User-Friendly RASCI Accountability Matrices

Right now, you’re probably thinking that’s a statement of opposites. Something dreamed up by a consultant to impress, or just to fill a blog page. But wait. What if I taught you to create order in procedural chaos in five minutes flat? ?Would you be interested then?

The first step is to create a story line ?

Let’s imagine five friends decide to row a boat across a river to an island. Mary is in charge and responsible for steering in the right direction. John on the other hand is going to do the rowing, while Sue who once watched a rowing competition will be on hand to give advice. James will sit up front so he can tell Mary when they have arrived. Finally Kevin is going to have a snooze but wants James to wake him up just before they reach the island.

That’s kind of hard to follow, isn’t it ?

Let’s see if we can make some sense of it with a basic RASCI diagram ?

Responsibility Matrix: Rowing to the Island
Activity Responsible Accountable Supportive Consulted Informed
Person John Mary Sue James Kevin
Role Oarsman Captain Consultant Navigator Sleeper

?

Now let’s add a simple timeline ?

Responsibility Matrix: Rowing to the Island
? Sue John Mary James Kevin
Gives Direction ? ? A ? ?
Rows the Boat ? R ? ? ?
Provides Advice S ? ? ? ?
Announces Arrival ? ? A C ?
Surfaces From Sleep ? ? ? C I
Ties Boat to Tree ? ? A ? ?

?

Things are more complicated in reality ?

Quite correct. Although if I had jumped in at the detail end I might have lost you. Here?s a more serious example.

rasci

?

There?s absolutely no necessity for you so examine the diagram in any detail, other to note the method is even more valuable in large, corporate environments. This one is actually a RACI diagram because there are no supportive roles (which is the way the system was originally configured).

Other varieties you may come across include PACSI (perform, accountable, control, suggest, inform), and RACI-VS that adds verifier and signatory to the original mix. There are several more you can look at Wikipedia if you like.

Check our similar posts

Computer Forensics

So you had a customer data security breach last weekend? Do you know you could be held liable in court for failing to implement required security procedures? That’s right. Due to the overwhelming surge in identity theft wherein nearly 20 million Americans have already been affected, most states have enacted laws to curtail this fast rising crime. Therefore, it is important to redefine how your company deals with customer data security.

  • First, you’ll want to know what your obligations are as dictated by law. Some places, for example, require the destruction or deletion of personal data through shredding, erasing, or by rendering them undecipherable.
  • Second, not only do you need to comply with the said requirements, you’ll also have to prove in court that you actually complied if ever a security breach does happen.
  • Third, you need to be aware of your post-breach duties to avoid being dealt additional penalties.

Obviously, such situations now call for individuals who are experts in both the legal and technical aspects regarding data security. Such individuals are practitioners of a relatively new discipline known as computer forensics.

Armed with our computer forensics specialists, we’ll be able to help you deal with the above concerns. As a result, you can be prevented from having to pay fines that can go up to hundreds of thousands of euros.

There are other equally important reasons why you would want to avail of computer forensics services. For example, you’ll need computer forensics specialists because you want to:

  • Catch a person involved in criminal activities such as child porn, stealing of personal data, and destroying intellectual property.
  • Investigate a computer, network, or even a mobile device for clues that may lead to the culprit.
  • Determine the extent and possible causes when you discover your digital data has been damaged.
  • Find and recover damaged, deleted or encrypted data regardless of whether the cause was intentional or not. If the data in question will be used as evidence in a legal action, there are certain procedures that need to be followed during recovery operations to retain the integrity of the data. Computer forensic specialists are highly qualified for such operations.
  • Implement security policies in your organisation. Such policies have to operate within legal bounds if you want to avoid possible sanctions in the future. These policies should also be designed such that future forensic operations can be conducted with a high likelihood of success.

That said, a company that integrates computer forensics into its IT security policies and practices will be better equipped to remedy the situation once data security has already been compromised than a company that doesn’t.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Saving Energy Step 1 ? Implementing a Management System

There has been much hype down the years regarding whether management is art or science. Thankfully, where people are concerned the pendulum has swung away from standard times in sweatshops in the west. However, when it comes to measuring physical things like harvest per square meter and the amount of energy consumed there is no substitute for scientific measurement, and this implies a system.

Managing energy cost and consumption down is like any other strategy. American engineer / statistician / management consultant W. Edwards Demming may have passed on in 1993. However he was as right as ever when he said:

  1. When people and organizations focus primarily on quality, this tends to increase and costs fall over time.
  1. However, when people and organizations focus primarily on costs, costs tend to rise and quality declines over time.

Demming believed that 90% of organizational problems arise from systems we put in place ourselves. This can be because we are so accustomed to them that we fail to notice when they are no longer relevant. The currently prevailing laissez faire towards energy is a case in point. What is managed improves and what is not, deteriorates. We know this. Let us take a look at how to apply this principle to energy management.

First, you need to get the subject out the closet and talk about it. How often do you do this is your boardroom, and how does energy rank against other priorities? Good governance is about taking up a position and following through on it. Here is a handy checklist you may like to use.

  • Do we use a consistent language when we talk about energy? Is it electricity, or carbon emitted (or are we merely fretting over cost).
  • How well engaged are we as a company? Looking up and down and across the organization are there points where responsibility stops.
  • How well have we defined accountability? Do we agree on key performance areas and how to report on them.
  • Are we measuring energy use at each point of the business? When did we last challenge the assumption that ?we’re doing okay?.
  • Have we articulated our belief that quality is endless improvement, or are we simply chasing targets because someone says we should.

A management system is a program of policies, processes and methods to ensure achievement of goals. The next blog focuses on tools and techniques that support this effort.

Mobile Security

Today’s advanced enterprises make extensive use of mobile devices in order for team members to exchange information, collaborate, and carry out business whenever and wherever they need to. BlackBerries, iPhones, Google Phones, and other smartphones as well as PocketPCs and PDAs are now allowed wireless remote access to the enterprise network.

As a result, they introduce additional vulnerabilities into the system.

  • Bluetooth exploits and unencrypted passwords can allow malicious individuals to gain access to private information.
  • Various wireless technologies that have substantially simplified the task of transferring data have provided openings for malicious code. In addition, the diversity of these wireless technologies combined with the constrained environments of these devices have made it difficult to come up with an all-in-one solution.
  • All PocketPCs, PDAs and smartphones can be synchronised with PCs and laptops, giving malware an entry point into computers and networks. Memory cards are guilty of this too.
  • VoIP, which are usually unencrypted, allow other people to perform unauthorised capture and recording of private conversations.

Mobile security is still an emerging discipline. Because of this, many organisations that allow members’ mobile phone access into the network don’t actually have a specific security policy for such devices.

That’s why we’re here to help. We’ll conduct a thorough evaluation of your security policies and systems in relation to mobile devices and seal gaps we spot along the way. If you don’t have the needed policies or if what you have needs an overhaul, we’ll set everything up (including the needed applications and infrastructure) for you.

Once we’ve got everything in place, you won’t have to worry about the vulnerabilities mentioned earlier. In addition to that, your organisation will already be capable of preventing the following:

  • Access to company information when the phone ends up in the hands of anyone other than the authorised user.
  • Being billed for phone usage due to virus activity
  • Unauthorised phone activity monitoring through spyware
  • Other disruptions caused by mobile-based malware

Other defences we’re capable of putting up include:

Ready to work with Denizon?

Contact Us Today