This report analyzes Ernst & Young's Bring Your Own Device policy and provides recommendations. There are advantages like increased employee satisfaction, productivity and flexibility from using personal devices at work. However, risks include data leaks, lack of governance policies, and privacy issues. The report concludes that while risks exist, they can be minimized through recommendations. It is suggested that EY continue the BYOD policy as benefits outweigh risks, but risks around security, governance and privacy should be addressed.
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Analyzing EY's BYOD Policy
1. 1
Analytical Report Group Assignment Guide
Assignment Background
An analytical report is a technical document written for
business or government uses. These reports use
information from surveys, financial records, and other reliable
sources. It is different from an informational
report because it analyzes a situation and persuasively presents
conclusions and recommendations.
This type of report is covered in the chapters “Planning…” +
“Writing and Completing Reports…” in Bovée
and Thill’s Business Communication Today.
Sample student reports are available on Canvas, but please do
not choose the same topics, or copy
the exact organization – reports should vary slightly depending
on the topic.
Types of Analytical Reports
An analytical report can accomplish different goals. Once you
have chosen a context and topic for the report,
you need to establish the type of goal or purpose. Below are
three main types -- your analytical report should
focus on one type of goal:
2. To Assess an Opportunity
• informs decision makers about a new and potentially
successful endeavor
• Example context/topic: to analyze the potential of offering a
gluten-free version of “X”
brand’s most popular cookie. In the report, you would include
relevant data on market trends
and brand comparisons to conclude whether a gluten-free
product should be developed and
marketed by “X” brand.
To Solve a Problem
• analyzes and attempts to solve a problem
• Example context/topic: to analyze the potential solution to
“X” business’s decline in sales
by suggesting a new customer service strategy. The analysis
would provide relevant data and
supporting details for the strategy.
To Support Decisions
• analyzes the effects (both positive and negative) a recent
decision “X” business will
make or has made -- if the report is done retrospectively – as in,
the change has already been
made – then you use the available data to analyze the effects
Past Analytical Report Student Topics:
3. • To analyze the benefits of adopting a new dress code at X
company (assess an opportunity)
2
• To introduce a different system of scheduling employee shifts
to increase productivity at X eatery
(solve a problem)
• To justify the new vacation policy at X office (support a
decision)
Considerations when choosing your topic:
• Choose a context you are familiar with (i.e., a company
you’ve worked for, a business you have
stock in, an organization you either follow actively, or are a
part of).
• Choose a realistic topic – don’t attempt to make something up
that is either unrelatable, or too
extreme (although the topic can be hypothetical).
• Identify a specific audience for the report, whether it's to the
CEO of a company, a manager, or an
entire board of directors.
• You will be writing as a group of consultants or analysts
4. (hypothetical), but you need to define who
your audience is. Do not write the report as an academic paper
for a general audience (like an
essay or research paper).
• Focus on a specific issue directed towards a specific audience
– for example:
Instead of a report on the growing popularity of digital wallet
apps, create a report analyzing the top
complaint(s) of Venmo users, with suggestions on how to
improve the service for a real audience:
https://www.crunchbase.com/organization/venmo/current_emplo
yees/current_employees_image_list#sec
tion-current-team
Overview of report
• Initial Work Plan (approx. 500 words – your work plan will be
due as a separate assignment
first) + final report (approx. 2000+ words) – see sample on
Canvas + on page 193 in the custom
text of Bovée and Thill (Chapter: Planning Reports and
Proposals)
• Minimum of 6 references that are a balance of
academic/professional sources found through the
library databases, as well as reliable, consumer publications
such as Business Week, Forbes, etc.
(These will be cited using APA style – in-text citations +
5. reference section.)
• At least one relevant, effective visual (e.g. graph, image,
chart, etc.) included where necessary
3
Analytical Report Work Plan (due first -- approx.
500 words)
A work plan is a document (and tool) to define and guide larger
writing projects. It is basically an outline. A
work plan will be due before the first draft of your report. See
the sample work plan in the chapter “Planning
Reports and Proposals” (p. 193 in the custom text).
1. Opportunity/Problem -- What is the problem or opportunity
the upcoming report will address? What
company/organization do you represent?
2. Purpose and Scope -- Explain why you are preparing the
report and what you plan to deliver
through the report. What will your report cover? Include
limitations (what will not be covered), if
necessary. By mentioning the limitations of your report, you are
also rationalizing how much can be
covered (scope).
6. 3. Sources and Methods of Data Collection -- How will you find
the data and what data will be
needed?
4. Background -- What were the historical conditions leading up
to the need of doing this analysis? Or,
what is the general context?
5. Audience Analysis -- Profile your audience (demographics,
attitude toward opportunity/problem,
level of knowledge on topic, number of people, location, etc.)
6. Outline – This section will provide a preliminary outline to
guide your ensuing report (with headings).
Include questions that need to be answered in the body of your
report. You won’t know if you can
answer all the questions at this time, but articulating them will
help you with the focus.
7. Proposed Schedule of Tasks – Include a proposed timeline of
tasks and dates for completion.
8. Potential References – list at least 2 sources you have already
found to show that the research
has begun.
7. APA-style sample citations (“References” instead of “Works
Cited”):
Bradley, G. L., & Campbell, A. C. (2014). Managing difficult
workplace conversations:
Goals, strategies, and outcomes. International Journal of
Business Communication,
53(4), 443-464. doi:10.1177/2329488414525468
Cilliers, F. (2013, July 1). The role and effect of social media in
the workplace. Northern
Kentucky Law Review, Vol. 40, No. 3, p. 567-592.
4
Analytical Report Organization (approx. 2000+
words)
1. Executive Summary -- In a business environment, upper
management of a company may not have time
to read an entire report. This section is about one page long and
summarizes the key points of the report,
including conclusions and recommendations. Use short, clear
paragraphs with headings to preface and
summarize the entire report in the beginning.
2. Introduction
8. a. Purpose -- The introduction of an analytical report begins
with a statement of purpose, which sets
up and explains what will be covered in the report and why. It
should begin with “To…”
b. Background -- This section reviews the historical conditions
or factors leading up to the report.
c. Sources and Methods -- This section describes the sources
and methods used to gather
information and supporting evidence for the report.
d. Scope -- The scope section describes how much of the chosen
topic will be covered and what the
analysis will focus on.
e. Limitations -- This section (if relevant) states the areas
related to the topic that will NOT be
covered. Provide reasons for why these areas are not included
(budget, time, resources, etc.), but
also comment on why not including them still makes the results
valid.
f. Report Organization -- This section briefly prefaces how the
following report is organized. This
gives a quick overview so the reader will know what to expect.
3. Body -- The main content of the report is presented in short,
topical paragraphs. Relevant and informative
headings are used to help the reader navigate from one topic to
another. This is useful for busy business
people who may need to refer to one particular section of your
report during a meeting or presentation. All
data reported is analyzed within the body of the paper. Include
at least one visual (chart, graph, image, etc.)
where it would be more effective than simple text.
4. Conclusions -- Based on a logical evaluation of the evidence
9. provided in the report, clearly state
conclusions that are sound and justified. You need to interpret
the findings of your research for the trends,
patterns, and possibilities that they indicate. In this section,
give the answer, solution, or concluding
argument(s) to your statement of purpose.
5. Recommendations -- Propose a recommended plan of action
for your audience. Recommendations
answer the question "what should follow after reviewing the
report?" assuming that the report is successful
and the reader is convinced of the argument made and the
conclusions drawn.
• Establish the need for action by re-mentioning the problem or
opportunity.
• List the steps (recommendations) required to achieve the
benefit, using active verbs for
emphasis.
• Summarize the benefit(s) that can be achieved if the
recommendation is adopted along with
any potential risks, costs, or necessary procedure changes.
• Summarize your recommendations and action desired of
recipient(s).
6. References – Use APA style for references that are cited
throughout the report (in text) and in the end
section titled “References”. A minimum of 6 references total
(from reliable sources) is required.
10. 1
ANALYTICAL REPORT
To: Managing Partner(s) & Management Team at Ernst &
Young
From: Names A, B, and C, analysts
Date: 5/01/2017
Subject: Reassessment of the Bring Your Own Device (BYOD)
policy at EY
EXECUTIVE SUMMARY
This report analyzes the advantages and risks that one of the
“Big Four” accounting firms, Ernst &
Young (EY), might experience in continuing with the Bring
Your Own Device (BYOD) policy at work.
This report will also provide helpful recommendations to
address some of the risks.
Pros of BYOD
There are many advantages to embracing a BYOD policy
including increasing employees’
satisfaction, flexibility, and productivity. According to a study,
BYOD can increase workers’
contentment in the workplace (Chen, n.d.). Employees also tend
11. to work longer hours if they can
bring their personal devices to work and are even willing to
work while on vacation. According
to Chen (n.d.) and Rotholtz (2015), BYOD boosts staff and
management productivity.
Employees also spend less time dealing with complex tasks
because they are already familiar
with their own devices. Ultimately, BYOD is a great policy for
companies to put into practice
because it is a method to reduce the cost of hardware, data
plans, and labor.
Cons of BYOD
There are some disadvantages to implementing a BYOD policy
including data leak problems, a
lack of regulatory policies, and privacy issues concerning
employees’ personal information,
which could lead to legal problems for the company. First, the
IT department must deal with
network security problems to control data leakage from within
the organization and therefore,
companies may find it challenging to keep their data private
from competitors. Second,
companies that adopt a BYOD policy may lack the adequate
regulations required to define
acceptable usage. Third, there is a privacy concern that
employees’ personal identification data
may be purposefully collected by the employers or other parties
because employers may have
access to employees' personal devices.
Conclusion
EY should still keep the BYOD policy because the benefits
outweigh the risks. Although there
12. are risks in network security, governance and data privacy,
these risks can be minimized through
the recommendations provided in this report. As a result, the
BYOD program can increase
employee satisfaction and flexibility, and further reduce
operational costs for EY.
2
Recommendations
· Reduce network security risk:
Adopting an MDM (Mobile Device Management) system
Segregating offices’ public network from corporate internal
network
Enhancing encryption technology
Increasing employee’s awareness of security issues
· Lower the risk of governance:
Listing out permitted types of device
Optimizing the internal security policy
· Lessen the risk of data privacy:
13. Enforcing the mobility policy
Implementing related tools to protect data
INTRODUCTION
Purpose of The Report
This report was prepared to provide critical recommendations
for EY’s reassessment of the
BYOD policy. The report analyzes the performance of the
policy since it was implemented by
EY. Through evaluation of the pros and cons of the BYOD
policy, this report helps the EY
management, especially the Managing Partner(s), to make a
decision on whether the BYOD
policy should be continued in the firm’s operation. To further
help the decision making, some
recommendations will be provided towards the end of the
report.
Background
The BYOD concept entered the workplace during 2009, after the
Director of Intel Corporation,
Elaine Mah and her associates, pushed for the policy (BYOD,
2012). Intel Corporation had
launched a pilot program that allowed employees to bring their
own devices to work. During the
year of 2009, there were only three thousand people who
participated in the BYOD program.
Later on, nineteen percent of employees also joined the BYOD
program. To this day, BYOD is
14. still a growing trend as more prominent companies, such as
Cisco and Google, are starting to
adopt the policy. EY is a company that has already been using
this policy since 2012.
Sources and Methods of Data Collection
Most of the sources used came from EY’s website. Finding
credible sources and data involved
official business websites like Forbes and searching through
academic journals from the SJSU
library database. Some of the articles that we present support
the performance of the BYOD
3
policy in a positive perspective, while other credible articles
present it from a negative
perspective.
Scope
This analytical report compares some of the advantages and
significant disadvantages of
implementing the BYOD policy. However, the report does not
discuss the cost of embracing the
BYOD program, or the detailed steps to follow the
recommendations provided in this report.
15. ADVANTAGES OF ADOPTING BYOD
Allowing employees to bring their own devices such as
smartphones and laptops to the
workplace, instead of providing corporate devices, not only
increases employees’ satisfaction,
expands staffs’ comfort zone, and improves staffs’ productivity
and flexibility at the same time,
but also reduces the cost of running the business.
1. Increase Productivity
Almost everyone has iPhones or Smartphones, and they use
their personal communication
devices every day. It is likely that employees will bring their
communication devices that they
like to the workplace. If they bring their phones with them to
work, then they will likely use
them during the day. Employees will be happier and feel more
comfortable if the company
allows them to do so because allowing personal devices
increases their employees’ productivity
and fosters good communication among their employees on the
job and outside of work. The
article “BYOD Users Work Longer and Earlier” (Kaneshige,
2014) explains that a BYOD
program does not only expand employee comfort zone, but also
enhances their accessibility for
work. BYOD employees are willing to work an additional two
more hours per day due to the
ease of using employees’ personal devices. Employees can
increase productivity by sending
another 20 emails on a daily basis during the early morning and
16. late night. The below
infographic illustrates this (Kaneshige, 2014):
4
Moreover, the article “The Challenges Of A Bring Your Own
Device (BYOD) Policy” (S., 2017)
further supports how BYOD increases productivity. BYOD
employees have the chance to
upgrade their personal devices at any time which allows them to
perform more efficiently. As a
result, employees are happy to upgrade their devices because
updated personal devices will allow
BYOD employees to have a faster device.
2. Increase Management Flexibility
BYOD policy increases EY’s management flexibility. After
adopting the BYOD policy, business
entities are able to gain access to their staffs at any time, in any
location, which enhances the
management flexibility from an organizational perspective.
Forbes published an article called
“Entrepreneur” (Rotholtz, 2015) supported that about 60% of
the employed people in the U.S.
keep working while taking vacations. It is a great achievement
17. to increase the productivity by
allowing EY’s staff to continue using their own devices. The
enthusiasm of adopting this policy
has also allowed their staff to make any place became their
workplace.
3. Increase Employee Flexibility
BYOD policy provides employees greater flexibility to multi
task by working with different
personal devices at the workplace. For instance, an EY’s auditor
is preparing an audit report for a
client. By working with her/his own personal devices, she/he
can use her/his phone or iPad to
email the clients to request information that is needed for this
auditor to complete the audit
report, while simultaneously typing the audit report on her
personal laptop. On the other hand, if
EY has not adopted the BYOD policy, this auditor able to do
only one thing at a time, at a lower
productivity level with limited flexibility. Furthermore, Chi-
wen Chen provides a great example
in his article “BYOD Flexibility” (Chen, n.d.) to illustrate how
restricting the BYOD policy can
reduce workers’ flexibility. In Chi-wen Chen’s research, we see
that when employees are doing
complicated tasks with the lack of knowledge using the
organization’s devices, there is a higher
degree of complexity for employees to do their jobs. The
confusion of understanding and
processing the information requires more energy for an
employee to complete the tasks. It
decreases the employee’s satisfaction and ability to perform the
tasks while increasing his or her
18. frustration.
4. Reduce Cost
Companies that have implemented the BYOD policy experience
a cost reduction in operational
expenses. Forbes released some statistics regarding Cisco's
average cost of personal devices, and
how the company was able to save per employee approximately
$965 on personal devices, $26
on community support and $734 on data plans annually. The
adoption of BYOD policy can save
companies up to $1700 per employee on hardware and data plan
expenses. The article,
“Calculating the true cost of BYOD” (Ackerman, 2013), further
illustrates that Intel staff are able
to save about one hour per day, thus reducing Intel’s salary
expense. Ackerman (2013)
5
referenced nucleus research and explained that "If 23,500
employees saved this much time with
a .5 productivity factor, Intel is stating that it gained roughly
$700 million just from BYOD”.
The statistics showed above pointed out that business entities
can shift the devices and some of
the IT service to their employees. Many other cost-saving
advantages could be applied,
depending on the type of business and the organization
19. structure.
DISADVANTAGES OF ADOPTING BYOD
Although adopting the BYOD policy can increase employee’s
satisfaction and productivity
within a limited cost; there are some risks of the program that
cannot be neglected. The
following paragraphs analyze the risk in three broad scopes,
which include network security,
governance, and privacy. These three scopes are the area that
the most underlying risk can be
found, according to the article “A Review of Bring Your Own
Device on Security Issues”
(Olalere, Abdullah, Mahmod & Abdullah, 2015). The following
chart highlights this
information. Network security, governance, and privacy are not
only the risks but also the
essential requirements to successfully implement the BYOD
program. Furthermore, the related
solutions of risk will be presented, and some of the continuing
concerns will be addressed in the
“Recommendations” section.
20. 6
1. Network Security Issue
Network security issue ranks the highest in importance among
the three risks. It has always been
business' primary concern, and therefore, the IT department is
set up to manage corporate data
and maintain security. However, the Bring-Your-Own-Devices
Policy breaks this operation flow.
Under the BYOD program, IT department cannot monitor all the
data delivery; instead, data is
delivered to the employees’ devices that are out of IT
department’s control. As a result, the
implementation of protecting network security from data
leakage and data theft becomes more
challenging. Data leakage can happen if an employee loses his
device or his device gets stolen.
Also, using vulnerable applications can increase the risk of data
theft. As introduced by Olalere
et al. (2015), data can be stolen though DDoSs attack and
Malware attack. The former one
vandalizes corporate application by denying certain employees’
access to the internal network.
The latter one steals enterprise confidential information and
ruins the application at the same
time. If the BYOD program were implemented, IT department’s
control on devices would
become very limited, which could expose the corporate network
security in a precarious place.
2. Governance Issue
21. Governance of BYOD policy can also be problematic if there is
a lack of adequate policies to
define the acceptable usage. A case discussed in Sands’ (2014)
presentation clearly supported the
importance of an adequate regulation. The case was about the
misconduct of using the personal
device. An employee purposely used her personal Dictaphone to
record conversations in work,
without asking other co-workers for consent. Later on, the
employer found the Dictaphone in
office, and it continued recording even though its owner was not
nearby. Consequently, the
company destroyed the recording and dismissed the
Dictaphone’s owner for gross misconduct.
On May 23, 2012, French Supreme Court ruled that the
employer’s action was unfair. The
company had no right to listen to the recording when the
Dictaphone’s owner was not present;
instead, the proper action the employer could take was giving a
prior warning first. Also, the
employer’s act of destroying the recording did not respect the
adversarial procedure. From the
above case, we can understand the importance of rule-making
before putting the BYOD in
operation. Without an adequate policy to support the BYOD
program, misconduct can easily
happen in every business. Therefore, using BYOD program
without an appropriate policy is
another underlying risk that needs to be aware.
3. Privacy Issue
Privacy of data is another issue that each company should pay
attention. BYOD policy
22. encourages employees to bring their own devices to work, but it
also brings the company a
dilemma: implementing a security program on each employee’s
device may violate their right to
privacy; However, if no security program is installed, corporate
data may be under risk of
leakage or attack. Sands (2014) mentioned that even if the
employee consents to install minimum
security program, it will be a challenge to deal with the
personally identifiable information that is
collected without a business requirement and protect the
personal information from being
7
destroyed or corrupted. Legal concerns of the data privacy are
the disadvantage that comes along
with the BYOD policy. It allows employees to access corporate
data and applications on their
personal devices. However, employees have very limited control
of their personally identifiable
information if they use their own devices for work. How should
the company protect employees’
personal data from being wiped off in the case that they lose
their own devices or the identity
check fails several times? If no adequate policy were rolled out,
data privacy would remain in
risk of lawsuits.
CONCLUSION
23. In conclusion, if the BYOD program is well-managed, the
benefits can far outweigh the risks.
EY should continue to adopt the BYOD policy because it both
satisfies employees and
employers at the same time. Only with some adequate
regulations and proper applications to
support, BYOD program opens a win-win situation to EY.
BYOD policy can put into EY’s
operation smoothly only with some changes and improvement.
Although allowing employees to
bring their personally own devices to work may lead to network
security, governance, and data
privacy problem, EY can take actions to minimize the risks and
make BYOD suitable for the
firm’s operation.
RECOMMENDATIONS
1. To reduce the risk of network security, EY can:
• Adopt MDM (Mobile Device Management) solution to allow
IT department remotely
configure personally own devices. (“Bring your own device
(BYOD) trends”, 2012)
• Segregate mobile devices’ network from the corporate
network. Setup a Wi-Fi
network in the office that does not grant access to internal
24. confidential data; to
prevent the infected device from accessing sensitive
information. (McEnaney, 2016)
• Enhance the encryption technology to protect sensitive data.
(Banham, 2017)
• Educate employees about data leakage and train them to
recognize the suspicious
emails or texts. (McEnaney, 2016)
2. To reduce the risk of governance, EY can:
• List out all the BYOD permitted devices.
• Establish a security policy of BYOD.
8
3. To reduce the risk of data privacy, EY can:
• Establish a corporate mobility policy, which employees must
sign up before using
their own devices to work. Set up terms regarding employee exit
and termination,
clarify the solution dealing with employee’s personal data on
the working device.
(McEnaney, 2016)
25. • Implement selective remote wipe, disk partitioning and
virtualization on personally
own devices. (“Bring your own device (BYOD) trends”, 2012)
Following the suggestions above can improve the adaptability of
BYOD in the firm. The risk of
network security, governance and privacy can be minimized by
adopting proper applications and
implementing the adequate regulation. Eventually, BYOD can
perform better by improving
employees’ productivity and satisfaction while maintaining
operation cost to a considerable
level. This analytical report is prepared for the Managing
Partners in EY. The recommendations
are developed to support the Managing Partner’s decision
regarding the continued adoption of
the BYOD policy in EY.
REFERENCES
Ackerman, E. (2013, June 02). Calculating the true cost of
BYOD. Retrieved April 20, 2017,
from
https://www.forbes.com/sites/eliseackerman/2013/05/28/calculat
ing-the-true-cost-
of-byod/#2d598abd1a5c
BYOD trends and audit considerations. (2012, October 4).
26. Retrieved April 5, 2017, from
https://www.sifma.org/uploadedfiles/societies/sifma_internal_au
ditors_society/bring%20
your%20own%20device%20trends%20and%20audit%20consider
ations.pdf
Chen, C. (n.d). BYOD flexibility: The effects of flexibility of
multiple IT device use on users’
attitudes and continuance intention. Retrieved April 18, 2017,
from
http://www.bing.com/cr?IG=2F0048A7ECE745DEA4C99D87EA
45CD22&CID=
1F02AB7A9645647F2C79A11297D565C9&rd=1&h=_9eAvn6N
Zam7JzC5G31TKeFLg
ZFKcLtLn8cB49mrSts&v=1&r=http%3a%2f%2faisel.aisnet.org
%2fcgi%2fviewcontent.
cgi%3farticle%3d1562%26context%3damcis2014&p=DevEx,50
62.1
Kaneshige, T. (2014, July 02). BYOD users work longer and
earlier. Retrieved April 30, 2017,
from http://www.cio.com/article/2449817/byod/byod-users-
work-longer-and-earlier.html
McEnaney, M. (2016, May 16). Cybersecurity concerns in a
BYOD world. Retrieved April
14, 2017, from
http://www.enterprisemobilityexchange.com/eme-
byod/articles/cybersecurity-concerns-in-a-byod-world
27. 9
Olalere, M. Abdullah, M. Mahmod, R and Abdullah, A. (2015,
June 1). A review of bring your
own device on security issues. Retrieved April 5, 2017, from
http://journals.sagepub.com/doi/pdf/10.1177/2158244015580372
Rotholtz, B. (2015, June 25). BYOD Legislation: What
California's case could mean for
businesses everywhere. Retrieved April 19, 2017, from
https://www.forbes.com/sites/groupthink/2015/06/25/byod-
legislation-what-californias-
case-could-mean-for-businesses-everywhere/#368b37385564
Sands, R. (2014, February 13). Bring your own device (BYOD).
Retrieved April 5, 2017, from
http://www.ey.com/publication/vwluassets/ey-
bring_your_own_device/$file/ey-bring-
your-own-device.pdf
S. (2017, January 05). The challenges of a bring your own
device (BYOD) policy. Retrieved
April 30, 2017, from
https://simplemdm.com/2017/01/05/challenges-of-bring-your-