Risk management framework

It was with some alarm that I sat down to read my favourite read, ISACA’s monthly IS Control Journal, to discover that ISACA/ITGI is producing another framework to go with the COBIT framework (and it is a framework, I don’t care what anyone else says), and the VAL IT framework:  the IT Risk Management Framework.

I was a little concerned that perhaps it might be one framework too many.

However, it does make sense to create such a beast when you consider that, as I am fond of telling the students I am lecturing (no doubt much to their disgust, terror and ennui), the only two things that matter are what value you can get for what risk. 

Anyway, you can check out the new risk management framework on ITGI’s website, where it will b released as it becomes available.  It’s mentioned in the latest Information Systems Control Journal, in an article by Urs Fischer, and in this relatively recent update to the COBIT vision and strategy.

Evernote’s watchful eye

I note that over the weekend I twittered about my examination of Evernote 3.  I’ve been a user of Evernote 2.2, and I believe my tweet was something to the effect of:

“Struggling with Evernote 3 – wondering if I could use gmail with imap instead. Answer looks like ‘no'”

That was on Saturday.

Yesterday, www.twitter.com/evernote started following me.  That’s three days.  Interesting, particularly in the context of my recent article on online reputation management.  People do do it.  It will be interesting to see what they say when I post my review :)…

The hidden danger of Facebook stalking…

One danger I didn’t mention for social networking in my recent articles is that us humble accountants at home quickly become aware of where our friends and former colleagues have gone tripping around around the world  – Facebook currently tells me I have a friend who’s moved from Australia to London to Singapore to England to Germany to England in the past six months, another who has ‘done’ Hong Kong, London & Morocco in the past week, another who is in Singapore, and another who spent the weekend in Vegas and is now going to Niagara Falls. 

Meanwhile I went to the shops to buy bread & milk…

Virtual Water Cooler

Last month I had an article (‘It’s about who knows you’) published in InTheBlack, CPA Australia’s monthly magazine.  I was very happy with that for two reasons – firstly it was a paid commission article, which is always nice, and secondly they kept my title.  In all my experience of writing articles and publications, that has almost never happened. 

The June 2008 article is about the issues around social networking and what can happen when people aren’t careful with such websites.  Since InTheBlack paid me for it, I’ll wait a little before I post the whole article – although my favourite pull-quote that was used was:

“Some people do not like candid photographs of themselves pole-dancing or imitating a fascist dictator being made available online”

The first one is a veiled reference to a certain swimmer, and the other is a reference to… well, a company that I contacted at least four months ago and said that perhaps they might be embarrassed about that photo.  Apparently, so far, they’re not. Which I happen to think is silly – particularly given the sensitivities of some of their clients – but perhaps I’m overreacting.  Still, I’d personally rather keep my renditions of Deutschlandlied and impersonations of Joseph Goebells at cocktail parties quite private thank you very much.

At any rate, the second article has now been published (‘Virtual water cooler’) and I have to say that by the time the InTheBlack graphic guys have finished with it, they always come up looking like roses.  I like the introduction they added at the top of the article:

“Ignore social networking sites at your peril.  Keeping an ear out for quiet murmurs of your customers online is a better strategy than waiting for them to yell

So this month’s issue is out – I’ll post the full article in about a month or so.  Look for it in your mailbox:


Social security

About this article

In about April I got a phone call asking me if I could write an article very quickly for the CFO Software guide of 2008.  This guide is produced in association with CPA Australia every year, and every so often the Information Technology & Management Centre of Excellence writes an editorial piece related to the topic of the moment (usually).  This time, though, because it was very short notice (I believe the phrase ’10am tomorrow?’ was used), I got to draw a fairly loose association with the topic.  I wanted to write something a little different to the normal business article – although a good and serious article is excellent, it doesn’t achieve much if it is never read, in my view. 

So as a result, I wrote an article on the topic of social networking, and called it ‘business socialism’ – it was subsequently retitled to ‘Social security’.  In an edition where the companion articles are fairly business-focused, my article probably has, as was described in unsolicited feedback, as a ‘tone’.  The Editor’s Letter for this edition notes that the theme of social software and tapping into the wisdom of crowds ‘is picked up enthusiastically by Micheal Axelsen, the chairman of the Information Technology and Management Centre of Excellence for CPA Australia, in his opinion piece’. 

I’m going to take that feedback as positive feedback.  I reproduce the article below as I submitted it, together with an attached scanned copy of the magazine.  If you think you may be the person who has their photograph in FaceBook giving a Nazi salute, perhaps drop me a line on my email. 

Oh, and thanks to Jenny for being very sporting about the fame of her cat, Stitch.

Social security

Once, ‘friends’ were people that you met regularly. Friends went to the movies together. Friends may occasionally have had one beer too many and woke up together on a park bench. Sometimes friends were workmates. Sometimes they were actually your significant other’s friends. You and your friends drifted apart when you changed jobs (or your significant other).

Today, the world is very, very different. The circle of friends expands and grows. Friends that move away can be ‘followed’ with social networking websites such as Facebook and MySpace. Because of Facebook, I know that a former colleague has just received a kitten called Stitch. A cute cat, but I have not met that colleague in eight years.

Today, people are Facebooked, MySpaced, and LinkedIn. They Flickr and Twitter and Qik. People blog and they YouTube.

Today’s workforce talks over the internet in myriad ways, at all times and at all opportunities. The line between ‘work’ and ‘leisure’ has become very blurred. Social networking sites can have a real business impact.

Social networking is positive in several ways. For example, searching on a candidate’s name will provide more background than a resume ever will. A footprint on the internet will exist somewhere. Potential employers can be better informed about the candidate. The same approach can be used for prospective suppliers of products or services to the business.

Candidates or suppliers with personal photographs in the Facebook group ‘embarrassing party photos’ may not like this. However, it is not only the young that can have unsavoury photos appear online. At least one Facebook user has shown poor professional judgment by posting a photo of their employer’s grey-haired managing director giving a Nazi salute. The poor fellow probably doesn’t know it exists.

A scan of blogs and other online tools for qualified candidates expressing frustration about their current job may be helpful when recruiting. Head hunting to fill specialist roles can be much easier in this digital world.

On the other hand though, customers with bad experiences services will likely retell their story on the internet. Today’s mobile technologies allow this to occur before the customer has even left the store. Many prospective customers today will perform a search on the business. These customers tend to believe an anonymous internet posting in preference to any information contained in a marketing brochure.

Employees’ activities ‘out of hours’ can also have an impact. The legal liability is at best murky when an employee stalks another employee using social networking tools. When businesses request employees to put their details on MySpace or Facebook as part of a staff recruitment drive, a legal problem may arise very quickly if an employee is stalked, attacked or has their identity stolen using this information.

Likewise, LinkedIn is a popular social networking site for professionals. This website provides a ‘newsfeed’ of the events occurring in your network of contacts. Secrets can be inadvertently given away by staff members setting their LinkedIn status to (for example): ‘Micheal Axelsen is developing a proposal for Can-Do Technologies’. LinkedIn also allows a contact to see their contact’s contacts, which can give an interesting insight into that contact’s marketing activities.

Business should respond in some way. In 2008, the CPA Australia Information Technology & Management Centre of Excellence is writing a guide for business with appropriate policies to adopt for social networking. At the least, we encourage businesses to understand their ‘internet footprint’. A regular search upon the business name, the names of key products, and the senior management team is essential, with Google Alerts a good tool that can alert you to such new content.

Staff should also be aware of the risks and issues for the business and their career when posting information online. At least one Facebook user has been astonished to see photographs of her in an inebriated state. She is desperately trying to get these ‘friends of friends’ to delete the photographs.

The social networking phenomenon is here to stay and will continue to grow. Businesses should review the impact of social networking on their business. There is a need to communicate to all staff the types of appropriate behaviour and content when living out their digital life. Businesses should monitor their ‘internet footprint’ and plan a response when the business is mentioned online. ‘Banning’ social networking is unlikely to be helpful for a company. A sensible and informed approach is important, with an awareness of the potential risks and problems.

Social networking: sometimes, it’s about business. And we mean business.


Technorati Tags: ,