​Using RFID Technology to Enhance Corporate Effectiveness 

Many organizations are starting to use radio frequency identification technology to track assets more effectively. To help companies improve business processes, internal auditors need to become familiar with this technology — its advantages and legal considerations.

Comments Views

Internal auditors have to expand their knowledge base and stay up-to-date with the latest technologies to make sure audit recommendations are cutting-edge and effective. Too often, auditors make recommendations based on past knowledge and offer outdated ideas. One prime example of this is asset tracking. In the past, many auditors suggested that organizations find effective ways to track their assets by tagging equipment and maintaining inventory records. This is evident in all the identification tags on desks, file cabinets, computers, chairs, audio-video equipment, and other corporate items.

Unfortunately, once auditors have a chance to review the effectiveness of these tracking mechanisms, they often find tags are not working properly due to poor management of inventories and related records. Instead of continuing to advocate the use of inert tags and inventory records, auditors should explore the use of radio frequency identification (RFID) technology as an alternative. RFID technology allows companies to manage inventories more effectively and reduce tracking costs by providing up-to-date, accurate, and timely data. Auditors should become familiar with the advantages of using RFID technology in the workplace and the legal and privacy aspects of RFID use with consumers.

There are two kinds of RFID tags: active and passive. Active RFID tags are powered by an internal battery and are developed in such a way that tag data can be rewritten or modified. Although this may present companies with security issues, IT departments can establish controls that prevent unauthorized users from entering the network and modifying the tag's data, such as using radio frequency interface security technology.

On the other hand, passive RFID tags operate without a power source and obtain their power from a reader — a device that interrogates an RFID tag by emitting radio waves through an antenna. Consequently, passive tags are much lighter than active tags, less expensive, and offer a virtually unlimited operational lifetime. The trade off is that they have shorter reading ranges than active tags and require a high-power reader.

There are two kinds of RFID tags: active and passive. Active RFID tags are powered by an internal battery and are developed in such a way that tag data can be rewritten or modified. Although this may present companies with security issues, IT departments can establish controls that prevent unauthorized users from entering the network and modifying the tag's data, such as using radio frequency interface security technology.

On the other hand, passive RFID tags operate without a power source and obtain their power from a reader — a device that interrogates an RFID tag by emitting radio waves through an antenna. Consequently, passive tags are much lighter than active tags, less expensive, and offer a virtually unlimited operational lifetime. The trade off is that they have shorter reading ranges than active tags and require a high-power reader.

Active and Passive RFID Tags

There are two kinds of RFID tags: active and passive. Active RFID tags are powered by an internal battery and are developed in such a way that tag data can be rewritten or modified. Although this may present companies with security issues, IT departments can establish controls that prevent unauthorized users from entering the network and modifying the tag's data, such as using radio frequency interface security technology.

On the other hand, passive RFID tags operate without a power source and obtain their power from a reader — a device that interrogates an RFID tag by emitting radio waves through an antenna. Consequently, passive tags are much lighter than active tags, less expensive, and offer a virtually unlimited operational lifetime. The trade off is that they have shorter reading ranges than active tags and require a high-power reader.

RFID in Action

Companies around the world are taking advantage of RFID technology in various ways to improve business processes. For example, Chase Bank is issuing RFID-encoded credit cards that can be waved at ATM machines; retail company Wal-Mart has reduced out-of-stock merchandise by 16 percent with the use of RFID-tagged stock; health-care product providers are using RFID tags to track intravenous pumps and hospital beds; and many airports around the world use RFID tags to keep track of travelers' luggage and equipment. Probably the best example of RFID in action is the use of prepaid toll passes in the United States, such as the E-ZPass in New York state or SunPass in Florida. E-ZPass and SunPass are RFID transponders that transmit information to a data recorder. When a car is equipped with the transponder, a dollar amount is deducted automatically from the driver's account as the car passes through the toll collection lane without stopping.

Besides helping organizations solve practical matters, companies can use RFID tags to address more serious issues. For instance, in October 2005 in Texas, approximately 1,600 Exxon-Mobil employees attending a company-sponsored health fair were injected with purified water instead of a flu vaccine. The same health-care company was charged with Medicare fraud for giving bogus flu shots to elderly patients during the same month. RFID tags could have avoided both incidents by allowing the pharmaceutical company to track each vaccine vial to a corresponding record detailing the vaccine's movement throughout the supply chain.

Finally, RFID technology can be used to prevent more unfortunate incidents. Too many doctors have performed the wrong surgical procedure on the wrong patient or, worse, removed the wrong body part, according to the Joint Commission on Accreditation of Healthcare Organizations. By some estimates, medical errors kill as many as 98,000 people per year. To prevent this, some hospitals have started to use RFID chips on wristbands that can be embedded with data and scanned with a reader to identify patients and what surgical procedure is needed.

Concerns and Issues

Although RFID asset management solutions can enable corporations to protect intellectual property and customer privacy data more effectively, this technology is not without its detractors. Civil and consumer rights groups have identified four major privacy and civil liberty concerns with the use of RFID technology. These are:

Placing Hidden Tags

RFID tags can be embedded into or onto objects without the knowledge of the individual obtaining or holding these items. This has already been done by home and personal products company Gillette, which placed hidden tags inside Mach3 razor blade packages, and by Italian clothing retailer Benetton, which placed RFID tags inside shipping boxes to track articles of clothing. While RFID tags can help companies keep track of consumer behavior, consumer advocates are concerned hidden tags represent an invasion of privacy.

In addition, RFID tags can be read from a distance and can be incorporated invisibly into nearly any environment. RFID readers have already been embedded experimentally into floor tiles, woven into carpeting and floor mats, hidden in doorways, and incorporated seamlessly into retail shelving and counters, making it virtually impossible for a consumer to know whether they are being monitored.

Using Unique Identifiers for all Objects Worldwide 

The Electronic Product Code (EPC) is designed to enable every object on Earth to have its own unique identifier. Unlike a Universal Product Code number — which only provides information specific to a group of products — the EPC gives each product a specific identifying number, thus allowing greater tracking accuracy. EPCglobal Inc., a developer of industry-driven EPC standards, assigns EPC number blocks to all products in the world. These numbers are ideally suited for direct and easy use as keys within a database. The use of these keys could enable every physical object to be identified and linked to its purchaser or owner in a global registration system. Consumer advocate groups worry organizations could use EPC information improperly and invade people's privacy by tracking purchases without proper authorization.

Compiling Massive Amounts of Data 

Corporations have learned through grocery "loyalty" cards that collecting data may add new value to the company. Thus, many corporations compile and test large amounts of data to add business value. Because RFID deployment requires the creation of huge databases containing tag identification numbers, a security concern is that data records could be linked with personal data, especially as computer memory and processing capacities expand.

Tracking and Profiling of Individuals 

If personal identity were determinable (i.e., linked to a unique RFID tag number), individuals could be profiled and tracked without their knowledge or consent. EPC documents show different number blocks have been reserved for different products, and one is already reserved for "human." For example, as stated above, a tag embedded in a shoe can effectively be used as an identifier for the person wearing that particular shoe. The EPC of items people wear or carry around could associate them with events of a more private nature, such as attendance at political rallies and other social centers.

Internal auditors can help management focus on addressing these and other concerns by thinking about the following key issues:

  • What new approaches are required or are already available, such as smart privacy and security policies, to sustain innovation and increase the awareness of technology applications so consumers can make informed choices?
  • What role do technological solutions and industry self-regulatory best practices play in current implementation activities?
  • What privacy and security issues have come to the forefront as RFID moves closer to item-level tagging?
  • What are some of the future applications RFID promises to offer, and what are the ensuing growth and productivity gains associated with them?

To help address privacy concerns that may arise through the use of RFID technology, internal auditors should work with IT departments or the company's chief security officer, chief information officer, or chief information security officer. This will help auditors learn more about the latest technology solutions aimed at addressing consumer privacy concerns. Some of these solutions include "kill codes," "blocker tags," and "distance measurement" tools, which allow individuals to know what is being monitored and when, as well as to choose the level of privacy they desire.

One of the secret weapons the Marines used in Iraq was RFID. According to Col. Mark Nixon, head of the Marine Corps' Logistics Vision and Strategy Center, using RFID tags allowed battalion commanders on the ground to see and control the flow of supply replenishments for the first time. "War fighters have to be able to influence the distribution pipeline, and RFID enables them to do that," said Col. Nixon. The military has spent approximately US $100 million implementing this technology over the last decade. The buildup is aimed at reducing the loss or misplacement of supplies and stopping critical shortages of ammunition, fuel, and water.

One of the secret weapons the Marines used in Iraq was RFID. According to Col. Mark Nixon, head of the Marine Corps' Logistics Vision and Strategy Center, using RFID tags allowed battalion commanders on the ground to see and control the flow of supply replenishments for the first time. "War fighters have to be able to influence the distribution pipeline, and RFID enables them to do that," said Col. Nixon. The military has spent approximately US $100 million implementing this technology over the last decade. The buildup is aimed at reducing the loss or misplacement of supplies and stopping critical shortages of ammunition, fuel, and water.

Military Use of RFID Tags

One of the secret weapons the Marines used in Iraq was RFID. According to Col. Mark Nixon, head of the Marine Corps' Logistics Vision and Strategy Center, using RFID tags allowed battalion commanders on the ground to see and control the flow of supply replenishments for the first time. "War fighters have to be able to influence the distribution pipeline, and RFID enables them to do that," said Col. Nixon. The military has spent approximately US $100 million implementing this technology over the last decade. The buildup is aimed at reducing the loss or misplacement of supplies and stopping critical shortages of ammunition, fuel, and water.

What's in Store

In the past, one of the biggest hurdles companies faced when deciding whether to use RFID technology was cost. However, costs for RFID tags have dropped dramatically. In fact, producers are now offering passive tags that are as low as US 7.9 cents a piece, and prices are expected to continue dropping in the future. 

As internal auditors begin to learn more about active and passive RFID technologies, they will be in a better position to offer more cost-effective and value-added audit recommendations. A technology that can be used for such conflicting interests must be introduced in such a way that balances the concerns of all stakeholders. In addition, auditors must spend time understanding the technology and its potential applications if they want to move beyond traditional recommendations that are proving to be ineffective in the long run. Keeping these and other concerns in mind will help auditors become more familiar with the advantages of using RFID technology and the legal aspects of RFID use.

Additional Resources 

For more information about RFID, visit the RFID Journal Web site, www.rfidjournal.com/.

The Organisation for Economic Co-operation and Development also provides information on RFID technology on its Web site, www.oecd.org. Once on the site, conduct a keyword search on "RFID."

 

 

Comment on this article

comments powered by Disqus
  • ITACS_Dec15_Dec31_B_Dec2017_Prem1
  • PwC RPA_Dec2017_Prem2_Cx
  • IIA BkStr-Fall-Catalog_Dec2017_Prem3