Monday, July 6, 2009

Risks associated with business and IS/IT change...

[Note: This is a reply to Mr. G.'s thread in USEP-IC forum - Assignment 2: Based on the organization that you visited, what do you think are the risks associated with business and IS/IT change?]

In relation to my assignment number 1 in which I have identified some best practices in IS/IT of a certain organization, I will now first discuss about the risks associated with business and IT/IS change to the first company we have visited before - the Columbia Computer Center.

Various threats poses to a company's business and security matters as much as they have their edges in modern practices of technologies. As I recall, Columbia uses the following practices: Biometrics, MYOB, and CCTV to name a few. These practices offer convenience, data-reliability, and security to their business process. Yet there are also several disadvantages in usage of these things.

In the case of Biometric system, in which they use fingerprint scanners and code inputs for employees' log in and log out, the main disadvantage here is the instance when the scanning machine malfunctions. If that would be the case, the management will have no choice but to temporarily go back to the manual system of recording the attendance of the employees to be reflected on their daily time record. This would give hassle to the company since the work will be doubled. The view of the other offices through the CCTVs relies on the Internet. If there would be no Internet signal, the branches especially the main office would not be able to monitor the other office online. Another main disadvantage is, if the other branch would turn off all CCTV cameras connected in their office. Naturally, the accessing branch cannot see what's going on since the CCTV streaming is live. Also, the company is dependent on the Internet in that, when some customers ask for certain descriptions of some products, and to easily describe it, the employees search it online. Internet plays a big role in the business. The networking of data by branch is done also through QuickShare and that includes Internet usage. The MYOB (inventory system) would greatly affect the business operations if the data would not be backed up, and if the system will fail, there are no network connections from which the saved data will be copied from (because only the main branch holds the data of the other branches, and it is only the main office that is able to access the records of the other offices. The other offices only have access to their data. As they describe it, their accounting, sales or inventory, credits, etc are placed in the same software program...

The second company I've visited is the Davao Light and Power Co., in Ponciano St., Davao City. In our interview (me and several classmates) with the Report Infrastructure Manager of the IT Services Group, we first discussed the evolution of the Information Systems that the company has right now. As we were informed of a part of the company's history, I was able to notice the gradual change in the hardware/software aspect(s) to cope up with the needs of the organization. They've changed various servers - mainframes, programming language, networking.

In their Password Management side, where they use Biometrics in employees' log in and log out, they have to change their password every 90 days. Our interviewee added that the passwords should not repeat otherwise their account would be locked. Passwords also have recommended format. It should be alphanumeric, with a minimum of 2 alpha characters and 2 numeric characters, and should have a length of 8 characters. I think this is quite bothering to the employees' part. What if they run out of potential passwords? What if there would be instances that the employees tend to forget their current passwords? They have to call for some IT personnel for help and this is hassle on both sides of the employee and the programmers. If there were also complicated passwords such as those containing special characters adds to the complexity of the system.

In what they call as Systems Development Cycle where they form group policies to also address security, they organize a User Acceptance Test in which new strategies will be tested, and users must actually complain before the actual system will be finalized and implemented. In this case, I think this is quite time-consuming in the sense that if there would be no sooner reactions from the users who tested it, the implementations would be delayed, thus, delaying the process of addressing the problem.

It was on 2005 that they changed from Clipper to Oracle. Clipper is a good programming language but is not robust. It is because of this primary issue that they've changed into Oracle. As years passed, their data bacame bigger and bigger so there was a need to migrate into a more robust database. Clipper is good in terms of network connections since it can hold many clients, making it convenient to use. Yet they have to let go to a another database so to cater their needs especially in security aspects.

Another risk is the issue of 'piracy' in their employees. In our modern technology today, many people know several programming languages with the help of the Internet and open source softwares. More and more people are skillful enough in various fields. In the history of Davao Light, they have experienced several instances where their IT personnel were pirated to another companies and some reasons were of personal preference. Like for example, salary or income. Others will give in to some offers of other organizations which they think is better than what their company can provide. Sir Emil said that the company cannot really stop anybody from that because those were personal decisions of their employees. On this matter, I think it would be a disadvantage on the company's part. If most of their IT personnel would be like this, there would be instances in the future when almost all of the employees will be pirated. Those who are trusted in their particular tasks, once leave the company, their tasks would also be left, either uncompleted or discontinued or hanging. The administration will have to spend trainings for the ones who will replace those who left. The company will surely regret it if the trusted people or those who are already masters in their fields will be gone in the company for good. Their skills are of course, needed in the company yet the management can't stop them if they decide to prefer to the greener pasture where better opportunity calls.

Nothing is constant except change. In order for an organization to gain success in business, they have to undergo several changes in the management, equipments, material and supplies, and operations. That is why there is a need to upgrade programs and systems to cope up with the advancement of technology in the modern era. But not all changes bring benefits, they also have disadvantages. But according to Davao Light, it is based on what is really needed in a certain organization that necessities are addressed. If you opt for a secured system, then you might consider less convenience. If you choose to be convenient in using the system, chances are, you might have slight security difficulties. In order to properly address the problems of the organization, a good decision should be made, a fair and balanced decision should be made.

No comments: