Discuss about the IT Governance and Legal Requirements for Ethics and Professionalism.
Corporate Governance or IT Governance Policy in an Organization
Tricker (2015) defines that an IT governance is the procedure by which an organization aligns its IT strategy with business strategy to achieve the desired goals. It is introduced in an organization for ensuring the investment made in the IT department by the organization will generate value-reward-and mitigate IT-associated risks. Tallon (2013) depicts that some of the key practices in IT governance like a high-level framework that comprises of the leadership, processes, roles and responsibilities, information requirements, and organizational structures. Performance management reporting, including an accurate, timely and relevant portfolio of IT projects reports in a successful IT governance. Corporate Governance or IT Governance adopted by the organization for introducing organizational betterment by innovation so that better productivity can be achieved in lower operational cost. Khan et al. (2013) also depicts that it aids in project and portfolio management and reduced IT risks. They also embed IT into the organization’s culture and increase project visibility.
Brammer and Pavelin (2013) Illustrates that company as Woolworths also use ICT governance in support to their supply chain management where they implement heavily technology-based restructuring program. The ICT technology also helps in stocksmart forecast in its distribution centers based replenishment system. Woolworths use the IT governance policy in enhancing the shares point of sale information from its many retail outlets with other distributors.
Brammer, S. and Pavelin, S., 2013. Corporate governance and corporate social responsibility.
Khan, A., Muttakin, M.B. and Siddiqui, J., 2013. Corporate governance and corporate social responsibility disclosures: Evidence from an emerging economy. Journal of business ethics, 114(2), pp.207-223.
Tallon, P.P., 2013. Corporate governance of big data: Perspectives on value, risk, and cost. Computer, 46(6), pp.32-38.
Tricker, B., 2015. Corporate governance: Principles, policies, and practices. Oxford University Press, USA.
Australian Standard in Fulfilling the ICT Task in an Organization
Downes and Marchant (2016) define that AS8015:2005 is one is of the Australian standard for corporate governance of information and communication technology. This Australian standard provides some principles that can be used for the betterment for the ICT application within an organization. These standards help in establishing a clearly understood responsibility for ICT, planning the best ICT and acquire ICT validity. Kearney and Kruger (2013) also affirms that AS8015:2005 Australian standard ensures whether the entire ICT project performs well and conforms to formal rules by respecting human factors. Over the years, Tesco the leading retail industry have adopted many Australian standards to make their retail industry better work for attaining profitability and productivity. The concerned organization implements future-proof concepts for WAN, LAN and IP VPN so that the customers can use their online retailing. In recent times, they have initiated to install virtual shopping hub of their store where the user can scan the barcodes of the products and can place an order to their desired grocery by implementing Self-scanning tilts. Valentine and Stewart (2013) depicts that these multi-channel concepts for integrating of stores though mobile and e-commerce and social media are supported by these Australian standards of ICT projects.
Moreover, Ellramb et al. (2013) also illustrated that the implementation of the ICT technology in the retail industry could also be seen through EPOS system so that the customers can make payment through plastic money like credit cards and debit cards. In addition to that, Radio Frequency ID tags (RFID TAGS) that make the managers locate a particular object while in the shop (Cho et al. 2015). Portable Data Assistant for portable data collection regarding inventory management, audits and remote data entry are also some successful implementation of the ICT projects in the retail industry like Tesco.
Cho, J.S., Jeong, Y.S. and Park, S.O., 2015. Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers & Mathematics with Applications, 69(1), pp.58-65.
Downes, T. and Marchant, T., 2016. The extent and effectiveness of knowledge management in Australian community service organisations.Journal of Knowledge Management, 20(1), pp.49-68.
Ellram, L.M., La Londe, B.J. and Weber, M.M., 2013. Retail logistics.International Journal of Physical Distribution & Logistics Management.
Kearney, W.D. and Kruger, H.A., 2013. Effective corporate governance: combining an ICT security incident and organisational learning. In The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013) (pp. 12-21). The Society of Digital Information and Wireless Communication.
Valentine, E.L. and Stewart, G., 2013. The emerging role of the board of directors in enterprise business technology governance. International Journal of Disclosure and Governance, 10(4), pp.346-362.
Compliance (legislation) in Fulfilling the ICT Task in an Organization
Ohm (2012) depicts that with increasing popularity in the used of digital technology, it is mandatory for the organization to maintain the ICT procedure secured. ICT security is the major concern when it is about the security system. The Privacy Amendment Act 2012 is one such legislation that is implemented in Australia for protecting personal information held by Australian organizations and if somebody tries to violate the legislations, Crimes Act 1914 will be enacted. In addition to that, Archives Act 1983 is used for recordkeeping requirements for commonwealth records is used in ICT department for avoiding destruction, transfer, or alteration of Commonwealth records and transfer of archival resources (Hurley 2013).
Moreover, AS/NZS ISO 31000:2009 is used for risk management in ICT projects and the guideline of HB 167:2006 is liable for security and risk management (Curkovic et al. 2013). This risk assessment is mostly implemented by the leading industries like Tesco, Telstra, Woolworths and others. This principle is used for risk assessments by establishing the context and identifying the risks for designing a robust list of risks that could affect the successful implementation. The next step is for assessing the risks like data redundancy and data loss from the digital database and cybercrime activities and then analyzes appropriate risk mitigation strategies and controls for the risks that are identified. Podger et al. (2014) further adds that the last step is to develop overall risk assessment that is associated with mitigation or control into an overall category of risk.
Figure 1: Risk assessment process in ICT projects
(Source: Curkovic et al. 2013)
Curkovic, S., Scannell, T. and Wagner, B., 2013. ISO 31000: 2009 Enterprise and Supply Chain Risk Management: A Longitudinal Study.American Journal of Industrial and Business Management, 3(07), p.614.
Hurley, T., 2013. Thomas Hurley case notes. Brief, 40(7), p.47.
Ohm, P., 2012. The Fourth Amendment in a World Without Privacy.Mississippi Law Journal, 81(5), p.1309.
Podger, G., Cuddy, S., Peeters, L., Smith, T., Bark, R., Black, D. and Wallbrink, P., 2014. Risk management frameworks: supporting the next generation of Murray-Darling Basin water sharing plans. Evolving Water Resources Systems: Understanding, Predicting and Managing Water-Society Interactions, Proceedings of ICWRS2014, Bologna, Italy, pp.452-457.