Management Information Systems (MIS)
Chapter 1 Information Systems in Business today
NBA makes a slam dunk with information technology • Problem: no hard data usable in decision making processes, costly and competitive market • Solutions: new system designed to collect and organize data using video clips, video tagging with descriptive categories, streaming • = Innovation and improving Business Challenge à management + organization + technology à Informaton System à Business Solution
Role of IS in business today Capital investment in IT, hardware, software, communication equipment, grew from 32% to 52% of all invested capital between 1980 and 2009 because better ROI (return on investment). As manager know how to invest this money wisely on IS and technology. How are IS transforming business? • Increased wireless technology use, web sites • Increased business use of web 2.0 tech • Cloud computing, mobile digital platform allow more distributed word, decision-‐ making, and collaboration • Mobile phones, e-‐mail, online conferencing (5 billion cell phone subscribers worldwide) Why are more parcels distributed? • Just in time production, Lean production, As little inventory as possible
• Resond to rapidly changing customer demand • Get to market faster, reduce overhead costs A lot of digital information to store and handle. • Get news online, reading and writing blogs, social networking • Connect employees, customers, managers worldwide • Internet advertising and e-‐commerce continue to expand • Laws requiring to store this data for several years
3 interrelated changes in technology (accuracy, speed, richness of decision making) 1. Emerging mobile digital platform (desktop PC à mobile device to coordinate work, communicate, provide info for decision making) 2. Growth of online software as a service /SAAS (wikis, Web 2.0, collaboration tools à better and faster decisions, online teams and projects
3. Growth in cloud computing (rely on telework, remote work, distributed decision making, outsource, collaborate with suppliers and customers to create new products Globalization opportunities and challenges • Internet has drastically reduced costs of operating on global scale • Communication is instant and virtually free (e.g. price information 24/7) • Presents both challenges and opportunities (outsourcing, offshoring, low wages, fight for jobs and products, but expanding employment in IS, accelerated development of new IS) • “The world is flat – The globalized world in the 21st century” by Thomas L. Friedman à 10 “Flatteners” (advantage developed countries = past) o Collapse of Berlin Wall o Netscape (first browser of this company) and the Internet revolution, connectivity through fiber-‐optic cables o Workflow software o Uploading o Open sourcing o Outsourcing o Offshoring (e.g. India, cheaper, better know-‐how) o Supply chaining, insourcing o In-‐forming o The Steroids • Employee: high level skills, firm: choice of markets • IS enables globalization In the emerging fully digital firm • Business relationships are digitally enabled and mediated • Core business processes are accomplished through digital networks o Business processes = logically related tasks/behaviors developed over time to produce specific business results, e.g. creating an marketing plan • Key corporate assets (property, financial, human assets) are managed digitally Greater flexibility in organization and management (time shifting = 24/7, space shifting = global workplace) = anytime/anywhere, flexibility
IT is a foundation of doing business in the 21st century.
Growing interdependence between ability to use IT and ability to implement corporate strategies and achieve corp. goals. (fig. 1.2) 6 strategic business objectives 1. Operational excellence (efficiency, productivity) à Walmart RetailLink 2. New products, services, business models (how a company produces, delivers and sells) à iPod, iPhone 3. Customer supplier intimacy (engaging à returning, e.g. track of preferences in a database, JIT, lowers costs) 4. Improved decision making (right information, right time instead of forecasts/luck à Verizon digital dashboard for managers 5. Competitive advantage (faster, cheaper, superior, real time responses) 6. Survival (necessity) à ATM Depending on type and quality of IS! IT= All the hardware + software to achieve business objectives IS = • Set of interrelated components; • Collect, process, store, and distribute information; produce new information; • Support decision making, coordination, control; • Solve tasks automatically, create new products, analyze problems • Information about significant people, places, things Information vs. data (fig. 1.3) • Data are streams of raw facts (supermarket checkout counter) • Information is data shaped into meaningful form (total unit sales of dish detergent, total sales revenue for specific store) Function of an IS (fig. 1.4)
Input (captures raw data) à Processing (Classify, Arrange, Calculate) (converts raw data into meaningful form)à Output (transfers processed information to people or activities that use it) à Feedback (output returned to appropriate members of organization to help evaluate or correct input stage) ! Computers and Software are only part of an IS! ( = technical foundation and tools)
Perspectives n IS (fig. 1.5) = IS literacy • 1. 2. 3.
Computer literacy is only knowledge of IT Organizations Technology Management
Organizational dimension • IS = integral part • Key elements: people, structure, business processes, politics, culture • Different levels/specialties, hierarchy or pyramid structure o Upper level: managerial, professional, technical employees o Lower level: operational personnel o Senior Mgt.: long-‐term strategic decisions, financial performance o Middle Mgt.: carries out programs and plans o Operational Mgt.: monitoring daily activities
• • • •
Separation business functions Unique business processes with formal rules, developed over time to guide employees (IS automate many business processes) Unique culture = fundamental set of assumptions, values, ways to do things IS come out of organizational conflicts
Management • Make decisions, formulate action plans, solve organizational problems • Perceive business challenges , strategy to respond, allocate resources • Creative work driven by knowledge and information (new products, recreate organization)) Information Technology (IT) • Computer hardware (input, processing, output, several linked devices) • Computer software (details, preprogrammed instructions to control/coordinate) • Data management technology (sotware governing organization of data and storage media) • Networking and telecommunications technology (devices and software linking hardware and transferring data) o Network links computers to share data and resources (e.g. printer) o Internet = network of networks (technology platform) o WWW = service provide by Internet • All these technologies = resources = IT infrastructure • IT infrastructure = foundation to build IS (carefully design and manage) UPS Package Tracking System • Organized in sales and production functions (delivery is the product/service) • Procedures for identifying packages, inventory, tracking en route, status reports • Also provide information to satisfy needs of managers and workers • Trained to use the system = effective + efficient • Management: monitors service level and costs for promoting strategy (low costs, high service) • Decision to use computer systems increase ease for sending and updating, reducing costs, increasing sales • Technology: handheld computers, bar code scanners, communication networks, desktop PCs, data center, storage technology, tracking software, software for WWW access
Business perspective • • • •
Investment because IS (instrument) = real economic corporate value to the business ROI will be superior to other investments (buildings, machines etc.) Increases in productivity, revenues (à stock market value), long-‐term strategic positioning (à future revenues) Decreases costs because of information for better decisions, better execution of business processes.
Business information value chain • Raw data acquired and transformed through stages that add value to that information • Value of information system determined in part by extent to which it leads to better decisions, greater efficiency, and higher profits An IS represents an organizational and management solution, based on IT, to a challenge or problem posed by the environment.
à PROFITABILITY
Complementary assets • • • • • • • •
Some firms achieve better results with IS than others Invest great deal or little a amount, receive low or much returns IT investments alone are not enough Organization and Management: supportive values, structures, behavior patterns (= complementary assets) Adopt right business model that suits the new technology Complementary assets = assets required to derive value from a primary investment à receive superior returns E.g. new business models, business processes, management behavior, organizational culture, training Investment in organizational and management capital o Organizational assets, e.g. § Appropriate business model § Efficient business processes o Managerial assets, e.g. § Incentives for management innovation § Teamwork and collaborative work environments o Social assets (not by company, society in gerneal) e.g. § The Internet and telecommunications infrastructure § Technology standards
Contemporary Approaches to IS • •
Multidisciplinary field IS = sociotechnical systems (machines, devices, physical tech, social, organizational, intellectual investments
Technical approach • Emphasizes mathematically based models • Computer science (computability, data storage + access), management science, operations research (transportation, inventory control, transaction costs) Behavioral approach (development, long-‐term maintenance) • Behavioral issues (strategic business integration, implementation, design..) • Psychology (human perceive and use), economics (production, dynamics market) , sociology (groups) o IST stimulus for behavioral problem/issue o Changes in attitudes, management, organizational policy, behavior Four main actors • Suppliers of hardware and software (technologists) • Business firms (investments, seeking value) • Managers and employees • Firm’s environment (legal, social, cultural context) • à Management Information Systems (MIS) o Combines computer science, management science, operations research and practical orientation with behavioral issues Sociotechnical view • Optimal organizational performance achieved by jointly optimizing both social and technical systems used in production (technic and behavior) • Helps avoid purely technological approach • Mutual adjustment of both technology and organization
Chapter 2 Global E-‐Business and Collaboration
Business Processes
= Unique manner in which work is organized, coordinated, focused to produce valuable products and services • Workflows of material, information, knowledge (coordinated by Management and Organization) • Performance depending on design and coordination of bp • Competitive strength, innovation (assets) or liabilities • Sets of activities, steps • May be tied to functional area or be cross-‐functional (e.g. fulfilling customer order) • Businesses: collection of bp à information must flow rapidly between departments, supplier, customer, business partners
•
Information technology enhances business processes in two main ways: o Increasing efficiency of existing processes § Automating steps that were manual o Enabling entirely new processes that are capable of transforming the businesses (new business models) § Change flow of information § Replace sequential steps with parallel steps § Eliminate delays in decision making
Types of IS • • •
Typical: different kinds of systems supporting processes for each major business function Large-‐scale cross-‐functional systems, integrate related activities Different systems supporting decision making needs management groups o Transaction processing system o Management information system o Decision-‐support system o System for business intelligence
Transaction processing systems / TPS • Perform and record daily routine transactions necessary to conduct business (Examples: sales order entry, payroll, shipping) • Answer routine questions, flow of transactions • Allow managers to monitor status of operations and relations with external environment • Serve operational levels (predefined tasks, resources, goals) • Serve predefined, structured goals and decision making • Producing information for other business functions
Management information systems / MIS • Specific category of IS to serve middle management, Are things working well? • Provide reports on firm’s current performance, based on data from TPS, monitor, control, predict future • Provide answers to routine questions, predefined procedure for answering • Typically have little analytic capability, low flexibility
Decision support systems / DSS • Serve middle management, support non-‐routine decision making • Example: What is impact on production schedule if December sales doubled? • Often use external information as well from TPS and MIS o Model driven DSS (Voyage-‐estimating systems) o Data driven DSS (Intrawest’s marketing analysis systems)
Business intelligence • Class of software applications (organizing, analyzing, providing access) • Analyze current and historical data to find patterns and trends and aid decision-‐ making (long-‐term) • Used in systems that support middle and senior management o Data-‐driven DSS o Executive support systems (ESS) Executive support systems • Support senior management in non-‐routine decisions (portal) • Requiring judgment, evaluation, and insight • Incorporate data about external events (e.g. new tax laws or competitors) as well as summarized information from internal MIS and DSS • Example: Digital dashboard with real-‐time view of firm’s financial performance: working capital, accounts receivable, accounts payable, cash flow, and inventory
Enterprise applications • • • •
Systems for linking the enterprise + span functional areas Execute business processes across firm (customer, supplier, business partner) Include all levels of management Four major applications: o Enterprise systems o Supply chain management systems o Customer relationship management systems o Knowledge management systems
Enterprise systems / ERP • Collects data from different firm functions and stores data in single central data repository (serves variety of groups) • Resolves problem of fragmented, redundant data sets and systems • Enable: coordination of daily activities, efficient response to customer orders (production, inventory), Provide valuable information for improving management decision making Supply chain management (SCM) systems • Manage firm’s relationships with suppliers, interorganizational system • Share information about orders, production, inventory levels, delivery of products and services • Goal: right amount of products to destination with least amount of time and lowest cost Customer relationship management systems / CRM • Provide information to coordinate all of the business processes that deal with customers in sales, marketing, and service to optimize revenue, customer satisfaction, and customer retention • Integrate firm’s customer-‐related processes and consolidate customer information from multiple communication channels Knowledge management systems (KMS) • Support processes for acquiring, creating, storing, distributing, applying, integrating knowledge • How to create, produce, distribute products and services • Collect internal knowledge and experience within firm • Link to external sources of knowledge Alternative tools that increase integration and expedite the flow of information • Intranets: Internal company Web sites accessible only by employees • Extranets: Company Web sites accessible externally only to vendors and suppliers E-‐business: Use of digital technology and Internet to drive major business processes E-‐commerce: Subset of e-‐business; Buying and selling goods and services through Internet E-‐government: Using Internet technology to deliver information and services to citizens, employees, and businesses
Systems for Collaboration and Teamwork •
•
Work with others to achieve goals o Short-‐lived or long-‐term o Informal or formal (teams) o Team: specific mission Growing importance of collaboration: o Changing nature of work (jobs with interaction) o Growth of professional work – “interaction jobs” (specialists) o Changing organization of the firm (hierarchy à teams/groups)
o Changing scope of the firm (multiple locations) o Emphasis on innovation (= group process) o Changing culture of work (diversity, crowdsourcing)
Business benefits of collaboration and teamwork • Investments in collaboration technology can produce organizational improvements returning high ROI • Productivity, Quality, Innovation, Customer service, Financial performance • Requirement:
Building a collaborative culture and business processes • “Command and control” organizations (no value placed on teamwork or lower-‐ level participation in decisions, vertical communication) • Collaborative business culture o Senior managers rely on teams of employees o Policies, products, designs, processes, systems rely on teams o Managers purpose is to build teams, giving reward to teams, and indiv. Tools + Technology for collaboration and teamwork
Social Networking Wikis
Virtual Worlds (SecondLife)
Internet-‐Based Collaboration Environments • Virtual meeting systems (telepresence) • Google Apps/Google sites • Microsoft SharePoint • Lotus Notes • Two dimensions of collaboration technologies o Space (or location) – remote or colocated o Time – synchronous or asynchronous
•
Six steps in evaluating software tools 1. What are your firm’s collaboration challenges? 2. What kinds of solutions are available? 3. Analyze available products’ cost and benefits (incl. training) 4. Evaluate security risks 5. Consult users for implementation and training issues 6. Evaluate product vendors
Information Systems Function • •
Responsibility for running described systems Managing technology
Information systems department • Formal organizational unit responsible for information technology services • Headed by chief information officer (CIO) àOther senior positions include chief security officer (CSO), chief knowledge officer (CKO), chief privacy officer (CPO) • Programmers (trained technical, specialists, software instructions) • Systems analysts (translate business problems into IS) • Information systems managers (leaders of teams, analysts, project managers, facility managers, , database specilists…)
End users • Representatives of other departments for whom applications are developed • Increasing role in system design, development IT Governance • Strategies and policies for using IT in the organization • Specifies decision rights and framework for accountability • Organization of information systems function (centralized, decentralized, ROI, monitoring etc.) • Being able to use IT efficiently and effectively has become more and more essential to a business’ success.
Chapter 3 Information Systems, Organizations, and Strategy
Organizations and Information Systems
• • • • • •
Information technology and organizations influence one another IS built by managers to serve interest of business firm Orga must be open to IS to benefit from technologies Complex interaction, influenced by mediating factors Manager: decide which systems to build, what they will do + how they will be implemented Not all changes can be foreseen, results may or not meet expectations
What is an Organization? • Technical definition: o Stable, formal social structure that takes resources from environment and processes them to produce outputs o 3 elements: Capital + labor production factors from environment; transformation from organization into products/services; outputs consumed by environment o Formal legal entity with internal rules and procedures, as well as a social structure • Behavioral definition: (more realistic) o Collection of rights, privileges, obligations, and responsibilities that is delicately balanced over a period of time through conflict and conflict resolution o Working people develop customary ways of working, attachments to existing relationships, arrangements with subordinates and superiors about how to work, amount, conditions (informal) • Relation to IS: technical view: easy to change arrangement of workers and machines, substitution capital and labor; but behavior: IS change balance of rights, privileges, obligations, responsibilities, feelings à time and resources technical
behavioral
Features of Organizations • Use of hierarchical structure (specialists) • Accountability, authority in system of impartial + universal decision making (abstract rules or procedures) • Promote employees on basis of technical qualification + professionalism • Adherence to principle of efficiency (may output, min input) • Routines and business processes • Organizational politics, culture, environments and structures • Routines and business processes o Routines (standard operating procedure – SOP): precise rules, procedures and practices developed tocope with all expected situations à productive/efficient o Business processes: Collections of routines o Business firm: Collection of business processes • Organizational politics o Divergent viewpoints lead to political struggle, competition, and conflict o Political resistance greatly hampers organizational change • Organizational culture o Taken for granted, Encompasses set of assumptions that define goal and product (What products the organization should produce, how and where, for whom) o May be powerful unifying force as well as restraint on change • Organizational Environments o Organizations and environments have a reciprocal relationship o Open to, and dependent on, the social and physical environment o Organizations can influence their environments o Environments generally change faster than organizations (new products, public tastes, values, political conflict, raised by changes, threat to closely held cultural values, inhibit to make significant changes) o Information systems can be an instrument of environmental scanning, act as a lens
Disruptive technologies • Technology/business innovation à radical change in business landscape + environment (industries + markets) • Substitute product, working much better than current product (e.g. iPods) • Industries put out of business, extended market , low-‐cost competitors • Riding with the wave (create technology), adapt business, others become obsolete, no firms benefit only customer • First movers, fast followers • Organizational Structure (5 basic kinds) o Entrepreneurial o Machine bureaucracy o Divisionalized bureaucracy o Adhocracy
•
Other organizational features o Goals (coercive, utilitarian, normative) o Constituencies (benefiting members, clients, stockholders, public) o Leadership styles (democratic, authoritarian) o Tasks (routine, nonroutine) o Surrounding environments
Economic impacts • • • •
•
IT changes relative costs of capital and the costs of information IS technology is a factor of production, like capital and labor (also a substitute for middle managers, buildings, machinery) IT affects the cost and quality of information and changes economics of information Firms contract/shrink in size because IT can reduce transaction costs (cost participating in markets, e.g. locating distant suppliers) à outsourcing (same ore more revenues with less employees) Firms experience agency costs (cost of managing + supervising self-‐interested parties = agents (employees)) (nexus of contracts) à IT analyzes info, easier for manager to oversee greater number of employees à reducing costs
X= cost Y=size
Organizational and behavioral impacts • IT flattens organizations o Decision making pushed to lower levels (empowering, higher educational level) o Fewer managers needed (IT enables faster decision making and increases span of control, eliminating middle managers) • Postindustrial organizations o Organizations flatten because in postindustrial societies, authority increasingly relies on knowledge and competence rather than formal positions =self management o Decentralization because knowledge also decentralized o IT –> task force networked organization, groups of professionals o New approaches for evaluating, organizing, informing workers required • Organizational resistance to change o IS bound up in organizational politics because influence access to a key resource – information o IS potentially change organization’s structure, culture, politics, and work à often considerable resistance o Most common reason for failure of large projects is due to organizational and political resistance to change
Internet and organizations • Internet increases accessibility, storage, distribution of information + knowledge for organizations • Internet can greatly lower transaction and agency costs (distribution manuals, instant price info, sales info + replenishment orders) • Simpler business processes, fewer employees, flatter organizations IS Design consider: • Environment • Structure (hierarchy, routines, business processes) • Culture and politics • Organization type, leadership style • Main interest groups affected by system, attitudes of end users • Tasks, decisions, business process the system will assist
Using IS for competitive advantage • •
Firms do better than others (revenue growth, profitability, productivity) à higher stock market valuations Access to special resources or use common resources more efficiently
Porter’s competitive forces model • Provides general view of firm, its competitors, and environment • Five competitive forces shape fate of firm 1. Traditional competitors (share market space with competitors with new products, services, efficiencies, switching costs) 2. New market entrants (high barriers to entry, new companies with new equipment, younger workers, innovation, little brand recognition) 3. Substitute products and services (when prices to high, lesser control about prices and lower profit margins) 4. Customers (ability to attract and retain customers, switch to competitors products?, price alone in transparent marketplace or product differentiation) 5. Suppliers (market power, when firm cannot raise prices as fast as suppliers) 4 strategies for dealing with competitive forces • Enabled by IT + IS • Low-‐cost leadership • Product differentiation • Focus on market niche • Strengthen customer and supplier intimacy • Low-‐cost leadership o Produce products and services at a lower price than competitors while enhancing quality and level of service o Examples: Walmart’s continuous replenishment system, high speed, no large inventory, adjust purchases depending on demands =efficient customer response system • Product differentiation o Enable new products or services, greatly change customer convenience and experience (IS to customize + personalize to fit precise specifications à mass customization o Examples: Google, Nike (NIKEiD), Apple (iPod + iTunes) • Focus on market niche o Use IS to enable a focused strategy on a single market niche; specialize, analyzing, buying patterns, tastes, preferences à marketing campaigns o Example: Hilton Hotels OnQ guest preferences profitable customers additional privileges , credit cards • Strengthen customer and supplier intimacy o Use IS to develop strong ties and loyalty with customers and suppliers; increase switching costs o Example: Netflix, Amazon (recommended books) Internet’s impact on competitive advantage • Transformation, destruction, threat to some industries, also opportunities • Competitive forces still at work, but rivalry more intense • Universal standards allow new rivals, entrants to market • New opportunities for building brands and loyal customer bases • Easier substitution, bargaining power, positioning
Business value chain model • Where to start to gain operational excellence • Views firm as series of activities that add value to products or services (primary vs. support activities) o Primary act.: Most directly related to production/distribution create value for customer (inbound logistics, operations, outbound logistics, sales, marketing, service) o Supportive act.: make delivery of p.a. possible, organization infrastructure, HR, technology, procurement) • Highlights activities where competitive strategies can best be applied (IS most strategic impact) • At each stage, determine how information systems can improve operational efficiency and improve customer and supplier intimacy • Utilize benchmarking (comparing efficiency, effectiveness), industry best practices (consulting companies, research), result: SCMS, CRMS
• •
Analyzing various stages à candidate applications of IS Decide which to develop first, making improvement in own value chain
Value Web (Extending Value Chain) • Collection of independent firms using highly synchronized IT to coordinate value chains to produce product or service collectively (industrial standards, higher entry costs, lesser substitution, increase efficiency, networks)) • Strategic advantage: link own value chain with vc of other partners (Amazon: Marketplace, quick paying, shipment system, tracking) • More customer driven, less linear operation than traditional value chain • Value web = highly synchronized industry value chains, flexible + adaptive to changes in supply/demand, accelerate time to market + customers
Synergies • Output of some units used as inputs to others, organizations pool markets and expertise • Lower costs, generate profits (e.g. merging banks) • IT: tie together operations of disparate business units (act as whole) Enhancing core competencies • Activity for which firm is world-‐class leader • Relies on knowledge, experience, and sharing this across business units • Enhance existence, help employees become aware of external knowledge, leverage to related markets • Example: Procter & Gamble’s InnovationNet and directory of subject matter experts Network-‐based strategies • Take advantage of firm’s abilities to network with each other • Include use of: network economics, virtual company model, business ecosystems • Traditional economics: Law of diminishing returns o The more any given resource is applied to production, the lower the marginal gain in output, until a point is reached where the additional inputs produce no additional outputs • Network economics: o Marginal cost of adding new participant almost zero, with much greater marginal gain o Value of community grows with size (e.g. communities à customer loyalty, enjoyment)
•
•
o Value of software grows as installed customer base grows Virtual company strategy o uses networks to ally with other companies to create and distribute products without being limited by traditional organizational boundaries or physical locations (link people, assets, ideas) o when cheaper to acquire products, services…, or when to move quickly o E.g. Li & Fung manages production, shipment of garments for major fashion companies, outsourcing all work to over 7,500 suppliers Business ecosystems (modification Porter) o Industry sets of firms (instead of only one industry) providing related services and products, loosely coupled, but interdependent networks o Theory: Value web but with many industries (not only firms) – e.g Walmart, Microsoft o Keystone firms: Dominate ecosystem and create platform used by other firms o Niche firms: Rely on platform developed by keystone firm o Individual firms can consider how IT will help them become profitable niche players in larger ecosystems o Use IS to develop into keystone firm o E.g.: ecosystem mobile digital platform (device makers, wireless telefirms, application providers, internet service providers
Management Issues •
Strategic IS change organizationa, product, services, procedures, new behavioral patterns Success is a challenge, requiring precise coordination of techolgy, orga and mgt.
• Sustaining competitive advantage • Because competitors can retaliate and copy strategic systems, competitive advantage is not always sustainable; • Systems may become tools for survival, required to stay in business • Globalization: even more rapid changes, unpredictable
Aligning IT with business objectives a. The more successfully a firm can align IT with business goals, the more profitable it will be b. Only one quarter of firms achieve this alignment because IT takes life of its own, doesn’t serve management interest, instead of shaping IZ to enterprise, often ignored and worked around Performing strategic systems analysis • What is structure of industry? à competitive forces, new entrants, relative power of suppliers, customers, substitute products, services, prices • What are value chains for this firm, businesses, industry? à value for customer, lower prices, better quality, using best practices, maximum advantage of SCM + CRM, ERP, leverage core competencies, changes beefit or harming, strategic partnerships, value webs, where greatest value of IS • IT aligned with business strategy and goals? à correctly articulated, IT improving right bp, right metrics to measure
Managing strategic transitions •
• •
Adopting strategic systems requires changes in business goals, relationships with customers and suppliers, and business processes (= sociotechnical changes = strategic transisions = movement between levels of sociotechnical systems Blurring orga boundaries (external + internal) Linked customers and suppliers, sharing responsibilities
Chapter 4 Ethical and Social Issues in Information Systems
Understanding Ethical and Social Issues • Lapses in management ethical and business judgment • Judges sentence executives based on the monetary vale, prevention, hide the crime, failure to corporate • Past companies often paid for employees in civil charges, now firms cooperate with prosecutors to reduce charges against entire firm • Decide as a manager and employee about ethical and legal conduct • Ethics = principles of right and wrong to guide behaviors (free moral agents) • IS opportunity for intense social change, threatening existing distributions of power, money, right, obligations, new kinds of crime • Used to achieve social progress, commit crimes, threaten social values (benefits + costs) • Concerns about appropriate use of customer information, protection privacy, intellectual property • Accountability for consequences of IS?, standards? Model for thinking about ethical, social, political issues • Society = calm pond with individuals, institutions, rules, laws • New IT: rock à ripple effect à raising issues • 5 moral dimensions of the information age: o Information rights and obligations (possessing, protecting) o Property rights and obligations (easy ignoring, protecting) o System quality (standards of data) o Quality of life (values reserved, protect institutions from violation, cultural values and practices) o Accountability and control (when harm done to so.) • time to respond with etiquette and laws (legal gray area)
• • • • • •
Is for core production process à dependence on system + vulnerability Data storage_ cheap and effective, combine detailed info from different sources. Electronic dossiers à profiling (e.g. credit cards) e.g DoubleClick (info about online visitors. Habits spending, computing e.g. ChoicePoint (info police, criminal, motor vehicle records) = data broker business New technology: nonobvious relationship awareness (NORA) à find hidden connections Data from Watch Lists, Incident and Arrest Systems, Customer Transactions Systems, Telephone records, Human Resources Systems
Ethics in Information Society • Ethics = concern of humans who have a freedom of choice • Choosing the correct moral choice à responsibility (key element) • Responsibility: accept potential costs, duties, obligations • Accountability: feature of systems/social institutions, determine who is responsible • Liability: feature of political systems, body of laws, permits indiv. recover from damages • Due process: Laws are well known and understood, with an ability to appeal to higher authorities • You can/will be held accountable, recover through set of laws by due process Ethical Analysis 1. Identify and describe clearly the facts 2. Describe conflict and dilemma and identify the higher-‐order values involved 3. Identify the stakeholders 4. Identify the options that you can reasonably take 5. Identify the potential consequences of your options Ethical Principles (after analysis) • Golden Rule: Do unto others as you would have them do unto you (putting yourself in the place of others) • Categorical Imperative (Immanuel Kant): If an action is not right for everyone to take, it is not right for anyone • Rule of Change (Descartes): If an action cannot be taken repeatedly it is not right to take at all. • Utilitarian Principle: Take the action that achieves the higher or greater value • Risk Aversion Principle: Take the action that produces the least harm or the least potential cost
•
Ethical “no free lunch” rule: Assume that virtually all tangible and intangible objects are owned by someone else, unless there is a specific declaration otherwise
Processional Codes of Conduct • Professionals: special rights/obligations, because of special claims knowledge, wisdom, respect • Codes of conduct promulgated (verkünden) by associations of professionals • Codes of ethics = promises to regulate themselves in interest of society • Real world ethical dilemmas: set of interests pitted against another
Information Rights: privacy and freedom •
• • •
•
• •
Privacy: claim of individuals to be left alone/ free from surveillance/interference from other individuals, organizations, state. Claim to be able to control information about yourself IT: threaten claims by making invasion cheap, profitable, effective US privacy: First Amendment (freedom of speech), Fourth Amendment (unreasonable search and seizure), Add. Federal statues (Privacy Act) Most laws based on regime Fair Information Practices (FIP) = set of principles governing the collection and use of information about individuals, guidelines to drive changes in privacy legislation (advertising, personal identification numbers)
EU: 1998 Commissions Data Protection Directive, costumer must consent before companies legally can use data, disclosure how stored and used, no transfer to countries without similar protection Informed consent = consent given with knowledge of all the facts needed to make a rational decision Safe harbor framework = private self-‐regulating policy and enforcement mechanism, meets objectives of government regulators
Internet Challenges to Privacy • Cookies =small text files, identify web browser, track visits, updated, customize • Combining data from different sources à detailed profile • Web beacons (Web bugs) = tiny object invisibly embedded in e-‐mail messages, to monitor behavior (IP address, time, how long, type of browser, cookie values • Spyware secretly install itself , send banner ads, report activity on the computer • GOOGLE: used by 75% of internet users à largest collection of personal info • Behavioral targeting: target ads google search, gmail, blogginh, youtube etc. • US businesses allowed to gather and use info without informed consenst
• • • • •
Opt-‐out models permits use until request to stop Preferred by advocates: opt-‐in models Online industry preffering self-‐regulation to privacy legislation, Alliances à online seals (TRUSTe, Network Advertising Initiative) Ebusiness do little to protect privacy, customers do not enough Consumers want more access and control
Technical Solutions • Technologies to protect privcy (e.g encryption, anonymous, prevent cookies, detect and eliminate spyware) • Tools to determine kind od extracted date • P3P (Platform for Privacy Preferences): o Allows Web sites to communicate privacy policies to visitor’s Web browser – user o User specifies privacy levels desired in browser settings o E.g. “medium” level accepts cookies from first-‐party host sites that have opt-‐in or opt-‐out policies but rejects third-‐party cookies that use personally identifiable information without an opt-‐in policy • Policies need to be codified according to P3P rules, only works with this web sites
Property Rights: Intellectual Property • • • •
•
Intangible property created by individuals or corporations IT difficult to protect, easy copied and distributed Trade Secrets = any intellectual work product (formula, device, pattern, compilation) used for business purpose, not in the public domain Copyright: Statutory grant protecting intellectual property from being copied for the life of the author, plus 70 years, corporate owned 95 years, not protecting the idea, only the manifestation in a creative work, ideas and expression merge = expression can not be copyrighted Patents: Grants creator of invention an exclusive monopoly on ideas behind invention for 20 years, machine, devices, methods à full rewets, licensing; criteria: nonobviousness, originality, novelty, years of waiting
Challenges to intellectual property rights • Digital media different from physical media (e.g. books): Ease of replication, ease of transmission (networks, Internet). Difficulty in classifying software, Compactness, Difficulties in establishing uniqueness • Easiy to share files online, illegal, piracy, normal for songs and movies à developing mechanism to sell intellectual property legally • Digital Millennium Copyright Act (DMCA) makes it illegal to circumvent technology-‐based protections of copyrighted materials Accountability, Liability, and Control • Computer-‐related liability problems: If software fails, who is responsible? • If seen as part of machine that injures or harms, software producer and operator may be liable • If seen as similar to book, difficult to hold author/publisher responsible (exception: fraud, defamation) • Software different from book: expectations of infallibility, inspected, perform a task, people depend on services, liability law extending to include software
System Quality: Data Quality and System Errors • What is an acceptable, technologically feasible level of system quality? Flawless software is economically unfeasible • Three principal sources of poor system performance: o Software bugs, errors o Hardware or facility failures o Poor input data quality (most common source of business system failure) Quality of life: Equity, access, and boundaries (Negative social consequences of systems) • Many not violations of property crimes, but can be very harmful, potentially can destroy valuable elements of our culture and society, even when the bring benefits • Balancing power: Although computing power decentralizing, key decision-‐ making remains centralized • Rapidity of change: Businesses may not have enough time to respond to global competition à just in time society, jobs, families, vacations • Maintaining boundaries: Computing, Internet use lengthens work-‐day, infringes on family, personal time • Dependence and vulnerability: Public and private organizations ever more dependent on computer systems • Computer crime and abuse o Computer crime: Commission of illegal acts through use of compute or against a computer system – computer may be object or instrument of crime o Computer abuse: Unethical acts, not illegal (e.g. Spam: High costs for businesses in dealing with spam o Conduct surveillance of employees and ordinary citizens • Employment: Reengineering work/redesign business processes) resulting in lost jobs • Equity and access – the digital divide: Certain ethnic and income groups in the United States less likely to have computers or Internet access • Health risks: o Repetitive stress injury (RSI): most common, largest source is computer keyboards, Carpal Tunnel Syndrome (CTS) o Back, neck pain, leg stress, foot pain o Computer vision syndrome (CVS) – eyestrain condition o Technostress: aggravations, hostility towards humans, impatience, fatigue o Role of radiation, screen emissions, low-‐level electromagnetic fields not been proved, unknown effects o Digital technologies are damaging ability to think clearly and focus, try to multitask, concentration, interruptions
Chapter 5 IT Infrastructure and Emerging Technologies
IT Infrastructure • Shared technology resources providing platform for specific IS applications • Investment in hardware, software, services (consulting, education, training) • Foundation for serving customers, working with vendors, managing business process • Set of physical devices and software required to operate enterprise • Set of firmwide services o Computing platforms providing computing services (e.g desktop computer, laptop) o Telecommunications services o Data management services (+analyzing) o Application software services (ERP, CRM, SCM, KMS) o Physical facilities management services o IT management (plan infrastr. Coordinate with BU), standards (policies), education (training) , research and development services (future investments) • “Service platform” perspective more accurate view of value of investments Evolution of IT Infrastructure • General-‐purpose mainframe & minicomputer era: 1959 to present o 1958 IBM first mainframes introduced (centralized) – support thousands online remote terminals connected o 1965 Less expensive DEC minicomputers (more decentralized) • Personal computer era: 1981 to present o 1981 Introduction of IBM PC o Proliferation in 80s, 90s resulted in growth of personal software o Wintel PC (95%) • Client/server era: 1983 to present o Desktop clients networked to servers, with processing work split between clients and servers o Network may be two-‐tiered or multitiered (N-‐tiered) o Various types of servers (network, application, Web) o Smaller, inexpensive machines, costs less, computing power explosion
•
•
Enterprise computing era: 1992 to present o Move toward integrating disparate networks, applications using Internet standards and enterprise applications o Free information flow, link different types of hardware, includes public infrastructures, link applications, web services Cloud and Mobile Computing: 2000 to present o Refers to a model of computing where firms and individuals obtain computing power and software applications over the Internet or other network (shared pool of computing resources) o Fastest growing form of computing
Technology drivers of infrastructure evolution • Moore’s law and microprocessing power o Computing power(2)/microprocessing power (1) doubles every 18 months; the price for computing falls by half every 18 months (3) o Nanotechnology: Shrinks size of transistors to size comparable to size of a virus, width of several atoms • Law of Mass Digital Storage o The amount of data being stored each year doubles o Cost is falling at an exponential rate of 100%/year • Metcalfe’s Law and network economics o Value or power of a network grows exponentially as a function of the number of network members o As network members increase, more people want to use it (demand for network access increases) • Declining communication costs and the Internet o An estimated 1.8 billion people worldwide have Internet access o As communication costs fall toward a very small number and approach 0, utilization of communication and computing facilities explodes à fimrs greatly expand Internet connections, power of their networks… • Technology standards and network effects o Specifications that establish the compatibility of products and the ability to communicate in a network o Unleash powerful economies of scale and result in price declines as manufacturers focus on the products built to a single standard o E.g. Win OS, Microsoft office, Unix (enterprise server), Ethernet, TCP/IP 7 main IT Infrastructure components 1. Computer hardware platforms (Dell, IBM, Sun, HP; Apple, Linux) o Client machines and servers (blade servers: ultrathin computers stored in racks) o Mainframes: IBM mainframe equivalent to thousands of blade servers o Top chip producers: AMD, Intel, IBM o Top firms: IBM, HP, Dell, Sun Microsystems 2. Operating system platforms (Windows – 75% server – 90% clients, Unix + Linux -‐ 25% server, Mac OS X, Google Chrome – cloud computing, iOs, Android for handheld devices) 3. Enterprise software applications (SAP, Oracle, middleware provider: BEA, Microsoft)
4. Data management and storage (IBM DB2, Oracle, Microsoft SQL Server, Sybase, MySQL) o Data management software: responsible for organizing/managing data, efficiently accessed and used o Physical Data Storage: EMC Corp. (large scale), Seagate, Maxtor, WD) o Storage area networks (SANs): Connect multiple storage devices on dedicated network 5. Networking/telecommunications platforms (Linux, Novell, Cisco, Alcatel-‐Lucent) o Telecommunication services (cable, telephones, voice lines, Internet) o Network Operating Systems (Windows Server, Unix …) o Network hardware providers (Cisco, Alcatel…) 6. Internet platforms (Apache, Unix, Cisco, Java) o Hardware, software, management services to support company Web sites, (including Web hosting services) intranets, extranets o Trend to server consolidation, reducing number by increasing power o Internet hardware server market: Dell, HP/Compaq, IBM o Web development tools/suites: Microsoft (FrontPage, .NET) IBM (WebSphere) Sun (Java), independent software developers: Adobe, RealMedia 7. Consulting system integration services (IBM, EDS, Accenture) o Consulting and system integration services o Even large firms do not have resources for a full range of support for new, complex infrastructure o Software integration: ensuring new infrastructure works with legacy systems o Legacy systems: older Transaction Processing Systems created for mainframes that would be too costly to replace or redesign 7 Contemporary Hardware Platform Trends The emerging mobile digital platform • Cell phones, smartphones with data transmission, web surfing, e-‐mail, and IM • Netbooks, low-‐cost lightweight notebooks optimized for wireless communication and core computing tasks • Tablets and networked e-‐readers Grid computing • Connects geographically remote computers into a single network to combine processing power and create virtual supercomputer • Provides cost savings, speed, agility Virtualization • Allows single physical resource to act as multiple resources (i.e., run multiple instances of OS) • Allows multiple physical resources to appear as a single logical resource • Reduces hardware and power expenditures, facilitates hardware centralization, higher utilization rates Cloud computing • On demand self service obtained over network • Ubiquitous network access using standard network and internet devices • Location independent resource pooling • Rapid elasticity to meet changing user demand
Measured service, charged for amount of resources used • Infrastructure as a service à use spare capacity e.g. Amazon S3 • Platform as a service à use to develop own applications e.g. IBM, Salesforce.com • Software as a service à use software over network e.g Google Apps • Cloud can be public or private • Allows companies to minimize IT investments (pay what you use = utility computing, on demand computing), more flexibility • Drawbacks: Concerns of security, reliability, dependence Green computing • Practices and technologies for manufacturing, using, disposing of computing and networking hardware to minimize impact on environment • Reducing computer power consumption = high priority (power and cooling) à energy and greenhouse gases Autonomic computing • Industry-‐wide effort to develop systems that can configure, heal themselves when broken, and protect themselves from outside intruders • Similar to self-‐updating antivirus software; Apple and Microsoft both use automatic updates High performance, power-‐saving processors • Multicore processors (chip more processor cores enhancing performance, reduced power consumption, efficient simultaneous processing of multiple tasks) 4 Contemporary Software Platform Trends Linux and open-‐source software • Open-‐source software: Produced by community of programmers, free and modifiable by user • Linux: Open-‐source software OS, integration, works on all major hardware Software for the Web • Java: Object-‐oriented programming language, OS and processor-‐independent, works on all devices,: Java Virtual machine, applets run on a web browser • Ajax: Asynchronous JavaScript and XML, Allows client and server to exchange small pieces of data without requiring the page to be reloaded Web Services • Software components that exchange information using Web standards and languages, regardless of OS or code • XML: Extensible Markup Language, More powerful and flexible than HTML, Tagging allows computers to process data automatically, classifying presentation communication and storage of data • SOAP: Simple Object Access Protocol, Rules for structuring messages enabling applications to pass data and instructions Dollar Rent A Car Webb • WSDL: Web Services Description Language, Framework for describing task Services link performed by Web service and capabilities to other web • UDDI: Universal Description, Discovery, and Integration, Directory for locating sites booking system, no Web services new code • SOA: Service-‐oriented architecture: set of self-‐contained services that required communicate with each other to create a working software application, Software developers reuse these services in other combinations to assemble other applications as needed •
Software outsourcing and cloud services Three external sources for software: • Software packages (pre-‐written, commercially available) and enterprise software (large scale, single integrated worldwide software system) • Software outsourcing (development, maintenance) o Domestic: Primarily for middleware, integration services, software support o Offshore: Primarily for lower level maintenance, data entry, call centers, although outsourcing for new-‐program development is increasing • Cloud-‐based software services o Software as a service (SaaS) accessed with Web browser over Internet o Ranges from free or low-‐cost services for individuals to business and enterprise software o Users pay on subscription or per-‐transaction e.g. Salesforce.com o Service Level Agreements (SLAs): formal agreement with service providers, performance measurement, support options • (Web) Mashups: Combinations of two or more online applications, such as combining mapping software (Google Maps) with local content • Apps: Small pieces of software that run on the Internet, on computer, or cell phone, Generally delivered over the Internet o Success of mobile platform depends in lage part on quantity and quality of apps, high switching costs 4 Management Issues Dealing with platform and infrastructure change • As firms shrink or grow, IT needs to be flexible and scalable • Scalability: Ability to expand to serve larger numbers of users w/o break down • For mobile computing and cloud computing: new policies and procedures for managing, Contractual agreements with firms running clouds and distributing software required (SLA) Management and governance • Who controls IT infrastructure? • How should IT department be organized? o Centralized: Central IT department makes decisions o Decentralized: Business unit IT departments make own decisions • How are costs allocated between divisions, departments? Making wise infrastructure investments • Amount to spend on IT is complex question (too much = idle times, too less = no delivering, outperforming competitors à rent vs. buy, security • Total cost of ownership (TCO) model o Analyzes direct and indirect costs o Hardware, software account for only about 20% of TCO o Other administration costs: Installation, training, support, maintenance, infrastructure, downtime, space and energy o TCO can be reduced through better management, use of cloud services, greater centralization and standardization of hardware and software resources
Competitive forces model for IT infrastructure investment 1. Market demand for firm’s services (inventory of current services meet needs of groups of customers, suppliers, employees, complaining?) 2. Firm’s business strategy (analyze 5 year business strategy, requirement to achieve strategic goals?) 3. Firm’s IT strategy, infrastructure, and cost (TCO analysis, 5 years IT strategy) 4. Information technology assessment (behind or on the bleeding edge to be avoided, standards should be established, multiple cost competing vendors) 5. Competitor firm services (quantitative and qualitative measures to compare) 6. Competitor firm IT infrastructure investments (benchmark expenditures for IT infrastructure)
Chapter 6 Foundations of Business Intelligence: Database and Information Management
• •
Effective IS provides accurate, timely and relevant information Often: poorly organized and maintained data
File organization concepts • Field: Group of characters as word(s) or number o Describes an entity (person, place, thing on which we store information) o Attribute: Each characteristic, or quality, describing entity • Record: Group of related fields, describing entitiy • File: Group of records of same type • Database: Group of related files
Problems with traditional file environment • Traditional approach: files maintained separately by different departments with unique data files and own applications • Data redundancy: Presence of duplicate data in multiple files, waste storage res. • Data inconsistency: Same attribute has different values, or names, coding systems • Program-‐data dependence: When changes in program requires changes to data accessed by program, other programs don’t work anymore • Lack of flexibility, only routine scheduled reports, no ad hoc requests • Poor security, not knowing who has access and changes the data • Lack of data sharing and availability (no trust in accuracy)
Database Approach to Data Management Database • Serves many applications by centralizing data and controlling redundant data using a DBMS Database management system (DBMS) • Software to organize, centralize, manage data efficiently, provide access • Interfaces between applications and physical data files • Separates logical and physical views of data (user don’t need to know where the data actually is stored and organized (physical view), only see the data as they would be perceived (logical view) à available for different logical views • Solves problems of traditional file environment o Controls redundancy by minimizing isolated files o Eliminates inconsistency o Uncouples programs and data o Enables organization to centrally manage data and data security, reducing costs, ad hoc queries Relational DBMS • Keep track of entities, attributes, relationships • Represent data as two-‐dimensional tables called relations or files • Each table contains data on entity and its attributes • E.g. Microsoft Access = relational DBMS for desktop systems, MySQL Table: grid of columns and rows • Rows (tuples): Records for different entities • Fields (columns): Represents attribute for entity • Key field: Field used to uniquely identify each record, • Primary key: Field in table used for key fields, cannot be duplicated • Foreign key: Primary key used in second table as look-‐up field to identify records from original table
Operations of a Relational DBMS (Three basic operations to develop useful sets of data) • SELECT: Creates subset of data of all records that meet stated criteria • JOIN: Combines relational tables to provide user with more information than available in individual tables • PROJECT: Creates subset of columns in table, creating tables with only the information specified
Object-‐Oriented DBMS (OODBMS) • Stores data and procedures as objects, can be automatically retrieved and shared • Objects can be graphics, multimedia, Java applets, not only structured numbers and characters, integrate from various sources • Relatively slow compared with relational DBMS for processing large numbers of transactions • Hybrid object-‐relational DBMS: Provide capabilities of both OODBMS and relational DBMS Databases in the cloud • Typically less functionality than on-‐premises DBs • Now: used by web-‐focused start-‐ups, lower prices • Amazon Web Services (MySQL, license Oracle), Microsoft SQL Azure (integrating with existing software) • Charged based on usage time, volume data stored, input requests, amount read or written • Able to scale computing resources in response to real-‐time demand, costs low Capabilities of Database Management Systems • Organize, Manage, Access data in the database • Data definition capability: Specifies structure of database content, used to create tables and define characteristics of fields • Data dictionary: Automated or manual file storing definitions of data elements and their characteristics (name, description, size, type, format, usage, ownership, authorization, security, individuals, business functions, programs, reports) • Data manipulation language: Used to add, change, delete, retrieve data o Structured Query Language (SQL) o Large/midrange computers: DB2, Oracle, SQL Server employ SQL o Microsoft Access use user-‐friendly tools of SQL for querying databases • Many DBMS have report generation capabilities for creating polished reports (Crystal Reports = very popular report generator), developing system applications for data entry screens, reports, logic for processing transactions Designing Databases • Conceptual (logical) design: Abstract model from business perspective • Physical design: How database is arranged on direct-‐access storage devices • Understand relationship among data, type of data, grouping, usage, changes • Relationships among data elements, redundant database elements • Most efficient way to group data elements to meet business requirements, needs of application programs • Normalization: Streamlining complex groupings of data to minimize redundant data elements and awkward many-‐to-‐many relationships (small, stable, flexible data structures) • Enforce referential integrity rules, ensure relationships remain consistent (e.g. no parts from nonexistent suppliers) • Entity-‐relationship diagram: Used by database designers to document the data model, Illustrates relationships between entities • Distributing databases: Storing database in more than one place • Partitioned: Separate locations store different parts of database • Replicated: Central database duplicated in entirety at different locations
Understand organizations data and how it should be represented in a database to serve business well with your data model, or the data will be inaccurate, incomplete, and difficult to retrieve! Using Databases to improve business performance and decision-‐making • Keep track of basic transactions • Provide information to run business more efficiently, make better decisions • Very large databases and systems require special capabilities, tools to analyze large quantities of data, to access data from multiple systems • Data warehousing, data mining, tools for accessing internal databases through web Data warehousing • Stores current + historical data from many core operational transaction systems • Consolidates and standardizes information for use across enterprise, but data cannot be altered • Data warehouse system will provide query, analysis, and reporting tools • E.g. Catalina Marketing largest loyalty database in the world, US Internal Revenue Service (IRS) with Compliance Data Warehouse consolidating taxpayer data from different resources into relational structure (find out who cheats) Data marts • Subset of data warehouse, smaller, decentralized • Summarized or highly focused portion of firm’s data for use by specific population of users • Typically focuses on single subject or line of business, constructed more rapidly, lower costs • E.g. Barnes and Noble point-‐of-‐sale, college bookstore, online sales Business Intelligence • Tools for consolidating, analyzing, and providing access to vast amounts of data to help users make better business decisions (patterns, relationships, insights) • Principle tools include: Software for database query and reporting, multidimensional online analytical processing (OLAP), data mining Online analytical processing (OLAP) • Supports multidimensional data analysis: Viewing data using multiple dimensions, each aspect of information (product, pricing, cost, region, time period) is different dimension • OLAP enables rapid, online answers to ad hoc queries
• •
Building 3d cubes of data, can be nested within cubes à complex views Either multidimensional database or tool creating multidimensional views in relational databases
Data mining • More discovery driven than OLAP: finds hidden patterns, relationships in large databases and infers rules to predict future behavior • Applications for all functional areas of business, government, scientific work • E.g., Finding patterns in customer data for one-‐to-‐one marketing campaigns or to identify profitable customers. • Types of information obtainable from data mining o Associations, occurrences linked to a single event (coke, chips, promotion) o Sequences, events linked over time (house à fridge, oven) o Classification, inferring set of rules, patterns that describe group item belongs (discover characteristics of customers who are likely to leave) o Clustering, similar to classification where no groups defined (partitioning database into groups of customers based on demographics) o Forecasting, use series of existing values to forecast what other values will be (finding patterns to estimate future value of continuous variables) • High level analyses of patterns or trends, can also drill down and provide more detail when needed • Predictive analysis: Uses data mining techniques, historical data, and assumptions about future conditions to predict outcomes of events (e.g. probability a customer will respond to an offer) Text mining • Extracts key elements from large unstructured data sets (e.g., stored e-‐mails) • 80% of organizations useful information • Discover patterns, relationships, summarize • New myriad ways unstructured data is generated by consumers and the business uses for this data Web mining • Discovery and analysis of useful patterns and information from WWW (E.g., to understand customer behavior, evaluate effectiveness of Web site) • Web content mining (Knowledge extracted from content of Web pages) • Web structure mining (E.g., links to and from Web page) • Web usage mining (User interaction data recorded by Web server) Databases and the Web • Companies use Web to make some internal databases available to customers • Typical configuration includes: o Web server (accessed via web browser, client computer), o Application server/middleware/CGI scripts (compact program using Common Gateway Interface specification for processing data on a web server), translation HTML to SQL, transfer information, handling all application operations incl. transaction processing, data access btw. Browser and database, takes requests, runs logic process transactions, provides connectivity o Database server (hosting DBM)
•
Advantages of using Web for database access: o Ease of use of browser software o Web interface requires few or no changes to database o Inexpensive to add Web interface to system Creating new efficiencies, opportunities, business models
• Managing Data Resources Establishing an information policy • Firm’s rules, procedures, roles for sharing, managing (disseminating, acquiring, classifying, inventorying), standardizing data/information • Specific procedures and accountabilities • Data administration: Firm function responsible for specific policies and procedures to manage data as a corporate organizational resource (develop info policy, planning for data, overseeing logical database design, data dictionary development, monitoring usage) • Data governance: Policies and processes for managing availability, usability, integrity, and security of enterprise data, especially as it relates to government regulations, promoting privacy, security, quality, compliance • Database administration: Defining, organizing, implementing, maintaining database; access rules, security procedures, performed by database design and management group Ensuring data quality • More than 25% of critical data in Fortune 1000 company databases are inaccurate or incomplete leading to incorrect decisions, product recalls, financial losses • Most data quality problems stem from faulty input, esp. now when companies move business to web and customers/suppliers enter data directly • Before new database in place, need to: o Identify and correct faulty data o Establish better routines for editing data once database in operation • Data quality audit: Structured survey of the accuracy and level of completeness of the data in an IS (Survey samples/entire from data files, or Survey end users for perceptions of quality) • Data cleansing (scrubbing): Software to detect and correct data that are incorrect, incomplete, improperly formatted, or redundant o Enforces consistency among different sets of data from separate IS
Chapter 7 Telecommunications, the Internet and Wireless Technology
Networking and communication trends • Convergence: Past: telephone networks (voice communication, voice transmission tech) and computer networks (data traffic) à now converging into single digital network using Internet standards • Broadband access: more powerful (faster) and more portable (smaller), less expensive • Broadband wireless: voice and data communication, cell phones.. What is a computer network? • Two or more connected computers • Major components in simple network: • Client computer and Server computer (perform important network functions, serving web pages, storing data and NOS), • Network interfaces (cards: NICs) – build in motherboard, • Connection medium (telephone wire, coaxial cable, radio signal), • Network operating system (NOS, routes and manages communication, coordinates network resources), Windows Server, Linux, Novell • Hub (simple device, send data to all connected devices) or switch (more intelligence, filter and forward data to specific destination) acting as a connection point • Routers: Device used to route packets of data through different networks, ensuring that data sent gets to the correct address Networks in large companies (problem: coherent system, integrations) • Hundreds of local area networks (LANs) linked to firmwide corporate network • Various powerful servers (Website, Corporate intranet, extranet, Backend) • Mobile wireless LANs (Wi-‐Fi networks) • Videoconferencing system • Separate Telephone network + Wireless cell phones Key networking technologies (3) Client/Server computing • Distributed computing model • Powerful Clients linked through network controlled by server computer • Server sets rules of communication, provides client with an address • Has largely replaced centralized mainframe computing • The Internet: Largest implementation of client/server computing Packet Switching • Slicing digital messages into parcels (packets), sending packets along different communication paths as they become available, reassembling packets at destination • Previous circuit-‐switched networks required assembly of complete point-‐to-‐ point circuit (expensive, wasting capacity) • More efficient use of network’s communications capacity
Data
TCP/IP and connectivity • Connectivity between computers (different hardware and software) enabled by protocols (Rules that govern transmission of information between two points) • Transmission Control Protocol/Internet Protocol (TCP/IP): Common worldwide standard that is basis for Internet • TCP: handles movement of data, establishes connection, sequences transfer of packets • IP: responsible for delivery of packets, dissembling and reassembling of packets during transmissions • Four layers (department of defense reference model) o Application layer (enables apps access to other layers, exchange data protocol like HTTP (hyper Text Transfer Protocol) o Transport layer (provide app layer with communication and packet services, TCP and other protocols) o Internet layer (addressing, routing, IP datagrams (packaging data packets) o Network interface layer (bottom, placing packets, receiving them from network medium) Signals: digital vs. analog • Analog: continuous waveform, used for voice communications • Digital: discrete, binary waveform, strings of two discrete states (1 + 0), on and off electrical pulses • Modem: translates digital signals into analog forms (computing to telephone lines and cables) – modulator-‐demodulator Types of networks Local-‐area networks (LANs) • Connect personal and other digital devices within 500m radius • 1 dedicated network file server, providing access to shared resources, determine who gets access, in which sequence, large: various dedicated servers • Router connects LAN to other networks (external information exchange) • Ethernet = dominant LAN Standard, physical • Peer-‐to-‐peer = treat all processors equally, exchange data by direct access, charge peripheral devices without server (Windows: workgroup, not domain network) • Topologies (way components are connected): star (single hub), bus (single transmission segment, both directions, most common, same signals), ring (closed loop, ones station transmits at a time) • Campus-‐area networks (CANs), 1000m radius • Wide-‐area networks (WANs) à e.g. Internet • Metropolitan-‐area networks (MANs) Physical transmission media • Twisted wire (modems), telephone analog communication, but also usable for digital (copper) – 100m, up to 1 Gbps • Coaxial cable, larger volume, 1 Gbps, longer distances (insulated copper) • Fiber optics and optical networks (bound strands glass fiber, pulses of light) o Faster, lighter, more durable for large volumes, expensive o Dense wavelength division multiplexing (DWDM) • Wireless transmission media and devices (radio signals)
•
o Microwave: high frequencx, high vlume, long distance, point to point, fllow straight line (station every 37 miles) o Satellites for TV and Internet o Cellular telephones: radio waves + protocols, radio antennas (towers) in cells, information passing from cell to cell Transmission speed (hertz = number of cycles per second, bandwidth = range of frequencies = difference between highest and lowest frequency on a single channel): bits per second, function of frequency
The Global Internet • Connection by subscribing to Internet service provider (ISP) with permanent connection selling temporary access • Traditional telephone line and modem (56.6 kbps), Digital subscriber line (DSL, 9 Mbps), cable (15 mbps), satellite, T lines (t1 = 1.54 mbps, t3 = 45 mbps) international telephone standards, guaranteed service levels) Internet addressing and architecture • Internet Protocol (OP) address unique per computer (4 stings of number, 32 bit) • Decomposed message into packets with destination address using TCP protocol • The Domain Name System (DNS) converts domain names to IP addresses o Hierarchical structure (top: root domains) o Top-‐level domains (child of root), .com, .gov, .edu, .de o Second level domain: two part, addition to top level • Internet Architecture and Governance o Transcontinental high speed backbone networks owned by telephone companies (network service providers) and national governments o Local connections owned by regional telephone/cable comp., leasing o Organization pays for own networks, local connections services, part to long distance trunk line owners, individuals subscription fee (flat) o Payments not based on heaviness, volume à network neutrality debate o Network access pints (NAP), metropolitan are exchanges (MAEs) = hubs ton intersection backbone and regional/local networks o No formal management but policies and influences by IAB (internet architecture board), ICANN (internet corporation for assigned names and numbers, assigning IP addresses), W3C (world wide web consortium, HTML standards) o Goal keeping internet operating efficiently, conform to laws of the sovereign nation-‐states, technical infrastructures • The Future Internet: IPv6 (more possibilities, 128bit) and Internet2 (= Next Generation Internet NGI) -‐> working on new robust, performance internet (200 companies, universities, governments) – developing new technologies routing practices, levels of service, importance of data, distributed computing
Internet Services and Communication Tools
• • • •
• •
• • •
VoIP VPN
Implemented by one or more software programs Run on single server computer or different machine Increase work productivity but not always the case Monitoring or regulating online activity, ethical and privacy concerns
VoIP reducing communication costs by 20-‐30% IP network: lowering long distance costs, eliminating monthly fees for private lines, single voica data infrastructure for telecommunications and computing, flexibility (easy adding new phones, voce and email combined into single directory (Bayer did that!)) Merge disparate communication modes into a single universally accessible service using unified communications technology Past: dedicated and expensive private network Today: less expensive virtual private network (VPN) within public Internet o Secure, encrypted, private within public network o Advantage of economies of scale o Combining voice and data networks o Point to Point Tunneling Protocol (PPTP) – packets encrypted and wrapped inside IP packets
World Wide Web • Most popular Internet service, with universally accepted standards for storing, retrieving, formatting, and displaying information • Web site = connection web pages linked to a home page, links to other media
• • • •
HTML (Hypertext Markup Language): Formats documents for display on Web, incorporates dynamic links to other media Hypertext Transfer Protocol (HTTP): Communications standard used for transferring Web pages Uniform resource locators (URLs): Addresses of Web pages Web servers: Software for locating and managing Web pages, most common: open source Apache HTTP Server (54%)
Searching for Information on the Web • 100 billion web pages public available, but also deep web à 900 billion additional pages cannot be visited without access code, protected • Search engines = killer app” of Internet era, sift through different files • Started in early 1990s as relatively simple software programs using keyword indexes, now Google (page rank system), Yahoo, Bing • Major source of Internet advertising revenue via search engine marketing, using complex algorithms and page ranking techniques to locate results • Sponsors, paid search results on top à at the right time match consumer interes • Search engine optimization: better search engine recognitions, higher ranks, on top of the search result list, improve quality and volume of Web traffic, popularity (links to that web site) • Challenging searching videos • Intelligent Agent shopping bots: software agents with built in intelligence, gather info, perform tasks to assist users, making purchase filter, pricing and availability Web 2.0 • Collaboration, sharing, creating new services • 4 defining features: Interactivity, real-‐time user control, social participation, user-‐generated content • Technologies/services: Cloud computing, Blogs/RSS, Mashups & widgets (mix and match content or software components, e.g. Flickr), Wikis, Social networks • Blog: chronological entries, blog roll, trackbacks, comments, Templates (no HTML skills needed) à blogosphere • RSS: Rich Site Summary, Really Simple Syndication à syndicates content, feeds, subscribe and automatically receive new content • Wikis: collaborative web sites, visitors add, modify content, monitoring work à easy to share information • Social networks: build communities, profiles. Interactivity, real time user control, opinions, how communicate, stay in touch, advertising, + application development platforms Web 3.0/ future Web • Effort of W3C to add meaning to existing Web (woven all digital information, contacts together into single meaningful experience) = Semantic Web • Make searching more relevant to user, meaningful + productive (better results) • More “intelligent” computing, analyze and manipulate, reduce amount of human involvement in searching and processing web information • 3D Web (walk through pages) • Pervasive Web (controls everything, managing) • Increase in cloud computing, SaaS, Ubiquitous connectivity between mobile and other access devices, Make Web a more seamless experience
The Wireless Revolution • Cell phones, laptops, handheld devices à portable computing platforms, performing tasks we used to do at our desks • Stay in touch with customers, suppliers, employees • Flexible arrangements for organizing works • Creation of new products, services, sales channels • Smartphones: email, messaging, wireless Internet, digital photography, personal information management à small mobile computers Cellular Systems • Competing standards for cellular service o CDMA(Code Division Multiple Access): United States (Verizon, Sprint), transmits several frequencies, entire spectrum o GSM (Global System for Mobile Communication): Rest of world, plus AT&T and T-‐Mobile, international roaming capability • Third-‐generation (3G) networks: Suitable for broadband Internet access , 144 Kbps – 2Mbps, special cards for PCs • 4G networks: Entirely packet-‐switched, 100 Mbps – 1Gbps, premium quality, high security à Pre-‐4G: Long Term Evolution (LTE), mobile WiMax Wireless computer networks and Internet access • Bluetooth (802.15) o Links up to 8 devices in 10-‐m area, low power radio signals o Useful for personal are networking (PANs) and in business to transmit data from handheld devices to other transmitters • Wi-‐Fi (802.11) o Set of standards: 802.11a, 802.11b (11 mbps, 30-‐50 m), 802.11g (54 mbps), 802.11n (100 mbps) o Used for wireless LAN and wireless Internet access o Use access points: bridge device with radio receiver/transmitter, antennas for connecting wireless devices to a wired LAN, router, hub o Hotspots: Access points in public place to provide maximum wireless coverage for a specific area o Provide low, costs wireless LANs and internet access o Weak security features, vulnerable to intruders o Susceptibility to interference from nearby systems, solved by n-‐standard: multiple antennas, MIMO (multiple input, multiple output) • WiMax (802.16) – Worldwide Interoperability for Microwave Access o Wireless access range of 31 miles, 75 mbps o Require WiMax antennas o Sprint Nextel building WiMax network as foundation for 4G networks Radio Frequency identification (RFID) • Use tiny tags with embedded microchips containing data about an item and location, and antenna • Tags transmit radio signals over short distances to special constantly transmitting RFID readers, which send data over network to computer for processing • Active RFID: Tags have batteries, data can be rewritten, range is hundreds of feet, more expensive
• •
•
•
Passive RFID: Range is shorter, also smaller, less expensive, powered by radio frequency energy Common uses: o Automated toll-‐collection o Tracking goods in a supply chain o E.g. Walmart combining data point of sale systems with RFID data to determine which items will soon be depleted, automatically generates lists Requires companies to have special hardware and software, massive amount of data à Software to filter and aggregate, applications designed to accept large data and share it with other applications Reduction in cost of tags making RFID viable for many firms
Wireless sensor networks (WSNs) • Networks of hundreds or thousands of interconnected wireless devices embedded into physical environment to provide measurements of many points over large spaces • Devices (nodes) have built-‐in processing, storage, and radio frequency sensors and antennas • Require low-‐power, long-‐lasting batteries and ability to endure in the field without maintenance • Used to monitor building security, detect hazardous substances in air, monitor environmental changes, traffic, or military activity • Data flowing to a server with grater processing power, gateway to network based on Internet technology
Chapter 8 Securing Information Systems
System Vulnerability and Abuse • Security: Policies, procedures and technical measures to prevent unauthorized access, alteration, theft, or physical damage • Controls: Methods, policies, and organizational procedures ensure safety of organization’s assets; accuracy and reliability of accounting records; and operational adherence to management standards • Vulnerability through technical, organizational and environmental factors, poor management decisions, communication layers • Accessibility of networks • Hardware problems (breakdowns, configuration errors, damage from improper use or crime) • Software problems (programming errors, installation errors, unauthorized changes) • Disasters (fires, floods..) • Use of networks/computers outside of firm’s control • Loss and theft of portable devices
Internet vulnerabilities • Network open to anyone, Size: abuses can have wide impact • Use of fixed Internet addresses creates fixed targets hackers • Unencrypted VOIP (no use of VPN) • E-‐mail, P2P, IM: Interception, Attachments with malicious software, Transmitting trade secrets Wireless security challenges • Radio frequency bands easy to scan • SSIDs (service set identifiers): Identify access points, Broadcast multiple times • War driving: Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources, set up rogue access points • WEP (Wired Equivalent Privacy) WPA2 (WiFi Protected Access) o Security standard for 802.11; use is optional o Uses shared password for both users and access point
Malware (malicious software) • Viruses: Rogue software program that attaches itself to other software programs or data files in order to be executed, deliver “payload”, spread through humans • Worms: Independent computer programs that copy themselves from one computer to other computers over a network • Trojan horses: Software program that appears to be benign but then does something other than expected, does not replicate • Computers, mobile devices, web 2.0 applications • SQL injection attacks: Hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database • Spyware: Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising • Key loggers: Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks Hackers and computer crime • Hackers vs. crackers (criminal intent): unauthorized access, weakness in security protections • System intrusion + System damage • Cybervandalism: Intentional disruption, defacement, destruction of Web site or corporate information system • Spoofing o Misrepresenting oneself by using fake e-‐mail addresses or masquerading as someone else o Redirecting Web link to address different from intended one, with site masquerading as intended destination • Sniffer o Eavesdropping program that monitors information traveling over network o Enables hackers to steal proprietary information such as e-‐mail, company files, etc. • Denial-‐of-‐service attacks (DoS): Flooding server with thousands of false requests to crash the network. • Distributed denial-‐of-‐service attacks (DDoS): Use of numerous computers to launch a DoS • Botnets: Networks of “zombie” PCs infiltrated by bot malware • Computer crime: “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution” o Computer may be target of crime, e.g.: Breaching confidentiality of protected data, Accessing a computer system without authority o Computer may be instrument of crime, e.g.: Theft of trade secrets, Using e-‐ mail for threats or harassment • Identity theft: Theft of personal Information (social security id, driver’s license or credit card numbers) to impersonate someone else • Phishing: Setting up fake Web sites or sending e-‐mail messages that look like legitimate businesses to ask users for confidential personal data. • Evil twins: Wireless networks that pretend to offer trustworthy Wi-‐Fi connections to the Internet (e.g log credit card numbers) • Pharming: Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser (possible when they gain
•
•
access to the Internet Address Information stored by internet service providers to speed up web browsing and the ISP companies have flawed software in their servers, hack into and change addresses) Click fraud: Occurs when individual or computer program fraudulently clicks on online ad without any intention of learning more about the advertiser or making a purchase Global threats: Cyberterrorism and Cyberwarfare, targeting software that runs electrical power grids, air traffic control systems, networks of major banks
Internal threats: employees • Security threats often originate inside an organization leaking Inside knowledge • Sloppy security procedures, User lack of knowledge • Social engineering: Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information • End users entering faulty data, not following instructions • IS specialists: errors in design, development, maintenance Software vulnerability • Commercial software contains flaws that create security vulnerabilities – Hidden bugs (program code defects), Zero defects cannot be achieved because complete testing is not possible with large programs – Flaws can open networks to intruders, impede performance • Patches: Vendors release small pieces of software to repair flaws (patch management by users), However exploits often created faster than patches be released and implemented Business Value of Security and Control • Failed computer systems can lead to significant or total loss of business function • Confidential personal and financial data, Trade secrets, new products, strategies • A security breach may cut into firm’s market value almost immediately • Inadequate security and controls also bring forth issues of liability • Strong security: high ROI, employees productivity, lower operational costs Legal and regulatory requirements for electronic records management and privacy protection • Protection data from abuse, exposure, unauthorized access • HIPAA: Medical security and privacy rules and procedures • Gramm-‐Leach-‐Bliley Act: Requires financial institutions to ensure the security and confidentiality of customer data • Sarbanes-‐Oxley Act: Imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally Electronic evidence • Evidence for white collar crimes often in digital form Data on computers, e-‐mail, instant messages, e-‐commerce transactions • Proper control of data can save time and money when responding to legal discovery request Computer forensics: • Scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in court of law • Includes recovery of ambient and hidden data, plan needed
Establishing a Framework for Security and Control à Where company at risk, what controls must be in place, security policy, plans for keeping business running if IS not operational Information systems controls • Manual and automated controls • General and application controls General controls • Govern design, security, and use of computer programs and security of data files in general throughout organization’s IT infrastructure. • Apply to all computerized applications • Combination of hardware, software, and manual procedures to create overall control environment • Types of general controls: Software controls, Hardware controls, Computer operations controls, Data security controls, Implementation controls, Administrative controls Application controls • Specific controls unique to each computerized application, such as payroll or order processing • Include both automated and manual procedures • Ensure that only authorized data are completely and accurately processed by that application • Input controls: authorization, conversion, editing, error handling • Processing controls: updating • Output controls Risk assessment • Determines level of risk to firm if specific activity or process is not properly controlled • Determine value of info assets, points of vulnerability, likely frequency of the problem, potential for damage • Concentration on the control points with greatest vulnerability and potential for loss Security policy • Ranks information risks, identifies acceptable security goals, and identifies mechanisms for achieving these goals, most important assets • Acceptable use policy (AUP): Defines acceptable uses of firm’s information resources and computing equipment, unacceptable, consequences • Authorization policies: Determine differing levels of user access to information assets Identity management • Business processes and tools to identify valid users of system and control access: Identifies and authorizes different categories of users, Specifies which portion of system users can access, Authenticating users and protects identities • Identity management systems: Captures access rules for different levels of users Disaster recovery planning: Devises plans for restoration of disrupted services Business continuity planning: Focuses on restoring business operations after disaster
MIS audit • Examines firm’s overall security environment as well as controls governing individual information systems, data quality • Reviews technologies, procedures, documentation, training, and personnel • Simulate disaster to test response of technology, IS staff, other employees • Lists and ranks all control weaknesses and estimates probability of their occurrence, Assesses financial and organizational impact of each threat Technologies and Tools for Protecting Information Resources Identity management software • Automates keeping track of all users and privileges • Authenticates users, protecting identities, controlling access • Authentication: Password systems, Tokens, Smart cards, Biometric Firewall: Combination of hardware and software that prevents unauthorized users from accessing private networks • Static packet filtering: examines selected fields in headers of individual packets • Stateful inspections: track info over multiple packets, part of approved conversation, legitimate connection • Network address translation (NAT): conceals ip addresses of internal host computers • Application proxy filtering: examines app content of packets Intrusion detection systems: • Monitor hot spots on corporate networks to detect and deter intruders • Examines events as they are happening to discover attacks in progress • Raises alarm or shuts down sensitive network part Antivirus and antispyware software: • Checks computers for presence of malware and can often eliminate it as well • Require continual updating Unified threat management (UTM) systems: firewalls, VPNs, IDS, web content filtering, anti spam software Securing wireless networks • WEP security can provide some security by Assigning unique name to network’s SSID and not broadcasting SSID, Using it with VPN technology • Wi-‐Fi Alliance finalized WAP2 specification, replacing WEP with stronger standards: Continually changing keys, Encrypted authentication system with central server Encryption • Transforming text or data into cipher text that cannot be read by unintended recipients, encryption key • Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS) between 2 computers • Secure Hypertext Transfer Protocol (S-‐HTTP) limited to individual messages • Symmetric key encryption: Sender and receiver use single, shared key • Public key encryption: Uses two, mathematically related keys: Public key and private key, Sender encrypts message with recipient’s public key, Recipient decrypts with private key
Digital certificate: • Data file used to establish the identity of users and electronic assets for protection of online transactions • Uses a trusted third party, certification authority (CA), to validate a user’s identity • CA verifies user’s identity, stores information in CA server, which generates encrypted digital certificate containing owner ID information and copy of owner’s public key Public key infrastructure (PKI) • Use of public key cryptography working with certificate authority • Widely used in e-‐commerce Ensuring system availability: Online transaction processing requires 100% availability, no downtime • Fault-‐tolerant computer systems: Contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service • High-‐availability computing o Helps recover quickly from crash, Minimizes not eliminates downtime o Backup servers, multiple server distribution, high capacity storage, god disaster recovery and business continuity plans • Recovery-‐oriented computing: Designing systems that recover quickly with capabilities to help operators pinpoint and correct of faults in multi-‐component systems • Controlling network traffic: Deep packet inspection (DPI) Video and music blocking, using prioritizing • Security outsourcing: Managed security service providers (MSSPs) Security in the cloud • Responsibility for security resides with company owning the data • Firms must ensure providers provides adequate protection • Service level agreements (SLAs) including controls Securing mobile platforms • Security policies should include and cover any special requirements for mobile devices • Tools to authorize all devices in use, maintain inventory records, updates, lock Ensuring software quality (software metrics and testing) • Software metrics: Objective assessments of system in form of quantified measurements, identify problems as they occur • Carefully designed, formal, objective, used consistently • Examples: Number of transactions, Online response time, Payroll checks printed per hour, Known bugs per hundred lines of code • Early and regular testing to uncover errors • Walkthrough: Review of specification or design document by small group of qualified people • Debugging: Process by which errors are eliminated
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications
Enterprise Systems = Enterprise Resource Planning Systems (ERP) • Suite of integrated software modules and a common central database • Collects data from many divisions of firm for use in internal business activities • Information entered in one process is immediately available for other processes Enterprise Software • Built around thousands of predefined business processes that reflect best practices • Finance/accounting, Human resources, Manufacturing/production, Sales/marketing • To implement, firms: Select functions of system they wish to use, Map business processes to software processes, Use software’s configuration tables for customizing • Leading ES vendors: SAP, Oracle, Infor Global Solutions, Microsoft • Communicate with customers, suppliers, other entities Business value of enterprise systems • Increase operational efficiency • Provide firm wide information to support decision making • Enforce standard practices and data • Enable rapid responses to customer requests for information or products, reduce cycle time and costs, centralize • Include analytical tools to evaluate overall organizational performance, improved decision making Supply Chain Management Systems Supply Chain • Network of organizations and processes for: o Procuring raw materials (procurement) o Transforming them into products (manufacturing) o Distributing the products (distribution) • Flow of materials, information, payments in both directions • Primary, secondary, tertiary suppliers (tier 1,2,3) • Upstream supply chain: Firm’s suppliers, suppliers’ suppliers, processes for managing relationships with them • Downstream supply chain: Organizations and processes responsible for delivering products to customers
Information and supply chain management • Inefficiencies caused by inaccurate/untimely information cut into operating costs • Just-‐in-‐time strategy: Components arrive as they are needed, Finished goods shipped after leaving assembly line • Safety stock: Buffer for lack of flexibility in supply chain • Bullwhip effect: Information about product demand gets distorted as it passes from one entity to next across supply chain, more inventory, ripples, magnifying change à excess inventory, production, warehousing, shipping costs • Tamed by reducing uncertainties by demand and supply, accurate and up-‐to date information, share dynamic info
Supply chain management software • Supply chain planning systems: Model existing supply chain o Demand planning (determine amount of products to satisfy demands) o Optimize sourcing, manufacturing plans o Establish inventory levels o Identifying transportation modes • Supply chain execution systems: Manage flow of products through distribution centers and warehouses, efficiency Global Supply Chains and the Internet • Global supply chains typically span greater geographic distances and time differences • Different performance standards • More complex pricing issues (local taxes, transportation, etc.) • Foreign government regulations, cultural differences • Internet helps companies manage many aspects of global supply chains: sourcing, transportation, communications, international finance (no slow downs, errors, uncertainty) à outsourcing to third party logistic providers, contract manufacturing Supply chain management systems • Push-‐based model (build-‐to-‐stock): Schedules based forecasts of demand • Pull-‐based model (demand-‐driven, build-‐to-‐order): Customer orders trigger events in supply chain • Sequential supply chains: Information and materials flow sequentially from company to company • Concurrent supply chains: Information flows in many directions simultaneously among members of a supply chain network • Future Internet driven: digital logistics nervous system
Business value of SCM systems • Streamline internal and external supply chain processes • Match supply to demand • Reduce inventory levels • Improve delivery service • Speed product time to market • Use assets more effectively • Reduced supply chain costs lead to increased profitability • Increased sales Customer Relationship Management Systems • In large businesses, too many customers and too many ways customers interact with firm • Capture and integrate customer data from all over the organization • Consolidate and analyze customer data • Distribute customer information to various systems and customer touch points (contact point) across enterprise • Provide single enterprise view of customers to increase sales and service Customer Relationship Management Software • CRM packages range from niche tools to large-‐scale enterprise applications • Partner relationship management (PRM) o Integrating lead generation, pricing, promotions, order configurations, and availability o Tools to assess partners’ performances • Employee relationship management (ERM) o E.g. Setting objectives, employee performance management, performance-‐ based compensation, employee training • Major vendors: Siebel Systems (Oracle), PeopleSoft, SAP, Salesforce.com, Microsoft Dynamics CRM CRM packages typically include tools for: • Sales force automation (SFA): increase productivity, focusing on profitable customers E.g. sales prospect and contact information, and sales quote generation capabilities, personalized recommendations • Customer service: increase efficiency call center, help desks, support staff, E.g. assigning and managing customer service requests; Web-‐based self-‐service capabilities • Marketing: support direct marketing campaigns E.g. capturing prospect and customer data, opportunities for cross selling (complementary products)
Operational and Analytical CRM • Operational CRM: Customer-‐facing applications, E.g. sales force automation, call center and customer service support, and marketing automation • Analytical CRM: Analyze customer data output from operational CRM applications, Based on data warehouses populated by operational CRM systems and customer touch points (online analytical processing – OPLAP), Customer lifetime value (CLTV)
Business value of CRM • Increased customer satisfaction • Reduced direct-‐marketing costs • More effective marketing • Lower costs for customer acquisition/retention • Increased sales revenue • Reduce churn rate o Number of customers who stop using or purchasing products or services from a company. o Indicator of growth or decline of firm’s customer base Enterprise Application Challenges • Highly expensive to purchase and implement • Require Technological changes • Require Business process changes • Require Organizational changes • Switching costs, dependence on software vendors • Data standardization, management, cleansing Next-‐generation enterprise applications • Move is to make applications more flexible, Web-‐enabled, integrated with other systems • Enterprise suites o Software to enable CRM, SCM, and enterprise systems work together and with suppliers and client systems o Utilize Web services, SOA (Service Oriented Architecture) • Open source & on-‐demand solutions • Mobile compatible; Web 2.0 capabilities • Complementary analytics products
Service platform • Integrates multiple applications to deliver a seamless experience for all parties, E.g. Order-‐to-‐cash process • Portal software: Used to integrate information from enterprise applications and legacy systems and present it as if coming from a single source
Chapter 10 E-‐commerce: Digital Markets, Digital Goods
E-‐commerce today: • Use of the Internet and Web to transact business; digitally enabled transactions • Began in 1995 and grew exponentially, still growing even in a recession • Companies that survived the dot-‐com bubble burst and now thrive • E-‐commerce revolution is still in its early stages, increasing number of online products, broadband access
Reduced Transaction costs
Lower Market Entry Cost, Search cost
Price Cost Trans Parenc Y Price Discrim ination
Key concepts in e-‐commerce • Digital markets reduce o Information asymmetry o Search costs o Transaction costs o Menu costs (merchants costs of changing prices) • Digital markets enable o Price discrimination o Dynamic pricing based on market conditions o Disintermediation (removal of organizations, layers in value chain) • Reduce or increase switching costs, may cause extra delay in gratification Digital goods • Goods that can be delivered over a digital network • Cost of producing first unit almost entire cost of product: marginal cost of 2nd unit is about zero • Costs of delivery over the Internet very low • Marketing costs remain the same; pricing highly variable • Industries with digital goods are undergoing revolutionary changes (publishers, record labels, etc.) Types of e-‐commerce • Business-‐to-‐consumer (B2C) • Business-‐to-‐business (B2B) • Consumer-‐to-‐consumer (C2C) • Mobile commerce (m-‐commerce)
Content provider: includes intellectual property, podcasting (subscribe), streaming
E-‐commerce revenue models • Advertising (retain user attention à higher rates) (Google) • Sales (+ micropayments) (ITunes) • Subscription (Netflix) • Free/Freemium (Flickr) • Transaction Fee (Ebay) • Affiliate (receive referential fees, Blogs) Most popular Web 2.0 service: social networking • Social networking sites sell banner ads, user preference information, and music, videos and e-‐books • Social shopping sites: Swap shopping ideas with friends (Kaboodle, ThisNext) • Wisdom of crowds/crowdsourcing: Large numbers of people can make better decisions about topics and products than a single person • Prediction markets: Peer-‐to-‐peer betting markets on specific outcomes (elections, sales figures, designs for new products) E-‐commerce marketing • Internet provides marketers with new ways of identifying and communicating with customers • Long tail marketing: Ability to reach a large audience inexpensively • Behavioral targeting: Tracking online behavior of individuals on thousands of Web sites, privacy concerns • Advertising networks à profiling • Advertising formats include search engine marketing, display ads, rich media, and e-‐mail Administrative overhead: processing paper, approving puchase decisions, telephone, fax machines, search for products, arrange purchases, arranging and shipping, receiving goods à 100$ for each curporate purchase order for supporting products Business-‐to-‐business e-‐commerce • Promise: reduce costs, prices, increase productivity, economic wealth • Challenge: chahing existing patterns and systems of procurement, designing and implementing new Internet-‐based B2B solutions Electronic data interchange (EDI) • Computer-‐to-‐computer exchange of standard transactions such as invoices, purchase orders • Major industries have EDI standards that define structure and information fields of electronic documents for that industry • More companies increasingly moving away from private networks to Internet for linking to other firms E.g. Procurement: Businesses can now use Internet to locate most low-‐cost supplier, search online catalogs of supplier products, negotiate with suppliers, place orders, etc. Private industrial networks (private exchanges) • Large firm using extranet to link to its suppliers, distributors and other key business partners • Owned by buyer, eg. Volkswagen Group Supply • Permits sharing of: Product design and development, Marketing, Production scheduling and inventory management, Unstructured communication
Net marketplaces (e-‐hubs) • Single market for many buyers and sellers • Industry-‐owned or owned by independent intermediary • Generate revenue from transaction fees, other services • Use prices established through negotiation, auction, RFQs, or fixed prices • May focus on direct or indirect goods • May be vertical or horizontal marketplaces • E.g. Exostar long term contract purchasing, aero defense industry, Elemica serving chemical industry Exchanges • Independently owned third-‐party Net marketplaces • Connect thousands of suppliers and buyers for spot purchasing • Typically provide vertical markets for direct goods for single industry (food, electronics) • Proliferated during early years of e-‐commerce; many have failed: Competitive bidding drove prices down and did not offer long-‐term relationships with buyers or services to make lowering prices worthwhile M-‐commerce • Location-‐based services (Loopt, Wikitude) • Software application sales • Entertainment downloads • Mobile display advertising • Banking and financial services • Wireless advertising and retailing • Games and entertainment Building an E-‐Commerce Web Site • Developing a clearunderstanding of your business objectives • Knowing how to choose the right technology to achieve those objectives • Assembling a team with the skills required to make decisions about: o Technology o Site design o Social and information policies o Hardware, software, and telecommunications infrastructure • Customer’s demands should drive the site’s technology and design • Business decisions drive the technology – not the reverse • Business objectives: Capabilities the site should have, E.g. execute a transaction payment • System functionality : Technological capability to achieve this objective, E.g. a shopping cart or other payment system • Information requirements,E.g. secure credit card clearing, multiple payment options The Building Decision • Pre built template, least costly and simple solution, limited • Build yourself_ customization, variety of tools, risky complexity, delays • Packages to customize
The Hosting Decision • Outsource, pay monthly fee, vendor responsible • Co-‐location: purchase Web server and locate in a vendors physical facility, • Rent capabilities of cloud computing center • Fees based on size of website, bandwidth, storage, support •
Web site budgets • Several thousand to millions / year • 50% of a budget is system maintenance and content creation
Chapter 11 Managing Knowledge
The Knowledge Management Landscape • Knowledge management systems among fastest growing areas of software investment • Knowledge and information related, useful and actionable when shared, major source of wealth • Substantial part of a firm’s stock market value is related to intangible assets: knowledge, brands, reputations, and unique business processes • Well-‐executed knowledge-‐based projects can produce extraordinary ROI, difficult to measure • Data = flow of events/transactions, info = organized data, knowledge = additional resources to discover patterns, wisdom = Collective and individual experience of applying to solve problems, Involves where, when, and how to apply knowledge • Both individual and collective attribute • Cognitive, psychological eent inside peoples heads • Tacit (not documented) and explicit (documented) knowledge • Has a locations, sticky, not universally applicable, situational, contextual • Important asset of firm, Knowing how to do things effectively and efficiently in ways others cannot duplicate is prime source of profit and competitive advantage
Organizational learning (Process in which organizations learn) • Gain experience through collection of data, measurement, trial and error, and feedback • Adjust behavior to reflect experience: Create new business processes, Change patterns of management decision making The Knowledge Management Value Chain • Knowledge management: Set of business processes developed in an organization to create, store, transfer, and apply knowledge • Knowledge management value chain: Each stage adds value to raw data and information as they are transformed into usable knowledge
Knowledge acquisition • Documenting tacit and explicit knowledge o Storing documents, reports, presentations, best practices o Unstructured documents (e.g., e-‐mails) o Developing online expert networks • Creating knowledge (discover patterns, knowledge workstations) • Tracking data from TPS (sales, payments, inventory, customers), external sources Knowledge storage • Databases, expert systems corporate in business processes • Document management systems • Role of management: o Support development of planned knowledge storage systems o Encourage development of corporate-‐wide schemas for indexing documents o Reward employees for taking time to update and store documents properly Knowledge dissemination • Portals, Push e-‐mail reports, Search engines, Collaboration tools • A deluge of information • Training programs, informal networks, and shared management experience help managers focus attention on important information
Knowledge application • To provide return on investment, organizational knowledge must become systematic part of management decision making and become situated in decision-‐support systems • Create New business practices, New products and services, New markets New organizational roles and responsibilities • Chief knowledge officer executives • Dedicated staff / knowledge managers • Communities of practice (COPs) o Informal social networks of professionals and employees within and outside firm who have similar work-‐related activities and interests o Activities include education, online newsletters, sharing experiences and techniques o Facilitate reuse of knowledge, discussion o Reduce learning curves of new employees 3 major types of knowledge management systems (CAD = computer aided design)
Three major types of knowledge in enterprise • Structured documents (formal docs and rules) • Semistructured documents • Unstructured, tacit knowledge (+ semi = 80%) Enterprise content management systems • Help capture, store, retrieve, distribute, preserve • Corporate repositories ans capabilities to collect and organize semistructured • Bring in external sources (News feeds, research) • Tools for communication and collaboration • Key problem – Developing taxonomy = classification scheme (Knowledge objects must be tagged with categories for retrieval) • Digital asset management systems: Specialized content management systems for classifying, storing, managing unstructured digital data like Photographs, graphics, video, audio Knowledge network systems (expertise location and management systems) • Provide online directory of corporate experts in well-‐defined knowledge domains
• •
Use communication technologies to make it easy for employees to find appropriate expert in a company May systematize solutions developed by experts and store them in knowledge database (Best-‐practices, Frequently asked questions (FAQ) repository)
Collaboration Tools • Enterprise knowledge portals: Access to external and internal information (News feeds, research, Capabilities for e-‐mail, chat..) • Use of consumer Web technologies (Blogs, Wikis, Social bookmarking – user-‐ created taxonomies for shared bookmarks = folksonomies) Learning Management Systems (LMS) • Provide tools for management, delivery, tracking, and assessment of various types of employee learning and training • Support multiple modes of learning • Automates selection and administration of courses • Assembles and delivers learning content • Measures learning effectiveness Knowledge Work Systems = Systems for knowledge workers to help create new knowledge and integrate that knowledge into business Knowledge workers = Researchers, designers, architects, scientists, engineers who create knowledge for the organization 1. Keeping organization current in knowledge 2. Serving as internal consultants regarding their areas of expertise 3. Acting as change agents, evaluating, initiating, and promoting change projects Requirements of knowledge work systems • Hardware Platform: knowledge workstation • Substantial computing power for graphics, complex calculations • Powerful graphics and analytical tools • Communications and document management • Access to external databases • User-‐friendly interfaces • Optimized for tasks to be performed (design engineering, financial analysis) Examples of knowledge work systems • CAD (computer-‐aided design): o Automate creation and revision of design o Creation of engineering or architectural designs • Virtual reality systems: o Simulate real-‐life environments o 3-‐D medical modeling for surgeons o Augmented reality (AR) systems – additional info to enhance the perception of reality, more interactive and meaningful o VRML (virtual realty modeling language) = set of specifications for interactive 3D modeling on the WWW, can organize multiple media types • Investment workstations in financial industry = Streamline investment process and consolidate internal, external data for brokers, traders, portfolio managers
Intelligent techniques: Used to capture individual and collective knowledge and to extend knowledge base • To capture tacit knowledge: Expert systems, case-‐based reasoning, fuzzy logic • Knowledge discovery: Neural networks and data mining • Generating solutions to complex problems: Genetic algorithms • Automating tasks: Intelligent agents Artificial intelligence (AI) technology: Computer-‐based systems that emulate human behavior Expert systems: • Capture tacit knowledge in very specific and limited domain of human expertise • Capture knowledge of skilled employees as set of rules in software system that can be used by others in organization • Typically perform limited tasks that may take a few minutes or hours, e.g. Diagnose malfunctioning machine, Determining whether to grant credit for loan • Used for discrete, highly structured decision-‐making How expert systems work • Knowledge base: Set of hundreds or thousands of interconnected rules • Inference engine: Strategy used to search knowledge base o Forward chaining: Inference engine begins with information entered by user and searches knowledge base to arrive at conclusion o Backward chaining: Begins with hypothesis and asks user questions until hypothesis is confirmed or disproved • Benefits: improved decisions, reduced errors, reduced costs, and training time, higher levels of quality and service Successful expert systems • Con-‐Way Transportation built expert system to automate and optimize planning of overnight shipment routes for nationwide freight-‐trucking business Most expert systems deal with problems of classification • Have relatively few alternative outcomes • Possible outcomes are known in advance Many expert systems require large, lengthy, and expensive development and maintenance efforts à Hiring or training more experts may be less expensive Case-‐based reasoning (CBR) • Descriptions of past experiences of human specialists (cases), stored in knowledge base • System searches for cases with problem characteristics similar to new one, finds closest fit, and applies solutions of old case to new case • Successful and unsuccessful applications are grouped with case • Stores organizational intelligence: Knowledge base is continuously expanded and refined by users • CBR found in: Medical diagnostic systems, Customer support Fuzzy logic systems • Rule-‐based technology that represents imprecision used in linguistic categories (e.g., “cold,” “cool”) that represent range of values (Doppeldeutig) • Describe a particular phenomenon or process linguistically and then represent that description in a small number of flexible rules
•
Provides solutions to problems requiring expertise that is difficult to represent with IF-‐THEN rules o Autofocus in cameras o Detecting possible medical fraud o Sendai’s subway system acceleration controls
Neural networks • Find patterns and relationships in massive amounts of data too complicated for humans to analyze • “Learn” patterns by searching for relationships, building models, and correcting over and over again (construct hidden layer of logic) • Humans “train” network by feeding it data inputs for which outputs are known, to help neural network learn solution by example • Used in medicine, science, and business for problems in pattern classification, prediction, financial analysis, and control and optimization only as aids! • E.g Visa Credit Card Fraud monitoring transactions • Machine learning: Related AI technology allowing computers to learn by extracting information using computation and statistical methods • Used in data mining Genetic algorithms • Useful for finding optimal solution for specific problem by examining very large number of possible solutions for that problem • Conceptually based on process of evolution: Search among solution variables by changing and reorganizing component parts using processes such as inheritance, mutation, and selection • Used in optimization problems (minimization of costs, efficient scheduling, optimal jet engine design) in which hundreds or thousands of variables exist • Able to evaluate many solution alternatives quickly Hybrid AI systems • Genetic algorithms, fuzzy logic, neural networks, and expert systems integrated into single application to take advantage of best features of each • E.g., Matsushita “neurofuzzy” washing machine that combines fuzzy logic with neural networks Intelligent agents • Work in background to carry out specific, repetitive, and predictable tasks for user, process, or application • Use limited built-‐in or learned knowledge base to accomplish tasks or make decisions on user’s behalf (Deleting junk e-‐mail, Finding cheapest airfare) • Agent-‐based modeling applications: o Systems of autonomous agents o Model behavior of consumers, stock markets, and supply chains; used to predict spread of epidemics
Chapter 12 Enhancing Decision Making
Types of decisions: • Unstructured: Decision maker must provide judgment, evaluation, and insight to solve problem, novel, non-‐routine and important decisions à Senior management • Structured: Repetitive and routine; involve definite procedure for handling so they do not have to be treated each time as new à operational management • Semistructured: Only part of problem has clear-‐cut answer provided by accepted procedure à Middle management The 4 stages of the decision making process 1. Intelligence: Discovering, identifying, and understanding the problems occurring in the organization 2. Design: Identifying and exploring solutions to the problem 3. Choice: Choosing among solution alternatives 4. Implementation: Making chosen alternative work and continuing to monitor how well solution is working Managers and Decision making in the real world • Information systems can only assist in some of the roles played by managers • Classical model of management: 5 functions = Planning, organizing, coordinating, deciding, and controlling • More contemporary behavioral models = less systematic, more informal, less reflective, more reactive, and less well organized than in classical model • Great del of work at unrelenting pace, fragmented activities, prefer current and specific information, prefer oral forms of communication, maintain complex web of contacts • Managerial roles = expectations of the activities that managers should perform
3main reasons why investments in information technology do not always produce positive results 1. Information quality: High-‐quality decisions require high-‐quality information (accuracy, integrity, consistency, completeness, validity, timeliness, accessibility) 2. Management filters: Managers have selective attention and have variety of biases that reject information that does not conform to prior conceptions 3. Organizational inertia and politics: Strong forces within organizations resist making decisions calling for major change High velocity automated decision-‐making • Made possible through computer algorithms precisely defining steps for a highly structured decision • Humans taken out of decision, E.g. High-‐speed computer trading programs • Require safeguards to ensure proper operation and regulation Business intelligence: Infrastructure for collecting, storing, analyzing data produced by business (warehousing, integrating, reporting, analyzing data); Databases, data warehouses, data marts Business analytics: Tools and techniques for analyzing data; OLAP (online analytical processing), statistics, models, data mining Business intelligence vendors: Create business intelligence and analytics purchased by firms (SAP, Oracle, IBM, SAS Institute, Microsoft), market: 10.5billion, growing 20%
Business intelligence and analytics capabilities • Goal is to deliver accurate real-‐time information to decision-‐makers • Main functionalities of BI systems 1. Production reports (pre-‐defined, based on industry requirements) 2. Parameterized reports (user enters different parameters to filter data) 3. Dashboards/scorecards (visual tools, presenting performance data) 4. Ad hoc query/search/report creation (create own report based on queries, searches)
5. Drill down (from high-‐level summary to detailed view) 6. Forecasts, scenarios, models (analyze using standard statistical tools)
Business intelligence users • 80% are casual users relying on production reports • Senior executives àUse monitoring functionalities • Middle managers and analysts à Ad-‐hoc analysis • Operational employees à Prepackaged reports (E.g. sales forecasts, customer satisfaction, loyalty and attrition, supply chain backlog, employee productivity)
Examples of BI applications à mostly pre-‐packaged production reports • Predictive analytics: Use patterns in data to predict future behavior (E.g. Credit card companies determine customers at risk for leaving, screen potential customers, prediction how customer respond to price changes) • Data visualization: Help users see patterns and relationships that would be difficult to see in text lists • Geographic information systems (GIS): Ties location-‐related data to maps, modeling capabilities (e.g. calculate response times to natural disasters, best locations for new ATMs 2 Management strategies for developing BI and BA capabilities Competitive market place and given to hyperbole 1. One-‐stop shopping (totally integrated solution) • Hardware firms sell software that run optimally on their hardware • Makes firm dependent on single vendor (but on a global scale) – switching costs + pricing power 2. Multiple best-‐of-‐breed solution • Software firms: encourage firms to adopt „best of breed“ software, chose package from vendor you believe is best • Greater flexibility and independence • Potential difficulties in integration with own hardware and other software • Must deal with multiple vendors
Business Intelligence Constituencies Operational and middle managers • Monitor day to day business performance (e.g down-‐time machines, hourly sales) • Make fairly structured decisions • Use MIS à output = set of routine production reports based on data from transaction processing systems (TPS) • Increased online usage with queries „Super user” and business analysts • Use more sophisticated analysis to find patterns in data, • Create customized reports, relying heavily on modeling • Use DSS (decision support systems) support semistructured decision making Decision support systems • Use mathematical or analytical models • Allow varied types of analysis o “What-‐if” analysis (working forward from known conditions, test results to predict outcomes) o Sensitivity analysis (repeated what if questions to predict range of outcomes, when variables changed multiple times) o Backward sensitivity analysis (helps with goal seeking) o Multidimensional analysis / OLAP (E. g. pivot tables) Decision-‐support for senior management • Executive support systems (ESS) help executives focus on important performance information affect overall profitability and success • Balanced scorecard method: (methodology for understanding really important information) à Measures outcomes on four dimensions: o Financial, Business process, Customer, Learning & growth o Key performance indicators (KPIs) measure each dimension
Business performance management (BPM) • Translates firm’s strategies (e.g. differentiation, low-‐cost producer, scope of operation) into operational targets • KPIs developed to measure progress towards targets • Stronger strategy flavor than balanced scorecard Data for ESS • Internal data from enterprise applications (ERP, SCM, CRM) • External data such as financial market databases, economic information • Drill-‐down capabilities • Enhancing effectiveness: organizational performance, track activities of competitors, recognize changing market conditions, identify problems and opportunities • Decentralized decision making, taking place on lower operating levels, increase span of control • = Information driven management or management by facts à real-‐time Group Decision Support Systems (GDSS) • Interactive system to facilitate solution of unstructured problems by group • Specialized hardware and software; typically used in conference rooms o Overhead projectors, display screens o Software to collect, rank, edit participant ideas and responses o May require facilitator and staff • Enables increasing meeting size and increasing productivity • Promotes collaborative atmosphere, guaranteeing anonymity • Uses structured methods to organize and evaluate ideas
Chapter 13 Building Information Systems
Structural organizational changes enabled by IT 1. Automation • Increases efficiency and effectively à assisting employees • Replaces manual tasks 2. Rationalization of procedures • Streamlines standard operating procedures • Revealed bottlenecks due to automatization • Often found in programs for making continuous quality improvements o Total quality management (TQM) – achieving quality as goal and responsibility of all employees o Six sigma = specific measure of quality (3.6 defects per million opportunities) – usually just a goal 3. Business process redesign (more powerful, higher risk) • Analyze, simplify, and redesign business processes • Reorganize workflow, combine steps, eliminate repetition and sometimes jobs • Ambitious and new vision how to organize process 4. Paradigm shifts (often fail, high rewards) • Rethink nature of business, radical, reengineering strategies • Define new business model • Change nature of organization Business Process Redesign Business Process Management (BPM) • Variety of tools, methodologies to analyze, design, optimize processes • Used by firms to manage business process redesign • Never concluded à continual change • Barrier: organizational culture, resisting change, not simple 1. Identify processes for change: what processes are important and how improving these will help performance 2. Analyze existing processes: modeled and documented, identify redundant steps and inefficiencies, existing processes measured in times and cost 3. Design the new process: improve processes by designing new one, “to-‐be” process à comparison streamlined processes, justifying by reducing time, cost, enhancing service and value 4. Implement the new process: translation in new set of procedures and rules, implement IS to support, uncover and address problems, recommended improvements 5. Continuous measurement: employees fall back in old methods, processes lose effectiveness due to other changes Variety of tools for BPM, to • Identify and document existing processes, Identify inefficiencies • Create models of improved processes • Capture and enforce business rules for performing processes • Integrate existing systems to support process improvements
• • •
Analytics to Verify that new processes have improved Measure impact of process changes on key business performance indicators Automate some parts of business process and enforce business rules à perform more consistently and efficiently Help integrate existing systems to support process improvements
• Systems development Activities that go into producing an information system solution to an organizational problem or opportunity
Systems analysis • Analysis of problem to be solved by new system • Defining the problem and identifying causes, Specifying solutions (Systems proposal report identifies and examines alternative solutions), Identifying information requirements • Analyst: creates roadmap of existing organization, identifying primary owners of data, hardware, software à examining à problem areas and objectives • Includes feasibility study: financial, technical, organizational standpoint, good investment, skills? • Written systems proposal: costs, benefits, disadvantages, advantages of each alternative • Establishing information requirements o Who needs what information, where, when, and how o Define objectives of new/modified system o Detail the functions new system must perform • Faulty requirements analysis is leading cause of systems failure and high systems development cost Systems design • Describes system specifications that will deliver functions identified during systems analysis à form and structure (blueprint) • Should address all managerial, organizational, and technological components of system solution à fulfill user requirements
•
Role of end users o User information requirements drive system building o Users must have sufficient control over design process to ensure system reflects their business priorities and information needs o Insufficient user involvement in design effort is major cause of system failure
Completing System Development Process Translate solution specifications into operational info system • Programming: Translate System specifications into software program code • Testing: Ensures system produces right results o Unit (program) testing: Tests each program in system separately o System testing: Test functioning of system as a whole o Acceptance testing: system is ready to be used in production setting (evaluated by users, reviewed by management) o Test plan: All preparations for series of tests, general condition tested = record change Conversion = Process of changing from old system to new system 1. Parallel strategy: both old and new systems run together = safe and expensive 2. Direct cutover: total replacement on an appointed day = risky 3. Pilot study: introduction to limited area 4. Phased approach: introduction in stages (by functions, units) • Requires end-‐user training • Finalization of detailed documentation showing how system works from technical and end-‐user standpoint Production and maintenance = System reviewed to determine if revisions needed • May include post-‐implementation audit document • Maintenance: Changes in hardware, software, documentation, or procedures to a production system to correct errors, meet new requirements, or improve processing efficiency o 20% debugging, emergency work o 20% changes to hardware, software, data, reporting o 60% of work: User enhancements, improving documentation, recoding for greater processing efficiency
Modeling and Designing System 1. Structured Methodologies • Structured: Techniques are step-‐by-‐step, progressive, top-‐down • Process-‐oriented: Focusing on modeling processes/actions that manipulate data à data flow (no well modeling of data, only processes) • Separate data from processes (real world: unnatural) • Data flow diagram: Primary tool for representing system’s component processes and flow of data between them (ANALYSIS) o Offers logical graphic model of information flow o High-‐level and lower-‐level diagrams can be used to break processes down into successive layers of detail • Data dictionary: Defines contents of data flows and data stores • Process specifications: Describe transformation occurring within lowest level of data flow diagrams (logic for each process) • Structure chart: Top-‐down chart, showing each level of design, relationship to other levels, and place in overall design structure (DESIGN)
2. Object-‐Oriented Development • Object = basic unit of systems analysis and design • Object: Combines data and the processes that operate on those data • Data encapsulated in object can be accessed and modified only by operations, or methods, associated with that object • Object-‐oriented modeling based on concepts of class and inheritance o Objects belong to a certain class and have features of that class o May inherit structures and behaviors of a more general, ancestor class • More iterative and incremental than traditional structured development o Systems analysis: Interactions between system and users analyzed to identify objects o Design phase: Describes how objects will behave and interact; grouped into classes, subclasses and hierarchies o Implementation: Some classes may be reused from existing library of classes, others created or inherited • Objects = reusable à can potentially reduce time and cost of development Computer-‐aided software engineering (CASE) • Software tools to automate development and reduce repetitive work, including • Facilitate creation of clear documentation + coordination of team development efforts
•
• •
Graphics facilities for producing charts and diagrams, Screen and report generators, reporting facilities, Analysis and checking tools, Data dictionaries, Code and documentation generators Increase productivity and quality Support iterative design by automating revisions and changes and providing prototyping facilities Require organizational discipline to be used effectively
• Alternative Systems-‐building Approaches Traditional systems lifecycle • Oldest method for building information systems • Phased approach divides development into formal stages • “Waterfall” approach: Tasks in one stage finish before another stage begins • Formal division of labor between end users and information systems specialists • Emphasizes formal specifications and paperwork • Still used for building large complex systems • Can be costly, time-‐consuming, and inflexible Prototyping • Building experimental system rapidly and inexpensively for end users to evaluate • Prototype: Working but preliminary version of information system à Approved prototype serves as template for final system • Iterative Steps in prototyping (can be repeated) 1. Identify user requirements 2. Develop initial prototype 3. Use prototype 4. Revise and enhance prototype Advantages Disadvantages • Useful if some uncertainty in • May gloss over essential steps requirements or design solutions • May not accommodate large • Often used for end-‐user interface quantities of data or large number design of users • More likely to fulfill end-‐user • May not undergo full testing or requirements documentation End-‐user development: • Uses fourth-‐generation languages to allow end-‐users to develop systems with little or no help from technical specialists • Fourth generation languages: Less procedural than conventional programming • Require: cost-‐justification of end-‐user system projects, Establish hardware, software, and quality standards Advantages Disadvantages • More rapid completion of projects • Not designed for processing-‐ intensive applications • High-‐level of user involvement and satisfaction • Inadequate management and control, testing, documentation • Loss of control over data
Application software packages • Save time and money: pre-‐written, designed, tested, maintenance • Many offer customization features • Evaluation criteria for systems analysis include: Functions provided by the package, flexibility, user friendliness, hardware and software resources, database requirements, installation and maintenance efforts, documentation, vendor quality, and cost • Request for Proposal (RFP): Detailed list of questions submitted to packaged-‐ software vendors, Used to evaluate alternative software packages Outsourcing • Cloud and SaaS providers: Subscribing companies use software and computer hardware provided by vendors • External vendors: Hired to design, create software o Domestic: Driven by firms need for additional skills, resources, assets o Offshore: Driven by cost-‐savings, better assets, skills Advantages Disadvantages • Allows organization flexibility in IT • Hidden costs, e.g. Identifying and needs selecting vendor, Transitioning to vendor • Usually at least 15% cost saving even in worst case scenario • Opening up proprietary business processes to third party
Application Development for the Digital Firm Rapid application development (RAD) • Process of creating workable systems in a very short period of time (less sequential, parts occur simultaneously • Visual programming and other tools for building graphical user interfaces • Iterative prototyping of key system elements • Automation of program code generation • Close teamwork among end users and information systems specialists Joint application design (JAD) • Used to accelerate generation of information requirements and to develop initial systems design • Brings end users and information systems specialists together in interactive session to discuss system’s design • Can significantly speed up design phase and involve users at intense level Agile development • Focuses on rapid delivery of working software by breaking large project into several small sub-‐projects • Subprojects: Treated as separate, complete projects, Completed in short periods of time using iteration and continuous feedback • Emphasizes face-‐to-‐face communication over written documents à collaboration and faster decision making Component-‐based development • Groups of objects that provide software for common functions (e.g., online ordering) and can be combined to create large-‐scale business applications • Web services o Reusable software components that use XML and open Internet standards (platform independent) o Enable applications to communicate with no custom programming required to share data and services o Can engage other Web services for more complex transactions o Using platform and device-‐independent standards can result in significant cost-‐savings and opportunities for collaboration with other companies
Chapter 14 Managing Projects
The Importance of Project Management • Runaway projects: 30% -‐ 40% IT projects: Exceed schedule, budget, Fail to perform as specified, less benefits • Types of system failure o Fail to capture essential business requirements o Fail to provide organizational benefits o Complicated, poorly organized user interface o Inaccurate or inconsistent data Project management • Project: planned series of related activities for achieving specific business objective • Activities: planning work, assessing risk, estimating resources required, organizing work, assigning tasks, controlling project execution, reporting progress, analyzing results • Five major variables o Scope à what work to (not) include o Time à amount to complete project, schedule o Cost à hr, hardware, software, work space o Quality à result satisfies specified objectives o Risk à potential problems threatening success Selecting Projects
Linking Systems Projects to the Business Plan Information systems plan • Identifies systems projects that will deliver most business value, links development to business plan • Corporate goals, milestones, target dates, key management decisions • Road map indicating direction of systems development, includes: o Purpose of plan o Strategic business plan rationale o Current systems/situation o New developments to consider o Management strategy o Implementation plan o Budget • In order to plan effectively, firms need to inventory and document existing software, hardware, systems Critical Success Factors • Clear understanding of both long-‐term and short-‐term information requirements • Strategic analysis or critical success factors (CSF) approach: Sees information requirements as determined by a small number of critical success factors • Shaped by industry, firm, manager, broader environment • Principal method: personal interviews with top managers à identify goals + CSFs à aggregation to firm CSFs à systems build to deliver information on CSFs • Suitable for top management, building DSS and ESS • Disadvantages: No clear methods for aggregation, Confusion between individual and organizational CSFs, Bias towards top managers Portfolio analysis • Used to evaluate alternative system projects • Inventories all of the organization’s information systems projects and assets • Each system has profile of risk and benefit • To improve return on portfolio, balance risk and return from systems investments • Determine optimal mix of investment risk and reward • Aligned with business strategy: superior return on IT assets, better alignment with business objectives, and better coordination if IT investments
Scoring models • Selecting projects where many criteria must be considered • Assigns weights to various features of system and calculates weighted totals • Most important: not score but agreement on criteria to judge system • Requires experts understanding issue and technology • Used to confirm, rationalize and support decisions Establishing the business value of Information Systems Information Systems Costs and Benefits • Tangible benefits (cost savings): Can be quantified and assigned monetary value • Systems that displace labor and save space: Transaction and clerical systems • Intangible benefits: Cannot be immediately quantified but may lead to quantifiable gains in the long run • Systems that influence decision making: ESS, DSS, collaborative work systems • Capital budgeting models: Measure value of investing in long-‐term capital investment projects • Rely on measures the firm’s o Cash outflows: Expenditures for hardware, software, labor o Cash inflows: Increased sales, Reduced costs • Difference out-‐ und in flows used for calculating financial worth of investment • Various capital budgeting models used for IT projects: Payback method, accounting rate of return on investment, net present value, internal rate of return (IRR) Real options pricing models (ROPM) • Can be used when future revenue streams of IT projects are uncertain and up-‐ front costs are high • Use concept of options valuation borrowed from financial industry (option = right but not obligation to act at some future date, buy at fixed rate) • Initial expenditure on technology creates right (not obligation) to obtain the benefits associated with further development and deployment of the technology as long as management has freedom to cancel, defer, restart, or expand project • Gives managers flexibility to stage IT investment or test the waters with small pilot projects or prototypes to gain more knowledge about risks before investing in entire implementation • Disadvantage: estimating all ley variables affecting option value Limitations of financial models • Do not take into account social and organizational dimensions that may affect costs and benefits • No consideration costs from organizational disruptions (training, learning curves) • Overlooked benefits like enhanced employee learning and expertise Dimensions of Project Risk – level influenced by • Project size: Indicated by cost, time, number of organizational units affected, Organizational complexity also an issue • Project structure: Structured, defined requirements run lower risk • Experience with technology
Change Management • Required for successful system building • New information systems have powerful behavioral and organizational impact • Changes lead to new distributions of authority and power • Internal organizational change breeds resistance and opposition • Implementation: All organizational activities working toward adoption, management, and routinization of an innovation • Change agent: One role of systems analyst o Redefines the configurations, interactions, job activities, and power relationships of organizational groups o Catalyst for entire change process o Responsible for ensuring that all parties involved accept changes created by new system • Role of end users: With high levels of user involvement o System more likely to conform to requirements o Users more likely to accept system • User-‐designer communication gap: Users and information systems specialists o Different backgrounds, interests, and priorities o Different loyalties, priorities, vocabularies o Different concerns regarding a new system • Management support and commitment o Positive perception by both users and technical staff o Ensures sufficient funding and resources o Enforcement of required organizational changes • Very high failure rate among enterprise application and BPR projects (up to 70% for BPR) à Poor implementation and change management practices • Mergers and acquisitions: Similarly high failure rate of integration projects • Merging of systems of two companies requires: Considerable organizational change, Complex systems projects Controlling risk factors • 1st step in managing project risk: identifying nature and level of risk of project • Each project managed with tools and risk-‐management approaches geared to level of risk • Managing technical complexity à Internal integration tools o Project leaders with technical and administrative experience o Highly experienced team members o Frequent team meetings o Securing of technical experience outside firm if necessary • Formal planning and formal control tools: GANTT and PERT charts o Gantt chart lists project activities and corresponding start and completion dates, visually representing timing and duration + hr o Pert charts (Program Evaluation and Review Technique) graphically depicts project task and interrelationships in a network diagram o Determine bottlenecks, impact problems will have • External integration tools: ways to link work of implementation team to users at all organizational levels (Active involvement of users, team’s responsiveness) • User resistance to organizational change: believe change is detrimental to their interests, counter implementation: strategy to thwart implementation of an IS
•
Strategies to overcome user resistance o User participation o User education and training o Management edicts and policies o Incentives for cooperation o Improvement of end-‐user interface o Resolution of organizational problems prior to introduction of new system
Designing for the organization • Information system projects must address ways in which organization changes with new system • Planning: Procedural changes, Job functions, Organizational structure, Power relationships, Work structure • Ergonomics: Interaction of people and machines in work environment including Design of jobs, Health issues, End-‐user interfaces • Organizational impact analysis: explains how system will affect organizational structure, attitudes, decision making, operations • Sociotechnical design: Addresses human and organizational issues o Separate sets of technical and social design solutions o Final design is solution that best meets both technical and social objectives à higher job satisfaction and productivity Project management software • Can automate many aspects of project management • Capabilities for Defining, ordering, editing tasks, Assigning resources to tasks, Tracking progress • Microsoft Project 2010 = Most widely used project management software, capabilities of producing PERT, Gantt Charts, critical path analysis • Increase in SaaS, open-‐source project management software à more flexile, collaborative and user-‐friendly • Project portfolio management: helps organizations manage portfolios of projects and dependencies among them
Chapter 15 Managing Global Systems
Growth of International Information Systems • Global economic system and global world order driven by advanced networks and information systems • Growth of international trade radically altered domestic economies around globe Developing an International Information Systems Architecture 1. Understand global environment: Business drivers pushing your industry toward global competition, Inhibitors creating management challenges 2. Develop corporate strategy for competition: How firm should respond to global competition 3. Develop organization structure and division of labor: Where will production, marketing, sales, etc., be located 4. Consider management issues: Design of business procedures, reengineering, managing change 5. Consider technology platform Global drivers General cultural factors lead toward internationalization and result in specific business globalization factors
Business Challenges
State of the art • Most companies have inherited patchwork international systems using 1960s-‐ era batch-‐oriented reporting, manual entry of data from one legacy system to another, and little online control and communication
•
Significant difficulties in building appropriate international architectures o Planning a system appropriate to firm’s global strategy o Structuring organization of systems and business units o Solving implementation issues o Choosing right technical platform
Global strategies and business organization • Three main kinds of organizational structure o Centralized: In the home country o Decentralized/dispersed: To local foreign units o Coordinated: All units participate as equals • Four main global strategies o Domestic exporter: heavy centralization of corporate activities in the home country of origin (often starting point) o Multinational: concentrate financial management and control out of home base, decentralizing production, sales, marketing, adapted products to local market conditions o Franchisers: mix of old and new, design in home country, further production… foreign personnel o Transnational: stateless, truly globally managed firms with many regional headquarters, frame of reference: globe
Global systems to fit the strategy • Configuration, management, and development of systems tend to follow global strategy chosen • 4 main types of systems configuration 1. Centralized: Systems development and operation totally at domestic home base 2. Duplicated: Development occurs at home base but operations are handed over to autonomous units in foreign locations 3. Decentralized: Each foreign unit designs own solutions and systems 4. Networked: Development and operations in coordinated fashion across all units
Reorganizing the Business 1. Organize value-‐adding activities along lines of comparative advantage (E.g., Locate functions where they can best be performed, for least cost and maximum impact) 2. Develop and operate systems units at each level of corporate activity— local (host country systems units), regional (regional systems units handle telecommunications and systems development)), national, and international (transnational systems units create link across major regional areas) 3. Establish at world headquarters: Single office responsible for development of international systems + Global CIO position Managing Global Systems Principle Management Challenges in developing global systems
Typical scenario: Disorganization on a global scale • Traditional multinational consumer-‐goods company based in U.S. and operating in Europe would like to expand into Asian markets • World headquarters and strategic management in U.S., Only centrally coordinated system is financial controls and reporting • Separate regional, national production and marketing centers • Foreign divisions have separate IT systems • E-‐mail systems are incompatible • Each production facility uses different ERP system, different hardware and database platforms, etc. Global systems strategy • Share only core systems: Core systems support functionality critical to firm • Partially coordinate systems that share some key elements (Do not have to be totally common across national boundaries, Local variation desirable) • Peripheral systems: Need to suit local requirements only 1. Define core business processes (business process analysis) + best performer 2. Identify core systems to coordinate centrally 3. Choose an approach (best: salami strategy) • Piecemeal and grand design approaches tend to fail • Evolve transnational applications incrementally from existing applications 4. Make benefits clear • Global flexibility • Gains in efficiency • Global markets and larger customer base unleash new economies of scale at production facilities • Optimizing corporate funds over much larger capital base
The management solution: Implementation • Agreeing on common user requirements à Short list of core business processes à Develop common language, understanding of common elements and unique local qualities • Introducing changes in business processes à Success depends on legitimacy (extent on which authority is accepted = competence, vision etc.), authority, ability to involve users in change design process • Coordinating applications development à Coordinate change through incremental steps à Reduce set of transnational systems to bare minimum • Coordinating software releases à Institute procedures to ensure all operating units update at the same time à compatible • Encouraging local users to support global systems à Cooptation: Bringing the opposition into design and implementation process without giving up control over direction and nature of the change o Permit each country unit to develop one transnational application o Develop new transnational centers of excellence Technology challenges of global systems • Global business model and strategy à hardware, software, networking standards, key system applications • Standardization: global computing platform, international work teams Computing platforms and systems integration • How new core systems will fit in with existing suite of applications developed around globe by different divisions • Standardization: Data standards, interfaces, software, etc. Connectivity • Ability to link systems and people into single integrated network (voice, data, image transmissions) • Internet foundation but does not guarantee any level of service • Many firms use private networks and VPNs • Low penetration of PCs, outdated infrastructures in developing countries • High costs and monitored transmissions by governments
Software Localization • Integrating new systems with old (+ testing) • Human interface design issues, languages à mastered quickly • Software localization: converting software to operate in second language
•
Most important software applications: o TPS and MIS (basic transaction and management reporting systems) o Increasingly, SCM and enterprise systems to standardize business processes à not always compatible with differences in languages, heritage, business processes in other countries o Problems: not technically sophisticated company units o Applications that enhance productivity of international teams like EDI, SCM; Collaboration systems, email, videoconferencing