IT Risk and Control Solutions Specialists – Why you need them more than ever
Over the years, the capabilities of IT systems have certainly grown by leaps and bounds. But so have the risks that accompany them. Countless threats to IT systems now exist that are capable of seriously disrupting business operations. That’s why companies have to conduct assessments aimed at making sure their systems are still capable of functioning effectively, efficiently, and securely all the time.
If you think you’ve been lucky enough to be spared from these threats, then maybe it’s because you haven’t conducted a risk assessment on your IT system recently. All too often, we hear of CIOs who believed their IT system was in tip-top condition, only to be later caught off-guard by a critical system breakdown that would eventually cripple their business for days or weeks.
More information assets to look after
If, before, you only had to worry about regular office applications, workstations, a LAN and a server, today’s varied and more sophisticated information assets are more challenging to maintain.
In addition to network operating systems, database management systems, content management systems, email systems, virtualization platforms, document management systems, business intelligence applications, and accounting software, a typical enterprise may also have to look after firewalls, intrusion detection systems, storage and backup systems, and data loss prevention systems, to mention a few.
These understandably require the services of experts spanning a wide range of skill sets.
Rising threats to corporate identity and privacy
Individuals are no longer just the ones being preyed upon by identity thieves. Businesses can now be subject to corporate identity theft as well. You could wake up one day finding your business already accused of carrying out illegal activities, a big chunk of your money gone, and your directors? seats already occupied by complete strangers.
To make things worse, corporate threats aren’t just coming from the outside.
Threats to corporate privacy, for instance, can come from within the organisation itself. Sensitive information like trade secrets and financial data are often leaked out (purposely or inadvertently) by employees. This is largely caused by the ever growing number of options for communications and transferring data (e.g. emails, instant messaging, blogs, social networking sites, ftp, P2P, etc.).
Greater challenges in designing, developing, and implementing policies and programs
Laws and regulations like SOX and Solvency II, which have direct impacts on IT, are on the rise. That is why corporate policies and programs now require sweeping changes. You now have to be more deliberate in integrating IT when establishing governance, internal controls, change management, incident management, and performance management.
A solid understanding on widely accepted frameworks and good practices like COBIT, COSO, and CMMI will help you considerably in such undertakings. Using these frameworks as guidelines will not only help you keep your policies and programs attuned to the times, they will also keep you in compliance with regulations.
Increasing demand for disaster recovery and business continuity capabilities
Every time you have a down time, you increase the probability of losing your customers to competitors. The longer the down time, the greater that probability becomes. Therefore, when a major disruption strikes, you should be able to recover at the soonest. If possible, you should be able to deliver products and services as usual.
This of course requires spending to increase your disaster recovery (DR) and business continuity (BC) capabilities. Are you ready for it? Migrating your IT infrastructure from traditional systems to the latest technologies that are better equipped for BC/DR requires careful planning and implementation to ensure an optimal return on investment.
One sure way to turn off customers is to give them a disappointing experience. It cuts across the board- from plumbing jobs, electrical installation and maintenance projects, window cleaning or repair, tenants in the property you’re managing, to package delivery firms. If your customers keep witnessing delays, cancelled appointments, to oversights like double booking which end up messing their individual schedules, they are likely to stop hiring your services and seek out a competitor.?
Field service jobs are particularly prone to such blunders, especially with the traditional manual way of doing things. While smartphones and computers have been infused into the day-to-day running of businesses, it is still common to find companies relying on manual processes to schedule their appointments, track the employees providing the services, monitor the progress of the jobs and ask for status updates, to managing inventory and invoices for completed tasks. This creates a major bottleneck in operations. The Small & Medium Business Trends Report, that took responses from nearly 500 SMB owners and leaders, showed that they spend an average of 23% of each workday manually inputting data. This is time that would have otherwise been spent tending to the customers? needs. It creates a backlog of tasks, forcing the customers to wait for longer to get their issues handled.?
The inefficiencies witnessed in these traditional methods led to the advent of field service business management software. These systems come in to optimise operations and enhance your service delivery. As a business, automating your scheduling, job tracking, routing procedures and handling the invoicing, all through a single platform, greatly reduces your workload. Managing inventory, communicating with your employees out in the field through handy apps on their phone, giving them access to a database of reports and notes on the various jobs they have been tasked with – these all aid in smoothing out the sorting of tasks, and gets rid of the mounds of paperwork that would have been required.?
From Your Customer’s Perspective
When you’re facing a plumbing leak at home, electrical faults that result in power outages in the office building, damaged gas boilers that are hampering operations in the industrial plants- you want them to be addressed. Homeowners, business owners and facility managers in these situations are anxious about getting the issue resolved- yet the firm they are relying on to handle it is caught up in a logistical nightmare, boggled down by paperwork that prevents them from sending their technicians to the location. You really don’t want to hear a series of excuses about why your problem could not be addressed in time. While delays can be a nuisance, cancelled appointments are altogether exasperating. See, the customer is left in a difficult position, since the problem is not resolved, and they have to contend with having to make a subsequent appointment- of which they will not be sure if they can bank on the hired firm to deliver on its mandate. With an FSM, you get to prevent such incidents from occurring.
How Your Customers Benefit From Field Service Job Management Software
Reliable services
Firstly, the customer wants services that they can count on. When an issue arises and an appointment scheduled, they want it to be honoured. With the FSM, you get to accurately schedule the tasks, from the timing involved to assigning it to the appropriate technician, who is skilled in the task. With the automated scheduling and dispatching, the technician downtime that was previously witnessed is reduced- which has the welcome benefit of cutting down your operational costs.?
Speaking of which, the confusion that was previously seen when perusing through documents and simply calling up the first employee whose skill is similar to the job description, is avoided. Here, the field service management platform enables you to determine the most appropriate member of your workforce to handle the task. This makes them more motivated at their job, resulting in higher quality results- whether it’s an installation task, repair and maintenance project, or cleaning service for companies providing them in residential and commercial buildings.?
Get it done right the first time around
The field service scheduling software enables the technician to have all the information pertaining to the job accessible in real-time. This is availed via app– that the technicians will have on their phones. It is through this very app that they will make updates of the tasks being handled, sending in notes, photos and reports to the system. These will, in turn, be monitored at the head office all through the progress of the job, being managed through the interactive FSM dashboard.?
With the customer’s history being accessed by the technician, information that includes the specs and hazards about the particular job being handled, notes from the previous technicians who had been tasked to the building- such as the installation crew and previous repairs that had been done, will enable the personnel on the ground make well-informed decisions throughout the course of the task. Any issues that arise will also be taken note of, equipment and parts ordered through the app as well, ensuring that things proceed seamlessly. That way, the percentage of situations getting fully resolved during the first appointment increases- which translates to fewer cases of complaints being made.?
Instant invoicing
Immediately the job is done, the customer inputs their e-signature through the app, and the technician marks the task as completed, the very same FSM is used to process the invoice and send out an emailed copy to the customer. This will be an accurate invoice, without any data loss, and the customer can then proceed to make the payment through their preferred mode- from credit card payments to cash, without having to wait for hours for paperwork to be processed. All this information is securely stored on the cloud-based platform.
Creating a great first impression
Your image is a core part of your operations. Certainly, you don’t want to come off as disorganised- and your customers will be quick to note this with issues like missing records, outdated reports, lateness, and improper assigning of tasks. On the other hand, having a modern digital solution integrated into your field service operations will enable you to make a great first impression, showing the level of professionalism with which you offer your services.
Customer access
FSM platforms like FieldElite also give the customers themselves access to the system, through their own dashboard. This is particularly handy given that there are cases where the customer will have multiple jobs to be carried out- like property managers who keep on having cases of plumbing accidents, electrical faults, and cleaning service needs in the different buildings that they are in charge of.?
Through the customer portal, they will be able to make appointments, track the history of repair and maintenance jobs carried out on the property, and follow up on queries. What’s more, together with the IoT where FieldElite links to ecoVaro, one can have an interactive energy management system in place to keep accurate tabs on the energy consumption, efficiency, point out areas where repairs are needed, and have technicians come over- with the bookings being made through the FSM.
Enhance Customer Experience And Score New Business Opportunities
Customer service is a key aspect of your operations. When your customers are well tended to, with their needs being met in a timely and proficient manner, it wins you their loyalty, and they’ll be more open to sending referrals your way- growing your market share. Feedback- from testimonials on your site to the reviews on your social media handles, also aids in this- and you want to have satisfied clients who will put out a good word about your brand. By investing in field software for service businesses, you will increase your employees? productivity, monitor trends, improve communication between your head office and the technicians on the ground, all of which come together to increase customer satisfaction.
A mobile workforce management software is key to managing an efficient field workforce.? Managing a staff of people can be tricky in any industry. Try keeping track of employees on shifting jobsites, many whom are paid hourly or temporary workers. The added pressure of ensuring the right workers get to the right sites at the right times, but they also need to track hours, parts used, vehicles and equipment assets.
In a previous post, we defined what is an operational review and why they play a key process in the continual evolution of successful businesses.?
Operational reviews allow the organization members to evaluate their performance, according to the procedures, resources properly, timescales and budgets.
In this post, we’ll take a closer look at how to implement an operational review and the steps typically undertaken to help you and your organisation to implement an operational review.
What the steps in a Operational Review Process
There are typically six steps in an operational review that range from preparatory work conducting interviews and collecting documents to the presentation of the final written report.
An audit should be customized to meet a organisatons specific needs, so standard steps can and should only serve as a guideline.? Management and internal and external auditors should adjust the process to address the company’s particular goals and objectives.
Initial Management Meeting
Understanding the problem is the first crucial step of an operational review. This is one of major areas of discussions when the audit team meets with the management, and department heads will be asked to identify any specific areas of concern. Once the problem is identified, it would be easier to come up with workable solutions.
Conduct Interviews
The next step in the evaluation is carried out with experienced teams doing interviews and keeping close observation. Each team essentially watches how employees carry out their responsibilities. This is considered a key part of the process.
When doing the interview, it is also vital that the observing team gains the employees? trust and confidence. Likewise, the staff must be assured that whatever transpires between the team and the employee will be kept confidential. Management must therefore guarantee anonymity to anyone who offers critical information, lest employees withhold vital information and render the data gathered inaccurate.
Systems Review
Employees and management practices will be reviewed by the assessing team according to the standard policies and guidelines of the company. The effectiveness of the controls in place as well as their appropriateness to the current operating conditions will also be evaluated.
Reporting
A documentation of the data gathered and the assessment of the evaluating team, will be submitted to the management after the review process. Flow charts and written narratives of departmental activities are usually part of this report. This is also where observations and recommendations of the team will be presented to the department heads concerned.
Review Results
While the operational review is being conducted, it is important to take into account the vital factors that affect the company: the people, processes, procedures, and strategies. These four factors can determine the company?s progress in the future.
Key Areas of focus in operation reviews
At a minimum an operational review should include the following key ares of assessment
Management Control
Responsibilities, authority, and the scope in which an employee has the freedom to act must be clearly defined and documented. A complete and specific job description for instance, would give the employee a clear perspective on how he acts and functions within the company.
Boundaries should be set not only to benefit the employer but more so the employee as well.
Moral and Ethical Guidelines
Moral and ethical guidelines are just as important to ensure for a smoother employer?employee relationship. Otherwise, personal issues such as work ethics, work attitude and personal values may post problems in the long run if such guidelines are not drawn properly before relationships are established.
Processes and procedures
Evaluating processes is only beneficial if the company itself updates its processes and procedural manuals regularly, or at least when needed. Such protocols may need revision and some steps may be obsolete already. Improving a company?s processes and procedures doesn’t always entail cost. In fact, improvised procedures may even be cost-effective and could make the processes more manageable.
Communication and reporting standards
Gaps in communication could result in serious lapses in internal controls, putting the company and/or its assets at risk. This is where the importance of timely and clear communication comes in. Likewise, reports must be useful, and the flow of information and how it is processed must keep pace with the company?s growth.
Information technology (IT) and security controls can also be included under the communication clause. Proper IT security policies must be in place, state-of-the-art protection techniques employed, and everything be documented, periodically updated, and continually monitored.
Strategic planning and tactics
No company can ever be complete without its strategies. It would unwise for any organization to proceed without first knowing where it stands and what direction it wants to take. Strategic planning draws such a map. It must be aligned to the mission and vision of the company, and should also coincide with the organizational goals set. Strategic planning deals with these three key questions:
What do we do now
Whom do we do it for?
How can we overcome competition
Without clear strategic direction, expectations would likely differ between ownership and management.
Contingency planning, testing and recovery
Contingency plans must be up-to-date, and are essential to the organization. If one course of action fails, the company should have plan B, C and so on. In addition, an organization should be prepared to respond to interference’s.
This includes establishing a formal process to review transactions processing during both disruption and recovery.
Presentation of Report
Based on your objectives and our findings, we will develop detailed recommendations to improve your company?s performance and productivity. Our written report will include a list of both short-term and long-term projected improvements and courses of action, to be mutually agreed upon by both parties.
To ensure the achievement of the improvements we outlined, our team will also assist in the implementation of these modifications.
The plan has three levels of recommendations: one for executives, another for management, and a third one for staff.
The executive summary concentrates on your company?s strengths, weaknesses, opportunities and threats to its entirety. It includes recommendations for any needed changes in policy or governance.
The management plan is based on employee feedback and includes areas of immediate improvement as well as identification of potential problem areas. Concerns from the bottom level management can now be forwarded to the top level management in formal writing. Better working relationships may evolve from this, thereby setting the work environment for a higher productivity ratio.
Lastly, the staff report deals with topics like charting the hierarchy of the organization, and discussing in detail specific control objectives that are critical to the company?s mission. Part of our goal is to encourage personnel to pay close attentions to such changes, if any, as these efforts are essential if they want to bring about both organizational and personal success.
If you would like to further discuss how our operational review services can benefit your company, please feel free to contact us at your convenience to schedule an initial consultation. We?ll be more than happy to assist you.
When DuPont lost $400 million in intellectual property, it wasn’t because a hacker from the other side of the world infiltrated their system. The information was simply stolen by a former employee. Alarmingly, data loss incidents are not always caused by deliberate actions.
A file containing personal information accidentally attached to an email and sent to multiple recipients; financial data stored in a USB pen drive, accidentally left in a restaurant; or bank account data of colleagues, inadvertently posted on a company website – these are also some of the everyday causes of data loss.
A report done by research company Infowatch regarding global data leaks in 2010 showed that there were actually more accidental data leaks in that year compared to intentional ones. Accidental leaks comprised 53%, while intentional leaks comprised 42% (the rest were unidentified).
But even if they ?only? happened accidentally, breach incidents like these can still be very costly. The tens of thousands of dollars that you could sometimes end up paying in civil penalties (as in the case when you lose other people?s personal information) can just be the beginning. More costly than this is the loss of customer and investor confidence. Once you lose those, you could consequently lose a considerable portion of your business.
Confidential information that may already be leaking out right under your nose
With all the data you collect, process, exchange, and store electronically every day, your IT system has surely now become a storehouse of sensitive information. Some of them, you may be even taking for granted.
But imagine what would happen if any of the following trade secrets fell into the wrong hands: marketing plans, confidential customer information, pricing data, product development strategies, business plans, supplier information, source codes, and employee salaries.
These are not the only kind of data that you should be worried about. You could also get into trouble if your sloppy IT security fails to protect employee or client personal information such as their names; social security numbers; drivers license numbers; or bank account numbers and credit/debit card numbers along with their corresponding PINs.
In some countries, you could face onerous data breach notification requirements and heavy fines when these kind of data are involved.
There are now more holes to plug
It’s not just the different varieties of sensitive electronic information that you have to worry about. Because these data can take on different forms, i.e. data-at-rest, data-in-motion, and data-at-the-endpoints, you also need to take aim at different areas in your IT system.
Sensitive information can be found ?at rest? in each of your employees? hard disks, in your servers, storage disks, and in off-site backup disks. They can also be found ?in motion? in email, instant messaging, social networking messaging, P2P file sharing, ftp, http, and so on.
That’s not all. Your highly mobile workforce may have already introduced yet another high-risk area into your system: data-at-the-endpoints. This includes USB flash-disks, laptops, portable hard disks, CDs, and even smartphones.
The main challenge of data leak prevention
Having been made aware of the various aspects of data leakage, have you already come to grips with the extent of the task at hand?
There are two major things you need to do here to prevent data leakage.
One, you need to identify what data you have that can be considered as sensitive/confidential information. Of course you have financial information and employee salaries in your files. But do you also store personally identifiable information? Do you have trade secrets that are stored in electronic form?
Two, you need to pinpoint their locations. Are they only on your hard disks and laptops? Or have they made their way to flash drives, CDs/DVDs, or portable HDDs? Are they being transmitted through email or any other file transfer media?
The reason why you need to know what your sensitive data are as well as where they are is because you would like all efforts of securing them to be as efficient and unobtrusive as possible.
Let’s say, as a way of protecting your data, you decide to implement encryption. Since encryption can consume a lot of storage space and significantly reduce performance, it may be impractical to encrypt your entire database or all your files. For the same reason, you wouldn’t want to encrypt every single email that you send.
Thus, the best way would be to encrypt only the data that really need encryption. But again, you need to know what data needs to be encrypted and where those data can be found. That alone is no simple task.
Not only will you need to deal with the data you already have, you will also have to worry about the data that will go through your systems during the course of your day-to-day transactions.
Identifying sensitive data as it enters or leaves your system, goes through your network, or gets stored in your file system or database, and then applying the necessary security actions should be done automatically and intelligently. Otherwise, you could end up spending on a lot of man-hours or, worse, wasting them on a lot of false positives and negatives.
