Thursday, 12 April 2012

Contracts for Online Businesses

Week 5

“In light of the unfair contracts laws, do you think that a web operator should be able to change the terms of use of their website without giving users adequate notice? Consider the practicality of such a requirement for the website operator, balanced against the rights of the web site user.”

Based on our discussions regarding the new unfair contract term legislation, I have been examining if web sites should be able to change their terms without notice to its users. It may be necessary to change the terms of a contract, if it does not cause an imbalance between the parties' rights, is a necessary term, and not cause detriment to a party, as outlined by Australian Competition & Consumer Commission (2010). However I believe notice is required to comply with the offer and acceptance element of a contract.

For example, I use professional networking site Linkedin which uses a browse-wrap style of contract were a hyperlink of the conditions is posted, compared to a click-wrap which requires users to agree to the terms before use. The conditions on Linkedin (2011) highlighted in Figure 1, state that changes are communicated to its users through alerts on their websites and email associated with accounts. I find this a very useful approach, however it may be ineffective to individually contract its 150 million users. Lastly there are enforcement issues with browsewrap website as users may not be aware of the condition, nonetheless, the Register.com Inc v Verio Inc case provides relief as enforceability depends on the regularity of use which, for a networking site, is very regular.

Figure 1 - Linkedin User Agreement, Notifications and Service Messages
Reference List:

Australian Competition & Consumer Commission. (2010). Unfair contract terms. Retrieved from: http://www.accc.gov.au/content/index.phtml/itemId/930021

Linkedin.com (2011, June 16). User agreement. Retrieved from: http://www.linkedin.com/static?key=user_agreement&trk=hb_ft_userag

Jurisdictional Issues and Importance for Business

Week 4

“(What are the jurisdictional issues? Why are they important?)”

In light of jurisdictional issues faced with the Megaupload case, I think it highlights the importance of assessing how jurisdiction affects the online operations of businesses. In the Megaupload case allegations of copyright emerged as the US moved to arrest Kim Dotcom in New Zealand.  The US claimed jurisdiction as Megaupload has storage leased in US data centres (Winterford, 2012). However, according to the case of Dow Jones & Co Inc v Gutnick (2002) 194 ALR 433, the ‘hurt’ is world-wide as the copyrighted materials may have impact anywhere. The US may be granted jurisdiction based on the large number of film studios and record company which reside in California and whose revenue was affected.

Jurisdictional issues are important to businesses operating online to determine where disputes may be resolved. I purchase goods online from the US and to mitigate the risk of jurisdictional issues, the company sets conditions which I have to approve before purchase. One example is Shopbop.com whose conditions, as highlighted in Figure 1, state that Washington laws will govern disputes (Shopbop.com, 2012) even though, according to the Dow Jones & Co Inc v Gutnick (2002) 194 ALR 433 case, the dispute may come under Australian laws as the ‘hurt’ will lie with me as the place where the page is downloaded.

Figure 1 - Shopbop.com Conditions of Use, Applicable Law
Reference List:

Shopbop.com (2012, March 20). Conditions of Use. Retrieved from: https://www.shopbop.com/ci/aboutShopBop/conditions.html

Winterford, B. (2012, January 23). Four key questions from the ‘Mega conspiracy’. ITnews for Australian Business. Retrieved from http://www.itnews.com.au/Tools/Print.aspx?CIID=287823 

Application of the COBIT 4.1 Framework

Week 3

“(Do you agree with the business owner’s views? If you were advising a small business about IT Governance, risk assessment and fraud, what would you recommend in relation to COBIT 4.1? How does this case demonstrate the accuracy (or not) of Cressey’s fraud triangle? Provide researched reasons for your answer.)”

Based on the case study presented, I have identified typical issues which small businesses face with IT Governance, my analysis can be found here. Firstly I believe that governance is important for small businesses as the consequences of IT risks are tragic. According to Warfield (2011) there have been cases where small business had to close because of fraud. In my experience I have witnessed a small company which suffered IT risks and alleged fraud when integrating a new accounting system and hired new accounting staff.

In the case study and my experience, both companies lacked proper IT Governance and there was evidence of little internal controls. The following COBIT 4.1 (2007) control objectives are applicable to both scenarios.
·         PO4.11 – Separation of Duties
·         PO7 – Manage IT Human Resources
·         PO9 – Assess and Manage IT Risks
·         DS4 – Ensure Continuous Service
·         ME4 – Provide IT Governance
From observation, I recommend the owner develop an understanding of risks and review these objectives to develop a framework to mitigate the occurrence of risks. Additionally I recommend the implementation of controls such as internal audits and audit trails, red flags and separation of duties.

Cressey’s model of fraud highlights that people commit fraud because of the opportunities which companies provide. This company exposed themselves to the opportunity of fraud occurring through the lack of controls and the owner’s lack of awareness of risks. Additionally the fraudster was under pressures, highlighted here, and was able to commit the fraud because she was able to rationalise her behaviour.

Reference List:

COBIT 4.1 (2007). COBIT 4.1: Framework, control objectives, management guidelines and maturity models. Retrieved from www.isaca.org

Warfield, B. (2011). Fraud in Australia. Retireved from: http://www.warfield.com.au/Bookkeeping_Fraud_in_Australia_2005-2011.pdf

Benefits of the COBIT 4.1 Framework

Week 2

“The use of COBIT 4.1 (or any other IT Governance framework) simply creates a great deal of work for an organisation and yet may provide little benefit. (In light of what you have learnt, intuitively know, and/or have read to date on the four domains of ITG and the online environment businesses operate in, discuss this statement.)”

I have been thinking about the importance and application of the COBIT 4.1 framework in light of the Brisbane floods of 2011. Van Grembergen and De Haes (2008), have identified that COBIT provides a generic criteria which can be applied to any organisation. COBIT 4.1 recommends four domains which are universal and the set of control objectives provide an outline of procedures for any organisation. However Rudman (2008) highlights that COBIT can be resource intensive and costly to implement.

For those businesses affected by the floods, many were struggling after their IT systems were destroyed (Rasmussen, 2011). Contingency planning could have minimised the loss as a result of the floods. Control objective DS4 – Ensure Continuous Service, (COBIT 4.1 2007) can be applied by businesses to prepare for disruptions to their daily trading. DS4 highlights the requirements of contingency planning in case of natural disaster and backing up. My mother’s workplace was affected by the floods and while only minor damage occurred, they had to cease operations and evacuate their IT equipment to ensure the safety of their data. In contrast other affected businesses suffered losses on average of $834,992 in lost inventory, income and productivity (Moore, 2011). Therefore a framework for governance should be implemented as I believe the consequences are costly compared to the costs of implementation.

Reference List:

COBIT 4.1. (2007). COBIT 4.1: Framework, control objectives, management guidelines and maturity models. Retrieved from www.isaca.org

Moore, T. (2011, February 3). Flood losses batter Brisbane businesses. Brisbane times. Retrieved from: http://www.brisbanetimes.com.au/business/flood-losses-batter-brisbane-businesses-20110203-1aff9.html

Rasmussen, D. (2011, January 19). Free and discounted IT gets flood-hit Queensland businesses back online. Intrapower.com.au. Retrieved from: http://www.intrapower.com.au/IntraPower_Flood_Press_Release.html

Van Grembergen, W., & De Haes, S. (2009). Enterprise governance of information technology. doi: 10.1007/978-0-387-84882-2_5

COBIT 4.1 Framework for Small Businesses

Week 1

“IT Governance is an issue that is most relevant to large businesses with many divisions, a large IT department and considerable IT assets. Large businesses often have more difficulty controlling their IT activities. The COBIT framework, as a governance tool, is most suited to large businesses and is not ideal for small to medium businesses – that is, it is a luxury they do not need and cannot afford. (Do you agree with the above statement? Provide reasons for your answer.)”

In the previous weeks we have been discussing IT Governance and its importance for businesses. I use technology for university, work and day-to-day living, similar to how most organisations and individuals do, and governance over such technologies can mitigate the occurrence of IT risk. I recently experienced USB failure and lost my current university work, however because of adequate back-up procedure in places, as outlined by DS11.5 - Backup and Restoration (COBIT 4.1, 2007), I was able to recover all lost files. I believe for small businesses back-up issues can be a major risk as they lack large IT infrastructure and IT assets. Moreover, back-up issues were a major risk during the Brisbane floods of 2011. However I found that off-site storage such as external hard-drives and 'the cloud' can be used to back-up, store and restore data.

Applying the COBIT 4.1 framework to small businesses can present issues due to the complexity of the framework and as small businesses do not operate in the same boundaries as large organisations do (Devos, Landeghem and Deschoolmeester, 2012). However Rudman (2008) highlights that a smaller version of COBIT 4.1 can be implemented for small businesses. Based on the basic control objectives of the four domains of COBIT 4.1; plan and organise, acquire and implement, deliver and support and monitor and evaluate, I believe that IT risks can effectively be minimised.

Reference List:

COBIT 4.1. (2007). COBIT 4.1: Framework, control objectives, management guidelines and maturity models. Retrieved from www.isaca.org

Devos, J., Van Landeghem, H., & Deschoolmeester, D. (2012). Rethinking IT governance for SMEs. Industrial Management & Data Systems, 112(2), 206-223. doi: 10.1108/02635571211204263

Rudman, R. (2008, April) Demystifying COBIT. Accountancy SA. 22-24. Retrieved from: http://search.proquest.com.ezp01.library.qut.edu.au/docview/215225161