Business Money Research

TCO vs. ROI – Which one to use?

Firstly, I’d like to outline the basic definitions of the two measures.

  1. Return on Investment: This is calculated by the basic mathematical equation:
    ROI = (Gain from Investment – Cost of Investment) / Cost of Investment
    It is defined by “a performance measure to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments” (Investopedia, n.d.). An important note here is that the ROI calculation can be modified to suit its situation, you may include the running costs in as the cost of investment (Investopedia, n.d.).
  2. Total Cost of Ownership: “In general, the purchase price of an asset plus the additional costs of operation” (Investopedia, n.d.).

Personally, I prefer the Return on Investment approach. While it is inherently not 100% accurate due to the fact that we cannot predict the exact gains from the investment, it will give us not only the negative aspect of the investment, but also allows us to compare it to the financial gain the investment offers.

In my opinion, a Total Cost of Ownership has the potential shock value that may scare off investors due to it only showing the capital layout as opposed to the potential benefits.

Nash (2008) conducted a study that surveyed 225 technology managers with a result showing that 59% of the managers reported that ROI calculations influenced whether they pursued a project in the past 12 months compared to 41% reporting that TCO justified their decision. Nash’s article (2008) goes further to quote a CIO who states “ROI has to be the answer. TCO only looks at one side of the equation”. As per my comments above, I concur with this statement whole heartedly.

My experience in my career has been involved in mostly development of business tools for companies. Management reporting, investment reports etc. and I have not come across a single project that has required a TCO report, but many that have requested ROI’s. I see the place of a TCO report being more of an investigation into areas of business that do not necessarily return an investment, or hold ‘asset’ value; such as weighing up the costs of ‘perk’ items for employees to see if the business has enough excess profit to justify the expense incurred.


Investopedia (n.d.) Return on Investment – ROI [Online]. Available from: (Accessed: 19 December 2010).

Investopedia (n.d.) Total Cost of Ownership – TCO [Online]. Available from: (Accessed: 19 December 2010).

Nash, K (2008) TCO versus ROI [Online] Available from: (Accessed: 19 December 2010).


Business Research

How does the lack of non-financial operational performance measurements negatively impact business performance

Measuring performance in business terms most certainly conjures up a financial equation in my mind more than anything else and I am sure that the same goes for many other business professionals.

Sliwka (2002) makes a valid point that “managers work too hard on operational issues and do not spend enough effort on strategic activities”. He goes on to point out that the reason for this is most often because managers spend their time on improving immediate business relations which reflect short term financial gains, securing their managerial position and to show constant achievements in their position.

Personally, I would compare this to majority of my experiences in purchasing second hand vehicles (of which I have done a few times), the sales person is very focused on selling a vehicle now to get his commission at the end of the month that he will say just about anything you want to hear in reference to the car you are wanting to purchase (a nice way of saying, he will lie about the car to make the sale), after the sale has gone through and you find out about the lies; they couldn’t be bothered to even respond to your enquiries. Perhaps an extreme scenario but that is what the effect of a lack in nonfinancial operational performance measures can be. Unsatisfied customers who do not return and a poor reputation due to poor long term service.

Said, HassabElnaby and Wier (2003) have researched the effects of implementing a nonfinancial operational performance measure and have found that improvements lie in both current and future stock market performance, but only partially improve accounting performance. Of course this is, as always, subjective and dependent on a variation of issues such as the firms characteristics itself.

Ironically, the implementation of nonfinancial operational measurements should be considered against the costs and risks imposed on the manager the measures are being implemented on (Said, HassabElnaby and Wier, 2003). I agree with this as focusing too much on nonfinancial performance measures could adversely affect financial performance due to the lack of concentration on those measures. As with anything; one needs to use their knowledge of the organisation at hand to assess the amount of focus each task requires.


Said, A, HassabElnaby, H & Wier, B (2003) ‘An Empirical Investigation of the Performance Consequences of Nonfinancial Measures’ Journal of Management Accounting Research, 15, pp.193-223, EBSCOhost Discovery Service [Online]. Available from: (Accessed: 19 December 2010).

Sliwka, D (2002) ‘On the use of Nonfinancial Performance Measures in Management Compensation’ Journal of Economics and Management Strategy; Fall2002, 11 (3), pp.485-509, EBSCOhost Discovery Service [Online]. Available from: (Accessed: 19 December 2010).

Computing Ethics Research

Ethical Hacking?

I believe that there are situations in which hacking a system would be ethical. Adams and McCrindle (2008) describe grey-hat attacks as having the aim of “identifying potential vulnerabilities and inform the organization of their weaknesses”; they also state that the reason for seeing grey-hat attacks as unethical is due to unintended consequences that may follow the attacks. I do not think that grey-hat techniques are ethical because of the risks they involve and that it is unethical to attack a system that you do not know or are unable to rectify (due to your lack of knowledge for the inner system).

In scenarios such as the response by hackers to WikiLeaks, users are hacking organisations and sites that fail to support WikiLeaks. An article by Neal (2010) described how a 16 year old boy from the Netherlands was arrested for his part in the “Operation Payback” DDoS attack on MasterCard and Visa. I also disagree with these tactics as no good is coming from it.

A scenario in which I would be pro-hacking is where the system in question is either involved in illegal activities or is involved in inciting illegal activities. Of course the hacking of this system would come after the correct measures of due diligence had been adhered to; such as reporting the system to their host, or to the authorities. An article by Brandt (2004) described how the NSA (National Security Agency – America) appeared at the “Defcon 12 hackers’ conference” to seek out highly skilled “hackers” to work for their organisation. Conspiracy theories aside, this scenario would be another ethical realm of hacking, to investigate illegal activities to help fight crime; anything from tracking down distributors of child pornography over the internet, to those who publish credit card details to the public.


Adams, A & McCrindle, J (2008) Pandora’s Box: Social and professional issues of the information age. England: John Wiley & Sons Ltd.

Brandt, A (2010) Feds Seek a Few Good Hackers [Online] PC World. Available from: (Accessed: 12 December 2010).

Neal, D (2010) Dutch teen arrested over WikiLeaks revenge hacks [Online] V3. Available from: (Accessed: 12 December 2010).


Computing Ethics Law Research

Responsibilities for Computing Professionals in Developing Material for the Internet

Responsibilities of the Computing Professional

The responsibilities of the computing professional, as covered in my previous posts, are both ethical and legal. It is our duty to inform and guide from our experience and expertise. The cliché of using our ‘powers’ for ‘good’ and not ‘evil’ can be broadly applied; as with almost any other profession.

Responsibilities Relating to Development of Internet Material

The word development here has a double connotation. Firstly the actual programming of “material” which could constitute any system that generates content or systems available on the internet or allows the generation of content on the internet. As discussed by Adams and McCrindle (2008, p.352), a number of malicious examples of software, created by computing professionals, are readily available on the Internet.

I’d like to briefly outline the relevant examples.

  1. Trojan Horses: These are quite literally as their name suggests, programs that pose as something innocent (most of the time), but hold inside them harmful code that will potentially damage your data or perform some other illicit task.
  2. Virus: This is a term many use to encompass all forms of malicious software, but is itself a specific type of malicious software. It can be carried with a Trojan Horse and usually replicates itself to other files and programs on the computer. Most of the time the program carries out a task that usually causes harm to data and possibly even hardware.
  3. Worm: These infections ‘worm’ their way through a network without requiring the means of a Trojan Horse or Virus to spread. If they are to spread outside of the current network they may also be carried via Trojan Horses.
  4. Zombie: These are programs designed to allow ‘back doors’ to a system so that it can be remotely accessed to perform a number of tasks (often used for Distributed Denial of Service attacks).

Secondly, perhaps a less direct means of our responsibility as computing professionals can be the “written” (typed) information we spread across the internet. Publicly releasing knowledge that could jeopardise systems is an ethical issue we need to take seriously. Sometimes, this may be a difficult decision to make but it is always something that should not be taken lightly.

Responsibilities Relating to the Usage of the Internet

Due to the global nature of the internet, its reach going into many secure facilities, government agencies, banks and other authorities; we must ensure that securing the implementations of these systems is a top priority. Adams and McCrindle (2008, p.368) describe black, white and grey hat crackers and the controversial issue of whether grey hat techniques are in the best interests of the organisation or not. Personally I am partial to both it being wrong and right as it really boils down to the situation at hand. If they grey-hat techniques simply identify back doors or other security threats without interfering or having negative effects on the current system, and provided the grey hat crackers do not plaster the vulnerabilities all over the internet – it may be acceptable. A paper by the Electronic Frontier Foundation mentions that grey-hat techniques may violate a number of laws such as the Computer Fraud and Abuse Act, Anti-Circumvention Provisions of the DMCA, Copyright Law and other state laws, so it is probably best to either secure your research or request permission beforehand when doing such techniques.


Adams, A & McCrindle, J (2008) Pandora’s Box: Social and professional issues of the information age. England: John Wiley & Sons Ltd.

Electronic Frontier Foundation (n.d.) A “Grey Hat” Guide [Online]. Available from: (Accessed: 5 December 2010).

Ethics Law Philosophy Research

The WIPO Copyright Treaty & Feasibility of Copyrights

As discussed by Adams and McCrindle (2008, p.423), the WIPO Copyright Treaty includes an increased moral right to the author of the work, as per their example in Germany and France that income derived from an authors work must always partially flow back to the author. Also mentioned repeatedly by Adams and McCrindle the development of patents and copyrights were brought about to encourage creativity and reward innovation. The basis of this I am in full agreement of and I do believe that creators of new innovations and ideas must be accredited and compensated for their work. In the WIPO Copyright Treaty (Adams and McCrindle, 2008, p.422), the copyright law extends to the life of the author plus 70 years after the authors death.

The limitations of copyrights I can see would be simply up to the copyright owners’ decisions on how to distribute or how much they distribute their work for. As depicted in a discussion on Google Answers (2002), where an author published a book at a very high price and then died leaving the copyright to no heirs – the public must wait 70 years until they are able to reprint the work at a more reasonable price to increase circulation.

In the feasibility of copyright value-adds and levies are really only accurately argued when considered alongside the fees that the publisher/producer etc. are adding on-top. Many argue from an idealist point of view that (commonly the argument is against musicians) artists should be doing what they do to enjoy the art and not to be all about the money; but in the world we live in – money is an important aid to quality of life and enjoyment (note: I am not saying it is what gives quality to life, but it does help a lot when compared to poverty), to quote Adams and McCrindle again, without reward for innovation and creativity, would there be as many innovations and hard work put into developing new medicines and techniques for helping people? Even music and entertainment is something important to this world.

Never mind being rich and famous but just having monetary compensation to pay bills while enhancing the new potentially life-saving innovations is something we should definitely consider feasible.

While some may take advantage of these laws we have to consider the good coming from it.


Adams, A & McCrindle, J (2008) Pandora’s Box: Social and professional issues of the information age. England: John Wiley & Sons Ltd.

Google Answers (2002) Q: Copyrights after an author’s death [Online]. Google: Available from: (Accessed: 28 November 2010).

Ethics Philosophy

If Data Protection is left to the Market, will only the Rich be truely Protected?

I think that it is somewhat unavoidable for a person to protect their data if we are to function in society at the same level of ease as the general populous. By saying this I mean, taking advantage of WiFi hotspots with our mobile devices, buying the latest cars and homes via bank finance (banks are more accepting of people with credit histories when giving credit), using the latest mobile devices with GPS capabilities and even having things like GPS tracking for security purposes in our vehicles; and not to forget, online shopping – even (some may say especially) using Facebook or other social networks.

If you were to avoid using all of these ‘luxury’ convenience items I think your data would be “safer” than if you did use them, but then how well could you function in todays society? Without a bank account, credit history, even internet access you are severely hampered from being able to actively and efficiently perform in today’s fast paced life.

The question of data protection going to the rich, I am not so sure how well the rich are covered in data protection, generally I would assume that the richer you are the more on the ‘government radar’ and ‘marketing radar’ you would be. With large transactions moving in and out of the country/even nationally the local tax authorities are generally flagged on such movements. While there may be ways around these issues I do not think there will be commercially available services to evade the ‘watch dogs’ of society, regardless of price. With many luxury subscriptions and items, your information is generally shared to marketing companies.

While my above point touches on potential ‘grey area’ privacy issues, for general privacy such as email and internet usage and personal data, I do think perhaps the wealthy would have a better chance of remaining ‘private’, with premium email service providers who run on SSL connections and perhaps a more dedicated means of connectivity onto the internet, the wealthier would be able to afford the means in which to encrypt and secure their data.

That said, the Open Source and Freeware Software movement is still fairly rife; while, arguably, sometimes not as ‘good’ – probably more accurate to say, not as comprehensive as the commercial applications; there are tools at no cost for securing the devices you use to access the outside world which may contain your private data.

Referring to my previous post, new laws for anti-spam and opt-in & opt-out communications are helping all areas of society maintain their privacy.

Law Research

Privacy and Data Protection laws in South Africa

The South African Bill of Rights states that everyone has the right to privacy which includes the right to not have their person, home or property searched, their posessions seized or the privacy of their communications infringed (South African Government, 2009).

The same Bill of Rights states that everyone has the right of access to any information held by the state and “any information that is held by another person and that is required for the excersize or protection of any rights” (South African Government, 2009).

South Africa also has the “ECT Act” (Electronic Communications and Transactions Act), which covers personal information that has been obtained through electronic transactions, which defines a set of rules between the person the information is about and the person/organisation (“data controller”) who is holding that information. This act states that the data controller must abide by all of the following points:

“(1) A data controller must have the express written permission of the data subject for the collection, collation, processing or disclosure of any personal information on that data subject unless he or she is permitted or required to do so by law.

(2) A data controller may not electronically request, collect, collate, process or store personal information on a data subject which is not necessary for the lawful purpose for which the personal information is required.

(3) The data controller must disclose in writing to the data subject the specific purpose for which any personal information is being requested, collected, collated, processed or stored.

(4) The data controller may not use the personal information for any other purpose than the disclosed purpose without the express written permission of the data subject, unless he or she is permitted or required to do so by law.

(5) The data controller must, for as long as the personal information is used and for a period of at least one year thereafter, keep a record of the personal information and the specific purpose for which the personal information was collected.

(6) A data controller may not disclose any of the personal information held by it to a third party, unless required or permitted by law or specifically authorised to do so in writing by the data subject.

(7) The data controller must, for as long as the personal information is used and for a period of at least one year thereafter, keep a record of any third party to whom the personal information was disclosed and of the date on which and the purpose for which it was disclosed.

(8) The data controller must delete or destroy all personal information which has become obsolete.

(9) A party controlling personal information may use that personal information to compile profiles for statistical purposes and may freely trade with such profiles and statistical data, as long as the profiles or statistical data cannot be linked to any specific data subject by a third party.” (South African Government, 2002).

In contrast to the UK, South Africa does not specifically have a Data Protection Act, if we look at the Data Protection Act 1998 for the United Kingdom (United Kingdom Government) we see that it’s section on “Rights of access to personal data” are almost the same as South Africa’s but contains a much more comprehensive overview on the subject.

Interestingly enough the U.S does not have a specific Data Protection Act. They have the “Privacy Act of 1974” and the “Computer Matching and Privacy Act” but both of which only apply to personal information held by the government and does not include other entities. The U.S has another act, “The Privacy Act” which can be described as follows: “The act set forth some basic principles of “fair information practice,” and provided individuals with the right of access to information about themselves and the right to challenge the contents of records. It requires that personal information may only be disclosed with the individual’s consent or for purposes announced in advance. The act also requires federal agencies to publish an annual list of systems maintained by the agency that contain personal information.” (Stratford & Stratford, 1998).


South African Government (2009) Chapter 2 – Bill of Rights [Online]. Available from: (Accessed: 14 November 2010).

South African Government (2002) Electronic Communications and Transactions Act, 2002, No. 25 of 2002 [Online]. Available from: (Accessed: 14 November 2010).

Stratford, J.S & Stratford, J (1998) ‘Data Protection and Privacy in the United States and Europe’, IASSIST Conference, 21 May, Yale University. New Haven, Connecticut: University of California.

United Kingdom Government (1998) Data Protection Act 1998 [Online]. Available from: (Accessed: 14 November 2010).

Computing Ethics Philosophy Research

Ethical Responsibilities of the Computing Professional

What responsibilities do we as computing professionals have in our industry? Do we have a responsibility solely to follow the goals and policies of our company?

Computer professionals, in my opinion, have ethical responsibilities but I do believe that in some circumstances these responsibilities are unattainable due to external circumstance.

In general, I believe a computer professional should be able to grasp and understand the goal of the intended system or systems they are working on. Not only to make ethical judgement but to perform their role in the development of such system from an informed point of view. If the professional is aware of the overall goal that the system is being developed for and the implications of such a system, he or she should be able to make judgement whether they approve or disapprove of the ethics behind such a system.

The problem with ethics is that different people, cultures etc. have different beliefs in right and wrong. So in this scenario a code of ethics for the organisation should be established to avoid any blurred interpretation, also so that the perspective employees can review them before deciding to apply for a job at the organisation (Payne, 2003).

To directly answer the question of what computing professionals responsibility to society at large are, I would say, is to keep the views of the user and the law in mind, while adhering to their responsibility in their organisation. To look at it from a user’s perspective and think of the effects that the system may have, both positively and negatively on the general populous. As well, to not knowingly jeopardise a system by infringing on copyrights or patents (Adams & McCrindle, 2008, p.10).

That being said, I do not think it the blame should lie on the professional. Today with the cost of living, you cannot choose to leave your current employer (and salary) due to your beliefs that what they are doing is, perhaps, wrong in your definition.

I feel that the goal of such projects and the determining of right and wrong in the broader scheme should lie in the area of business ethics and would be aimed at the organisation and decision makers of the project more than the professionals involved in carrying out such tasks.

To summarise I would say the responsibility of the professional is to carry out their role in the project to their best ability and concentration, to ‘care’ about what they are doing with the bigger picture in mind, rather than just going through the motions. This will hopefully ensure a quality production. The business ethics of right and wrong is more the responsibility of the organisation.


Adams, A.A. & McCrindle, R.J. (2008) Pandora’s box: Social and professional issues of the information age. West Sussex, England: John Wiley & Sons, Ltd.

Payne, D (2003) ‘Engineering ethics and business ethics: commonalities for a comprehensive code of ethics’, IEEE Region 5, 2003 Annual Technical Conference, pp.81-87, IEEE Xplore [Online]. DOI: 10.1109/REG5.2003.1199714 (Accessed: 7 November 2010).

Computing Ethics Philosophy Research Software

What questions to ask in the Turing Test?

This issue is based on the “Turing Test” – you can read about the Turing Test and what it is by clicking here (to summarise, it is a test first proposed by Alan Turing where a human and a computer are asked a series of questions, and if the interrogator is unable to tell which is the computer, the computer has passed the “Turing Test” – the computer is able to “think”).

The 5 questions that I would ask the “computer” in the Turing Test would be the following:

  1. What was the most influential event of your childhood and how do you feel this event affects you today?
  2. Who are you as a person?
  3. Describe your feelings if you were to be given the opportunity to fly to the moon?
  4. If you were to draw yourself as an abstract painting, what colours and shapes would you use and why?
  5. What emotions have been involved in answering the questions that I have given you up to this point and what do you feel is the strongest question out of the 4?

I have chosen these questions as they are all fairly psychological and open to interpretation. While each individual question may be able to be answered individually, the group of questions describe a person’s personality and character in an abstract manner.

By looking at the answers to questions 1 and 4 you should be able to get the same idea as the answer to question 2 should give you, question 5 should culminate all questions and should be difficult to simulate a valid response, it is also completely dependent on the answers given to the previous 4 questions. Each question can change the final response in its own way. The second part of question 5 also can be interpreted based on human emotions involved in the answers to the previous 4 questions.

There is no definitive correct answer to any of the questions but human intuition will give the upper hand in deciding whether the answers given tie up to being human or machine.

PS: This is a highly debated topic of whether this test can really test for machine thought (AI), and some have proven that a series of random pre-programmed answers based on keywords may pass the test

Computing Ethics Research

Ethical issues with advances in medical technology

I’d like to discuss the issue outlined as follows:

“Medical treatment has advanced to the point that numerous parts of the human body can now be replaced with artificial parts or parts from human donors. It is conceivable that this might someday include parts of the brain. What ethical problems would such capabilities raise? If a patient’s neurons were replaced one at a time with artificial neurons, would the patient remain the same person? Would the patient ever notice a difference? Would the patient remain human?” Brookshear (2009, p.553).

The ethical problems with replacing parts of the brain by “artificial” parts would be those of “playing God”. The beliefs behind God and religion would play a large role in the ethics behind this, defeating death when many may turn to the belief that we die at a certain time for a reason.

Aside from that, there is also the issue that prolonging the lives of beings can aid to over population. The more living beings there are on the planet the more resources are required to sustain the living, this would eat into the earths already limited resources.

If a patient had artificial neurons replacing their existing ones, the theory behind the neurons themselves are that they ‘learn’ from experience, if the artificial neurons are placed with the other neurons, they should learn from the other neurons and therefore the person should remain the same. Although this depends on the question of how many neurons are replaced and what ‘intelligence’ did the neurons contain that were lost may definitely affect the person.

I have done some research on the question of ‘What makes us human?’, briefed over a few websites on the discussion, which I will list:

Interestingly enough none of them really delved into the topic of us being living, breathing organisms (thus, making us human) – more so they bridge on the idea that our intelligence is what makes us human, our emotions and creativity.

With the dawn of this new era of AI (even though it dates back to the 1950’s), I think that we are going to have to re-visit our definition of what makes us a human to include the above.

Personally, I think if we maintain our emotion, unique personality and creativity, we are still humans, irrelevant of the fact that we may have some artificial organs. If we lose the ability to have emotion, feelings and ideas then I feel we have lost what makes us human. What is the point of replacing an entire brain if the result is a totally different ‘person’ in the same skin? I do believe there are boundaries that should be kept. This subject is huge and I don’t think it is quite as easy as one may imagine to answer whether it is right or wrong. Personally, I lean towards being in favour of it, but then, as I mentioned above, how are we going to tackle overpopulation and the diminishing resources of this planet?


Brookshear, J.G (2009) Computer Science: An Overview. 10th ed. China: Pearson Education Asia Ltd