THE INTERNET AND INTRANET IN THE WORKPLACE

By Katherine R. Lozier, CPA, CISA

Setting Internet Policies in the Workplace

The Internet! The World Wide Web (WWW)! Cyberspace! Intranets! E-mail! Hype or Helpful? Why should an organization have a presence "out there?" Why use the Internet or the World Wide Web ("the Web") at the workplace? And what about an Intranet at your organization is it a fad or a must? Each organization must weigh these decisions, with their organizational missions and goals in the forefront. A cost versus benefit analysis is certainly an important consideration. Once the organization decides to take the plunge to cyberspace, the organization will quickly begin to reap the marketing, networking, and knowledge benefits.

The organization has made the leap to cyberspace, has obtained a provider, and has obtained all hardware and software requirements. The organization must now consider policy issues and take note that the basic business rules and modes of conduct apply also in cyberspace. The Web is "operated" by the Internet Architecture Board, staffed by volunteers who define and establish standards and monitor resources and information. There are very few operating procedures and rules on "The Net." No one person or entity "owns" the Internet and enforcement of standards and protocols is unclear and ill defined.

Presented is an action plan for the organization ready to enter cyberspace.

* Consider establishing a Web committee that will define and resolve the major issues and organizational exposures.

A) Obtain suggestions from personnel.

B) Network with other organizations with an Internet presence.

C) "Surf the Web" for information of what's out there and ideas.

D) Attend a seminar on how to create a Web presence.

E) Consider hiring a web consultant.

* Determine and define exactly what the Web will be used for (this will be an evolving process). Your organization may have one or several of these reasons. Once these decisions are made, set them into organizational policy.

A) marketing.

B) competitive presence.

C) research.

D) organizational bulletin board.

E) resources for customers/clients.

F) electronic mail.

G) business contacts.

H) actual commerce transactions.

* Define, evaluate and design the organizational Web site.

A) The primary goal of the web site is to have "Web visitors" viewing your web site.

B) The keys to a great web site are content and pages that load quickly.

C) Update and refresh the site frequently for maintaining good traffic flow
and for changes in the organization
information.

D) The Web site is to support the mission statements and goals of the organization, as well as to reflect the philosophies of the group.

E) Obtain suggestions from personnel for Web site content.

F) Address confidentiality and privacy issues of the organization.

* Evaluate the cost versus benefit of an in house Web master or outsourcing the function.

A) The purpose(s) of the Web site.

B) Frequency of updates.

C) Number of personnel involved.

D) Turnaround time.

* Evaluate the level of access personnel will have to the Web.

A) Consider imposing limits based on job functions and requirements.

B) Evaluate carefully whether all users will have access to the Internet search engines.

C) Clearly state whether personnel will have access to the Internet relay chat (IRC) or Usenet newsgroups. Explicitly state this in policy and monitor it.

D) Consider granting access to e-mail and the organization's web site only. Evolve from there, based on the member's job requirements.

* Determine who should be allowed to use company resources in accessing the Web.

A) Appraise by job function and work requirements on a nondiscriminatory basis.

B) Provide written procedures to all members granted access as to their access level and what they are to use the Web for.

C) Document each member's access description authorization.

D) Evaluate and document who is authorized to download and upload to the Web. Privacy, confidentiality, indecency, viruses, among other issues are critical Web issues.

E) Decide whether personnel will be permitted to use their company Web access at home, from the road, or other locations. Outline this clearly into the
policy.

F) Provide the organization's policies and procedures to those with an access to Web use.

* Judge the adequacy of the organization's security policies and procedures.

A) Evaluate the organization's current firewall, making necessary adjustments for the Internet's open architecture.

B) Purchase additional software for restricting access to defined sites, and to downloading and/or uploading functions.

C) Review the organization's virus software and upgrade as needed for Web use.

D) Verify that the security policy has existing adequate procedures to prevent and/or detect unauthorized access to the Web.

E) Obtain all necessary software licenses and monitor for potential software
piracy.

* Establish and prepare adequate training materials for personnel using the Web.

A) Consider hiring a consultant to conduct training sessions onsite. Consider sending employees to Internet training sessions.

B) Purchase books, magazines, and other materials that are good resources.

C) Assign personnel the tasks of scanning the Web and the library for additional information and resources on the Web. Since the Web is continually changing, there are always new topics and information.

* Educate personnel on the current and potential issues with Web use.

A) Confidentiality of organizational
information.

B) Employer monitoring and employee accountability regarding adherence to organizational Web policy.

C) copyright laws.

D) indecency laws.

E) security and virus issues.

F) web protocol, etiquette.

G) consequences of noncompliance.

* Investigate and determine how management will measure and monitor the performance of the Web, and the accountability of Web users to the organization's policy.

Evaluation and Setting Policy for Intranets in the Workplace.

The Intranet, "intra" Latin for between and "net" in this case meaning an assemblage of information, is a private network primarily intended for organizational use only. The Intranet is simply another layer on an existing network. The Intranet utilizes all of the benefits from the Web use of the simple hypertext markup language (HTML), Internet/Web based browsers (Netscape Navigator, Microsoft Internet Explorer, Mosaic, etc.), linking of information (hyperlinks), and keyword(s) searching capabilities. An organization does not have to have a Web connection in order to establish and operate an Intranet, but the Intranet can incorporate a Web connection. An organizational Intranet can help to define, consolidate, filter, and uniformly display the massive amount of organizational information. An Intranet is a great way to communicate with personnel and disseminate information to appropriate parties.

There are an abundance of cost saving advantages and improvements to the efficiency and productivity within the organization when an Intranet is
created:

A) ability to easily limit access to organizational information by data file type

B) data/document file linking

C) reduction in software incompatibility problems within the organization

D) key-word searching

E) immediate updates and current
information

F) electronic format--saves paper, other

supplies and money and is environmentally conscious

G) immediate access to company
information

H) savings in time and money of copying and distributing information around organization

I) better Web access and control

J) elimination of mailing and postage costs for most information mailed to employees' personal residences

K) ease of use and access at the employee's convenience, especially for those

that work nontraditional business hours

L) access for the road warriors/telecommuters/personnel remotely located

M) reduction of telephone and facsimile charges

Presented are a number of issues to be considered when planning and setting policy for the organization's Intranet.

* Establish an Intranet committee to define and institute the organization's Intranet. Set the goals of what the Intranet will be used for. Define and establish the Intranet use policy, understanding that its use will be an evolving process with frequent updates.

A) bulletin board for information, announcements, job postings

B) library and search

C) policy and procedures postings

D) electronic mail

E) uniformity, consistency, and standardization of information

F) vendor/suppliers--communication and ordering

G) customers/clients--communication and ordering

H) training

I) education on new/changed laws,
regulations, other issues impacting
organization

* Define, evaluate and design the organizational Intranet--this will be a similar process as discussed earlier, including the cost versus benefit analysis of an in-house Web master or hire a consultant. Keep it simple to use.

* Determine what is required and what the cost to the organization will be: An Intranet requires planning, content, maintenance, and security concerning the Web.

A) hardware specifications and
performance

B) personnel/contractors establishment and administration

C) search engine software and upgrades

D) browser software and upgrades

E) additional firewall security software and upgrades

F) virus software and upgrades

G) maintenance cost

H) computer time and resources (software, licensing and registration)

I) retrieval and updates of Web
information

J) policies and procedures

K) access control and security establishment and monitoring

L) training and education costs

* Evaluate and decide what organizational information to consider to put on Intranet:

A) organizational and departmental goals and mission statements

B) organizational charts

C) employee phone number and internal mail stop listing

D) newsletters

E) announcements

F) organizational performance reports and selected financial information

G) promotions

H) job postings

I) policies and procedures

J) benefit information and forms

K) performance review forms

L) employee handbook

M) organizational code of conduct

N) required legal notices

O) individual departmental information

* Consider the type of information from the Web to include. The access to specific Web sites can be established through access control in the firewall system software. Access to the individual sites can be restricted on a per user basis. By establishing which Web sites to link to from the Intranet, the issues of cyberspace indecency, chat rooms, bulletin boards, aimless surfing, etc. can be potentially reduced.

A) competitors/other organizations

B) peer group/peer network sites

C) vendors

D) customers

E) financial information related sites

F) applicable research sites for various departments (restrict access to as need to know basis)

G) not-for-profit sites useful for the
organization

H) newsgroups related to the
organization

I) search engines

* Information from the Web not to grant access to on a companywide basis (refer to page 72 when determining Web access):

A) search engines

B) email/address/phone number search sites

C) computer game sites

D) leisure time/gossip related sites

E) indecency related sites

F) newsgroups not related to the
organization

G) sites that may have a greater potential for viruses

* Judge and upgrade the organization's security. Intranet security issues are similar to those for other networks:

A) review and update security of underlying data and document files

B) grant access to the Intranet and the underlying information on a "must need to know" basis

C) establish unique user accounts and proper password management

D) evaluate the firewall software, updating as needed

E) restrict downloading and uploading to and from the Intranet

F) review and monitor the Intranet security system

G) evaluate the adequacy of the virus software, improving as required

H) obtain all necessary software licenses and monitor for potential software
piracy

I) consider the use of encryption for data files

* Who to give access to the Intranet and to what information:

A) personnel: within centralized location/remotely located/decentralized locations/telecommuters/road warriors

B) customers/clients (select organizational information, product/service information, order placement, organizational announcements, brochures, bulletins, newsletters, other marketing information, e-mail)

C) suppliers/vendors (select organizational information, order information, inventory information, EDI trading partners, e-mail)

D) independent contractors as needed per project

E) outside auditors, accountants, attorneys, actuaries, etc. for information necessary for their work

* General issues to consider:

A) limitations of HTML

B) organization of hyper links

C) reliability of network hardware and software

D) structure and integrity of organizational firewall

E) confidentiality of organizational information

F) integrity of Intranet administrators

G) technological changes

H) need for continual redefining of Intranet use and Intranet information

I) monitoring and accountability
measures

J) cost versus benefits

K) indecency issues

L) security and unauthorized access issues

M) employer versus employee privacy issues

Happy surfing!

This article first appeared in
The Manager's Synopsis: Every
Manager's Resource for Financial Information System Information Newsletter (ISSN 1090-493X). Reprinted with permission of KRL Consultants & Publishers, Inc (KRLCP). The Manager's Synopsis Newsletter is a 12-page monthly
newsletter. The author may be reached by e-mail (KRLCP@poweradz.com) or
on the Web (www.poweradz.com
/KRLCP/). *

Editors:
Paul D. Warner, PhD, CPA
Hofstra University

L. Murphy Smith, DBA, CPA
Texas A&M University