Managerial Decision-Making - Solution Application - Case Study Example

Managerial Decision Making – Solution Application Student’s Name Institution’s Name Date Executive Summary Decision making and problem solving in an organization differs greatly based on the nature of the problem and the danger the problem poses to the organization. This paper is based on a fictional case of an e-commerce company that experiences system security issue which result to fraud. The paper provide a brief background information on the case. The paper then defines the problem using 5Ws problem analysis technique. The problem solution is generated using brainstorming technique where a number of ideas are presented to solve the problem. The proposed solution is the evaluated using affinity diagram where the proposed ideas are grouped into three categories. Finally, how-how diagram is employed to enhance the implementation of the evaluated solution based on their categories and urgency. The problem is solved using immediate action to stop the problem, action to capture the perpetrators, and finally measures to ensure that the organization does not suffer from similar cases in the future. Managerial Decision Making – Solution Application Problem Background This paper is based on a fictional case. The XY Inc. is an e-commerce company that is involved in selling various products online. Based on the nature of the business, the company gives great importance to system security. Recently, a number of XY Inc. customers have had bad experience with their bank, since they realized that the bank has authorized online transactions with XY Inc., which they did not request. The transactions involve most expensive company’s products and thus, taking a huge amount of money from customers bank account. According to the bank, the transactions provided all the security information required for the bank to authorize the transaction and thus, the bank cannot refund the money. The bank and the customers concluded that customers’ bank information is being maliciously used to purchase the company’s products for the benefit of the company and thus, this can only be done by the company. The bank investigation claims that their system does not show any loopholes and thus, the problem is more likely to originate from the company. More and more cases are being reported on daily basis and the company is risking losing a huge number of customers. In addition, the company risk being sued by its customers for fraud related cases. The information is spreading swiftly and a number of customers have blocked any online financial transaction with the company. In this regard, the company is currently faced by a challenging task of evaluating the source of problem and solving it before it is too late. Problem Definition The best tool that will be used to define the problem is the 5Ws and the route cause analysis. The 5Ws involves answering five questions that include what, when, who, where, and why. The company’s e-commerce system is supposed to work in a secure environment where the customer selects the items to be purchased and put them in the cart. The system computes the total cost of the selected goods and output the total amount to be paid including the shipment cost where necessary. The customer is then allowed to make an order by making an online payment. In this case, the system has an interface that allows customers to pay using their credit cards where the amount paid is transferred from the customer’s bank account into the company’s bank account automatically. The transaction details are completely encrypted in the company’s database to enhance security (Bazerman & Moore, 2013). In normal case, the customer’s information should not be replicated to make any other transaction due to the security measure. Based on this case, the problem is somebody in or outside the company has managed to capture customers’ bank details and use them to make malicious transactions that appear like they have been done to benefit the company by increasing company’s sales and thus, its revenue and profit. There are two possible places that this problem could have originated. The first possible position is in the company’s online transaction system. The second possible position is in the company’ database. Either customers’ bank information has been extracted from the company database by a person who can decipher it or a spyware has been installed in their e-commerce system to capture customers’ bank information during their previous transactions. The problem has been reported recently. However, it has been going on for about three weeks. The malicious actor has managed a number of transactions before the customer realization of the huge bank account decline and tracing the transaction to the company. Therefore, this is a problem that has been on for three to four weeks period. Based on the sensitivity of the problem and the danger, this problem need to be handled with immediate effect. Therefore, the company need to define a solution and to implement it immediately (Wood et al., 2009). At the moment, it is hard to determine the person who initiated the problem. Basically, the person who is responsible for these transactions focuses on destroying the XY Inc. The transactions puts the company in the danger of losing customers, being sued for fraud, and losing the goods transacted maliciously. Therefore, this is done by the company’s enemies which could include a competitor, a normal hacker doing it for fun, or a vengeful dismissed employees. The problem affects the company, the customers of the company and the customers’ banks. Therefore, it is a complex problem that needs immediate attention. The act of interfering with the system security and creating a conflict between the company and its client focuses on destroying the company’s business. The act makes the company to appear malicious and fraud, and thus breaking the customers trust. The act is also so malicious and involves famous national banks, an aspect that would easily create publicity and thus, destroying the company’s reputation. The act also put the company in the edge of losing the received money and shipped goods and thus, making total loss. All the anticipated outcomes focus on destroying by ensuring that it has jeopardized its transactions. In this regard, the company should consider solving the problems immediately before the advanced effect of the problem, particularly, the publicity of the issue which could ruin the company’s past marketing efforts. This act would only benefit competitors or an individual who wishes to see the company’s downfall for some reasons. The malicious person involved in this act enhances huge funds transactions which will alert the customers and cost the company a lot, in case the company will have to refund the money to the affected customers. The company will lose expensive products since most of them have already been delivered or picked from the store. Therefore, this is a very serious situation that requires immediate action. It is also a complicated issue since it is hard to establish the main source of the problem. This can be categorized as a dynamic problem in which an online-based business is bound to experience now and them from competitors, malicious hackers or vengeful dismissed employees (Wood et al., 2009). Solution Generation Based on the number of uncertainties involved in this problem, the best strategy to be employed to solve the problem is brainstorming. This will entail the involvement of the management team, financial management team, and information management team in the brainstorming process. The process will involve stating the problem clearly where in this case the problem is, “interference with company’s system security to acquire and use customers’ bank information to complete products transaction in the company’s website.” The process also requires a time limit which in this case will be 5 days to establish and implement the solution. The short time limit is employed due to sensitivity of the case and the cost the company may incur in case the problem advances to a higher level (Wood et al., 2009). The main purpose of the brainstorming process is to establish the possible solution for the problem. In this case, the team will focus on establishing tangible solution to the current situation without blaming, criticizing, or judging each other. The main agenda will be establishing the main strategies to resolve the problem irrespective of its source. The team members will consider improving each other’s ideas to establish a more reliable and practical solution. In the brainstorming process, the team will try to establish the main strategies the hacker could have used to obtain customers bank information and record them. The possible strategies can be established by reviewing the company’s transaction system and the database to establish the presence of any spyware. Others include evaluating the transactions similarities such as shipment details, period of transaction, customer’s IP address, the affected banks, and the last customer’s genuine transaction among others. The main goal is to identify the main cause of insecurity, whether a software in the system or probably an internal person deciphering customers information. The established ideas based on this evaluations will be documented (Cropley, 2006). The team will propose possible measures to employ to fix the problem, after establishing the possible sources of attacks and strategies used. These measures will include solution to stop further malicious transactions while enhancing the genuine transactions, blocking all products purchased maliciously but yet to be shipped in from being shipped in, tracking malicious transactions to ensure the company can recover all previous transacted and shipped goods. This can be done by tracking the receiver of some of maliciously transacted goods that have not been shipped yet. The receiver in the other end can assist in uncovering the truth behind the perpetrator of the act. Police officers may be used in this investigation where necessary. Strategies to refund customers affected by this act to prevent negative publicity will also be arranged immediately. Other measures will include enhancing the system security further, changing the database encryption key or technique, installation of improved antispyware, and installation of workers’ background monitoring system that captures the employees activities in their computers on daily basis. Other possible measures to eliminate future attacks will be proposed too. All the above measures and other proposed ideas will be written down in a whiteboard or flip chart one after the other, as well as other reinforcing ideas (Morgan & Ozanne-Smith, 2012). The team will then review all presented ideas. The review will take place after a small break and refreshment to ensure that the team is more relaxed while reviewing their previous ideas. This creates an opportunity to add new ideas to strengthen the previously provided ideas, and to eliminate irrelevant ideas. There will be no further evaluation at this stage, however, more strengthening ideas will be encouraged to enhance the proposed solution. Solution Evaluation Brainstorming results to unstructured ideas. In this regard, the best strategy to employ to evaluate the proposed solution will be the affinity diagram. This is a cheap method for understanding and grouping information, particularly used to arrange unstructured ideas. Items are classified under different groups that tie different concepts together. In this case, the team will consider using this strategy to group their ideas into immediate solution to resolve the situation, solution to recover the loss and to nail the perpetrators, and long-term measures to enhance the system security and to ensure no such future attacks (Mumford, 2001). Among items included in the first category include, blocking the shipment of unshipped malicious transacted products, refunding the customers with their money, fixing the system to stop further malicious transactions. Among items in the second category include identifying the IP address of the transaction, transaction pattern, and tracking the owner of the unshipped malicious ordered products with the help of police officers. The final group will include items such as employment of new and powerful antispyware, installing employees monitoring system, changing the encryption strategies, and developing system security protocol (Reiter-Palmon & Illies, 2004). Implementation and Action Plan The best strategy to employ to implement the provided solution in this case will be “How-How Diagram”. This is the root cause evaluation adaptation where by the ‘why’ question is replaced by ‘how’. The diagram offers effective way of sequencing and organizing rewards, risks and options related to each probable cause of action. The question to be answered in this case is “how can we improve the system security to eliminate extraction and use of the customers’ information to fraud the company?” This will be responded using a tree diagram with three branches (Vohs et al., 2008). The three branches will consider the three identified group of solutions in the affinity diagram. The third branch will focus on long term measures which will include: use of powerful antivirus and antispyware, employing security protocol to be followed by all in the company, blocking IP addresses used in malicious transactions, changing encryption techniques and password after dismissing any IT personnel, installing employees tracking system, employing SMS system to ensure customers receive confirmation of their transaction to ensure no malicious transactions go through successfully. The first branch will focus on immediate measures to stop chaos and to safeguard the company’s reputation. The second branch will focus on capturing the perpetrator. This will enhance general solving of the identified problem (Svenson et al., 2009). References Bazerman, M. H., & Moore, D. A. (2013). Judgment in managerial decision making (8th ed). Hoboken, NJ: John Wiley & Sons. Cropley, A. (2006). In Praise of convergent thinking. Creativity Research Journal, 18(3), 391-404. Morgan, D, & Ozanne-Smith, J. (2012). Surf bather drowning risk and exposure-related factors identified by an expert panel. International Journal of Aquatic Research and Education, 6, 336-349. Mumford, M. D. (2001). Something old, something new: Revisiting Guilford's conception of creative problem solving. Creativity Research Journal, 13(3-4). Reiter-Palmon, R., & Illies, J. J. (2004). Leadership and creativity: Understanding leadership from a creative problem-solving perspective. The Leadership Quarterly, 15(1), 55-77. Smith, J. E. & Winkler, R. L. (2006). The optimizer’s curse: Skepticism and postdecision surprise in decision analysis. Management Science, 52(3), 311-322. Vohs, K. D., Baumeister, R. F., Schmeichel, B. J., Twenge, J. M., Nelson, N. M., & Tice, D. M. (2008). Making choices impairs subsequent self-control: A limited-resource account of decision making, self-regulation, and active initiative. Journal of Personality and Social Psychology, 94(5), 883-898. Wood, R., Cogin, J., & Beckmann, J. (2009). Managerial problem solving: frameworks, tools, techniques. North Ryde: McGraw Hill, Australia. Read More