Earl's Three-Pronged Approach


Earl’s three-pronged approach is a multi methodology IS/IT strategy that illustrates the strategic role on how IT can play in addresses the forces. It consists 3 prongs that are top-down, bottom-up and inside-out (Earl, 1989).

Top Down



Business Objectives
To upgrade health service delivery and improve health care, cure and prevention of disease to our patients by 60% in eight years time
To increase market share by 30% in the health industry in the next five years
Improve 10% employee productivity in two year.
Fasten
processes
hospital services
Enable online customer care system
Improve staff knowledge
Enable employee feedback
Improving emergency unit
Adding more ambulances
Information System Needs
Online Feedback System
Online Helpdesk System System
E-learning System
Online feedback System
RFID Inventory Management System
GPS System

1. Finance System

Finance system is playing important role in every business. Current finance system provided high technical quality due to its state-of-art system. According to Csanad (2010), financial statement allows management to track their financial position and allows manager to forecast and set goals for upcoming periods. Out-to-date information can lead to wrong decision making by the managing director. Therefore, such system is low in business value and Hermes should upgrade such system.

2. Payroll

Current payroll system runs independently from the HR. With this reason, this could be unreliable and poses compatibility issues. In addition, such system provided high business value because it is regularly used and it is a vital operation in helping human resource department, therefore, Sunway Medical Centre should upgrade such system.

3. PABX System

PABX system is used bySunway Medical Centre to communicate between within the hospital. PABX system is high in business value but low in technical quality. Therefore, Sunway Medical Centre should upgrade such system to provide better communication system to all regions.

Bottom Up



This activity concerns itself with understanding what the systems currently exist, what functions they have and what gaps exist in the light of company stratrgic needs. It also grades the systems by value to the company.
J7~H3$0Y@4$I3`}E57H85%X.jpg

To determine technical quality usually requires IT/IS vendors or specialists and seeks to answer the questions like:
  • How reliable is the system?
  • How easy is the system to maintain?
  • How cost-efficient is the system?

To determine business value requires input for users of the system and seeks to answer the questions like:
  • What is the impact of the system? and what would happen if it were removed?
  • How easy is the system to use?
  • How often is the system used?

Low value + Low quality = Get Rid
  • System was never necessary or appropriate.
  • Business needs have changed.
  • Outdated technology.

High value + Low quality = Upgrade
Failure to maintain systems because of
  • Scarce resources.
  • Maintenance work is low priority.
  • Cost of disruption is too high.

Low value + High quality = Need?
  • Users failed to support or use the system.
  • Reassess before killing off.
  • Can it be enhanced to add business value, such as, add some functions.

High value + High quality = Ace ares
  • May have given competitive advantage before but now rivals have caught up.
  • Must enhance system.


1. PABX System

PABX system is used bySunway Medical Centre to communicate between within the hospital. PABX system is high in business value but low in technical quality. Therefore, Sunway Medical Centre should spend more time and cost to upgrade such system to provide better communication system to all regions.


2. Inventory Tracking System

Inventory tracking system is a set of hardware and software based tools that automate the process of tracking inventory. Inventory tracking system works in real-time using wireless technology to transmit information to a central computer system as transactions occur. Modern inventory tracking system is almost exclusively based on barcode and RFID technology. In Sunway Medical Centre must enhance system to help get more benefits.


3. Customer Service System

Customer Service System is the core operational support system. In Sunway Medical Centre, the customer service system has high business value and the technical quality, it already has competitive advantage but also need enhance system.


4. CRM System

Customer Relationship Management System concerns the relationship between the organization and its customers. Customers are the lifeblood of any organization. It is an essential part of modern business management. Sunway Medical Centre sould maintain such syatem and must enhance system for get more benefits between the patient and hospital.


5. Markrt System

Marketing System is a high-performance, versatile platform that you use to perform targeted personalized marketing. In Sunway Medical Centre, it has low business value and technical quality.


6. Payroll System

Current payroll system runs independently from the HR. With this reason, this could be unreliable and poses compatibility issues. In addition, such system provided high business value because it is regularly used and it is a vital operation in helping human resource department, therefore, Sunway Medical Centre should reassess such system before killing. It can be enhanced to add business value, such as, add some functions.


7. Accounting System

Organized set of manual and computerized accounting methods, procedures, and controls established to gather, record, classify, analyze, summarize, interpret, and present accurate and timely financial data for management decisions. In Sunway Medical Centre, it has low business value and high technical qulity. It need reassess before killing. It can be enhanced to add business value, such as, add some functions.


8. Finance System

Finance system provided high technical quality due to its state-of-art system. According to Csanad (2010), financial statement allows management to track their financial position and allows manager to forecast and set goals for upcoming periods. Out-to-date information can lead to wrong decision making by the managing director. Therefore, such system is low in business value and Hermes should upgrade such system. The system need to reassess before killing off, it can be enhanced to add business value, such as, add some functions.




Inside-Out Approach


The following diagram commonly known as the Cause and Effect Diagram, also referred to as Fishbone Diagram or Ishikawa Diagram, it is created by Dr. Ishikawa who was a Japanese University professor and influential quality management innovator (Kaoru Ishikawa, 1969). This tool is used for the first time when the analysis of steel works in 1943.

This diagram shows the causes of an event, and it illustrates the hierarchical relationship between the causes in detail and a given outcome. It is often used in manufacturing and product development to outline the different steps in a process, demonstrate where quality control issues might arise. The Sunway Medical Centre’s Ishikawa Diagram is following as below:
ishikawa.jpg
Figure2: Sunway Medical Centre’s Ishikawa Diagram

Manpower:
From the Ishikawa Diagram, there are four main reasons that cause Sunway Medical Centre lack of management. The first one is manpower management problem. Currently there not has a good communication between Management level and Operation level. It will impact the sense of responsibility and teamwork and staffs do not care about company’s well being. For example, the operator prescribe some medicine for patient when he come to the hospital, but the manager do not tell the operator the medicine has been banned before that will lead to a very serious problem. The E-learning system is necessary because some staff lack of self-improvement might cause professional skills reduced and mistakes generated. If no proper protocol, the staff will waste the time and works little lead to their efficiency at work was reduced. On the other hand, the company does not give extra bonus for the staffs might impact the positivity of them. The staff training is not enough might cause the market share does not increase in next five years plan.
Machinery:
For emergency like traffic accident, the emergency equipments are not enough to support it that will cause the patient died. For the hospital, the most important thing is medical accident because it will impact hospital development. Now the machineries are almost old and damaged that is quite troublesome and inconvenient. The vehicle tracking system will be proposed to solve the vehicle management problem. This system can control the vehicle quantity, quality, accident details and so on.
IT/IS:
As we known the IT technology is growing very fast day to day specially for the medical industry. However, Sunway medical is still remaining the usage of old IT/IS system and they spent very low cost on the IT investment. Sunway is avoiding them to take risks on investing the new technologies which helps to enhance the operational.
Customer Service Ability:
According to the analysis, the customer service ability is inefficient because the staff lack of operability. They always use manual approach to operate the work. The old traditional ways cannot improve the hospital development. If the patient would like to voice a complaint, they just can use single channel to give the feedback for hospital. The single channel cannot be known by management level in the real time. The service supply ability is not enough might cause some service implement process would not be planned. CRM system will be proposed in Sunway Hospital to complete the customer relationship management.



(ii) The 5 Whys

The 5 Whys is a question-asking method used to explore the cause/effect relationships underlying a particular problem. Ultimately, the goal of applying the 5 Whys method is to determine a root cause of a defect or problem.

Problems
Analysis
1st Why
2nd Why
3rd Why
4th Why
5th Why
Improper Management of Manpower
No proper protocol/ guidance
No proper communication between management level and operation level
Staff do not have self- improvement behavior
Do not care about company’s well being
Company do not provide extra/ special bonus for employees
Inefficient Financial Control
Decentralized financial system
Each regions run on own financial department
Unwilling to improve current system
Lack of funding
Economic Downturn
Lack of Integration of Operating System
Company did not invest of IT/IS
Invest on IT/IS incur high cost of risk
Not investing on expertise in this area
Not their core competence

Inefficient in Ambulance Unit
Vehicles breakdown
Old vehicles
No proper system keep track vehicle assets
Unwilling to improve current system
Employees already adapt to the current working environment
Inefficient Customer Service
No online feedback
Cancellation or requesting additional pickup is slow
Manual approach in use
Still utilizing sticky label
Low cost



IS Initiative
IS Initiative
Time (for implementation)
Priority
  1. PABX System
2 months
high
  1. Inventory Tracking System
3 months
mid

3. Customer Service System

1 months
low
  1. CRM System
3 months
mid
  1. Payroll System
1 months
low
  1. Accounting System
2 month
mid

7. Finance System

1.5 month
low

8. E-learning System

4 months
low

9. GPS System

2 month
mid

10. RFID Inventory Management System

2 months
mid




INDIVIDUAL PART

Risk & Return Portfolio
The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable
enterprises to understand and manage all significant IT risk types

Risk IT provides a comprehensive framework for the management and delivery of high-quality information-technology-based (IT-based) services. It works at the intersection of business and IT and allows enterprises to manage—and even capitalize on—risk in the pursuit of its objectives.

Risk IT saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, compliance, misalignment, obsolete IT architecture and IT service delivery problems.


Risk IT is based on the following principles. Effective enterprise governance and management of IT risk:
  • Always connects to business objectives
  • Balances the costs and benefits of managing IT risk
  • Promotes fair and open communication of IT risk
  • Establishes the right tone from the top while defining and enforcing personal accountability for operating within acceptable and well-defined tolerance levels
  • Is a continuous process and part of daily activities

The Risk IT framework is structured according to three domains:
  • Risk Governance
  • Risk Evaluation
  • Risk Response
Each of these domains contains three processes that have objectives that are achieved by performing a number of activities.


The Risk IT principles are applicable to any type or size of enterprise. The implementation of the processes and activities supporting them can and should be scaled to fit the size (and culture) of a particular enterprise.
In business today, risk plays a critical role. Almost every business decision requires executives and managers to balance risk and reward. Effectively managing the business risks is essential to an enterprise’s success. Too often, IT risk (business risk related to the use of IT) is overlooked.
Other business risks, such as market risks, credit risk and operational risks have long been incorporated into the corporate decision-making processes. IT risk has been relegated to technical specialists outside the boardroom, despite falling under the same ‘umbrella’ risk category as other business risks: failure to achieve strategic objectives.

The Risk IT Principles
The Risk IT framework is about IT risk — business risk related to the use of IT. The connection to business is founded in the principles on which the framework is built. Effective enterprise governance and management of IT risk:
• Always connects to business objectives
• Aligns the management of IT-related business risk with overall enterprise risk management (ERM) — if applicable, i.e., if ERM is implemented in the enterprise
• Balances the costs and benefits of managing IT risk
• Promotes fair and open communication of IT risk
• Establishes the right tone from the top while defining and enforcing personal accountability for operating within acceptable and well-defined tolerance levels
• Is a continuous process and part of daily activities Managing and Understanding IT Risk
To prioritize and manage IT risk, senior executives need a frame of reference and a clear understanding of the IT function and IT risk. However, the enterprise’s key stakeholders, including board members and executive management, the very people who should be accountable for risk management within the enterprise, often do not have a full understanding.


IT risk is not just a technical issue. While IT subject matter experts help to understand and manage aspects of IT risk, business management is the most important stakeholder. Business managers determine what IT needs to do to support their business; they set the targets for IT and are accountable for managing the associated risks. The Risk IT framework explains IT risk, allows the enterprise to make appropriate risk-aware decisions and will enable users to:
• Integrate the management of IT risk into the overall enterprise risk management (ERM) of the organization
• Make well-informed decisions about the extent of the risk, the risk appetite and the risk tolerance of the enterprise
• Understand how to respond to the risk


What does Risk IT do?
Risk IT:
• Allows enterprises to customize the components provided in the framework to suit their particular needs
• Provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues
• Enables enterprises to understand and manage all significant IT risk types
• Provides tangible business benefits
• Allows the enterprise to make appropriate risk-aware decisions
• Explains how to capitalize on an investment made in an IT internal control system already in place to manage IT-related risk
• Enables integration with overall risk and compliance structures within the enterprise when assessing and managing IT risk

What are the benefits of using Risk IT?
The benefits of using Risk IT include:
• A common language to help communication amongst business, IT, risk and audit management
• End-to-end guidance on how to manage IT-related risks
• A complete risk profile to better understand risk, so as to better utilize enterprise resources
• A better understanding of the roles and responsibilities with regard to IT risk management
• Alignment with ERM
• A better view of IT-related risk and its financial implications
• Fewer operational surprises and failures
• Increased information quality
• Greater stakeholder confidence and reduced regulatory concerns
• Innovative applications supporting new business initiatives

In summary, the framework will enable enterprises to understand and manage all significant IT risk types. The Risk IT framework provides an end-to-end, comprehensive view of all risks related to the use of IT, as well as a similar view of risk management.


In the Risk & Return portfolio what you have to do is having a chart as shown below

SYSTEM
PRIORITY
TIME (duration)
BUDGET
REMARKS
1.




2.




3.




4.




5.





Then from the 5 systems you analyse them in the following chart (the portfolio)

Early Successes
Glittering prizes
Sweetmeats
Back burner

Why Care About IT-related Risk?Why Care About IT-related Risk?
  • Enterprises are dependent on automation and integration.
  • Need to cross IT silos of risk management.
  • Important to integrate with existing levels of risk management practices.


risk.jpg
Figure showing IT Related Focus

IT-related Risk Management
Risk IT is not limited to information security. It covers all IT-related risks, including:
  • Late project delivery
  • Not achieving enough
    value from IT
  • Compliance
  • Misalignment
  • Obsolete or inflexible IT architecture
  • IT service delivery problems

What Risk IT Offers
  • Provides guidance to help executives and management ask the key questions, make better, more informed risk-adjusted decisions and guide their enterprises so risk is managed effectively
  • Helps save time, cost and effort with tools to address business risks
  • Integrates the management of IT-related business risks into overall enterprise risk management
  • Helps leadership understand the enterprise’s risk appetite and risk tolerance
  • Provides practical guidance driven by the needs of enterprise leadership around the world

Risk IT provides a balanced view of an enterprise’s IT-related business risks:
Brings together all aspects of IT risk, including value, change, availability, security, project and recovery.
Other standards and frameworks are either too generic (e.g., ERM-oriented) or too focused on one aspect (e.g., IT security)
Offers a single, comprehensive view of IT-related business risks, which can cost companies millions annually in lost revenues and opportunities.

Who Benefits From Risk IT?
  • Boards and executive management; C-suite
  • Corporate and operational risk managers
  • IT management
  • IT service managers
  • IT security managers
  • Enterprise governance officers
  • Business managers
  • IT and external auditors
  • Regulators

Risk Response
The purpose of defining a risk response is to bring risk in line with the defined risk tolerance for the enterprise after due risk analysis.
In other words, a response needs to be defined such that future residual risk (=current risk with the risk response defined and implemented) is as much as possible (usually depending on budgets available) within risk tolerance limits.
risk_response.jpg
Figure showing Risk Response
Risk IT Benefits and Outcomes
  • Accurate view on current and near-future IT-related events
  • End-to-end guidance on how to manage IT-related risks
  • Understanding of how to capitalise on the investment made in an IT internal control system already in place
  • Integration with the overall risk and compliance structures within the enterprise
  • Common language to help manage the relationships
  • Promotion of risk ownership throughout the organisation
  • Complete risk profile to better understand risk

Reference:
Csanad, 2010, The Importance of Financial Statements, Available at:http://hubpages.com/hub/The-Importance-of-financial-statements [Accessed 6th May 2010]

Earl, J, 1989, Management Strategies for Information Technology. Prentice Hall

Kaoru Ishikawa, 1969. Ishikawa Information [Online], Available from http://mot.vuse.vanderbilt.edu/mt322/Ishikawa.html [Accessed on 21st June, 2011]


Oxford American Dictionaries, 2010, Definition of Brainstorm, Available at: http://oxforddictionaries.com/definition/brainstorm[Accessed 16th May 2010]

Tague, N.R., 2005, The Quality Tool Box, 2nd edition, American Society for Quality, Milwaukee