Programme and projects are structured activities that seek to create effective change. A major part of structuring the work is in breaking it down into double chunks in a hierarchical plan that defines who does what and when, at a level of detail that can be effectively managed.
If all that was needed was to make a plan and then watch it all unfold as expected, then programme and project management would be an easy task. However, the best laid plans of mice and men often go astray as unexpected things happen. In fact, the reason programmes and projects often deliver late is not because they are badly planned. These can easily double the amount of time that is needed.
The RAID log is a simple extension to traditional risk management that supplements the programme, or project plan, to help manage the overall workload. RAID stands to risks, assumptions, issues and decisions. A simple way to manage the logging of these four factors is in spreadsheet , with one tab being devoted to each element. The RAID log should be updated in the same way that the main plan is managed.
Risks
Risks are a classic and well known aspect of programme and project management. They are "bad things that could happen" and can lead to delays as well as cost-and quality related problems. Risks are managed by seeking mitigating actions that reduce the chance of either the risk happening or the impact of the risk should it occur. Contingency actions may also be prepared in case of this.
At the very least, a risk log should include a description of the risk, an analysis of it and a list of actions that need to take place. Risk logs often have significant supporting detail, such as before-and-after mitigation assessments, owners and traffic light indicators of seriousness.
Assumptions
When planning something new, many assumptions may be made and some of these may be significant enough perhaps, uncertain enough to be worth capturing. Captured assumptions may then be deliberately tested at the appropriate time as information is gained for this purpose.
The assumption log may include details of the assumption itself, the rationale for why this it has been assumed and the action to be taken or otherwise that the assumption is or is not valid.
Issues
Issues are, in effect, risks that have happened. If your risk planning has been completed well, then they will not be a surprise and you will have the contingency actions on hand to handle them. Whether or not they are a surprise, issues are not usually found on the programme or project plan and so the issue log is the place where they are captured and tracked.
Issue logs may include various details about the issues. Key items will cover a description of the issue, the effect it is having (including how serious it is) and the actions that are required to contain and remove the issue.
Decisions
In projects and programmes, decisions are sometimes made that can have a significant effect, but with a limited understanding of the impact they may have, for example, in the extra work created. Decisions made along the way can also cause confusion , where people misunderstand them or simply do not know they have been made.
The decision log should capture the decision, the rationale behind it, the name of whoever made the decision and any consequent work. This helps to ensure teh decision does not destabilize the plan and also gives a useful reference when someone asks, "Why did we decide that?"
Huwebes, Setyembre 29, 2011
Biyernes, Setyembre 23, 2011
Finding out what others think by Jolito Ortizo Padilla
What is opinion polls? That is a challenge I have thought long and hard about. Public opinion, I finally decided, could be defined as "the collective view of a defined population". So in seven words I tried to encapsulate the fine tuning of the many nuances tried by the editors of the Oxford Dictionary-who took 842 words! In its essence, public opinion polling (and market research uses the same techniques) can be defined as "the collective view of a (sample of a ) defined population".
PUBLIC OPINION
Public opinion is important. Why do I think this? Because the public does so, and even more important, acts on its beliefs. When I first got into this business of market research I asked a sample of Filipino adults the extent to which they agreed or disagreed that; "A company that has a good reputation would not sell poor products", and was astonished to have three people in four says they agreed. Now that obviously wasn't entirely true, all smart companies do test marketing.
Even more astonishing , over a third , 37% said "I never buy products made of companies I've never heard of". Of course that was nonsense , but that is what I percieved!
So it's important to have good products and services;it's important to be price/quality competitive in the marketplace, whether running a fruit and vegetable stall or a bank. And it is important to know what your customers (and prospective customers) think.
MARKET RESEARCH
That's where market research comes in. I describe market research as the "marriage of the art of asking questions and the science of sampling". It's a very simple business; all you have to do is ask the right questions, of the right sample, and add up a figures correctly.
THE ART OF ASKING QUESTIONS
I have a favorite question to give students to critic which, in just a few words, breaks all five rules of good questions construction:Are you in favor of direct retaliatory action against Franco' piracy?
1. Ask a balanced questions: Do you favor or oppose ....?
2. Define your terms:one man's direct retaliatory action is a punch on the nose; another's nuclear bombs.
3. Use language in common usage: "retaliatory" would likely be misunderstood by many people.
4. Explain who's who: wonder how many didn't know who Franco was.
5. Don't use pejoratives: "Piracy"? What was surprising was 22% were against taking action with a loaded question like that one.
HERE ARE SOME OTHER TIPS ON WHAT TO LOOK FOR IN QUESTIONS:
Are they clear? Read the question aloud.If you've forgotten the point by the time you get to the end, or if you stumble over them, chances are others will as well.
Does the question ask for a dual response? We call these "double-barrelled questions" (or even "triple"). All too often a question will be drafted in such a way that a respondent can properly respond with two, or even three or more answers.
Is the question precise? A good survey question says precisely what object the item refers to, leaving no room for ambiguity. Here's and example of a problem question sometimes asked by researchers:" When did you buy your watch?" The question is incomplete in that it fails to tell the respondent which watch, if the respondent has more than one; it may be that the watch in question was a gift.
Is the time defined? The period to which the question related is crucial to the respondent's answer. Time is difficult concept for many people. For example: Did you go abroad last year?" As well as being imprecise as to whether it was on business or holiday. Does "last year" refer to the previous calendar year, the year back from when the question was asked, or even for those at school or with children at school, the school year.
Is the question loaded? Reputable market researchers have too much at stake in their work to be caught intentionally biasing a question. Special interest groups, however, sometimes have vested interest in loading question to get a certain result.
Does the question assume knowledge on the part of the respondent which they might not have? Another common error in survey questions is asuming the respondents know something about the subject of the question, with a resulting distortion of the extent and direction of public opinion. Questions about opinion towards advertising can provide excellent example. For instance: " Are you more or less like to buy the watch as a result of seeing the ad?" Those who had no intention of buying any watch would likely say "less", but this would be nothing to do with whether they saw the ad or not. Any question asking "more or less" can fall into this trap, yet you frequently see polls that ask questions which empirical research has shown will give nonsense answers.
Does the question ask for a comparison that is meaningful to the respondent? If a question asks for a respondent to compare something they know, but then asks for a comparison to something unknown, the resulting answer would be meaningless. For instance,"Do you think that the price you are being asked to pay (for this or that T V) is fair in light of what other TVs are costing? This question assumes a lot, not only that they know the level of their own local prices but they have a basis of comparison that is meaningful. It may well be that the respondent has a view on this related to what they paid last year for their television, but has no ideas of how it compares with other TVs on the market now.
Is the question's obscured by asking about a very complicated behavior in simplistic terms? For example: "Where do you usually get most of your news about what's going on in the world today: from newspapers or radio or television or talking to people or where? Without knowing what type of news, it's hard to argue that this question has much meaning.For example: fashion news for a modern professional or business news from Financial Times and the Economist, while her main source of national news comes from watching television.
Does the question use a balanced scale? Years ago the market research manager of the Singapore Post Office said to me that seven out of ten people in Singapore were satisfied with the postal service. When I saw the questionnaire, I saw why. He'd asked: Are you very satisfied, satisfied , or dissatisfied?" It may have been his boss happy , but it certainly gave them bad research.
Is it a "yes/no" questions asking for an attitude? We virtually never ask "yes/no" questions other than to factual or behavioral questions such as "Do you normally wear glasses for reading?" In general , any question that has a yes/no answer is likely to inflate the favorable response to an item, regardless of whether the question is loaded. But , more subtle forms of loading combine prestige attachment or social desirability which gives tendency toward "yea-saying" by some respondents.
Questions are tested by conscientious researchers by trying them out on their colleagues first: then on members of the public in a pilot test. They ask respondents the question first, listen carefully for the response or any questions arising, then what was their understanding of the question.
THE SCIENCE OF SAMPLING
The street corner surveys has been the basis of thousands of research reports. Typically it uses sampling. It may even be called erroneously, a "random" to mean haphazard;the statistician uses it with precision to mean "having and equal probability of selection".
Another important factor in survey sampling is to be certain that the precise community, group , or class being talked about in the results, is carefully defined.
Internet survey are becoming more popular, but those people who can be reached via internet are not "representative" of the population. They are, as a generalization, more middle class, more middle aged, and more educated. If a researcher presents data from a telephone or an internet survey, good questions to ask are:
"What steps were taken to deal with unlisted telephones, multiple email addresses, mobile phones, engaged or "dud" email addresses, etc?"
"What is the bias inherent in leaving people who are not on the telephone/internet out of the sample?"
"What was the refusal rate, by subgroup, of the sample?"
"How was the effect of differential refusal dealt with?"
"Were the questions suitable for asking over the telephone/internet?"
" How many questions were asked and is there an "order" bias in questions asked earlier to influence the result of questions asked later in the questionnaire, (sometimes called "position bias")
CONCLUSION
Survey research is widely misunderstood. It can provide understanding, analysis and tracking of the behavior, knowledge, opinions, attitudes and values of the public.By measuring this, within the limits of the science of sampling and the art of asking questions, surveys can determine what people do and what they think.
PUBLIC OPINION
Public opinion is important. Why do I think this? Because the public does so, and even more important, acts on its beliefs. When I first got into this business of market research I asked a sample of Filipino adults the extent to which they agreed or disagreed that; "A company that has a good reputation would not sell poor products", and was astonished to have three people in four says they agreed. Now that obviously wasn't entirely true, all smart companies do test marketing.
Even more astonishing , over a third , 37% said "I never buy products made of companies I've never heard of". Of course that was nonsense , but that is what I percieved!
So it's important to have good products and services;it's important to be price/quality competitive in the marketplace, whether running a fruit and vegetable stall or a bank. And it is important to know what your customers (and prospective customers) think.
MARKET RESEARCH
That's where market research comes in. I describe market research as the "marriage of the art of asking questions and the science of sampling". It's a very simple business; all you have to do is ask the right questions, of the right sample, and add up a figures correctly.
THE ART OF ASKING QUESTIONS
I have a favorite question to give students to critic which, in just a few words, breaks all five rules of good questions construction:Are you in favor of direct retaliatory action against Franco' piracy?
1. Ask a balanced questions: Do you favor or oppose ....?
2. Define your terms:one man's direct retaliatory action is a punch on the nose; another's nuclear bombs.
3. Use language in common usage: "retaliatory" would likely be misunderstood by many people.
4. Explain who's who: wonder how many didn't know who Franco was.
5. Don't use pejoratives: "Piracy"? What was surprising was 22% were against taking action with a loaded question like that one.
HERE ARE SOME OTHER TIPS ON WHAT TO LOOK FOR IN QUESTIONS:
Are they clear? Read the question aloud.If you've forgotten the point by the time you get to the end, or if you stumble over them, chances are others will as well.
Does the question ask for a dual response? We call these "double-barrelled questions" (or even "triple"). All too often a question will be drafted in such a way that a respondent can properly respond with two, or even three or more answers.
Is the question precise? A good survey question says precisely what object the item refers to, leaving no room for ambiguity. Here's and example of a problem question sometimes asked by researchers:" When did you buy your watch?" The question is incomplete in that it fails to tell the respondent which watch, if the respondent has more than one; it may be that the watch in question was a gift.
Is the time defined? The period to which the question related is crucial to the respondent's answer. Time is difficult concept for many people. For example: Did you go abroad last year?" As well as being imprecise as to whether it was on business or holiday. Does "last year" refer to the previous calendar year, the year back from when the question was asked, or even for those at school or with children at school, the school year.
Is the question loaded? Reputable market researchers have too much at stake in their work to be caught intentionally biasing a question. Special interest groups, however, sometimes have vested interest in loading question to get a certain result.
Does the question assume knowledge on the part of the respondent which they might not have? Another common error in survey questions is asuming the respondents know something about the subject of the question, with a resulting distortion of the extent and direction of public opinion. Questions about opinion towards advertising can provide excellent example. For instance: " Are you more or less like to buy the watch as a result of seeing the ad?" Those who had no intention of buying any watch would likely say "less", but this would be nothing to do with whether they saw the ad or not. Any question asking "more or less" can fall into this trap, yet you frequently see polls that ask questions which empirical research has shown will give nonsense answers.
Does the question ask for a comparison that is meaningful to the respondent? If a question asks for a respondent to compare something they know, but then asks for a comparison to something unknown, the resulting answer would be meaningless. For instance,"Do you think that the price you are being asked to pay (for this or that T V) is fair in light of what other TVs are costing? This question assumes a lot, not only that they know the level of their own local prices but they have a basis of comparison that is meaningful. It may well be that the respondent has a view on this related to what they paid last year for their television, but has no ideas of how it compares with other TVs on the market now.
Is the question's obscured by asking about a very complicated behavior in simplistic terms? For example: "Where do you usually get most of your news about what's going on in the world today: from newspapers or radio or television or talking to people or where? Without knowing what type of news, it's hard to argue that this question has much meaning.For example: fashion news for a modern professional or business news from Financial Times and the Economist, while her main source of national news comes from watching television.
Does the question use a balanced scale? Years ago the market research manager of the Singapore Post Office said to me that seven out of ten people in Singapore were satisfied with the postal service. When I saw the questionnaire, I saw why. He'd asked: Are you very satisfied, satisfied , or dissatisfied?" It may have been his boss happy , but it certainly gave them bad research.
Is it a "yes/no" questions asking for an attitude? We virtually never ask "yes/no" questions other than to factual or behavioral questions such as "Do you normally wear glasses for reading?" In general , any question that has a yes/no answer is likely to inflate the favorable response to an item, regardless of whether the question is loaded. But , more subtle forms of loading combine prestige attachment or social desirability which gives tendency toward "yea-saying" by some respondents.
Questions are tested by conscientious researchers by trying them out on their colleagues first: then on members of the public in a pilot test. They ask respondents the question first, listen carefully for the response or any questions arising, then what was their understanding of the question.
THE SCIENCE OF SAMPLING
The street corner surveys has been the basis of thousands of research reports. Typically it uses sampling. It may even be called erroneously, a "random" to mean haphazard;the statistician uses it with precision to mean "having and equal probability of selection".
Another important factor in survey sampling is to be certain that the precise community, group , or class being talked about in the results, is carefully defined.
Internet survey are becoming more popular, but those people who can be reached via internet are not "representative" of the population. They are, as a generalization, more middle class, more middle aged, and more educated. If a researcher presents data from a telephone or an internet survey, good questions to ask are:
"What steps were taken to deal with unlisted telephones, multiple email addresses, mobile phones, engaged or "dud" email addresses, etc?"
"What is the bias inherent in leaving people who are not on the telephone/internet out of the sample?"
"What was the refusal rate, by subgroup, of the sample?"
"How was the effect of differential refusal dealt with?"
"Were the questions suitable for asking over the telephone/internet?"
" How many questions were asked and is there an "order" bias in questions asked earlier to influence the result of questions asked later in the questionnaire, (sometimes called "position bias")
CONCLUSION
Survey research is widely misunderstood. It can provide understanding, analysis and tracking of the behavior, knowledge, opinions, attitudes and values of the public.By measuring this, within the limits of the science of sampling and the art of asking questions, surveys can determine what people do and what they think.
Huwebes, Setyembre 15, 2011
The Impact of Taguchi Methods on Southeast Asian Manufacturing Organizations by Jolito Ortizo Padilla- my 6th Research work for 2011
Taguchi methods are powerful quality engineering methods developed by the Japanese engineer and statistician Genichi Taguchi to improve the quality of manufactured goods. The methods were first introduced in Japan, where they have been used extensively to improve the quality of products and processes within the organizations over the past 60 years.
In the 1980s, they were introduced to the US and quickly adopted by some of the most successful American corporations, including Ford Motor Company, AT&;T Bell Laboratories, General Motors and Xerox. In the late 1980s, shortly after their debut in the US, the Taguchi method of experimental design was introduced to Europe and the UK.
However, in contrast to US and Japan, research has indicated that the use of TMs(Taguchi Method) is far from pervasive within European Industries. Although many case studies are published in the existing literature on TMs , most academics are of opinion that TMs are still largely underutilized within the Southeast Asian manufacturing organizations.
However, there appears to be either minimal or no empirical evidence to verify this opinion, although this is not the case in Japan , the US and other European countries. To these authors' knowledge , this research study is the first attempt to understand the true impact of TMs on the Southeast Asian manufacturing organizations.
Back to basics
Dr. Genchi Taguchi describes TMs as: "the evaluation and improvement of the robustness of products, tolerance specifications, the design of engineering management processes and the evaluation of the economic loss caused by the functional variation of products". Given the importance of design of experiments within Taguchi's overall engineering strategy, he went to great lengths to develop his own standardised approach to the design of experiments in an attempt to make it easier to apply and more user friendly.
It has been speculated that as much as 80% of the Japanese quality gains which occurred after the second world war can be attributed directly to TMs. A recent survey by Fujita and Matsuo in 2005 found that from a sample of 118 Japanese manufacturing organizations, approximately 40% of those companies were applying the methodology, clearly showing that the techniques is still in common use today.
Research carried out by Jugulum and Dichter into the US manufacturing companies was primarily focused on assessing the impact of TMs through a survey questionnaire in 2001. Generating a modest 270 responses to their questionnaire, Jugulum and Dichter found that about 30% of the companies were applying the Taguchi approach to experimental design. Moreover, they found TMs most commonly used to optimise process performance, as opposed to improving a product design.
Survey conducted within Spain, Germany and Ireland have shown that TMs were being used by less than 10% of the responding companies. In 2003, Gremyr et al. discovered that the application of TMs was among the highest in Europe, but still low in comparison to Japan and US.
There are several case studies within the existing literature which document successful applications within the UK manufacturing industry. Another study carried out by Araujo et al. in 1996 showed that the application of TMs is more prevalent within the aerospace and automotive sectors.
The survey results
As part of the survey research strategy, it was decided that a survey strategy would be adopted. The strength of the survey is that it allows a large amount of data to be collected from a large population in an economical way.
Adopting the same strategy as used by Jugulum and Dichter in 2001, the survey was conducted through a two stage questionnaire process. A short primary questionnaire was designed and distributed to around 750 manufacturing organizations from the Philippines, Singapore , Malaysia,Vietnam , Hongkong and Indonesia. Many of the questions used for the primary questionnaire were web-based one created and administered by http://www.surveymonkey.com/
Total response received from the primary survey were 105. A detailed secondary questionnaire was then designed and distributed to about 20 companies. The secondary questionnaire was only sent to those companies who had indicated that they were applying TMs and were deemed to have sufficient knowledge and experience to complete the questionnaire. A total of 15 questionnaires were returned, 14 of which contained valid and complete information. This corresponds to a very good response rate of 70%.
The primary questionnaire had been designed to collect general background information about respondents. Company size was divided into four categories;less than 50 employees;50-249 employees; 250-500 employees and over 50 employees. Most of the responses came from companies with over 50 employees.
Figure 3: Distribution of respondents across the sectors
Type of manufacturing industry Number of responses
Chemical and Pharmaceuticals 20
Aerospace and defense 16
Food and beverage 12
Electronic component manufacturers 10
Plastics and rubber products 8
Fabricated metal product manufacturing 6
Automotive manufacturing 8
Printing and packaging 5
Electrical equipment and consumer appliances 5
Other manufacturing sectors 17
Figure 3 presents responses recieved in relation to all sectors that participated in the study.
Nearly 40% of the respondents represented the manufacturing function.Moreover, the majority of the respondents were from upper or middle management, where it is assumed they have a good overall understanding of the business and its operations. The results of the study also revealed that over 80% of the respondents conduct industrial experiements, 15% of which conduct industrial experiments frequently.
Figure 4: Reasons for performing or conducting industrial experiments
Reasons Percentage of respondents
To solve detected problems 75%
To optimise process performance and 70%
product characteristics
To learn about process or product behavior 50%
Product or process innovation 40%
To confirm initial assumptions 30%
To develop a rubost design unsensitive
variation 25%
Figure 4 presents the most common reasons for conducting industrial experiments in the Southeat Asian manufacturing organizations. The top three reasons given for industrial experiements were:
- To solve detected problems
- To optimize processes or products
- To learn about and explore the behavior of processes
The respondents were also asked to indicate the strategies of experimentation that they use when performing experiments. It was found that over 50% rely on the one factor at a time (OFAT) approach to experimentation for process optimization problems. This confirms the results of the study carried out by Antony in 2002, and is also consistent with the findings of Tanco et al in 2008 for companies in Spain.
The studies carried out by Tanco et al. and Jugulum and Dichter indicated that 50% of Spanish organizations were aware of TMs, compared to 75% of US organizations. The analysis of data indicated that there was no correlation between the use of TMs and company size , which is consistent with the findings of Tanco et al.
The results also showed that the use of TMs is higher within ISO 9001 certified companies which supports the findings of Ozgur et al. in 2002.
The respondents were asked about the common reasons for the application of Taguchi method of experiemental design. The top three common reasons for the application of Taguchi method of experimental design were:
- To improve or to optimise those existing processes
- To solve detected problems
- To learn and to understand about process or product behavior.
The secondary questionnaire was used to obtain a more detailed understanding of the application of TMs with Southeast Asian manufacturing organizations.
The number of companies involved in the detailed questionnaire was 14. It was observed that most companies carry out less than five Taguchi projects per year, with only two companies claiming conduct between six and 10 project each year.
It was interestting to compare these results with Jugulum and Dichter's 2001 study. Their findings showed that US manufacturing companies are performing more industrial designed experiments than their Southeast Asian counterparts. It was also found that most applications occur within manufacturing , followed by the applications in product development.
The author also discovered that TMs are most commonly introduced to US organizations as part of corporate quality programme or product development process, as opposed to a stand-alone technique. However, in the SEA manufacturing organizations it was observed that TMs are more commonly promoted as stand-alone tool.
Barriers to implementation of TMs
The respondents were asked to list the typical barriers that they have experienced when applying TMs. The following bariers were subsequently identified from the survey:
- Lack of a clear methodology when applying TM
- Insufficient financial resources
- Negative image of statistics within the workforce
- Insufficient human resources
- Lack of management commitment
- Organizational resistance
- Poor or inadequate training on TMs
- Lack of knowledge of engineers on the methodology
- Engineers generally have insufficient knowledge of statistics
- TMs are thought to be just to complex to apply.
- The poor standard of satistical consultancy that exist.
- Previous negative experiences in applying the methodology
- Lack of time
- Poor leadership
It was found that the lack of clear and systematic methodology to apply TMs was one of the most common barriers across the participating companies.
Interestingly, Tanco et al, in 2008 also identified this as one of the biggest barriers to the design of experiments within Spanish organizations, despite there being numerous methodologies proposed for TMs within the literature.
The findings of our study also revealed that the most respondents perceive there to be a negative image about the use of statistics within their workforce. Furthermore, over 80% of the respondents believe that engineers generally have insufficient knowledge of statistics to apply the TMs.
Another common barier to the application of TMs was "poor or inadequate training" and "insufficient time" which also appear to be key barriers within many US organization.
Conclusion
This research has shown that only a limited number of companies within the SEA manufacturing sector are currently realizing the benefits of this powerful methodology.
Although some companies are now applying TMs, most are failing to realize its full potential due to various barriers in the application and deployment of TMs across the business.
The true value of TMs lies in the application of TMs for designing rubostness into the design stage of products and processes. This study attempts to show the status of the application of TM within the SEA manufacturing companies.
The next stage of this research is to then carry out a semi-structured interviews with selected companies to obtain a greater insights into the many applications of TM within the SEA manufacturing sector.
A comparison on the application of TM in the SEA service sector will also be a worthy research topic over the forthcoming years.
Lunes, Setyembre 5, 2011
The Security of Business IT by Jolito Ortizo Padilla
The security of business IT systems has never been more important. Organizations are increasingly reliant on IT infrastructure such as websites and computer system to support their activities, which leaves them vulnerable to threats from hackers, viruses and disgruntled staff.
At the same time, information technology continues to evolve at an incredible rate, bringing with it new security threats and quality professionals are now facing the difficult task of protecting their organization's IT system.
Security Threats
According to antivirus software developer McAfee, cybercrime is a growing problem all over the world. The President of McAfee, Dave DeWalt says:" A lot has been done to combat cybercrime over the past decade, but criminals still have the upper hand. The chances of getting caught knocking off a convenience store are several times larger than robbing an online bank".
His argument was given more weight in December 2010, when MasterCard and Visa had their websites shut down by hackers after the companies announced they would no longer process donation payments to controversial website Wikileaks.
Smaller organizations should also be concerned about cybercrime. According to research by the Information System Audit and Control Association small-and medium- sized businesses need to do more to protect themselves from cyber attacks. Notably, its research has found that the number of employees willing to take risky actions online, such as providing a work email address when shopping over the internet or following an unknown link, has risen over the past 12 months.
While not all IT security threats have as high profile as hackers, they can be just as critical. In the last few years, cloud computing, whereby shared servers provide resources, software and data to computers, has become one of the fastest growing segments of the IT industry. Recession-hit companies are increasingly putting their faith and their data in the cloud, which has its own inherent risks.
The ISO Solution
The ISO/IEC 27000 series of information security standards provides best practice recommendations for information security management systems. Professor Edward Humphreys, the convenor of the working group responsible for the development and maintenance of ISO/IEC 27001, says the most immediate challenge for quality professionals working within IT is being aware of the risks involved.
"Cloud computing is an example of a technology in which managers are largely unaware of the risks," he says."People don't know where their data is kept, except that it's in the cloud. Physically, it could be anywhere-Philippines, America, Singapore or Bahrain. We have have strong data protection and privacy regulations in Europe, but what if your data isn't being kept in Europe?"
More and more organizations are turning to the informations security standard ISO/IEC 27001 to help manage their IT risks, with certification rates up by 40% in 2010. Edwards says: ISO/IEC 27001 can be used to get the whole management of IT all under one framework, so an organization isn't dealing with individual problems but one issue."
The most important thing in tackling information security is to understand the risks, explains Edward. "ISO/IEC 27000 standards are risk based; the idea being that an organization will perform a risk assessment to find out exactly what its problems are and then put the controls that are needed in place.
"If quality professionals can identify the risks involved, then their organizations will be better able to cope with problems if they occur.
We are 74th in the 2010-2011 World's Best University Proud to be with NTU |
The security of business IT systems has never been more important. Organizations are increasingly reliant on IT infrastructure such as websites and computer system to support their activities, which leaves them vulnerable to threats from hackers, viruses and disgruntled staff.
At the same time, information technology continues to evolve at an incredible rate, bringing with it new security threats and quality professionals are now facing the difficult task of protecting their organization's IT system.
Security Threats
According to antivirus software developer McAfee, cybercrime is a growing problem all over the world. The President of McAfee, Dave DeWalt says:" A lot has been done to combat cybercrime over the past decade, but criminals still have the upper hand. The chances of getting caught knocking off a convenience store are several times larger than robbing an online bank".
His argument was given more weight in December 2010, when MasterCard and Visa had their websites shut down by hackers after the companies announced they would no longer process donation payments to controversial website Wikileaks.
Smaller organizations should also be concerned about cybercrime. According to research by the Information System Audit and Control Association small-and medium- sized businesses need to do more to protect themselves from cyber attacks. Notably, its research has found that the number of employees willing to take risky actions online, such as providing a work email address when shopping over the internet or following an unknown link, has risen over the past 12 months.
While not all IT security threats have as high profile as hackers, they can be just as critical. In the last few years, cloud computing, whereby shared servers provide resources, software and data to computers, has become one of the fastest growing segments of the IT industry. Recession-hit companies are increasingly putting their faith and their data in the cloud, which has its own inherent risks.
The ISO Solution
The ISO/IEC 27000 series of information security standards provides best practice recommendations for information security management systems. Professor Edward Humphreys, the convenor of the working group responsible for the development and maintenance of ISO/IEC 27001, says the most immediate challenge for quality professionals working within IT is being aware of the risks involved.
"Cloud computing is an example of a technology in which managers are largely unaware of the risks," he says."People don't know where their data is kept, except that it's in the cloud. Physically, it could be anywhere-Philippines, America, Singapore or Bahrain. We have have strong data protection and privacy regulations in Europe, but what if your data isn't being kept in Europe?"
More and more organizations are turning to the informations security standard ISO/IEC 27001 to help manage their IT risks, with certification rates up by 40% in 2010. Edwards says: ISO/IEC 27001 can be used to get the whole management of IT all under one framework, so an organization isn't dealing with individual problems but one issue."
The most important thing in tackling information security is to understand the risks, explains Edward. "ISO/IEC 27000 standards are risk based; the idea being that an organization will perform a risk assessment to find out exactly what its problems are and then put the controls that are needed in place.
"If quality professionals can identify the risks involved, then their organizations will be better able to cope with problems if they occur.
Mr. Aurelio Macaraeg Jr. Mr. Sundaram Sagaran and Mr. Alfonso Ramos Jr.
Thank you very much..
Sabado, Setyembre 3, 2011
From the desk of GA Business and Management Consultancy
Case Study:
MY WEB MY WAY
Public service organizations such as the BBC have to ensure that they serve all of their users. The BBC is supporting web accessibility through its My Web My Way website, which has been developed and is maintained through a partnership between BBC Online and AbilityNet.As a result, the bbc.co.uk home page is now easy to navigate and more intuitive for users, whatever their access route.
The My Web My Way site caters for those with visuals, hearing , motor , cognitive or learning impairments as well as with minor vision impairments who would not consider themselves to have a disability.
It provides advice and help to people who would benefit from making changes to their browser, keyboard and mouse settings, operating system or computer, in order that they can view BBC online and the wider web in a more accessible way.
Examples of what this means in real terms for users include:
- Enabling people with motor impairments to read broadsheet quality news on news.bbc.co.uk without having to actually turn to broadsheet pages.
- Enabling children with motor and cognitive disabilities to access CBBC online games with "Switch" technology.
- Enabling deaf and hard of hearing people to "listen" to The Archers via transcripts on bbc.co.uk/archers.
The site also provides a guide to getting the most out of accessibility features that BBC New Media is incorporating into BBC Online, as part of the organization's commitment to ensure its services address the needs of disabled users.
Risks from Global Political Upheaval
New research has found that the level of political risk has risen in more countries than it has declined. This comes as no surprise to a world that is still growing accustomed to the recent changes in Egypt, Tunisia and Libya.The research measured the political risk of 211 countries and territories based on the level of risks such as currency inconvertibility and exchange transfer; strikes, riots and civil commotion. war, civil war, sovereign non-payment, political interference, supply chain disruption and legal and regulatory risk.
The findings demonstrated the negative effects of the global financial crisis on the economies of nations with traditionally low levels of risk. At the same time the continued emergence of several markets in Africa where more international trade and investment is occurring has led to a greater need for political risk insurance cover.
The annual research has seen a nearly 30% increase in the number of countries in the middle of risk rankings- the medium low to medium high categories-as these countries have become more active in the world economy and their prosperity has increased.
In addition, recent research from Coface, a global firm which specializes in trade risk management, pointed to continued tension between sovereign risks in the euro zone and the financing of growth in the emerging countries. In 2011, a key issue for country risk will be private debt monitoring and growth financing.
The Coface research, covering 156 countries (of which 28 are classified as advanced countries) found that the winners of the financial crisis are the emerging countries, which will continue their solid growth trajectory in 2011 with slight slowdown:6.2% compared to 6.7% in 2010.
Tougher US regulation for oil and gas in 2011
Despite fears of tougher regulation following the Deepwater Horizon spill, the global and gas industry is optimistic of an upturn in business in 2011, according to a recent report.Deep Water Ahead? The Outlook for the Oil and Gas Industry in 2011 was written by the Economist Intelligence Unit and sponsored by GL Noble Denton. The report is based on a survey of almost 200 top level industry leaders including CEOs, other board level executives and policymakers.
The research reveals that price volatility has failed to dent the industry's appetite for investment in new exploration and market opportunities. Nearly one-third of the executives surveyed see South-East Asia as offering the greatest opportunities over the coming year, with that proportion rising to 58% when combined with China and the Far East.
But nearly three quarters of respondents expect regulation to become tougher in North America in the wake of the Gulf of Mexico spill. The long term impact of the Deepwater Horizon spill will also affect companies' operational strategy , especially as their safety record will become a more important factor in gaining access to global reserves.
John Wishart, president of GL Noble Denton, said: " This report forecasts an upturn in industry growth, with cautious optimism. But key players in the industry will need to find more innovative solutions to mitigate risk, while operating more efficiently and sustainably."
Your career questions answered: A letter from University of the Philippines
The Problem: I am responsible for revamping our document control system. Where should I start?
The answer:
Document control means different things to different people, depending on what they are dealing with, who their audience is and the risks associated with the use of wrong document. There are numerous systems for achieving control, but all have the same three simple elements.
1. What is it?
Every document, whatever the format, needs to be identifiable. This may be a topic or a reference, but unless you know what it is, what chance do you stand of controlling it?2.What issue is it?
This enables you to know whether you have the right document, as well as how many versions are available and when they were created. This doesn't have to be complicated. If it's a letter or an email, then a date may be sufficient as it tells you when it was produced. If it's something more complicated, or you don't want to date it, then a simple issue or version number or letter will suffice.3. Have I got it all?
Personally, I always number pages using the format "1of 2", etc. This way, the user knows that they have the whole document. A bit of common sense is required here, though, as no-one would expect a novel to be numbered in this way. However, if the document is to be stored or used electronically then this format can be a lifesaver.These simple steps will ensure that keeping control of your document is easy. Document control doesn't have to be a bureaucratic nightmare.
Mag-subscribe sa:
Mga Post (Atom)