Managing Compliance And Risk In Organizational Transformation

Identify and Analyze Compliance Risk

Organizations are always used to perform different activities in the industry aiming to serve the community and achieving their main goals in the market. Achieving organizational goals and objectives are not attained with a steady movement of doing things inside the organization, therefore changes are encouraged in the way of doing things. These changes are called Business transformation and they need to be planned well according to compliance requirement and evaluating and potential risks to occur in the process (Turetken, Elgammal, van den Heuvel & Papazoglou, 2017).

Therefore, these changes involve a drastically, fundamental transformation and not incremental changes. These changes may affect the business structure in the organization, traditional culture being practiced in the organization, and hierarchical structure, all these are influenced by the changes. An organizational transformation may be originally generated by the significant modifications from inside or/and outside of the organization. For all these transformations to happen whether internally or externally, the organization’s stakeholders are required to be aware through providing clear and sound communication process in the organization. The flow of information within all parties in the organization will help to ensure that all roles and responsibilities, codes of conduct and guidance support are being adhered to and avoid any necessary risk to occur (Schmidt, Bartsch & Oberhauser, 2018).  

In this paper, two main issue will be discussed concerning the business transformation plan. One is, identifying and evaluate both internal and external risks and compliance requirements required for the business experiencing transformation in the organization. The second issue to discuss is, how to develop communication techniques which will make all organization stakeholder being aware and therefore, adhere to the compliance requirement inside or outside the organization which is related to the organization transformation schedule.

Is very important for the organization having a transformation plan to identify and analyze compliance risk according to the organization requirements. These requirements will depend on the organization’s transactions, codes of conduct and roles and responsibilities of the stakeholders in the organization (Maxwell & Anton, 2017). These compliance regulation risks are divided into two branches: internal and external compliances risk. The following is the description of each category.

This sector discusses many risks which affects the business internally while making the internal organization transformation plan (Liverant & Scodel, 2018). This risk includes physical entrance policies, virtual access, password protection, security updates, virus protection, emergency response, business continuity, medial removal, risk analysis and Audits and reviews (Ghose & Koliadis, 2018). In this paper, two risk compliance will be discussed.

• Password protection. Most organization are successful today in the market due to the use of digital and modern systems. These systems contain vital information for the business to grow and survive like, developed strategies waiting for implementation in the future, are formulated and stored in the organization system. Some system in the organization is vital and should not be accessed by every stakeholder without permission and a good reason (Baud, Frachot & Roncalli, 2018). For example, the Accounting and Finance system is not supposed to be exposed to anyone inside the organization. Should be assigned only to the specific team. This team and the management are supposed to protect the system password and be private not a public password. Also, this can be achieved by setting the password requirement in the organization. These requirements are: password must be changed frequently, must use character specifications, the system should be set in a way that is able to block after few attempts of unsuccessful login and other requirements on how employees will handle the password. However, using password protection and following these requirements will reduce the risk of interfering with the organization’s credential data.  
• Virus protection. The virus is very dangerous programs if attacks the organization system. Therefore, the virus can be said to be malicious code or program designed to alter the normal performance of the computer and has the ability to migrate from the computer system to another. The virus is used to attach itself to the genuine programs which support macros, therefore, being able to execute its code. A virus is a risk since, if they attack the system they manipulate the system data and results in the execution of irrelevant results to the organization. The system can get or spread the virus through different ways like through emails and message attached, downloading files from the internet, scam links from social media and use of mobile devices in the system (Shahrear, Chakraborty, Islam & Habiba, 2018). This virus can be noticed using symptoms like window frequent pop-up, alternation of computer homepage, frequent crashes, when computer performance is very slow, initiatives of unknown programs when the computer is turned on and unexpected operations like password alternation without your notice. The organization is supposed to set requirements to deal with virus detections and the means which management and employees will protect the system in case of risk or before the risks attacks the system. By doing all this will reduce virus risk in the organization risk. The organization is required to know various types of virus and means to do away with them. This can be achieved through the use of antivirus products which are from trusted source like “Norton Antivirus Basic“, updating the system frequently, avoiding to click on any advertisement pop-up appears in the window screen, is advisable to frequently to scan the email attachments before opening and downloading them and be aware of the sources of shared documents and programs.

Internal Compliance Risk

These to the external risk which is imposed on the organization from the external environment like Government and another body of authorities in the state. Example of external risks to the organization includes Health and Safety at Work, Privacy Act, the Employment Relations Act, Wages Protection Act, Income Tax Act, and the Human Rights Act. These are regulation bodies which set principles of work conditions, codes of conduct and responsibilities the organization should play to the state. These principles and code of contract can act as the risk to the organization in one way or the other. Employment Relations Act 2000 and Income Tax Act 1983 are discussed in details below.

• Employment Relations Act 2000. This is an external Body of Authority which is used to formulate rules and regulations to the governor the relationship between the employer and employee under contract. These principles in one way or the others act like risks to the organization if they influence negative conditions of the employer offering the contract and favor the employee. Both Employer and employees, each should be aware of the duties and obligation to perform in the organization, therefore, avoiding any risk which may occur after breaching the contract in one way or the other. For example, some measures and required are set towards employers duties which the organization must fulfill to the employees (Hebson & Rubery, 2018). These requirements are like: to pay the work according to the Act, to ensure safety in the workplace, to offer paid leave for the employees, to offer free and fair employee treatment without any discrimination, to have an employment agreement which is in written format to avoid misunderstanding of the contract. Other duties belong to the employees under contract: is required to work according to the signed agreement, to obey organization instructions, to be available in case of overtime if overtime clause was available in the contract, disciplinary action to be allowed for any misconduct performed in the organization and to be ready to show fidelity. If the organization maintains and respects the signed requirement under the Employment Relation Act, these compliances will reduce the risks in the organization and results to high performance in the market and enjoy strong competitive advantages (Timming & Mansell, 2018).
• Income Tax Act 1983.This Act of Income Tax affects the income of individuals and organizations in New Zealand state. These tax are imposed on the earned income by the organization form its activities, therefore, affecting the business revenue. The higher the income generated the high the tax imposed which one way becomes a discouragement to the organization performance (Cascio & Lewis, 2018). However, if the business fails to comply with these rules of income tax, the Authority of the states takes a heavy penalty to the organization thus becoming negatively affected, therefore, reacting as a risk. The organization must ensure to have all required documents which will help to return tax in a simple and clear way. All stakeholders of the organization should be aware of the income tax regulations and have enough knowledge about how that calculation is done to avoid inconvenience and enhances transparency in the organization.

Communication is an essential factor when dealing with compliance requirement in the organization. This helps the organization through respective stakeholder and managers to adhere to the requirement as stated by each compliance risk. Communication will facilitate smooth flow of communication and adequate knowledge on how to react and handle when risk appears in the organization (Lefcourt, 2018).

Virus Protection will be selected compliance risk in the organization in generating communication among managers. Communication among manager will be discussed using the following subtitle below:

Several requirements are required to implement in the organization systems to protect the virus affecting the systems. This is dangerous if organization through manager’s failures to take action on the virus infection since when occurs they lower and damages the performance of the organization through altering document intended function and purpose (Liang, Cao & Qi, 2018). The following are requirements to put in place in dealing with Virus Protection.

• Installing antivirus programs. These programs are very useful if are sourced from the trusted source. This will give assurance of total protection against the virus attacking the system. For example of strong antivirus is Norton Security Scan which is successful tasted in several programs.
• Ensuring frequent update of the system. This helps to keep the system programs up to date and having fresh renewed to have the best performance. This will help to remove any malicious subprograms defects which might come after the program expired.
• Avoid clicking to the window pop-ups intentional. These pop-ups always are from the untrusted source, therefore, becoming antivirus programs in our system.
• Employees are required to use the computer program only for the intended and trained purpose. This will reduce risks since the system will not be used to other activities which are not important to the organization intention thus reducing the risk attacks.   
• Do not share the system password. Sharing system password is dangerous to other members who are not allowed to access the system since they may insert mobile devices contains virus thus affecting the system (Luo, Hu, Jiang & Wang, 2018).

The organization must put regular measures which will regulate and control virus infection to the computer system. The management must assign a responsible team to be performing regular scanning of the computer programs using trusted Antivirus programs (Singh, Kumar, Hammouch & Atangana, 2018). Also, updating the computer system regularly is recommended measure for future protection of the virus. The management and the rest of employees must be able to identify types of virus like worms and Trojan. After being able to identify it will very easy to deal with them according using “Malicious Software Removal Tools”.

Installation of strong firewall is important. This will protect the entire network in the system. This will help to monitor and control all internet traffic flowing in and out of the system thus making the system is secure. Use of secure laptops/computers and mobile devices which are used as peripherals in the system. The organization is supposed to consider these small devices also important in the organization and protect them from virus. This is enabled by use encrypted software and password which are hard to be guessed by everybody. These software will not allow any data to flow without trusted permission in the system.

External Compliance Risk

The organization must develop backup system. This will help the organization to recover and continue with the operation if the organization is attacked by virus accidently. This is a very good measure to be under consideration.

The organization should assign these activities to the professional in the field of dealing with computer system and programs. Computer programmers in the organization should be responsible for these activities of dealing with virus protection.

The organization as a whole is required to cooperate in developing and implementing compliance requirement which will reduce further infection of the risk. Organization stakeholders and another team with the organization is required to be trained and educated on how to deal with virus infection and other internal risks. The organization should put in place strong measures to protect internal risk for the future, also this facilitated by having effective communication within organization stakeholders.

Organization management is required to keep and maintain safety to the system documents. System documentation are very important in case the system failures to work properly due to the infection of virus. This documentation will assist in debugging the system and recover to the normal performance of the system. Available employees in the organization should be well trained using this documentation in case of any negative in the system, they corrected it without much and minimizing expense from using external personnel.

Conclusion:

In summary, this document has alighted and discussed several internal and external compliance requirement in the organization. Password protection and virus protection have been discussed including the requirements and measures to put in place in protecting them from influencing the organization negatively. Password and virus protection was discussed as an internal risk compliance requirement. Income Tax Act 1993 and the Employment Relations Act 2000, were discussed as external risk including their compliance requirement to the organization.  

References:

Baud, N., Frachot, A., & Roncalli, T. (2018). Internal data, external data, and consortium data for operational risk measurement: How to pool data properly. Groupe de Recherche Operationnelle, Credit Lyonnais, France, pp. 1-18.

Cascio, E. U., & Lewis, E. G. (2018). Distributing the Green (Cards): Permanent Residency and the Income Tax after the Immigration Reform and Control Act of 1986 (No. w24872).

Cascio, E. U., & Lewis, E. G. (2018). Distributing the Green (Cards): Permanent Residency and the Income Tax after the Immigration Reform and Control Act of 1986 (No. w24872).

Ghose, A., & Koliadis, G. (2018, September). Auditing business process compliance. In International Conference on Service-Oriented Computing, pp. 169-180.

Hebson, G., & Rubery, J. (2018). Employment relations and gender equality. In The Routledge Companion to Employment Relations, pp. 107-121.

Lefcourt, H. M. (2018). Internal versus external control of reinforcement: A review. Psychological Bulletin, 65(4), 206.

Liang, Q., Cao, S., & Qi, Z. (2018). A simple realization of the computer virus. Information and Computer Security, 1(1).

Liverant, S., & Scodel, A. (2018). Internal and external control as determinants of decision making under conditions of risk. Psychological Reports, 7(1), 59-67.

Luo, W., Hu, Y., Jiang, H., & Wang, J. (2018). Authentication by Encrypted Negative Password. IEEE Transactions on Information Forensics and Security, 14(1), 114-128.

Maxwell, J. C., & Anton, A. I. (2017). Validating existing requirements for compliance with law using a production rule model. North Carolina State University. Dept. of Computer Science, 289-361.

Schmidt, R., Bartsch, C., & Oberhauser, R. (2018, June). Ontology-based Representation of Compliance Requirements for Service Processes, pp. 28-36.

Shahrear, P., Chakraborty, A. K., Islam, M. A., & Habiba, U. (2018). Analysis of Computer Virus Propagation Based on Compartmental Model. Applied and Computational Mathematics, 7(1-2), 12-21.

Singh, J., Kumar, D., Hammouch, Z., & Atangana, A. (2018). A fractional epidemiological model for computer viruses pertaining to a new fractional derivative. Applied Mathematics and Computation, 316, 504-515.

Timming, A., & Mansell, S. (2018). Employment relations, stakeholder theory, and business ethics. In The Routledge Companion to Employment Relations, pp. 448-462.

Turetken, O., Elgammal, A., van den Heuvel, W. J., & Papazoglou, M. P. (2017). Capturing compliance requirements: A pattern-based approach. IEEE Software, 29(3), 28-36.