IT Governance

Data management strategies

by

On 14th October 2009, I will be presenting at CPA Congress in Melbourne to the topic ‘Data Management Strategies’.  Apparently CPA Australia didn’t like my originally suggested title ‘The devil is in the detail – which is why the Lord of the Nine Hells should never be your DBA’, which I blogged about earlier.  I think the new title is rather bland, don’t you.

The session overview is below:

Micheal Axelsen FCPA Director
Applied Insights Pty Ltd

As accountants, we prepare the information that a business uses to make its important decisions. Sometimes though, the data we use seems to be impossible to track down – and when we do find it, who knows whether it’s actually useful or not?

In this entertaining presentation, Micheal looks at some of the practical pitfalls and case studies of working with data – from rampant spreadsheets to the DBA nightmare – that Micheal has seen, with practical advice you can use to help your business escape its database nightmare.

Anyway, it promises to be fun, although it would have been much more fun if I could have brought theology into the debate of DBAs vs rational people.

Image from Flickr User Lessio. Some Rights Reserved.

The devil is in the detail – which is why the Lord of the Nine Hells should never be your DBA

by

Maybe he knows where the bodies are buried...CPA Australia have asked me to present at their conference in Melbourne in October. They didn’t want to do Carbon Pollution Reduction Scheme – that’s already been well-covered apparently. I did suggest that I could relate some case studies from the field about data governance – you know, how to get databases right and so on. I decided that I would try for the entertainment factor – after all, I have seen quite a few fun things in my time, and embellishment never hurt 🙂 – and so I have written an outline for ‘The devil is in the detail – which is why the Lord of the Nine Hells should never be your database administrator’.

Seminar overview:

A successful business knows about its business environment to deliver consistently good services or products to its customers at a reasonable price. Accountants prepare the information that provides the feedback to the business on how it is travelling.

Unfortunately, getting that information right is quite a trick! Some of the information is locked away in limbo; we know it exists but how do we get to it? And no, ‘it’s in the database’ is not really all that helpful. Is the information we rely on actually all that accurate?

In this entertaining presentation, Micheal Axelsen explores the steps and some of the pitfalls you can take to achieve good governance of your data so that the information you prepare for the business is as right as you can get it (and meets compliance requirements!).

On this journey we take a look at some of the practical pitfalls and case studies of working with data that Micheal has seen in fifteen years of working and consulting to industry and commerce, with practical advice you can use to help your business escape its database hell.

Short overview:

As accountants, we prepare the information that a business uses to make its important decisions. Sometimes, though, the data we use seems to be impossible to track down – and when we do find it, who knows whether it’s actually useful or not?

In this entertaining presentation, Micheal looks at some of the practical pitfalls and case studies of working with data – from rampant spreadsheets to the DBA from Hell – that Micheal has seen, with practical advice you can use to help your business escape its database hell.

Does anyone care to leave feedback for me? Would you go to such a session? Or is it trying too hard to try and make databases entertaining… Still, this stuff is what I live for – which is a sad indictment of the times, I suppose, or at least of my sense of humour.

Image from Flickr User Lessio. Some Rights Reserved.

Technorati : , , , , , , , , , ,
Del.icio.us : , , , , , , , , , ,
Zooomr : , , , , , , , , , ,
Flickr : , , , , , , , , , ,

The implications of NGERS and CPRS on information systems

by

Last week I was invited to present to the CPA Australia Carbon Pollution Reduction Scheme Discussion Group as part of the CitySmart Innovation Festival, along with Danny Powers, Michele Chelin, and Andrew Rogers.

It was an informative night and I think the audience appreciated what we did, as usual.  At any rate, I did promise I’d put up my slides; they’re attached below as Slideshare.  If you’d like the originals for your own purposes please feel free to email me.

Presentation

Implications of Emissions Trading Scheme for Information Systems

Points noted in the presentation

  • Compliance with the reporting requirements (National Greenhouse and Energy Reporting Act 2007) means the development or implementation of major information systems.
  • NGERS is independent of the CPRS – and captures more companies than the CPRS.
  • The current proposed delay of one year has some impact on the carbon pricing models, but compliance efforts by NGER reporting entities will need to continue.
  • Reporting entities (entities producing > 125KT in 2008/2009, through to > 50kt CO2 equivalents by 2010/2011) will need to report emissions by one of four methodologies:
    • Method 1: the National Greenhouse Accounts default method
    • Method 2: a facility-specific method using industry sampling and listed Australian or international standards or equivalent for analysing fuels and raw materials
    • Method 3: a facility-specific method using Australian or international standards or equivalent for sampling and analysing fuels and raw materials
    • Method 4: direct monitoring of emission systems, on either a continuous or periodic basis
  • Methods 1-3 are estimates of emissions based upon increasingly accurate emissions factors. Method 4 monitors actual emissions.
  • A single annual emissions report is required by 31 October each year under NGER Act.
  • Information that should be kept – electronically or in paper-based form – includes:
    • a list of all sources monitored
    • the activity data used for calculation of greenhouse gas emissions for each source
    • categorised by process and fuel or material type
    • documentary evidence relating to calculations – e.g. receipts, invoices & payment methods
    • documentation of the methods used for greenhouse gas emissions and energy estimations
    • documents justifying selection of the monitoring methods chosen
    • documentation of the collection process for activity data for a facility and its sources
    • records supporting business decisions, especially for high-risk areas relating to reporting coverage and accuracy.
  • AS ISO 15489 (the Australian and international standard for record management) provides guidance – but not all documents are records!
  • Management of information over the lifecycle is a challenge due to potential changing definitions and criteria
  • Under the CPRS, liable entities whose emissions exceed 125K tonnes per annum (‘Large Emitters’) must have their emissions independently audited. For all other entities under NGERS and the CPRS, they may be subject to audit on suspicion of non-compliance or on a risk-management basis.
  • As report identifies actual CO2 equivalent emissions, and thus the number of permits surrendered, business must ensure its calculation is accurate, and that people understand the report and data they are producing.
  • To support auditable systems, the information systems of liable entities will need to address asset safeguarding, data integrity, system effectiveness and system efficiency concerns.
  • Systems will need to be reliable and timely (“95% confident”) having regard to:
    • Transparency
    • Comparability
    • Accuracy
    • Completeness
  • Extensions or integrations to accounting information systems are likely.
  • There are important factors for a business to address if it is going to create an auditable information system to support its emissions report.
  • 50kt of CO2 emissions is the equivalent of, for example, the operation of 15 data centres with 1000 servers over one year – so, not a small business!
  • As for SME’s, they are less affected from an information systems perspective.
  • Similar concerns exist though for ensuring that the integrity of, for example, price estimation models is accurate (given, for example, electricity cost increases of 18% and gas cost increases of 12%).
  • It is likely that you will need to estimate and select prices based upon a rigorous method, or potentially attract the attention of the ACCC.
  • SME’s that supply liable entities and/or entities that have ‘green’ purchasing policies may especially need to understand the impact of the scheme on their future demand
  • ‘Very Large’ SME’s and large corporations that are currently outside of the CPRS, but could be caught in potential future expansions of the definition, should consider implementing greenhouse gas emissions reporting information systems to inform future lobbying efforts and by way of advance preparation.

ITGI Roundtable Conference article now available

by

I see that ITGI has posted the transcript of the roundtable we did back in September 2008 or so.  It covers off some of the leading lights in IT Governance in Brisbane – and then I’m there as well:

  • Tony Hayes, FCPA, Queensland Government, Australia
  • Micheal Axelsen, FCPA, Director, Applied Insight Pty Ltd., Australia (that would be me)
  • Ashley Goldsworthy, AO, OBE, FTSE, FCIE, FCPA, Professor, Australia
  • Duncan Martin, CISA, ACA, CIA, CPA, Chief Financial Officer, The Rock Building Society Ltd., Australia
  • Glen McMurtrie, CISA, CBM, CFE, Principal Internal Auditor, Department of Communities, Australia
  • Simon Middap, Group Manager, ICT and Projects, ENERGEX Ltd., Australia
  • John Thorp, CMC, I.S.P., The Thorp Network Inc., Canada

It reads fairly well – I do remember it as an interesting conversation. 

The transcript is available on www.itgi.org and is available as a pdf here.

,

Can employers tell us what we can do in our private, online social networking, lives?

by

If your employer tells you to ‘stop doing that, you’ll go blind’ online, do you have to stop doing it? 

Short answer:  yes, with a but. 

As I specialise in long answers though – see below.  Caveat – I’m not a lawyer.  This probably misses a ton of stuff cos I’ve shortened it from the original, much longer, draft.  This is just for discussion, comment, and thought provocation at the moment.  It also has far too many Battlestar Galactica references. 

At law it is generally well recognised that employees have several duties of care that they owe to their employer . There are three core duties of an employee to their employer that have a clear link to an employee’s online social networking activities:

  • to work with care and diligence,
  • to obey all lawful and reasonable orders, and
  • to act with good faith and fidelity.

There are essentially two types of employee: a standard employee (on a time-service contract) and a professional or staff employee (on a task-performance contract) . Professional and staff employees, and especially those employees with client-facing roles, are generally held to a higher standard, particularly where their actions may tarnish the employer’s image.

The employee has a positive duty to be efficient, and to avoid negligence in carrying out the work. In the context of online social networking, an employee might breach this duty where their use of such tools affected their efficiency (for example, through cyberslacking) or using a social networking tool in an inappropriate way (for example, to store client material or to carry on client conversations).

An employee must also obey the ‘lawful and reasonable’ orders of their employer, taking all reasonable steps to carry out the tasks promised under the contract of employment. Criminal acts outside of the workplace may prevent the employee from carrying out their duties, and thus breach this duty. So if you joined an illegal OSN, or advocated criminal behaviour in an OSN (use your imagination but it probably involves terrorism, nazis, or pavlova) it might be difficult to keep doing your fracking job (sorry – Battlestar Galactica reference).

It is likely though that the activity would need to be very much at odds with the employee’s role for summary dismissal or discipline to be justified.

Employees do have a duty to act with good faith and fidelity (see especially Blyth Chemicals Ltd v Bushnell 1933 ). Employees must not act in a manner that is in conflict with the interests of their employer.

As part of this duty of good faith and fidelity, the employee must not disclose information where disclosure of such private information (for example, profits and losses, customers, methods and techniques, etc) might help a competitor. It is likely, for instance, that posting a blog topic about business strategy, or the file notes from an internal meeting, would breach the duty. The duty operates to limit the employee’s ability to comment upon the business of the employer.

I was flabbergasted to find though that in the Cockatoo Docks Case (1946) it was found that an employer was justified in summarily dismissing an employee who wrote an article in a Labor Party newspaper that was critical of his employer. Try that one on today! Although it is not likely that this decision would be followed today, there are clear parallels to be drawn with online social networking activities.

The biggest issue for bloggers and Facebookers everywhere? Tarnishing corporate image.

For this duty to be beached there generally needs to be a relevant link with the employer such as a uniform. In Rose v Telstra Corporation 1998 it was acknowledged that employers ‘do not have an unfettered right to sit in judgment on the out of work behaviour of their employees. An employee is entitled to a private life.’

In the context of online social networking, presumably this connection would exist where the employee discloses the name of their current employer, or where the individual is in a senior client-facing role so as to be likely to be identified from their profile by a customer or prospective customer.

Some employers use things such as AWA’s etc to prevent, for example, a mining company employer stopping an employee joining a group that is protesting the mining company’s actions.

As a general principle, employers seeking to rely upon this power of control must set out their expectations very clearly, and ensure that the employee has consented to such contractual terms and that the expectations have been brought to the employee’s notice. In particular, the duty that an employee owes to act in good faith and with fidelity operates so that the employee should not ‘tarnish the business’s image’. The business’s expectations of its employees however must be very clear if the employer seeks to control their employees’ actions in private.

Personally I’m coming to the view that if it’s your private blog or Facebook, keep your employer’s name out of it – it’ll be sweeter for all that way.

Image from Flickr User Akbar SimonseSome Rights Reserved.