Saturday, September 6, 2008

Adequacy of Malaysia's Cyberlaws to Address Cybercrimes and Cybertorts

I. Introduction

Since the birth of the 21st century, cybercrime has increasingly become recognized as a problem that requires the attention of governments, law enforcement authorities and legal systems of leading Asia Pacific countries. The explosive growth of the Internet and adoption of digital technologies for electronic commerce, electronic data interchange and electronic communication needs in the Asia Pacific region has also brought about an increase in cybercrimes.

Advanced countries in the West with highly developed information and communication technology infrastructures are also forced to constantly review the adequacy of their legal systems to deal with cybercrime. Other countries in South East Asia, such as Singapore, Thailand, and Malaysia, developing their information and communication technology system from a less advanced base are similarly forced to review the adequacy of their existing legal systems.

Existing criminal law, supported with commercial and intellectual property protection law may already inhibit a range of cyberspace misconduct. However, gaps and inadequacies of existing traditional laws necessitate the consideration and introduction of more specific laws to address cybercrime.

II. What is Cybercrime?

In Grabosky & Smith (1998), the following categories of crime were found to be emerging in the digital age:

  • Illegal telecommunications interception (e.g. hacking, cracking, data manipulation)

  • Electronic vandalism

  • Electronic terrorism (e.g. viruses, denial-of-service attacks, spamming)

  • Theft of data and communications services

  • Telecommunications and associated intellectual property piracy

  • Electronic distribution of pornography

  • Electronic fraud (e.g. phishing)

  • Electronic funds transfer crime

  • Money laundering

Collectively, these crimes are referred to as “cybercrimes”.

How serious or damaging is cybercrime? Warren & Streeter (2005) reported that, “the Internet has become a non-stop source of crime stories. The Bank of America revealed it lost computer tapes containing financial data on 1.2 million federal workers, including US senators, and British police recently charged 28 people with involvement in a sophisticated identity fraud racket that swindled almost 2 million pounds from more than 100 private bank accounts.” “The US Federal Trade Commission revealed last year that 10 million US citizens had fallen victim to identity theft at a total cost of USD 50 billion, and that 2 million people were conned by phishing attacks.”

Phishing [Sullivan, 2004, p.24], first detected in 1996, has exploded in the last two years because it is easy to produce and easy to fall for. Fraudsters send fake or spoof e-mail to bank customers to obtain their logins and passwords or to trick them into visiting fake banking websites.

On the home front, cybercrime rate is on the rise [Rising cybercrime, 2004, p.2]. Chia Kwang Chye, former deputy minister of internal security said, “117 cases involving MYR451,000 in losses were taken to court, under the Communications and Multimedia Act 1998” for the period of January to September 2004, compared to 35 cases in 2003.

Chia also said that 857 cases were charged in court in 2003 under the Computer Crimes Act 1997, with loses totaling MYR2.9 million, while 355 cases were brought to court from January to September 2004.

In its first quarter 2004 report, the Malaysian Computer Emergency Response Team (MyCERT) said that, “Internet vandals went wild early this year defacing hundreds of Malaysian websites, with public sector sites the main victims.” [Sharif, 2004, p.3] The following charts A to E provide some statistics.










While some of these crimes can be prosecuted to a certain extend with the combination of existing criminal, commercial and intellectual property laws, the experience of many jurisdictions is that additional legislation is often required to address these Internet, computer systems and electronic communication related crimes.

III. What is Cybertort?

Before I embark on defining “cybertort”, let us first understand what is defined as a tort. “A tort is a wrong. It can be a spoken wrong or an act (action), or a nonaction (carelessness) that is wrong, with injury inflicted on a person or property.” [Baumer & Poindexter, 2002, p.119]

Thus, there is tortious liability when a tort is committed, and I can define tortious liability as, “Tortious liability arises from the breach of a duty primarily fixed by the law; this duty is towards persons generally and its breach is redressable by an action for unliquidated damages.” [Lee, 2001, p.189]

Torts include issues such as:

  • Trepass to a person

  • Trespass to land

  • Trespass to nuisance

  • Trespass to goods

  • Negligence

  • Defamation

The tort most relevant to cyberspace is defamation. Defamation may be defined as, “Oral or written statements that wrongfully harm a person’s reputation.” [Ferrera et al, 2004, p.345] Defamation committed orally is known as slander, and defamation committed in writing is known as libel.

Therefore, torts committed in cyberspace (or the Internet and/or the World Wide Web) are known as cybertorts. Defamation can easily be committed in the cyberspace via e-mails or electronic mails, articles or postings in Weblogs, messages and/or videos in social networking sites such as YouTube, Facebook, etc.

The legal remedy or suit against defamation requires several elements of proof such as:

  • A false statement of fact, not opinion, about the plaintiff

  • The publication of the false statement without a privilege to do so

  • Intentional or due to negligence

  • Damages – actual and/or presumed suffered by the plaintiff

IV. The Cyberlaws of Malaysia

With the arrival of the digital economy or knowledge economy as embraced by Malaysia, and the birth of the Multimedia Super Corridor (MSC), new laws introduced in 1997 covering computer crimes, digital signature, telemedicine, copyright were promoted by the MSC’s custodian – the Multimedia Development Corporation as a package of cyberlaws.

The cyberlaws are:

i) The Computer Crimes Act 1997

This Act provides law enforcers with a framework that defines illegal access, interception, and use of computers and information; standards for service providers; and outlines potential penalties for infractions.

ii) The Digital Signature Act 1997

Regulates the legal recognition and authentication of the originator of electronic document. This Act enables businesses and the community to use electronic signatures instead of their hand-written counterparts in legal and business transactions.

iii) The Telemedicine Act 1997

This Act empowers medical practitioners to provide medical services from remote locations using electronic medical data and prescription standards, in the knowledge that their treatment will be covered under insurance schemes. However, this Act is yet to be implemented.

iv) The Copyright (Amendment) Act 1997

This Act gives multimedia developers full intellectual property protection through the on-line registration of works, licensing, and royalty collection. Especially, the Act reinforces an author's work cannot be presented as the work of another, by adding a provision that the work must be identified as created by the author.


It was also decided that a regulatory body entrusted with the role to implement and promote the national objectives of the Malaysian Government for the communications and multimedia sector was needed. Hence, in 1998, another two acts were passed.

v) The Malaysian Communication and Multimedia Commission Act 1998

Provide for the establishment of the Malaysian Communications and Multimedia Commission (MCMC), a single regulatory body for an emerging and converging communications and multimedia industry. This Act gives the MCMC the power among other things, to supervise and regulate communications and multimedia activities in Malaysia and to enforce the relevant laws.

vi) The Communication and Multimedia Act 1998

The most significant legislation brought into force on April 1, 1999. This legislation provides the policy and regulatory framework for convergence of the telecommunications, broadcasting and computer industries. The Act is based on the basic principles of transparency and clarity; more competition and less regulation; bias towards generic rules; regulatory forbearances; emphasis on process rather than content; administrative and sector transparency; and industry self-regulation.


In addition, the government is also in the process of formulating another legislation presently called the Personal Data Protection Bill [Surin, 2003b, p.16-18]. This law will provide assurance of privacy of personal data. It will address the issues of collection, processing, maintenance and utilization of personal data.

The above cyberlaws serve two central purposes:

  • To bolster intellectual property rights; and

  • To create the right environment for the multimedia industry and for online transactions or electronic commerce to thrive in a continuously and increasingly competitive business environment

V. Adequacy of Legislation

In general, countries can be categorised according to whether they have:

  1. Basic criminal and commercial laws

  2. A developed system of intellectual property laws

  3. Legislation directed specifically at computers and electronic commerce

Malaysia may be observed to fall within one or more of these categories, mostly satisfying the second category and having made some progress towards the third. Whether the existing legal system in any country can adequately address cybercrime depends on the precise scope and interaction of its criminal, commercial, intellectual property and computer-related laws.

The rapid development of information and communication technology and emerging electronic commerce pose challenges for the existing laws of Malaysia. Some key challenges created by the Internet or cyberspace in the enactment of statutes and development of the common law includes the identification of legal entities in cyberspace, the need to protect privacy and the issue of digital signatures that require close regulation.

1.0 Absence of Territorial Borders in Cyberspace

The jurisdiction of courts is based on the concept of territoriality. While we may call “cyberspace” in the singular, it is however, not a singular or distinct “place” but made up of many virtual locations constituting several business models from the real world that are recreated in computer-mediated communication infrastructures. Cyberspace crosses geographical and jurisdictional boundaries as we know it due to the cost, ease and speed of electronic transmission on the Internet that is almost entirely independent of physical location.

A major challenge for the law is created by the cross-boundary nature of cyberspace or in other words, its borderless nature. In relation to law, Johnson and Post (1996) outlined some cross-border issues:

  • The power of local governments to assert control over online behaviour

  • The effects of online behaviour on individuals or things

  • The legitimacy of the efforts of a local sovereign to enforce rules applicable to global phenomena

  • The ability of physical location to give notification of which set of rules apply for any given situation. Regional or national regulation by market authorities and other self-regulatory organisations are clearly less than satisfactory for the internationally active cross-border Internet

Hence, new legislation able to address cyberspace issues such as accountability and governance; proper usage, orderly conduct, structure and development; and cybercrime became very important due to the undermining of the feasibility and legitimacy of applying laws based on geographic boundaries.

Malaysia’s cyberlaws, as outlined in the previous section, governs the behaviour, content, business transactions, privacy, defamation, contracts, and intellectual property rights in a cyberspace environment, committed within and outside of Malaysia.

The Communication and Multimedia Act 1998, Section 4: Territorial and extra-territorial application provides for:

(1) This Act and its subsidiary legislation apply both within and outside Malaysia.

(2) Notwithstanding subsection (1), this Act and its subsidiary legislation shall apply to any person beyond the geographical limits 6f Malaysia and her territorial waters if such person –
(a) is a licensee under this Act; or
(b) provides or will provide relevant facilities or services under this Act in a place within Malaysia.

The Computer Crimes Act 1997, Section 9: Territorial scope of offences under this Act provides for:

(1) The provisions of this Act shall, in relation to any person, whatever his nationality or citizenship, have effect outside as well as within Malaysia, and where an offence under this Act is committed by any person in any place outside Malaysia, he may be dealt with in respect of such offence as if it was committed at any place within Malaysia.

(2) For the purposes of subsection (1), this Act shall apply if, for the offence in question, the computer, program or data was in Malaysia or capable of being connected to or sent to or used by or with a computer in Malaysia at the material time.

2.0 Computer and Computer-related Offence Provisions

The following Tables A and B presents a comparative analysis of computer and computer-related offence provisions available in Malaysia.


Computer and data offences

From the above, arguably, Malaysia can be considered as having a quite respectable segregation or classification of computer offences.

Computer-related offences

Although fraud and forgery can be prosecuted under the commercial and criminal laws whether committed using a computer or by more traditional paper-based means, it is good for Malaysia to have specific fraud and forgery offences addressed in the main computer crime legislation.

Ancillary liability

While not in the main computer crime law, computer child pornography, and copyright and related-rights are addressed in the Communications and Multimedia Act 1998 and Copyright (Amendment) Act 1997 respectively, which are collectively a part of Malaysia’s cyberlaws.

Special enforcement units

Recognising the highly specialised knowledge and skills required for investigation and evidence gathering in relation to cybercrime, some countries have moved towards setting up specialised computer crime units within their law enforcement agencies, for e.g.

In this aspect, Malaysia does not yet have a specialist cybercrime law enforcement unit, thus cybercrimes are referred to the traditional Commercial Crimes department of the police force.

Forfeiture and/or Restitution

Apart from the imposition of terms of imprisonment and fines, cybercrime legislation can empower courts to order the forfeiture of equipment used and/or assets acquired, or to require restitution to victims. For e.g., in Taiwan there is a statutory maximum for damages that can be awarded to injured persons under the Computer Processing Personal Information Protection Law. In the Philippines, maximum penalties imposed for hacking or cracking under the Electronic Commerce Act are commensurate to the damage incurred.

In Malaysia, forfeiture and/or restitution is not clearly defined in the cyberlaws and usually falls back upon existing commercial and criminal laws.

Undercover Surveillance/Search and Seizure

Standard search and seizure powers for the investigation of criminal offences may not extend to the investigation of computer data or the interception and covert surveillance of electronic transmissions such as e-mail. Cybercrime legislation in Malaysia should provide for expanding the range of investigatory powers available to law enforcement.

International Agreements

There are currently no international agreements on the scale of United Nations conventions or treaties (e.g. for international trade, there is the World Trade Organisation) in relation to cybercrimes that Malaysia can actively participate in and/or contribute to. Such a platform can provide excellent benefits to Malaysia in formulating and advancing cyberlaws.

3.0 Prohibition on Provision of Offensive Content

Offensive content includes but not limited to pornography, indecent or unsuitable content for children, objectionable content, and defamatory articles and/or statements

The Communications and Multimedia Act 1998 provides legislation against offensive content and the Malaysian Communications and Multimedia Commission (MCMC) is thus empowered to act against offensive content by way of written requests to Internet Service Providers (ISPs) to take action against offensive content.

The following Tables C, D-1, D-2 and E summarises the relevant sections of the Act.





4.0 Intellectual Property Rights Offence Provisions

There is considerable overlap between cybercrime laws and intellectual property laws. For e.g., computer hardware may constitute a patentable invention, a registered design, or be protected under legislation relating to electronic circuit layouts. Computer software may similarly be protected under copyright law, and likewise with data and information transmitted or stored on files.

The following Table F shows the intellectual property rights offence provisions available in Malaysia.

Offence Classification

The classification of intellectual property laws into patents, trademarks, designs, copyright and computer circuit layouts is fairly standard, and it is somewhat worrisome that in Malaysia, most of the intellectual property rights legislation does not recognise infringement as a criminal offence other than those provided for under the Copyright Act 1987 and Copyright (Amendment) Act 1997.

Computer Software

Unauthorised duplication of computer software (except to make a back-up copy for personal use) is an infringement under Malaysia copyright laws. The Copyright Act 1987 was amended to give multimedia developers full intellectual property protection through the on-line registration of works, licensing, and royalty collection. The Amendment Act reinforces an author's work cannot be presented as the work of another, by adding a provision that the work must be identified as created by the author.

Optical Disc Piracy

Very few Asia-Pacific countries or jurisdictions have laws explicitly relating to optical disc piracy. A good example is Hong Kong’s Prevention of Copyright Piracy Ordinance, which prohibits the manufacture of optical discs without a valid licence, punishable by a fine of HK$500,000 and imprisonment for two years on a first conviction; and HK$1,000,000 and four years imprisonment on a subsequent conviction.

Malaysia’s Optical Discs Act 2000 came into force on September 15, 2000. Section 26 provides for:

Section 26. Penalty.
(1) Any person who commits an offence under Part III except under section 15 shall on conviction be liable –

(a) if such person is a body corporate, to a fine not exceeding five hundred thousand ringgit, and for a second or subsequent offence to a fine not exceeding one million ringgit; or

(b) if such person is not a body corporate, to a fine not exceeding two hundred and fifty thousand ringgit or to imprisonment for a term not exceeding three years or to both, and for a second or subsequent offence to a fine not exceeding five hundred thousand ringgit or to imprisonment for a term not exceeding six years or both.

(2) Where a person being a director, manager, secretary or other similar officer of a body corporate is guilty of an offence under subsection (1) by virtue of section 30, he shall on conviction be liable to the penalty provided for in paragraph (1) (b).

Circumvention of Technological Protection Measures

Offence provisions in relation to the circumvention of technological protection measures such as encryption devices, user identification and electronic rights management information regimes are already introduced in leading Asia-Pacific countries such as Singapore, Australia, Hong Kong, South Korea and Japan.

In this area, Malaysia is also not trailing. The Copyright (Amendment) Act 1997 provides for fines of up to MYR250,000 and/or imprisonment for up to three years for the first offence, or MYR500,000 and/or five years for subsequent offences.

International Agreements

International agreements for the protection of industrial and intellectual property date back over 100 years. Malaysia is a member or signatory of the following main instruments administered by the World Intellectual Property Organisation (WIPO), and the United Nations Educational, Scientific and Cultural Organisation (UNESCO).

  • Paris Convention for the Protection of Industrial Property 1883 (Malaysia’s membership: January 1989)
  • Berne Convention for the Protection of Literary and Artistic Works 1886 (Malaysia’s membership: October 1990)
  • Convention establishing the World Intellectual Property Organisation 1970 (Malaysia’s membership: January 1989)
  • Agreement on Trade-related Aspects of Intellectual Property Rights 1994 (Malaysia membership: January 1995)

Sources:
WIPO
http://www.wipo.int/treaties/en/
UNESCO http://www.unesco.org
WTO http://www.wto.org)

VI. Conclusion

Cybercrime legislation in Malaysia is still in the early stages of development, and exhibits overlap with general criminal, commercial and intellectual property laws. This is not surprising given the different historical, social and political contexts and needs within which these laws have evolved, and the differing levels of technological development compared to other countries.

However, it is a fact that cybercrime knows no national borders and, as a result, defences against the threats increasingly posed to computer and information infrastructures can only be as strong as the weaker links in the chain. Therefore, it is important for Malaysia to continually assess the adequacy of the cyberlaws and, where deficiencies can be identified, to reform those laws appropriately and quickly.

Therefore, it was a let down when Datuk Dr. Rais Yatim, former minister in the Prime Minister’s department, announced at the third MSC International Cyberlaws Conference held from March 2 to 3, 2004 that the three draft cyberlaws, namely the Personal Data Protection Act, Electronic Transactions Act and the Electronic Government Activities Act will be delayed [Khalid & Moreira, 2004, p.3].

“The first would regulate the collection, possession, processing and use of personal data, and ensure there are adequate measures for the security, privacy and handling of personal information. It aims to raise public confidence in conducting electronic transactions without their privacy being violated.”

“The Electronic Transactions Act is primarily targeted at boosting e-commerce by providing legal recognition of electronic transactions, including e-commerce transactions.”

“The Electronic Government Activities Act seeks to establish common protocols for electronic interaction between the Government and the public.”

Thus, these draft legislation are important additions to Malaysia’s cyberlaws and any further delays will eventually become detrimental for Malaysia to competitively position herself in an increasingly globalising economy. (The Malaysian government had released a draft version of the proposed Personal Data Protection Act for public comment in November 2000.)

Lawyer Wong Shiou Sien, a speaker at the conference, argued, “Despite being among the first countries in the world to introduce cyberlaws, Malaysia cannot afford to remain at a standstill. New developments in technology, products, and services related to wireless content will keep raising new legal and regulatory issues.” [Khalid & Moreira, 2004, p.2]

While there is no single model to be emulated in this process, guidance can be gained from legislation in force in countries or jurisdictions with longer experience of the threat, management and prosecution of cybercrimes, and the promotion of the effective and efficient use of cyberspace to increase the competitive advantage of our nation Malaysia.


References:

MyCERT statistics http://www.mycert.org.my/en/index.html

Computer Crimes Act 1997
Digital Signature Act 1997
Communication and Multimedia Act 1997
Malaysian Communication and Multimedia Commission Act 1997
Telemedicine Act 1997
Copyright Act 1987
Copyright (Amendment) Act 1997
Patents Act 1983
Trademarks Act 1976
Industrial Designs Act 1990
Optical Discs Act 2000
Layout-Designs of Integrated Circuits Act 2000

Baumer, David & Poindexter, J. C. (2002). Cyberlaw and E-Commerce. New York, NY: McGraw-Hill

Endeshaw, Assafa (2001). Internet and E-Commerce Law: With a Focus on Asia-Pacific. Singapore: Prentice-Hall

Ferrera, Gerald R., Lichtenstein, Stephen D., Reder, Margo E. K., Bird, Robert C. & Schiano, William T . (2004). Cyberlaw: Text and Cases. (2nd Edition). Mason, Ohio: Thomson South-Western

Grabosky, P. N. & Smith, R. G. (1998). Crime in the Digital Age: Controlling Telecommunications and Cyberspace Illegalities. New Brunswick, NJ: Transaction Publishers/Federation Press

Johnson D. R. & Post D. G. (1996). "Law and Borders: The Rise of Law in Cyberspace." Stanford Law Review, Vol. 48, p.1367

Khalid, H. Amir & Moreira, Charles F. (2004, March 9). "Malaysian cyberlaws need to keep up." Star InTech, p.2

Khalid, H. Amir & Moreira, Charles F. (2004, March 9). "New cyberlaws may be delayed." Star InTech, p.3

Khalid, H. Amir & Moreira, Charles F. (2004, March 9). "Cybercrime: Business and the law on different pages." Star InTech, p.4

Khalid, H. Amir & Moreira, Charles F. (2004, March 9). "IT-illiteracy and lawyers: Blame the Bar." Star InTech, p.4

Lee, Mei Pheng. (2001). General Principles of Malaysian Law. (4th Edition). Shah Alam, Selangor: Penerbit Fajar Bakti

Moreira, Charles F. (2004, March 4). "Get on with IT, lawyers urged." Star InTech, p.4, c.4

Ramachandran, Sonia. (2008, August 31). "The Net is not in a legal vacuum." New Sunday Times, p.18

Rising cybercrime rate in Malaysia. (2004, October 21). Star InTech, p.2, c.3

Sharif, Raslan. (2004, April 22). "Vandals giving government websites grief." Star InTech, p.3

Sullivan, Laura. (2004, March 2). "Phishing takes centrestage." Star InTech, p.24

Surin, A. J. (2003, April 22). "Harmonising cyberlaws in a borderless world." Star InTech, p.27-29

Surin, A. J. (2003, September 4). "Data protection and privacy." Star InTech, p.16-18

Surin, A. J. (2003, October 7). "To catch a cybercriminal." Star InTech, p.29-31

Surin, A. J. (2003, November 11). "Multilateral efforts to combat cybercrime." Star InTech, p.20-22

Surin, A. J. (2003, December 9). "The power to effect ICT change." Star InTech, p.20

Surin, A. J. (2004, January 6). "Act gives MCMC wide powers." Star InTech, p.19-21

Surin, A. J. (2006). Cyberlaw and its Implications. Petaling Jaya, Selangor: Pelanduk Publications

Warren, Peter & Streeter, Michael. (2005, April 19). "Cybercrime gaining momentum." Star InTech, p.23

Monday, September 1, 2008

Organizational Change and Innovation

Today, more than before, organisations are facing global, economic and technological developments that are continuously and rapidly changing, which in turn causes increased business challenges, risks and uncertainties. Thus, the task facing today’s managers is to help organisations effectively respond and adjust to the changes.

Organisational change is the process by which organisations transform from their present state to a desired future state to obtain or increase their strategic advantage in the constantly evolving business or economic environment.

Through innovation, organisations are able to put to effective use of creative ideas into products, services and business processes that serve to satisfy customers or help organisations better produce them.

Thus, it is important for organisations to be able to manage change and innovations to ensure business continuity, sustain competitiveness and profitable growth.

1.0 Forces of Change

Let us consider the major factors in the business environment that create pressures on organisations, thus forcing change.

The business environment consists of the economic, legal and political, social, technological, and management factors that affect business activities. Significant changes in any part of the business environment are likely to create pressures on organisations.

The forces of change can be categorized as external and internal forces of change. Figure 1 summarizes the major forces of change which organisations face.




Competitive Forces

Successful organisations continuously strive to obtain a competitive advantage over other organisations. Since organisations need to match or exceed competitors in at least one of the dimensions of competitive advantage such as in efficiency, quality, innovation or customer care, competition becomes a force of change.

To lead in efficiency and quality, organisations need to adopt the latest technologies and processes such as computer-in-manufacturing and ERP systems. In adopting new technologies and processes, employee work relationships also changes, as the employees need to learn new skills and techniques or acquire new knowledge. To lead in innovation and thus obtain a technological edge over competitors, organisations need to possess skills in managing the process of innovation.

Therefore, the ability to manage change is central to the ability to obtain and sustain a competitive advantage in a marketplace that different organisations compete for the same customers.

Economic, Legal and Political, and Global Forces

Economic, legal and political, and global forces continuously affect organisations and force them to change how and where they trade, produce goods and services.

In North America, the North American Free Trade Agreement (NAFTA) has established trade cooperation between the United States, Canada and Mexico, leading to many organisations in these countries taking advantage to find new markets for their products and services, and new sources of inexpensive resources such as labour and raw materials.

In Europe, the European Union (EU) has grown to include more than 20 countries, and countless organisations seek to exploit the advantages of a large and protected market for their products and services, and resources.

In Asia, Japan and other fast-growing Asian countries such as China, Taiwan, Malaysia and Thailand, recognizing how these economic unions protect their members and create barriers against foreign competition, have also moved to form the Asean Free Trade Agreement (AFTA) and other trade cooperation initiatives such as the East Asia Summit (EAS).

Organisations that fail to exploit low-cost resources and the rise of low-cost foreign competitors and development of new technologies that can erode an organisation’s competitive advantage can bring doom to any organisation that does not change and adapt to the realities of the international or regional marketplace. Other challenges facing organisations are the need to change the organisational structure to allow expansion into foreign markets and the need to change in order to adapt to different cultures.

Demographics and Social, Organisational Development, and Ethical Forces

Workforce composition changes and increasing diversity of employees presents organisations with many challenges and opportunities. Increasing changes in the demographic characteristics of the workforce leads to managers changing management styles and methods.

While the forces of change appear to bombard organisations from all sides, progressive and successful organisations do not fear change. As a matter of fact, such organisations effect changes to their organisations. Changes initiated by organisations are known as planned change. The practice of organisational development (OD) –
"A process that applies behaviourial science knowledge and practices to help organisations build the capacity to change and to achieve greater effectiveness, including increased financial performance and improved quality of work life."
[Cummings & Worley, 2005, pg. 1], is to bring about planned change to increase an organisation’s effectiveness and capability to change itself.

Many leading international companies such as General Electric, Hewlett Packard, Motorola and Boeing, practices organisation development to continuously improve organisational effectiveness and competitiveness.

It is also important for organisations to take steps to promote ethical behaviour in the face of increasing governmental, political and social demands for more responsible and honest corporate behaviour and governance.

Strategic and Technological Forces

One of the key challenges facing all organisations is sustaining profitable growth. Organisations that are able to year after year create and sustain superior performance against the competition have what is known as competitive advantage.

Competitive advantage can be defined as “anything that a firm does especially well compared to rival firms.” [David, 2005, pg. 8] In other words, when a firm can do something that rival firms cannot or owns something that rival firms desire to acquire or achieve, that can represent a competitive advantage.

In Michael Porter’s seminal work Competitive Advantage: Creating and Sustaining Superior Performance, he said,
“Competitive advantage is at the heart of a firm’s performance in competitive markets. After several decades of vigorous expansion and prosperity, however, many firms lost sight of competitive advantage in their scramble for growth and pursuit of diversification. Today the importance of competitive advantage could hardly be greater. Firms throughout the world face slower growth as well as domestic and global competitors that are no longer acting as if the expanding pie were big enough for all.”
[Porter, 1985, pg. xv]

Although published in 1985, his work and words still ring true in the 21st century!

Strategic management is all about gaining and maintaining competitive advantage. Organisations today consider and practices strategic management more importantly and seriously than ever before. Thus, organisational change is also brought about by the implementation of new strategies.

The Internet boom and new developments in technologies have also brought about the need for organisations to change. For organisations able to understand and harness the benefits of new technologies such as electronic commerce technology, competitive advantage can be developed in the areas of supply chain management, business-to-business (B2B) and business-to-customer (B2C) relationships, for e.g. Dell, Inc.

This is why of late the Malaysian government is seriously encouraging the small and medium enterprises (SMEs) to adopt new technologies in the face of increased globalization and competition. The formation of the SME Bank serves to assist SMEs to acquire loans to upgrade technology and expand their business.

2.0 Targets and Types of Change

2.1 Targets of Change

In addressing change, organisations need to plan for change instead of being adversely affected by unplanned change. Planned change is normally targeted at improving performance in the following 4 major levels:
  • Human resources
  • Functional resources
  • Technological capabilities
  • Organisational abilities
Human Resources
Human resources (HR) are an organisation’s most important asset because an organisation’s distinctive competences lie in the skills and abilities of its employees, which contributes to a form of competitive advantage.
Therefore, organisations must continually monitor their organisational structures to establish the most effective way of motivating and organizing HR to acquire and use their skills.
As mentioned earlier, this will form an aspect of organisation development (OD). Hence, typical types of change efforts directed at HR include:
  • New investments in training and development activities
  • Socialising employees into the organisational culture
  • Changing organisational norms and values to motivate multicultural and diverse workforce
  • Ongoing review and analysis of promotion and reward systems
  • Changing the composition of the top-management team to improve organisational learning and decision making
Functional Resources
In organisations, each organisational function needs to develop procedures that allow it to manage the particular business environment it faces. As changes occur, organisations often transfer resources to the functions where the most value can be created.
Organisations can improve the value that its functions create by changing its structure, culture and technology, for e.g. the change from a functional to a product team structure may speed the new product development process.
Technological Capabilities
Technological capabilities give organisations enormous capacity to change itself in order to exploit market opportunities. For e.g.,
  • The ability to develop a constant stream of new products or to improve existing products so that they continue to attract customers represent an organisation’s core competences
  • The ability to improve the way goods and services are produced in order to increase their quality and reliability is a crucial organisational capability
Organisational Capabilities
Through the design of organisational structures and culture, organisations can harness its human and functional resources to exploit technological opportunities. Organisational change often involves changing the relationships between people and functions to increase the ability to create value in order to sustain profitable growth.
2.2 Types of Change
Planned change can be generally categorized into:
  • Evolutionary change (Calm waters metaphor) – which is gradual, incremental and specifically focused
  • Revolutionary change (White water rapids metaphor) – which is sudden, drastic and organisation-wide
Evolutionary change involves the constant attempt to incrementally improve, adapt and adjust strategy and structure to better match the changes in the business environment that are taking place. Examples of this type of change are Business Process Improvement (BPI) and Total Quality Management (TQM).
Revolutionary change involves a whole new way of doing things, new objectives, and new structures. Examples of revolutionary changes are Business Process Reengineering (BPR), restructuring and innovation.
3.0 Innovation and Technology
Innovation relates to the development of new products or services, new production or manufacturing processes, and new operational systems.
Technology relates to the skills, knowledge, experience, body of scientific knowledge, tools, machines and equipment used in the communication, design, production and distribution of goods and services.
Technology is central to the operations, goods and services of most organisations. Therefore, technological innovations can have major implications for organisations.
The 8 different types of technological innovations are:
  1. Product innovation – innovations resulting in products or services
  2. Process innovation – innovations in business related processes
  3. Radical innovation – innovations that revolutionizes products, services or processes
  4. Incremental innovation – innovations that enhances existing products, services or processes
  5. Competence enhancing innovation – innovations that build on existing knowledge and skills
  6. Competence destroying innovation – innovations that render existing knowledge and skills obsolete
  7. Architectural innovation – innovations that affect the entire system or the interactions of a system’s components
  8. Component innovation – innovations that only affect one or more but not all of the components of the entire system
Thus, technological innovations do not just happen, but are also planned for by organisations.
4.0 Summary
Now that we have an appreciation of what organisational change and innovations are, we can also readily appreciate that organisations need to be in control to respond to or to influence change and innovation. Change cannot be stopped.
Organisations that are unable to deal with change and cannot innovate cannot hope to succeed in the increasingly competitive business environment that is constantly bombarded with forces of change.
Organisations able to manage planned change and innovation to achieve strategic or competitive advantage in the industry they operate in will have a higher chance of business success leading to profitable growth.
Some examples of companies that have been able to successfully manage change and innovation are:
  • Dell – computer systems – able to manage the change from telesales to an online system using Internet technology, and innovated on its supply chain processes.
  • Apple – computer systems, digital music players – able to manage change and innovation to continuously introduce highly innovative products and services.
  • eBay – online auction – able to manage change and innovation to offer customers innovative online auction services.
  • Google – online search engine – able to manage change and innovation to understand web-surfers or consumers’ information search needs better than others.
  • AirAsia – low cost carrier – able to manage change and innovation to achieve profitable growth in the local Malaysia and regional airline industry in the face of high competition and rising fuel costs.
  • Maybank – commercial bank – able to manage change and innovation by foreseeing and offering superior Internet banking facilities to meet consumer needs.

References:
Cummings, Thomas G. & Worley, Christopher G. (2005). Organisation Development and Change. (8th Edition). Mason, Ohio: Thomson South-Western

David, Fred R. (2005). Strategic Management: Concepts and Cases. (10th Edition). Upper Saddle River, New Jersey: Pearson Prentice-Hall

Porter, Michael E. (1980). Competitive Strategy: Techniques for Analyzing Industries and Competitors. New York, NY: The Free Press

Porter, Michael E. (1985). Competitive Advantage: Creating and Sustaining Superior Performance. New York, NY: The Free Press

Schilling, Melissa A. (2005). Strategic Management of Technological Innovation. New York, NY: McGraw-Hill

Tidd, Joe; Bessant, John & Pavitt, Keith. (2005). Managing Innovation: Integrating Technological, Market and Organisational Change. (2nd Edition). New York, NY: John Wiley & Sons