Assessing Organizational Readiness – Case of Flayton Electronics

Critical success factors

It is aptly observed by Moohebat and Jazi (2010) and Ika, Diallo and Thuillier (2012) critical success factors are the conditions. Variables and organizational principles which guarantee success when their best practices are achieved at the organizational or industry level. Ika, Diallo and Thuillier (2012) discussed five critical success factors. The first CSF was monitoring in which the authors argue that monitoring process must be continuous, at multiple levels and the organization must analyse and take action on the information drawn from the monitoring process.

In the case study, Sergei’s department must be scrutinised to establish the efficiency of the monitoring process. Brett is surprised that the company was not compliant with payment card industry (PCI) standards. There ought to have been a mechanism to monitor the program that Sergei was in charge. The company was compliant with PCI by 75%. A monitoring mechanism should have briefed the CEO much earlier. There is indication that the understanding of the CEO on PCI is not as strict as he thought. The existence of a disabled firewall that work with the inventory control system is also a function of poor monitoring mechanism. In essence, the IT section requires a systems audit. The fact that Sergei points out that peer companies were more vulnerable does not justify failure to comply and the possible security breaches. The second CSF was coordination. Coordination looks at inter and intra linkages of information of the organization. The organization must be able to coordinate sections, units and departments within the organization. Further, the organization must coordinate with the external entities such as support systems, collaborators and competitors. The top management team of Flayton met to come up with a common position over the matter. Each of the managers gave their view about the situation and this was not only important to the chief executive, but to the rest of the team who got a deeper scope of approach to the situation.

Read also Flayton Electronics Risk Management Plan

The third Critical success factor is the design. This refers to the structural and principled paradigm of operation. It is the super structure of the entity.  The design of the current system of Flayton is complex and much susceptible to threats. From the surface, there is Flayton, the Bank, the customer and the security agency. The Union Century Bank has many employees and it has the responsibility of putting structures in place to prevent leak of information on data. Similar design is needed at the Flayton IT department. When the CEO passed at the IT section, many employees were busy on their machines, and he observed that it was difficult to know who and when data would be leaked. Therefore, in the light of  Burgurcu, Cavusoglu, and Benbasat (2009), Heinzl et al. (2012), and Liang, and Xue (2010) the security policy of an integrated system must be designed to permit discrete access to information. Multiple of people and monitoring mechanism are involved. The design should be such that no one single employee should be able to access all the information about the customer.The fourth CSF is training.

The staff and the employees must demonstrate excellent competence in their jurisdiction and portfolio. The fifth CSF as noted by Ika, Diallo and Thuillier (2012) is institutional environment. Organizational environment encompasses the government policy in the industry, competitors, investors, and customers. The environment affects the identity of the company, the brand, and cost of financial transactions. Gates (2010), Ika, Diallo and Thuillier (2012), and Ganesh and Mehta (2010) systemized CSF dating back from the work John F. Rockert in 1979. The authors showed that CSF had enabled organizations to overcome crisis, analyze, and synthesize organizational problems.  It is detailed by Heldman (2005), Hillson (2009), Association for Project Management (2008), and Project Management Institute (2013) are categorical that transformation of Critical success factors from organized ideas and concepts to an institutionalized set of principles has led to its wide application in management.

Against this backdrop the current crisis at the Flayton Electronics requires a multi dimensional approach in analyzing the possible solutions to the problem. The management faces a dilemma on the decision that should be made regarding the cyber security breach. Brett is depending on the portfolio performance of the company to make decisions that are verified, honest, and contrite. The organizational portfolios on the spot in the case are Loss and prevention unit, security, legal, public relations, Information Technology and Human Resource.  The managers are mulling over the cause and effects of the current situation. CSF helps the managers synthesize the case into simpler components. The components are then analyzed to establish the relationships, trends, and clues that point towards the cause of the problem and possible solution.

Project benefits, organizational readiness, and risk culture of Flayton Electronics

Flayton Electronics succeeded in developing trust in its customers and investing in charities which impacted the society positively. This is reflected in the photographs of the people who benefited and find a special identity with the company. They are displayed on the wall across Brett’s office. The company benefits by having customers form different states. This helps in market segmentation and organizational positioning when expanding the outlets and in targeting potential customers. Creating a long term customer – Brand identity is advantageous when the quality of the products and services are key attractions of the customer (Ganesh & Mehta, 2010).

There is no indication that Flayton Electronics has suffered a major risk threat before. The top management exudes in depth technical knowhow and analysis of the situation but their expertise has not been linked to the context of the company. This is especially by considering whether Sergei, Brett, Sally O’Connor, Huntington, and Laurie have ever been in the company in crisis similar or related to the present. This is an indication that the company may have employed competent personnel in critical portfolio, but they have not been tested in related situations at Flayton to determine their ability to handle risk. Govori (2012), Burgurcu, Cavusoglu, and Benbasat (2009) and Heldman (2005) hold the opinion that organizations establish strategies that can manage risks by putting in place systems and also taking the systems through a series of tests to establish its robustness.

Three project risk recommendations

In the light of Burgurcu, Cavusoglu, and Benbasat (2009), Heinzl et al. (2012), Warkentin, and Willison (2009) and Liang, and Xue (2010) recommend that organizations ought to develop a cyber security policy. The policy would describe the nature of technologies and the design of its use. The policies also stipulate the costs of failed system and the consequences of security breach to the people who are responsible. Security policies guide the employees on the action to take in case they detect threat to the system. the policy also deals with the attitudes of the employees on information security, work experience, previous incident exposure and exposure of the employees to such situations in the previous security threats (Ganesh & Mehta, 2010).

Read also Preparing A Risk management plan

It is also recommended that CSF on security risks must be informed by empirical principles and scholarly theory. Design and implementation of complex technologies in complex systems may be designed basing on the General Deterrence Theory (GDT), Decomposed Theory of planned behavior (DTPB), Theory of planned behavior (TPB), and protection motivation theory (PMT). Each of the theories informs specific security risk objectives that Flayton electronics would prefer. For instance security policy compliance is may be designed by employing TPB, DTPB, and PMT. Besides concentrating on the strategic complex algorithms for data security, there must be an even broader approach by invoking principles on human behaviors and organizational culture. Theories and empirical principles are poignant in institutional management because they are systematic, founded on verifiable constructs, predictive and they offer a broad scope of systems component interrelatedness. A study of individual and organizational behavior is significant in detecting potential threats to the set systems. In the case of Flayton Electronics, the detectives will not only analyze the complex programming and algorithms of the technologies but they will also analyze the behaviors of the employees who had left the company. The behaviors of the current employees will also be put in perspective (Hillson and Simon, 2012; Burgurcu, Cavusoglu, & Benbasat, 2009; Heinzl et al., 2012; Warkentim & Willison, 2009; Liang, & Xue, 2010).

The other recommendation is linking the critical success factors with the components of related and institutionalized project management plans. For instance the strategic plan closely influences the manner in which the Critical success factors are applied to the situation in the company. Trkman (2009) observes the CSF in the light of Business Process Management (BPM) while Gates (2010) discussed CSF in terms of strategic planning and Ganesh, L., & Mehta, A. (2010), and Moohebat, M.R., Jazi, D.M. (2010) looked at how organizations employ Effective Resource Planning and CSF. Association for Project Management (2008), Project Management Institute (2013) and Hillson (2009) added that institutionalized management programs and concepts help in reducing the risk by providing critical variables for analysis. Critical success factors can be analyzed to determine the potential risk of the stolen data in terms of risk as an event or risk as a project threat.

Initial category of risk using example risk checklist

As observed from the list of Hillson and Simon (2012), Flayton Electronics is susceptible to the four levels of risks; technical risk, management risk, commercial risk, and external risk. Technical risk constitutes estimates, assumptions, constraints, technology, technical interfaces, technical processes, safety, security, test and acceptance, performance, and design. The company is at risk because it is not known how the system was hacked and at what point is it hacked and the degree of information that was got from the system. The hacked data can be used to access other details of the customers and other details of Flayton electronics. Given that the number of affected customers is above 1500 and uncertain, the risk could be greater. Already two potential technical errors have been noted. The company is not PCI compliant and that there is a disabled firewall that is linked to wireless inventory – control system. There is also a possibility that the employees who left the company may have given out critical details on how the technology functions. It may not be ruled out that there could be an internal threat from the employees who access the system while on job. Even more wide, the breach could be at the bank and card transaction level. In this respect, both the employees and the technical system need review. The technical review should employ constructs such as system susceptibility, severity, threat, cost, efficiency, behavior, system interface, and algorithmic design (Hillson and Simon, 2012; Burgurcu, Cavusoglu, & Benbasat, 2009; Heinzl et al., 2012; Warkentim & Willison, 2009; Liang, & Xue, 2010).

Hillson and Simon (2012) also looked at the management risk in terms of quality, reputation, information, portfolio management, resourcing, and organization. By the end of meeting of the top management team, all the management risks had been explored. The CEO has to make a determination on when and how to communicate to the people who may be affected. This will rely on the possible consequences whether he communicates now or later when vital clues come up. This paper notes that the person who is responsible for the breach should communicate to the clients. If the breach occurred at the transaction level, the bank should communicate directly with the clients. Until the entity responsible for the breach is determined, the crisis should be a secret of the top management.

Hillson and Simon (2012) points out commercial risks that affect Flayton Electronics; contractual terms and conditions, sub-contracts, client customer stability, and partnerships. The HRM has already reported the details of the employees who left the company and this point to the terms and conditions of hiring or letting and employees leave the company. The ethics of the company and the managers require honesty and straightforwardness. The employees of the company are also required to observe or be taken through a system that sustains ethical practices. If the competitive advantage of the company is anchored on trust the current situation may affect the relations, but if it is founded on the nature and quality of services the damage will be managed faster (Hartman, & Desjardins, 2011; Yaraghi, & Langhe, 2011).

Hillson and Simon (2012) details external risks at various levels. In the light of the current crisis, the major risk is at the completion level. The competitors may take advantage of the situation and woo the customers to their outlets. Also the competitors may inform the public about the situation.

You can order a plagiarism free paper at an affordable price.

Share with your friends
Order Unique Answer Now
Get Up 50% Discount on Your First OrderUp To 50% Off Your First Order Due in Less Than 48 Hours

Grab this first time Discount, and save up to 50% on your first Order Due in Less Than 48 Hours.