Enterprise and the Business Function

An enterprise is simply a business organisation (United States International Trade Commission, 2010). Additionally, a business consists of its members and their interactions. Each member has their own role to play and their own sphere of responsibility, which contribute towards meeting the mission of the organisation. The core of any enterprise lies in how people, processes, and technology combine to deliver business goals according to the mission statement. Each stakeholder has a role to play and is assigned to a business function. Every stakeholder undertakes their routine duties through the use of technology, for example, the HR manager assigned to the middle office in the human resource department uses a laptop that has a front- end application such as Payroll. Through the intranet, HR is able to access back-end services to manage employee records, recruit new staff, evaluate the performance of individuals, and make monthly payments. Human resource also uses email to contact external stakeholders for routine services that support the business.

Human resource is the most valuable asset to any business. A business organisation relies on internal service roles combined with external stakeholders to manage it. These service roles and external stakeholders make use of technology to drive their associated business functions and roles which, in turn, creates a successful business. Collectively, an enterprise, its associated functions, and technology is made up of the following building blocks:

1) External stakeholders who require system access externally

2) Business service roles that require internal and external system access

3) Business functions within an organisation that work separately but routinely while supporting one another to attain the mission of the organisation; equally, information here must be confined to business functions it is relevant to

84

4) Access channels provide system access methods for all internal and external stakeholders; these channels must be used correctly on devices they are accessed from to prevent any security breach

5) IT systems support all business operations technologically

6) Security strives to provide defence mechanisms to facilitate smooth operation without any breach that may compromise systems, at the same time ensuring data is made available correctly based on its need to business roles

The next subsection will narrow down the building blocks of the proposed framework.

4.5.2. External Stakeholders

An external stakeholder could be a person, group, or organisation that is not directly involved in the business but affected by decisions and operations of the enterprise (Business Dictionary, 2015). These may include customers, suppliers, and other partners. While they are not directly involved in the business, their services are very important to operations such that they require access to systems. For example, transport suppliers may require access to a company’s Web portal, VPN, or email system to verify delivery or pick information of goods. However, the system should be accessible to such suppliers using an access channel strictly authorised within the confines of their business involvement. The supplier must access the system on the basis of a trackable profile that requires authentication. All these measures must be incorporated into the organisational security policy.

4.5.3. Business Roles

Business roles is a general term that describes personnel that belong to various business functions. These roles range from chief executive officer, upper management, middle management, lower management, and the rest of the staff complement. They all integrate into the business functions according to their work scopes to meet the mission statement of the enterprise. For example, the CEO may be the head of the organisation, but system-wise, he should not be able to access and control the accounting department’s payment system because it is not part of his work profile to process and release payments through accounting applications.

85

4.5.4. Business Function

A business function is an operation that is performed routinely to carry out a part of the mission of an organisation. It can be broken down into three areas, namely, front-end office, middle office, and back-end office.

4.5.4.1. Front-end Office

Front-end office is the part of the business that directly interacts with clients. Examples include service desk, marketing, and sales departments. As much as the front-end office work relies on both middle and back-end offices for certain support, e.g. if a customer enquires from a sales person at front desk on how far an application for the purchase of a product on hire purchase is, the sales person may through a written undertaking or telephone contact personnel in the middle office that handles processing of such to get an update of issue to the client; front-end office personnel should not be able to track middle office processes system-wise directly. However, they should be able to view incidents that may be in line with their roles.

4.5.4.2. Middle Office

In a business setup, this is a part of operations that provides support to both the front- and back-end offices and also draws on resources of both. Such departments could be product control, IT, legal, or compliance. Given an incident where an IT support staff receives a support request to rectify a software issue on a computer in the HR department based in the back-end office through their profile which they use to gain access on the HR computer with the fault, IT support staff may not possess the ability to view sensitive data or manipulate services such as leave applications on the payroll application.

4.5.4.3. Back-end Office

The back-end office acts as a support system to the front-end office. Work is escalated to them from the front office. For example, service desk may pass on a new application to human resource for processing. In the real world, an accounting department in the middle office may not be able to view at what level an application on the HR system has reached because of access restriction levelled against their profile. However,

86

through enquiry in writing or a phone call, the personnel may engage the HR department through permitted procedure.

In conclusion, stakeholders and business partners need to interact with part of the enterprise or business function suited to their business involvement. This interaction is facilitated by an assorted choice of available access channels.

4.5.5. Access Channels

Access channels interface system end-users, be it internal or external to the system. This avenue details how business service roles and other stakeholders such as partners, customers, and suppliers are able to access an organisation’s information system.

4.5.5.1. Access Channels for External Stakeholders

Externally, a number of access options are available including Virtual Private Network (VPN), Remote Desktop Protocol (RDP), internet, telephone, and face-to-face communication. For example, a customer can – through online shopping – log on to an organisation’s Web portal to purchase goods which they have delivered to their residence. However, such access by the client must be highly secure and only available to that unique client and nobody else. In another circumstance, a supplier providing delivery of goods through transportation must also be able to access the same organisation’s system through a Web portal to check delivery bookings; the system must limit both the client and transport supplier to what is necessary in order to avoid information overlap.

4.5.5.2. Access Channels for Internal Stakeholder

Internally, the majority of internal end-users depend on the intranet to access the system irrespective of the service role and business function they operate in. For instance, a manager in the finance department uses a laptop with an accounting application required to access accounting information stored on back-end servers. However, if a manager in the research department wishes to access information in order to prepare a report, they might have access to the same intranet, but they need to request that information from the finance manager because they do not deal with

87

financial matters; hence, they have no need for financial applications to be installed on their devices.

All access channels discussed herein are facilitated by an information system. This information system makes it possible for end-users and other stakeholders to access information resources as at when and where they need them.