Issues in Business: Case Analysis – Risk Analysis
Issues in Business: Case Analysis – Risk Analysis
Introduction
The case study under analysis herein, assumes a larger business venture of an online streaming video service Netflix. The company, as any other commercial enterprise, needs to secure its online proprietary data, as well as protect its software learning environment from unpaid subscribers, or unauthorized hackers. Historically, the company just started one year ago, in the context of the case study. The perspective of this written report is from a consultant. According to Gill (2012) IT risk lays at the heart of business, although many treat this aspect “as an afterthought,” and that IT risk protection should be integrated into each level because best practices in this area “is essential to a continually healthy business environment” (“IT risk is business”). This analysis presents the problem, forms a discussion, and suggests three alternatives. The final section wraps up with a recommendation and conclusion.
No business owner, entrepreneur, or top-level executive manager likes to think of the business he or she engages in is at risk. However, the truth is that information technology has entered each industrial realm worldwide. The propensity is staggering. Obviously, as learned, the factors which may be identified span several areas of risks associated with information technology (IT). Thus, these commerce areas being affected include business, financial, technical, and reputation. While it is true that these aspects represent the basic sub-sectors affected, the list is not comprehensive. Although myriad corporations are plagued with problems, symptoms are different. For example, an internal stakeholder may recognize that the learning software is running unusually slow, when in fact an unauthorized intruder has gained online access to the company’s proprietary learning system-data. In this case study about the Netflix company, some of the key risks shall be addressed and reviewed.
Assume that the employees notice how slowly, or ‘glitchy’ the learning programs have been running for approximately one month. Yet, the employees are hesitant to say anything about the problem because they fear their boss (the owner) of the company will blame them for having done something wrong, and lose their jobs as a result. The real problem however, is that Netflix had failed to use software to effectively test if their streaming content had been stolen. The basis of the real problem is that the owner did not understand or consider IT risks issues in business. According to an important Information Systems Audit and Control Association (ISACA) report, the business-model for IT should be comprise of four major elements, and six dynamic interconnections (“The business model for information security,” 2016). The model lists the elements as organizational design/strategy, people, process, and technology. The owner may have lacked the initiative to train his employees to report issues which should be addressed, when abnormalities arise in the operations process. The key problem, therefore, can spark a chain of negative outcomes in IT risks correlated to finance, technical, and the company reputation. Especially, when thinking about the power of social media, the corporate reputation can be ruined.
Discussion: Analysis & Rank
The identified areas of IT risk aspects had revealed that business, finance, technical, and reputation are the main keys to be vigilant of. In the Business Model for Information Security (BMIS) it matters little if management of the digital-video online streaming delivery Netflix Company is following Porter’s Five Forces model, for the simple reason breaches in informational compromises puts the whole operation at risk. The BMIS, as indicated from the resource, can be visually grasped as a pyramid. At the center is the process, surrounded by the three points – two on bottom support of people and technology – and third at the apex of the pyramid of organizational design/strategy (“An introduction to the business model for information security,” 2009). The graphic model depicts how people and technology, working altogether, are at the foundational base of a business enterprise. This is important since human factors manage how systems theory works, and is implemented. The key analysis, therefore, rests upon the concept that businesses have gone international, as the same aforementioned source asserts, and “as a result of expanding e-commerce capabilities among other issues” often third party external vendors must be involved in proprietary information communications. Obviously, the rank of IT risk concerns must place the business aspect at the top of the roster of concerns, closely following by technical, financial, and reputation. There is overlap, because one would not want to be weak in any of these areas. For example, Ren and Dewan (2015) point out that an entire industry must be examined as to its IT risk analysis, and that although “higher levels of industry regulation are associated with lower IT returns in both productivity and profitability” the move would help assure a lowering of IT risk in any situation (p. 71). If you really think about it, an online streaming video delivery service, like Netflix, exposes it product business at a more likely higher IT risk, given the nature of the environment in which it operates.
Three Alternatives
There are always more than three alternatives available for businesses to change their mode of practices, for improvements. However, the first consideration for our case study company is to completely changes its business model and open a string of franchises of real brick-and-mortar outlets for struggling learners. The enterprise could specialize in offline products for viewers, allow the company to become more adept and fluent. This may not be an option, or direction in which the company chooses to go. The other very important alternative, which is really an additional safeguard to IT risk fraud for the online operations of digitally streamed delivery products and services, is to secure greater financial merits and protection. In other words, the company must protect its income stream, actual IT investment, and accounting practices. To this end scholars Han, Rezaee, Xue, and Zhang, (2016) note that the huge tire conglomerate ‘Goodyear Tire & Rubber Company’ had made errors in the use of its IT automation systems when the corporation had “announced an up to $100 million restatement of its profits from 1998 to the first half of 2003,” therefore impacting its financial risk from auditors making mistakes in integration of technology frameworks (p. 94). When things like this occur, a company owner or consultant to that company, must realize that mistakes are costly. Finances must be enhanced and protected at all times. Also, one can easily see, from the above example, how financial issues and technical ones can easily overlap.
The third alternative has to do with making the owner aware, as a consultant, of his or her options in properly assessing the level of IT investment impact on the organization. Since Netflix is in trouble, it is advisable to have an internal IT expert working exclusively for the company. According to Fox (2016) Netflix financial losses have been effectively reflected in the money markets, their shares having reached market saturation the stock is “down about 14%” at the time of the article writing last month (“Netflix Growth Problem,” 2016). However, in order for this to happen the owner of the business must be clear of the firm’s structure in association with IT investments, and how any options associated can boost added value to the firm. Otim, Dow, Grover, and Wong, (2012) have suggested that “To provide a more complete picture of the business value of IT investments, it is necessary to examine measures of firm performance other than positive financial returns, such as risk” (p. 160). Netflix should have used IT to evaluate ways to choose a change management model. Had this approach been taken, clarification in communication of the needs of the company could have been better discussed between all the stakeholders. As a consultant and advisor, the job could have been more easily clarified. If two parties are unable to clearly communicate the wants, desires, and goals of the company, the situation of IT risk will be difficult to capture.
Recommendations: Course of Possible Actions
The first and foremost course of action, should be to rectify any IT risk security breach which may be in the process, or has already occurred. Fixing the problem of slow response of the Netflix Company to its online, digital streaming interface as becoming outdated, should have been solved the moment estimates reflected a market saturation. Once the technical aspect of the situation is secured, and solved, then the immediate second step is for the company to meet with all employees and deliver clear procedural guidelines for whenever certain situations arise. To operate risk-averse in this new digital-information age of instant electronic communication, and access, means that all business actors and stakeholders must be keenly aware that risks can – and do – happen. One suggestion is to hold regular workshop-meetings for all employees, even if some are working offsite over the Internet from their home offices. Depending upon where all employees are located, tri-annual mandatory meetings in a face-to-face context are not a bad idea, either. In this way, internal members of the firm can be led to recognize the possible dangers/risks to the company, as well as personally. Discretion is everything, as one source warns that “there is a world of difference between calculated risks, taken with foresight and careful judgement, and risks taken carelessly or unwittingly” (“Business risk: A practical guide,” 2012). While it may seem paranoid to some, cautiousness cannot be emphasized enough. Another professional observer argues that “Risk management focuses on identifying what could go wrong, evaluating which risks should be dealt with and implementing strategies to deal with those risks” (“Manage risk,” 2016). Not surprising, Storkey (2011) of the IMF strongly warns of financial risk in business, which common sense tells one is inextricably connected to the world of electronics and IT nowadays.
Conclusion
The size or nature of businesses today does not provide immunity from IT risks. Thus, management and their consultants must be focused on the scope of whatever interests, or operations challenge the firm for cybersecurity threats of all kinds. Lanz (2015) suggests that previous frauds may now be considered major ones, and that financial managers of a firm should combine control and detection as strategies to reduce risk. A basic, typical recommendation for a company is to plan its strategy well, in the first place. In this way, insalubrious engagement might be avoided.
References
Arts Council of Northern Ireland. (2012). Business risk: A practical guide for board members [Data file]. Retrieved from http://www.artscouncil-ni.org/images/uploads/business-support-documents/risk_guide_for_board_members.pdf
Fox, J. (2016, July 19). Netflix has a growth problem. Bloomberg. Retrieved from https://www.bloomberg.com/view/articles/2016-07-19/netflix-has-a-growth-problem
Gill, M. (2012). IT risk is business risk. ISACA – Information Systems Audit and Control Association. Retrieved from http://www.isaca.org/knowledge-center/cobit/documents/cf-it-risk-is-business-risk.pdf
Han, S., Rezaee, Z., Xue, L., & Zhang, J.H. (2016). The Association between Information Technology Investments and Audit Risk. Journal of Information Systems, 30(1), 93- 116. doi:10.2308/isys-51317
Info Entrepreneurs. (2016). Manage risk [Data file]. Retrieved from http://www.infoentrepreneurs.org/en/guides/manage-risk/
ISACA – Information Systems Audit and Control Association. (2016). The business model for information security brochure [Data file]. Retrieved from https://www.isaca.org/Knowledge-Center/BMIS/Documents/BMISBrochure.pdf
ISACA – Information Systems Audit and Control Association. (2009). An introduction to the business model for information security [Data file]. Retrieved from http://www.isaca.org/Knowledge-Center/Research/Documents/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf
Lanz, J. (2015). Conducting Information Technology Risk Assessments. CPA Journal, 85(5), 6-9.
Otim, S., Dow, K.E., Grover, V., & Wong, J.A. (2012). The Impact of Information Technology Investments on Downside Risk of the Firm: Alternative Measurement of the Business Value of IT. Journal of Management Information Systems, 29(1), 159- 194.
Ren, F., & Dewan, S. (2015). Industry-Level Analysis of Information Technology Return and Risk: What Explains the Variation? Journal of Management Information Systems,32(2), 71-103. doi:10.1080/07421222.2015.1063281
Storkey, I. (2011). Operational risk management and business continuity planning for modern state treasuries. International Monetary Fund – IMF. Retrieved from https://www.imf.org/external/pubs/ft/tnm/2011/tnm1105.pdf
