2-1 final review acs-1803-050 computer-based systems (information systems today) applied computer...

2-1

Final Review

ACS-1803-050Computer-based

Systems

(Information Systems Today)

Applied Computer ScienceUniversity of Winnipeg

Robert Riordan, Carleton University

2-2Information Systems Today, 2/C/e ©2008 Pearson Education Canada

Learning Objectives

1. Explain how organizations support business activities by using information technologies

2. Describe what enterprise systems are how they have evolved

3. Explain the difference between internally and externally focused software applications

4. Understand and utilize the keys to successfully implementing enterprise systems.


Business Value Chain Analysis

Value Chain Analysis (Porter 1985, 2001 )Is a process of analyzing an organization’s activities to determine where value is added to products and/or services and what costs are incurred in doing so.

2-4

Supply Chain Management (SCM)

Systems


Information Systems Roles in the Value Chain

Supply Chain Management (SCM) SystemsSupply Chain Management (SCM) Systems


Supply Chain Management

Objective Applications that accelerate product development and reduce cost associated with procuring raw materials, components, and services from its suppliers

• Supply Chain – the suppliers that an organization purchases from directly

• Supply Network – the suppliers that an organization purchases from directly and its suppliers

Objective Applications that accelerate product development and reduce cost associated with procuring raw materials, components, and services from its suppliers

• Supply Chain – the suppliers that an organization purchases from directly

• Supply Network – the suppliers that an organization purchases from directly and its suppliers

SourcesThere are two primary sources of SCM systems. These systems are built to tightly integrate with ERP systems

• SCM Software Vendors – Agile, Ariba, I2, Manugistics, Commerce One, etc.

• ERP Vendors – SAP, Baan, Oracle, etc

SourcesThere are two primary sources of SCM systems. These systems are built to tightly integrate with ERP systems

• SCM Software Vendors – Agile, Ariba, I2, Manugistics, Commerce One, etc.

• ERP Vendors – SAP, Baan, Oracle, etc


Supply Chain Management Benefits

Supply Chain Management applications can help organizations to gain competitive advantage and provide substantial payback in several ways by:

• Streamlining workflow and increasing employee productivity (i.e. efficiently managing business travel, time, and expenses by collaborating with suppliers in real time)

• Accelerating product development (i.e. enabled by the ability of organizations to swiftly react to market conditions)

• Streamlining cost and creating efficiencies across the supply network (i.e., supporting contract negotiation and measuring effectiveness of those agreements)

Supply Chain Management applications can help organizations to gain competitive advantage and provide substantial payback in several ways by:

• Streamlining workflow and increasing employee productivity (i.e. efficiently managing business travel, time, and expenses by collaborating with suppliers in real time)

• Accelerating product development (i.e. enabled by the ability of organizations to swiftly react to market conditions)

• Streamlining cost and creating efficiencies across the supply network (i.e., supporting contract negotiation and measuring effectiveness of those agreements)


Push- versus Pull-Based Supply Chain Models

SCM (cont’d)

2-9

Customer Relationship Management (CRM)

Systems



Customer Relationship Management (CRM) SystemsCustomer Relationship Management (CRM) Systems


Customer Relationship Management

Objective Applications that help organizations attract new business and attract and encourage repeat business

Objective Applications that help organizations attract new business and attract and encourage repeat business

FunctionsThere are two primary functions in CRM systems:

• Sales – tools designed to assist in presales activities such as marketing and prospecting (e.g. Sales Force Automation)

• Service – tools that help with the post-sales aspects of the business (e.g. call center technology, analytics)

FunctionsThere are two primary functions in CRM systems:

• Sales – tools designed to assist in presales activities such as marketing and prospecting (e.g. Sales Force Automation)

• Service – tools that help with the post-sales aspects of the business (e.g. call center technology, analytics)

SourcesThere are two primary sources of CRM systems:

• CRM Software Vendors – Siebel, FirePond, Onyx, E.Piphany• ERP Vendors – SAP, Baan, Oracle, etc.

SourcesThere are two primary sources of CRM systems:

• CRM Software Vendors – Siebel, FirePond, Onyx, E.Piphany• ERP Vendors – SAP, Baan, Oracle, etc.


Customer Relationship Management Benefits

Customer Relationship Management applications can help organizations to gain competitive advantage and provide substantial payback in several ways by:

• reducing costs, because the right things are being done (ie., effective and efficient operation)

• increasing customer satisfaction, because they are getting exactly what they want (ie. meeting and exceeding expectations)

• ensuring that the focus of the organisation is external • growth in numbers of customers • maximizing opportunities (eg. increased services,

referrals, etc.) • increasing access to a source of market and

competitor information • highlighting poor operational processes • providing long term profitability and sustainability

Customer Relationship Management applications can help organizations to gain competitive advantage and provide substantial payback in several ways by:

• reducing costs, because the right things are being done (ie., effective and efficient operation)

• increasing customer satisfaction, because they are getting exactly what they want (ie. meeting and exceeding expectations)

• ensuring that the focus of the organisation is external • growth in numbers of customers • maximizing opportunities (eg. increased services,

referrals, etc.) • increasing access to a source of market and

competitor information • highlighting poor operational processes • providing long term profitability and sustainability


CRM Software Capabilities

CRM Systems (Con’t)

2-14

Enterprise Resource Planning (ERP)

Systems



Enterprise Resource Planning (ERP) SystemsEnterprise Resource Planning (ERP) Systems


Enterprise Resources Planning (ERP) Definition 1

Enterprise Resource Planning

A method for the effective planning and controlling of ALL these sources needed to take, make, ship and account for customer orders in a manufacturing, distribution or service company.


Choosing an ERP System - Issues

ERP Systems are:

• Supplied by multiple vendors including SAP, Baan, Oracle, etc., with each having their own unique features and structures

• Packaged systems that follow a one-size-fits-all strategy which means they may not support all functions as well as a custom system does

• Similar but are also different. They should be selected based on factors including control, business requirements, and best practices

ERP Systems are:

• Supplied by multiple vendors including SAP, Baan, Oracle, etc., with each having their own unique features and structures

• Packaged systems that follow a one-size-fits-all strategy which means they may not support all functions as well as a custom system does

• Similar but are also different. They should be selected based on factors including control, business requirements, and best practices


Choosing an ERP System – Selection Factors

Control refers to where the power lies related to computing and decision support systems (centralized vs. decentralized) in selecting systems, developing policies and procedures, etc. (Who will decide?)

Control refers to where the power lies related to computing and decision support systems (centralized vs. decentralized) in selecting systems, developing policies and procedures, etc. (Who will decide?)

Business Requirements refers to the system’s capabilities and how they meet organizational needs through the use of software modules or groups of business functionality (What do you need?)

Business Requirements refers to the system’s capabilities and how they meet organizational needs through the use of software modules or groups of business functionality (What do you need?)

Best Practices refers to the degree to which the software incorporates industry standard methods for doing business which can cause a need for significant business processes reengineering (How much change is required?)

Best Practices refers to the degree to which the software incorporates industry standard methods for doing business which can cause a need for significant business processes reengineering (How much change is required?)


ERP and Business Process Reengineering

Business Process Reengineering

A systematic, structured improvement approach by all or part of an organization whereby people critically examine, rethink, and redesign business processes in order to achieve dramatic improvements in one or more performance measures (e.g. quality, cycle time, cost)


A systematic, structured improvement approach by all or part of an organization whereby people critically examine, rethink, and redesign business processes in order to achieve dramatic improvements in one or more performance measures (e.g. quality, cycle time, cost)



Steps in Business Process Reengineering

• Develop a vision for the organization that specifies business objectives (e.g. reduced costs, shorter time to market, improved quality, etc.)

• Identify critical processes that are to be redesigned

• Understand and measure the existing processes as a baseline for future improvements

• Identify ways that information technology can be used to improve processes

• Design and implement a prototype of the new process(es)

Steps in Business Process Reengineering

• Develop a vision for the organization that specifies business objectives (e.g. reduced costs, shorter time to market, improved quality, etc.)

• Identify critical processes that are to be redesigned

• Understand and measure the existing processes as a baseline for future improvements

• Identify ways that information technology can be used to improve processes

• Design and implement a prototype of the new process(es)


BPR Today – Observations and Research

Large bodies of research are available on the role of ERP and BPR implementations. Some of this research has come to the following conclusions:

• Reengineering and related organizational issues are as important as the technical implementation issues (Kumar and Van Hellersberg, 2000; Markus and Tanis, 2000)

• Managers in many cases must choose between making the ERP system fit the organization or the organization fit the ERP system (Soh, Sia, Tay-Yoh, 2000)

• For an ERP system to help transform the organization and gain new competitive capabilities, a full organizational and operational change is required (Willcocks and Sykes, 2000)

• To be successful, manager must first transform the organization and then implement the ERP system

Large bodies of research are available on the role of ERP and BPR implementations. Some of this research has come to the following conclusions:

• Reengineering and related organizational issues are as important as the technical implementation issues (Kumar and Van Hellersberg, 2000; Markus and Tanis, 2000)

• Managers in many cases must choose between making the ERP system fit the organization or the organization fit the ERP system (Soh, Sia, Tay-Yoh, 2000)

• For an ERP system to help transform the organization and gain new competitive capabilities, a full organizational and operational change is required (Willcocks and Sykes, 2000)

• To be successful, manager must first transform the organization and then implement the ERP system


Enterprise Systems – Integrated (Interorganizational)

Integrated PackagesRichly functional systems designed to support externally focused functions (Upstream – Supply Chain Management and Downstream – Customer Relationship Management)

Integrated PackagesRichly functional systems designed to support externally focused functions (Upstream – Supply Chain Management and Downstream – Customer Relationship Management)

Integrated Packages• Highly integrated with internal systems (ERP) through the use of interfaces and specialty software

• Organizational fit for these systems is very high as they are highly specific to the function they support

• These are usually packaged applications that are supplied and supported by the ERP vendor or other third-party system integrators

• Customization or modifications are also discouraged to minimize support cost but the applications are highly configurable

Integrated Packages• Highly integrated with internal systems (ERP) through the use of interfaces and specialty software

• Organizational fit for these systems is very high as they are highly specific to the function they support

• These are usually packaged applications that are supplied and supported by the ERP vendor or other third-party system integrators

• Customization or modifications are also discouraged to minimize support cost but the applications are highly configurable


Recommendations for Enterprise System Success

Get Help from Outside ExpertsImplementation success is enabled by deep application experience and access to supporting tools and methods

Take a Multidisciplinary Approach to ImplementationsEnterprise systems span the entire organization and as such require input and participation from all functions

Thoroughly Train UsersTraining in organization, business process, and application functions is critical to success and must be reinforced

Secure Executive SponsorshipThe highest level support is required to obtain resources and make and support difficult reengineering decisions


Learning Objectives

1. Discuss how organizations can use information systems for automation, organizational learning, and strategic support

2. Describe information systems’ critical strategic importance to the success of modern organizations


Learning Objectives

3. Formulate and present the business case for a system and understand why it is sometimes difficult to do so

4. Explain why and how companies are continually looking for new ways to use technology for competitive advantage


Business Strategy

Business Strategy

Streamline Business Processes

Solidify Business Relationships/

Improve Customer Service

Maximize Technology

Benefits

Improve Profitability & Reduce Costs

Reach Global Markets


Strategy and Competitive Advantage

Sources of Competitive Advantage• Having the best-made product on the market• Delivering superior customer service• Achieving lower cost than rivals• Having proprietary manufacturing technology• Having shorter lead-times in developing and testing new

products• Having a well-known brand name and reputation• Giving customers more value for their money

Achieving StrategyProviding support in a way that enables the firm to gain or sustain competitive advantage over rivals

Achieving StrategyProviding support in a way that enables the firm to gain or sustain competitive advantage over rivals


Strategy


Presenting the Business Case – Success Factors

Know your AudienceA number of people may be involved in the decision making process. The key is to present information that is relevant and important to them

IS Manager - He/She has overall responsibility for development, deployment, and maintenance of systems. Concern about IS organization impact are likely

Company Executives - They represent various stakeholders in the organization. The may also have their own agenda at stake when making decisions about expenses

Steering Committee – A collection of various company stake holders whose goal is to balance the needs and concerns in making a recommendation to the CEO

Know your AudienceA number of people may be involved in the decision making process. The key is to present information that is relevant and important to them

IS Manager - He/She has overall responsibility for development, deployment, and maintenance of systems. Concern about IS organization impact are likely

Company Executives - They represent various stakeholders in the organization. The may also have their own agenda at stake when making decisions about expenses

Steering Committee – A collection of various company stake holders whose goal is to balance the needs and concerns in making a recommendation to the CEO

The key to successfully presenting the business case depends on thorough presentation and paying attention to the following factors


Levels of the Organization


Systems That Span Organizational Boundaries


System Description: Functional Area Info Systems


Value Chain Analysis

Value Chain Analysis (Porter 1985, 2001 )Is a process of analyzing an organization’s activities to determine where value is added to products and/or services and what costs are incurred in doing so.



Systems play a significant role throughout the Value Chain to achieve competitive advantage and:

• Must be appropriate for the business strategy (e.g. cost) • Are usually coupled with Business Process Reengineering that

addresses process to enhance company operations

Systems play a significant role throughout the Value Chain to achieve competitive advantage and:

• Must be appropriate for the business strategy (e.g. cost) • Are usually coupled with Business Process Reengineering that

addresses process to enhance company operations


The Value Chain - Primary Activities

Functional areas within an organization that process inputs and produce outputs. These activities may vary widely based on the unique requirements of a company’s industry

Functional areas within an organization that process inputs and produce outputs. These activities may vary widely based on the unique requirements of a company’s industry

Primary Activities include:• Inbound Logistics – receiving and stocking raw

materials, parts, products• Operations/Manufacturing – processing orders and

raw materials into finished product• Outbound Logistics – distribution of the finished

product to customers • Marketing and Sales – creating demand for the product

(pre-sales activities)• Customer Service – providing support for the product

or customer (post-sales activities)

Primary Activities include:• Inbound Logistics – receiving and stocking raw

materials, parts, products• Operations/Manufacturing – processing orders and

raw materials into finished product• Outbound Logistics – distribution of the finished

product to customers • Marketing and Sales – creating demand for the product

(pre-sales activities)• Customer Service – providing support for the product

or customer (post-sales activities)


The Value Chain - Support Activities

Support activities are business activities that enable Primary Activities. These activities can be unique by industry but are generally more typical across industries.

Support activities are business activities that enable Primary Activities. These activities can be unique by industry but are generally more typical across industries.

Support Activities include:• Infrastructure – hardware and software that must be

implemented to support applications for primary activities

• Human Resources – employee management activities: hiring, interview scheduling, and benefits management

• Technology Development – the design and development of applications that support the organization

• Procurement – purchase of goods or services that are required as inputs to primary activities

Support Activities include:• Infrastructure – hardware and software that must be

implemented to support applications for primary activities

• Human Resources – employee management activities: hiring, interview scheduling, and benefits management

• Technology Development – the design and development of applications that support the organization

• Procurement – purchase of goods or services that are required as inputs to primary activities


• Use the value chain to:– Plan for a better way of meeting customer

demands.– Identifying processes that add value.– Identifying processes that reduce value.

Developing a Competitive Business Strategy


How does a business optimize its value process?



Differentiator – adding value to the process



• Disintermediation – using the Internet as a delivery vehicle, intermediate players in a distribution channel can be bypassed.

Key E-Commerce Strategies


Recurring vs. Non-Recurring• Recurring - Ongoing costs or benefits identified in

a business case (IT staff to support system)• Non-Recurring - One-time costs or benefits

identified in a business case (software purchase)

Tangible vs. Intangible• Tangible - Cost and benefits that are easily

identified (e.g. headcount or labour cost)• Intangible - Cost and benefits that are not easily

identified (i.e. increased customer service)

Business cases typically include both Recurring/Non-recurring and Tangible/Intangible costs and benefits

Developing a Competitive E-Business Strategy

Recurring/Non-Recurring and Tangible/Intangible


Sources of differentiation

Tangible sources

Speed of delivery

Convenience

Customisation

Intangible sources

Reputation

Brand

Productrange

Quality

Tangible and intangible sources of differentiation

Developing a Competitive E-Business Strategy


Learning Objectives

1. What is auditing?

2. Type of auditors• External• Internal

3. Overview of the auditing process (Four key stages)

4. Six areas of organizational risk• Focus on Overall Risks and• Storage of Data

The Auditing of Information Systems


THE NATURE OF AUDITING

• An overview of the auditing process– All audits follow a similar

sequence of activities and may be divided into four stages:

• Planning• Collecting evidence• Evaluating evidence• Communicating audit

results

Communicating Audit Results

Evaluating Evidence

Collecting Evidence

Planning


Making Sense of This

• There are six areas of risk in an organization’s information systems as identified here:– 1.Overall (General)– 2. System development, acquisition and – 3. modification– 4. The working of the programs in the system

(processing)– 5. The capture and input of data into the system

(source data)– 6. The storage of data that has been input (data files)


For each area of risk (1 to 6)

• A.What are some actual risks (e.g., possible error or fraud)?

• B. What are some controls to counteract these risks?

• C. What might an internal auditor do, specifically, to assess each such control, and how would s/he do it?


OBJECTIVE 1: OVERALL SECURITYEvaluate General Controls

• 1 B Control procedures to minimize general risks:– Developing an information security/protection plan.– Restricting physical and logical access.– Encrypting data.– Protecting against viruses.– Implementing firewalls.– Instituting data transmission controls.– Preventing and recovering from system failures or disasters,

including:• Designing fault-tolerant systems.• Preventive maintenance.• Backup and recovery procedures.• Disaster recovery plans.• Adequate insurance.


OBJECTIVE 1: OVERALL SECURITY

• 1C1 Audit procedures: Systems review– Inspecting computer sites.– Interviewing personnel.– Reviewing policies and procedures.– Examining access logs, insurance policies,

and the disaster recovery plan.


OBJECTIVE 1: OVERALL SECURITY

1C2 Audit procedures: Tests of controls

– Auditors test security controls by:• Observing procedures.• Verifying that controls are in place and work as

intended.


OBJECTIVE 6: DATA FILES

6A1The sixth objective concerns the accuracy, integrity, and security of data stored in machine-readable files (including relational tables in a database)

• Data storage risks include:– Unauthorized modification of data– Destruction of data– Disclosure of data

• If file controls are seriously deficient, especially with respect to access or backup and recovery, the auditor should strongly recommend they be rectified.



6A2 Types of errors and fraud– Destruction of stored data due to:

• Inadvertent errors• Hardware or software malfunctions• Intentional acts of sabotage or vandalism

– Unauthorized modification or disclosure of stored data



6B Control procedures– restrictions on physical access to data files– Logical access (access by program) controls

using passwords– Encryption of highly confidential data– Use of virus protection software– Maintenance of backup copies of all data files

in an off-site location



6C1 Audit procedures: System review– Review logical access policies and

procedures.– Review operating documentation to determine

prescribed standards for:• Use of file labels and write-protection mechanisms.• Use of virus protection software.• Use of backup storage.• System recovery, including checkpoint and

rollback procedures.



6C2

Review systems documentation to examine prescribed procedures for:

• Use of concurrent update controls and data encryption• Control of file conversions• Reconciling master file totals with independent control totals

– Examine disaster recovery plan.– Discuss data file control procedures with systems

managers and operators.


AUDIT SOFTWARE

6C3 Computer audit software (CAS) or generalized audit software (GAS) are computer programs that have been written especially for auditors.

• Two of the most popular:– Audit Control Language (ACL)– IDEA

• Based on auditor’s specifications, CAS generates programs that perform the audit function.

• CAS is ideally suited for examination of large data files to identify records needing further audit scrutiny.


Learning Objectives

1. Understand the process used by organizations to manage the development of information systems

2. Describe each major phase of the system development life cycle: systems identification, selection, and planning; system analysis; system design; system implementation; and system maintenance


Learning Objectives

3. Describe prototyping, rapid application development, object-oriented analysis, and design methods of systems development along with each approach’s strengths and weaknesses

4. Understand the factors involved in building a system in-house, along with situations in which it is not feasible


Learning Objectives

5. Explain three alternative systems development options: external acquisition, outsourcing, and end-user development


Options for Acquiring System Capabilities


The Systems Development Life Cycle

The System Development Life Cycle (SDLC) is a structured method complete with techniques developed to manage the life cycle of an information system

The System Development Life Cycle (SDLC) is a structured method complete with techniques developed to manage the life cycle of an information system


System Identification, Selection, and Planning


Systems Analysis


Systems Analysis

Collecting System Requirements (Traditional)A combination of methods are used:

• Interviews – discussions with stakeholders (i.e. users)• Questionnaires – surveys to assess use and attitudes• Observations – watch process and systems use• Document Analysis – reviewing current documents

Collecting System Requirements (Traditional)A combination of methods are used:

• Interviews – discussions with stakeholders (i.e. users)• Questionnaires – surveys to assess use and attitudes• Observations – watch process and systems use• Document Analysis – reviewing current documents

Collecting System Requirements (Alternative)A combination of traditional methods are used:

• Critical Success Factors (CSFs) – a process of interviewing, recoding, analyzing and merging factors defined as critical by personnel at all levels of an organization

• Joint Application Design (JAD) - a method that brings together users and analysts in a room to define requirements. This method greatly reduces design time

Collecting System Requirements (Alternative)A combination of traditional methods are used:

• Critical Success Factors (CSFs) – a process of interviewing, recoding, analyzing and merging factors defined as critical by personnel at all levels of an organization

• Joint Application Design (JAD) - a method that brings together users and analysts in a room to define requirements. This method greatly reduces design time


Systems Analysis - Critical Success Factors


Systems Analysis - Joint Application Design

• JAD is a special type of a group meeting in which all (most) users meet with an analyst at the same time

• Users jointly define and agree upon system requirements or design dramatically reducing the design time

• JAD is a special type of a group meeting in which all (most) users meet with an analyst at the same time

• Users jointly define and agree upon system requirements or design dramatically reducing the design time


System Design


System Implementation


System Implementation – System Conversion

Conversion Approaches – the process of taking information from an old system to populate a new system. This is accomplished through manual and/or automated methods

Conversion Approaches – the process of taking information from an old system to populate a new system. This is accomplished through manual and/or automated methods


System Implementation – System Documentation

System DocumentationThe collection of materials produced with an information system to support the ongoing operation and development

System DocumentationThe collection of materials produced with an information system to support the ongoing operation and development

Documentation Types

• User and reference guides – step-by-step instructions for using the system features and functions

• User training and tutorials – manuals and exercises designed to educate users and build competence in system use. These training manuals and tutorials can be supported by a database that utilizes realistic data

• Installation procedures and trouble-shooting suggestions – manuals and procedures designed to support technical personnel in installing and problem solving during system operation

Documentation Types

• User and reference guides – step-by-step instructions for using the system features and functions

• User training and tutorials – manuals and exercises designed to educate users and build competence in system use. These training manuals and tutorials can be supported by a database that utilizes realistic data

• Installation procedures and trouble-shooting suggestions – manuals and procedures designed to support technical personnel in installing and problem solving during system operation


System Implementation – System Training

Training Approaches – the processes used to educate users in new business processes and system features and functions with the goal of building competence to ensure operational success (see possible methods below)

Training Approaches – the processes used to educate users in new business processes and system features and functions with the goal of building competence to ensure operational success (see possible methods below)


System Maintenance


Needs for Alternatives to Internal Systems Building

Limited IS Staff

Limited IS Skill Sets

IS Staff is Overworked

Problem IS Performance

The IS organization does not have the capability to build the system itself

The IS organization does not have personnel with the correct skill sets to build the system

Current IS organization staff demands and priorities make it impossible to build a system

The IS organization does not have the appropriate performance level to build a system

Often it is not feasible to consider building an information system internally. Below are four situations that discourage the idea of internal development:


Alternatives to Internal Development

OutsourcingTurning over some or all responsibility for an organization’s information systems development and operations to an outside firm

OutsourcingTurning over some or all responsibility for an organization’s information systems development and operations to an outside firm

External AcquisitionThe purchasing of an existing system (hardware, software, databases, network) from an outside vendor such as IBM, EDS, or Accenture

External AcquisitionThe purchasing of an existing system (hardware, software, databases, network) from an outside vendor such as IBM, EDS, or Accenture

End-user DevelopmentCapitalizing on the sophistication of current users, this technique allows the system users to develop their system functions using a variety of tools

End-user DevelopmentCapitalizing on the sophistication of current users, this technique allows the system users to develop their system functions using a variety of tools


External Acquisition – Steps to Proceed

Steps in External Acquisition1. System identification, selection, and planning (same

as internal method)2. Systems analysis (same as internal method)3. Development of a Request for Proposal (RFP) – a

report that is used to tell vendors what the requirements are and how they might be able to meet those requirements (hardware, software, training, etc.)

4. Proposal evaluation – may include viewing system demonstrations, evaluating the performance of those systems, and examining criteria important to the organization and judging how the proposed systems respond to those criteria

5. Vendor selection – using a scoring system devised to evaluate the competing proposal and then selecting the proposal that best fits the organization’s needs

Steps in External Acquisition1. System identification, selection, and planning (same

as internal method)2. Systems analysis (same as internal method)3. Development of a Request for Proposal (RFP) – a

report that is used to tell vendors what the requirements are and how they might be able to meet those requirements (hardware, software, training, etc.)

4. Proposal evaluation – may include viewing system demonstrations, evaluating the performance of those systems, and examining criteria important to the organization and judging how the proposed systems respond to those criteria

5. Vendor selection – using a scoring system devised to evaluate the competing proposal and then selecting the proposal that best fits the organization’s needs


External Acquisition – The RFP (Request for Proposal)


Outsourcing – Why Consider?

A firm might outsource some (or all) of its information system service for many reasons:

• Cost and quality concerns – current cost and quality of information systems is unacceptable

• Problems in IS performance – IS is having trouble meeting acceptable service standards

• Supplier pressures – aggressive sales tactics

• Simplifying, downsizing, and reengineering – having a need to focus on core processes

• Financial factors – turning over IS systems can strengthen a balance sheet

• Organizational culture – political or organizational problems that are difficult for IS to overcome

• Internal irritants – tension between the IS staff and users

A firm might outsource some (or all) of its information system service for many reasons:

• Cost and quality concerns – current cost and quality of information systems is unacceptable

• Problems in IS performance – IS is having trouble meeting acceptable service standards

• Supplier pressures – aggressive sales tactics

• Simplifying, downsizing, and reengineering – having a need to focus on core processes

• Financial factors – turning over IS systems can strengthen a balance sheet

• Organizational culture – political or organizational problems that are difficult for IS to overcome

• Internal irritants – tension between the IS staff and users


Outsourcing – Relationship Management

Managing the IS RelationshipOngoing management of the outsourcing alliance is the single most important aspect of the outsourcing project’s success. The following are recommendations for best management:

• A strong CEO and CIO should continually manage the legal and professional relationship with the outsourcer

• Clear, realistic performance measurements of the systems and of the outsourcing arrangement (e.g. tangible and intangible costs and benefits)

• The interface between the customer and outsourcer should have multiple levels (i.e. links to deal with policy and relationship issues)

Managing the IS RelationshipOngoing management of the outsourcing alliance is the single most important aspect of the outsourcing project’s success. The following are recommendations for best management:

• A strong CEO and CIO should continually manage the legal and professional relationship with the outsourcer

• Clear, realistic performance measurements of the systems and of the outsourcing arrangement (e.g. tangible and intangible costs and benefits)

• The interface between the customer and outsourcer should have multiple levels (i.e. links to deal with policy and relationship issues)


Learning Objectives

1. Analyze the ethical, social, and political issues that are raised by information systems

2. Discuss the ethical concerns associated with information privacy, accuracy, property, and accessibility

3. Identify the main moral dimensions of an information society and specific principles for conduct that can be used to guide ethical decisions


Learning Objectives

4. Define computer crime, and list several types of computer crime

5. Contrast what is meant by the term “computer virus,” “worm,” Trojan Horse,” and “logic or time bomb”

6. Describe and explain the differences between cyberwar and cyberterrorism


Information Privacy - How to Maintain

Avoid having Cookies left on your machineUse settings in your browser to block cookies from being deposited on your machine by primary and third parties

Use caution when requesting confirmation emailUse a separate e-mail account from normal to protect information from your employer, sellers, and any one using your computer

Visit sites anonymouslyUse online privacy services that provide total privacy by blocking all techniques used to identify you online (e.g. Anonymizer)

Choose websites monitored by independent organizationsUse rating sites to identify merchant sites whose privacy policies conform to standards and are monitored (e.g epubliceye.com)


Information Accuracy

Information AccuracyConcerned with assuring the authenticity and fidelity of information, and identifying those responsible for information errors that harm people

Information AccuracyConcerned with assuring the authenticity and fidelity of information, and identifying those responsible for information errors that harm people

Sources of information errorErrors in computer output can come from two primary sources. These are:

• Machine Errors – errors in the computer program logic, communication and/or processing that receives, processes, stores, and presents information

• Human Errors – errors by the person(s) entering data or information into the computer system


Information Property

Information PropertyConcerned with who owns information about individuals and how information can be sold and exchanged

Information PropertyConcerned with who owns information about individuals and how information can be sold and exchanged

Privacy Statements Are stated policies from the organizations collecting the information and how they intend to use it. These are legally binding statements

• Internal Use – used within the organization only • External Use – can be sold to outside parties

Information OwnershipThe organization storing the information owns it if it is given willingly…even if unknowingly by use of their sites (e.g. online surveys, credit card transactions, etc.)


Information Property - PIPEDA

Personal Information Protection and Electronic Documents Act (PIPEDA)

The law gives individuals the right to• know why an organization collects, uses or discloses their personal

information; • expect an organization to collect, use or disclose their personal

information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;

• know who in the organization is responsible for protecting their personal information;

• expect an organization to protect their personal information by taking appropriate security measures;

• expect the personal information an organization holds about them to be accurate, complete and up-to-date;

• obtain access to their personal information and ask for corrections if necessary; and

• complain about how an organization handles their personal information if they feel their privacy rights have not been respected.


Information Property - PIPEDA

Personal Information Protection and Electronic Documents Act (PIPEDA)

The law requires organizations to:•obtain consent when they collect, use or disclose their personal information; •supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction; •collect information by fair and lawful means; and •have personal information policies that are clear, understandable and

readily available.


Destructive Code that Replicates

Viruses These programs disrupt the normal function of a computer system through harmless pranks or by destroying files on the infected computer. They come in several types:

• Boot Sector – attaches to the section of a hard disk or floppy disk that boots a computer.

• File Infector – attach themselves to certain file types such as .doc, .exe, etc.

• Combination – viruses can change types between boot sector and file infector to fool antivirus programs

• Attachment – released from an e-mail when an attachment is launched. Can also send themselves your address book

Viruses These programs disrupt the normal function of a computer system through harmless pranks or by destroying files on the infected computer. They come in several types:

• Boot Sector – attaches to the section of a hard disk or floppy disk that boots a computer.

• File Infector – attach themselves to certain file types such as .doc, .exe, etc.

• Combination – viruses can change types between boot sector and file infector to fool antivirus programs

• Attachment – released from an e-mail when an attachment is launched. Can also send themselves your address book

Worms This destructive code also replicates and spreads through networked computers but does damage by clogging up memory to slow the computer versus destroying files

Worms This destructive code also replicates and spreads through networked computers but does damage by clogging up memory to slow the computer versus destroying files


Computer Crimes – Destructive Code


Destructive Code that Doesn’t Replicates

Trojan HorsesThese programs do not replicate but can do damage as they run hidden programs on the infected computer that appears to be running normally (i.e. a game program that creates an account on the unsuspecting user’s computer for unauthorized access)

Trojan HorsesThese programs do not replicate but can do damage as they run hidden programs on the infected computer that appears to be running normally (i.e. a game program that creates an account on the unsuspecting user’s computer for unauthorized access)

Logic or Time BombsA variation of a Trojan Horse that also do not replicate and are hidden but are designed to lie in wait for a triggering operation. (i.e. a disgruntled employee that sets a program to go off after they leave the company)

• Time Bombs – are set off by dates (e.g. a birthday)

• Logic Bombs – are set off by certain operations (e.g. a certain password)

Logic or Time BombsA variation of a Trojan Horse that also do not replicate and are hidden but are designed to lie in wait for a triggering operation. (i.e. a disgruntled employee that sets a program to go off after they leave the company)

• Time Bombs – are set off by dates (e.g. a birthday)

• Logic Bombs – are set off by certain operations (e.g. a certain password)


Cyberwar and Cyberterrorism

Cyberwar

An organized attempt by a country’s military to disrupt or destroy the information and communications systems of another country. Common targets include:

• Command and control systems

• Intelligence collection and distribution systems

• Information processing and distribution systems

• Tactical communication systems

• Troop and weapon positioning systems

• Friend-or-Foe identification systems

• Smart weapons systems

Cyberwar

An organized attempt by a country’s military to disrupt or destroy the information and communications systems of another country. Common targets include:

• Command and control systems

• Intelligence collection and distribution systems

• Information processing and distribution systems

• Tactical communication systems

• Troop and weapon positioning systems

• Friend-or-Foe identification systems

• Smart weapons systems



A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack):

• an attempt to make a computer resource unavailable to its intended users.

• motives for, and targets of a DoS attack may vary• generally consists of the concerted efforts of a person

or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

• perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack):

• an attempt to make a computer resource unavailable to its intended users.

• motives for, and targets of a DoS attack may vary• generally consists of the concerted efforts of a person

or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

• perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.



Cyberterrorism

The use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals

Cyberterrorism

The use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals

Responses to the ThreatAt greatest risk are those that depend highly on computers and networking infrastructure (i.e. governments, utilities, transportation providers, etc.) Responses include:

• Improved intelligence gathering techniques

• Improved cross-government cooperation

• Providing incentives for industry security investment

Responses to the ThreatAt greatest risk are those that depend highly on computers and networking infrastructure (i.e. governments, utilities, transportation providers, etc.) Responses include:

• Improved intelligence gathering techniques

• Improved cross-government cooperation

• Providing incentives for industry security investment

2-1 final review acs-1803-050 computer-based systems (information systems today) applied computer...

Documents

suppliers supply chain

enterprise systems

information systems

primary sources of scm

supply network

suppliers sources

pearson education canada

information technologies