Good Stuff Inc.’s Risk Analysis Essay

Abstract

Good Stuff Inc. faces some challenges as a result of its old POS systems. The old POS systems are always associated with hidden costs and numerous factors. The new system also comes with an additional cost, for instance, the cost of training staff and integrating the new system with the existing systems. Also, the cost of acquiring a new system is slightly higher than the cost of upgrading the existing one. Therefore, it is cheaper to upgrade the existing system instead of acquiring a new one. This essay will analyze the risks associated with the company’s POS system and provide alternative solutions. This will be achieved by exploring different models and concepts and key arguments between authors and their theoretical positions.

Introduction

Company Overview

Good Stuff Inc. is a company based in Bellevue, Seattle. It started as a retail store in downtown Bellevue in 1980. By 1995 the company had grown to have six stores scattered throughout the Seattle area. Good Stuff Inc. established a retail presence on the web in 1998, which has been maintained and modernized over the years. Currently, over 40% of the company’s business is done online.

The company’s website is built on active server pages. The site uses an MSSQL database to store the items for sale and their descriptions and is hosted on two Windows Server 2007 computers running IIS. The database is on a third server. Also, there is a development machine that is used for designing and testing updates to the website. The company is connected to the Internet via Digital Subscriber Line (DSL). Each of the retail sites also has an Internet connection, which is used to report sales data from the Point of Sale (POS) system to the company’s main server. All systems in a location are on the same segment and are configured using the default of 192.168.0.0.

The company’s plan to upgrade its Point of Sale (POS) system last year failed. As a result, it is still using the older POS system purchased in the 1990s and runs on S400 located in each store. In addition to the website and POS system, the IT department has a server that supports the company’s installation of its accounting system. The system has not been upgraded since 2001. The accounting department is hesitant to update it because they are satisfied with the performance of the system and feel that the stress of changing the system will be too great. The essay will focus on risk analysis of the company’s POS systems and come up with probable solutions. Before we proceed, it is important to understand what risk analysis entails.

Risk Analysis

Andrews and Moss (2002, p. 3) describe risk as a probable situation that entails an undesired event or occurrence. Risk management, on the other hand, is the coherent process of identifying, appraising, and minimizing risks. Risk management is also defined as a process through which businesses procedurally handle undesired events or occurrences related to their activities with the aim of benefiting each activity across its portfolios. Therefore, risk management enhances the understanding of probable causes of risks and their impact on the organization (Andrews & Moss 2002, p. 4).

Risk analysis is part of the risk management process. It involves identifying, reporting, and assessing risks. Risk identification focuses on identifying an organization’s exposure to risk and uncertainty. Risk identification demands extensive knowledge of the organization, its market, legal, socio-political, and traditional background (Melnikov, 2004, p. 5). On the other hand, risk description involves the use of the structured format and visual aid to describe risk (Smith & Merritt, 2002, p. 6). Lastly, risk assessment involves attempting to guesstimate the probability of the incident and exposure to risk (Porthin, 2004, p. 4).

Statement of the problem

The company’s failure to upgrade its POS system has been very costly. This is because all credit card transactions are processed directly from each retail site with loose coupling to the POS system where the transaction code is transferred from the credit card terminal. This has proven problematic at times as the transaction codes reported by the POS system do not always match the monthly report received from the merchant services company. The main problem with the old POS system is that it usually runs on the DOS and is not compatible with modern applications. For this reason, it is not possible to adopt new features that can help the company attract more clients and enhance sales.

The U.S. POS system market is dominated by three major companies: Microsoft Inc., IBM, and Radiant Systems. However, rivalry among these companies is comparatively low. This is because the cost of switching POS systems is high, which includes the cost of applications and POS terminals. The new system also comes with additional costs, for instance, the cost of training staff and integrating the new system with the existing systems (Medina, 2007, p. 47). Also, the cost of acquiring a new system is slightly higher than the cost of upgrading the existing one. Therefore, it is cheaper to upgrade the existing system instead of acquiring a new one. Lastly, the main suppliers of the POS systems are manufacturers of POS terminals. Since the manufacturers of these terminals are so many, consumers have a wide range of choices. However, their choices are restricted by the high cost of switching to a new system (Medina, 2007, p. 48).

BMIS model for risk management

There are numerous challenges facing businesses today, for example, aligning information security with the business goals, integration between business and information system, and implementation of new technologies, among others (ISACA, 2010, p. 4). BMIS model enables the IT department to examine the existing technologies from a systems point of view and, therefore, creating an environment where technologies are handled comprehensively and allowing genuine risks to be managed. BMIS is a three-pronged model with four facets (people, process, technology, and organization) and six dynamic interlinks, including culture, governance, architecture, emergence, support, and human aspect. The six interlinks may be directly or indirectly affected by the four elements (ISACA, 2010, p. 13). The model is well illustrated in the figure below.

Good Stuff Inc. is an example of an informal organization where there are articulated policies and procedures, but some decisions are made outside these frontiers. For example, the accounting department is hesitant to update its systems because of fear of the unknown and the stress of changing the system. This has developed into a culture where employees are not in a hurry to abide by the stipulated rules and procedures. This has led to vulnerabilities in the system, as witnessed in the POS system. Therefore, Good Stuff Inc. should develop stringent measures that will ensure that rules and regulations are adhered to.

The company’s processes have not attained full maturity. Even though they are well-defined, they are not properly managed and optimized. On the other hand, the technology being used is quite old. Unless they are updated, the company cannot enjoy the benefits of modern applications—the technology range from the system used to the general IT infrastructure. Also, people (employees) within the organization are considered essential elements, particularly during the implementation process.

For this reason, the company should pay more attention to the recruitment and selection process to ensure that only qualified and competent personnel are hired. This is because unqualified and incompetent personnel usually tend to ignore or are unable to accept existing policies and procedures. Failure to upgrade the POS system was probably a result of incompetence. Moreover, the accounting department is not currently ready to upgrade its system.

Alternative solutions

Contracting cloud service providers

If the cost of maintaining an in-house system is high, the company can contract cloud service providers. Cloud computing is a term derived from how the wide-area network (WAN) and the Internet have been drawn as a cloud in the network diagrams. Cloud computing is simply a system that facilitates shared computing resources. The term resources refer to networks, servers, applications, services, and storage. It is a method that involves outsourcing computer resources with the potential for expendable enterprise scalability and on-demand provisioning (Catteddu & Hogben, p. 21).

Cloud computing offers a variety of deployment methods and, therefore, numerous benefits to the users. The benefits include economies of scale, which leads to reduced costs of information technology infrastructure. Secondly, it has low maintenance and administration costs. It also offers other benefits, for instance, access to dynamic and scalable computing and capabilities based on demand (Catteddu & Hogben, p. 21). Cloud computing also offers easier data monitoring and lower costs of security measures, and quick incident response. Other benefits include easier group collaborations and universal access to computing resources. In a nutshell, cloud computing enables small businesses to reap vast benefits without necessarily installing the physical infrastructure (Catteddu & Hogben, p. 22).

Shifting to “retail-hardened” POS system

Another alternative solution is acquiring POS systems that are “retail-hardened” and can last for a very long period, for instance, the IBM POS system. Due to the exceptional quality, IBM systems tend to last longer and have an exceptional resale value. Additionally, IBM POS systems can be used for over 20 years. However, the cost of switching to another system may be an impediment to acquiring a new one. Also, IBM systems are not compatible with many POS applications used today (Streicher, 2009, p. 2).

Extra staff training

Last but not least, the company’s employees need additional training on the current IT infrastructure and applications, for example, the Smartphone-based POS systems. This is because people within the organization are considered the most critical element, especially during the implementation process. Additional training will help them acquire more knowledge and appreciate the benefits associated with the current technologies (ISACA, 2010, p. 24).

Recommendations

Good Stuff Inc. should tackle its set of challenges by creating an attractive POS environment. This requires a clear and holistic plan. The plan should involve the following steps:

• Restructuring the POS architecture at retail stores to enhance transaction speed and meet consumer expectations.
• Defining different operational based improvements in line with applications and infrastructural aspects. The improvement plan should involve planning, execution, and evaluation process.
• Establishing cross-functional collaborations between the IT department and other departments within the organization. This will enhance knowledge sharing and additional training, which set the path for further improvements.
• Lastly, the restructuring process should involve a three-year plan for retro-fitting IT infrastructure and applications to enhance customer experience and sales volume.

Conclusion

Good Stuff Inc. faces several problems as a result of its old POS systems. The company’s plan to upgrade its system failed last year. For this reason, it is still using its old system despite the problems associated with it. However, the cost of switching POS systems is substantially high, which includes the cost of applications and POS terminals. Also, the cost of acquiring a new system is slightly higher than the cost of upgrading the existing one.

Therefore, improving the existing system still remains the most viable option. However, the improvement process requires a holistic road map. This involves the restructuring of the POS architecture and applications and cross-sectional collaboration between the IT department and other departments within the company. The process should be based on a flexible architecture that allows for future improvements or upgrades.

References

Andrews, J. D., & Moss, T. (2002). Reliability and Risk Assessment. London, UK: Professional Engineering Publishing Limited.

Catteddu, D., & Hogben, G. (2009). Cloud Computing: benefits, risks and recommendations for information security. Heraklion, Greece: European Network and Information Security Agency.

ISACA. (2010). The Business Model for Information System. Rolling Meadows, IL: ISACA International.

Medina, A.H. (2007). An Analysis of Market Development Strategy of A Point –of-Sale Solutions Provider’s Market Research Database (PhD Thesis. Simon Fraser University, British Columbia, Canada).

Melnikov, A. (2004). Risk Analysis in Finance and Insurance. London: Chapman and Hall.

Porter, M.E. (1980). Competitive strategy: Techniques for analyzing industries and competitors. New York: Free Press.

Porthin, M. (2004). Advanced case studies in risk management. Helsinki: Helsinki University of Technology.

Streicher, P. (2009). Why Retailers Should Replace Old Point of Sale Systems Now. San Diego, CA: Salepoint Inc.