Assessment Task Two - due 11:00pm, Monday 8th May 2017
You work for a business that has just established a new data processing centre. In a conversation with one of the directors over lunch one day, you get onto the topic of controls and the design of controls for the new centre. Proudly, the director boasts, ‘We have the most hi-tech biometric controls in place. No unauthorised access to the centre is possible. The programmers are able to get on with their day-to-day duties of developing programs and managing the organisation’s data resources.’
You are slightly concerned by this statement and immediately think back to appropriate controls for implementation in the information systems environment — one of which is segregation of duties.
(a) What are the faults in the director’s statement?
(b) Can the organisation rely on biometric controls alone?
(c) How can separation of duties be applied in the information systems area?
(d) What are the critical functions that should be separated?
(e) What are the risks if these functions are not separated?
Read the following article and answer the following questions.
Human error in business isn’t as unpredictable and unavoidable as it may seem.
One day last July, Talsico International — a company specialising in reducing human errors — received an urgent call from one of the world’s largest pharmaceutical groups. The group was in dire straits. One of its plants in the US was threatened with deregistration because of repeated errors in paperwork. The staff at the plant were diligent, but couldn’t seem to stop themselves from making mistakes when filling out the forms after performing clearance procedures.
A clearance procedure is the meticulous cleaning of an area after workers finish making one drug and are about to start manufacturing another, says Filomenia Sousa, CEO of Talsico, an Australian-based consultancy. ‘A small contaminant could kill, or make you very sick, and the cost of someone suing could run into millions and millions of dollars,’ Sousa says. There were no problems with the cleaning, it was simply a matter of the paperwork, and the Food and Drug Authority (FDA) had issued two warnings. ‘The FDA doesn’t care if it is a paperwork error, or a process error . . . if you fail three times, they can close you down,’ Sousa says.
Sousa says the implication for the pharmaceutical company — which she declined to name — were enormous. The plant was risking millions of dollars in losses, a disastrous blow to the company reputation and, at that site, 3000 jobs were on the line. ‘Almost in desperation, they called our office in the US,’ she says.
Sousa got on a plane and flew to the site and, when she took a look at the paperwork, was immediately able to identify a number of places where staff were likely to make mistakes. ‘They were absolutely amazed, they thought it was some sort of black magic,’ she says. ‘There was nothing magical about it at all. The reason these poor operators were making these paperwork errors was because the design of the forms was really not good for the human brain. So, when they were tired or flustered — which often happened during clearances — they made errors.’ The paperwork was changed and, within two weeks, they had a 73 per cent decrease in errors. Previously, they had made an error every time they did a clearance procedure, which was once every three or four days.
Human error is one of those risks in business that can seem unpredictable and — to an extent — unavoidable. According to Talsico, 70 to 96 per cent of mistakes made in business are due to human error. And mistakes are happening all the time. ‘In manufacturing industries I have worked with, the majority of documents would have some errors that need to be corrected,’ Sousa says.
Human error has been blamed for everything from damaging client relationships, product recalls, multi-million-dollar losses on products, plane crashes, the Chernobyl nuclear accident and the loss of the Mars space probe. ‘But to be honest, those spectacular errors that happen once every few months are not the biggest cost,’ Sousa says. The biggest cost comes from the ones that are made day in day out in an organisation. They can end up costing millions of dollars a year. In fact, for large organisations, it would be billions of dollars. One of the pharmaceutical companies we work with estimated that every time an error was made, in paperwork or process, investigating that error — just investigating it — cost $5000.’
What Talsico does is to examine the way things are done to find weaknesses, using an understanding of the way the brain processes information. The types of errors are categorised, so that the reasons can be understood and dealt with. By doing this, the consultancy claims to cut documentation errors by a minimum of 73 per cent and waste and rework by 60 per cent. Sometimes the answer is as simple as designing a system to stop factory workers from ever so slightly over-filling detergent bottles, errors that were costing one manufacturer more than $1 million a year. It is also as effective as redesigning a pure oxygen tap behind hospital beds so that it cannot be confused with the adjacent tap for clean air. The medical workers were connecting to the wrong taps at least once a week and patient safety was threatened. The hospital was already subject to an expensive lawsuit from one patient. ‘The cost to fix that was less than $15 per patient. It was nothing,’ says Sousa.
The savings that can be made by reducing error rates can be enormous. ‘In one of the companies we work with, in just one department of one branch of the organisation, by reducing some of the errors they were having, we saved $360 000 a year,’ Sousa says. Another pharmaceutical company, by reducing errors and subsequent product waste, saved $2.6 million a year, Sousa says
It is surprising then that there aren’t more companies specialising in this field. Sousa says she can’t think of one other such consultancy. Launched in Australia 12 years ago (Sousa is one of the founders), Talsico now works with 1200 companies, up to 900 of them overseas. Clients in this country include: Qantas, BHP Billiton, Arnotts, Colgate-Palmolive, AstraZeneca, Mt Isa Mines and the Australian Nuclear Science and Technology Organisation.
Sousa, a geneticist and former computer systems engineer, says that some of the measures taken by organisations to prevent mistakes actually do the opposite. One of them is to respond to mistakes by retraining or punishing. This assumes that people who make mistakes either don’t know any better, or don’t care. However, a study of 1000 people in the US by Talsico over the course of a year discovered only 6 per cent of the errors were due to people not knowing what to do. As for not caring, most people want to do a good job, says Sousa.
‘And if you want to create an environment where people are punished for errors — particularly if it is done subconsciously — it is not that they’ll make fewer errors, but that they will hide the errors they make.’ Another false measure taken by employers is to have a rigorous checking process, but this can actually encourage people to take less responsibility for the accuracy of their own work, says Sousa. Sousa has seen mistakes being made on medical labels after the text and layout had been checked by seven different people. Each of them had thought: ‘Well, I’ll do a quick check and if I miss something one of the others will get it,’ says Sousa. A wrong label could mean a product recall costing millions of dollars. A better system is to give each person sole responsibility for a small part of the task. ‘They will then give it their full attention,’ Sousa says.
(a) What does the article suggest is the main source of errors in a business?
(b) What are the implications of this article for the design and use of source documents in an organisation?
(c) Explain, using this article as a reference, why it is preferable to deal with errors at the input stage, rather than rely on detection or corrective controls that operate later in the data processing stages.
(d) Suggest three ways that organisations could make source documents less prone to errors.