Welcome to the September 2007 issue of the IT SIG newsletter.

Articles

1. Doing Business In Virtual Worlds
2. Identity Crime And It
3. Case Study: Jb Global Fuels Growth With Salesforce.Com
4. 2007: Top 10 Technologies
5. Further Reading And References

You may have heard about Virtual Worlds and the most widely reported one - Second Life. And you may have paid little attention - after all what possible relevance could it have to me? Ken Reid describes some of the issues for business and challenges the accounting profession to step up to the digital landscape and be ready for the opportunities it offers.

At a seminar on Property Investment that I attended the opening line from the presenter was "You really should not be here, equities have given a far better historic return than property."

I have been asked a lot recently if the hype around virtual worlds and Web 2.0 is a bit like Investment Property - exciting, popular, the topic of every conversation around the dinner table - but ultimately not the best investment choice.

In the past few months I've spoken to a range of people involved in this space - from the techies to the marketing people, from a new graduate to a CEO. I've attended conferences, seminars and ‘intimate' discussions focussed on Web 2.0 and Virtual Worlds and a few key messages are becoming clear.

Web 2.0 concepts (mySpace, Facebook etc) and technologies can genuinely help with the key managerial challenges of the twenty first century, namely:

• Knowledge sharing and management
• Problem solving
• Innovation
• Collaboration

Virtual worlds on the other hand, from a business perspective present a new channel to interact with customers, but are still in the early developmental stages.

What are virtual worlds?

Wikipedia describes a virtual world as "a computer-based simulated environment intended for its users to inhabit and interact via avatars. This habitation usually is represented in the form of two or three-dimensional graphical representations of humanoids."

There are numerous examples of these worlds but the most reported is Second Life. These virtual worlds are different to the Massively Multiplayer Online Games (MMORPG) such as World of Warcraft, where there is a purpose/goal to the game. In a virtual world there is no defined purpose - it's about social interaction, shopping, experimenting - like the first world….but digital.

The key questions KPMG gets asked about Virtual Worlds by our clients are

1. are people operating businesses in these worlds and
2. are they making any money?

As of June 2007, based on best available evidence, the answer to both these questions is YES:

Reference: www.secondlife.com

Second life…hype?

As of October 2006 there were 1 million inhabitants of Second Life - today, a mere 11 months later there are 8.4 million, but only 10,000-15,000 in Australia- hardly a figure to get excited about. However Second Life is growing at a rate of 25% per month so at these (fantastic) growth rates there could be over 1 million Australian users within 24 months - a tantalising market size.

Linden Labs claim there are 1000's of established businesses in Second Life offering a range of services that include party and wedding planner, pet manufacturer, tattooist and musician. While some of these businesses appear more serious than others, they are generating real life revenues for real life people and companies.

So from a business perspective there would seem to be opportunities here.

Hundreds of large corporates have established a presence in Second Life (a good list is available at www.nbhorizon s.com/list.htm) with Sky News amongst the most recent brands to join the rush that has already included Sony, BMW, Reuters, Telstra, IBM, ABC, Adidas and so on.

Why immerse in a virtual world?

There are a number of reasons why companies are deciding to take the plunge into a second life:

• An opportunity to interact in a very intimate way with customers and consumers;
• An opportunity to experiment, with new products and ideas in a relatively safe environment;
• A relatively small investment now may prove very smart in years to come;
• By being part of the community they will develop a greater understanding of the capabilities of the new medium and of the communities that inhabit it; and
• By being part of it they can have some influence on the development.

So is there a feasible business model?

The phenomena of virtual worlds has exploded in the last couple of years with many millions of individual users, yet the problem of how to extract value from these networks and groups remains. However with so many users within these virtual worlds it seems logical that value can be extracted. There are a number of models currently being used by companies within the virtual worlds that we are seeing, including:

Telstra

Telstra having one of the largest Second Life presences in the world has built a Second Life space to promote the telco's brand, image, and products. Their 3-D world has eleven islands known at ‘The Pond', in which users can chat with other Avatars, watch movies, listen to music and play games straight from the Bigpond servers and even indulge in commerce by spending their Linden Dollars. These Telstra islands feature Australian themes and re-creations of Australian landmarks such as the Sydney Harbour Bridge, Sydney Opera House and Uluru. However, in using these images for its virtual world, Telstra has faced some real-life consequences including investigations by the Sydney Opera House Trust and National Parks for using these Australian national heritage sites, without consent from their respective administrators. Telstra has maintained throughout this investigation that it does not have a duty to gain such permission.

ABC

The ABC has the third most visited commercial site in Second Life, in which users can indulge in ABC content such as the latest news, sport, information and entertainment. As well as listen to various radio stations such as Triple J where users can be part of live gigs, Design Ratio National, where Avatars can discover ideas on sustainable living, and Dream Cove where one can be fascinated by Indigenous dreamtime stories. ABC is also heavily supporting the arts, through which the Australia Council for Arts is offering a $20,000 grant to Artists via ABC's Second Life island. The ABC has gone to great lengths to get regulator consent for music use on its Second Life island, however issues arise as the music is played through a third party, so it is no so straightforward for all parties involved.

Anshe Chung

Entrepreneurs within the virtual worlds are spending and accruing vast virtual fortunes. Anshe Chung (real name Ailin Graef) through buying and developing virtual realestate was the first Second Life virtual millionaire. The fortune Anshe Chung commands in Second Life includes virtual real estate that is equivalent to 36 square kilometers of land - this property is supported by 550 servers or land "simulators". In addition to her virtual real estate holdings, Anshe has "cash" holdings of several million Linden Dollars, several virtual shopping malls, virtual store chains, and she has established several virtual brands in Second Life. She also has significant virtual stock market investments in Second Life companies. Amazingly Anshe started with an investment of just $9.95 and achieved her virtual fortune in just 30 months.

Starwood Hotels

Companies have been releasing new products and design concepts for review and limited testing by inhabitants of these virtual worlds - a fast and relatively cheap way to gather significant real time customer feedback. For example the global hotel chain Starwood has built a virtual hotel in Second Life and seeks customer feedback about layout, colour and facilities that it will then use in the design of first world hotels.

Other firms have run training sessions in Second Life - where people around the globe can attend a lecture without the costs and time spent travelling, or run virtual recruitment centres, or graduate induction days - the list includes IBM and the Harvard Law School.

Risky Business Current Issues facing businesses investing in Second Life:

Questions have been emerging over how first-life laws and regulations apply to virtual worlds such as Second Life. Linden Labs announced on its website towards the end of July that it was banning gambling in Second Life citing "conflicting gambling regulations around the world". Such a move has drawn criticism, with many social networking sites saying that the ban was "heavy handed, restricts freedom and will have an effect on revenues". Strangely enough, within weeks of the ban the largest bank in the virtual closed its doors, leaving thousands of account holders without direct access to their funds. The bank claimed to have 18,000 accounts and deposits amounting to $US 700,000.

Questions businesses must ask themselves in light of these recent events include:

• If the owners of Second Life can turn off the switch as they like, what does this mean for their investments? If businesses become insolvent, businesses would never get their virtual dollars back.
• Will consumers have faith in the virtual worlds if extraction of their monies becomes impossible? Those who had their funds in Ginko Financial (Second Life bank), have now ended up with "tradeable debt securities" with a market value well below their face value.
• Can a virtual world exist without rules and regulations that are the backbone of the ‘real world' economy?

Despite these concerns the list of Global companies investing in Second Life is still growing.

Accountants in Second Life?

The accounting profession needs to embrace the Web 2.0 revolution. Virtual worlds pose threats and challenges in many areas, including:

• How do you audit royalty payments from use of brands/products in a virtual world?
• Which tax rate/jurisdiction applies to transactions in a virtual world?
• What value would you put on a Second Life island in a business combination?
• How would you audit the recoverability of a company's Second Life ‘assets'?
• How can you assist a company with security issues associated with virtual worlds where they do not control the infrastructure?

Some of these issues are beginning to be addressed by regulators and Governments. For example, the ATO has stated that "Where you undertake a transaction with real-world implications, using value from virtual worlds, then the real-world value of the transaction may form part of your taxable income…there may also be GST implications."

It becomes evident that the accounting profession needs to work through the grey areas between what is our first and what is becoming our second life.

To date there has not been a rush of accounting firms setting up islands in Second Life. H&R Block are there, a few legal firms are there but none of the Big-4….yet.

What of the future?

It is not hard to imagine a third or fourth iteration of Second Life that will have the capability to truly be an extension of our First Life - a digital space in which we can walk round a virtual grocery shop and buy real fresh, produce from a retailer we know. We could also interact with our Bank or tax office in a personal and convenient way- removing the need to schedule appointments and take too much time out of a busy and fulfilling real or first life.

In some ways virtual worlds are merely another channel to market. This understates their opportunity to provide a more dynamic channel offering greater opportunities to interact with customers. The interaction extends beyond merely selling to - it opens up opportunities for more efficient product development and testing, more tailored customer solutions and more prompt feedback on customer service.

The current usage of virtual worlds is driven by consumers. Consumer facing companies are following in their wake trying to develop products and services that appeal to these tech-savy consumers. We have yet to B2B applications being developed for Second Life - but we will.

Concepts such as Second Life are certainly not the finished product but another small step (albeit a very well publicised step) towards becoming a user friendly digital extension of our First Life.

As the digital landscape is changing very quickly who knows what possibilities this technology will develop in the next 2, 5 or 10 years, but what we do know is that it will be a very interesting journey that will throw up opportunities for our profession - watch this virtual space.

Ken Reid is a Partner of KPMG in Australia and Head of Media for Australia and the Head of the Information Communications & Entertainment Audit practise. Ken has 18 years experience in finance which included 3 years as the CFO of a UK based music recording and publishing company. Ken provides a range of services to many Australian media and technology companies and may be contacted by email at kenreid@kpmg.com.au

Top

2. Identity Crime and IT

As more people travel the world or shop internationally online, there is a greater potential for crime and identify fraud. Justin Sulima provides an overview of some of the technologies that are facilitating identity crime and highlights some of the issues that individuals and businesses face as a result.

Introduction

You have come back from overseas and your credit card statement has many debits to an Internet casino. The perfect crime has been committed, but you are safe because of the EFTPOS Code and the bank will take the loss. The credit card system works because we have "faith in the system", despite its inherent insecurity and difficulty with authentication.

The author of "Crime by Computer" ¹ (1976) lists 374 computer crimes committed between 1958 and 1975. Australian credit card losses for 2005-2006 are reported as 3.89 cents per $100, being $87.4m lost from 236,271 fraudulent transactions out of 1.6 billion². PayPal reports a loss of 50 cents per $100 for Internet only transactions. The astronomical increase in the rate of computer crime is possible because commerce is based on computers, the Internet and new technologies.

Information technology (IT) is not only the cornerstone of modern technology but also modern crime. Organised crime is one of the most prolific users of encryption, anonymous services, coded messages and satellite phones. And it's relatively risk free.

The term ‘identity crime' refers to a range of crimes. Examples are found at the Australasian Centre for Policing Research (ACPR) website³. In one example an offender found and killed a homeless man so he could fake his own death to avoid prosecution for counterfeiting. The identity fraud epidemic that occurred after the September 11 attack in New York⁴ was due to the sympathetic treatment of ‘victims' by financial institutions.

Legislation

The Criminal Code Act addresses fraudulent conduct, including intention. The Cybercrime Act regulates activities relating to the operation of computers and states "a person may be found guilty of an offence even if committing the serious offence is impossible". South Australia has the only legislation that specifically addresses identity theft and is the only type that creates an offence for ‘stealing' someone's identity.

The Financial Transactions Reports Act introduced the ‘100 Point' proof of identity (POI) scheme. The Privacy Act 1988 was introduced at the same time in relation to the proposed Australia Card and defines "personal information", as "Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion". The POI model has problems because not all authorities use the same scoring system; the same pool of documents are used by all authorities; and the key documents, such as birth certificate and Medicare card, can be used to obtain other documents (the ‘circular path').

Corporations

The Corporations Act enables a corporation to use a name and the states' Fair Trading Acts allow persons to register other business names. The National Names Index is available on the ASIC website⁵ and a name may be validated on line. The Australian Taxation Office maintains the Australian Business Register. The use of a business name in contravention of these regulations exposes the party to both a penalty and civil action for damages.

The Corporations Act enables any person to obtain the complete list of shareholders of a public company in human readable form with limitations. The freedom to access the share register has been a concern to credit unions that represent defence and police. The share market pest⁶ David Tweed has used the self-dealing provisions of Section 177 since 2002 to make unsolicited off-market offers to purchase shares at below market value.

Privacy and Data Protection

Modern technology has removed practical limits on the quantity and type of information that can be stored about a person and so we face another problem - the growth in bureaucracy and loss of privacy. Privacy is not a basic human right in Australia⁷ but is supported by laws that regulate elements of privacy in specified contexts. The protection of data is often overlooked when computers are disposed of by auction, recycling or donation. The hard drives are seldom wiped clean and much valuable data can be obtained using simple recovery processes⁸.

Identity and Security

The purpose of security is manyfold and includes prevention, deterrence, interception, detection, investigation and prosecution of offenders. The techniques include surveillance of people, groups, location and communications. The rise of terrorism is citied as a reason to introduce national identity schemes for individuals. The counter to that proposition is that none of the September 11 hijackers made any attempt to conceal their identity, nor did any of the youths who carried out the London underground bomb attacks. However, the attacks did need financing. The link between organised crime and terrorism has been well established, including drug and technology driven crime. A key issue for modern society is the balance between privacy and security.

Cards

The credit card is issued to the cardholder by the cardholder's bank and the merchant's institution supplies the merchant's EFTPOS facility - this is the four party credit card scheme. The EFT Code was developed after the myriad of problems when credit cards were first introduced and defines the liability of the card holder and the bank.

The Australian Payments Clearing Association Limited (APCA)⁹ and the Reserve Bank of Australia publishes statistics for credit card usage and fraud. The 2003-2004 EFT compliance report¹⁰ states that there were 2.5 billion EFT transactions, 8% were internet banking, with a total of 138,775 complaints were raised, and 26% of those complaints involved unauthorised transactions with the customer being held liable due to negligence with their PIN. The personal identification number (PIN) of a credit card is sometimes perceived as equivalent to a signature, but it is not. The law places no value on a stolen or forged signature¹¹ and the party that relies on it faces the loss.

The system is not perfect as demonstrated by an interview with a service station operator in early 2007 by the author. The operator recounted that he was presented with an obviously poor signature, and when he confronted the customer, he was challenged with "So what are you going to do about it?". He accepted the payment, prepared for the loss, and called the police, who then responded with "Why are you reporting this, it isn't your loss".

Australian Government Authentication Policy

The Australian Government Information Management Office (AGIMO)¹² is developing the e-Government service agenda for the use of information and communications technology (ICT). The introduction of Australian Government SmartCard¹³ has caused considerable debate about the technology, security, cost, "big brother" character¹⁴, and the politics of how it is being introduced. The Achilles heal of any centralised authentication system is the inability to establish and maintain the database. The UK National Identity Register project is in difficulty and is facing huge cost over-runs and the base data is proving difficult to capture.

New Technologies

The development of Voice Over Internet Protocol (VOIP) telephony post-dates the realisation of the security issues that have plagued other Internet facilities. It may be argued that some VOIP exploits were predictable and the technology should have been designed against reasonably foreseen vulnerabilities. Product liability law identifies design, manufacture and instructive defects. But the Trade Practices Act provides a defence based for products designed to a published standard. Hence acceptance of an existing vulnerable technology allows for the proliferation of new vulnerable products - and no one is accountable.

Internet Scams

Phishing is the obtaining of information by deceit that enables the perpetrator to commit a fraud. Spear-Phishing is a deliberate targeted phishing attack. Vishing is a voice phishing initiated by email or a direct call, usually by VOIP using spoofing where the identity of the caller is faked.

The Australian High Tech Crime Centre¹⁵ describes how phishing works. In 2006, a triad gang used school children to launder money. Using phishing emails, the perpetrators accessed accounts, transferred funds to the children's bank accounts, who then passed it, less commission, to a bagman who wired the money overseas. The mule receives 7% to 15% of the funds and is recruited from Internet "work from home" advertisements.

The Trade in Information

Personal information, no matter how well protected by law, is collected and traded globally. The UK Channel 4 program "Dispatches" in October 2005 reported a twelve-month investigation into the harvesting of bank data by staff in Indian call centres. The data theft included credit card details, banking and financial profiles, passport details and voice files.

Conclusions

The key issues touched on here include identity attributes, privacy, security, legislation, information technology, crime, data protection and legal developments. It may be argued that some technologies are inherently defective because they are based on standards that were originally designed with minimal consideration for security. As a result the law is playing catch-up to address specific and general vulnerabilities in systems.

Justin Sulima is director of PYXIS Solutions International Pty Ltd, an IT consultancy company, and member of the Australian Computer Society.

Top

3. Case study: JB Global fuels growth with salesforce.com

There are many software packages available in the marketplace to address Customer Relationship Management that purport to offer benefits for business. But how do you evaluate the different packages? What sort of features should you look for? What benefits can you realistically expect? Andrew Everingham provides this case study.

About JB Global:

JB Global Investment Services is an Australian financial services company operating in Australia and New Zealand. Since it was established in 2005, the company has grown from 100 clients to more than 1,000. This strong growth was being hampered by the sales cycle. No central processes existed to keep track of leads, monitor the histories of client accounts or communicate between divisions of the business. To grow, the company needed to re-think its client service strategy.

Steve Craig, General Manager states when JB Global began, it was impossible to keep track of all our contacts. "We were building personal business but we weren't building a company. Now, people are falling over each other trying to talk to us and through salesforce.com, we now have a scalable tool to talk to them all."

JB Global is an Australian company which provides investment products and strategies. The company provides a unique strategy that focuses on maximising return while reducing risk for clients. However a poor client information management system meant the company posed a risk to itself through growth limitations.

When founding managing director Justin Beeton embarked on a plan to build a major financial services provider in 2005, he wanted to rival the investment banks. These banks had the infrastructure advantage and Beeton soon realised he could not satisfy the level of market demand.

"When JB Global began, it was impossible to keep track of all our contacts," says Steve Craig, General Manager at JB Global. "We have a very unique offer that performs exceptionally well, and while we were building a personal business, we weren't building a company. When Justin would present at conferences, he would speak to more than 400 people yet would only sign up a few clients."

JB Global had no visibility into client contact histories and there was little information sharing. The company relied on everything from email applications to pieces of paper to manage new business and existing client relationships. The lack of a central data repository meant marketing and customer service initiatives were piecemeal and did not have a strategic approach.

"As a rapidly growing business, the most important indicator of client service is history. We need to know everything including how long it takes to convert leads, how long the customer has been with us and even how they like to be contacted. If we don't have access to this information, we expose ourselves to a competitive environment and are more likely to lose business."

Choose the Right Solution

When JB Global decided to implement a new system to better manage clients, it identified several criteria. These included:

• visibility into the sales cycle
• conversion ratios
• solutions could not be premise-based

JB Global wanted a system that would keep contacts in check and that offered:

• JB Global wanted a system that would keep contacts in check and that offered:
• Scalability and
• Security

After a review of several solutions including Microsoft Dynamics CRM and Sugar CRM, JB Global selected and implemented Salesforce SFA as its CRM system. Why?

SaaS (Software-as-a-Service) model

Salesforce.com provides sales, marketing and customer services applications via the Internet on a subscription model. There is no software to download or install. No hardware to implement and maintain. All customers require is an Internet connection and Salesforce.com takes care of the rest.

"Salesforce.com gives us the 'sleep at night' factor; we don't need to worry about the system going down and losing all our valuable data," continued Craig. "It gives us confidence, plus, it is so easy to implement and that's what got it over the line."

Evaluation easy

JB Global originally used a free trial during the decision making process, thus making the evaluation easy and relativley low cost. By the time JB Global purchased Salesforce SFA, the implementation was half-completed.

Implementation

Following the free trial and after five months of using the Professional edition, JB Global upgraded to Enterprise edition in only two days. The upgrade was achieved with no disruptions to the business. With assistance from salesforce.com and Sqware Peg, a Salesforce implementation partner, the solution was successfully embedded into JB Global's marketing, customer service and sales business processes.

So what benefits has the Salesforce software provided to JB Global?

Centralisation

With centralised access to new leads, trading accounts, email campaigns and client histories, JB Global can now make use of accurate information across its 5,000 leads and contacts in the system. Data is available in a single source and Salesforce SFA has made customer intelligence work for sales, customer service and marketing teams across the company.

Customisation

"Salesforce SFA is moulded to reflect our needs. We can customise it as much as we need to without relying on internal IT resources or salesforce.com; it is that easy to use."

For example, many clients have several financial accounts with JB Global. To provide advisors with visibility into all of the accounts together, the company created "entities" in Salesforce SFA. These entities combine several accounts so that each client can be reviewed holistically instead of discretely.

Salesforce.com's AppExchange has provided further customisations to the system. When extra functionality is needed, Craig can search from more than 625 applications and integrate them easily into Salesforce SFA. The company is currently using several of these applications including Vertical Response for self-service email and direct mail solutions and Quick Tools which allows users to build special forms on the web that feed straight in to Salesforce SFA.

"We organise a seminar series each year and for the first time this year, we distributed invitations and facilitated registrations directly via Salesforce SFA. It was so much easier to plan for the events because we knew head count and could segment the audience in order to maximise lead generation."

Compliance

Keeping auditors happy is also a primary concern for JB Global. Partially due to having a complete audit trail through records hosted by salesforce.com, the company applied for and were granted their own Australian Financial Service Licence (AFSL) from the Australian Securities and Investment Commission (ASIC).

"Maintaining a high compliance standard is necessary for us not only by law, but to build our reputation as well. When we applied for the AFSL, ASIC was impressed by the fact that we don't keep our clients' data on premise. Through salesforce.com, we also have access to backup facilities and this is a big bonus for us as a smaller financial services provider."

Prior to implementing Salesforce SFA, each advisor would take up to half an hour to produce reports each day. The company would be liable for up to $10,000 daily if this wasn't done. Now, advisors can log on and produce reports within seconds and this alone, enabled Craig to justify the implementation.

"I attribute a very large part of the company's growth to salesforce.com," continued Craig. "Investors are falling over each other trying to talk to us and through salesforce.com, we now have a scalable tool to talk to them all."

Salesforce SFA has now become an integral component of the JB Global landscape.

"From January 2006 to June 2007, the value of our portfolios under management has grown by more than 1,500 percent, from AU$15-20 million to more than AU$250 million. The company's success cannot be hampered by the IT department and with Salesforce SFA, it isn't. The beauty of salesforce.com's solutions is that they are evolutionary."

"We have increased our reliance on salesforce.com so much now that we say "if it's not in Salesforce, it didn't happen". Salesforce.com is our company."

Andrew Everingham is Marketing Director - Australia & New Zealand for salesforce.com. For more information visit www.salesforce.com

Top

4. 2007: Top 10 technologies

For nearly a decade now, the AICPA's Information Technology Membership Section has been undertaking annual research into the top 10 technologies. This year's findings highlight several areas that have featured in recent IT SIG newsletters as well as two of the articles in this issue.

1. Information Security Management

A systematic approach to encompassing people, processes and IT systems that safeguards critical systems and information, protecting them from internal and external threats. Incorporates the preservation of confidentiality (information is not available or disclosed to unauthorised individuals, entities, or processes), integrity (safeguarding the accuracy and completeness of key data) and availability (systems and data are accessible and usable upon demand by an authorized entity) of information. Other properties such as authenticity, accountability, nonrepudiation and reliability may also be involved.

2. Identity and Access Management

Identity and access management consists of the hardware, software and processes used to authenticate a user's identity, i.e. ensure users are who they say they are; then provide users with appropriate access to systems and data based pre-established rights and privileges. Identity management may utilize one, two or three factor authentication and include passwords, tokens, digital certificates (for web sites and e-mail systems), Public Key Infrastructure (PKI), biometrics and other emerging technologies

3. Conforming to Assurance and Compliance Standards

Creating formalised strategies and systems to address organisational goals and statutory requirements. These strategies and systems may include collaboration and compliance tools to monitor, document, assess, test and report on compliance with specified controls. It encompasses risk assessment standards, risk management and continuous auditing/continuous monitoring.

4. Privacy Management

The rights and obligations of individuals and organisations with respect to the collection, use, disclosure and retention of personal information. As more information and processes are converted to a digital format, this information must be protected from unauthorised users and from unauthorised usage by those with access to convergence of security and privacy.

5. Disaster Recovery Planning (DRP) and Business Continuity Management (BCM)

A holistic management process that identifies potential threats to an organisation and the impact those threats may have on business operations. Resources can include IT equipment, data records, the physical space of an organisation, and personnel. Threats to these resources may include theft, virus infestation, weather damage, accidents or other malicious destruction. A well defined, documented, and communicated plan can help provide structure and stability in the event of a business interruption or catastrophe greatly improving the chance of business survival.

6. IT Governance

A structure of relationships and processes that direct and control an organisation and help it achieve its goals by adding value while balancing risk versus return over IT and its processes. Includes IT ROI, or the decisions around technology investments and how to optimise related returns.

7. Securing and Controlling Information Distribution (new)

Protecting and controlling the distribution of digital data, i.e. enabling secure distribution and/or preventing illegal distribution and access to protected information. Example: a document distribution strategy controlled by a Digital Rights Management (DRM) server that prevents an encrypted document from being opened by anyone other than the intended recipient.

8. Mobile and Remote Computing (new)

Technologies that enable users to securely connect to key resources anywhere, anytime regardless of physical location. Enabling technologies include tablet PCs; PDAs; and wireless technologies such as Bluetooth, WiFi and WiMax.

9. Electronic Archiving and Data Retention (new)

Technologies that enable appropriate archiving and retrieval of key information over a given (statutory) period of time with improved efficiency and access to the information. This includes policies and processes to ensure destruction of information from storage and archival media in a timely and consistent manner. Information includes traditional data as well as telephony, IM traffic, and other emerging forms of collaboration. Storage and backup technologies, including Direct Attached Storage (DAS), Network Attached Storage (NAS) and Storage Area Networks (SANs), and optical devices such as DVDs, CDs, and Blu-Ray help support the archiving and retrieval process.

10. Document, Content and Knowledge Management (new)

The process of capturing, indexing, storing, retrieving, searching and managing information electronically, including database management of PDFs and other formats. Knowledge management then brings structure and control to this information, allowing organisations to harness the intellectual capital contained in the underlying data. This is sometimes referred to as the "paperless" office even though "less-paper" or digital office may be a more accurate term.

The Top 10 Technologies are published by the Americal Institute of Certified Public Accountant and is reprinted with permission of the AICPA. For more information on the AICPA's technology initiatives, including the Top 10 technologies, visit www.aicpa.org/infotech

Top

5. Further Reading And References

In this issue we have identified a number of issues and trends and provided some specific website references for our contributors. Below is a miscellaneous selection of websites and references that has been compiled to help interested readers undertake further research on these topics.

Virtual Worlds

Organisations are responding to the move to virtual worlds. IBM has assigned staff to man its virtual Business Centre . But why? IBM have stated two reasons - firstly, the increasing adoption of online social networking; secondly user demands for a richer online experience. Refer to the IBM press release for more details.

An interesting application of Virtual Worlds can be seen at the website Virtual Worlds - Real Learning. Virtual worlds are seen as an exciting tool for teachers. The site offers a range of information about how Virtual worlds can be used in delivering exciting learning opportunities. Check out the section describing how three different virtual worlds have been used to achieve competency-based outcomes.

ABC radio reporter Cath Dwyer reported recently how Virtual worlds are flourishing as a result of millions of online players moving in to set up their virtual lives. Check out the transcript to learn more about the fortunes to be made, and some of the real world consequences.

ICT Governance

As more organisations outsource their IT, ICT Governance practices are crucial to managing the inherent risks. The Australian Government; Information Management Office has implemented an approach called SourceIT. Check out the site for information on how you might manage ICT sourcing and frameworks for guiding decision making.

For a broad range of information relevant to ICT Governance, visit the CIO IT Governance Portal In addition to articles, white papers and reference material, the site offers occasional webinars and access to self-paced courses.

An interesting approach to ICT Governance has been adopted by Allen Shatten. In his article "Town planning the path to ICT governance", Allen looks at similarities between the governance applied to town planning and that required for ICT.

Identity and IT

The article "Identity Crime and IT" in this issue has provided many references on this topic already but as this crime increases many of our regulatory organisations are providing helpful information on how to protect your identity, how to recognise when it is and what steps to take. Visit sites such as the following for more information:

The ATO acknowledges the reality of identity theft and the problems that it can cause. Visit the ATO website for some background on how identity theft happens and some guidelines on how to protect your identity, particularly your Tax File Number.

The Australian Bankers Association has also produced a Fact Sheet on concerning Identifyt Theft. Protect Your Financial Identity provides useful information about recognising identify theft and tips on how to avoid theft of your identity.

The Attorney-General's department has also published "ID Theft - A kit to prevent and respond to identity theft" which provides valuable tips for everyone on how to recognise if you are vulnerable and how to deal with it.

Top

Disclaimer

This is an initiative of, and has been prepared by the Business and Practice Support Team of the Institute of Chartered Accountants in Australia. While every effort has been made to ensure the accuracy of the information contained therein, neither the Institute nor its employees shall be liable on any grounds whatsoever in respect of decisions or actions taken as a result of using this publication. The information provided is a general guide only and should not be used, relied on or treated as a substitute for specific professional advice or referral to the relevant specific standard. Opinions of authors are their own and do not necessarily reflect policies of the Institute or the IT Special Interest Group.

The information in this email is confidential to the named addressee and subject to copyright. No one else may read, print, store, copy, forward or act in reliance on all or any of this email or its attachments. If you are not the intended recipient, any use, reliance upon, disclosure or copying of this email is prohibited and unlawful. If you have received this email in error please notify the sender. The Institute of Chartered Accountants in Australia (ABN 50 084 642 571) does not warrant that this email and any attachments are error or virus free and recommends that all attachments be checked for computer viruses.

For further information please contact:

Business and Practice Support Coordinator
business_practice@icaa.org .au