Unfair contract terms

I do not think that a web operator is able to change the terms of use of website without giving users adequate notice as this action result in an unfair contract term according to the unfair contracts law. First of all, a significant imbalance in the parties’ right arises under the contract. The website user was deprived of the right of knowing changed terms and the right of rejection, thereby an unexpected credit card charge automatically to operator. That also meets the second criteria of determing the unfair contract term as it would cause detriment to a party if it were to be applied. Therefore, a party cannot unilaterally change the terms of a contract before obtain the other party’s consent. However, this issue could have been rapidly avoided by website operator with some practical movements, such as send a notice by mail or call, although, it could increase extra work for website operator to some extend. Finally, In terms of the third fact that that unnoticed term is not reasonably necessary to protect the legitimate business interests of the website operator who would be advantaged by the term. In a word, the term will be void when that proved to be unfair, which caused by inadequate notice of the change.

Megaupload

The jurisdiction issues related to the Megaupload case can be summarized into four key aspects that respectively are, whether cyberspace included in United States territory, whether defendants should be extradited according to their crimes, does racketeering exists associated with intellectual property case and could this case apply to other cloud service. Those four issues are of significant to governments on conducting jurisdiction to defendants derived from cloud service.

The first concern relates to international IP infringements on the Internet and thereby the issue of extradition. As I learned that national jurisdiction has traditionally extended to activities that take place within a country. Therefore, the boundaries of state jurisdiction should be defined while taking cyberspace into consideration. For the second issue, there are five crimes listed under United States law, the accused should be extradited if they commit one of them. Racketeering might be constituted when the accused be proved to specifically know the uploaded contents are infringing. It is possible that the popular content is non-infringing under reward business model with cloud service. In addition, the US jurisdiction to Megaupload case will significantly affect international users of many other US-based cloud computing services.

Jurisdictions are different between countries. It would be increasingly challengeable for organizations to manage liability if a website can be accessed from multiple jurisdictions.

Boutique Technology

 The fraudulent activities committed by employees was attributed to two aspects of the company’s operating environment, are “Plan and Organise” and “Monitor and Evaluate”. The CEO of the company Alan is indifferent to “red tape” policies, Thereby business objectives are not able to be control by incorporating IT and business management, leading to unexpected overheads for the lack of strategic IT plan. I found that the recruitment and selection of employees conducted without any formal procedures and only three employees are accountable for the accounting, finance and HR activities. Those are two facts of the insufficient of human resources management and risks assessment. I discovered that there are no monitor and evaluate internal control due to the limited resources derived by pursing of low product costs. In addition, extra working hours and lower-rate award rates raised pressure to employees. Therefore, people will explore more opportunities to commit fraud with increased pressure and decreased internal control.

To address those problems, I recommend that Alan to focusing more on the IT governance rather than the culture fostering. Specifically, subsidise funds on selecting and training qualified staff and establishing IT governance. To this extent, COBIT 4 is strongly recommended. Meanwhile, Diminishing overtime and appointing more staff to the internal control activities are effective.

 

WhizBiz Pty Ltd

The statement about the massive work created by implementation of COBIT has been a critical issue for many organisations, especially for the small and medium sized business. I learned that COBIT is a comprehensive set of resources that contains all the information that organizations need to adopt an IT governance and control framework. There are four domains of COBIT, which consist of 34 processes and each process has several control objectives used for implementation and assessment. It seems to be unlikely for WhizBiz to implement all processes included in COBIT for their limit scale. However, I discovered that COBIT Quickstart is useful to address this issue. The reason is that Quickstart provides a selection from the components of the complete COBIT, thereby meet the need of smaller enterprises for a simple-to-use tool that will speed up the implementation of key IT control objectives.

In terms of online selling mode and a number of databases stored in WhizBiz. It is more necessary to implement COBIT as a framework to ensure good control over information to meet objectives. That is because more risks including fraud, data leakage and online issues are likely to emerge under online environment if IT control is inadequate.

ITGC - To give effect to the Corporate Plan

I agree with the statement that an IT governance control framework such as COBIT is more essential to the effectiveness of the Corporate Plan for that IT management function used by organizations. I learned that COBIT provides IT governance a framework to ensure the alignment between IT and business strategic, the objective of maximizing benefits, the responsible utilize of resources, and the appropriate management of risks. More crucial process of COBIT is performance measurement for IT governance with transparent IT’s cost, value and risks.
I discovered IT operations should link to enterprise operation to achieve strategic objective by solving targeted problems. For instance, gathering all the information about revenue and costs to work out the efficient way of rising revenue and lowering costs when a loss presented. In addition, we are able to optimally manage IT resources including knowledge and infrastructure under COBIT framework. I fond that risk should be realized by senior officer, more important, every employee in the enterprise should have right to know the significant risks. That is beneficial to embedding responsibility of risk management, resulting in adequate preparation in advance and risk minimization. Tracks and monitors strategy implementation is most vital for me. As every progress made by committing, identifing and correcting mistakes I have made. 

5 mian domains of COBIT