MIS

The Risks that are associated with business and IS/IT change:
NEW CITY COMMERCIAL CORPORATION

NCCC are all about people: their associates, customers, business partners and community. Since starting out as a textile store in 1952 they continue to grow, expanding to different retail businesses and locations to serve more people.
The Company strives to offer Service from the Heart first of all to our associates. NCCC also maintain solid relationships with their business partners to provide a wide assortment of basic and unique merchandise that offers
They are proud of our journey and we continue to pay tribute to our founders and history by living up to our core values of humility, caring, hard work, excellence and fun. We live for our vision to be A Leader Who Cares.
On June 4, 2009, we schedule to interview with there IT personnel about the risk of their IS/IT change in the organization. The following are some of the risk that the company experience.
The challenge that their department might encounter are the changes or switching of their system and their security. As technology arises, the company must adopt to the fast changing environment in order for the company to be competitive and updated. The personnel said that it is not easy for them to shift into another system because the company’s transactions might be delay. Aside from that, they have many aspect that they considered, like the end users, the people involve in the company. The following list describes some considerations related to the control environment and IT
- IT is often mistakenly regarded as a separate organization of the business and thus a separate control environment.
- IT is complex, not only with regard to its technical components but also in how those components integrate into the organization’s overall system of internal control.
- IT can introduce additional or increased risks that require new or enhanced control activities to mitigate successfully.
- IT requires specialized skills that may be in short supply.
- IT may require reliance on third parties where significant processes or IT components are outsourced.
- Ownership of IT controls may be unclear, especially for application controls.

They considered risk in the company when they have to shift into new Information system or Information technology is how the company adopts those changes. Their personnel also considered the end user of the system, if it is difficult for them to use it. It should be a user’s friendly systems that can also be satisfy the needs of the company.

While early IT implementations clearly focused on automation of clerical and repetitive tasks, in today’s highly competitive business environment, effective and innovative use of information technology (IT) has the potential to transform businesses and drive stakeholder value According to the recent ITGI-PricewaterhouseCoopers study results, IT is quite to very important to delivery of the corporate strategy and vision .
On the other hand, poorly managed IT investment or badly implemented IT projects will lead to value erosion and competitive disadvantage. A number of or company–level studies and analyses show that IT contributes substantially to company's productivity growth. This contribution is by all means strong where IT strategy is linked with business strategy, thus IT can initiate major changes in organization structure, business processes and overall activities.
In one study, Brynjolfsson and Hitt concluded 'that while computers make a positive contribution to productivity growth at the firm level, the greatest benefit of computers appears to be realized when computer investment is coupled with other complementary investments; new strategies, new business processes, and new organizations all appear to be important.'
The technology itself has no inherent value and that IT is unlikely to be source of sustainable competitive advantage. The business value derived from IT investments only emerges through business changes and innovations, whether they are product/service innovation, new business models, or process change.
Therefore, successful organizations that manage to derive business value out of IT investments also IT risks are risks associated with intensive use of IT to support and improve business processes and business as a whole. They are related to threats and dangers that the intensive use of IT may cause undesired or unexpected damages, misuses and losses in whole business model and its environment.
Conscience about the systematic IT risk management should be present at all managerial level in organizations whose business is in any way related to the functioning of modern information systems (IS), no matter if they are used only for the purpose of business automation, or some vital business process are performed electronically. Since the efficiency, effectiveness and in a great deal the successfulness of all business activities depend on the functioning of the IT and IS, a sound risk management process should not only include technical or operational issues but also executive management’ frameworks such as IT Governance and IT Audit.
Therefore, successful organizations that manage to derive business value out of IT investments also understand the importance of IT control environment and manage the associated risks, such as increasing regulatory compliance and critical dependence of many business processes on IT. This in particular means that they manage the risks associated with growing IT opportunities. The risks associated with business processes conducted through IT support are not only any more marginal or ‘technical’ problems and become more and more a key ‘business problem’.