Week 5 - Contract Terms of Use

ASIC has recently amended new laws that state that courts now have the power to decide whether a particular term in a contract is ‘unfair’ to one party. It can then deem that term void and non-binding. This is a step from ASIC to make companies more accountable for the standard consumer contract forms they supply. Many have stated that an important step, in light of this new crackdown, is to make the terms as transparent and accessible as possible.

This transparency has been a major issue in the United States of late also. There have been numerous examples of problems arising when sites change their terms of use to bring in a major user rights change, without giving adequate notice to users, Facebook for example.

So in light of the recent crackdown by ASIC on terms in a contract, what is a fair amount of notice? There will always be a trade-off between user’s rights, and the practicality for the website operator. In spite of this, however, I do believe it should be the case that, upon trying to access a website, a pop-up would require an agreement to new terms before use of the site. This would mean, without a doubt, users would know of their terms before use. While it may be slightly onerous for the company, I believe a user rights heavy approach such as this is the best way.

230Words

http://writ.news.findlaw.com/ramasastry/20090324.html - Facebook T&C Changes
http://www.hwlebsworth.com.au/latest-news-a-publications/publications/competition-and-consumer/item/907-unfair-contracts-accc-to-bring-test-cases.html - HWL Ebsworth Analysis
http://pub.bna.com/eclr/0675424_071807.pdf - US Case
http://www.asic.gov.au/asic/asic.nsf/byHeadline/Unfair-contract-terms-law?opendocument - ASIC Laws

Week 4 - Megaupload

Recently, employees responsible for the file sharing website MegaUpload were arrested due to authorities believing that MegaUpload utilised various incentive programs and other methods to promote the illegal distribution and sharing of copyrighted material.

The controversial point about this case is how the arrests occurred. New Zealand police, in Auckland, arrested employees, citizens of various European countries, on the basis of warrants issued by the United States. The United States are requesting that the individuals now be extradited to the US to face their charges, on the basis that the company leased servers in California.

So the question is raised about jurisdictions. Where were the crimes committed? Which country can charge those responsible? How far can their judicial powers spread? New Zealand extradition law states that those responsible could only be extradited to the US if the wrong was committed on US territory. Since the crime was committed ‘in the clouds’, everywhere and nowhere, I don’t believe this is really the case.

The results of this case may have far reaching effects, as it will establish just how far countries jurisdictions can reach, and for what reasons. It will set a precedent for these cloud based websites and any crimes they may commit. In any case, I believe international treaties and laws need to be rewritten to keep up with the ever changing and expanding online world.

224 Words

http://www.itnews.com.au/Tools/Print.aspx?CIID=287823 - Analysis of Issues
 

Week 3 - Boutique Technology

There has been some cases of fraudulent activities at Boutique Technology (BT), involving payroll and software products. I found a number of practices that could have contributed to these actions as summarised in the table below:

Management has little regard for policy	Rationalisation that if CEO is policy-adverse, he is deserving
Low base pay, big bonuses	Incentive to take short-cuts to make bonus targets
Only one staff member each for accounting, finance & HR	Opportunity for fraud due to no checking or segregation
Focus on low cost output	Pressure to keep time spent low leads to short-cuts

 

I have prepared financials and tax returns for a small company (<10staff), who, to keep costs low, had one person paying and recording all bills and payroll, like in BT. We found a discrepancy in the accounts, and upon looking into it, the client found out that the accounts staff was making payments out to her son’s bank account.

In regards to the above problems, to prevent future fraud, using COBIT practices, I would do the following:

1.      Monitor and evaluate internal controls more effectively in regards to payroll

2.      Implement an IT system that would help raise ‘red flags’

3.      CEO to emphasise improved policies and procedures to staff

4.      ID all inherent risks in the business and seek to implement IT systems to help improve these

 

220Words

Week 2 - WhizBiz Pty Ltd

Whizbiz Pty Ltd (WB) deals extensively with online trading and customer detail databases. The risks inherent in this kind of operation are large, with internal and external fraud opportunities presumably widespread. And yet, the director is taking a negative approach stating that COBIT is too much work for too little benefit, and that it is a ‘one size fits all’ framework, which may not be appropriate.

Focusing on risks alone, WB’s biggest problem in my opinion, one of COBIT’s main objectives is to reduce risk, and the framework would help identify and put in place measures to counter the potential fraud or theft problems. We know that if customer’s details were stolen, or if online theft occurred, the costs to WB would be massive.  The initial and ongoing cost of implementing a framework such as COBIT would be negligible compare to this.

Another point to make is that the domains outlined in COBIT focus on control, rather than the actual execution.  The user is encouraged to simply pick those parts relevant to them and put in place the appropriate measures. The focus of the four domains, and their processes, and COBIT in general, is to help the user implement an effective strategy for their organisation, rather than inform them what they should or shouldn’t be doing.

216Words

Week 1 - ITGC

To meet its corporate plan, it is essential for an organisation to put in place three elements; the people, finance and a properly designed IT system. Whether it is online trading, data storage, communications or simply computerised bookkeeping, IT is a major aspect, and so, I believe, it needs to be controlled and governed accordingly.  In order to do so, a governance framework such as COBIT is important and useful to aid in proper set-up and implementation of IT strategies. Indeed, the goals set out in COBIT are to ensure that the enterprise’s IT sustains and extends the organisation’s strategies and objectives.

COBIT provides users with a framework; a set of practices, guidelines and measures that, when implemented, aim to benefit the companies IT systems across five different areas:

1.      Strategic Alignment – Aligning IT with organisation as a whole

2.      Value Delivery – Enables the business and maximises benefits

3.      Risk Management – IT risks are managed appropriately

4.      Performance Measurement – Accurate feedback on operations

5.      Resource Management – IT resources are managed appropriately

 

As you can see, a proper IT system such as COBIT will encompass all areas of IT with the forefront goal of aligning IT operations to benefit the organisation as a whole, and help meet plans and objectives.

209Words