Daily Archives: December 23, 2010

How Will India Become The #2 Economy …

… if it can’t get control of the rampant bribery that plagues the entire country? From what I’ve been reading, the situation hasn’t improved any since KPMG did their 2008 study that found that 84% of Indian Businesses pay Bribes. According to this recent article over on NDTV, India [is still] among the top bribe paying country (according to a recent Transparency International study). According to the recent study, 1 in 2 Indians (54%) have had to grease the palm of authorities to get things done. Even more worrying is that bribes to the police have almost doubled since 2006 and bribes to judiciaries for registry and permit services are up as well. In other words, it’s not the private sector that is the problem, it’s the public sector!

And if the public sector is the problem, which is especially true in Bangalore which tops in India’s bribery chart, how are they going to continue to grow in a global economy when country after country is adopting anti-bribery laws, like the Foreign Corrupt Practices Act in the US or the Bribery Act in the UK (that follows the recommendation of the OECD Anti-Bribery Convention that is attempting to eradicate bribery in all of the 34 member countries). Especially when the problem is so bad that it’s said that even [the] blind are witness to bribery in India?

I don’t have any answers. Some people are suggesting that legislation may be the answer, but if officials can be bribed to ignore it, it won’t solve the problem. If you have any ideas, please feel free to leave a comment.


Bribe, bribe, everywhere a bribe
Preventing the transaction, breaking my bank
To do this or do that, you must make a bribe

It’s Not Risk Management If You Just Trade One Risk for Another!

Especially if the second risk is just as risky, or, even worse, more risky than the first.

After reading a number of articles that claim IT Outsourcing reduces cost AND risk, including this recent piece over on Global Services on Operational Risk, IT, and Outsourcing, I am getting nervous about the mad dash to the cloud that these articles are directly or indirectly promoting.

While SaaS is often the best choice for many SMEs and large scale industries without a lot of technical know-how, it’s not always the best choice, and some systems are a lot safer to outsource than others. It’s one thing to outsource an ERP/MRP, especially if you don’t store your bank account access information in the ERP/MRP, but another thing to outsource user account management if such management contains credit card information and/or detailed financial profiles that are sufficient for an average criminal to commit identify fraud in his sleep. In the first case, just about any SaaS provider will do. In the latter, you need one who not only hosts in a secure data centre, but understands security and built security (and encryption) into the application (and database) from the ground up — especially if they are hosting in a shared data centre that uses a true multi-tenant architecture. Otherwise, a hacker could break in through a weakness in the application layer, dump the database, and get unencrypted credit card numbers, bank account numbers, SINs, etc. if the application wasn’t designed right from the bottom up. This could be financially devastating to you and your customers (who, for starters, would never buy from you again and who would probably take you to court).

The requirements for outsourcing and maintaining financial systems are much greater than for Supply Chain and Inventory Management. So what if they get your inventory database. Unless you’re storing nuclear material, who cares if they know for sure that you have 250 outdated PCs, 100 rolls of steel, and a warehouse full of binders. If they were doing a competitive intelligence project and really wanted to know that much about you, they’d check one of the import/export trade data monitoring services (or just watch what went in and out of your warehouse from across the street) and know it anyway.

Before you outsource financial systems, you have to be sure that the provider and the hosted application is at least as secure as the applications and environment you’d build in house, or the outsourcing effort will come at the expense of increased risk. And if risk increases, the decrease in cost may be inconsequential.

And if you don’t have the technical savvy to make a fully informed decision, bring in a consultant who has that knowledge. Trust me when I say it will be one of the best investments you ever make.

Share This on Linked In