Chapter 10 • Global, Ethics, and Security Management  297


            Review Questions

             1. What is outsourcing and why would a company  7. What are the components of a good information
               choose to outsource?                       technology security plan?
             2. What  are  the  advantages  and  disadvantages  to  8. With ERP implementations why would an auditor
               outsourcing?                               get involved?
             3. What are the key challenges in offshore outsourcing?  9. Why  is  the  Sarbanes–Oxley  Act  important  to
             4. List five best practices in outsourcing.  investors?
             5. What is SaaS and why is it considered as another  10. What  should  a  disaster  recovery  and  business
               outsourcing option?                        continuity  plan  include  and  who  should  be
             6. Discuss the components of PAPA.           involved?



            Discussion Questions

             1. Outsourcing is becoming more and more popular  3. Discuss  how  PAPA  principles  of  ethics  can  be
               in  companies  today.  Discuss  why  a  company  applied to ERP implementation.
               would want to outsource and how they should out-  4. The Sarbanes–Oxley (SOX) Act is important in a
               source ERP implementation.                 financial environment. Discuss how the operations
             2. Compare and contrast traditional outsourcing with  of an ERP system are affected by SOX.
               the Software as a Service. Under what conditions  5. Discuss the major security concerns in ERP systems.
               should a company choose SaaS over traditional
               outsourcing?



               CASE 10-2
               Real-World Case
               TJX Security Breach

              The TJX Companies, Inc., is the leading off-price apparel and home fashions retailer in the
              United States and worldwide, with $16 billion in revenues in 2005, 8 businesses, and more
              than 2,300 stores, with a rank of 138 in the most recent Fortune 500 rankings. TJX’s
              off-price concepts include T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright, in the
              United States, Winners and HomeSense in Canada, and T.K. Maxx in Europe. Bob’s Stores
              is a value-oriented casual clothing and footwear superstore in the Northeastern United
              States. Our off-price mission is to deliver a rapidly changing assortment of quality brand
              name merchandise at prices that are 20–60 percent less than department and specialty store
              regular prices, every day. Our target customer is a middle to upper-middle income shopper,
              who is fashion and value conscious. This customer fits the same profile as a department
              store shopper, with the exception of A.J. Wright, which reaches a more moderate-income
              market, and Bob’s Stores, which targets customers in the moderate to upper-middle income
              range. 40
                   In mid-December 2006, TJX discovered that a hacker had illegally accessed the
              network that handles credit card, debit card, check, and return transactions. The stores
                                                                              (continued)


            40  www.TJIX.com (accessed February 2001).