clear
and complete evaluation
and comparison of at least
two options each for
disaster recovery and
business continuity.
Response is not relevant to
the business case
presented.
Response is relevant to the
business case presented.
Response is not supported
academic/professional
resources or the resources
are not relevant.
Response is supported by
relevant
academic/professional
resources.
Response provides a vague
or partial description of
the options chosen or a
superficial description of
how they will be
implemented.
Response provides a clear
and complete plan
describing the options
chosen and detailing how
they will be implemented.
Response is not relevant to
the business case
presented.
Response is not supported
academic/professional
resources or the resources
are not relevant.
Response is relevant to the
business case presented.
Response is supported by
relevant
academic/professional
resources.
3
Exceeds Expectations
Response demonstrates
the same level of
achievement as “2,” plus
the following:
The options identified are
further justified with
evidence and supportive
reasoning explaining why
they are more effective
than other options not
selected.
Response demonstrates
the same level of
achievement as “2,” plus
the following:
Response includes
recommendations for
implementing the plan and
overcoming potential
obstacles and threats to its
implementation.
PS001: Written Communication: Demonstrate graduate-level writing skills.
©2015 Walden University
3
0
Not Present
Multiple major and minor
errors in grammar,
spelling, and/or mechanics
are highly distracting and
seriously impact
readability.
1
Needs Improvement
Multiple minor errors in
grammar, spelling, and/or
mechanics are distracting
and negatively impact
readability.
Learning Objective
PS 1.2:
Organize writing to
enhance clarity.
Writing is poorly organized
and incoherent.
Introductions, transitions,
and conclusions are
missing or inappropriate.
Writing is loosely
organized. Limited use of
introductions, transitions,
and conclusions provides
partial continuity.
Learning Objective
PS 1.3:
Apply APA style to
written work.
APA conventions are not
applied.
APA conventions for
attribution of sources,
structure, formatting, etc.,
are applied inconsistently.
Learning Objective
PS 1.4:
Use appropriate
vocabulary and tone
for the audience and
purpose.
Vocabulary and tone are
inappropriate and
negatively impact clarity of
concepts to be conveyed.
Vocabulary and tone have
limited relevance to the
audience.
Learning Objective
PS 1.1:
Use proper grammar,
spelling, and
mechanics.
2
Meets Expectations
Writing reflects competent
use of standard edited
American English.
Errors in grammar,
spelling, and/or mechanics
do not negatively impact
readability.
Writing is generally wellorganized. Introductions,
transitions, and
conclusions provide
continuity and a logical
progression of ideas.
APA conventions for
attribution of sources,
structure, formatting, etc.,
are generally applied
correctly in most
instances. Sources are
generally cited
appropriately and
accurately.
Vocabulary and tone are
generally appropriate for
the audience and support
communication of key
concepts.
3
Exceeds Expectations
Grammar, spelling, and
mechanics reflect a high
level of accuracy in
standard American English
and enhance readability.
Writing is consistently
well-organized.
Introductions, transitions,
and conclusions are used
effectively to enhance
clarity, cohesion, and flow.
APA conventions for
attribution of sources,
structure, formatting, etc.,
are applied correctly and
consistently throughout
the paper. Sources are
consistently cited
appropriately and
accurately.
Vocabulary and tone are
consistently tailored to the
audience and effectively
and directly support
communication of key
concepts.
PS005: Critical Thinking and Problem Solving: Use critical-thinking and problem-solving skills to analyze professional issues and inform best
practice.
©2015 Walden University
4
Learning Objective
PS 5.1:
Analyze assumptions
and fallacies.
Learning Objective
PS 5.2:
Generate reasonable
and appropriate
assumptions.
Learning Objective
PS 5.3:
Assess multiple
perspectives and
alternatives.
Learning Objective
PS 5.4:
Use problem-solving
skills.
0
Not Present
Analysis of assumptions is
missing.
1
Needs Improvement
Response is weak in
assessing the
reasonableness of
assumptions in a given
argument.
2
Meets Expectations
Response generally
assesses the
reasonableness of
assumptions in a given
argument.
3
Exceeds Expectations
Response clearly and
comprehensively assesses
the reasonableness of
assumptions in a given
argument.
Response does not
adequately identify and
discuss the implications of
fallacies or logical
weaknesses in a given
argument.
Response does not
adequately present and
discuss key assumptions in
an original argument.
Response identifies and
discusses the implications
of fallacies and/or logical
weaknesses in a given
argument.
Response provides a
detailed and compelling
analysis of implications of
fallacies and logical
weaknesses in a given
argument.
Response justifies the
reasonableness and need
for assumptions in an
original argument.
Assessment of multiple
perspectives is missing.
Response does not identify
nor adequately consider
multiple perspectives or
alternatives.
Response identifies and
considers multiple
perspectives and
alternatives.
Response justifies
selection of chosen
alternative relative to
others.
Problems and solutions are
not identified.
Response presents
solutions, but they are
ineffective in addressing
the specific problem.
Response presents
solutions that are practical
and work in addressing the
specific problem.
Response presents
compelling supporting
arguments for proposed
solutions.
Assumptions are missing.
Response presents and
discusses key assumptions
in an original argument.
PS006: Information Literacy: Apply appropriate strategies to identify relevant and credible information and data in order to effectively
analyze issues and make decisions.
Learning Objective
PS 6.1:
Identify credible
©2015 Walden University
Credible sources are
missing.
Some sources are credible,
appropriate, and relevant
to the topic.
Most sources are credible,
appropriate, and relevant
to the topic.
All resources are credible,
appropriate, and relevant
to the topic.
5
0
Not Present
sources.
Learning Objective
PS 6.2:
Analyze findings from
relevant sources.
©2015 Walden University
Analysis is missing.
1
Needs Improvement
2
Meets Expectations
Analysis superficially
reflects relevance of
findings to the identified
problem, issue, or
purpose.
Analysis clearly reflects
relevance of findings to
the identified problem,
issue, or purpose.
3
Exceeds Expectations
Analysis clearly reflects
relevance of findings to
the identified problem,
issue, or purpose, and
synthesizes findings to
generate new insights.
6
Purchase answer to see full
attachment