CRITICAL ASSESSMENT OF NEW TECHNOLOGIES

TechnoTec Business Proposal

Student name:

ID Number:

Word count: 2,650

MACQUARIE University
ACCG3060 - Cyber Security Governance and Ethics
 Executive Summary

The rapid development of information technology, in general, and Generative AI, in particular,

has completely transformed the approach to problem-solving in people's lives. AI has provided diverse

and comprehensive solutions across various fields. AI has greatly supported business decision-making,

especially in the financial sector. Utilising AI not only enhances the logical aspect of each decision, but

also minimises errors by leveraging extensive databases and predictive capabilities. Moreover, AI's

accuracy is reinforced by its ability to reduce biases, personal interests, and emotions in decision-

making.

NoFlake is an internally–developed AI system at TechnoTec. NoFlake is designed to assist in

assessing customers' debt repayment capacity, thereby enabling TechnoTec to make appropriate credit

decisions. The development of NoFlake brings numerous benefits, including cost savings, improved

decision accuracy, and reduced vulnerability to cyber-attacks. However, it is essential to acknowledge

the limitations of NoFlake, as well as AI in general, pertaining to security and the risk of cyber-attacks.

This report aims to evaluate the benefits and drawbacks of implementing NoFlake at

TechnoTec, and highlight the potential and ethical challenges arising from the application of AI. It will

also assess the role of information technology in assisting decision-making. The report will therefore

provide recommendations on implementing security programs and enhancing the current systems for

TechnoTec.

1
 Table of Contents

Executive Summary....................................................................................................................1

1. Introduction.............................................................................................................................3

2. Technology and decision-making...........................................................................................3

2.1. The application of technology in decision making.............................................................3

2.2. Positive and negative aspects of the ethical challenges......................................................3

3. Strengths and weaknesses of using NoFlake.........................................................................4

3.1. Strengths.............................................................................................................................5

3.2. Weaknesses.........................................................................................................................6

4. Cyber Security Risks Analysis...............................................................................................7

5. Recommendation.....................................................................................................................9

5.1. Security Program................................................................................................................9

5.2. Algorithm Improvements.................................................................................................10

6. Conclusion..............................................................................................................................11

Reference....................................................................................................................................12

2
 1. Introduction

Several studies have been conducted on the application of AI in a variety of industries. AI can

be used to improve the general efficiency and enhance capacity. AI can also help to improve the

accuracy in some specific areas, for example, healthcare sector. According to Bohn et al. (2023), the

use of AI empowers businesses to make complex judgements.

Nevertheless, the society must be careful about potential concerns that emerge along with the

extensive reliance on AI. According to Jagielski et al. (2018), AI system might be vulnerable to

security breaches, such as model poisoning attacks. Additionally, Richardson et al. (2019) brought

attention to the potential amplification of inherent biases when utilising AI in the police field.

2. Technology and decision-making

More and more organizations are adopting AI in decision making due to its undeniable

advantages in terms of speed and precision. However, using AI also creates several ethical concerns

among the society.

2.1. The application of technology in decision making

Currently, AI is already being used in several fields such as recruiting, purchasing, and

forecasting credit risk (Katherine et al., 2020). Especially in the field of financial services, AI is

increasingly widely implemented and continuously expanding (Puri, 2020).

Han et al. (2023) showed that AI can improve efficiency, optimise decision-making, and

improve customer satisfaction. AI can help financial institutions make more accurate investment

decisions through predictive analytics. In risk assessment, AI can analyse large amounts of data to

identify patterns that could lead to credit risk.

3
 El-Mousawi et al. (2023) have emphasised the great application of AI in finance and

accounting. Research showed that using AI applications contributes to complex accounting and

auditing processes due to improving the reliability of data.

2.2. Positive and negative aspects of the ethical challenges

The ethical significance of AI use is widely recognised (Floridi et al., 2018, Hagendor ff, 2020

and Jobin et al., 2019), leading to various documents stating ethical principles for AI application. Agree

that the implementation of AI can bring several benefits, however, its negative aspects also need to be

aware.

First and foremost, the use of AI can improve the overall productivity of both Company and its

employee (Floridi et al., 2018). Integrating AI into daily work will solve repetitive tasks, which require

large data sources. This will save time for the employees, thereby create the financial benefit for the

Company. People will be able to focus more on tasks that require intelligence, creativity and meaning.

For example, AI assistants can help people manage their time, finances, and daily lives more

efficiently.

Furthermore, the usage of AI can promote transparency. Transparency helps users gain

confidence in the technology by providing them with insights into how AI processes (Mensah, 2023).

The transparency characteristic is also presented that, AI’s decision making is not influenced by human

emotion or personal interest. Therefore, users can explain the rationale for each decision to

stakeholders, thereby increasing objectivity and trust.

However, it is necessary to understand and analyse the negative impact in using and relying on

AI, as the ethical oversight of AI technology becomes extremely necessary (Li, 2023).

Schwartz et al. (2022) made a comprehensive study on the identification and management of

bias in AI. It can come to the risk relating to input bias, or sampling errors, etc. For example. AI is built

4
on the historical data, so deviations in input data can create inherent bias. Ho and Beyan (2020)

identified that in cases where data is collected by gathering subjective data, some pre-conceptions from

the past will be indirectly transferred to the AI systems. In some cases, when the total population is too

large, the data set will be a group of samples, which can create sampling bias (Mitchell, 2021). If this

bias is not promptly corrected, it will lead to systematic errors and can thereby cause great damage to

through wrong decision-making. This will be especially disadvantageous to disadvantaged groups in

society, causing inequality.

Another emerging ethical issue relating to the AI policy framework. According to Sumantri

(2019), the lack of comprehensive regulations on AI application and increase the risks of cyber-

security. The regulation framework is still fragmented, due to the development speed of modern

technology, as well as the consideration between cost and benefit. For example, the regulations related

to the accountability of violations due to AI-dependent decisions are not yet clearly defined. Especially

when these violations have significant social impacts, society has an increasing need to clearly identify

the root cause and the responsible party. In addition, the regulations related to the use of AI to replace

human labor have not been widely aware. Many businesses use AI to increase labor productivity, but

do not ensure the balance between technology and people, thereby not guaranteeing the fundamental

benefits for employees.

3. Strengths and weaknesses of using NoFlake

3.1. Strengths

First and foremost, the usage of NoFlake can improve the efficiency enhance the overall

productivity. Before implementing the system, TechnoTec needed 20 full-time employees for credit

rating. However, after the usage of NoFlake, only 2 operation staff were needed. The reduction of 90%

of staff has helped increase the overall labour productivity for the entire Company, enabling the

continued increase in the number of loans without the need to expand the current human resources. The

5
productivity improvement is also reflected through significant salary and other employee expenses

savings.

Furthermore, the implementation of NoFlake can enhance the effectiveness due to decrease the

bad debt rate. The improvement accuracy from 7% to 5.6%, equal to 40%, bring several benefits to the

Company. In the financial term, TechnoTec can save $700,000 per annum, with the average loan of

$50 million each year. As the loan value increases, financial benefits will increase. In the operational

term, the increase of accuracy can increase the trust from society, authorities, and investors. The reduce

of bad debt rate also enhance the reputation of TechnoTec.

Furthermore, after implementing NoFlake, TechnoTec can reduce the costs relating to cyber-

attach by nearly 40%. NoFlake can effectively minimise risk associated with technology security when

it comes to compliance. This is crucial since breaches of private data protection can lead to legal

troubles, financial damage and ruin the Company’s image. Besides, by utilising NoFlake, potential

disruptions resulting from malicious intent by external entities can be averted.

3.2. Weaknesses

Firstly, the reliance in using NoFlake can lead to wrong decisions. In current economic climate,

relying on historical data can be inaccurate. In some cases, credit assessment for customers may require

professional judgment. This will cause many serious consequences. For example, declining a potentil

loan will cause TechnoTec to lose revenue and potential customers. On the contrary, wrong decisions

will lead to significant financial loss and reputation damage.

Besides, the NoFlake was developed by 3 young internal developers. In case of employee

resignation, TechnoTec may face the risk relating to security. In addition, the lack in experience and

technical knowledge can lead to risks affecting the accuracy of the algorithm. At the same time, using a

6
third party to get input data may not ensure confidentiality or comprehensiveness of the population.

Errors in input data will create bias effects and reduce the accuracy of the algorithm.

4. Risks Analysis

The analysis of risks will be based on impact and likelihood (San Santoso et al., 2003).

Identifying uncertainties relating to business operations, ethical concerns and cyber security will help

the management have suitable approach to mitigate the consequences. The details are as follows.

4.1. Business Risk

The implementation of NoFlake can create several business risks to TechnoTec. Firstly, the risk

can come from the consideration about the model accuracy. NoFlake's input data source is taken from

third-party surveys. The development team hired Swizzle Pty Ltd to collect training data. Swizzle uses

individual backpackers to conduct surveys on major public streets in capital cities. Using third-party

data sources with unsystematised collection methods can lead to bias. This will reduce the accuracy of

the algorithm, leading to the inappropriate recommendations. The impact and likelihood are assessed as

high.

Secondly, using AI will reduce staff involved for credit evaluation. With NoFlake's support,

TechnoTec only needs 2 operations staff, reducing 18 employees, equivalent to 90% compared to

before. However, in case that the system has problems, operations will be interrupted. With only 2

employees, TechnoTec could not perform credit assessment manually. This will cause disruption as

TechnoTec cannot serve customers promptly, thereby affect customer satisfaction. If the system is

continuously interrupted for a long time, it will affect revenue, the ability to retain customers as well as

create reputational damage. However, NoFlake is an internal system built and fully controlled by

TechnoTec. Therefore, the Company had all information about algorithms and systems, helping to

reduce the likelihood of the mentioned risks.

7
 4.2. Ethical Risk

Firstly, the use of AI causes staff reductions, leading to 18 staff losing their jobs. They may not

be able to find suitable jobs matching their qualifications. This will affect their lives. Additionally, that

termination will cause a wave of negative attitude within the Company. At that time, TechnoTec may

face the risk of increasing turnover rate due to employees proactively quitting their jobs. Furthermore,

the Company also creates a stressful working environment, reducing the efficiency. The impact is

medium, but the likelihood is high. This requires the management team to have appropriate plans for

human resources allocation.

Additionally, ethical risks relating to data manipulation are entirely possible. When operations

staff understand the algorithm, they can intentionally enter incorrect customer information so that the

AI can give recommendations according to their wishes. Furthermore, unintentional errors can also

occur during the initial use of NoFlake. Operators may not be familiar with the system. The impact and

likelihood of these risks are medium.

4.3. Cybersecurity Risk

As organisations increasingly rely on digital technologies and the internet, the cyber threats are

significantly serious. This requires the need to effectively identify and manage issues related to cyber

risk. The objective of cybersecurity risk management is to identify and eliminate negative factors by

applying security measures in accordance with the organisation's risk appetite (Young, 2023).

Cybersecurity risks occur when hackers attack the system. Attacks can come from a

competitor's intention to steal input data or algorithms. More seriously, an attack on the credit rating

system could affect TechnoTec's other internal systems. As a financial institution, TechnoTec will hold

a lot of confidential information, such as personal information and transaction accounts. In addition,

TechnoTec's bank account also has a lot of available cash resources. If attacked by a hacker, the money

8
in the account can be stolen. At the same time, according to current statistics, the company needs to pay

a huge amount of money for the consequences of cybersecurity breaches every year. From an impact

perspective, this risk is considered high.

However, the use of AI will limit the number of people accessing the system. Only 2 operations

staff have access rights, and other activities also need to be authorised and approved. Currently,

NoFlake is built and maintained by 3 young engineers. The current team does not have senior

professional roles such as Chief Information Security Officer (CISO), Cybersecurity Analysts,

Compliance Officer, or IT Security Engineers to ensure comprehensive security measures. Therefore,

the likelihood is assessed as medium to high.

5. Recommendation

Applying AI will bring many benefits to TechnoTec, along with risks. Hence, the management

should take into account the subsequent suggestions concerning the adoption of an AI security system

and enhancing the existing algorithm.

5.1. Security Program

First and foremost, it is crucial to enhance the quantity and quality of current IT department.

TechnoTec must ensure that it has the required workforce to implement system operations successfully.

Accordingly, new positions should be designed and recruited. The cybersecurity management team

should be expanded to include roles such as:

9
No Position Responsibilities Details

1 Chief Information Lead the security  Be responsible for all issues relating to cybersecurity.
 Take on the role of the cybersecurity leader, define a strategy to improve the
Security Officer strategy and governance
overall efficiency and effectiveness of Security Risk Management Activities.
(CISO)
 Oversee the human resources plan and allocation relating to the Information
Security Department.

2 Cybersecurity Detect and response to  Identify the risks relating to cybersecurity.

 Analyse and evaluate the impact and likelihood of the defined risks.
Analysts threats
 Directly report to the CISO about the risks and propose suitable mitigation
plans to reduce the likelihood and consequences of these risks.

3 Compliance Ensure regulatory  Regularly update the regulatory framework relating to cybersecurity.
 Define the compliance checklist for each department.
Officer adherence
 Review the compliance status and directly report to the CISO.

4 IT Security Implement and maintain  Implement the suitable security plan.

 Proactively provide recommendations to improve the system.
Engineers security measures

Table 1. Security Human resources plan

 TechnoTec should design suitable job descriptions for each position mentioned above. The

descriptions should contain detailed responsibilities, educational background, and experience

requirements. Furthermore, the Human Resources Department needs to review the compensation

policy. The salary package must be competitive and can encourage employees to enhance their

productivity. To expand the pool of candidates, TechnoTec can utilise its current networking, take

referrals from other reputable IT companies, or use HR outsourcing services for recruitment.

Furthermore, TechnoTec needs to raise awareness of issues related to AI and technology among

its employees. Accordingly, internal training sessions should be conducted regularly to ensure each

employee understands the role of AI. These training sessions should address emerging issues and

potential risks relating to heavy dependence on technology. The company must ensure that the

employees agree to and comply with internal regulations on the use of AI.

TechnoTec also needs to upgrade its information technology infrastructure to get ready for

coming changes. The infrastructure needs to be improved to ensure suitability when implementing new

security programs. Current control gaps as well as limitations of the technology platform being used

should also be analysed and fixed.

5.2. Algorithm Improvements

The following recommendations can be considered to improve the current AI algorithm:

Firstly, it is crucial to make the current algorithm more flexible to adapt to the context of rapid

changes. Using a fixed algorithm will reduce accuracy because the environment and society are

constantly changing. Especially regarding credit risks, in the context of many banks and financial

institutions collapsing due to wrong decisions, improving the accuracy and flexibility of information

technology is more essential. This will be done in terms of improving the quality of current IT

personnel or improving infrastructure systems.

 Secondly, TechnoTec's IT department should continuously review the input data sources. This

includes randomly checking the accuracy of data, through direct surveys, or confirmation calls with

customers. At the same time, the IT developers also need to analyse the diversity of the answers,

ensuring there is no bias. For example, the input population needs to have a balanced representation in

terms of gender, country, income, and working industry, to ensure the most accurate algorithm. Along

with that, the security of the input data sources also needs to be considered and improved. This will

help ensure the accuracy, diversity, and security of input data. From there, the accuracy of the

algorithm and the security of the system will be improved.

6. Conclusion

The significant benefits of utilising AI and modern technology in the work environment are

increasingly widely recognised. Effective application of AI will ensure value-for-money. AI helps

increase overall labour productivity, reduce unnecessary costs, and support increased accuracy of

business decisions. The implementation of NoFlake can bring several benefits to TechnoTec in many

fields, thereby helping the company gain competitive advantages compared to competitors in the

industry. However, risk issues also need to be considered. In the future, to continue developing its

business, TechnoTec can consider the above recommendations for implementing a comprehensive

security program and improving the AI system.

1
 Reference

Bohn, S. & Gümüsay, A. A. & von Richthofen, G. & Reischauer, G. (2023). Digital organising.

Internet Policy Review, 12(4). https://doi.org/10.14763/2023.4.1726

El-Mousawi, H., Jaber, A., & Fakih, I. (2023). Impact of using artificial intelligence

applications on the accounting and auditing profession - An exploratory study from the LCPAs'

perspective. Journal of Business Theory and Practice, 11(4), 1. https://doi.org/10.22158/jbtp.v11n4p1

Floridi, L., Cowls, J., Beltrametti, M., Chatila, R., Chazerand, P., Dignum, V., Luetge, C.,

Pagallo, U., Rossi, F., Schafer, B., Valcke, P., & Vayena, E. (2018). AI4People - An ethical framework

for a good AI society. Minds and Machines, 28(4), 689–707. https://doi.org/10.1007/s11023-018-9482-

Gümüsay, A. A., Bohné, T. & Davenport, T. (2023). Ai and the future of making management

decisions. Management and Business Review.

https://www.researchgate.net/publication/363404836_AI_and_the_Future_of_Management_Decision-

Making

Hagendorff, T. (2020). The ethics of AI ethics: An evaluation of guidelines. Minds and

Machines, 30, 99–120. https://doi.org/10.1007/s11023-020-09517-8

Han, Y., Chen, J., Dou, M., Wang, J., & Feng, K. (2023). The Impact of Artificial Intelligence

on the Financial Services Industry. Academic Journal of Management and Social Sciences, 2(3), 83-85.

https://doi.org/10.54097/ajmss.v2i3.8741

Ho, D.-A., & Beyan, O. (2020). Biases in Data Science Lifecycle.

https://arxiv.org/abs/2009.09795

2
 Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., & Li, B. (2018). Manipulating

machine learning: Poisoning attacks and countermeasures for regression learning. IEEE Symposium on

Security and Privacy (SP), 19-35. https://doi.org/10.1109/SP.2018.00057

Jobin, A., Ienca, M., & Vayena, E. (2019). The global landscape of AI ethics guidelines. Nature

Machine Intelligence, 1(9), 389–399. https://doi.org/10.1038/s42256-019-0088-2

Kartal, E. (2022). A Comprehensive Study on Bias in Artificial Intelligence Systems: Biased or

Unbiased AI, That's the Question!. International Journal of Intelligent Information Technologies

(IJIIT), 18(1), 1-23. http://doi.org/10.4018/IJIIT.309582

Katherine, C. K., Melissa, A. V. & Angèle, C. (2020). Algorithms at Work: The New Contested

Terrain of Control, Academy of Management Annals, 14, (1), 366–410.

https://journals.aom.org/doi/10.5465/annals.2018.0174

Li, N. (2023). Ethical considerations in artificial intelligence: A comprehensive discussion from

the perspective of computer vision. SHS Web of Conferences, 179, 04024.

https://doi.org/10.1051/shsconf/202317904024

Mensah, G. B. (2023). AI in the legal system: Transparency, interpretability, and the right to a

fair trial - The challenges and implications for the Ghanaian civil and criminal justice systems.

Principal Consultant at E-Group Research Consulting Ghana Limited, Ghana. DOI:

10.13140/RG.2.2.14854.96324/1

Mitchell, M. (2021). Bias in the Vision and Language of Artificial Intelligence.

https://web.stanford.edu/class/archive/cs/cs224n/cs224n.1194/slides/cs224n-2019-lecture19-bias.pdf

Puri, L. D. (2020). A study of applications of artificial intelligence in banking and finance

sector. International Journal for Innovative Research in Multidisciplinary Field, 20, 35-37.

3
 Richardson, R., Schultz, J., & Crawford, K. (2019). Dirty Data, Bad Predictions: How Civil

Rights Violations Impact Police Data, Predictive Policing Systems, and Justice. New York University

Law Review, 94, 192–233.

San Santoso, D., Ogunlana, S. O., & Minato, T. (2003). Assessment of risks in high rise

building construction in Jakarta. Engineering, Construction and Architectural Management, 10(1), 43-

55. https://doi.org/10.1108/09699980310466541

Schwartz, R., Vassilev, A., Greene, K., Perine, L., Burt, A., & Hall, P. (2022). Towards a

Standard for Identifying and Managing Bias in Artificial Intelligence (NIST publication 1270).

https://doi.org/10.6028/NIST.SP.1270

Sumantri, V. (2019). Legal Responsibility on Errors of the Artificial Intelligence-based Robots.

Lentera Hukum, 6(2), 333-348. https://doi.org/10.19184/ejlh.v6i2.10154.

Young, C. S. (2023). Cybercomplexity: A macroscopic view of cybersecurity risk. Springer

International PU