Let's Build a Responsible Cyber Society




Mismanagement of CAT.. A Setback for IIMs

The failure of the online CAT system has thrown the reputation of IIMs to winds. As premier management institutes of the country, graduates of IIM are expected to manage challenges and crisis in the industry scenario. However, the way IIM has handled the transition from paper-based CAT to online CAT has left everyone wondering about the ability of IIMs.

Even when online CAT was announced, it was clear to any IS professional that the biggest challenge is not how the functionality of the online examination system was to be managed but the security of the system. It could also be a easliy anticipated that being the premier examination in the country attracting over 2 lakh participants, it would be a target for various kinds of cyber offenders including Cyber terrorists. It could also be foreseen that CAT database would also be a target for data thieves. Everybody was also aware of the difficulties arising out of the sheer volume of transactions and the possibility of technical failure arising out of server crash since it frequently occurs whenever university results are announced. We also knew how the Electronic voting system frequently faced the problem of untrained personnel. Virus is too familiar to be ignored as a risk.

Under the circumstances, it was critical that IIMs had to take all reasonable steps necessary to protect the systems from the kind of troubles that we have seen now. This was not only business prudence and commonsense but also “Due Diligence” under law.

Exposing 2.4 lakh students to the trauma of a mismanaged examination is a serious crime committed by the IIMs.

The IIM management has now come-up with a weak argument that there were viruses in the machines. This ridiculous.

The management needs to explain and provide answers to the following questions that arise out of the present situation.

Was there was an attempt at “Virus sanitization” as a part of the IS protocol for this exercise? If not why not?

Was there an IS audit prior to the planning? Did IIMs get any report from competent IS professionals about the risk assessment and how they can be mitigated and was there a risk management team in place before the examination started?

Was there a DRP and BCP plan? What happened to the “Disaster Management” and “Crisis Management” components of the plan?

It is unthinkable that IIM management team could have approached the whole exercise without “Planning”, “Risk Assessment”, “Risk Mitigation Plan” and “Crisis Management Plan”. These are basic lessons of management.

Why did IIMs betrayed such a shameful exhibition of lack of managerial talent?

Is it because they were arrogantly negligent? Is it because it was managed by one of the IIMs and others did not cooperate? Is it because they entrusted the examination system to a foreign company for a exorbitant price tag (US $ 40 million? or around Rs 200 crores?) without making a due diligence check?

These need answers.

It is also impossible to digest that IIM had not done a dry run of the system before launching.

It is also stated that the technology used was primitive in the sense that the entire paper was to be downloaded to the local machine and it was not “Really online”. Ideally, each question should have been downloaded  in realtime from a network of distributed servers, dynamically balanced for data traffic congestions along with an algorithm which manages the question paper pattern. At the end of each question, the answer should have flown back into the server and triggered the next question download.  On the other-hand it is stated that in the current system, the entire question paper was downloaded and re-uploaded after the answer. When the server crashed in the meantime, the entire work was lost. This system also meant that the entire question paper resided in the local cache memory and was amenable for copying.

Another intriguing point is that the test was spread over 10 days and across many centers and therefore there were only about 25000 students per day spread across more than 360 centers in  104 locations. It was not therefore a server load problem of insurmountable dimensions.

Some security experts are of the view that the two viruses named by the IIM director for the problem are Conficker and Nimda are easily detected by existing anti virus programmes and are not zero day codes unknown to the community. At present there is no indication of any Cyber terrorist or deliberate outsider attack. (We may recall that the recent failure of IGNOU examination system was blamed on sabotage by some vendors who failed to get the contract.)

 Some of the students had the following to say about their experience

“if we click to any question we have 2 answer that one . we cannot think of not doing that question. 2. if we click end button the test will get over suddenly without any confirmation n the monitor will get turned off. 3. its really difficult to understand the programming. 4. the persons standing there to help us are also confused , very rude and very unfriendly.”

“Could not complete the exam… I clicked on review… end of the review exited my test. my test ended in 5 mins. I was shocked to see i have completed my exam in 5 min.. no one could help me. Such a painful situation, because of issues i could not complete once in year exam.”

“i cud attend only 15 questions n den it has been quited suddenly……d examiners whoever der at site did not take care of my problem i have lost my exam completely…is there any facility to re write d exam again please help me out……..”

These comments made at one of the websites indicate that the issue was that the system design itself was faulty and had been inadequately planned.

Now that the problems have occured what is the remedy?

CAT administrators are suggesting that re-examination would be conducted for those who had the problem. Is this sufficient? How can this compensate those who have clash of examination dates and are lost because of the bizarre experience they were made to go through?

CAT administrators have been careful enough to invoke legal provisions and threaten the students and IIM coaching centers through the following notice on their website.

“Disclosing, publishing, reproducing, transmitting, storing, or facilitating transmission and storage of the contents of the CAT or any information therein in whole or part thereof in any form or by any means, verbal or written, electronically or mechanically for any purpose, shall be in violation of the Indian Contract Act, 1872 and/or the Copyright Act, 1957 and/or the Information Technology Act, 2000. Such actions and/or abetment thereof as aforementioned may constitute a cognizable offence punishable with imprisonment for a term up to three years and fine up to Rs. two lakhs. Candidates who want to appear for CAT have to agree to a Non-Disclosure Agreement at the time of the test.”

Well, this indicates that CAT administrators are ready to invoke law in their protection. Are they ready to face law for their gross negligence and putting the career of so many aspirants to risk?. Have they not caused “Wrongful Loss” to hundreds of candidates by not following “reasonable securirty practices” and allowed for contravention of “section 43″ and “Section 66″ of ITA 2008  to take place? Are they not vicariously liable under Section 85 for these contraventions? These are the questions which CAT administrators have to answer.

How can CAT administrators convince the students that the system was fair? and it gave equal opportunities to all candidates? These are the issues some legal persons have already raised as stated in this article in Times of India

There is no doubt that sufficient cause can be found to question the validity of the examination system given the lack of preparedness evidenced by the events of the last few days.  Though “Computer Based Tests” are an established mode and cannot be rejected per-se, if the conduct of the test indicates gross negligence and lack of competence as shown by the current ProMetric test centers used by IIMs, there is every reason to doubt the integrity of the examinations.

Instead of standing on false prestige and supporting the ego of some of the persons involved in this sad episode, the IIM directors of all IIMs should call for an emergency meeting and should take the bold decision to scrap the online test for the current year and plan a paper based test at the earliest.

It is better if the agony is not continued for all the ten days of the proposed test plus a few re examinations and then face a possible Court action to withhold the results. A quick “Cut the losses” strategy would be the best option for the IIMs. This would save the time so that the comprehensive re-examination can be conducted without causing harm to the next academic year of IIMs.

Additionally it is necessary to black list the service provider involved in the conduct of the exam and recover the payments made to them.

Can we atleast see a display of a bold decision making character of IIMs now?

In case IIMs continue to hide behind “Viruses” and try to cover their inefficiency and protect the financial interests of the service providers, it is necessary for public spirited lawyers to invoke the intervention of the judicial system to seek justice to the number of candidates who would have been adversely affected during this year’s examination.




December 1 ,2009

Related Articles:

Now Anyone Can challenge CAT. TOI

Firm IIMs hired to hold online CAT test has failure record.. HT


 Comments are Welcome at naavi@vsnl.com