Have your say at computerweekly.com
On why it will take more than a law to beat
ageism
In response to the news that an EU law could put an end to
milkround campus recruitment (Computer Weekly, 1
February)
Although age discrimination laws will go some way to helping more
mature candidates in the IT recruitment process, their success will
ultimately be dictated by the market.
Employers are typically short-sighted and, dare I say, lazy when it
comes to recruiting older candidates. Doesn't a Cobol programmer in
their fifties have valuable experience on how businesses expect
applications to develop? The fact they don't know VB.net is a
question of cross-training, not one of unemployability.
The industry needs to stop dishing out overhyped salaries to young
upstarts. It would be better to invest the money in training
professionals who have hands-on experience and well-honed skills,
and who bring value to the IT department from day one.
Robert Chapman, co-founder, The Training Camp
On why the compliance whingeing has to
stop
In response to a report that Dresdner Kleinwort Wasserstein has
devoted 15% of support staff to compliance (Computer Weekly, 1
February)
Isn't everyone getting a bit fed up with the continual bleating
about the "burden" of the Sarbanes-Oxley Act? It seems that
compliance is rarely approached systematically, that companies will
fail to meet deadlines, and that even Dresdner Kleinwort
Wasserstein is hindered by the "monster" of mishmashed IT
systems.
Nobody claims that compliance is ever simple, but there are many
examples of companies adopting technology to successfully meet
compliance requirements while reaping real commercial
advantage.
In recent months we have seen banks' IT departments successfully
convince boards that they can harness technology to address
multiple areas of legislation using the internal controls required
for Sarbanes-Oxley to pave the way for Basel 2.
These are positive signs that the preoccupation with Sarbanes-Oxley
is giving way to a more sensible approach to enterprise risk
management. The immediate task is to meet the act's criteria, but
the enabling technology allows the resulting transparency and
reporting to deliver many more management and risk management
benefits throughout the corporation.
Wendy Cohen, HandySoft Global Corporation
On the boardroom Babel that helps none of
us
In response to an article about the continuing distrust between
chief executives and IT directors (Computer Weekly, 8
February)
The latest survey by the Economist Intelligence Unit on difficult
relationships between IT directors and other board members was a
sobering read, if not altogether surprising. IT directors felt that
other board members did not comprehend or prioritise technology,
while many chief executives felt that their technology did not meet
their expectations.
This situation looks disastrous if taken at face value, but reading
between the lines, the solution may be easier than it seems. What
both of these attitudes reveal is misunderstanding. The board does
not understand the value of IT (and its limitations), and IT
directors do not seem able to explain it in clear and
straightforward business terms.
This problem is nothing new, and has probably existed since the
first commercial use of the computer, but it is now time for those
of us who work in IT to fix it for good. If IT directors find that
the other members of the board do not know what they do, or what
value it has, they must learn to communicate better. Jargon is our
enemy, as are promises we cannot fulfil.
A board where everyone talks in different languages -
finance-speak, IT-speak, HR-speak - will be an ineffective board.
The first step towards closing the language gap is to acknowledge
it. The harder part comes in working together to find a common
language which is pragmatic, honest, direct and business-minded. A
great challenge, but the rewards could be equally great.
Jack Noble, Fujitsu Services
LETTERS
Project staff delivering success, not
failure
There is a popular notion that most IT projects fail. I have read
that on average 80% of software projects fail, with failure defined
as the project not meeting the original expectations of the
business.
This is a ridiculous myth. Most experienced project managers are
good at estimating deadlines. An 80% success rate would not be an
overestimate.
What the failure rates are usually based on is the percentage of
projects that come in over the published budget and time
estimates.
We have a long-standing situation where project managers can only
get funding if the budget and timeline they propose are measurably
less than they know the project will take. There is certainly a
failure in the system somewhere, but it is not in the projects
themselves.
As long as the nonsensical failure statistic is repeated, companies
will continue to look for the solution in the wrong place - namely,
among the implementers in the IT department and those who define
and set the project's parameters in the business.
In fact, the solution lies with the executives who only reward
project managers who provide false information about projects, not
with the way the projects themselves are carried out.
Celia Redmore
Secrecy, standards and the truth about
RFID
Your coverage of radio frequency identification (Computer Weekly, 1
February) raised some key issues about the technology, including
the high cost of implementation, inaccuracy of scanning, secrecy
surrounding trials and lack of standards, all of which, according
to your articles, are inhibiting adoption.
Increased adoption of RFID will ultimately drive down high costs,
and your articles fail to take into consideration the progress
already made in RFID, specifically in standards.
Standards organisation EPCglobal announced in December 2004 the
royalty-free Class 1 Generation 2 UHF standard, enabling RFID
technology providers to create products that meet the requirements
of suppliers, manufacturers, end-users and industries as a whole.
The only "delay in standards" is in achieving ISO certification,
which will open up the standard to new markets - a process that is
happening now, is consensus-based and will therefore take some
time.
As for inaccurate scanning, businesses participating in pilots and
deployments realise that getting the perfect configuration for the
set-up of tags and readers is something that needs revisiting for
optimum performance. This is why the RFID pilots are key. German
retailer Metro has recently reported a 99% accuracy of pallets
read, showing that practice is bringing the organisation closer to
perfect.
Your references to "secrecy" are unfounded. EPCglobal encourages
companies across the globe to share their RFID experiences and many
are stepping forward to do so.
Getting RFID right brings with it not only challenges, but also
opportunity and commercial benefits, such as improving accuracy,
improving efficiency and creating transparency within the supply
chain.
All these issues, and more, will be discussed openly at the
EPCglobal conference on 7 June in Westminster this year.
David Lyon, EPCglobal line of business manager,
e-centre
World well stocked with security
qualifications
Once again, the UKwants to stand alone. Setting up a security
qualification to "simplify the issue" will just add to the
complexity and probably the cost.
As Louis Gamon of ISSA mentioned (Letters, 8 February), there are
already security-related internationally recognised qualifications
held by thousands of information audit and security professionals.
What will be gained by attempting to create a UK-only
version?
The UK is well represented in the management of the existing
qualifications, even though they are administered from the US. The
certified information systems manager (CISM) designation, for
instance, is managed by a committee and board which ensure the
quality and relevance of exam questions and maintain international
acceptance and respect; both are currently chaired by UK security
specialists.
Created and managed by Isaca, CISMcomplements the well-established
audit (Isaca's certified information systems auditor) and security
((ISC)2's certified information systems security professional)
qualifications by bringing them together at the "management" level.
The common body of knowledge in effect implements the security
infrastructure using BS7799/ISO17799 plus the concepts of security
governance and risk management. There are already over 5,000
international professionals holding a CISM and some 35,000 with
CISA; 15,000 candidates are expected to sit the CISM examination in
2005.
The BCS already has an established security specialist group; the
International Register of Certificated Auditors already offers a
series of courses and exams in auditing compliance with BS7799 -
effectively a combination of CISSP, CISA and CISM. What will yet
another qualification, probably recognised only in the UK, have to
offer the information security professional?
Derek Oliver, chairman, CISM Test Enhancement
Committee
Medical confidentiality already
compromised
Once again I read a report about GPs' concerns for patient record
confidentiality as a result of the NHS national programme for IT
(Computer Weekly, 8 February). This seems to imply GPs believe
their current systems to be confidential.
Just phone a doctor's surgery, say you are from an insurance
company investigating a claim and, provided you know a few basic
details about the person, I'm sure the receptionist will happily
furnish you with any information you care to ask for.
There are several other "professional" bodies that obtain
information in this way.
However, I believe the NPfIT is yet another badly conceived and
executed government-sponsored disaster in the making.
Geoff Lewis