Showing posts with label Internal Controls. Show all posts
Showing posts with label Internal Controls. Show all posts

June 14, 2013

No Such Agency (NSA) Listening To No Such Information (NSI)

The National Security Agency (NSA) frequently referred to by the secretive surname of No Such Agency is at the forefront of our signals intelligence (SIGINT) and in protecting America--they are amazing!

Recently, there is a lot of controversy about the PRISM program for sifting through communications looking for terrorist contacts, plans, and imminent attacks to be foiled. 

Is this necessary for security or a violation of our privacy? 

Of course, we value our privacy and generally wish we had more. (For me growing up in the busy and crowded city that never slips, I craved a little more quiet and secluded life and that's how I ended up in the Washington D.C. suburbs).

Anyway, if your an average hard-working Joe or Jane, what do you fear about PRISM?

For me, if "they" are tracking calls or listening--this is what they hear:

- The occasional squabble with my loving wife (yes, we drive each other nuts sometimes).

- My teenage kids hanging up their phone on me, not wanting to hear my brilliant (in my own mind) parental advice and guidance.

- My elderly parents lecturing me and telling me that I should go to synagogue more often.

- The daily life transactions with the plumber, the cable service, and the credit card company. 

If your honest and loyal, and the system works fairly, the way it's supposed to, your communications are just some transmission packets travelling through cyberspace to carry out your life's goings on.

Then again, if you're crooked, a traitor, or planning to or have hurt someone, well then your up against some very powerful technology tools and (hopefully) your going to get caught and get what's coming to you.

The big concern then is not when the system works well and fairly, but when it's used corruptly, fraudulently, or for political ends. 

Then it's not what someone overhears you say or sees you do that's a real concern, but rather, with all the advanced electronics and technology, what can be made up about you to address personal or political gripes, grievances, or just settle a score.  

You don't have to be afraid (generally) of what you do honestly, instead you need to fear the dishonesty of those who can or are apt to misuse the technology for their own ends.

Then what you really did or said, can be taken out of context, exaggerated, edited, spliced, or otherwise doctored to something else entirely. 

This is why the integrity and ethical backbone of those who run the country and our vital institutions are of paramount importance.

With honesty, ethics, and justice--a surveillance system can greatly enhance national security. Without these things, they can be a tool of corruption. The best protection is not unplugging the system, but hooking in lots of internal and external controls to keep it honest.   ;-)

(Source Photo: here by LittleBirth)


Share/Save/Bookmark

February 9, 2010

Why The Customer Should Be The Center Of Our Professional World

It’s intuitive that organizations should manage oriented to serve their customers, because it’s the customers who keep them in business. Yet, in the name of “shareholder value,” many organizations continue to put short-term results at the forefront of their decision-making and this ends up damaging the long-term success of the organization to the detriment of its owners.

Harvard Business Review, January-February 2010, in an article called “The Age of Customer Capitalism” by Roger Martin states that “for three decades, executives have made maximizing shareholder value their top priority. But evidence suggest that shareholders actually do better when firms put the customer first.”

The author continues: “Peter Drucker had it right when he said the primary purpose of a business is to acquire and keep customers.”

Clearly, we serve our customers in the service of our mission. Our mission is why we exist as an organization. Our mission is to provide our customers with products and/or services that satisfy some intrinsic need.

The equation is simple:

Shareholder Returns = f (Customer Satisfaction)

Shareholder returns is a function of and positively correlated with customer satisfaction, as HBR notes. If we serve our customers well, the organization will thrive--and so will the owners—and if we do this poorly, the organization will die—and the owners will “lose their shirts”.

The problem with concentrating exclusively on stock price is that we then tend to focus on short-term returns versus long-term results, and the shareholder ends up worse off in the end.

“The harder a CEO is pushed to increase shareholder value, the more the CEO will be tempted to make moves that actually hurt the shareholders…short-term rewards encourage CEOs to manage short-term expectation rather than push for real progress.”

The article cites companies like Johnson & Johnson and P&G that “get it.” They put the customer first and their shareholders have been rewarded handsomely—“at least as high as, if not higher than, those of leading shareholder-focused companies.”

One good example of how J&J put customers first is when in the 1982 Tylenol poisonings, in which seven Chicago-area residents died, J&J recalled every capsule in the nation, “even though the government had not demanded it.”

Another good example in the article is Research in Motion, the maker of the BlackBerry. They recognized the importance of the customer versus the focus on the shareholder and already “in 1997, just after the firms IPO, the founders made a rule that any manager who talked about the share price at work had to buy a doughnut for every person in the company.” The last infraction by the COO had him delivering more than 800 doughnuts—the message was heard loud and clear.

These examples are in seemingly stark contrast to the recent handling by Toyota of its brake problems, in which there has been delayed recalls and the government is now investigating. As The New York Times (8 February 2010) reported: “The fact that Toyota knew about accelerator deficiencies as far back as December 2008 “raises serious questions about whether car manufacturers should be more forthcoming when they identify a problem, even before a recall,” said Robert Gifford, the executive director of the Parliamentary Advisory Council for Transport Safety, a nonprofit group that seeks to advise British legislators on air, rail and road safety issues.” Note: this is out of character for Toyota, which historically has been a car company known for its quality and safety.

As a long advocate for User-centric Enterprise Architecture, I applaud the organizations and the people that put the customer first—and by this, I mean not by words alone, but in deeds. It is easy to put the customer into our mission and vision statements, but it is another to manage our organization with a true service creed.

While the HBR article emphasizes short-term shareholder value as main culprit diverting us from a positive customer-focus, there are really numerous distractions to realizing the vision of a customer service organization. Some examples include: organizational politics that hinder our ability to accomplish our mission; functional silos that are self-serving instead of seeking the best for the enterprise; certain egocentric employees (a minority) that put personal gain or a lack of strain above a service ethos; and of course, greedy and corrupt individuals that seek to profit at the expense of the customer, perhaps even skimping on product quality and customer service, thereby even endangering health and safety.

While most people are essentially good and seek to do the right thing, the organization must put in place controls to ensure that our focus is never distracted or diminished from our customers. These controls include everything from establishing values, policies, processes, requirements management, product development, training, testing, measurement and reporting, and best practices implementation in order to ensure our finest delivery to the customers, always.


Share/Save/Bookmark

March 17, 2008

The Evils of Computers and Enterprise Architecture

Computers and information technology have revolutionized how we do just about everything in our lives. Yet some people have demonized technology either out of fear, ignorance, or a belief that we will not be able to control the awesome power of the technology we are developing.

The Wall Street Journal, 15-16 March 2008, reports that during the 1960s and 70s, Joseph Wiezenbaum, an MIT professor, was a gifted computer programmer who later came “to preach the evils of computers.”

Wiezenbaum created a “computer program called Eliza that was designed to simulate a psychiatrist…but after test subjects told him the program really empathized with their problems, Mr. Weizenbaum became a digital Jeremiah, and spent decades preaching the computer apocalypse.”

Surely Wiezenbaum isn’t alone in predicting the concern that computers could become smarter (and stronger) than people and could pose a dire threat to humankind’s very existence. These fears have been portrayed by Hollywood in 2001: A Space Odyssey, iRobot, Termininator, War Games, and other such hit movies.

Weizenbaum “soured on computers and condemned automated decision making as antihuman.”

“He raised questions that are as relevant today as they were when he first raised them” about 40 years ago.

As an enterprise architect, my job is to align technology solutions to business problems and requirements. Am I to consider the potential for the malevolent information system, database, storage server, or network router when trying to use technology to help achieve mission results?

OK. Maybe the question is a little too facetious. The truth is computer processing power is reaching ever greater potential, and at accelerating speeds, based on Moore’s Law. Computers now can process at speeds in trillions of calculations a second. Who can even imagine?

Is it possible, at some time that a computer or robot will go loony and do the unthinkable? Of course it is. Don’t some people have pit bulls that are friendly to their owners and then go nutty and attack the neighbor’s poodle or the neighbor himself? Don’t we all drive cars that are wonderful transportation mechanisms, but also hurt and kill thousands of people a year?

We raise and develop things that have tremendous capability to improve our way of life; however, they also have the potential to hurt us if not properly controlled.

A time will soon come with technology that we will have to worry about controlling the very machines that we have created to help us do our everyday tasks. We will have to architect safeguards for people from the very technologies that we developed and deployed to aid them.


Share/Save/Bookmark

February 12, 2008

Information Integrity and Enterprise Architecture

We are in an information economy and now more than ever business needs information to conduct their functions, processes, activities, and tasks.

To effectively conduct our business, the information needs to be relevant and reliable. The information should be current, accurate, complete, understandable, and available.

Information integrity is essential for enabling better decision-making, improving effectiveness, and reducing risk and uncertainty.

However, according to DMReview, 8 February 2008, “information within the [corporate] data warehouse continues to be inaccurate, incomplete, and often inconsistent with its sources. As a result, data warehouses experience low confidence and acceptance by users and consumers of downstream reports.”

“The Data Warehousing Institute estimates that companies lose more than $600 million every year due to bad information.”

What are some of the challenges to information integrity?

  1. Complex environments, [in which organizations] constantly generate, use, store, and exchange information and materials with customers, partners, and suppliers.”
  2. Accelerating change in the business environment [and] changing needs of business users”
  3. “Increasing complexity of source systems and technology
  4. Expanding array of regulations and compliance requirements

“Change and complexity introduce information integrity risk. Accelerating change accelerates information integrity risk. Compliance makes information integrity an imperative rather than an option.”

What are the particular challenges with data warehouses?

  1. Questionable input information—“Several source systems feed a data warehouse. Data may come from internal and external systems, in multiple formats, from multiple platforms.”
  2. Lack of downstream reconciliation—“As information traverses through the source systems to a data warehouse, various intermediate processes such as transformations may degrade the integrity of the data. The problem becomes more acute when the data warehouse feeds other downstream applications.”
  3. Inadequate internal controls—these include controls over data input, processing, and output, as well as policies and procedures for change management, separation of duties, security, and continuity of operations planning.

From an enterprise architecture perspective, information integrity is the linchpin between the businesses information requirements and the technology solutions that serves up the information to the business. If the information is no good, then what good are the technology solutions that provide the information to the business? In other words, garbage in, garbage out (GIGO)!

As enterprise architects, we need to work with the business and IT staffs to ensure that data captured is current, accurate, and complete, that it is entered into the system correctly, processed accurately, and that outputs are distributed on a need to know basis or as required for information sharing purposes, and is protected from unauthorized changes.

Using business, data, and systems models to decompose the processes, the information required for those, and the systems that serve them up helps to identity possible information integrity issues and aids in designing processes that enable quality information throughput.

Additionally, security needs to be architected into the systems from the beginning of their lifecycle and not as an afterthought. Information confidentiality, integrity, availability, and privacy are essential for an information secure enterprise and for information quality for mission/business performance.


Share/Save/Bookmark