Management Information Systems (MIS)

Chapter 1
Information Systems in Business today

NBA makes a slam dunk with information technology

 Problem: no hard data usable in decision making processes, costly and
competitive market
 Solutions: new system designed to collect and organize data using video clips,
video tagging with descriptive categories, streaming
 = Innovation and improving

Business Challenge  management + organization + technology  Informaton System

 Business Solution

Role of IS in business today

Capital investment in IT, hardware, software, communication equipment, grew from

32% to 52% of all invested capital between 1980 and 2009 because better ROI (return
on investment). As manager know how to invest this money wisely on IS and technology.

How are IS transforming business?

 Increased wireless technology use, web sites
 Increased business use of web 2.0 tech
 Cloud computing, mobile digital platform allow more distributed word, decision-‐
making, and collaboration
 Mobile phones, e-‐mail, online conferencing (5 billion cell phone subscribers
worldwide)

Why are more parcels distributed?

 Just in time production, Lean production, As little inventory as possible
  Resond to rapidly changing customer demand
 Get to market faster, reduce overhead costs
A lot of digital information to store and handle.
 Get news online, reading and writing blogs, social networking
 Connect employees, customers, managers worldwide
 Internet advertising and e-‐commerce continue to expand
 Laws requiring to store this data for several years

3 interrelated changes in technology (accuracy, speed, richness of decision making)

1. Emerging mobile digital platform (desktop PC  mobile device to
coordinate work, communicate, provide info for decision making)
2. Growth of online software as a service /SAAS (wikis, Web 2.0, collaboration tools
 better and faster decisions, online teams and projects
 3. Growth in cloud computing (rely on telework, remote work, distributed decision
making, outsource, collaborate with suppliers and customers to create new
products
Globalization opportunities and challenges
 Internet has drastically reduced costs of operating on global scale
 Communication is instant and virtually free (e.g. price information 24/7)
 Presents both challenges and opportunities (outsourcing, offshoring, low wages,
fight for jobs and products, but expanding employment in IS, accelerated
development of new IS)
 “The world is flat – The globalized world in the 21st century” by Thomas L.
Friedman  10 “Flatteners” (advantage developed countries = past)
o Collapse of Berlin Wall
o Netscape (first browser of this company) and the Internet revolution,
connectivity through fiber-‐optic cables
o Workflow software
o Uploading
o Open sourcing
o Outsourcing
o Offshoring (e.g. India, cheaper, better know-‐how)
o Supply chaining, insourcing
o In-‐forming
o The Steroids
 Employee: high level skills, firm: choice of markets
 IS enables globalization

In the emerging fully digital firm

 Business relationships are digitally enabled and mediated
 Core business processes are accomplished through digital networks
o Business processes = logically related tasks/behaviors developed over
time to produce specific business results, e.g. creating an marketing plan
 Key corporate assets (property, financial, human assets) are managed digitally

Greater flexibility in organization and management (time shifting = 24/7, space shifting
= global workplace) = anytime/anywhere, flexibility

IT is a foundation of doing business in the 21st century.

Growing interdependence between ability to use IT and ability to implement corporate
strategies and achieve corp. goals. (fig. 1.2)
6 strategic business objectives
1. Operational excellence (efficiency, productivity)  Walmart RetailLink
2. New products, services, business models (how a company produces, delivers and
sells)  iPod, iPhone
3. Customer supplier intimacy (engaging  returning, e.g. track of preferences
in a database, JIT, lowers costs)
4. Improved decision making (right information, right time instead of
forecasts/luck  Verizon digital dashboard for managers
5. Competitive advantage (faster, cheaper, superior, real time responses)
6. Survival (necessity) 

ATM Depending on type and quality

of IS!

IT= All the hardware + software to achieve business objectives

IS =
 Set of interrelated components;
 Collect, process, store, and distribute information; produce new information;
 Support decision making, coordination, control;
 Solve tasks automatically, create new products, analyze problems
 Information about significant people, places, things

Information vs. data (fig. 1.3)

 Data are streams of raw facts (supermarket checkout counter)
 Information is data shaped into meaningful form (total unit sales of dish
detergent, total sales revenue for specific store)

Function of an IS (fig. 1.4)

Input (captures raw data)  Processing (Classify, Arrange, Calculate) (converts raw
data into meaningful form) Output (transfers processed information to people or
activities that use it)  Feedback (output returned to appropriate members of
organization to help evaluate or correct input stage)

! Computers and Software are only part of an IS! ( = technical foundation and tools)

Perspectives n IS (fig. 1.5) = IS literacy

 Computer literacy is only knowledge of IT
1. Organizations
2. Technology
3. Management

Organizational dimension
 IS = integral part
 Key elements: people, structure, business processes, politics, culture
 Different levels/specialties, hierarchy or pyramid structure
o Upper level: managerial, professional, technical employees
o Lower level: operational personnel
o Senior Mgt.: long-‐term strategic decisions, financial performance
o Middle Mgt.: carries out programs and plans
o Operational Mgt.: monitoring daily activities

 Separation business functions

 Unique business processes with formal rules, developed over time to guide
employees (IS automate many business processes)
 Unique culture = fundamental set of assumptions, values, ways to do things
 IS come out of organizational conflicts
Management
 Make decisions, formulate action plans, solve organizational problems
 Perceive business challenges , strategy to respond, allocate resources
 Creative work driven by knowledge and information (new products, recreate
organization))

Information Technology (IT)

 Computer hardware (input, processing, output, several linked devices)
 Computer software (details, preprogrammed instructions to control/coordinate)
 Data management technology (sotware governing organization of data and
storage media)
 Networking and telecommunications technology (devices and software linking
hardware and transferring data)
o Network links computers to share data and resources (e.g. printer)
o Internet = network of networks (technology platform)
o WWW = service provide by Internet
 All these technologies = resources = IT infrastructure
 IT infrastructure = foundation to build IS (carefully design and manage)

UPS Package Tracking System

 Organized in sales and production functions (delivery is the product/service)
 Procedures for identifying packages, inventory, tracking en route, status reports
 Also provide information to satisfy needs of managers and workers
 Trained to use the system = effective + efficient
 Management: monitors service level and costs for promoting strategy (low costs,
high service)
 Decision to use computer systems increase ease for sending and updating,
reducing costs, increasing sales
 Technology: handheld computers, bar code scanners, communication networks,
desktop PCs, data center, storage technology, tracking software, software for
WWW access

Business perspective
 Investment because IS (instrument) = real economic corporate value to the
business
 ROI will be superior to other investments (buildings, machines etc.)
 Increases in productivity, revenues ( stock market value), long-‐term strategic
positioning ( future revenues)
 Decreases costs because of information for better decisions, better execution of
business processes.

Business information value chain

 Raw data acquired and transformed through stages that add value to that
information
 Value of information system determined in part by extent to which it leads to
better decisions, greater efficiency, and higher profits

An IS represents an organizational and management solution, based on IT, to a challenge

or problem posed by the environment.
 PROFITABILITY

Complementary assets
 Some firms achieve better results with IS than others
 Invest great deal or little a amount, receive low or much returns
 IT investments alone are not enough
 Organization and Management: supportive values, structures, behavior patterns
(= complementary assets)
 Adopt right business model that suits the new technology
 Complementary assets = assets required to derive value from a primary
investment  receive superior returns
 E.g. new business models, business processes, management behavior,
organizational culture, training
 Investment in organizational and management capital
o Organizational assets, e.g.
 Appropriate business model
 Efficient business processes
o Managerial assets, e.g.
 Incentives for management innovation
 Teamwork and collaborative work environments
o Social assets (not by company, society in gerneal) e.g.
 The Internet and telecommunications infrastructure
 Technology standards
Contemporary Approaches to IS
 Multidisciplinary field
 IS = sociotechnical systems (machines, devices, physical tech, social,
organizational, intellectual investments

Technical approach
 Emphasizes mathematically based models
 Computer science (computability, data storage + access), management science,
operations research (transportation, inventory control, transaction costs)

Behavioral approach (development, long-‐term maintenance)

 Behavioral issues (strategic business integration, implementation, design..)
 Psychology (human perceive and use), economics (production, dynamics
market) , sociology (groups)
o IST stimulus for behavioral problem/issue
o Changes in attitudes, management, organizational policy, behavior

Four main actors

 Suppliers of hardware and software (technologists)
 Business firms (investments, seeking value)
 Managers and employees
 Firm’s environment (legal, social, cultural context)
  Management Information Systems (MIS)
o Combines computer science, management science, operations research
and practical orientation with behavioral issues

Sociotechnical view
 Optimal organizational performance achieved by jointly optimizing both social
and technical systems used in production (technic and behavior)
 Helps avoid purely technological approach
 Mutual adjustment of both technology and organization
Chapter 2
Global E-‐Business and Collaboration

Business Processes
= Unique manner in which work is organized, coordinated, focused to produce valuable
products and services
 Workflows of material, information, knowledge (coordinated by Management
and Organization)
 Performance depending on design and coordination of bp
 Competitive strength, innovation (assets) or liabilities
 Sets of activities, steps
 May be tied to functional area or be cross-‐functional (e.g. fulfilling customer
order)
 Businesses: collection of bp  information must flow rapidly
between departments, supplier, customer, business partners

 Information technology enhances business processes in two main ways:

o Increasing efficiency of existing processes
 Automating steps that were manual
o Enabling entirely new processes that are capable of transforming the
businesses (new business models)
 Change flow of information
 Replace sequential steps with parallel steps
 Eliminate delays in decision making

Types of IS
 Typical: different kinds of systems supporting processes for each major business
function
 Large-‐scale cross-‐functional systems, integrate related activities
 Different systems supporting decision making needs management groups
o Transaction processing system
o Management information system
o Decision-‐support system
o System for business intelligence
Transaction processing systems / TPS
 Perform and record daily routine transactions necessary to conduct business
(Examples: sales order entry, payroll, shipping)
 Answer routine questions, flow of transactions
 Allow managers to monitor status of operations and relations with external
environment
 Serve operational levels (predefined tasks, resources, goals)
 Serve predefined, structured goals and decision making
 Producing information for other business functions

Management information systems / MIS

 Specific category of IS to serve middle management, Are things working well?
 Provide reports on firm’s current performance, based on data from TPS, monitor,
control, predict future
 Provide answers to routine questions, predefined procedure for answering
 Typically have little analytic capability, low flexibility
Decision support systems / DSS
 Serve middle management, support non-‐routine decision making
 Example: What is impact on production schedule if December sales doubled?
 Often use external information as well from TPS and MIS
o Model driven DSS (Voyage-‐estimating systems)
o Data driven DSS (Intrawest’s marketing analysis systems)

Business intelligence
 Class of software applications (organizing, analyzing, providing access)
 Analyze current and historical data to find patterns and trends and aid decision-‐
making (long-‐term)
 Used in systems that support middle and senior management
o Data-‐driven DSS
o Executive support systems (ESS)

Executive support systems

 Support senior management in non-‐routine decisions (portal)
 Requiring judgment, evaluation, and insight
 Incorporate data about external events (e.g. new tax laws or competitors) as well
as summarized information from internal MIS and DSS
 Example: Digital dashboard with real-‐time view of firm’s financial performance:
working capital, accounts receivable, accounts payable, cash flow, and inventory

Enterprise applications
 Systems for linking the enterprise + span functional areas
 Execute business processes across firm (customer, supplier, business partner)
 Include all levels of management
 Four major applications:
o Enterprise systems
o Supply chain management systems
o Customer relationship management systems
o Knowledge management systems
Enterprise systems / ERP
 Collects data from different firm functions and stores data in single central data
repository (serves variety of groups)
 Resolves problem of fragmented, redundant data sets and systems
 Enable: coordination of daily activities, efficient response to customer orders
(production, inventory), Provide valuable information for improving
management decision making

Supply chain management (SCM) systems

 Manage firm’s relationships with suppliers, interorganizational system
 Share information about orders, production, inventory levels, delivery of
products and services
 Goal: right amount of products to destination with least amount of time and
lowest cost

Customer relationship management systems / CRM

 Provide information to coordinate all of the business processes that deal with
customers in sales, marketing, and service to optimize revenue, customer
satisfaction, and customer retention
 Integrate firm’s customer-‐related processes and consolidate customer
information from multiple communication channels

Knowledge management systems (KMS)

 Support processes for acquiring, creating, storing, distributing, applying,
integrating knowledge
 How to create, produce, distribute products and services
 Collect internal knowledge and experience within firm
 Link to external sources of knowledge

Alternative tools that increase integration and expedite the flow of information
 Intranets: Internal company Web sites accessible only by employees
 Extranets: Company Web sites accessible externally only to vendors and
suppliers

E-‐business: Use of digital technology and Internet to drive major business processes
E-‐commerce: Subset of e-‐business; Buying and selling goods and services through
Internet
E-‐government: Using Internet technology to deliver information and services to
citizens, employees, and businesses

Systems for Collaboration and Teamwork

 Work with others to achieve goals
o Short-‐lived or long-‐term
o Informal or formal (teams)
o Team: specific mission
 Growing importance of collaboration:
o Changing nature of work (jobs with interaction)
o Growth of professional work – “interaction jobs” (specialists)
o Changing organization of the firm (hierarchy  teams/groups)
 o Changing scope of the firm (multiple locations)
o Emphasis on innovation (= group process)
o Changing culture of work (diversity, crowdsourcing)

Business benefits of collaboration and teamwork

 Investments in collaboration technology can produce organizational
improvements returning high ROI
 Productivity, Quality, Innovation, Customer service, Financial performance
 Requirement:

Building a collaborative culture and business processes

 “Command and control” organizations (no value placed on teamwork or lower-‐
level participation in decisions, vertical communication)
 Collaborative business culture
o Senior managers rely on teams of employees
o Policies, products, designs, processes, systems rely on teams
o Managers purpose is to build teams, giving reward to teams, and indiv.

Tools + Technology for collaboration and teamwork

Social Networking Virtual Worlds (SecondLife)

Wikis
Internet-‐Based Collaboration Environments
 Virtual meeting systems (telepresence)
 Google Apps/Google sites
 Microsoft SharePoint
 Lotus Notes

 Two dimensions of collaboration technologies

o Space (or location) – remote or colocated
o Time – synchronous or asynchronous

 Six steps in evaluating software tools

1. What are your firm’s collaboration challenges?
2. What kinds of solutions are available?
3. Analyze available products’ cost and benefits (incl. training)
4. Evaluate security risks
5. Consult users for implementation and training issues
6. Evaluate product vendors

Information Systems Function

 Responsibility for running described systems
 Managing technology

Information systems department

 Formal organizational unit responsible for information technology services
 Headed by chief information officer (CIO) Other senior positions include
chief security officer (CSO), chief knowledge officer (CKO), chief privacy officer
(CPO)
 Programmers (trained technical, specialists, software instructions)
 Systems analysts (translate business problems into IS)
 Information systems managers (leaders of teams, analysts, project managers,
facility managers, , database specilists…)
End users
 Representatives of other departments for whom applications are developed
 Increasing role in system design, development

IT Governance
 Strategies and policies for using IT in the organization
 Specifies decision rights and framework for accountability
 Organization of information systems function (centralized, decentralized, ROI,
monitoring etc.)
 Being able to use IT efficiently and effectively has become more and more
essential to a business’ success.

Chapter 3
Information Systems, Organizations, and Strategy

Organizations and Information Systems

  Information technology and organizations influence one another
 IS built by managers to serve interest of business firm
 Orga must be open to IS to benefit from technologies
 Complex interaction, influenced by mediating factors
 Manager: decide which systems to build, what they will do + how they will be
implemented
 Not all changes can be foreseen, results may or not meet expectations

What is an Organization?
 Technical definition:
o Stable, formal social structure that takes resources from environment and
processes them to produce outputs
o 3 elements: Capital + labor production factors from environment;
transformation from organization into products/services; outputs
consumed by environment
o Formal legal entity with internal rules and procedures, as well as a social
structure
 Behavioral definition: (more realistic)
o Collection of rights, privileges, obligations, and responsibilities that is
delicately balanced over a period of time through conflict and conflict
resolution
o Working people develop customary ways of working, attachments to
existing relationships, arrangements with subordinates and superiors
about how to work, amount, conditions (informal)
 Relation to IS: technical view: easy to change arrangement of workers and
machines, substitution capital and labor; but behavior: IS change balance of
rights, privileges, obligations, responsibilities, feelings  time and
resources

technical

behavioral
Features of Organizations
 Use of hierarchical structure (specialists)
 Accountability, authority in system of impartial + universal decision making
(abstract rules or procedures)
 Promote employees on basis of technical qualification + professionalism
 Adherence to principle of efficiency (may output, min input)
 Routines and business processes
 Organizational politics, culture, environments and structures

 Routines and business processes

o Routines (standard operating procedure – SOP): precise rules, procedures
and practices developed tocope with all expected situations 
productive/efficient
o Business processes: Collections of routines
o Business firm: Collection of business processes
 Organizational politics
o Divergent viewpoints lead to political struggle, competition, and conflict
o Political resistance greatly hampers organizational change
 Organizational culture
o Taken for granted, Encompasses set of assumptions that define goal and
product (What products the organization should produce, how and where,
for whom)
o May be powerful unifying force as well as restraint on change
 Organizational Environments
o Organizations and environments have a reciprocal relationship
o Open to, and dependent on, the social and physical environment
o Organizations can influence their environments
o Environments generally change faster than organizations (new products,
public tastes, values, political conflict, raised by changes, threat to closely
held cultural values, inhibit to make significant changes)
o Information systems can be an instrument of environmental scanning, act
as a lens
Disruptive technologies
 Technology/business innovation  radical change in business landscape
+ environment (industries + markets)
 Substitute product, working much better than current product (e.g. iPods)
 Industries put out of business, extended market , low-‐cost competitors
 Riding with the wave (create technology), adapt business, others become
obsolete, no firms benefit only customer
 First movers, fast followers

 Organizational Structure (5 basic kinds)

o Entrepreneurial
o Machine bureaucracy
o Divisionalized bureaucracy
o Adhocracy

 Other organizational features

o Goals (coercive, utilitarian, normative)
o Constituencies (benefiting members, clients, stockholders, public)
o Leadership styles (democratic, authoritarian)
o Tasks (routine, nonroutine)
o Surrounding environments

Economic impacts
 IT changes relative costs of capital and the costs of information
 IS technology is a factor of production, like capital and labor (also a substitute for
middle managers, buildings, machinery)
 IT affects the cost and quality of information and changes economics of
information
 Firms contract/shrink in size because IT can reduce transaction costs (cost
participating in markets, e.g. locating distant suppliers)  outsourcing (same X= cost Y=size
ore more revenues with less employees)
 Firms experience agency costs (cost of managing + supervising self-‐interested
parties = agents (employees)) (nexus of contracts)  IT analyzes info, easier
for manager to oversee greater number of employees  reducing costs
Organizational and behavioral impacts
 IT flattens organizations
o Decision making pushed to lower levels (empowering, higher educational
level)
o Fewer managers needed (IT enables faster decision making and increases
span of control, eliminating middle managers)
 Postindustrial organizations
o Organizations flatten because in postindustrial societies, authority
increasingly relies on knowledge and competence rather than formal
positions =self management
o Decentralization because knowledge also decentralized
o IT –> task force networked organization, groups of professionals
o New approaches for evaluating, organizing, informing workers required
 Organizational resistance to change
o IS bound up in organizational politics because influence access to a key
resource – information
o IS potentially change organization’s structure, culture, politics, and work
 often considerable resistance
o Most common reason for failure of large projects is due to organizational
and political resistance to change

Internet and organizations

 Internet increases accessibility, storage, distribution of information + knowledge
for organizations
 Internet can greatly lower transaction and agency costs (distribution manuals,
instant price info, sales info + replenishment orders)
 Simpler business processes, fewer employees, flatter organizations

IS Design consider:
 Environment
 Structure (hierarchy, routines, business processes)
 Culture and politics
 Organization type, leadership style
 Main interest groups affected by system, attitudes of end users
 Tasks, decisions, business process the system will assist

Using IS for competitive advantage

 Firms do better than others (revenue growth, profitability, productivity) 
higher stock market valuations
 Access to special resources or use common resources more efficiently
Porter’s competitive forces model
 Provides general view of firm, its competitors, and environment
 Five competitive forces shape fate of firm
1. Traditional competitors (share market space with competitors with new
products, services, efficiencies, switching costs)
2. New market entrants (high barriers to entry, new companies with new
equipment, younger workers, innovation, little brand recognition)
3. Substitute products and services (when prices to high, lesser control about
prices and lower profit margins)
4. Customers (ability to attract and retain customers, switch to competitors
products?, price alone in transparent marketplace or product differentiation)
5. Suppliers (market power, when firm cannot raise prices as fast as suppliers)

4 strategies for dealing with competitive forces

 Enabled by IT + IS
 Low-‐cost leadership
 Product differentiation
 Focus on market niche
 Strengthen customer and supplier intimacy

 Low-‐cost leadership
o Produce products and services at a lower price than competitors while
enhancing quality and level of service
o Examples: Walmart’s continuous replenishment system, high speed, no
large inventory, adjust purchases depending on demands =efficient
customer response system
 Product differentiation
o Enable new products or services, greatly change customer convenience
and experience (IS to customize + personalize to fit precise specifications
 mass customization
o Examples: Google, Nike (NIKEiD), Apple (iPod + iTunes)
• Focus on market niche
o Use IS to enable a focused strategy on a single market niche; specialize,
analyzing, buying patterns, tastes, preferences  marketing
campaigns
o Example: Hilton Hotels OnQ guest preferences profitable customers
additional privileges , credit cards
• Strengthen customer and supplier intimacy
o Use IS to develop strong ties and loyalty with customers and suppliers;
increase switching costs
o Example: Netflix, Amazon (recommended books)

Internet’s impact on competitive advantage

 Transformation, destruction, threat to some industries, also opportunities
 Competitive forces still at work, but rivalry more intense
 Universal standards allow new rivals, entrants to market
 New opportunities for building brands and loyal customer bases
 Easier substitution, bargaining power, positioning
Business value chain model
 Where to start to gain operational excellence
 Views firm as series of activities that add value to products or services (primary
vs. support activities)
o Primary act.: Most directly related to production/distribution create value
for customer (inbound logistics, operations, outbound logistics, sales,
marketing, service)
o Supportive act.: make delivery of p.a. possible, organization
infrastructure, HR, technology, procurement)
 Highlights activities where competitive strategies can best be applied (IS most
strategic impact)
 At each stage, determine how information systems can improve operational
efficiency and improve customer and supplier intimacy
 Utilize benchmarking (comparing efficiency, effectiveness), industry best
practices (consulting companies, research), result: SCMS, CRMS

 Analyzing various stages  candidate applications of IS

 Decide which to develop first, making improvement in own value chain

Value Web (Extending Value Chain)

 Collection of independent firms using highly synchronized IT to coordinate value
chains to produce product or service collectively (industrial standards, higher
entry costs, lesser substitution, increase efficiency, networks))
 Strategic advantage: link own value chain with vc of other partners (Amazon:
Marketplace, quick paying, shipment system, tracking)
 More customer driven, less linear operation than traditional value chain
 Value web = highly synchronized industry value chains, flexible + adaptive to
changes in supply/demand, accelerate time to market + customers
Synergies
 Output of some units used as inputs to others, organizations pool markets and
expertise
 Lower costs, generate profits (e.g. merging banks)
 IT: tie together operations of disparate business units (act as whole)

Enhancing core competencies

 Activity for which firm is world-‐class leader
 Relies on knowledge, experience, and sharing this across business units
 Enhance existence, help employees become aware of external knowledge,
leverage to related markets
 Example: Procter & Gamble’s InnovationNet and directory of subject matter
experts

Network-‐based strategies
 Take advantage of firm’s abilities to network with each other
 Include use of: network economics, virtual company model, business ecosystems
 Traditional economics: Law of diminishing returns
o The more any given resource is applied to production, the lower the
marginal gain in output, until a point is reached where the additional
inputs produce no additional outputs
 Network economics:
o Marginal cost of adding new participant almost zero, with much greater
marginal gain
o Value of community grows with size (e.g. communities 
customer loyalty, enjoyment)
 o Value of software grows as installed customer base grows
 Virtual company strategy
o uses networks to ally with other companies to create and distribute
products without being limited by traditional organizational boundaries
or physical locations (link people, assets, ideas)
o when cheaper to acquire products, services…, or when to move quickly
o E.g. Li & Fung manages production, shipment of garments for major
fashion companies, outsourcing all work to over 7,500 suppliers
 Business ecosystems (modification Porter)
o Industry sets of firms (instead of only one industry) providing related
services and products, loosely coupled, but interdependent networks
o Theory: Value web but with many industries (not only firms) – e.g
Walmart, Microsoft
o Keystone firms: Dominate ecosystem and create platform used by other
firms
o Niche firms: Rely on platform developed by keystone firm
o Individual firms can consider how IT will help them become profitable
niche players in larger ecosystems
o Use IS to develop into keystone firm
o E.g.: ecosystem mobile digital platform (device makers, wireless telefirms,
application providers, internet service providers

Management Issues
 Strategic IS change organizationa, product, services, procedures, new behavioral
patterns
 Success is a challenge, requiring precise coordination of techolgy, orga and mgt.

Sustaining competitive advantage

 Because competitors can retaliate and copy strategic systems, competitive
advantage is not always sustainable;
 Systems may become tools for survival, required to stay in business
 Globalization: even more rapid changes, unpredictable
Aligning IT with business objectives
a. The more successfully a firm can align IT with business goals, the more profitable
it will be
b. Only one quarter of firms achieve this alignment because IT takes life of its own,
doesn’t serve management interest, instead of shaping IZ to enterprise, often
ignored and worked around
Performing strategic systems analysis
 What is structure of industry?  competitive forces, new entrants,
relative power of suppliers, customers, substitute products, services,
prices
 What are value chains for this firm, businesses, industry?  value for
customer, lower prices, better quality, using best practices, maximum
advantage of SCM + CRM, ERP, leverage core competencies, changes beefit or
harming, strategic partnerships, value webs, where greatest value of IS
 IT aligned with business strategy and goals?  correctly articulated,
IT improving right bp, right metrics to measure

Managing strategic transitions

 Adopting strategic systems requires changes in business goals, relationships with
customers and suppliers, and business processes (= sociotechnical changes =
strategic transisions = movement between levels of sociotechnical systems
 Blurring orga boundaries (external + internal)
 Linked customers and suppliers, sharing responsibilities
Chapter 4
Ethical and Social Issues in Information Systems

Understanding Ethical and Social Issues

 Lapses in management ethical and business judgment
 Judges sentence executives based on the monetary vale, prevention, hide the
crime, failure to corporate
 Past companies often paid for employees in civil charges, now firms cooperate
with prosecutors to reduce charges against entire firm
 Decide as a manager and employee about ethical and legal conduct
 Ethics = principles of right and wrong to guide behaviors (free moral agents)
 IS opportunity for intense social change, threatening existing distributions of
power, money, right, obligations, new kinds of crime
 Used to achieve social progress, commit crimes, threaten social values (benefits +
costs)
 Concerns about appropriate use of customer information, protection privacy,
intellectual property
 Accountability for consequences of IS?, standards?

Model for thinking about ethical, social, political issues

 Society = calm pond with individuals, institutions, rules, laws
 New IT: rock  ripple effect  raising issues
 5 moral dimensions of the information age:
o Information rights and obligations (possessing, protecting)
o Property rights and obligations (easy ignoring, protecting)
o System quality (standards of data)
o Quality of life (values reserved, protect institutions from violation, cultural
values and practices)
o Accountability and control (when harm done to so.)
 time to respond with etiquette and laws (legal gray area)
  Is for core production process  dependence on system + vulnerability
 Data storage_ cheap and effective, combine detailed info from different sources.
Electronic dossiers  profiling (e.g. credit cards)
 e.g DoubleClick (info about online visitors. Habits spending, computing
 e.g. ChoicePoint (info police, criminal, motor vehicle records) = data broker
business
 New technology: nonobvious relationship awareness (NORA)  find
hidden connections
 Data from Watch Lists, Incident and Arrest Systems, Customer Transactions
Systems, Telephone records, Human Resources Systems

Ethics in Information Society

 Ethics = concern of humans who have a freedom of choice
 Choosing the correct moral choice  responsibility (key element)
 Responsibility: accept potential costs, duties, obligations
 Accountability: feature of systems/social institutions, determine who is
responsible
 Liability: feature of political systems, body of laws, permits indiv. recover from
damages
 Due process: Laws are well known and understood, with an ability to appeal to
higher authorities
 You can/will be held accountable, recover through set of laws by due process

Ethical Analysis
1. Identify and describe clearly the facts
2. Describe conflict and dilemma and identify the higher-‐order values involved
3. Identify the stakeholders
4. Identify the options that you can reasonably take
5. Identify the potential consequences of your options

Ethical Principles (after analysis)

 Golden Rule: Do unto others as you would have them do unto you (putting
yourself in the place of others)
 Categorical Imperative (Immanuel Kant): If an action is not right for everyone to
take, it is not right for anyone
 Rule of Change (Descartes): If an action cannot be taken repeatedly it is not right
to take at all.
 Utilitarian Principle: Take the action that achieves the higher or greater value
 Risk Aversion Principle: Take the action that produces the least harm or the least
potential cost
  Ethical “no free lunch” rule: Assume that virtually all tangible and intangible
objects are owned by someone else, unless there is a specific declaration
otherwise

Processional Codes of Conduct

 Professionals: special rights/obligations, because of special claims knowledge,
wisdom, respect
 Codes of conduct promulgated (verkü nden) by associations of professionals
 Codes of ethics = promises to regulate themselves in interest of society
 Real world ethical dilemmas: set of interests pitted against another

Information Rights: privacy and freedom

 Privacy: claim of individuals to be left alone/ free from surveillance/interference
from other individuals, organizations, state. Claim to be able to control
information about yourself
 IT: threaten claims by making invasion cheap, profitable, effective
 US privacy: First Amendment (freedom of speech), Fourth Amendment
(unreasonable search and seizure), Add. Federal statues (Privacy Act)
 Most laws based on regime Fair Information Practices (FIP) = set of principles
governing the collection and use of information about individuals, guidelines to
drive changes in privacy legislation (advertising, personal identification
numbers)

 EU: 1998 Commissions Data Protection Directive, costumer must consent before
companies legally can use data, disclosure how stored and used, no transfer to
countries without similar protection
 Informed consent = consent given with knowledge of all the facts needed to make
a rational decision
 Safe harbor framework = private self-‐regulating policy and enforcement
mechanism, meets objectives of government regulators

Internet Challenges to Privacy

 Cookies =small text files, identify web browser, track visits, updated, customize
 Combining data from different sources  detailed profile
 Web beacons (Web bugs) = tiny object invisibly embedded in e-‐mail messages, to
monitor behavior (IP address, time, how long, type of browser, cookie values
 Spyware secretly install itself , send banner ads, report activity on the computer
 GOOGLE: used by 75% of internet users  largest collection of personal info
 Behavioral targeting: target ads google search, gmail, blogginh, youtube etc.
 US businesses allowed to gather and use info without informed consenst
  Opt-‐out models permits use until request to stop
 Preferred by advocates: opt-‐in models
 Online industry preffering self-‐regulation to privacy legislation, Alliances 
online seals (TRUSTe, Network Advertising Initiative)
 Ebusiness do little to protect privacy, customers do not enough
 Consumers want more access and control

Technical Solutions
 Technologies to protect privcy (e.g encryption, anonymous, prevent cookies,
detect and eliminate spyware)
 Tools to determine kind od extracted date
 P3P (Platform for Privacy Preferences):
o Allows Web sites to communicate privacy policies to visitor’s Web
browser – user
o User specifies privacy levels desired in browser settings
o E.g. “medium” level accepts cookies from first-‐party host sites that have
opt-‐in or opt-‐out policies but rejects third-‐party cookies that use
personally identifiable information without an opt-‐in policy
 Policies need to be codified according to P3P rules, only works with this web sites

Property Rights: Intellectual Property

 Intangible property created by individuals or corporations
 IT difficult to protect, easy copied and distributed
 Trade Secrets = any intellectual work product (formula, device, pattern,
compilation) used for business purpose, not in the public domain
 Copyright: Statutory grant protecting intellectual property from being copied for
the life of the author, plus 70 years, corporate owned 95 years, not protecting the
idea, only the manifestation in a creative work, ideas and expression merge =
expression can not be copyrighted
 Patents: Grants creator of invention an exclusive monopoly on ideas behind
invention for 20 years, machine, devices, methods  full rewets,
licensing; criteria: nonobviousness, originality, novelty, years of waiting

Challenges to intellectual property rights

 Digital media different from physical media (e.g. books): Ease of replication, ease
of transmission (networks, Internet). Difficulty in classifying software,
Compactness, Difficulties in establishing uniqueness
 Easiy to share files online, illegal, piracy, normal for songs and movies 
developing mechanism to sell intellectual property legally
 Digital Millennium Copyright Act (DMCA) makes it illegal to circumvent
technology-‐based protections of copyrighted materials

Accountability, Liability, and Control

 Computer-‐related liability problems: If software fails, who is responsible?
 If seen as part of machine that injures or harms, software producer and operator
may be liable
 If seen as similar to book, difficult to hold author/publisher responsible
(exception: fraud, defamation)
 Software different from book: expectations of infallibility, inspected, perform a
task, people depend on services, liability law extending to include software
System Quality: Data Quality and System Errors
 What is an acceptable, technologically feasible level of system quality? Flawless
software is economically unfeasible
 Three principal sources of poor system performance:
o Software bugs, errors
o Hardware or facility failures
o Poor input data quality (most common source of business system failure)

Quality of life: Equity, access, and boundaries (Negative social consequences of systems)
 Many not violations of property crimes, but can be very harmful, potentially can
destroy valuable elements of our culture and society, even when the bring
benefits
 Balancing power: Although computing power decentralizing, key decision-‐
making remains centralized
 Rapidity of change: Businesses may not have enough time to respond to global
competition  just in time society, jobs, families, vacations
 Maintaining boundaries: Computing, Internet use lengthens work-‐day, infringes
on family, personal time
 Dependence and vulnerability: Public and private organizations ever more
dependent on computer systems
 Computer crime and abuse
o Computer crime: Commission of illegal acts through use of compute or
against a computer system – computer may be object or instrument of
crime
o Computer abuse: Unethical acts, not illegal (e.g. Spam: High costs for
businesses in dealing with spam
o Conduct surveillance of employees and ordinary citizens
 Employment: Reengineering work/redesign business processes) resulting in lost
jobs
 Equity and access – the digital divide: Certain ethnic and income groups in the
United States less likely to have computers or Internet access
 Health risks:
o Repetitive stress injury (RSI): most common, largest source is computer
keyboards, Carpal Tunnel Syndrome (CTS)
o Back, neck pain, leg stress, foot pain
o Computer vision syndrome (CVS) – eyestrain condition
o Technostress: aggravations, hostility towards humans, impatience, fatigue
o Role of radiation, screen emissions, low-‐level electromagnetic fields not
been proved, unknown effects
o Digital technologies are damaging ability to think clearly and focus, try to
multitask, concentration, interruptions
Chapter 5
IT Infrastructure and Emerging Technologies

IT Infrastructure
 Shared technology resources providing platform for specific IS applications
 Investment in hardware, software, services (consulting, education, training)
 Foundation for serving customers, working with vendors, managing business
process
 Set of physical devices and software required to operate enterprise
 Set of firmwide services
o Computing platforms providing computing services (e.g desktop
computer, laptop)
o Telecommunications services
o Data management services (+analyzing)
o Application software services (ERP, CRM, SCM, KMS)
o Physical facilities management services
o IT management (plan infrastr. Coordinate with BU), standards (policies),
education (training) , research and development services (future
investments)
 “Service platform” perspective more accurate view of value of investments

Evolution of IT Infrastructure
 General-‐purpose mainframe & minicomputer era: 1959 to present
o 1958 IBM first mainframes introduced (centralized) – support thousands
online remote terminals connected
o 1965 Less expensive DEC minicomputers (more decentralized)
 Personal computer era: 1981 to present
o 1981 Introduction of IBM PC
o Proliferation in 80s, 90s resulted in growth of personal software
o Wintel PC (95%)
 Client/server era: 1983 to present
o Desktop clients networked to servers, with processing work split between
clients and servers
o Network may be two-‐tiered or multitiered (N-‐tiered)
o Various types of servers (network, application, Web)
o Smaller, inexpensive machines, costs less, computing power explosion
  Enterprise computing era: 1992 to present
o Move toward integrating disparate networks, applications using Internet
standards and enterprise applications
o Free information flow, link different types of hardware, includes public
infrastructures, link applications, web services
 Cloud and Mobile Computing: 2000 to present
o Refers to a model of computing where firms and individuals obtain
computing power and software applications over the Internet or other
network (shared pool of computing resources)
o Fastest growing form of computing

Technology drivers of infrastructure evolution

 Moore’s law and microprocessing power
o Computing power(2)/microprocessing power (1) doubles every 18
months; the price for computing falls by half every 18 months (3)
o Nanotechnology: Shrinks size of transistors to size comparable to size of a
virus, width of several atoms
 Law of Mass Digital Storage
o The amount of data being stored each year doubles
o Cost is falling at an exponential rate of 100%/year
 Metcalfe’s Law and network economics
o Value or power of a network grows exponentially as a function of the
number of network members
o As network members increase, more people want to use it (demand for
network access increases)
 Declining communication costs and the Internet
o An estimated 1.8 billion people worldwide have Internet access
o As communication costs fall toward a very small number and approach 0,
utilization of communication and computing facilities explodes  fimrs
greatly expand Internet connections, power of their networks…
 Technology standards and network effects
o Specifications that establish the compatibility of products and the ability
to communicate in a network
o Unleash powerful economies of scale and result in price declines as
manufacturers focus on the products built to a single standard
o E.g. Win OS, Microsoft office, Unix (enterprise server), Ethernet, TCP/IP

7 main IT Infrastructure components

1. Computer hardware platforms (Dell, IBM, Sun, HP; Apple, Linux)
o Client machines and servers (blade servers: ultrathin computers stored in
racks)
o Mainframes: IBM mainframe equivalent to thousands of blade servers
o Top chip producers: AMD, Intel, IBM
o Top firms: IBM, HP, Dell, Sun Microsystems
2. Operating system platforms (Windows – 75% server – 90% clients, Unix + Linux
-‐ 25% server, Mac OS X, Google Chrome – cloud computing, iOs, Android for
handheld devices)
3. Enterprise software applications (SAP, Oracle, middleware provider: BEA,
Microsoft)
 4. Data management and storage (IBM DB2, Oracle, Microsoft SQL Server, Sybase,
MySQL)
o Data management software: responsible for organizing/managing data,
efficiently accessed and used
o Physical Data Storage: EMC Corp. (large scale), Seagate, Maxtor, WD)
o Storage area networks (SANs): Connect multiple storage devices on
dedicated network
5. Networking/telecommunications platforms (Linux, Novell, Cisco, Alcatel-‐Lucent)
o Telecommunication services (cable, telephones, voice lines, Internet)
o Network Operating Systems (Windows Server, Unix …)
o Network hardware providers (Cisco, Alcatel…)
6. Internet platforms (Apache, Unix, Cisco, Java)
o Hardware, software, management services to support company Web sites,
(including Web hosting services) intranets, extranets
o Trend to server consolidation, reducing number by increasing power
o Internet hardware server market: Dell, HP/Compaq, IBM
o Web development tools/suites: Microsoft (FrontPage, .NET) IBM
(WebSphere) Sun (Java), independent software developers: Adobe,
RealMedia
7. Consulting system integration services (IBM, EDS, Accenture)
o Consulting and system integration services
o Even large firms do not have resources for a full range of support for new,
complex infrastructure
o Software integration: ensuring new infrastructure works with legacy
systems
o Legacy systems: older Transaction Processing Systems created for
mainframes that would be too costly to replace or redesign

7 Contemporary Hardware Platform Trends

The emerging mobile digital platform

 Cell phones, smartphones with data transmission, web surfing, e-‐mail, and IM
 Netbooks, low-‐cost lightweight notebooks optimized for wireless communication
and core computing tasks
 Tablets and networked e-‐readers
Grid computing
 Connects geographically remote computers into a single network to combine
processing power and create virtual supercomputer
 Provides cost savings, speed, agility
Virtualization
 Allows single physical resource to act as multiple resources (i.e., run multiple
instances of OS)
 Allows multiple physical resources to appear as a single logical resource
 Reduces hardware and power expenditures, facilitates hardware centralization,
higher utilization rates
Cloud computing
 On demand self service obtained over network
 Ubiquitous network access using standard network and internet devices
 Location independent resource pooling
 Rapid elasticity to meet changing user demand
  Measured service, charged for amount of resources used
 Infrastructure as a service  use spare capacity e.g. Amazon S3
 Platform as a service  use to develop own applications e.g. IBM, Salesforce.com
 Software as a service  use software over network e.g Google Apps
 Cloud can be public or private
 Allows companies to minimize IT investments (pay what you use = utility
computing, on demand computing), more flexibility
 Drawbacks: Concerns of security, reliability, dependence
Green computing
 Practices and technologies for manufacturing, using, disposing of computing and
networking hardware to minimize impact on environment
 Reducing computer power consumption = high priority (power and cooling) 
energy and greenhouse gases
Autonomic computing
 Industry-‐wide effort to develop systems that can configure, heal themselves
when broken, and protect themselves from outside intruders
 Similar to self-‐updating antivirus software; Apple and Microsoft both use
automatic updates
High performance, power-‐saving processors
 Multicore processors (chip more processor cores enhancing performance,
reduced power consumption, efficient simultaneous processing of multiple tasks)

4 Contemporary Software Platform Trends

Linux and open-‐source software

 Open-‐source software: Produced by community of programmers, free and
modifiable by user
 Linux: Open-‐source software OS, integration, works on all major hardware
Software for the Web
 Java: Object-‐oriented programming language, OS and processor-‐independent,
works on all devices,: Java Virtual machine, applets run on a web browser
 Ajax: Asynchronous JavaScript and XML, Allows client and server to exchange
small pieces of data without requiring the page to be reloaded
Web Services
 Software components that exchange information using Web standards and
languages, regardless of OS or code
 XML: Extensible Markup Language, More powerful and flexible than HTML,
Tagging allows computers to process data automatically, classifying presentation
communication and storage of data
 SOAP: Simple Object Access Protocol, Rules for structuring messages enabling
applications to pass data and instructions Dollar Rent A Car Webb Services link to other web sites boo
 WSDL: Web Services Description Language, Framework for describing task
performed by Web service and capabilities
 UDDI: Universal Description, Discovery, and Integration, Directory for locating
Web services
 SOA: Service-‐oriented architecture: set of self-‐contained services that
communicate with each other to create a working software application,
Software developers reuse these services in other combinations to assemble
other applications as needed
Software outsourcing and cloud services
Three external sources for software:
 Software packages (pre-‐written, commercially available) and enterprise software
(large scale, single integrated worldwide software system)
 Software outsourcing (development, maintenance)
o Domestic: Primarily for middleware, integration services, software
support
o Offshore: Primarily for lower level maintenance, data entry, call centers,
although outsourcing for new-‐program development is increasing
 Cloud-‐based software services
o Software as a service (SaaS) accessed with Web browser over Internet
o Ranges from free or low-‐cost services for individuals to business and
enterprise software
o Users pay on subscription or per-‐transaction e.g. Salesforce.com
o Service Level Agreements (SLAs): formal agreement with service
providers, performance measurement, support options
 (Web) Mashups: Combinations of two or more online applications, such as
combining mapping software (Google Maps) with local content
 Apps: Small pieces of software that run on the Internet, on computer, or cell
phone, Generally delivered over the Internet
o Success of mobile platform depends in lage part on quantity and quality of
apps, high switching costs

4 Management Issues

Dealing with platform and infrastructure change

 As firms shrink or grow, IT needs to be flexible and scalable
 Scalability: Ability to expand to serve larger numbers of users w/o break down
 For mobile computing and cloud computing: new policies and procedures for
managing, Contractual agreements with firms running clouds and distributing
software required (SLA)

Management and governance

 Who controls IT infrastructure?
 How should IT department be organized?
o Centralized: Central IT department makes decisions
o Decentralized: Business unit IT departments make own decisions
 How are costs allocated between divisions, departments?

Making wise infrastructure investments

• Amount to spend on IT is complex question (too much = idle times, too less = no
delivering, outperforming competitors  rent vs. buy, security
• Total cost of ownership (TCO) model
o Analyzes direct and indirect costs
o Hardware, software account for only about 20% of TCO
o Other administration costs: Installation, training, support, maintenance,
infrastructure, downtime, space and energy
o TCO can be reduced through better management, use of cloud services,
greater centralization and standardization of hardware and software
resources
Competitive forces model for IT infrastructure investment
1. Market demand for firm’s services (inventory of current services meet needs of
groups of customers, suppliers, employees, complaining?)
2. Firm’s business strategy (analyze 5 year business strategy, requirement to
achieve strategic goals?)
3. Firm’s IT strategy, infrastructure, and cost (TCO analysis, 5 years IT strategy)
4. Information technology assessment (behind or on the bleeding edge to be
avoided, standards should be established, multiple cost competing vendors)
5. Competitor firm services (quantitative and qualitative measures to compare)
6. Competitor firm IT infrastructure investments (benchmark expenditures for IT
infrastructure)
Chapter 6
Foundations of Business Intelligence: Database and Information
Management

 Effective IS provides accurate, timely and relevant information

 Often: poorly organized and maintained data

File organization concepts

 Field: Group of characters as word(s) or number
o Describes an entity (person, place, thing on which we store information)
o Attribute: Each characteristic, or quality, describing entity
 Record: Group of related fields, describing entitiy
 File: Group of records of same type
 Database: Group of related files

Problems with traditional file environment

 Traditional approach: files maintained separately by different departments with
unique data files and own applications
 Data redundancy: Presence of duplicate data in multiple files, waste storage res.
 Data inconsistency: Same attribute has different values, or names, coding systems
 Program-‐data dependence: When changes in program requires changes to data
accessed by program, other programs don’t work anymore
 Lack of flexibility, only routine scheduled reports, no ad hoc requests
 Poor security, not knowing who has access and changes the data
 Lack of data sharing and availability (no trust in accuracy)
Database Approach to Data Management
Database
• Serves many applications by centralizing data and controlling redundant data
using a DBMS
Database management system (DBMS)
 Software to organize, centralize, manage data efficiently, provide access
 Interfaces between applications and physical data files
 Separates logical and physical views of data (user don’t need to know where the
data actually is stored and organized (physical view), only see the data as they
would be perceived (logical view)  available for different logical views
 Solves problems of traditional file environment
o Controls redundancy by minimizing isolated files
o Eliminates inconsistency
o Uncouples programs and data
o Enables organization to centrally manage data and data security, reducing
costs, ad hoc queries
Relational DBMS
 Keep track of entities, attributes, relationships
 Represent data as two-‐dimensional tables called relations or files
 Each table contains data on entity and its attributes
 E.g. Microsoft Access = relational DBMS for desktop systems, MySQL
Table: grid of columns and rows
 Rows (tuples): Records for different entities
 Fields (columns): Represents attribute for entity
 Key field: Field used to uniquely identify each record,
 Primary key: Field in table used for key fields, cannot be duplicated
 Foreign key: Primary key used in second table as look-‐up field to identify records
from original table

Operations of a Relational DBMS (Three basic operations to develop useful sets of data)
 SELECT: Creates subset of data of all records that meet stated criteria
 JOIN: Combines relational tables to provide user with more information than
available in individual tables
 PROJECT: Creates subset of columns in table, creating tables with only the
information specified
Object-‐Oriented DBMS (OODBMS)
• Stores data and procedures as objects, can be automatically retrieved and shared
• Objects can be graphics, multimedia, Java applets, not only structured numbers
and characters, integrate from various sources
• Relatively slow compared with relational DBMS for processing large numbers of
transactions
• Hybrid object-‐relational DBMS: Provide capabilities of both OODBMS and
relational DBMS

Databases in the cloud

 Typically less functionality than on-‐premises DBs
 Now: used by web-‐focused start-‐ups, lower prices
 Amazon Web Services (MySQL, license Oracle), Microsoft SQL Azure (integrating
with existing software)
 Charged based on usage time, volume data stored, input requests, amount read or
written
 Able to scale computing resources in response to real-‐time demand, costs low

Capabilities of Database Management Systems

• Organize, Manage, Access data in the database
• Data definition capability: Specifies structure of database content, used to create
tables and define characteristics of fields
• Data dictionary: Automated or manual file storing definitions of data elements
and their characteristics (name, description, size, type, format, usage, ownership,
authorization, security, individuals, business functions, programs, reports)
• Data manipulation language: Used to add, change, delete, retrieve data
o Structured Query Language (SQL)
o Large/midrange computers: DB2, Oracle, SQL Server employ SQL
o Microsoft Access use user-‐friendly tools of SQL for querying databases
• Many DBMS have report generation capabilities for creating polished reports
(Crystal Reports = very popular report generator), developing system
applications for data entry screens, reports, logic for processing transactions

Designing Databases
• Conceptual (logical) design: Abstract model from business perspective
• Physical design: How database is arranged on direct-‐access storage devices
• Understand relationship among data, type of data, grouping, usage, changes
• Relationships among data elements, redundant database elements
• Most efficient way to group data elements to meet business requirements, needs
of application programs
• Normalization: Streamlining complex groupings of data to minimize redundant
data elements and awkward many-‐to-‐many relationships (small, stable, flexible
data structures)
• Enforce referential integrity rules, ensure relationships remain consistent (e.g. no
parts from nonexistent suppliers)
• Entity-‐relationship diagram: Used by database designers to document the data
model, Illustrates relationships between entities
• Distributing databases: Storing database in more than one place
• Partitioned: Separate locations store different parts of database
• Replicated: Central database duplicated in entirety at different locations
Understand organizations data and how it should be represented in a database to serve
business well with your data model, or the data will be inaccurate, incomplete, and
difficult to retrieve!

Using Databases to improve business performance and decision-‐making

 Keep track of basic transactions
 Provide information to run business more efficiently, make better decisions
 Very large databases and systems require special capabilities, tools to analyze
large quantities of data, to access data from multiple systems
 Data warehousing, data mining, tools for accessing internal databases through
web

Data warehousing
 Stores current + historical data from many core operational transaction systems
 Consolidates and standardizes information for use across enterprise, but data
cannot be altered
 Data warehouse system will provide query, analysis, and reporting tools
 E.g. Catalina Marketing largest loyalty database in the world, US Internal
Revenue Service (IRS) with Compliance Data Warehouse consolidating taxpayer
data from different resources into relational structure (find out who cheats)

Data marts
 Subset of data warehouse, smaller, decentralized
 Summarized or highly focused portion of firm’s data for use by specific
population of users
 Typically focuses on single subject or line of business, constructed more rapidly,
lower costs
 E.g. Barnes and Noble point-‐of-‐sale, college bookstore, online sales

Business Intelligence
 Tools for consolidating, analyzing, and providing access to vast amounts of data
to help users make better business decisions (patterns, relationships, insights)
 Principle tools include: Software for database query and reporting,
multidimensional online analytical processing (OLAP), data mining

Online analytical processing (OLAP)

• Supports multidimensional data analysis: Viewing data using multiple
dimensions, each aspect of information (product, pricing, cost, region,
time period) is different dimension
• OLAP enables rapid, online answers to ad hoc queries
 • Building 3d cubes of data, can be nested within cubes  complex views
• Either multidimensional database or tool creating multidimensional views in
relational databases

Data mining
 More discovery driven than OLAP: finds hidden patterns, relationships in large
databases and infers rules to predict future behavior
 Applications for all functional areas of business, government, scientific work
 E.g., Finding patterns in customer data for one-‐to-‐one marketing campaigns or to
identify profitable customers.
 Types of information obtainable from data mining
o Associations, occurrences linked to a single event (coke, chips, promotion)
o Sequences, events linked over time (house  fridge, oven)
o Classification, inferring set of rules, patterns that describe group item
belongs (discover characteristics of customers who are likely to leave)
o Clustering, similar to classification where no groups defined (partitioning
database into groups of customers based on demographics)
o Forecasting, use series of existing values to forecast what other values will
be (finding patterns to estimate future value of continuous variables)
 High level analyses of patterns or trends, can also drill down and provide more
detail when needed
 Predictive analysis: Uses data mining techniques, historical data, and
assumptions about future conditions to predict outcomes of events (e.g.
probability a customer will respond to an offer)

Text mining
 Extracts key elements from large unstructured data sets (e.g., stored e-‐mails)
 80% of organizations useful information
 Discover patterns, relationships, summarize
 New myriad ways unstructured data is generated by consumers and the business
uses for this data

Web mining
 Discovery and analysis of useful patterns and information from WWW (E.g., to
understand customer behavior, evaluate effectiveness of Web site)
 Web content mining (Knowledge extracted from content of Web pages)
 Web structure mining (E.g., links to and from Web page)
 Web usage mining (User interaction data recorded by Web server)

Databases and the Web

 Companies use Web to make some internal databases available to customers
 Typical configuration includes:
o Web server (accessed via web browser, client computer),
o Application server/middleware/CGI scripts (compact program using
Common Gateway Interface specification for processing data on a web
server), translation HTML to SQL, transfer information, handling all
application operations incl. transaction processing, data access btw.
Browser and database, takes requests, runs logic process transactions,
provides connectivity
o Database server (hosting DBM)
  Advantages of using Web for database access:
o Ease of use of browser software
o Web interface requires few or no changes to database
o Inexpensive to add Web interface to system
 Creating new efficiencies, opportunities, business models

Managing Data Resources

Establishing an information policy
 Firm’s rules, procedures, roles for sharing, managing (disseminating, acquiring,
classifying, inventorying), standardizing data/information
 Specific procedures and accountabilities
 Data administration: Firm function responsible for specific policies and
procedures to manage data as a corporate organizational resource (develop info
policy, planning for data, overseeing logical database design, data dictionary
development, monitoring usage)
 Data governance: Policies and processes for managing availability, usability,
integrity, and security of enterprise data, especially as it relates to government
regulations, promoting privacy, security, quality, compliance
 Database administration: Defining, organizing, implementing, maintaining
database; access rules, security procedures, performed by database design and
management group

Ensuring data quality

 More than 25% of critical data in Fortune 1000 company databases are
inaccurate or incomplete leading to incorrect decisions, product recalls, financial
losses
 Most data quality problems stem from faulty input, esp. now when companies
move business to web and customers/suppliers enter data directly
 Before new database in place, need to:
o Identify and correct faulty data
o Establish better routines for editing data once database in operation
 Data quality audit: Structured survey of the accuracy and level of completeness of
the data in an IS (Survey samples/entire from data files, or Survey end users for
perceptions of quality)
 Data cleansing (scrubbing): Software to detect and correct data that are
incorrect, incomplete, improperly formatted, or redundant
o Enforces consistency among different sets of data from separate IS
Chapter 7
Telecommunications, the Internet and Wireless Technology

Networking and communication trends

 Convergence: Past: telephone networks (voice communication, voice
transmission tech) and computer networks (data traffic)  now converging
into single digital network using Internet standards
 Broadband access: more powerful (faster) and more portable (smaller), less
expensive
 Broadband wireless: voice and data communication, cell phones..

What is a computer network?

 Two or more connected computers
 Major components in simple network:
 Client computer and Server computer (perform important network functions,
serving web pages, storing data and NOS),
 Network interfaces (cards: NICs) – build in motherboard,
 Connection medium (telephone wire, coaxial cable, radio signal),
 Network operating system (NOS, routes and manages communication,
coordinates network resources), Windows Server, Linux, Novell
 Hub (simple device, send data to all connected devices) or switch (more
intelligence, filter and forward data to specific destination) acting as a connection
point
 Routers: Device used to route packets of data through different networks,
ensuring that data sent gets to the correct address

Networks in large companies (problem: coherent system, integrations)

 Hundreds of local area networks (LANs) linked to firmwide corporate network
 Various powerful servers (Website, Corporate intranet, extranet, Backend)
 Mobile wireless LANs (Wi-‐Fi networks)
 Videoconferencing system
 Separate Telephone network + Wireless cell phones

Key networking technologies (3)

Client/Server computing
• Distributed computing model
• Powerful Clients linked through network controlled by server computer
• Server sets rules of communication, provides client with an address
• Has largely replaced centralized mainframe computing
• The Internet: Largest implementation of client/server computing

Packet Switching
• Slicing digital messages into parcels (packets), sending packets along different
communication paths as they become available, reassembling packets at
destination
• Previous circuit-‐switched networks required assembly of complete point-‐to-‐
point circuit (expensive, wasting capacity)
• More efficient use of network’s communications capacity
TCP/IP and connectivity
 Connectivity between computers (different hardware and software) enabled by
protocols (Rules that govern transmission of information between two points)
 Transmission Control Protocol/Internet Protocol (TCP/IP): Common worldwide
standard that is basis for Internet
 TCP: handles movement of data, establishes connection, sequences transfer of
packets
 IP: responsible for delivery of packets, dissembling and reassembling of packets
during transmissions
 Four layers (department of defense reference model)
o Application layer (enables apps access to other layers, exchange data
protocol like HTTP (hyper Text Transfer Protocol)
o Transport layer (provide app layer with communication and packet
Data

services, TCP and other protocols)

o Internet layer (addressing, routing, IP datagrams (packaging data packets)
o Network interface layer (bottom, placing packets, receiving them from
network medium)

Signals: digital vs. analog

 Analog: continuous waveform, used for voice communications
 Digital: discrete, binary waveform, strings of two discrete states (1 + 0), on and
off electrical pulses
 Modem: translates digital signals into analog forms (computing to telephone lines
and cables) – modulator-‐demodulator

Types of networks
Local-‐area networks (LANs)
 Connect personal and other digital devices within 500m radius
 1 dedicated network file server, providing access to shared resources, determine
who gets access, in which sequence, large: various dedicated servers
 Router connects LAN to other networks (external information exchange)
 Ethernet = dominant LAN Standard, physical
 Peer-‐to-‐peer = treat all processors equally, exchange data by direct access, charge
peripheral devices without server (Windows: workgroup, not domain network)
 Topologies (way components are connected): star (single hub), bus (single
transmission segment, both directions, most common, same signals), ring (closed
loop, ones station transmits at a time)
 Campus-‐area networks (CANs), 1000m radius
 Wide-‐area networks (WANs)  e.g. Internet
 Metropolitan-‐area networks (MANs)

Physical transmission media

 Twisted wire (modems), telephone analog communication, but also usable for
digital (copper) – 100m, up to 1 Gbps
 Coaxial cable, larger volume, 1 Gbps, longer distances (insulated copper)
 Fiber optics and optical networks (bound strands glass fiber, pulses of light)
o Faster, lighter, more durable for large volumes, expensive
o Dense wavelength division multiplexing (DWDM)
 Wireless transmission media and devices (radio signals)
 o Microwave: high frequencx, high vlume, long distance, point to point, fllow
straight line (station every 37 miles)
o Satellites for TV and Internet
o Cellular telephones: radio waves + protocols, radio antennas (towers) in
cells, information passing from cell to cell
 Transmission speed (hertz = number of cycles per second, bandwidth = range of
frequencies = difference between highest and lowest frequency on a single
channel): bits per second, function of frequency

The Global Internet

 Connection by subscribing to Internet service provider (ISP) with permanent
connection selling temporary access
 Traditional telephone line and modem (56.6 kbps), Digital subscriber line (DSL, 9
Mbps), cable (15 mbps), satellite, T lines (t1 = 1.54 mbps, t3 = 45 mbps)
international telephone standards, guaranteed service levels)

Internet addressing and architecture

 Internet Protocol (OP) address unique per computer (4 stings of number, 32 bit)
 Decomposed message into packets with destination address using TCP protocol
 The Domain Name System (DNS) converts domain names to IP addresses
o Hierarchical structure (top: root domains)
o Top-‐level domains (child of root), .com, .gov, .edu, .de
o Second level domain: two part, addition to top level
 Internet Architecture and Governance
o Transcontinental high speed backbone networks owned by telephone
companies (network service providers) and national governments
o Local connections owned by regional telephone/cable comp., leasing
o Organization pays for own networks, local connections services, part to
long distance trunk line owners, individuals subscription fee (flat)
o Payments not based on heaviness, volume  network neutrality debate
o Network access pints (NAP), metropolitan are exchanges (MAEs) = hubs
ton intersection backbone and regional/local networks
o No formal management but policies and influences by IAB (internet
architecture board), ICANN (internet corporation for assigned names and
numbers, assigning IP addresses), W3C (world wide web consortium,
HTML standards)
o Goal keeping internet operating efficiently, conform to laws of the
sovereign nation-‐states, technical infrastructures
 The Future Internet: IPv6 (more possibilities, 128bit) and Internet2 (= Next
Generation Internet NGI) -‐> working on new robust, performance internet (200
companies, universities, governments) – developing new technologies routing
practices, levels of service, importance of data, distributed computing
 VoIP VPN
Internet Services and Communication Tools

 Implemented by one or more software programs

 Run on single server computer or different machine
 Increase work productivity but not always the case
 Monitoring or regulating online activity, ethical and privacy concerns

 VoIP reducing communication costs by 20-‐30%

 IP network: lowering long distance costs, eliminating monthly fees for private
lines, single voica data infrastructure for telecommunications and computing,
flexibility (easy adding new phones, voce and email combined into single
directory (Bayer did that!))
 Merge disparate communication modes into a single universally accessible
service using unified communications technology
 Past: dedicated and expensive private network
 Today: less expensive virtual private network (VPN) within public Internet
o Secure, encrypted, private within public network
o Advantage of economies of scale
o Combining voice and data networks
o Point to Point Tunneling Protocol (PPTP) – packets encrypted and
wrapped inside IP packets

World Wide Web

 Most popular Internet service, with universally accepted standards for storing,
retrieving, formatting, and displaying information
 Web site = connection web pages linked to a home page, links to other media
  HTML (Hypertext Markup Language): Formats documents for display on Web,
incorporates dynamic links to other media
 Hypertext Transfer Protocol (HTTP): Communications standard used for
transferring Web pages
 Uniform resource locators (URLs): Addresses of Web pages
 Web servers: Software for locating and managing Web pages, most common:
open source Apache HTTP Server (54%)

Searching for Information on the Web

• 100 billion web pages public available, but also deep web  900
billion additional pages cannot be visited without access code,
protected
• Search engines = killer app” of Internet era, sift through different files
• Started in early 1990s as relatively simple software programs using keyword
indexes, now Google (page rank system), Yahoo, Bing
• Major source of Internet advertising revenue via search engine marketing,
using complex algorithms and page ranking techniques to locate results
• Sponsors, paid search results on top  at the right time match consumer interes
• Search engine optimization: better search engine recognitions, higher ranks, on
top of the search result list, improve quality and volume of Web traffic, popularity
(links to that web site)
• Challenging searching videos
• Intelligent Agent shopping bots: software agents with built in intelligence, gather
info, perform tasks to assist users, making purchase filter, pricing and availability

Web 2.0
 Collaboration, sharing, creating new services
 4 defining features: Interactivity, real-‐time user control, social participation,
user-‐generated content
 Technologies/services: Cloud computing, Blogs/RSS, Mashups & widgets (mix
and match content or software components, e.g. Flickr), Wikis, Social networks
 Blog: chronological entries, blog roll, trackbacks, comments, Templates (no HTML
skills needed)  blogosphere
 RSS: Rich Site Summary, Really Simple Syndication  syndicates content,
feeds, subscribe and automatically receive new content
 Wikis: collaborative web sites, visitors add, modify content, monitoring work 
easy to share information
 Social networks: build communities, profiles. Interactivity, real time user control,
opinions, how communicate, stay in touch, advertising, + application
development platforms

Web 3.0/ future Web

 Effort of W3C to add meaning to existing Web (woven all digital information,
contacts together into single meaningful experience) = Semantic Web
 Make searching more relevant to user, meaningful + productive (better results)
 More “intelligent” computing, analyze and manipulate, reduce amount of human
involvement in searching and processing web information
 3D Web (walk through pages)
 Pervasive Web (controls everything, managing)
 Increase in cloud computing, SaaS, Ubiquitous connectivity between mobile and
other access devices, Make Web a more seamless experience
The Wireless Revolution
 Cell phones, laptops, handheld devices  portable computing
platforms, performing tasks we used to do at our desks
 Stay in touch with customers, suppliers, employees
 Flexible arrangements for organizing works
 Creation of new products, services, sales channels
 Smartphones: email, messaging, wireless Internet, digital photography, personal
information management  small mobile computers

Cellular Systems
 Competing standards for cellular service
o CDMA(Code Division Multiple Access): United States (Verizon, Sprint),
transmits several frequencies, entire spectrum
o GSM (Global System for Mobile Communication): Rest of world, plus AT&T
and T-‐Mobile, international roaming capability
 Third-‐generation (3G) networks: Suitable for broadband Internet access , 144
Kbps – 2Mbps, special cards for PCs
 4G networks: Entirely packet-‐switched, 100 Mbps – 1Gbps, premium quality,
high security  Pre-‐4G: Long Term Evolution (LTE), mobile WiMax

Wireless computer networks and Internet access

• Bluetooth (802.15)
o Links up to 8 devices in 10-‐m area, low power radio signals
o Useful for personal are networking (PANs) and in business to transmit
data from handheld devices to other transmitters
• Wi-‐Fi (802.11)
o Set of standards: 802.11a, 802.11b (11 mbps, 30-‐50 m), 802.11g (54
mbps), 802.11n (100 mbps)
o Used for wireless LAN and wireless Internet access
o Use access points: bridge device with radio receiver/transmitter, antennas
for connecting wireless devices to a wired LAN, router, hub
o Hotspots: Access points in public place to provide maximum wireless
coverage for a specific area
o Provide low, costs wireless LANs and internet access
o Weak security features, vulnerable to intruders
o Susceptibility to interference from nearby systems, solved by n-‐standard:
multiple antennas, MIMO (multiple input, multiple output)
• WiMax (802.16) – Worldwide Interoperability for Microwave Access
o Wireless access range of 31 miles, 75 mbps
o Require WiMax antennas
o Sprint Nextel building WiMax network as foundation for 4G networks

Radio Frequency identification (RFID)

 Use tiny tags with embedded microchips containing data about an item and
location, and antenna
 Tags transmit radio signals over short distances to special constantly
transmitting RFID readers, which send data over network to computer for
processing
 Active RFID: Tags have batteries, data can be rewritten, range is hundreds of feet,
more expensive
  Passive RFID: Range is shorter, also smaller, less expensive, powered by radio
frequency energy
 Common uses:
o Automated toll-‐collection
o Tracking goods in a supply chain
o E.g. Walmart combining data point of sale systems with RFID data to
determine which items will soon be depleted, automatically generates lists
 Requires companies to have special hardware and software, massive amount of
data  Software to filter and aggregate, applications designed to accept large
data and share it with other applications
 Reduction in cost of tags making RFID viable for many firms

Wireless sensor networks (WSNs)

 Networks of hundreds or thousands of interconnected wireless devices
embedded into physical environment to provide measurements of many points
over large spaces
 Devices (nodes) have built-‐in processing, storage, and radio frequency sensors
and antennas
 Require low-‐power, long-‐lasting batteries and ability to endure in the field
without maintenance
 Used to monitor building security, detect hazardous substances in air, monitor
environmental changes, traffic, or military activity
 Data flowing to a server with grater processing power, gateway to network based
on Internet technology
Chapter 8
Securing Information Systems

System Vulnerability and Abuse

• Security: Policies, procedures and technical measures to prevent unauthorized
access, alteration, theft, or physical damage
• Controls: Methods, policies, and organizational procedures ensure safety of
organization’s assets; accuracy and reliability of accounting records; and
operational adherence to management standards
• Vulnerability through technical, organizational and environmental factors, poor
management decisions, communication layers
• Accessibility of networks
• Hardware problems (breakdowns, configuration errors, damage from improper
use or crime)
• Software problems (programming errors, installation errors, unauthorized
changes)
• Disasters (fires, floods..)
• Use of networks/computers outside of firm’s control
• Loss and theft of portable devices

Internet vulnerabilities
• Network open to anyone, Size: abuses can have wide impact
• Use of fixed Internet addresses creates fixed targets hackers
• Unencrypted VOIP (no use of VPN)
• E-‐mail, P2P, IM: Interception, Attachments with malicious software, Transmitting
trade secrets

Wireless security challenges

• Radio frequency bands easy to scan
• SSIDs (service set identifiers): Identify access points, Broadcast multiple times
• War driving: Eavesdroppers drive by buildings and try to detect SSID and gain
access to network and resources, set up rogue access points
• WEP (Wired Equivalent Privacy) WPA2 (WiFi Protected Access)
o Security standard for 802.11; use is optional
o Uses shared password for both users and access point
Malware (malicious software)
• Viruses: Rogue software program that attaches itself to other software programs
or data files in order to be executed, deliver “payload”, spread through humans
• Worms: Independent computer programs that copy themselves from one
computer to other computers over a network
• Trojan horses: Software program that appears to be benign but then does
something other than expected, does not replicate
• Computers, mobile devices, web 2.0 applications
• SQL injection attacks: Hackers submit data to Web forms that exploits site’s
unprotected software and sends rogue SQL query to database
• Spyware: Small programs install themselves surreptitiously on computers to
monitor user Web surfing activity and serve up advertising
• Key loggers: Record every keystroke on computer to steal serial numbers,
passwords, launch Internet attacks

Hackers and computer crime

• Hackers vs. crackers (criminal intent): unauthorized access, weakness in security
protections
 System intrusion + System damage
 Cybervandalism: Intentional disruption, defacement, destruction of Web site or
corporate information system
 Spoofing
o Misrepresenting oneself by using fake e-‐mail addresses or masquerading
as someone else
o Redirecting Web link to address different from intended one, with site
masquerading as intended destination
 Sniffer
o Eavesdropping program that monitors information traveling over
network
o Enables hackers to steal proprietary information such as e-‐mail, company
files, etc.
 Denial-‐of-‐service attacks (DoS): Flooding server with thousands of false requests
to crash the network.
 Distributed denial-‐of-‐service attacks (DDoS): Use of numerous computers to
launch a DoS
 Botnets: Networks of “zombie” PCs infiltrated by bot malware
 Computer crime: “any violations of criminal law that involve a knowledge of
computer technology for their perpetration, investigation, or prosecution”
o Computer may be target of crime, e.g.: Breaching confidentiality of
protected data, Accessing a computer system without authority
o Computer may be instrument of crime, e.g.: Theft of trade secrets, Using e-‐
mail for threats or harassment
 Identity theft: Theft of personal Information (social security id, driver’s license or
credit card numbers) to impersonate someone else
 Phishing: Setting up fake Web sites or sending e-‐mail messages that look like
legitimate businesses to ask users for confidential personal data.
 Evil twins: Wireless networks that pretend to offer trustworthy Wi-‐Fi
connections to the Internet (e.g log credit card numbers)
 Pharming: Redirects users to a bogus Web page, even when individual types
correct Web page address into his or her browser (possible when they gain
 access to the Internet Address Information stored by internet service providers
to speed up web browsing and the ISP companies have flawed software in their
servers, hack into and change addresses)
 Click fraud: Occurs when individual or computer program fraudulently clicks on
online ad without any intention of learning more about the advertiser or making
a purchase
 Global threats: Cyberterrorism and Cyberwarfare, targeting software that runs
electrical power grids, air traffic control systems, networks of major banks

Internal threats: employees

• Security threats often originate inside an organization leaking Inside knowledge
• Sloppy security procedures, User lack of knowledge
• Social engineering: Tricking employees into revealing their passwords by
pretending to be legitimate members of the company in need of information
• End users entering faulty data, not following instructions
• IS specialists: errors in design, development, maintenance
Software vulnerability
• Commercial software contains flaws that create security vulnerabilities
– Hidden bugs (program code defects), Zero defects cannot be achieved
because complete testing is not possible with large programs
– Flaws can open networks to intruders, impede performance
• Patches: Vendors release small pieces of software to repair flaws (patch
management by users), However exploits often created faster than patches be
released and implemented

Business Value of Security and Control

• Failed computer systems can lead to significant or total loss of business function
• Confidential personal and financial data, Trade secrets, new products, strategies
• A security breach may cut into firm’s market value almost immediately
• Inadequate security and controls also bring forth issues of liability
• Strong security: high ROI, employees productivity, lower operational costs

Legal and regulatory requirements for electronic records management and privacy
protection
• Protection data from abuse, exposure, unauthorized access
• HIPAA: Medical security and privacy rules and procedures
• Gramm-‐Leach-‐Bliley Act: Requires financial institutions to ensure the security
and confidentiality of customer data
• Sarbanes-‐Oxley Act: Imposes responsibility on companies and their management
to safeguard the accuracy and integrity of financial information that is used
internally and released externally
Electronic evidence
• Evidence for white collar crimes often in digital form Data on computers, e-‐mail,
instant messages, e-‐commerce transactions
• Proper control of data can save time and money when responding to legal
discovery request
Computer forensics:
• Scientific collection, examination, authentication, preservation, and analysis of
data from computer storage media for use as evidence in court of law
• Includes recovery of ambient and hidden data, plan needed
Establishing a Framework for Security and Control
 Where company at risk, what controls must be in place, security policy, plans
for keeping business running if IS not operational
Information systems controls
• Manual and automated controls
• General and application controls

General controls
• Govern design, security, and use of computer programs and security of data files
in general throughout organization’s IT infrastructure.
• Apply to all computerized applications
• Combination of hardware, software, and manual procedures to create overall
control environment
• Types of general controls: Software controls, Hardware controls, Computer
operations controls, Data security controls, Implementation controls,
Administrative controls

Application controls
• Specific controls unique to each computerized application, such as payroll or
order processing
• Include both automated and manual procedures
• Ensure that only authorized data are completely and accurately processed by
that application
• Input controls: authorization, conversion, editing, error handling
• Processing controls: updating
• Output controls

Risk assessment
• Determines level of risk to firm if specific activity or process is not properly
controlled
• Determine value of info assets, points of vulnerability, likely frequency of the
problem, potential for damage
• Concentration on the control points with greatest vulnerability and potential for
loss

Security policy
• Ranks information risks, identifies acceptable security goals, and identifies
mechanisms for achieving these goals, most important assets
• Acceptable use policy (AUP): Defines acceptable uses of firm’s information
resources and computing equipment, unacceptable, consequences
• Authorization policies: Determine differing levels of user access to information
assets
Identity management
• Business processes and tools to identify valid users of system and control access:
Identifies and authorizes different categories of users, Specifies which portion of
system users can access, Authenticating users and protects identities
• Identity management systems: Captures access rules for different levels of users

Disaster recovery planning: Devises plans for restoration of disrupted services

Business continuity planning: Focuses on restoring business operations after disaster
MIS audit
• Examines firm’s overall security environment as well as controls governing
individual information systems, data quality
• Reviews technologies, procedures, documentation, training, and personnel
• Simulate disaster to test response of technology, IS staff, other employees
• Lists and ranks all control weaknesses and estimates probability of their
occurrence, Assesses financial and organizational impact of each threat

Technologies and Tools for Protecting Information Resources

Identity management software
• Automates keeping track of all users and privileges
• Authenticates users, protecting identities, controlling access
• Authentication: Password systems, Tokens, Smart cards, Biometric

Firewall: Combination of hardware and software that prevents unauthorized users from
accessing private networks
• Static packet filtering: examines selected fields in headers of individual packets
• Stateful inspections: track info over multiple packets, part of approved
conversation, legitimate connection
• Network address translation (NAT): conceals ip addresses of internal host
computers
• Application proxy filtering: examines app content of packets

Intrusion detection systems:

• Monitor hot spots on corporate networks to detect and deter intruders
• Examines events as they are happening to discover attacks in progress
• Raises alarm or shuts down sensitive network part
Antivirus and antispyware software:
• Checks computers for presence of malware and can often eliminate it as well
• Require continual updating
Unified threat management (UTM) systems: firewalls, VPNs, IDS, web content filtering,
anti spam software

Securing wireless networks

• WEP security can provide some security by Assigning unique name to network’s
SSID and not broadcasting SSID, Using it with VPN technology
• Wi-‐Fi Alliance finalized WAP2 specification, replacing WEP with stronger
standards: Continually changing keys, Encrypted authentication system with
central server

Encryption
 Transforming text or data into cipher text that cannot be read by unintended
recipients, encryption key
 Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS)
between 2 computers
 Secure Hypertext Transfer Protocol (S-‐HTTP) limited to individual messages
 Symmetric key encryption: Sender and receiver use single, shared key
 Public key encryption: Uses two, mathematically related keys: Public key and
private key, Sender encrypts message with recipient’s public key, Recipient
decrypts with private key
Digital certificate:
 Data file used to establish the identity of users and electronic assets for
protection of online transactions
 Uses a trusted third party, certification authority (CA), to validate a user’s
identity
 CA verifies user’s identity, stores information in CA server, which generates
encrypted digital certificate containing owner ID information and copy of
owner’s public key
Public key infrastructure (PKI)
 Use of public key cryptography working with certificate authority
 Widely used in e-‐commerce

Ensuring system availability: Online transaction processing requires 100% availability,

no downtime
• Fault-‐tolerant computer systems: Contain redundant hardware, software, and
power supply components that create an environment that provides continuous,
uninterrupted service
• High-‐availability computing
o Helps recover quickly from crash, Minimizes not eliminates downtime
o Backup servers, multiple server distribution, high capacity storage, god
disaster recovery and business continuity plans
• Recovery-‐oriented computing: Designing systems that recover quickly with
capabilities to help operators pinpoint and correct of faults in multi-‐component
systems
• Controlling network traffic: Deep packet inspection (DPI) Video and music
blocking, using prioritizing
• Security outsourcing: Managed security service providers (MSSPs)

Security in the cloud

• Responsibility for security resides with company owning the data
• Firms must ensure providers provides adequate protection
• Service level agreements (SLAs) including controls

Securing mobile platforms

• Security policies should include and cover any special requirements for mobile
devices
• Tools to authorize all devices in use, maintain inventory records, updates, lock

Ensuring software quality (software metrics and testing)

• Software metrics: Objective assessments of system in form of quantified
measurements, identify problems as they occur
• Carefully designed, formal, objective, used consistently
• Examples: Number of transactions, Online response time, Payroll checks printed
per hour, Known bugs per hundred lines of code
• Early and regular testing to uncover errors
• Walkthrough: Review of specification or design document by small group of
qualified people
• Debugging: Process by which errors are eliminated
Chapter 9
Achieving Operational Excellence and Customer Intimacy: Enterprise
Applications

Enterprise Systems = Enterprise Resource Planning Systems (ERP)

 Suite of integrated software modules and a common central database
 Collects data from many divisions of firm for use in internal business activities
 Information entered in one process is immediately available for other processes

Enterprise Software
• Built around thousands of predefined business processes that reflect
best practices
• Finance/accounting, Human resources, Manufacturing/production,
Sales/marketing
• To implement, firms: Select functions of system they wish to use, Map business
processes to software processes, Use software’s configuration tables for
customizing
• Leading ES vendors: SAP, Oracle, Infor Global Solutions, Microsoft
• Communicate with customers, suppliers, other entities

Business value of enterprise systems

• Increase operational efficiency
• Provide firm wide information to support decision making
• Enforce standard practices and data
• Enable rapid responses to customer requests for information or products, reduce
cycle time and costs, centralize
• Include analytical tools to evaluate overall organizational performance, improved
decision making

Supply Chain Management Systems

Supply Chain
 Network of organizations and processes for:
o Procuring raw materials (procurement)
o Transforming them into products (manufacturing)
o Distributing the products (distribution)
• Flow of materials, information, payments in both directions
• Primary, secondary, tertiary suppliers (tier 1,2,3)
• Upstream supply chain: Firm’s suppliers, suppliers’ suppliers, processes for
managing relationships with them
• Downstream supply chain: Organizations and processes responsible for
delivering products to customers
Information and supply chain management
• Inefficiencies caused by inaccurate/untimely information cut into operating costs
• Just-‐in-‐time strategy: Components arrive as they are needed, Finished goods
shipped after leaving assembly line
• Safety stock: Buffer for lack of flexibility in supply chain
• Bullwhip effect: Information about product demand gets distorted as it passes
from one entity to next across supply chain, more inventory, ripples, magnifying
change  excess inventory, production, warehousing, shipping costs
• Tamed by reducing uncertainties by demand and supply, accurate and up-‐to date
information, share dynamic info

Supply chain management software

• Supply chain planning systems: Model existing supply chain
o Demand planning (determine amount of products to satisfy demands)
o Optimize sourcing, manufacturing plans
o Establish inventory levels
o Identifying transportation modes
• Supply chain execution systems: Manage flow of products through distribution
centers and warehouses, efficiency

Global Supply Chains and the Internet

 Global supply chains typically span greater geographic distances and time
differences
 Different performance standards
 More complex pricing issues (local taxes, transportation, etc.)
 Foreign government regulations, cultural differences
• Internet helps companies manage many aspects of global supply chains: sourcing,
transportation, communications, international finance (no slow downs, errors,
uncertainty)  outsourcing to third party logistic providers, contract
manufacturing

Supply chain management systems

• Push-‐based model (build-‐to-‐stock): Schedules based forecasts of demand
• Pull-‐based model (demand-‐driven, build-‐to-‐order): Customer orders trigger
events in supply chain
• Sequential supply chains: Information and materials flow sequentially from
company to company
• Concurrent supply chains: Information flows in many directions simultaneously
among members of a supply chain network
• Future Internet driven: digital logistics nervous system
Business value of SCM systems
• Streamline internal and external supply chain processes
• Match supply to demand
• Reduce inventory levels
• Improve delivery service
• Speed product time to market
• Use assets more effectively
• Reduced supply chain costs lead to increased profitability
• Increased sales

Customer Relationship Management Systems

 In large businesses, too many customers and too many ways customers interact
with firm
 Capture and integrate customer data from all over the organization
 Consolidate and analyze customer data
 Distribute customer information to various systems and customer touch points
(contact point) across enterprise
 Provide single enterprise view of customers to increase sales and service

Customer Relationship Management Software

 CRM packages range from niche tools to large-‐scale enterprise applications
 Partner relationship management (PRM)
o Integrating lead generation, pricing, promotions, order configurations,
and availability
o Tools to assess partners’ performances
 Employee relationship management (ERM)
o E.g. Setting objectives, employee performance management, performance-‐
based compensation, employee training
 Major vendors: Siebel Systems (Oracle), PeopleSoft, SAP, Salesforce.com,
Microsoft Dynamics CRM

CRM packages typically include tools for:

• Sales force automation (SFA): increase productivity, focusing on profitable
customers E.g. sales prospect and contact information, and sales quote
generation capabilities, personalized recommendations
• Customer service: increase efficiency call center, help desks, support staff, E.g.
assigning and managing customer service requests; Web-‐based self-‐service
capabilities
• Marketing: support direct marketing campaigns E.g. capturing prospect and
customer data, opportunities for cross selling (complementary products)
Operational and Analytical CRM
• Operational CRM: Customer-‐facing applications, E.g. sales force automation, call
center and customer service support, and marketing automation
• Analytical CRM: Analyze customer data output from operational CRM
applications, Based on data warehouses populated by operational CRM systems
and customer touch points (online analytical processing – OPLAP), Customer
lifetime value (CLTV)

Business value of CRM

• Increased customer satisfaction
• Reduced direct-‐marketing costs
• More effective marketing
• Lower costs for customer acquisition/retention
• Increased sales revenue
• Reduce churn rate
o Number of customers who stop using or purchasing products or services
from a company.
o Indicator of growth or decline of firm’s customer base

Enterprise Application Challenges

• Highly expensive to purchase and implement
• Require Technological changes
• Require Business process changes
• Require Organizational changes
• Switching costs, dependence on software vendors
• Data standardization, management, cleansing

Next-‐generation enterprise applications

• Move is to make applications more flexible, Web-‐enabled, integrated with other
systems
• Enterprise suites
o Software to enable CRM, SCM, and enterprise systems work together and
with suppliers and client systems
o Utilize Web services, SOA (Service Oriented Architecture)
• Open source & on-‐demand solutions
• Mobile compatible; Web 2.0 capabilities
• Complementary analytics products
Service platform
• Integrates multiple applications to deliver a seamless experience for all parties,
E.g. Order-‐to-‐cash process
• Portal software: Used to integrate information from enterprise applications and
legacy systems and present it as if coming from a single source
 Chapter 10
E-‐commerce: Digital Markets, Digital Goods

E-‐commerce today:
• Use of the Internet and Web to transact business; digitally enabled transactions
• Began in 1995 and grew exponentially, still growing even in a recession
• Companies that survived the dot-‐com bubble burst and now thrive
• E-‐commerce revolution is still in its early stages, increasing number of online
products, broadband access

Reduced
Transaction
costs

Lower
Market
Entry
Cost,
Search
cost

Cost Trans Parenc Y

Discrim ination
Key concepts in e-‐commerce
• Digital markets reduce
o Information asymmetry
o Search costs
o Transaction costs
o Menu costs (merchants costs of changing prices)
• Digital markets enable
o Price discrimination
o Dynamic pricing based on market conditions
o Disintermediation (removal of organizations, layers in value chain)
• Reduce or increase switching costs, may cause extra delay in gratification

Digital goods
 Goods that can be delivered over a digital network
 Cost of producing first unit almost entire cost of product: marginal cost of 2nd
unit is about zero
 Costs of delivery over the Internet very low
 Marketing costs remain the same; pricing highly variable
 Industries with digital goods are undergoing revolutionary changes (publishers,
record labels, etc.)

Types of e-‐commerce
• Business-‐to-‐consumer (B2C)
• Business-‐to-‐business (B2B)
• Consumer-‐to-‐consumer (C2C)
• Mobile commerce (m-‐commerce)

Content provider: includes intellectual property, podca

E-‐commerce revenue models
• Advertising (retain user attention  higher rates) (Google)
• Sales (+ micropayments) (ITunes)
• Subscription (Netflix)
• Free/Freemium (Flickr)
• Transaction Fee (Ebay)
• Affiliate (receive referential fees, Blogs)

Most popular Web 2.0 service: social networking

• Social networking sites sell banner ads, user preference information, and music,
videos and e-‐books
• Social shopping sites: Swap shopping ideas with friends (Kaboodle, ThisNext)
• Wisdom of crowds/crowdsourcing: Large numbers of people can make better
decisions about topics and products than a single person
• Prediction markets: Peer-‐to-‐peer betting markets on specific outcomes
(elections, sales figures, designs for new products)

E-‐commerce marketing
• Internet provides marketers with new ways of identifying and communicating
with customers
• Long tail marketing: Ability to reach a large audience inexpensively
• Behavioral targeting: Tracking online behavior of individuals on thousands of
Web sites, privacy concerns
• Advertising networks  profiling
• Advertising formats include search engine marketing, display ads, rich media,
and e-‐mail

Administrative overhead: processing paper, approving puchase decisions, telephone, fax

machines, search for products, arrange purchases, arranging and shipping, receiving
goods  100$ for each curporate purchase order for supporting products

Business-‐to-‐business e-‐commerce
 Promise: reduce costs, prices, increase productivity, economic wealth
 Challenge: chahing existing patterns and systems of procurement, designing and
implementing new Internet-‐based B2B solutions
Electronic data interchange (EDI)
• Computer-‐to-‐computer exchange of standard transactions such as invoices,
purchase orders
• Major industries have EDI standards that define structure and information fields
of electronic documents for that industry
• More companies increasingly moving away from private networks to Internet for
linking to other firms E.g. Procurement: Businesses can now use Internet to
locate most low-‐cost supplier, search online catalogs of supplier products,
negotiate with suppliers, place orders, etc.
Private industrial networks (private exchanges)
• Large firm using extranet to link to its suppliers, distributors and other key
business partners
• Owned by buyer, eg. Volkswagen Group Supply
• Permits sharing of: Product design and development, Marketing, Production
scheduling and inventory management, Unstructured communication
Net marketplaces (e-‐hubs)
• Single market for many buyers and sellers
• Industry-‐owned or owned by independent intermediary
• Generate revenue from transaction fees, other services
• Use prices established through negotiation, auction, RFQs, or fixed prices
• May focus on direct or indirect goods
• May be vertical or horizontal marketplaces
• E.g. Exostar long term contract purchasing, aero defense industry, Elemica
serving chemical industry
Exchanges
• Independently owned third-‐party Net marketplaces
• Connect thousands of suppliers and buyers for spot purchasing
• Typically provide vertical markets for direct goods for single industry (food,
electronics)
• Proliferated during early years of e-‐commerce; many have failed: Competitive
bidding drove prices down and did not offer long-‐term relationships with buyers
or services to make lowering prices worthwhile

M-‐commerce
• Location-‐based services (Loopt, Wikitude)
• Software application sales
• Entertainment downloads
• Mobile display advertising
• Banking and financial services
• Wireless advertising and retailing
• Games and entertainment

Building an E-‐Commerce Web Site

 Developing a clearunderstanding of your business objectives
 Knowing how to choose the right technology to achieve those objectives
 Assembling a team with the skills required to make decisions about:
o Technology
o Site design
o Social and information policies
o Hardware, software, and telecommunications infrastructure
 Customer’s demands should drive the site’s technology and design
 Business decisions drive the technology – not the reverse
 Business objectives: Capabilities the site should have, E.g. execute a transaction
payment
 System functionality : Technological capability to achieve this objective, E.g. a
shopping cart or other payment system
 Information requirements,E.g. secure credit card clearing, multiple payment
options

The Building Decision

 Pre built template, least costly and simple solution, limited
 Build yourself_ customization, variety of tools, risky complexity, delays
 Packages to customize
The Hosting Decision
 Outsource, pay monthly fee, vendor responsible
 Co-‐location: purchase Web server and locate in a vendors physical facility,
 Rent capabilities of cloud computing center
 Fees based on size of website, bandwidth, storage, support


Web site budgets

 Several thousand to millions / year
 50% of a budget is system maintenance and content creation
Chapter 11
Managing Knowledge

The Knowledge Management Landscape

• Knowledge management systems among fastest growing areas of software
investment
• Knowledge and information related, useful and actionable when shared, major
source of wealth
• Substantial part of a firm’s stock market value is related to intangible assets:
knowledge, brands, reputations, and unique business processes
• Well-‐executed knowledge-‐based projects can produce extraordinary ROI, difficult
to measure
• Data = flow of events/transactions, info = organized data, knowledge = additional
resources to discover patterns, wisdom = Collective and individual experience of
applying to solve problems, Involves where, when, and how to apply knowledge
• Both individual and collective attribute
• Cognitive, psychological eent inside peoples heads
• Tacit (not documented) and explicit (documented) knowledge
• Has a locations, sticky, not universally applicable, situational, contextual
• Important asset of firm, Knowing how to do things effectively and efficiently in
ways others cannot duplicate is prime source of profit and competitive advantage
Organizational learning (Process in which organizations learn)
• Gain experience through collection of data, measurement, trial and error, and
feedback
• Adjust behavior to reflect experience: Create new business processes, Change
patterns of management decision making

The Knowledge Management Value Chain

• Knowledge management: Set of business processes developed in an organization
to create, store, transfer, and apply knowledge
• Knowledge management value chain: Each stage adds value to raw data and
information as they are transformed into usable knowledge

Knowledge acquisition
 Documenting tacit and explicit knowledge
o Storing documents, reports, presentations, best practices
o Unstructured documents (e.g., e-‐mails)
o Developing online expert networks
 Creating knowledge (discover patterns, knowledge workstations)
 Tracking data from TPS (sales, payments, inventory, customers), external sources
Knowledge storage
 Databases, expert systems corporate in business processes
 Document management systems
 Role of management:
o Support development of planned knowledge storage systems
o Encourage development of corporate-‐wide schemas for indexing
documents
o Reward employees for taking time to update and store documents
properly
Knowledge dissemination
 Portals, Push e-‐mail reports, Search engines, Collaboration tools
 A deluge of information
 Training programs, informal networks, and shared management experience help
managers focus attention on important information
Knowledge application
 To provide return on investment, organizational knowledge must become
systematic part of management decision making and become situated in
decision-‐support systems
 Create New business practices, New products and services, New markets

New organizational roles and responsibilities

• Chief knowledge officer executives
• Dedicated staff / knowledge managers
• Communities of practice (COPs)
o Informal social networks of professionals and employees within and
outside firm who have similar work-‐related activities and interests
o Activities include education, online newsletters, sharing experiences and
techniques
o Facilitate reuse of knowledge, discussion
o Reduce learning curves of new employees

3 major types of knowledge management systems (CAD = computer aided design)

Three major types of knowledge in enterprise

• Structured documents (formal docs and rules)
• Semistructured documents
• Unstructured, tacit knowledge (+ semi = 80%)

Enterprise content management systems

• Help capture, store, retrieve, distribute, preserve
• Corporate repositories ans capabilities to collect and organize semistructured
• Bring in external sources (News feeds, research)
• Tools for communication and collaboration
• Key problem – Developing taxonomy = classification scheme (Knowledge objects
must be tagged with categories for retrieval)
• Digital asset management systems: Specialized content management systems for
classifying, storing, managing unstructured digital data like Photographs,
graphics, video, audio
Knowledge network systems (expertise location and management systems)
• Provide online directory of corporate experts in well-‐defined knowledge domains
 • Use communication technologies to make it easy for employees to find
appropriate expert in a company
• May systematize solutions developed by experts and store them in knowledge
database (Best-‐practices, Frequently asked questions (FAQ) repository)

Collaboration Tools
 Enterprise knowledge portals: Access to external and internal information
(News feeds, research, Capabilities for e-‐mail, chat..)
 Use of consumer Web technologies (Blogs, Wikis, Social bookmarking – user-‐
created taxonomies for shared bookmarks = folksonomies)
Learning Management Systems (LMS)
 Provide tools for management, delivery, tracking, and assessment of various
types of employee learning and training
 Support multiple modes of learning
 Automates selection and administration of courses
 Assembles and delivers learning content
 Measures learning effectiveness

Knowledge Work Systems = Systems for knowledge workers to help create new
knowledge and integrate that knowledge into business
Knowledge workers = Researchers, designers, architects, scientists, engineers who
create knowledge for the organization
1. Keeping organization current in knowledge
2. Serving as internal consultants regarding their areas of expertise
3. Acting as change agents, evaluating, initiating, and promoting change projects

Requirements of knowledge work systems

• Hardware Platform: knowledge workstation
• Substantial computing power for graphics, complex calculations
• Powerful graphics and analytical tools
• Communications and document management
• Access to external databases
• User-‐friendly interfaces
• Optimized for tasks to be performed (design engineering, financial analysis)

Examples of knowledge work systems

• CAD (computer-‐aided design):
o Automate creation and revision of design
o Creation of engineering or architectural designs
• Virtual reality systems:
o Simulate real-‐life environments
o 3-‐D medical modeling for surgeons
o Augmented reality (AR) systems – additional info to enhance the
perception of reality, more interactive and meaningful
o VRML (virtual realty modeling language) = set of specifications for
interactive 3D modeling on the WWW, can organize multiple media types
• Investment workstations in financial industry = Streamline investment process
and consolidate internal, external data for brokers, traders, portfolio managers
Intelligent techniques: Used to capture individual and collective knowledge and to
extend knowledge base
• To capture tacit knowledge: Expert systems, case-‐based reasoning, fuzzy logic
• Knowledge discovery: Neural networks and data mining
• Generating solutions to complex problems: Genetic algorithms
• Automating tasks: Intelligent agents
Artificial intelligence (AI) technology: Computer-‐based systems that emulate human
behavior

Expert systems:
• Capture tacit knowledge in very specific and limited domain of human expertise
• Capture knowledge of skilled employees as set of rules in software system that
can be used by others in organization
• Typically perform limited tasks that may take a few minutes or hours, e.g.
Diagnose malfunctioning machine, Determining whether to grant credit for loan
• Used for discrete, highly structured decision-‐making
How expert systems work
• Knowledge base: Set of hundreds or thousands of interconnected rules
• Inference engine: Strategy used to search knowledge base
o Forward chaining: Inference engine begins with information entered by
user and searches knowledge base to arrive at conclusion
o Backward chaining: Begins with hypothesis and asks user questions until
hypothesis is confirmed or disproved
• Benefits: improved decisions, reduced errors, reduced costs, and training time,
higher levels of quality and service
Successful expert systems
• Con-‐Way Transportation built expert system to automate and optimize planning
of overnight shipment routes for nationwide freight-‐trucking business
Most expert systems deal with problems of classification
• Have relatively few alternative outcomes
• Possible outcomes are known in advance
Many expert systems require large, lengthy, and expensive development and
maintenance efforts  Hiring or training more experts may be less
expensive

Case-‐based reasoning (CBR)

• Descriptions of past experiences of human specialists (cases), stored in
knowledge base
• System searches for cases with problem characteristics similar to new one, finds
closest fit, and applies solutions of old case to new case
• Successful and unsuccessful applications are grouped with case
• Stores organizational intelligence: Knowledge base is continuously expanded and
refined by users
• CBR found in: Medical diagnostic systems, Customer support

Fuzzy logic systems

• Rule-‐based technology that represents imprecision used in linguistic categories
(e.g., “cold,” “cool”) that represent range of values (Doppeldeutig)
• Describe a particular phenomenon or process linguistically and then represent
that description in a small number of flexible rules
 • Provides solutions to problems requiring expertise that is difficult to represent
with IF-‐THEN rules
o Autofocus in cameras
o Detecting possible medical fraud
o Sendai’s subway system acceleration controls

Neural networks
• Find patterns and relationships in massive amounts of data too complicated for
humans to analyze
• “Learn” patterns by searching for relationships, building models, and correcting
over and over again (construct hidden layer of logic)
• Humans “train” network by feeding it data inputs for which outputs are known,
to help neural network learn solution by example
• Used in medicine, science, and business for problems in pattern classification,
prediction, financial analysis, and control and optimization only as aids!
• E.g Visa Credit Card Fraud monitoring transactions
• Machine learning: Related AI technology allowing computers to learn by
extracting information using computation and statistical methods
• Used in data mining

Genetic algorithms
• Useful for finding optimal solution for specific problem by examining very large
number of possible solutions for that problem
• Conceptually based on process of evolution: Search among solution variables by
changing and reorganizing component parts using processes such as inheritance,
mutation, and selection
• Used in optimization problems (minimization of costs, efficient scheduling,
optimal jet engine design) in which hundreds or thousands of variables exist
• Able to evaluate many solution alternatives quickly

Hybrid AI systems
• Genetic algorithms, fuzzy logic, neural networks, and expert systems integrated
into single application to take advantage of best features of each
• E.g., Matsushita “neurofuzzy” washing machine that combines fuzzy logic with
neural networks

Intelligent agents
• Work in background to carry out
specific, repetitive, and predictable
tasks for user, process, or application
• Use limited built-‐in or learned
knowledge base to accomplish tasks or
make decisions on user’s behalf
(Deleting junk e-‐mail, Finding cheapest
airfare)
• Agent-‐based modeling applications:
o Systems of autonomous agents
o Model behavior of consumers,
stock markets, and supply
chains; used to predict spread of epidemics
Chapter 12
Enhancing Decision Making

Types of decisions:
• Unstructured: Decision maker must provide judgment, evaluation, and insight to
solve problem, novel, non-‐routine and important decisions  Senior
management
• Structured: Repetitive and routine; involve definite procedure for handling so
they do not have to be treated each time as new  operational
management
• Semistructured: Only part of problem has clear-‐cut answer provided by accepted
procedure  Middle management

The 4 stages of the decision making process

1. Intelligence: Discovering, identifying, and understanding the problems occurring
in the organization
2. Design: Identifying and exploring solutions to the problem
3. Choice: Choosing among solution alternatives
4. Implementation: Making chosen alternative work and continuing to monitor how
well solution is working

Managers and Decision making in the real world

• Information systems can only assist in some of the roles played by managers
• Classical model of management: 5 functions = Planning, organizing, coordinating,
deciding, and controlling
• More contemporary behavioral models = less systematic, more informal, less
reflective, more reactive, and less well organized than in classical model
• Great del of work at unrelenting pace, fragmented activities, prefer current and
specific information, prefer oral forms of communication, maintain complex web
of contacts
• Managerial roles = expectations of the activities that managers should perform
3main reasons why investments in information technology do not always produce
positive results
1. Information quality: High-‐quality decisions require high-‐quality information
(accuracy, integrity, consistency, completeness, validity, timeliness, accessibility)
2. Management filters: Managers have selective attention and have variety of biases
that reject information that does not conform to prior conceptions
3. Organizational inertia and politics: Strong forces within organizations resist
making decisions calling for major change

High velocity automated decision-‐making

 Made possible through computer algorithms precisely defining steps for a highly
structured decision
 Humans taken out of decision, E.g. High-‐speed computer trading programs
 Require safeguards to ensure proper operation and regulation

Business intelligence: Infrastructure for collecting, storing, analyzing data produced by

business (warehousing, integrating, reporting, analyzing data); Databases, data
warehouses, data marts
Business analytics: Tools and techniques for analyzing data; OLAP (online analytical
processing), statistics, models, data mining
Business intelligence vendors: Create business intelligence and analytics purchased
by firms (SAP, Oracle, IBM, SAS Institute, Microsoft), market: 10.5billion, growing 20%

Business intelligence and analytics capabilities

 Goal is to deliver accurate real-‐time information to decision-‐makers
 Main functionalities of BI systems
1. Production reports (pre-‐defined, based on industry requirements)
2. Parameterized reports (user enters different parameters to filter data)
3. Dashboards/scorecards (visual tools, presenting performance data)
4. Ad hoc query/search/report creation (create own report based on queries,
searches)
 5. Drill down (from high-‐level summary to detailed view)
6. Forecasts, scenarios, models (analyze using standard statistical tools)

Business intelligence users

 80% are casual users relying on production reports
 Senior executives Use monitoring functionalities
 Middle managers and analysts  Ad-‐hoc analysis
 Operational employees  Prepackaged reports (E.g. sales forecasts,
customer satisfaction, loyalty and attrition, supply chain backlog, employee
productivity)

Examples of BI applications  mostly pre-‐packaged production reports

 Predictive analytics: Use patterns in data to predict future behavior (E.g. Credit
card companies determine customers at risk for leaving, screen potential
customers, prediction how customer respond to price changes)
 Data visualization: Help users see patterns and relationships that would be
difficult to see in text lists
 Geographic information systems (GIS): Ties location-‐related data to maps,
modeling capabilities (e.g. calculate response times to natural disasters, best
locations for new ATMs

2 Management strategies for developing BI and BA capabilities

Competitive market place and given to hyperbole
1. One-‐stop shopping (totally integrated solution)
 Hardware firms sell software that run optimally on their hardware
 Makes firm dependent on single vendor (but on a global scale) – switching costs +
pricing power
2. Multiple best-‐of-‐breed solution
 Software firms: encourage firms to adopt „best of breed“ software, chose package
from vendor you believe is best
 Greater flexibility and independence
 Potential difficulties in integration with own hardware and other software
 Must deal with multiple vendors
Business Intelligence Constituencies
Operational and middle managers
 Monitor day to day business performance (e.g down-‐time machines, hourly sales)
 Make fairly structured decisions
 Use MIS  output = set of routine production reports based on data
from transaction processing systems (TPS)
 Increased online usage with queries
„Super user” and business analysts
 Use more sophisticated analysis to find patterns in data,
 Create customized reports, relying heavily on modeling
 Use DSS (decision support systems) support semistructured decision making
Decision support systems
 Use mathematical or analytical models
 Allow varied types of analysis
o “What-‐if” analysis (working forward from known conditions, test results
to predict outcomes)
o Sensitivity analysis (repeated what if questions to predict range of
outcomes, when variables changed multiple times)
o Backward sensitivity analysis (helps with goal seeking)
o Multidimensional analysis / OLAP (E. g. pivot tables)
Decision-‐support for senior management
 Executive support systems (ESS) help executives focus on important
performance information affect overall profitability and success
 Balanced scorecard method: (methodology for understanding really important
information)  Measures outcomes on four dimensions:
o Financial, Business process, Customer, Learning & growth
o Key performance indicators (KPIs) measure each dimension
Business performance management (BPM)
 Translates firm’s strategies (e.g. differentiation, low-‐cost producer, scope of
operation) into operational targets
 KPIs developed to measure progress towards targets
 Stronger strategy flavor than balanced scorecard
Data for ESS
 Internal data from enterprise applications (ERP, SCM, CRM)
 External data such as financial market databases, economic information
 Drill-‐down capabilities
 Enhancing effectiveness: organizational performance, track activities of
competitors, recognize changing market conditions, identify problems and
opportunities
 Decentralized decision making, taking place on lower operating levels, increase
span of control
 = Information driven management or management by facts  real-‐time

Group Decision Support Systems (GDSS)

 Interactive system to facilitate solution of unstructured problems by group
 Specialized hardware and software; typically used in conference rooms
o Overhead projectors, display screens
o Software to collect, rank, edit participant ideas and responses
o May require facilitator and staff
 Enables increasing meeting size and increasing productivity
 Promotes collaborative atmosphere, guaranteeing anonymity
 Uses structured methods to organize and evaluate ideas
Chapter 13
Building Information Systems

Structural organizational changes enabled by IT

1. Automation
 Increases efficiency and effectively  assisting employees
 Replaces manual tasks
2. Rationalization of procedures
 Streamlines standard operating procedures
 Revealed bottlenecks due to automatization
 Often found in programs for making continuous quality improvements
o Total quality management (TQM) – achieving quality as goal and
responsibility of all employees
o Six sigma = specific measure of quality (3.6 defects per million
opportunities) – usually just a goal
3. Business process redesign (more powerful, higher risk)
 Analyze, simplify, and redesign business processes
 Reorganize workflow, combine steps, eliminate repetition and sometimes jobs
 Ambitious and new vision how to organize process
4. Paradigm shifts (often fail, high rewards)
 Rethink nature of business, radical, reengineering strategies
 Define new business model
 Change nature of organization

Business Process Redesign

Business Process Management (BPM)
 Variety of tools, methodologies to analyze, design, optimize processes
 Used by firms to manage business process redesign
 Never concluded  continual change
 Barrier: organizational culture, resisting change, not simple

1. Identify processes for change: what processes are important and how improving
these will help performance
2. Analyze existing processes: modeled and documented, identify redundant steps and
inefficiencies, existing processes measured in times and cost
3. Design the new process: improve processes by designing new one, “to-‐be” process 
comparison streamlined processes, justifying by reducing time, cost, enhancing
service and value
4. Implement the new process: translation in new set of procedures and rules,
implement IS to support, uncover and address problems, recommended
improvements
5. Continuous measurement: employees fall back in old methods, processes lose
effectiveness due to other changes

Variety of tools for BPM, to

 Identify and document existing processes, Identify inefficiencies
 Create models of improved processes
 Capture and enforce business rules for performing processes
 Integrate existing systems to support process improvements
  Analytics to Verify that new processes have improved
 Measure impact of process changes on key business performance indicators
 Automate some parts of business process and enforce business rules 
perform more consistently and efficiently
 Help integrate existing systems to support process improvements

Systems development
Activities that go into producing an information system solution to an organizational
problem or opportunity

Systems analysis
 Analysis of problem to be solved by new system
 Defining the problem and identifying causes, Specifying solutions (Systems
proposal report identifies and examines alternative solutions), Identifying
information requirements
 Analyst: creates roadmap of existing organization, identifying primary owners of
data, hardware, software  examining  problem areas and objectives
 Includes feasibility study: financial, technical, organizational standpoint, good
investment, skills?
 Written systems proposal: costs, benefits, disadvantages, advantages of each
alternative
 Establishing information requirements
o Who needs what information, where, when, and how
o Define objectives of new/modified system
o Detail the functions new system must perform
 Faulty requirements analysis is leading cause of systems failure and high systems
development cost

Systems design
 Describes system specifications that will deliver functions identified during
systems analysis  form and structure (blueprint)
 Should address all managerial, organizational, and technological components of
system solution  fulfill user requirements
  Role of end users
o User information requirements drive system building
o Users must have sufficient control over design process to ensure system
reflects their business priorities and information needs
o Insufficient user involvement in design effort is major cause of system
failure

Completing System Development Process

Translate solution specifications into operational info system
 Programming: Translate System specifications into software program code
 Testing: Ensures system produces right results
o Unit (program) testing: Tests each program in system separately
o System testing: Test functioning of system as a whole
o Acceptance testing: system is ready to be used in production setting
(evaluated by users, reviewed by management)
o Test plan: All preparations for series of tests, general condition tested =
record change
Conversion = Process of changing from old system to new system
1. Parallel strategy: both old and new systems run together = safe and expensive
2. Direct cutover: total replacement on an appointed day = risky
3. Pilot study: introduction to limited area
4. Phased approach: introduction in stages (by functions, units)
 Requires end-‐user training
 Finalization of detailed documentation showing how system works from
technical and end-‐user standpoint
Production and maintenance = System reviewed to determine if revisions needed
 May include post-‐implementation audit document
 Maintenance: Changes in hardware, software, documentation, or procedures to a
production system to correct errors, meet new requirements, or improve
processing efficiency
o 20% debugging, emergency work
o 20% changes to hardware, software, data, reporting
o 60% of work: User enhancements, improving documentation, recoding for
greater processing efficiency
Modeling and Designing System
1. Structured Methodologies
 Structured: Techniques are step-‐by-‐step, progressive, top-‐down
 Process-‐oriented: Focusing on modeling processes/actions that manipulate data
 data flow (no well modeling of data, only processes)
 Separate data from processes (real world: unnatural)
 Data flow diagram: Primary tool for representing system’s component processes
and flow of data between them (ANALYSIS)
o Offers logical graphic model of information flow
o High-‐level and lower-‐level diagrams can be used to break processes down
into successive layers of detail
 Data dictionary: Defines contents of data flows and data stores
 Process specifications: Describe transformation occurring within lowest level of
data flow diagrams (logic for each process)
 Structure chart: Top-‐down chart, showing each level of design, relationship to
other levels, and place in overall design structure (DESIGN)

2. Object-‐Oriented Development
 Object = basic unit of systems analysis and design
 Object: Combines data and the processes that operate on those data
 Data encapsulated in object can be accessed and modified only by operations, or
methods, associated with that object
 Object-‐oriented modeling based on concepts of class and inheritance
o Objects belong to a certain class and have features of that class
o May inherit structures and behaviors of a more general, ancestor class
 More iterative and incremental than traditional structured development
o Systems analysis: Interactions between system and users analyzed to
identify objects
o Design phase: Describes how objects will behave and interact; grouped
into classes, subclasses and hierarchies
o Implementation: Some classes may be reused from existing library of
classes, others created or inherited
 Objects = reusable  can potentially reduce time and cost of development

Computer-‐aided software engineering (CASE)

 Software tools to automate development and reduce repetitive work, including
 Facilitate creation of clear documentation + coordination of team development
efforts
  Graphics facilities for producing charts and diagrams, Screen and report
generators, reporting facilities, Analysis and checking tools, Data dictionaries,
Code and documentation generators
 Increase productivity and quality
 Support iterative design by automating revisions and changes and providing
prototyping facilities
 Require organizational discipline to be used effectively

Alternative Systems-‐building Approaches

Traditional systems lifecycle
 Oldest method for building information systems
 Phased approach divides development into formal stages
 “Waterfall” approach: Tasks in one stage finish before another stage begins
 Formal division of labor between end users and information systems specialists
 Emphasizes formal specifications and paperwork
 Still used for building large complex systems
 Can be costly, time-‐consuming, and inflexible

Prototyping
 Building experimental system rapidly and inexpensively for end users to evaluate
 Prototype: Working but preliminary version of information system 
Approved prototype serves as template for final system
 Iterative Steps in prototyping (can be repeated)
1. Identify user requirements
2. Develop initial prototype
3. Use prototype
4. Revise and enhance prototype

Advantages
 Useful if some uncertainty in
requirements or design solutions
 Often used for end-‐user interface
design
 More likely to fulfill end-‐user
requirements
Disadvantages
 May gloss over essential steps
 May not accommodate large
quantities of data or large number
of users
 May not undergo full testing or
documentation

End-‐user development:
 Uses fourth-‐generation languages to allow end-‐users to develop systems with
little or no help from technical specialists
 Fourth generation languages: Less procedural than conventional programming
 Require: cost-‐justification of end-‐user system projects, Establish hardware,
software, and quality standards

Advantages
 More rapid completion of projects
 High-‐level of user involvement and
satisfaction
Disadvantages
 Not designed for processing-‐
intensive applications
 Inadequate management and
control, testing, documentation
 Loss of control over data
Application software packages
 Save time and money: pre-‐written, designed, tested, maintenance
 Many offer customization features
 Evaluation criteria for systems analysis include: Functions provided by the
package, flexibility, user friendliness, hardware and software resources, database
requirements, installation and maintenance efforts, documentation, vendor
quality, and cost
 Request for Proposal (RFP): Detailed list of questions submitted to packaged-‐
software vendors, Used to evaluate alternative software packages

Outsourcing
 Cloud and SaaS providers: Subscribing companies use software and computer
hardware provided by vendors
 External vendors: Hired to design, create software
o Domestic: Driven by firms need for additional skills, resources, assets
o Offshore: Driven by cost-‐savings, better assets, skills

Advantages
 Allows organization flexibility in IT
needs
 Usually at least 15% cost saving
even in worst case scenario
Disadvantages
 Hidden costs, e.g. Identifying and
selecting vendor, Transitioning to
vendor
 Opening up proprietary business
processes to third party
Application Development for the Digital Firm
Rapid application development (RAD)
 Process of creating workable systems in a very short period of time (less
sequential, parts occur simultaneously
 Visual programming and other tools for building graphical user interfaces
 Iterative prototyping of key system elements
 Automation of program code generation
 Close teamwork among end users and information systems specialists

Joint application design (JAD)

 Used to accelerate generation of information requirements and to develop initial
systems design
 Brings end users and information systems specialists together in interactive
session to discuss system’s design
 Can significantly speed up design phase and involve users at intense level

Agile development
 Focuses on rapid delivery of working software by breaking large project into
several small sub-‐projects
 Subprojects: Treated as separate, complete projects, Completed in short periods
of time using iteration and continuous feedback
 Emphasizes face-‐to-‐face communication over written documents  collaboration
and faster decision making

Component-‐based development
 Groups of objects that provide software for common functions (e.g., online
ordering) and can be combined to create large-‐scale business applications
 Web services
o Reusable software components that use XML and open Internet standards
(platform independent)
o Enable applications to communicate with no custom programming
required to share data and services
o Can engage other Web services for more complex transactions
o Using platform and device-‐independent standards can result in significant
cost-‐savings and opportunities for collaboration with other companies
Chapter 14
Managing Projects

The Importance of Project Management

 Runaway projects: 30% -‐ 40% IT projects: Exceed schedule, budget, Fail
to perform as specified, less benefits
 Types of system failure
o Fail to capture essential business requirements
o Fail to provide organizational benefits
o Complicated, poorly organized user interface
o Inaccurate or inconsistent data

Project management
 Project: planned series of related activities for achieving specific business
objective
 Activities: planning work, assessing risk, estimating resources required,
organizing work, assigning tasks, controlling project execution, reporting
progress, analyzing results
 Five major variables
o Scope  what work to (not) include
o Time  amount to complete project, schedule
o Cost  hr, hardware, software, work space
o Quality  result satisfies specified objectives
o Risk  potential problems threatening success

Selecting Projects
Linking Systems Projects to the Business Plan
Information systems plan
 Identifies systems projects that will deliver most business value, links
development to business plan
 Corporate goals, milestones, target dates, key management decisions
 Road map indicating direction of systems development, includes:
o Purpose of plan
o Strategic business plan rationale
o Current systems/situation
o New developments to consider
o Management strategy
o Implementation plan
o Budget
 In order to plan effectively, firms need to inventory and document existing
software, hardware, systems

Critical Success Factors

 Clear understanding of both long-‐term and short-‐term information requirements
 Strategic analysis or critical success factors (CSF) approach: Sees information
requirements as determined by a small number of critical success factors
 Shaped by industry, firm, manager, broader environment
 Principal method: personal interviews with top managers  identify goals + CSFs
 aggregation to firm CSFs  systems build to deliver information on CSFs
 Suitable for top management, building DSS and ESS
 Disadvantages: No clear methods for aggregation, Confusion between individual
and organizational CSFs, Bias towards top managers

Portfolio analysis
 Used to evaluate alternative system projects
 Inventories all of the organization’s information systems projects and assets
 Each system has profile of risk and benefit
 To improve return on portfolio, balance risk and return from systems
investments
 Determine optimal mix of investment risk and reward
 Aligned with business strategy: superior return on IT assets, better alignment
with business objectives, and better coordination if IT investments
Scoring models
 Selecting projects where many criteria must be considered
 Assigns weights to various features of system and calculates weighted totals
 Most important: not score but agreement on criteria to judge system
 Requires experts understanding issue and technology
 Used to confirm, rationalize and support decisions

Establishing the business value of Information Systems

Information Systems Costs and Benefits
 Tangible benefits (cost savings): Can be quantified and assigned monetary value
 Systems that displace labor and save space: Transaction and clerical systems
 Intangible benefits: Cannot be immediately quantified but may lead to
quantifiable gains in the long run
 Systems that influence decision making: ESS, DSS, collaborative work systems
 Capital budgeting models: Measure value of investing in long-‐term capital
investment projects
 Rely on measures the firm’s
o Cash outflows: Expenditures for hardware, software, labor
o Cash inflows: Increased sales, Reduced costs
 Difference out-‐ und in flows used for calculating financial worth of investment
 Various capital budgeting models used for IT projects: Payback method,
accounting rate of return on investment, net present value, internal rate of return
(IRR)

Real options pricing models (ROPM)

 Can be used when future revenue streams of IT projects are uncertain and up-‐
front costs are high
 Use concept of options valuation borrowed from financial industry (option =
right but not obligation to act at some future date, buy at fixed rate)
 Initial expenditure on technology creates right (not obligation) to obtain the
benefits associated with further development and deployment of the technology
as long as management has freedom to cancel, defer, restart, or expand project
 Gives managers flexibility to stage IT investment or test the waters with small
pilot projects or prototypes to gain more knowledge about risks before investing
in entire implementation
 Disadvantage: estimating all ley variables affecting option value

Limitations of financial models

 Do not take into account social and organizational dimensions that may affect
costs and benefits
 No consideration costs from organizational disruptions (training, learning
curves)
 Overlooked benefits like enhanced employee learning and expertise

Dimensions of Project Risk – level influenced by

 Project size: Indicated by cost, time, number of organizational units affected,
Organizational complexity also an issue
 Project structure: Structured, defined requirements run lower risk
 Experience with technology
Change Management
 Required for successful system building
 New information systems have powerful behavioral and organizational impact
 Changes lead to new distributions of authority and power
 Internal organizational change breeds resistance and opposition
 Implementation: All organizational activities working toward adoption,
management, and routinization of an innovation
 Change agent: One role of systems analyst
o Redefines the configurations, interactions, job activities, and power
relationships of organizational groups
o Catalyst for entire change process
o Responsible for ensuring that all parties involved accept changes created
by new system
 Role of end users: With high levels of user involvement
o System more likely to conform to requirements
o Users more likely to accept system
 User-‐designer communication gap: Users and information systems specialists
o Different backgrounds, interests, and priorities
o Different loyalties, priorities, vocabularies
o Different concerns regarding a new system
 Management support and commitment
o Positive perception by both users and technical staff
o Ensures sufficient funding and resources
o Enforcement of required organizational changes
 Very high failure rate among enterprise application and BPR projects (up to 70%
for BPR)  Poor implementation and change management practices
 Mergers and acquisitions: Similarly high failure rate of integration projects
 Merging of systems of two companies requires: Considerable organizational
change, Complex systems projects

Controlling risk factors

 1st step in managing project risk: identifying nature and level of risk of project
 Each project managed with tools and risk-‐management approaches geared to
level of risk
 Managing technical complexity  Internal integration tools
o Project leaders with technical and administrative experience
o Highly experienced team members
o Frequent team meetings
o Securing of technical experience outside firm if necessary
 Formal planning and formal control tools: GANTT and PERT charts
o Gantt chart lists project activities and corresponding start and completion
dates, visually representing timing and duration + hr
o Pert charts (Program Evaluation and Review Technique) graphically
depicts project task and interrelationships in a network diagram
o Determine bottlenecks, impact problems will have
 External integration tools: ways to link work of implementation team to users at
all organizational levels (Active involvement of users, team’s responsiveness)
 User resistance to organizational change: believe change is detrimental to their
interests, counter implementation: strategy to thwart implementation of an IS
  Strategies to overcome user resistance
o User participation
o User education and training
o Management edicts and policies
o Incentives for cooperation
o Improvement of end-‐user interface
o Resolution of organizational problems prior to introduction of new system

Designing for the organization

 Information system projects must address ways in which organization changes
with new system
 Planning: Procedural changes, Job functions, Organizational structure, Power
relationships, Work structure
 Ergonomics: Interaction of people and machines in work environment including
Design of jobs, Health issues, End-‐user interfaces
 Organizational impact analysis: explains how system will affect organizational
structure, attitudes, decision making, operations
 Sociotechnical design: Addresses human and organizational issues
o Separate sets of technical and social design solutions
o Final design is solution that best meets both technical and social
objectives  higher job satisfaction and productivity

Project management software

 Can automate many aspects of project management
 Capabilities for Defining, ordering, editing tasks, Assigning resources to tasks,
Tracking progress
 Microsoft Project 2010 = Most widely used project management software,
capabilities of producing PERT, Gantt Charts, critical path analysis
 Increase in SaaS, open-‐source project management software  more flexile,
collaborative and user-‐friendly
 Project portfolio management: helps organizations manage portfolios of projects
and dependencies among them
Chapter 15
Managing Global Systems

Growth of International Information Systems

 Global economic system and global world order driven by advanced networks
and information systems
 Growth of international trade radically altered domestic economies around globe

Developing an International Information Systems Architecture

1. Understand global environment: Business drivers pushing your industry toward
global competition, Inhibitors creating management challenges
2. Develop corporate strategy for competition: How firm should respond to global
competition
3. Develop organization structure and division of labor: Where will production,
marketing, sales, etc., be located
4. Consider management issues: Design of business procedures, reengineering,
managing change
5. Consider technology platform

Global drivers
General cultural factors lead toward internationalization and result in specific business
globalization factors

Business Challenges

State of the art

 Most companies have inherited patchwork international systems using 1960s-‐
era batch-‐oriented reporting, manual entry of data from one legacy system to
another, and little online control and communication
  Significant difficulties in building appropriate international architectures
o Planning a system appropriate to firm’s global strategy
o Structuring organization of systems and business units
o Solving implementation issues
o Choosing right technical platform

Global strategies and business organization

 Three main kinds of organizational structure
o Centralized: In the home country
o Decentralized/dispersed: To local foreign units
o Coordinated: All units participate as equals
 Four main global strategies
o Domestic exporter: heavy centralization of corporate activities in the
home country of origin (often starting point)
o Multinational: concentrate financial management and control out of home
base, decentralizing production, sales, marketing, adapted products to
local market conditions
o Franchisers: mix of old and new, design in home country, further
production… foreign personnel
o Transnational: stateless, truly globally managed firms with many regional
headquarters, frame of reference: globe

Global systems to fit the strategy

 Configuration, management, and development of systems tend to follow global
strategy chosen
 4 main types of systems configuration
1. Centralized: Systems development and operation totally at domestic home base
2. Duplicated: Development occurs at home base but operations are handed over to
autonomous units in foreign locations
3. Decentralized: Each foreign unit designs own solutions and systems
4. Networked: Development and operations in coordinated fashion across all units
 Reorganizing the Business
1. Organize value-‐adding activities along lines of comparative advantage (E.g., Locate
functions where they can best be performed, for least cost and maximum impact)
2. Develop and operate systems units at each level of corporate activity— local (host
country systems units), regional (regional systems units handle telecommunications
and systems development)), national, and international (transnational systems units
create link across major regional areas)
3. Establish at world headquarters: Single office responsible for development of
international systems + Global CIO position

Managing Global Systems

Principle Management Challenges in developing global systems

Typical scenario: Disorganization on a global scale

 Traditional multinational consumer-‐goods company based in U.S. and operating
in Europe would like to expand into Asian markets
 World headquarters and strategic management in U.S., Only centrally
coordinated system is financial controls and reporting
 Separate regional, national production and marketing centers
 Foreign divisions have separate IT systems
 E-‐mail systems are incompatible
 Each production facility uses different ERP system, different hardware and
database platforms, etc.

Global systems strategy

 Share only core systems: Core systems support functionality critical to firm
 Partially coordinate systems that share some key elements (Do not have to be
totally common across national boundaries, Local variation desirable)
 Peripheral systems: Need to suit local requirements only

1. Define core business processes (business process analysis) + best performer

2. Identify core systems to coordinate centrally
3. Choose an approach (best: salami strategy)
 Piecemeal and grand design approaches tend to fail
 Evolve transnational applications incrementally from existing applications
4. Make benefits clear
 Global flexibility
 Gains in efficiency
 Global markets and larger customer base unleash new economies of scale at
production facilities
 Optimizing corporate funds over much larger capital base
The management solution: Implementation
 Agreeing on common user requirements  Short list of core business processes
 Develop common language, understanding of common elements and
unique local qualities
 Introducing changes in business processes  Success depends on
legitimacy (extent on which authority is accepted = competence, vision etc.),
authority, ability to involve users in change design process
 Coordinating applications development  Coordinate change through
incremental steps  Reduce set of transnational systems to bare
minimum
 Coordinating software releases  Institute procedures to ensure all
operating units update at the same time  compatible
 Encouraging local users to support global systems  Cooptation: Bringing
the opposition into design and implementation process without giving up
control over direction and nature of the change
o Permit each country unit to develop one transnational application
o Develop new transnational centers of excellence

Technology challenges of global systems

 Global business model and strategy  hardware, software,
networking standards, key system applications
 Standardization: global computing platform, international work teams
Computing platforms and systems integration
 How new core systems will fit in with existing suite of applications developed
around globe by different divisions
 Standardization: Data standards, interfaces, software, etc.
Connectivity
 Ability to link systems and people into single integrated network (voice, data,
image transmissions)
 Internet foundation but does not guarantee any level of service
 Many firms use private networks and VPNs
 Low penetration of PCs, outdated infrastructures in developing countries
 High costs and monitored transmissions by governments

Software Localization
 Integrating new systems with old (+ testing)
 Human interface design issues, languages  mastered quickly
 Software localization: converting software to operate in second language
 Most important software applications:
o TPS and MIS (basic transaction and management reporting systems)
o Increasingly, SCM and enterprise systems to standardize business
processes  not always compatible with differences in
languages, heritage, business processes in other countries
o Problems: not technically sophisticated company units
o Applications that enhance productivity of international teams like EDI,
SCM; Collaboration systems, email, videoconferencing