Some of the company’s structured data management efforts include the use of tools for
storing and managing different types of information. For example, Team Foundation System is used for storing program codes, software defect information, and end user documentation. Team Foundation System is accessed using Visual Studio, which allows for these documents to be easily searched and sorted. Team Foundation System also has a version control system that enables the easy identification of the latest version of a specific document.
The company also uses Microsoft SharePoint as a repository for other types of documents such as design documents, product charters, training materials, and others. Documents are organized per department (e.g. Engineering, Human Resources, and Product Management) where each department is further divided into the different teams. For example, under the Engineering department are the Development, Quality Control, and Documentation teams. In effect, documents are stored according to department then according to the team. Under each team, documents are further classified according to product where each product may have its own folder for that product’s documents. This makes it easier to manually search for documents, although SharePoint also has its own Search feature. In addition, there are templates for certain documents to ensure that important documents such as design documents and Release Notes conform to a consistent and uniform format.
However, there are still certain types of data that remain unstructured such as emails, status reports, and presentations among others (“What is Unstructured Data?”). Describe an experience from your work (or from industry) where there was not enough user involvement in an IT project? What happened? Was anything changed to prevent it from happening in the future?
One such project was when the company created a company profile on Yammer, an enterprise social networking site that allows for employee collaboration.
The employees just suddenly received invitations to join Yammer from other employees without getting any formal announcement about it from IT. Majority of the employees did join and started using Yammer to socialize. This proved to be helpful, given the global structure of the company. However, the employees soon started sharing company information and product information over Yammer. This was fine, too, since only members of the organization were members of the company’s Yammer group and only employees could see the exchanges going on.
Only later did IT and upper management realize the security implications that this had. They informed the employees only after some time that the company was using a free version of Yammer, which was less secure than the paid version. As such, they discouraged the employees from discussing confidential company matters over the social networking site lest the information fall on the hands of the wrong people.
They also realized only later that employees who have already left the company continued to have access to the company’s Yammer group; thereby allowing them to still have access to all the exchanges, including company-related ones. It turned out that membership to the site could not be cancelled so there was no way for IT to disable their accounts. Naturally, this, too, posed a security threat for the company.
Only after all these realizations did the organization, particularly IT, create and disseminate formal guidelines on the proper use of Yammer.
Does Six Sigma always work? Imagine a scenario where it might NOT be appropriate for a CIO to use it
Six Sigma is a general methodology that has proven effective wherever it has been implemented (Gygi, DeCarlo, & Williams, 2012). Whether Six Sigma is appropriate for an organization or not then relies on external factors and not on the methodology itself.
One such factor is time and resources. If the organization cannot allot time and resources for its implementation then it will not succeed. To successfully implement Six Sigma requires having certain employees work only on the Six Sigma initiative. It should also be understood that its implementation will take time. If the organization can’t meet this requirement then it would be better not to implement it in the first place lest the implementation take too long, resulting in higher costs and lost interest.
Another factor that can make the implementation of Six Sigma inappropriate is the lack of Six Sigma experts in the organization. These experts will be the ones to lead the implementation. It should be noted that “Six Sigma relies heavily on teams of people working together, not on individual effort” (Harris, 2012) where a team consists of customers, communicators, data specialists, process experts, and Six Sigma experts. In addition to being a team member, the Six Sigma expert is also needed to serve as the project lead who will track results, infuse tools, assign projects, and train people. The team leader will provide direction and overall progress. With no one to lead the initiative, the efforts of the individual members will be useless.
Finally, the implementation of Six Sigma is inappropriate for an organization if it is meant to serve as a short-term solution to a problem. An organization should implement Six Sigma only if they are seeking a long-term solution to their problems, as this methodology also requires long-term investment (Nandanwar, 2009). In addition, the CIO should ensure that he or she can get the entire organization’s commitment and buy-in before considering its implementation. In the same regard, if the organization’s culture is one that’s not adaptive to change, then it is perhaps inappropriate to implement Six Sigma, which would require changes in the organization.
Pick one of the regulatory bodies in the U.S. and explain what they expect of the IT as they go in to audit businesses
The Sarbanes Oxley IT Audit includes a layer of controls, financial, and governance matters to the audit process. It does not go deeper than the system level as its main goal is to provide the company’s Audit Committee, CFO, and CEO assurance with regards to the accuracy and reliability of the financial information stored in the IT systems (Seider, 2004).
It has a narrow focus that is mostly driven by the Federal Law. Its system level audit focuses on the integrity and reliability of the software, hardware, and information of the systems. It is more concerned with performing a system level audit rather than one on a device level.
The audit process owner is the financial audit community. As such, the audit process addresses the requirements of the bigger financial audit. Aside from addressing the technology issues, it also ensures that it produces the documentation necessary to support the claims that the IT systems, as well as the information stored in them, are secure, verifiable, and reliable.
The following are some of the things a Sarbanes Oxley IT auditor will look out for: 1.) the establishment of controls that can prevent the loss off transactions and financial data; 2.) that the controls in place are effective, that is, they are capable of quickly detecting problems and taking the necessary action to minimize the effects of these problems; and 3.) that the controls in place are capable of handling exceptions.
Is the commoditization of IT a good thing, or a bad thing? Discuss
The commoditization of IT is a good thing because it provides for higher repeatability and reliability (Laplante, 2006). With IT becoming more reproducible, companies are able to focus their efforts more on the application of availability and quality standards to IT systems and processes. This in turn leads to flexibility and to better levels of support. In addition, it’s more cost-effective.
Rather than seeing the commoditization of IT as the end of innovation, it should be taken advantage of as it means that the use and setup of IT is now cheaper and easier. This then enables an organization to use IT “innovatively to gain a competitive edge” (“Commoditization and Innovation,” n.d.). IT has transformed from being the end-products they were then to being the resources they are now, which facilitate innovation. Companies now are more able to tinker and experiment with cheap IT commodities that are ever present (Varian, 2004).
Similarly, company employees no longer have to spend too much time trying to learn and use complex technologies and can instead focus on skills development, expert thinking, and expressing their creativity, which can give a company a competitive advantage. The commoditization of IT also enables the company to focus on how to get the most out of partnering and outsourcing (Laplante). In addition, it gives companies a clearer understanding of the suppliers’ strategic nature in terms of services, software, and hardware, which the company can leverage on.
Commoditization and innovation - IT does matter. Retrieved from
Gygi, C., DeCarlo, N, & Williams, B. (2012). Avoiding Six Sigma pitfalls. Retrieved from http://www.dummies.com/how-to/content/avoiding-six-sigma-pitfalls.html
Harris, W. (2012). How Six Sigma works. Retrieved from http://money.howstuffworks.com/six-sigma5.htm
Laplante, P. (2006). CIO wisdom II. Upper Saddle River, NJ: Prentice-Hall
Nandanwar, M. (2009). When will Six Sigma not work?. Retrieved from http://www.qualitygurus.com/courses/mod/forum/discuss.php?d=3185
Seider, D. (2004). Sarbanes-Oxley information technology compliance audit of an outsourced
Microsoft and SAP system for a specialty manufacturer: Auditing networks perimeters
and systems. Las Vegas, NV: SANS Institute. Retrieved from http://www.sans.org/reading_room/whitepapers/auditing/sarbanes-oxley-information-technology-compliance-audit_1624
Varian, H. R. (2004). How much does information technology matter?. The New York Times.
Retrieved from http://www.nytimes.com/2004/05/06/business/
What is unstructured data and how is it different from structured data in the enterprise?. (2007). Retrieved from http://searchstorage.techtarget.com/feature/What-is-unstructured-data-and-how-is-it-different-from-structured-data-in-the-enterprise