IS351_Identifying_IT_Project_Risks
The five potential risks for this new project that I think they may encounter is Positive Risk, Resistance to change by employees/students, Fraud, identity theft, hacking or phishing, Accidental wrong information and Accessibility. The first one I call a positive risk (this is referred to as the risk that we initiate ourselves because we see a potential opportunity, along with a potential for failure.). It’s the process of teaching the students and or teachers how to use the program. This is positive because the program is supporting them to take control of their own human resource information. This will help after the program reduces the number of HR employees needed. There can be some risks because it has to do with the fact that the program is online. Not everyone has the savvy computer skills to find their way around the website such as older employees. They may never have used a computer for tasks other then word processing or spreadsheets. Then for those personnel with weaker computer skills who might be hesitant to use the program. To help improve efficiency the Human Resource will need to set up training or conferences where the employees and students will be taught step by step how to access, use and manage the new system. As well, there will be a role out phase, where there will be Human Resource staff on hand to help out when needed. For those people who still have concern, there will always be someone in HR who can help at any time. The next potential is resistance to change by employees and or students. I think this is a positive thing because the program is supporting the employees and or students to take control of their own human resource information. But then again this could be a little difficult because of the people I call “non-flexible”. These are the type of people who get used to a certain way of doing things and it might be hard to change their behavior. If an employee is used to a procedure which they have been doing for as long as they can remember, then there will be a certain degree of resistance. There may be some people who might not believe that the system is reliable or safe and they would much rather speak to a person on the other end of the phone rather than do it online. This where training sessions will work very well. Having a person who understands the system well can be appointed to where anyone in their department can go see them if they have problems. I think this will make the people feel more secure because there is a human who can help them. Even though the program is high tech, it’s good having a human available to help easy their anxieties. Also having literature available regarding issues such as safety and privacy for participants to read and understand will help. The next potentials I consider as negative risks. The first one is fraud, identity theft, hacking or phishing. There are enough risks done when things are done online without having to worry about fraud, identity theft, hacking or phishing. People can steal identities with all of their personal information. This can lead to stolen identities, stolen credit and more. A common thing people forget to do because of one reason or another is not locking their workstation (computer). If a person does not log off of the system from a public computer, or leaves the page open on their work computer, anyone can steal private information. To help combat this, the program needs to have the highest level of policies and security. These will help prevent a hacker from assessing the webpage when data is submitted. It should have the same level of security as companies that make financial transactions at least. The program should be password protected as soon as the screen saver comes on and go into the screen saver mode after a short time has passed if there is no activity. Creating a password encryption program to fit the different levels of identification will be needed. Creating flags in the exchange server will help prevent phishing and fraudulent emails. The next negative potential risk I call accidental wrong information. This is when people enter the wrong information wrong accident. This can cause hardship on a person messing up their taxes or even their pensions. When a person receives and enters information by phone, they confirm the information and repeated it back to the user allowing the user to ensure the information was done right. Not all of the computers programs ask you to confirm your information. By sending a confirmation email to the person recording the changes every time they make a change to the system they can then review the changes and make sure that everything is ok. If they find an error then they can go back and make the correction(s). The last potential is accessibility which could cause the program to fail. Some people may not have access to a computer, but may have access to a phone. They might have students who have older computers that would not be able to handle the complexity of the system or they might not have computers at all. Due to privacy concerns, people might not be willing to input personal information at places that offer free (unsecure) WiFi access. The employee’s workstations may be out dated preventing them being able to handle the program. Some employees may not have access to a computer. If they setup a call center, the managers may have access to a computer, but the telephone operators may not have their own computer. If everyone doesn’t have access to the system it would cause Human Resource to keep many employees to take calls. They could set up computers around campus and or around the company where the employees and or students could “only” access the local system. Then there is no excuse for even part time employees, part time students or those without a computer to access the system.