Your shout! On why it will take more than a law to beat ageism

In response to the news that an EU law could put an end to milkround campus recruitment (Computer Weekly, 1 February)


Have your say at





On why it will take more than a law to beat ageism

In response to the news that an EU law could put an end to milkround campus recruitment (Computer Weekly, 1 February)

Although age discrimination laws will go some way to helping more mature candidates in the IT recruitment process, their success will ultimately be dictated by the market.

Employers are typically short-sighted and, dare I say, lazy when it comes to recruiting older candidates. Doesn't a Cobol programmer in their fifties have valuable experience on how businesses expect applications to develop? The fact they don't know is a question of cross-training, not one of unemployability.

The industry needs to stop dishing out overhyped salaries to young upstarts. It would be better to invest the money in training professionals who have hands-on experience and well-honed skills, and who bring value to the IT department from day one.

Robert Chapman, co-founder, The Training Camp


On why the compliance whingeing has to stop

In response to a report that Dresdner Kleinwort Wasserstein has devoted 15% of support staff to compliance (Computer Weekly, 1 February)

Isn't everyone getting a bit fed up with the continual bleating about the "burden" of the Sarbanes-Oxley Act? It seems that compliance is rarely approached systematically, that companies will fail to meet deadlines, and that even Dresdner Kleinwort Wasserstein is hindered by the "monster" of mishmashed IT systems.

Nobody claims that compliance is ever simple, but there are many examples of companies adopting technology to successfully meet compliance requirements while reaping real commercial advantage.

In recent months we have seen banks' IT departments successfully convince boards that they can harness technology to address multiple areas of legislation using the internal controls required for Sarbanes-Oxley to pave the way for Basel 2.

These are positive signs that the preoccupation with Sarbanes-Oxley is giving way to a more sensible approach to enterprise risk management. The immediate task is to meet the act's criteria, but the enabling technology allows the resulting transparency and reporting to deliver many more management and risk management benefits throughout the corporation.

Wendy Cohen, HandySoft Global Corporation


On the boardroom Babel that helps none of us

In response to an article about the continuing distrust between chief executives and IT directors (Computer Weekly, 8 February)

The latest survey by the Economist Intelligence Unit on difficult relationships between IT directors and other board members was a sobering read, if not altogether surprising. IT directors felt that other board members did not comprehend or prioritise technology, while many chief executives felt that their technology did not meet their expectations.

This situation looks disastrous if taken at face value, but reading between the lines, the solution may be easier than it seems. What both of these attitudes reveal is misunderstanding. The board does not understand the value of IT (and its limitations), and IT directors do not seem able to explain it in clear and straightforward business terms.

This problem is nothing new, and has probably existed since the first commercial use of the computer, but it is now time for those of us who work in IT to fix it for good. If IT directors find that the other members of the board do not know what they do, or what value it has, they must learn to communicate better. Jargon is our enemy, as are promises we cannot fulfil.

A board where everyone talks in different languages - finance-speak, IT-speak, HR-speak - will be an ineffective board. The first step towards closing the language gap is to acknowledge it. The harder part comes in working together to find a common language which is pragmatic, honest, direct and business-minded. A great challenge, but the rewards could be equally great.

Jack Noble, Fujitsu Services



Project staff delivering success, not failure

There is a popular notion that most IT projects fail. I have read that on average 80% of software projects fail, with failure defined as the project not meeting the original expectations of the business.

This is a ridiculous myth. Most experienced project managers are good at estimating deadlines. An 80% success rate would not be an overestimate.

What the failure rates are usually based on is the percentage of projects that come in over the published budget and time estimates.

We have a long-standing situation where project managers can only get funding if the budget and timeline they propose are measurably less than they know the project will take. There is certainly a failure in the system somewhere, but it is not in the projects themselves.

As long as the nonsensical failure statistic is repeated, companies will continue to look for the solution in the wrong place - namely, among the implementers in the IT department and those who define and set the project's parameters in the business.

In fact, the solution lies with the executives who only reward project managers who provide false information about projects, not with the way the projects themselves are carried out.

Celia Redmore


Secrecy, standards and the truth about RFID

Your coverage of radio frequency identification (Computer Weekly, 1 February) raised some key issues about the technology, including the high cost of implementation, inaccuracy of scanning, secrecy surrounding trials and lack of standards, all of which, according to your articles, are inhibiting adoption.

Increased adoption of RFID will ultimately drive down high costs, and your articles fail to take into consideration the progress already made in RFID, specifically in standards.

Standards organisation EPCglobal announced in December 2004 the royalty-free Class 1 Generation 2 UHF standard, enabling RFID technology providers to create products that meet the requirements of suppliers, manufacturers, end-users and industries as a whole. The only "delay in standards" is in achieving ISO certification, which will open up the standard to new markets - a process that is happening now, is consensus-based and will therefore take some time.

As for inaccurate scanning, businesses participating in pilots and deployments realise that getting the perfect configuration for the set-up of tags and readers is something that needs revisiting for optimum performance. This is why the RFID pilots are key. German retailer Metro has recently reported a 99% accuracy of pallets read, showing that practice is bringing the organisation closer to perfect.

Your references to "secrecy" are unfounded. EPCglobal encourages companies across the globe to share their RFID experiences and many are stepping forward to do so.

Getting RFID right brings with it not only challenges, but also opportunity and commercial benefits, such as improving accuracy, improving efficiency and creating transparency within the supply chain.

All these issues, and more, will be discussed openly at the EPCglobal conference on 7 June in Westminster this year.

David Lyon, EPCglobal line of business manager, e-centre


World well stocked with security qualifications

Once again, the UKwants to stand alone. Setting up a security qualification to "simplify the issue" will just add to the complexity and probably the cost.

As Louis Gamon of ISSA mentioned (Letters, 8 February), there are already security-related internationally recognised qualifications held by thousands of information audit and security professionals. What will be gained by attempting to create a UK-only version?

The UK is well represented in the management of the existing qualifications, even though they are administered from the US. The certified information systems manager (CISM) designation, for instance, is managed by a committee and board which ensure the quality and relevance of exam questions and maintain international acceptance and respect; both are currently chaired by UK security specialists.

Created and managed by Isaca, CISMcomplements the well-established audit (Isaca's certified information systems auditor) and security ((ISC)2's certified information systems security professional) qualifications by bringing them together at the "management" level. The common body of knowledge in effect implements the security infrastructure using BS7799/ISO17799 plus the concepts of security governance and risk management. There are already over 5,000 international professionals holding a CISM and some 35,000 with CISA; 15,000 candidates are expected to sit the CISM examination in 2005.

The BCS already has an established security specialist group; the International Register of Certificated Auditors already offers a series of courses and exams in auditing compliance with BS7799 - effectively a combination of CISSP, CISA and CISM. What will yet another qualification, probably recognised only in the UK, have to offer the information security professional?

Derek Oliver, chairman, CISM Test Enhancement Committee


Medical confidentiality already compromised

Once again I read a report about GPs' concerns for patient record confidentiality as a result of the NHS national programme for IT (Computer Weekly, 8 February). This seems to imply GPs believe their current systems to be confidential.

Just phone a doctor's surgery, say you are from an insurance company investigating a claim and, provided you know a few basic details about the person, I'm sure the receptionist will happily furnish you with any information you care to ask for.

There are several other "professional" bodies that obtain information in this way.

However, I believe the NPfIT is yet another badly conceived and executed government-sponsored disaster in the making.

Geoff Lewis

Read more on IT legislation and regulation