Auditing and Security: AS/400, NT, UNIX, Networks, and Disaster Recovery Plans / Edition 1

Hardcover (Print)
Buy New
Buy New from
Used and New from Other Sellers
Used and New from Other Sellers
from $4.91
Usually ships in 1-2 business days
(Save 97%)
Other sellers (Hardcover)
  • All (18) from $4.91   
  • New (7) from $73.27   
  • Used (11) from $4.91   


A complete and definitive guide to auditing the security of IT systems for managers, CIOs, controllers, and auditors
This up-to-date resource provides all the tools you need to perform practical security audits on the entire spectrum of a company's IT platforms-from the mainframe to the individual PC-as well as the networks that connect them to each other and to the global marketplace. Auditing and Security: AS/400, NT, Unix, Networks, and Disaster Recovery Plans is the first book on IT security written specifically for the auditor, detailing what controls are necessary to ensure a secure system regardless of the specific hardware, software, or architecture a company runs. The author uses helpful checklists and diagrams and a practical, rather than theoretical, method to understanding and auditing a company's IT security systems and their requirements. This comprehensive volume covers the full range of issues relating to security audits, including:
* Hardware and software
* Operating systems
* Network connections
* The cooperation of logical and physical security systems
* Disaster recovery planning

Read More Show Less

Editorial Reviews

This guide for auditors, IT managers, controllers, and CIOs presents tools needed to ensure that a company's IT systems are adequately protected against security breaches. IT and financial consultant Musaji begins with an overview of the structure of information systems and their security requirements. Other topics include the cooperation of logical and physical security systems, IBM AS/400 architecture and applications, AS/400 audit objectives and procedures, security features of the Windows NT server, Unix, networks, and disaster recovery planning. Annotation c. Book News, Inc., Portland, OR (
Read More Show Less

Product Details

  • ISBN-13: 9780471383710
  • Publisher: Wiley
  • Publication date: 3/7/2001
  • Edition number: 1
  • Pages: 552
  • Product dimensions: 10.00 (w) x 7.00 (h) x 1.25 (d)

Meet the Author

YUSUFALI F. MUSAJI, CGA, CISA, CISSP, is founder, director, and President of Ali's Y. Consulting, Inc., an IT and financial consulting firm specializing in computer consulting. Mr. Musaji's experience embraces the full spectrum of financial, operational, and IT disciplines required of state-of-the-art organizations. His functional and technical areas of expertise include system development and implementation, project management, computer security, and financial systems. He is widely published in IT, financial, and security journals regarding IT/user relationships, and has also developed numerous business continuity plans. He holds a Bachelor of Computer Science from York University, Toronto, Canada.

Read More Show Less

Table of Contents

Security Management.

Physical Security.

IBM AS/400 Architecture and Applications.

AS/400 Audit Objectives and Procedures.

Windows NT Server: Security Features.



Disaster Recovery Planning.


Read More Show Less

First Chapter

Note: The Figures and/or Tables mentioned in this chapter do not appear on the web.




What drives revenue and profit in today's economy is undoubtedly the mix of hardware, software, and services. Often the differentiator for this mix is the highly skilled, motivated, leading-edged employee who determines the company's competitiveness and its growth in the marketplace. Growth is linked to satisfied customers whose loyalty is the foundation for success. Thus, the factor that determines a company's growth and its customer satisfaction is the quality of its employees.

Employees are committed and highly motivated when their work environments enable them to go the extra mile for their customers, their company, and their colleagues. This is what builds a network of dynamic employees who strive to be the best at providing value to their customers. Similarly, what mobilizes the employees to understand the elements of the security culture and to see its relevance to the company's business success as well as their own personal success are the dedicated Information Security (IS) manager—leaders. It takes dedicated IS manager—leaders to guide the transformation to a dynamic security-conscious culture.

Employees continue to be a company's greatest asset, perhaps more so now than ever before. That's why IS manager—leaders must not allow the urgency of their daily workload to take precedence over the important time needed for the employee aspects of their roles. Following are five factors that contribute tocustomer satisfaction:

1. Image
2. Value
3. Price
4. Quality
5. Technology-Leadership

Of these, image is considered to be four times more important than any of the other factors. Image is a composite of four employee-related issues:

1. Highly skilled employees who are committed to excellence.
2. Employees who are responsive and helpful and who take charge.
3. A company that is customer oriented and easy to do business with.
4. A company you can trust.

Fulfilling customer satisfaction on these four issues, especially the first two, is very dependent on IS manager—leaders being the best at leading employees and managing employee processes. Without highly skilled and motivated employees, the company's image regarding security conscientiousness will be low. IS managers need to ensure that employee management processes are world class. It is not the managers who are more important than nonmanagers, rather it is the employee management process that is more important than ever before. It is important to differentiate the processes from employees, some of whom are managers and some professionals, who share responsibility for their collective success.


To define IS manager—leader roles, the following questions need to be addressed:

  • What is the mission of IS manager—leaders currently and in the future?
  • How does their mission relate to a company's Information Security culture, and what would a security-conscious culture/ company look like?
  • What roles should IS manager—leaders use to accomplish their mission?
  • How do the new realities of team-based and process-managed matrix organizations impact the roles of IS manager—leaders?
  • What skills are required for IS manager—leaders to accomplish their roles?
  • Is the employee aspect of IS management/ leadership as important as it used to be?

Answers to these questions lead us into the realm of dynamic culture, the creation of which requires the redefinition of manager—leader roles. Redefinition requires understanding the following terms:

  • Information security manager versus information security leader
  • Information dynamic culture
  • Roles versus jobs and titles
  • Past versus current and future expectations

Also, the title of this section refers to "roles" versus "the role" of the information security manager—leader. The plural form suggests that the information security manager—leader job is composed of multiple roles, and that it is the mix of these roles that is changing.

Next, we will redefine the mission and roles of information security manager—leaders, as well as position the "Information Security Manager-Basic" skills template against the expected Information Security manager—leader roles in a dynamic culture.


Any successful business strategy is geared toward being the leader in creating value for customers. This is also a competitive imperative. Highly satisfied customers whose loyalty is contagious drive a company's ongoing growth of revenue, profit, and market share. Therefore, it is the loyal customers who drive a company's long-term growth.

Loyal and very satisfied customers are created when they experience world-class technology, integrated solutions, services, and support and above all else, a sense of security and privacy about their personal business. Only dynamic companies that thrive on challenge and change can sustain these customer loyalties. A dynamic company is synonymous with a dynamic culture, symbolized in the starburst of energy in Exhibit 1.1.

Culture is defined as the climate of behaviors, norms and values, and assumptions in which we are immersed and on which we depend. Culture surrounds and permeates our jobs and roles and is embodied in our systems, structures, and processes.

Transformation to a dynamic culture is a "must do" not a "nice to do," driven by the realities of the external environment (competition, regulations, marketplace demands), as Exhibit 1.1 shows. The desire for growth of market share, revenue, and profit provides the "pull" for the dynamic culture. The external environment and the fear of business efforts failing provide the "push." The collective reengineering work, which is the most massive reengineering effort in corporate history, is geared toward business success. The required supporting cultural context is discussed in Exhibit 1.2. The failure rate of reengineering efforts in corporations—attributed to failure to transform cultures in conjunction with reengineering efforts—has been high.


The diamond-shaped chart in Exhibit 1.2 shows the four factors that must be present for reengineered processes to be effectively implemented. It is not enough to only have reengineered processes. The new processes will fail without the accompanying changes in job activities, the management and monitoring methods, and norms and values embedded in the organizational culture—the intangible cultural factors below the surface depicted by the wavy line in Exhibit 1.2.

Think of the reengineered processes as the visible tip of the iceberg above the surface. Just dropping new methods and ideas on employees will not work, especially if the processes have been truly reengineered. More than half the reengineered efforts have failed because companies overlooked the crucial importance of the cultural factors below the surface. Companies cannot afford to squander their huge investments in the new processes if the expected return on their investment is dismal. Consequently, attention to cultural underpinnings is becoming mandatory.

The word transforming is intended to capture both the journey and the need for dynamically sustaining the new culture. This requires modeling the new culture in the way one performs ongoing operations, nurtures new relationships, and adds value in the evolving organizational network: Satisfied Employees Satisfied Customers.


While everyone benefits from a dynamic culture—employees, customers, and the share-holders—the focus is now inward; you cannot change the external environment unless you change the internal one first, that is, employees. It is becoming increasingly apparent to the leading companies that the success of employees and the success of the organization are closely intertwined. Thus, ensuring that employees are seen as drivers of the organization, on an equal footing with customers and investors, is pivotal to creating dynamic work environments. Making employee satisfaction a central driver in the organization demands a culture in which employees take responsibility for their own success and the success of the organization. Customer relations mirror employee relations: "Do unto your employees as you would have them do unto your customers."

Employees must be motivated to invest their discretionary effort in goals that both maximize their satisfaction and maximize the company's success. It is this "volunteerism" that is the power source of a dynamic culture.


It is important to understand the roles of IS manager—leaders that enable the transformational mission, the skills required to perform these roles, and why attention to employees is more important than ever. Following are five key points that provide the outline of a dynamic culture:

1. A common language to describe a "dynamic culture/ company": The three-layered model of any culture—behaviors, norms and values, and assumptions—provides a framework for describing the desired dynamic culture.

  • Twenty behaviors: A twenty-behavior "starter set" and a self-assessment of these behaviors in a dynamic culture/ company is provided.
  • Three norms and four values: The three essential commitments of win, execute, and team are presented as the categories for the "norms." The four "values" are respect, integrity, teamwork, and excellence.
  • Assumptions: These include the eight key principles and fundamental mind sets about human nature.

2. Transformation requires IS managers to lead and IS leaders to manage: That's why the term IS manager—leader is used. Terminology such as "IS manager," "IS leader," and "IS manager—leader" will be defined.

3. IS manager—leaders lead, manage, and do: IS manager—leaders accelerate the transformation to the new behaviors of a dynamic culture/ company as they perform five roles that blend leading employees, managing processes, and doing tasks:

  • Leading: "Leading the Organization/ Setting Direction" and "Leading by Example/ Leading Day to Day"
  • Managing: "Managing Business Processes" and "Managing HR/ Employees Processes"
  • Doing: "Doing Specific Business Tasks"

4. The IS manager—leaders'skills template is aligned with their roles: The "IS Manager-Basic" skills template in the Skills tool has fifty skills—fifteen of which are key skills—that map to the IS manager—leader roles.

5. Employees are the most important asset: A dynamic company/ culture requires highly skilled and motivated employees, and IS manager—leaders must maintain top priority on creating an environment that attracts and retains dynamic employees.


Ideally, IS manager—leaders have to be impatient with themselves and with the obstacles that inhibit the pace of the transformation. They need to have a sense of urgency, driven by the realization that business results depend on the success of these changes.

First, as implied by the transformation mission, IS manager—leaders need to be change sponsors, change agents, change advocates, and change adopters. They need to embrace these change roles and to be "change shock absorbers" who reduce pain, confusion, and frustration as they "unfreeze" the contemporary culture/ company. Second, they need to collaborate cross-functionally and model teamwork in their network of relationships. Third, IS manager—leaders need to be coaches and facilitators as they engage others in a long-term commitment to the journey. Commitment is not compliance. Commitment requires that the energy and creativity of employees' hearts, minds, and hands be engaged—compliance just requires employees' hands. Commitment requires clarity, relevance, involvement, and meaning, as shown in Exhibit 1.3.

Commitment Model

Compliance requires clarity and involvement in executing someone else's idea. IS manager—leaders need to understand the profound difference between commitment and compliance. A dynamic culture/ company unleashes the potential of employees who are committed to clear, relevant, and meaningful purposes that they have helped shape.

Employees will commit to the new dynamic culture when four factors are in place:

1. Clarity: Staff members understand what the new dynamic culture is—the characteristics of the culture are clear to them and they can articulate them to others.

2. Relevance: Staff members see the relevance of the new dynamic culture to the company's business success—they see how it will be good for the company's customers and help the company grow.

3. Meaning: Staff members see the personal meaning of the new dynamic culture--what it means to them personally, and they can get excited about it.

4. Involvement: Staff members want to be, and are, involved in the shaping and deployment of the new dynamic culture—without involvement, no commitment. When it is impractical to involve everyone in shaping a large-scale change, their chosen representatives may be involved. Giving employees the choice to be involved is the key point, even if they choose not to be.

The need should be for everyone, especially IS manager—leaders, to help sustain the journey and not slip back—to be comfortable reinforcing, evolving, and nurturing the dynamic culture/ company. In summary, IS manager—leaders enable the dynamic culture that generates a dynamic company, producing highly satisfied and loyal customers that fuel company growth.

The Change Model

Transformation is about change. There are many models that describe stages of personal change and organizational change. The Change Model in Exhibit 1.4 outlines five phases that are a helpful context for cultural change. This book supports the early phases of cultural change as follows:

  • Phase 1: Identify needs. This phase is supported by the pull of growth and by the push of the external environment. There is also the push to avoid squandering the company's huge investment in reengineering, as explained in Exhibit 1.2.
  • Phase 2: Determine gaps. The "desired state" will be described in the following section "Dynamic Culture Transformation," which includes an assessment questionnaire to help identify the gaps.

Our outline of the roles and skills of IS manager—leaders also touches on the following:

  • Phase 3: Mobilize commitment.
  • Phase 4: Embed change.
  • Phase 5: Revise and sustain.

However, given that real culture transformation is an ongoing process, these phases will require much iteration.


Phase 2 suggests that if we want IS manager—leaders to help accelerate a transformation to a dynamic culture/ company, we need to clarify what exactly this desired dynamic culture would look like.

Transforming any organization to a dynamic culture/ company is a quantum change. Progress can appear to be unattainable—a journey of a thousand miles—yet it can be accomplished a step at a time. The three-layered model of corporate culture suggests that culture is made up of behaviors, norms and values, and assumptions. IS manager—leaders help to bring to the surface norms, values, and assumptions and to translate them into a new dynamic culture/ company. (See Exhibit 1.5.)


The most obvious signals are indicated by the way employees behave. Judgment and experience and valuable thinking are required and there are no clear-cut answers.

From articles on management, executive speeches, and numerous discussions, twenty behaviors in the dynamic security culture were identified. They are a starter set intended to be a catalyst to more specific behaviors agreed to in dialogues throughout dynamic organizations. To help understand these behaviors in the context of an existing framework, they are organized around the three foundational organizational commitments of win, execute, and team.

A dynamic company has six core elements as shown in Exhibit 1.6. The pieces of the dynamic culture/ company puzzle are as follows:

1. Company
  • Its employees are an energetic global team.
  • It leads in creating value for customers.
  • It wins through technology, integrated solutions, and services.
  • It builds shareholder value.
  • It is involved with our communities.
2. Values
  • It expects teamwork, integrity, respect, and excellence from each employee.
3. Work
  • It works on the right things.
  • It is invigorated by work that helps it win and learn.
  • It works by principles—not rules.
  • It is proud of its products and services.
  • It uses what it sells.
4. Team
  • Its employees are diverse.
  • It shares and leverages knowledge.
  • It pays never-ending attention to improving its skills.
  • It is accountable.
  • It conspicuously shares credit for results.
5. Rewards
  • Its employees earn competitive pay and benefits.
  • Rewards are based on personal and company results.
  • Security comes from its success with its customers.
  • It has choices to make in balancing its work and personal priorities.
6. Leadership
  • Its leaders create and communicate a winning strategy.
  • Its leaders know what to do and do it.
  • Its leaders are bold in their thinking and open to new ideas.
  • Its leaders share information broadly.
  • Its leaders walk the talk.

Ten Attributes of a Dynamic Culture

The following are ten attributes that employees need to demonstrate in a dynamic culture.

1. Focus on winning
2. Insistence on results
3. Disgust with bureaucracy
4. Desire to set aggressive targets
5. Belief in accountability and commitment; concern for the truth even when it's unpleasant
6. Keen recognition of diverse, dynamic co-workers
7. Concern for quality and productivity
8. Fierce loyalty to the company's products
9. Outstanding communication with customers and co-workers; ability to capitalize on change
10. Unburdened by boundaries of place or thought

Fifteen-Point Dynamic Checklist

1. Is there a focus on winning?
2. An insistence on results?
3. A disgust with bureaucracy?
4. A desire to set aggressive targets?
5. A belief in accountability and commitment?
6. A concern for the truth even when it's unpleasant?
7. A keen recognition of diverse, high-performance co-workers?
8. A concern for quality and productivity?
9. A fierce loyalty to the company's products?
10. Outstanding communications with customers and co-workers?
11. An ability to capitalize on change?
12. A sense of being unburdened by boundaries of place or thought?
13. Do you share and leverage knowledge?
14. Do you work continuously to improve your skills?
15. Do you expect teamwork, integrity, respect, and excellence from your colleagues?


From the ten attributes and fifteen positive answers to the checklist, the following steps for organizational commitments of win, execute, and team are defined. (Also see Exhibit 1.7.)


1. Focusing on winning/ creating the best customer value
2. Putting the customer first/ the company second/ the unit third
3. Setting aggressive targets
4. Insisting on results
5. Holding employees accountable for their commitments


6. Showing concern for quality and productivity
7. Using and being loyal to the company's products
8. Communicating/ listening effectively
9. Welcoming the truth
10. Capitalizing on change
11. Showing disgust with bureaucracy
12. Putting never-ending attention to skills improvement
13. Committing to being a process-managed business
14. Modeling a work/ life balance


15. Walking the talk on respect, integrity, teamwork, and excellence
16. Valuing diversity
17. Sharing and leveraging knowledge
18. Acting unburdened by boundaries
19. Empowering individuals and teams
20. Energetically building cross-functional/ global teamwork


On a scale of 1 to 5, with 1 being "low-performance" and 5 being "dynamic," assess the environment on each of the following aspects of a dynamic culture/ company.


1. Do you focus on winning—on being the leader in creating the best value for your customers, using technology, integrated solutions, and services?
2a. Are you visibly putting the customer first/ company second/ unit third in all decisions?
2b. Are you involved with your community?
3a. Do you set aggressive targets?
3b. Are you driven by a common vision of your purpose?
4a. Do you insist on results versus effort?
4b. Do you earn competitive pay and benefits based on personal and company results?
5. Do you hold employees accountable for their commitments?


6. Do you show concern for quality and productivity?
7a. Do you have a fierce loyalty to the company's products and services?
7b. Do you proudly use what you sell?
8. Do you practice outstanding communications/ listening with customers and colleagues?
9a. Do you welcome the truth, even when it's unpleasant?
9b. Is provocative inquiry encouraged?
10a. Do you capitalize on change and quickly adopt new jobs/ roles and structure?
10b. Are you open to new ideas?
11a. Do you show disgust with bureaucracy?
11b. Do you know what to do and do it?
12. Do you work continuously to improve your skills?
13. Does your management and measurement system support you becoming a process-managed business?
14a. Are you modeling work/ life balance?
14b. Do you work on the right things?
14c. Are you invigorated by your work?
14d. Are you making intelligent choices about balancing your personal life priorities?


15a. Do you model respect, integrity, teamwork, and excellence personally?
15b. Do you expect respect, integrity, teamwork, and excellence from your colleagues?
16. Do you value diverse, dynamic colleagues?
17. Do you share and leverage knowledge broadly?
18a. Do you act unburdened by boundaries of place or thought?
18b. Do you conspicuously share credit for results?
18c. Do you willingly help others in your global company?
19a. Are you empowering individuals and teams?
19b. Do you work by principles, not rules?
20. Are you energetically and visibly displaying cross-functional teamwork?

Ongoing discussions with others in the company are valuable to assess behaviors with the lowest performance and to decide what could be done to improve them.


The three commitments of the norm categories are

1. Win
2. Execute
3. Team

The four values are

2. Integrity
3. Teamwork
4. Excellence

The resulting acronym helps remember that these are the "RlTE" values. Two of them, respect and excellence, may appear to have their origin in the company's basic beliefs, which reinforces the need to engage in dialogue to ensure the current meanings of these values are understood by all.


Companies require systems, structures, and processes to operate globally. Examples of these include the following:

  • Systems: Management and measurement systems; Reward and recognition systems
  • Structures: Hierarchical or team-based structures; Functional or matrix structures
  • Processes: Customer Relationship Management (CRM); Integrated Product Development (IPD)

These are strong levers to affect behavior since they embody the norms and values of the culture, often implicitly. They are powerful catalysts for change or significant inhibitors to it. When systems, structures, and processes are not aligned with desired new values and behaviors, cultural transformation efforts are ultimately futile.


Assumptions are like "givens," and in that respect the following principles could be considered as assumptions:

  • The marketplace is the driving force behind everything a company does.
  • At the core, a company depends on technology to help it with its overriding commitment to quality.
  • The primary measures of success are customer satisfaction and shareholder value.
  • To succeed it has to operate as an entrepreneurial organization with a minimum of bureaucracy and a never-ending focus on productivity.
  • Never lose sight of its strategic vision.
  • Thinks and acts with a sense of urgency.
  • Outstanding, dedicated employees make it all happen, particularly when they work as a team.
  • It is sensitive to the needs of all employees and to the communities in which it operates.

Some of the principles overlap with norms and values. Some overlap with behaviors. That is to be expected since they are the foundation of the culture and should be reflected in the other two layers.

Other existing assumptions that we hold and operate by are much more difficult to discover and define. These mind sets are so ingrained that we don't even think about them—it's like fish being the last to discover water. These assumptions include our unconscious, built-in mental models—the lens through which we view the world. They include latent biases and insights, which we view as obvious. We consider these paradigms so given that they are treated as normal since they often reflect assumptions held in our surrounding society. For example, "the bigger my team/ unit, the more important/ valuable I am" might be an assumption rooted in a hierarchical mind set, whereas "the more I know, share, facilitate, and lead, the more valuable I am" might be an assumption in a knowledge-based team structure. And "the more I know that no body else knows gives me more power over others and will lead to my upward mobility" might be in a politically motivated environment.

If assumptions are supportive of the norms, values, and behaviors of the dynamic culture, there is consistency. If not, there is an uneasy misalignment that requires revisiting, or perhaps discovering for the first time the fundamental assumptions.

Still to be articulated are fundamental assumptions about human nature, trust, motivation, time frame, and internal competition. The statements/ assumptions in Exhibit 1.8 provide a start to the discussion and offer a few suggestions to spark dialogue and thought. There are many others, and these may not be the right ones yet. The choice of assumptions and meanings behind the terminology has a profound effect on approaches toward team-work, empowerment, and management processes in a dynamic culture. There is a need to find meaningful ways to contribute to the surfacing of these submerged assumptions. This is difficult, important, and urgent work—and it is just starting.

Before outlining the roles through which IS manager—leaders will accomplish the cultural transformation mission, there is a need to agree on terminology such as "IS security manager—leader."


In many companies, the terms leader and manager are used interchangeably. "Manager" is more likely to appear on a business card. That is, "manager" is used as part of job titles more often than "leader" and implies accountability for both employees and business processes. Managers get business results.

The "leader" label is often applied to famous leaders like Kennedy or Gandhi and to business leaders like Jack Welch of General Electric or Bill Gates of Microsoft. In organizational hierarchies, the employees at the very top are often referred to as "leaders." In team-based organizations, "leaders" and "leadership" can be applied to anyone—most often to "team leaders," "project leaders," "first-line managers," "senior leaders," or "executives." Leaders set direction.

Leading or Managing

Terminology in the area of leadership and management can be a semantic minefield. Thousands of articles have been written about managers, leaders, and executives. There has been an explosion of books, videos, and speeches about leadership, especially in the last fifteen years. Unfortunately, most authors are less than crisp in defining their terminology. However, drawing from the essence of what the "experts" say, the following list provides some overall distinctions between leading and managing:

  • Leading is setting the direction; managing is getting there.
  • Leading focuses on the long-term horizon; managing focuses on short-term bottom line.
  • Leading employees; managing processes, systems, and structures.
  • Leading is coaching, empowering, facilitating, serving; managing is planning, controlling, directing.
  • Leading is doing the right things; managing is doing things right.
  • Leading change, between paradigms; managing and operating the status quo, within paradigms.
  • Leading situationally with earned power based on competence; managing from ap-pointed positional power.
  • Leading supports the untidiness of innovation; managing craves order.
  • Leading inspires faith in new directions; managing demands proof.
  • Leading relies on trust; managing relies on control.
  • Leading is asking "What/ Why?"; managing is asking "How?"

Leading, Managing, and Doing

Too easily we start to infer value judgments to these characteristics. We do not need either leading or managing, rather we need both as shown in Exhibit 1.9.

The label "complete leader" for the person that embodies a rich blend of both leading and managing capabilities is preferred. The term complete manager would be equally valid. This desired blend of leading and managing is further reinforced by the quote at the end of Joel Barker Joel Barker's video The Power of Vision:

Vision without action is only a dream;
Action without vision is just passing the time;
Vision with action can change the world.

Resulting from the "complete leader" label in Exhibit 1.9, it is noted that the term leadership includes leading, managing, and doing. The working definition of leadership is "the ability to effectively set/ reset direction and model interpersonal behaviors (Leading), align/ manage business and HR/ Employees processes to accomplish desired business results (Managing), and contribute personally to desired business results (Doing)."

Exhibit 1.10 shows that varying degrees of leading, managing, and doing skills are present in any job. That is, leadership is the umbrella term—leading, managing, and doing are subsets of credible leadership. Exhibit 1.10 also indicates that leadership is expected throughout the organization—it is not just the prerogative of senior managers and executives. Some employees may assume the role of a leader temporarily, in a given situation. Others may be more permanent leaders, such as in senior positions or on some teams. In all cases, the leadership elements that will ensure business success are the same.

The conclusion is that "complete managers" are required to lead and "complete leaders" are required to manage. In terms of the typical organization, "manager—leader" applies to employees who are often also called "first-line managers," "second-line managers," "senior leaders," or "executives." Some may also be "team leaders."

Self-Managed/ Self-Led Employees

Employees are assuming more and more responsibility for their own jobs, careers, skills, self-assessments, and so forth. This is healthy and encourages controlling their own destinies, as opposed to more paternalistic approaches.

The increasing empowerment of employees in all areas allows companies to be more responsive to customers and leads to less dependence on manager—leaders to plan, control, and direct employees and business processes. This is a foundational assumption of this chapter and is consistent with the notion of leaders (which all employees are, at least situationally) leading and managing themselves first.

This leads to the question of what the roles are for IS manager—leaders, as they execute their mission of leading and sustaining the change to a dynamic security culture.


A job is a collection of roles. The job of any professional, first-line manager, team leader, or executive is a combination of varying degrees of the same roles. The "Total Job Model" shows the five basic leading, managing, and doing roles in any job, with a common underpinning of personal traits and attributes.

As shown in Exhibit 1.11, any job includes five roles, to varying degrees. This may not be clear to everyone today, but manager—leaders can help legitimize these roles for everyone within their organizations. Remember, too, that the "organization" could be a team or a department, as well as larger units. The five roles are as follows:

1. Leading the organization/ Setting direction. This role is about setting the direction for change and making it happen. It consists of

  • Conceiving and inspiring a shared vision of the organization's future
  • Communicating with an open two-way flow of information
  • Gaining commitment to changes required
  • Networking within and outside the organization
  • Aligning the culture with the desired direction and strategies to attain business results for the organization

2. Leading by example/ Leading day to day. This role consists of displaying interpersonal leadership in hundreds of daily "moments of truth" with individuals and teams.

Note that this touches all other roles and reinforces the interdependencies among the leading, managing, and doing roles. The more senior the leader, the greater the "fishbowl effect"—every action of a CEO is interpreted by the organization as having meaning and intent, whether or not it was intended. This role includes the critical "3 C" descriptors of the manager—leader who is transforming an organization to a dynamic culture:

a. Coach (which, in turn, requires Consideration, Courage, Candor, and Character)
b. Change agent (which requires Communication, Cheerleading, and personal Commitment)
c. Collaborator (which requires Creativity, Competence, and a Common goal)

3. Managing business processes. This role consists of

  • Managing commitment to the defined ways of doing things
  • Challenging business processes that do not support the delivery of profitable solutions to satisfied customers
  • Managing financials
  • Initiating required improvements to achieve business results

There is an acknowledged paradox that reengineering processes require leading, but once major new processes are operational, they need to be managed, which includes implementing continuous improvements and managing the financial aspects of the business.

4. Managing HR/ Employees processes. This role ensures that the five HR/ Employees management processes, described later, are effectively executed.

5. Do specific business tasks. This role consists of performing specific tasks, alone or in teams, to help achieve business results.

Key Factors of the "Total Job Model"

There are four critical factors that apply to the Total Job Model.

1. "Lead," "Manage," and "Do" apply to everyone. All employees will find themselves implementing all five roles. The emphasis on each role may vary, based on level of responsibility, but the fundamental ingredients are the same. Styles will be unique, organizations will be at different stages in their evolutions, external environmental factors may change unexpectedly—it will not be a question of whether these roles are performed so much as which of them is appropriately favored and how they are performed.

2. Lead employees; manage employee processes. Employees are being led, and Employee processes are being managed. This is an important distinction. Perhaps manager—leaders should more specifically be referred to as "employees leaders" and "process managers."

3. Manager—leaders "Do." Since units in organizations have downsized, reduced layers of management, and become more team-based, manager—leaders are finding that they are personally performing more work—in some cases, billable work with external customers. Manager—leaders are increasingly encouraged to maintain technical skills that enable them to perform tasks alone or as team members.

4. The whole job is greater than the sum of the roles. Although it is useful to dissect the job of the manager—leader into roles, the job requires a powerful, effective, and unique combination of all roles in each situation. This is graphically acknowledged by showing the "Lead By Example/ Leading Day to Day" role touching all the other roles, however, a case could be made for all of the roles overlapping. Just as the essence of a car as a mode of transportation is more than the sum of its engine, wheels, seats, transmission, and so on, so too is a manager—leader more than the sum of the preceding roles or parts. It is the well-rounded and integrated combination of these roles that makes manager—leaders effective.

Each of us has a unique combination of strengths in the various roles, with compensating competencies in some areas offsetting others. In other words, leadership is an art. Our "scientific" analysis of leadership's component roles is simply intended to highlight aspects that contribute to intuitively effective manager—leaders.

Total Job Model Applied to IS Manager—Leaders

The auditor should ask how the IS manager—leaders spent their time and the focus of their day-to-day attention over the last few months. If they were to arrange the five roles from least dominant to most dominant, what would that sequence be? Sequence the following list from 1 to 5, using 1 to indicate the least-dominant role and 5 the most-dominant role.

____ Lead Organization/ Set Direction
____ Lead By Example/ Lead Day to Day
____ Manage Business Processes
____ Manage HR/ Employees Processes
____ Do Specific Business Tasks

List any activities performed by the manager—leaders that do not fit in the above categories. Food for Thought: Would they be more effective in the next six months with a different dominant focus?

The five roles of manager—leaders enable them to accomplish their mission of transforming an organization to a dynamic culture. Exhibit 1.12 shows how the roles contribute to the twenty behaviors of a dynamic culture outlined earlier.


The Human Resources (HR)/ Employees processes merit more explanation because of their importance. Because they are processes, there are consistent steps that constitute the best way of doing each. Managing the processes, therefore, involves ensuring that the steps are followed properly. (See Exhibit 1.13.)

The quality of execution should live up to the goal of the resulting acronym of which the letters sing the tune, "Nobody does it BEDER" than those who strive to make it Better. The following five people processes are described in more detail:

1. Balance resources. This process consists of
  • Incorporating planning for the right level of resources directly into the business processes.
  • Making sure the appropriate staffing solution/ process is used, based on the work that needs to be performed.
  • Understanding when to staff internally and when to use external resources and following the appropriate policies and processes when doing so.
  • Recruiting and hiring employees using skill-based criteria and reflecting on the diversity in the marketplace.
  • Ensuring the optimum balance of employment options, both full and part time, and respecting diverse needs.
  • Using employee development processes the way they are intended.
  • Responding to business needs to add to staffing levels and to release employees from the business and doing both with sensitivity and good judgment.

2. Engage employees. This process consists of

  • Aligning the vision/ mission/ values/ objectives of employees with the objectives of the organization.
  • Orienting new employees to their new work environment.
  • Creating an environment that accommodates each individual's diverse needs and desires so that they are engaged and energized.
  • Taking the right steps to resolve any engagement or involvement issues with employees (on Conflict Resolution at the end of this chapter).

3. Develop skills. This process consists of

  • Assessing what skills are required for the unit as a whole.
  • Ensuring that the unit as a whole has the necessary complement of skills to serve their customers.
  • Supporting and fostering the Individual Skills Plans (ISPs) of unit members.
  • Assigning developmental activities to employees that align with these skills plans.
  • Modeling the way by visibly using the Skills tools and enhancing personal skills.

4. Evaluate performance. This process consists of

  • Assessing performance against the planned commitments, with the help of feed-back from others.
  • Ensuring performance is rated equitably and fairly within and among related units.
  • Holding the evaluation session.
  • Addressing any commitment issues or opportunities.

5. Recognize contribution. This process consists of

  • Compensating employees fairly and equitably by establishing their correct job levels and following the compensation guidelines.
  • Communicating and explaining the total set of compensation programs, in an open and responsive manner.
  • Selecting appropriate rewards and tailoring recognition to the stated preferences of employees.
  • Soliciting input from the unit colleagues on who should be recognized, and how.
  • Taking advantage of the full range of formal awards offered by the organizations.
  • Paying special attention to the simplest, most valued, and most underestimated of all recognitions—a sincere "thank you."


Normally, a manager—leader is defined as "a person whose job includes accountability for ensuring effective management of employee processes and/ or business processes" to achieve business results. This accountability is normally accompanied with a shared responsibility for managing these processes.

Each element of the manager—leader definition is important:

  • "A person whose job includes accountability for ensuring . . ." because the manager—leader is ultimately accountable for the measurable results from the employees and/ or business processes. This accountability remains regardless of whether the results are accomplished personally or with others who share responsibility for them, as is common with a team. When the size of a group of employees is large (20 to 100), the manager—leader must share responsibility for many tasks to achieve successful results. However, manager—leaders must still ensure that employee and business management tasks are accomplished.
  • "Effective management of employee processes . . ." because the manager—leader is accountable for the employee or HR processes. Each manager—leader needs to know the employees for whom they are held accountable regarding the employees processes. Conversely, every employee needs to be clear who is providing support to them for these processes, especially in a matrix organization. The community of manager—leaders shares the accountability, and employees trust that a process-based approach will ensure consistency among business units.
  • "And/ or business processes" because the manager—leader usually has both employee and business processes accountability. Whereas the employee processes are generic and common throughout an organization, the business processes vary depending on the unit's mandate. Processes such as Customer Relationship Management are consistent throughout sales and services organizations but would not apply to many man-ufacturing and development units. As with employee processes, the manager—leader can share the responsibility for many of the business process tasks with others but retains accountability for the successful attainment of the business results.

So when the term manager is used, it is a shorthand term for a manager—leader whose job includes accountability and shared responsibility for ensuring effective management of employee processes and/ or business processes. The manager—leader could be a first-line manager, a general manager, a senior leader, or senior executive. The accountability is common to all of them. This is basic and is certainly not new. What is new is the fragmentation of the traditional manager's roles among several employees in many cases.


What is new is the splitting of the traditional manager roles among several employees. Because of our teaming approach and focus on expertise, what was once done by a single person, "the manager," is now often done by several employees.

A useful phrase to describe this matrix of shared responsibility is "value net." Organizations need to build "network-savvy" IS manager—leaders who are totally in touch with how they create value and with how they create the network of relationships that constitute their value net. This network of employees, partners, and suppliers forms a different organizational construct from the one prevalent in many organizations today:

  • All "eyes" in the network look to the customer not the manager.
  • Control is through process not hierarchy.
  • The IS manager optimizes the value-creation process for customers.
  • There are new anchor points for the culture: value creation, competence, and teaming.
  • IS managers need to be network-savvy practitioners not job holders in the traditional sense.
  • Relationships built on trust are vital.

The fragmentation of the traditional management job among several employees is fundamental to the new construct. Examples of specialized managers include the following:

  • Resource coordinator. This person is often not a manager in the traditional sense but has the responsibility to deploy employees with valued skills on various projects.
  • Project/ Proposal leader/ Manager. This person oversees the actual performance of work. Employees move from project to project, so they have a series of such leaders during the course of the year. Some are knowledgeable in the employee's specialty and others are not, depending on the nature of the project. This person's dominant role is the "Manage Business Processes" role in the Total Job Model described earlier.
  • Skills/ Competence manager/ Mentor. Because employees are specialists, they want someone who is steeped in their discipline, can guide them on what they should read, know what associations to join, and so on. In services, these are the practice leaders. Elsewhere, it's less formal. This role builds the intellectual capital of the company and concentrates on the "Develop Skills" process in the "Manage HR/ Employees Processes" role.
  • Personal development manager. An individual who oversees the processes involved with employment, transfers, assessment and evaluation, introduction to planning education, handling increases, and so on. They ensure that all five "BEDER" processes are working well in the "Manage HR/ Employees Processes" role.
  • Location manager. Often, if the employee has a "remote" manager, a local manager will handle concerns over personal issues, facilities, and so on. Location managers help ensure a sense of community and belonging for employees with remote management and will usually perform a balanced blend of all five roles in the Total Job Model.

This phenomenon of splitting management roles is happening in many businesses as they move to a virtual, project-based construct. Since it is important to knit these roles together as seamlessly as possible, let's look at how some of them collectively form a value net for the five HR/ Employees processes. The example is drawn from a Customer Relationship Management (CRM) environment, although it applies generically to others as well.


Some Team Leaders (TLs) and their teams have reached a level of experience and ability in which they share or assume many manager—leader responsibilities. This is especially true when the TL's business and technical expertise allows the TL to lead the team on a day-to-day basis and the manager—leaders span of support is very large. Other TLs may be new and working with a team that is in its early stage of development therefore, the manager—leader may need to be more involved. This spectrum of participation/ empowerment can be seen in Exhibit 1.14.

Exhibit 1.15 shows how the fragmented manager roles come together. The "Specific to Team" statement under the TL role in the chart acknowledges the impossibility of defining a one-size-fits-all role for TLs throughout an organization. There is a wonderfully diverse set of team implementations that should be unconstrained by decreed blueprints. The team leader might be the "Skills/ Competence Manager/ Mentor" described previously or some other "home-based" team which that person returns to between projects.

The role legend at the bottom of Exhibit 1.15 shows that "MGR" refers to the "profile-holding manager." This is the "Personal Development Manager" described previously, who is one of the prime IS manager—leaders described in this chapter.

In cross-functional teams, there may be multiple manager—leaders involved. Also, the leadership of the team will normally be shared among the TLs and the team members.

Are there any powers reserved for manager—leaders related to HR processes that are unlikely to be a shared responsibility with a team leader? Yes. Activities like administering compensation, hiring employees (making the final decision and offer), and managing individual performance issues seem likely to remain as manager—leader responsibilities. Regardless of the level of empowerment, the manager—leader is still accountable for Employees processes working effectively—with more and more shared ownership with others who have been empowered with the responsibility.

As with TLs, the implementation of new roles with processes such as CRM in the Sales and Services (S& S) organization leads to more sharing of the manager's—leader's re-sponsibilities. The manager—leader is still accountable to ensure that new processes are working—there will be multiple employees working with manager—leaders to accomplish the business results, but the process manager—leaders retain accountability for the processes driving those results. This partnering with others who share the responsibility for the Employees management processes is the essence of the change in the IS manager—leader's roles in the team-based and process-managed matrix of the newer organizations.

The five roles are built on a foundation of Traits and Attributes that are sought and expected in all manager—leaders including the IS manager—leader.


As shown in Exhibit 1.11, the underpinning of any job is the personal traits/ attributes of the employee. Examples of leadership/ management traits include integrity, business judgment, courage, achievement orientation, and energy. These are attributes that a dynamic organization looks for in all employees. The following list elaborates these traits:

1. Integrity

  • Demonstrate trustworthiness in your actions.
  • Show a constancy of principle and purpose.
  • Demonstrate a strong moral fabric.
  • Adhere to aforementioned values and principles.

2. Business Judgment (" Smarts")

  • Show the ability to think systematically.
  • Demonstrate creativity and innovation.
  • Balance intuition and thoughtfulness.
  • Handle complexity and ambiguity well.
  • Show oneself to be a "quick study."
  • Think ahead and anticipate well.
  • Show good common sense and a balanced perspective.

3. Courage

  • Demonstrate the courage of your convictions.
  • Take the risks that should be taken.
  • Stand up and take ownership.
  • Show a willingness to be different.

4. Achievement Orientation

  • Strive to grow and improve.
  • Show a desire to succeed.
  • Set clear and aggressive goals.
  • Take the initiative and lead the way.
  • Show a desire to assume more responsibility.

5. Energy

  • Have high energy.
  • Show energy and inspire others.
  • Balance personal needs.
Traits/ Attributes Are Givens

These traits are important in everyone. Consider them as "gating factors"—employees must have them to be IS manager—leaders.

Dynamic companies look for the desired traits when employees are hired, since employees often exhibit them by the time they join organizations—think of them as a starter set of "givens" from some blend of prehiring nature or nurture. The desired traits need to be explicit, refreshed, celebrated, and valued in a reinforcing cultural environment.

Ways to Improve Traits/ Attributes

If traits and attributes are important, how can they be developed and improved? To answer this, Exhibit 1.16 compares ways on how both skills and traits/ attributes might be improved.

We should hasten to acknowledge that ways to improve both skills and traits/ attributes are very similar. Selection is important to both. Fundamental to both is some form of unbiased feedback and interpersonal guidance. Experience is perhaps the major contributor in both arenas, given high-quality feedback and a climate that motivates one to change and improve. The personal desire to change and continuously improve oneself is essential for lasting learning to occur.


What skills do IS manager—leaders need to develop to accomplish their roles? The "Manager-Basic" skills template addresses the skills and behaviors primarily for the four "lead" and "manage" roles. Other skills templates more completely describe the skills needed for the "Do specific business tasks" role, so that role is not the prime focus of the Manager-Basic skills template. The fifty skills in the "Manager-Basic" skills template are listed within the manager—leader roles as indicated in Exhibit 1.17. At a minimum, manager—leaders must assess themselves against at least those skills identified as "key," which are capitalized in boldface.

Exhibit 1.17 is called a "Manager-Basic" template to acknowledge that it is a starting level. As stated in the Guidelines for Usage that are built into the online template, different organizations may elect to modify the required proficiency levels to reflect the expectations and requirements of their environments. Level 3 expects more proficiency than in the past and is an acceptable standard for most skills.


It is in the customer's interests, company's interests, and the personal interests of IS manager—leaders to ensure their customer-valued skills are current. This ensures their per-sonal mobility/ employability since the ongoing rate of change impacts long-term careers in any one position. In addition, the credibility of IS manager—leaders is greatly enhanced by their professional competence.

Modeling lifelong learning is a corollary of this. IS manager—leaders benefit from self-examination, reflection on their personal purposes, and learning what gives meaning to their lives. On that foundation of inner strength, they build knowledge and skills that enable them to fulfill their personal vision/ mission and associated roles, including those that are business related. This "inside-out" approach to leadership can be very powerful.

Finally, IS manager—leaders need to encourage the sharing of knowledge, expertise, and "lessons learned" from successes and failures. Only then will they have progressed from personal mastery and team learning to the organizational learning that raises the level of our combined pool of knowledge and experience, improving our competitive advantage in a dynamic company.


The Total Job Model shows executives' jobs with a wider band of "lead" and "manage" skills than for first-line managers. The skill templates for first-line managers and executives use the same foundational skills model. However, the executives' skill template has a higher proportion of "lead" and "manage" skills for the following three reasons:

1. The expected level of proficiency for an executive is higher on some skills.
2. Some skills for executives are more encompassing, even though there are fewer, less granular skills that are explicitly stated.
3. There is a bigger scope implied in the skills for executives than for first-line managers/ team leaders because of the larger size of the organizations and business results for which they are accountable.


Why would IS manager—leaders be involved in conflict resolution?

Because conflict in any endeavor that requires the interaction of two or more disciplines or, for that matter, minds is inevitable. As the complexity of security increases, the likelihood of differences in opinion and approach increases as a function of the number of variables involved and the amount of time required by the employees in their involvement during or after implementation of projects. Normally, these conflicts arise during implementation because of people's natural resistance to change, scheduling pressures, or initial perceived difficulty of the system to support existing reporting criteria or functionality.

What should the IS manager—leaders look for in conflict resolution strategies? The following answers this important question.


Ignoring the inevitable means that manager—leaders will not spend invaluable time and energy dealing with emotions but will keep their focus on finding optimum solutions for the roadblocks. This is so because conflicts in an implementation can be opportunities to hold back, regroup, rethink, reevaluate, and take positive steps including the following:

  • Reexamining current business practices (often the latent problems with established practices manifest themselves in conflicts).
  • Interfacing in new ways not previously acknowledged because of logistical difficulties and/ or complete understanding regarding underlying problems in which the symptoms manifested in conflicts.
  • Brainstorming and exploring several perspectives for conflict resolution.
  • Allowing those inflicted with real or perceived injuries a forum to express regard for their contribution and for their feedback.

These are important components in ensuring loyal, productive employees during the project and beyond.


How conflicts are resolved will bear on the relationships among employees and also impact the success of th e implementation. Therefore, effective steps need to be taken to manage confrontations and ensure that only positive results are obtained as a result of them. Steps for effective resolution involve establishing approaches specifically geared toward the ac-knowledgment of differences between project team members and striving for these differences to complement each other by enabling or facilitating the team members to work interdependently instead of independently.

The foundation for building a strong conflict awareness strategy is acknowledgment by the project-managing principals (team leader, coordinator, executive sponsor) that conflicts will arise, but they have to be utilized as positive building blocks instead of letting them be negative energy that will debilitate the spirit and the success of the project.

The second premise is an understanding of the reasons that precipitate conflicts. These can range from the following:

  • Political reasons—perceived or threatened loss of power or control.
  • Reorganizational reasons—anticipated coalescence of different units as a function of an integrated system, which disturbs the status quo and creates anxiety about roles within the affected staff.
  • Changes in mandated policy—these cause the staff to leave the comfort zone of change tolerance.
  • Fear of the unknown—the most difficult and volatile of conflicts in which reason does not prevail and does not resolve the issues because the adjustment phase was left out.

Paradigm shift—Setting the right attitude for addressing conflicts in an equitable and humane manner will ensure that the benefits received are the benefits required. Recognition and acceptance of the opportunities inherent in conflict resolution will set the tone for the approach to be undertaken and allow for the free exchange of opinions and ideas that are necessary to ensure success in resolution.

A critical step in building conflict resolution strategies is a formal declaration to the team members of the probability of conflict, management's attitude toward it, and the mechanisms being established to cope effectively with the issues as they arise. This step amounts to "flushing out" a potential difficulty before it precipitates and eliminates the pos-sibility of hidden agendas or token acceptance of the team activities or decisions. By declaring that conflict is inevitable and that expectations are set for positive and harmonious resolution, the employees involved in the projects will be less tempted to allow a question or concern to remain buried, which often allows difficulties to ferment and blow out of proportion.

The last and single most important step in building conflict resolution strategies is supplying the "why" in the desire for effective, timely, and complete issue resolution. This personal "why" may be supplied to the team members through:

1. A discussion of the quality-oriented benefits of conflict resolution.
2. An acknowledgment of the contributions the team as a whole can make.
3. An assurance that each member can make individual contributions through issue resolution.
4. An assurance that an organized procedure is designed and will be implemented in order to allow all team members to achieve their personal and cumulative goals.


First, establish the attitude and approach that both the team leaders and members are required to take. Then, present the structured plan for enactment of conflict resolution and the communication guidelines to be followed during all conflict resolutions to the entire team.

To validate the importance of the resolution tasks, the plan should be presented at the beginning of the project as a formal, written structure. People normally operate comfortably when the ground rules are clearly defined and understood by all players at the outset. By providing written guidelines, the misconception of different standards for different people is eliminated, putting all team members on comfortable communication ground with each other. This is a difficult task and is dependent on the quality and integrity of leadership at play because past experience has always indicated that lip service is usually the case. When people speak up, there can be repercussions, which is the main reason why conflict resolution may appear ideal in theory but improbable in practice and why it fails to secure the desired results.

In the verbal component of the conflict plan, the team leader should pay special attention to the use of "I" statements as a positive tool for clarification of the concept of organized, structured conflict resolution. Conflict is always integrated with emotionality, even if it is couched in totally professional, business-directed terms. By saying, "I believe," "I feel," or "I'm confident that our approach to resolutions will be positive," the leader is recognizing and affirming a personal emotional connection.

In a large team formation (e. g., twelve or more participants), it is more beneficial to use an Issue Coordinator than to have the project team leader assume the duties of logging, monitoring, and documenting each issue that arises. Although the team leader is the appropriate individual to present the issue resolution structure, the issue coordinator should then explain the mechanics and steps being used to ensure complete resolution. The ideal issue coordinator should be a team member with high company visibility and credibility with the other team members.

Using an issue log that adequately defines and categorizes each particular concern is absolutely necessary for organization of conflict resolution. These logs should be provided for all team members so that they have a tool at hand to address their concerns as they arise. The log, stating the description of the problem with the date and name, should be submitted to the issue coordinator who is responsible for the monitoring and follow-up of each particular issue.

The issue coordinator will want to create a summary log that becomes the "tote sheet" for all issues addressed during the implementation. This will become the final tool for the summary and tracking of all concerns that have been successfully satisfied throughout the project period.

When the coordinator has received an issue from a team member, the determination must be made relative to the "ownership" of the particular concern (e. g., if the concern is of a policy nature, the resolution would be referred to decision-making individuals within or outside of the team; if the concern is procedural or system based, then resolution is "owned" by the project team members themselves).

The issue coordinator assigns team members to the task of examining, discussing, and offering viable, mutually agreed-upon suggestions for the resolution. The members selected for the resolution should be composed of representatives from the departments or functions directly impacted by the issue raised. As an example, consider a system-use issue. This would be the responsibility for the creation of product masters. The issue could be, "the input data for the creation of the Master—should it be accounting, purchasing, or engineering?" Only the representatives from each of the applicable departments (i. e., accounting, purchasing, and engineering) would be ideal and therefore should be empowered to examine, discuss, and make a preliminary resolution.

During implementation, conflict also surfaces that involves business practices currently in use, either between or within departments. An example could be a case in which a production manager is concerned about the time it takes purchasing to cut a purchase order after the request has been made. The purchasing manager may be concerned about the increase in costs that results by reducing time. Each party is trying to serve individual department objectives at the expense of the overall company objective for the delivery of the required product in time to meet company requirements of being reliable and competitive in the marketplace.

This is an example of a common issue that, while not necessarily system related, might surface during system implementation and is therefore appropriate to address during the project. In this case, the issue coordinator would assign the two persons most closely affected by the issue to effect the resolution. In cases in which the issues to be addressed do not have the appropriate department representatives, the issue coordinator should solicit the appropriate department management to provide the appropriate human resources to complete an adequate resolution.

After assignment for the discussion of every significant issue has been made, time frames should be developed for discussion and brainstorming, if necessary, and resolution suggestions. The time frame must be pragmatic with reference to the workload of the other team members but should establish a sense of urgency and progress in the timely resolution of all issues.

Once the team members have been assigned to each issue, their preliminary resolution should be brought back to the team for review and acceptance. To explain the mechanics involved in the decision-making process, the team should provide the "what-if" scenarios to assure team members that realistic expectations are being sought. These review periods can be at the start or end of the day, during a reinforcement session, or during regular-scheduled project team meetings. However, the consistency and the seriousness with which they are held are what determines the confidence and respect that they instill within the project. Moreover, the benefits derived from bringing the preliminary resolutions back to the team for their review and acceptance range from the possibility of resolving latent conflicts unenvisaged previously, such as internal departmental problems no one could address previously because of the political nature of the beast; the support and validation to those involved including important feedback to their efforts; and an example of the value of "growing up pains" to the rest of the team. This awareness of "growing up pains" is especially important because it creates a culture of objectivity and reality that issues and conflicts, which are either system or business related, can and will be resolved many times with persistence and patience. A journey of many steps, one forward and three backward, is the prerequisite for accepting small failures in pursuit of continuous improvement strategy, which is the most, if not the only, important strategy for conflict resolution.

If a conflict or issue has not reached a satisfactory, preliminary resolution in the initial discussion between the assigned team members, it is important to reach a tentative compromise while attempts to try to develop a resolution satisfactory to all continue to be synthesized. During this process, the environment should be expanded to include additional input and monitoring by other persons who may provide valuable insight. This may include technical support, management representation, or input from the issue coordinator. However, it is still important to have the original team members lead the discussion, thereby reinforcing the intent and value of the original assignment.


When the resolution strategy is initially outlined to all the team members, particular considerations in conflict examination and resolution should be presented, and any adequate explaining should be done at the onset. By providing a set of ground rules to be followed in their meetings, the participating team members will be more apt to stay on task, and the time spent will allow resolution to be reached more quickly and completely.

The rules for effective conflict resolution address behavioral styles in all possible emotional interchanges and provide a self-monitoring check to ensure the open and free exchange of ideas without having the problem of lingering negative repositories.

The rules for effective resolution are as follows:

1. Discuss for resolution, not for the intellectual exercise or just for the meeting. This is an insidious, covert practice that sometimes develops when team members seek attention or attempt to regain control that they may feel is being lost because of the system changes. The issue coordinator should verify the existence and validity of the concern in question through thorough questioning techniques before accepting the assignment. By ensuring that this is the first rule for resolution, petty issues are more likely to disappear.

2. Discussions should concentrate on one specific topic at a time, without floundering and straying into other areas. During the discussion, if other concerns surface or are highlighted that may have a bearing on the original issues, they should be brought to the coordinator's attention, logged, and assigned as a separate issue or concern for resolution. Limiting the scope of each discussion prevents issues from being resolved adequately and in a timely manner. It also causes interference with the specific goals of the meetings.

3. The technique of aggressive silence should be employed. This ensures that each person concentrates on listening to the viewpoint and input of the others involved. No "overtalking" or interrupting should be allowed, so that each participant gets an equal opportunity to state their viewpoint openly. A good rule of thumb is that the number of questions asked by each person should be equal to the number of statements each is making. The questions should help to gain clear understanding of the other person's point of view and to elicit and examine all aspects of the situation surrounding the issue. The objective is to avoid presenting only one side of an issue and not "digging in" for an understanding of the other person's perspective. This increases the chances for positive and complete resolution of the underlying issues.

4. Only positive-response body language should be employed because normally potentially high-quality communication is reserved more by what is seen than by what is heard. Employing positive-response body language means using open, receptive posture and presenting to the other person( s) a face that is free from judgmental expressions. It is also helpful to review the following considerations to keep a conflict discussion focused on the goal of resolution that is in line with the company's operational and managerial framework. The questions to be addressed in effective conflict discussion are as follows:

  • What is the relative importance of the issue to each dissenting party? This may bring a discussion to a successful conclusion sooner because the issue being raised is often easily accommodated by the other party. By looking for the relative importance and being aware that this may be the solution at the start, much ado about nothing can be saved.
  • Where did the conflict or the issue-causing practice originate (e. g., what person or department has ownership of this particular topic)? It is often better to go back to the beginning of a problem to find the solution than to find an expedient answer.
  • How many people would be affected by a change in each relative department? People are more difficult to change than are "things," so primary consideration needs to be given to the number of people involved, which is a determination of the degree of difficulty in effecting the change.
  • What would be affected by a change in each relative department? After the number of people involved has been resolved, the degree of difficulty can be measured by the reports, forms, or techniques that would be affected by an alteration in the practice currently being examined.
  • What is the view from the top? This should be a "best guess" relative to the concern, if any, that may be presented by management concerning the issue at hand and the potential change mechanisms that are being discussed.
  • If, at this point, it is determined that the considerations surrounding the issue make it an "even-up" concern—approximately the same number of people and things will be affected—then the following question should be asked: What is more important, to satisfy my viewpoint and concern or to maintain cooperation with other individual( s) or department( s)?

The exercise of examination and discussion, when focused completely on resolution, may contribute to the company not only by facilitating system integration but also by improving the efficiency of business practices, raising the levels of communication, and increasing the level of company loyalty and employee commitment.

Please bear in mind that this is a review for the auditor. Depending on the nature of the conflict, the resolution process may require far more sophisticated procedures such as diffusion before conflict resolution can be addressed. In such a case, it becomes the auditor's responsibility to communicate the existence of such tension in the workplace. In all cases, evaluating how conflicts are managed and resolved adds value to the client's management function.


Dynamic companies need IS manager—leaders. They need IS manager—leaders who are change agents committed to their transformation to a dynamic culture and who inspire that commitment in others. They need IS manager—leaders who collaborate with their global colleagues as they pursue their customers' long-term loyalty and the attainment of their short-term business results. They need IS manager—leaders who understand the big picture, see their roles within it, continuously improve their skills, and coach and mentor others' learning. They need dynamic IS manager—leaders who know how and when to lead, manage, and do and are role models for a dynamic company's core values. Dynamic IS manager—leaders enable dynamic organizations! See Exhibit 1.19 for a summary of the IS management process.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)