2-1 final review acs-1803-050 computer-based systems (information systems today) applied computer...
Post on 20-Dec-2015
215 views
TRANSCRIPT
2-1
Final Review
ACS-1803-050Computer-based
Systems
(Information Systems Today)
Applied Computer ScienceUniversity of Winnipeg
Robert Riordan, Carleton University
2-2Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
1. Explain how organizations support business activities by using information technologies
2. Describe what enterprise systems are how they have evolved
3. Explain the difference between internally and externally focused software applications
4. Understand and utilize the keys to successfully implementing enterprise systems.
2-3Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Business Value Chain Analysis
Value Chain Analysis (Porter 1985, 2001 )Is a process of analyzing an organization’s activities to determine where value is added to products and/or services and what costs are incurred in doing so.
2-5Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Systems Roles in the Value Chain
Supply Chain Management (SCM) SystemsSupply Chain Management (SCM) Systems
2-6Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Supply Chain Management
Objective Applications that accelerate product development and reduce cost associated with procuring raw materials, components, and services from its suppliers
• Supply Chain – the suppliers that an organization purchases from directly
• Supply Network – the suppliers that an organization purchases from directly and its suppliers
Objective Applications that accelerate product development and reduce cost associated with procuring raw materials, components, and services from its suppliers
• Supply Chain – the suppliers that an organization purchases from directly
• Supply Network – the suppliers that an organization purchases from directly and its suppliers
SourcesThere are two primary sources of SCM systems. These systems are built to tightly integrate with ERP systems
• SCM Software Vendors – Agile, Ariba, I2, Manugistics, Commerce One, etc.
• ERP Vendors – SAP, Baan, Oracle, etc
SourcesThere are two primary sources of SCM systems. These systems are built to tightly integrate with ERP systems
• SCM Software Vendors – Agile, Ariba, I2, Manugistics, Commerce One, etc.
• ERP Vendors – SAP, Baan, Oracle, etc
2-7Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Supply Chain Management Benefits
Supply Chain Management applications can help organizations to gain competitive advantage and provide substantial payback in several ways by:
• Streamlining workflow and increasing employee productivity (i.e. efficiently managing business travel, time, and expenses by collaborating with suppliers in real time)
• Accelerating product development (i.e. enabled by the ability of organizations to swiftly react to market conditions)
• Streamlining cost and creating efficiencies across the supply network (i.e., supporting contract negotiation and measuring effectiveness of those agreements)
Supply Chain Management applications can help organizations to gain competitive advantage and provide substantial payback in several ways by:
• Streamlining workflow and increasing employee productivity (i.e. efficiently managing business travel, time, and expenses by collaborating with suppliers in real time)
• Accelerating product development (i.e. enabled by the ability of organizations to swiftly react to market conditions)
• Streamlining cost and creating efficiencies across the supply network (i.e., supporting contract negotiation and measuring effectiveness of those agreements)
2-8Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Push- versus Pull-Based Supply Chain Models
SCM (cont’d)
2-10Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Systems Roles in the Value Chain
Customer Relationship Management (CRM) SystemsCustomer Relationship Management (CRM) Systems
2-11Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Customer Relationship Management
Objective Applications that help organizations attract new business and attract and encourage repeat business
Objective Applications that help organizations attract new business and attract and encourage repeat business
FunctionsThere are two primary functions in CRM systems:
• Sales – tools designed to assist in presales activities such as marketing and prospecting (e.g. Sales Force Automation)
• Service – tools that help with the post-sales aspects of the business (e.g. call center technology, analytics)
FunctionsThere are two primary functions in CRM systems:
• Sales – tools designed to assist in presales activities such as marketing and prospecting (e.g. Sales Force Automation)
• Service – tools that help with the post-sales aspects of the business (e.g. call center technology, analytics)
SourcesThere are two primary sources of CRM systems:
• CRM Software Vendors – Siebel, FirePond, Onyx, E.Piphany• ERP Vendors – SAP, Baan, Oracle, etc.
SourcesThere are two primary sources of CRM systems:
• CRM Software Vendors – Siebel, FirePond, Onyx, E.Piphany• ERP Vendors – SAP, Baan, Oracle, etc.
2-12Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Customer Relationship Management Benefits
Customer Relationship Management applications can help organizations to gain competitive advantage and provide substantial payback in several ways by:
• reducing costs, because the right things are being done (ie., effective and efficient operation)
• increasing customer satisfaction, because they are getting exactly what they want (ie. meeting and exceeding expectations)
• ensuring that the focus of the organisation is external • growth in numbers of customers • maximizing opportunities (eg. increased services,
referrals, etc.) • increasing access to a source of market and
competitor information • highlighting poor operational processes • providing long term profitability and sustainability
Customer Relationship Management applications can help organizations to gain competitive advantage and provide substantial payback in several ways by:
• reducing costs, because the right things are being done (ie., effective and efficient operation)
• increasing customer satisfaction, because they are getting exactly what they want (ie. meeting and exceeding expectations)
• ensuring that the focus of the organisation is external • growth in numbers of customers • maximizing opportunities (eg. increased services,
referrals, etc.) • increasing access to a source of market and
competitor information • highlighting poor operational processes • providing long term profitability and sustainability
2-13Information Systems Today, 2/C/e ©2008 Pearson Education Canada
CRM Software Capabilities
CRM Systems (Con’t)
2-15Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Systems Roles in the Value Chain
Enterprise Resource Planning (ERP) SystemsEnterprise Resource Planning (ERP) Systems
2-16Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Enterprise Resources Planning (ERP) Definition 1
Enterprise Resource Planning
A method for the effective planning and controlling of ALL these sources needed to take, make, ship and account for customer orders in a manufacturing, distribution or service company.
2-17Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Choosing an ERP System - Issues
ERP Systems are:
• Supplied by multiple vendors including SAP, Baan, Oracle, etc., with each having their own unique features and structures
• Packaged systems that follow a one-size-fits-all strategy which means they may not support all functions as well as a custom system does
• Similar but are also different. They should be selected based on factors including control, business requirements, and best practices
ERP Systems are:
• Supplied by multiple vendors including SAP, Baan, Oracle, etc., with each having their own unique features and structures
• Packaged systems that follow a one-size-fits-all strategy which means they may not support all functions as well as a custom system does
• Similar but are also different. They should be selected based on factors including control, business requirements, and best practices
2-18Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Choosing an ERP System – Selection Factors
Control refers to where the power lies related to computing and decision support systems (centralized vs. decentralized) in selecting systems, developing policies and procedures, etc. (Who will decide?)
Control refers to where the power lies related to computing and decision support systems (centralized vs. decentralized) in selecting systems, developing policies and procedures, etc. (Who will decide?)
Business Requirements refers to the system’s capabilities and how they meet organizational needs through the use of software modules or groups of business functionality (What do you need?)
Business Requirements refers to the system’s capabilities and how they meet organizational needs through the use of software modules or groups of business functionality (What do you need?)
Best Practices refers to the degree to which the software incorporates industry standard methods for doing business which can cause a need for significant business processes reengineering (How much change is required?)
Best Practices refers to the degree to which the software incorporates industry standard methods for doing business which can cause a need for significant business processes reengineering (How much change is required?)
2-19Information Systems Today, 2/C/e ©2008 Pearson Education Canada
ERP and Business Process Reengineering
Business Process Reengineering
A systematic, structured improvement approach by all or part of an organization whereby people critically examine, rethink, and redesign business processes in order to achieve dramatic improvements in one or more performance measures (e.g. quality, cycle time, cost)
Business Process Reengineering
A systematic, structured improvement approach by all or part of an organization whereby people critically examine, rethink, and redesign business processes in order to achieve dramatic improvements in one or more performance measures (e.g. quality, cycle time, cost)
2-20Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Business Process Reengineering
Steps in Business Process Reengineering
• Develop a vision for the organization that specifies business objectives (e.g. reduced costs, shorter time to market, improved quality, etc.)
• Identify critical processes that are to be redesigned
• Understand and measure the existing processes as a baseline for future improvements
• Identify ways that information technology can be used to improve processes
• Design and implement a prototype of the new process(es)
Steps in Business Process Reengineering
• Develop a vision for the organization that specifies business objectives (e.g. reduced costs, shorter time to market, improved quality, etc.)
• Identify critical processes that are to be redesigned
• Understand and measure the existing processes as a baseline for future improvements
• Identify ways that information technology can be used to improve processes
• Design and implement a prototype of the new process(es)
2-21Information Systems Today, 2/C/e ©2008 Pearson Education Canada
BPR Today – Observations and Research
Large bodies of research are available on the role of ERP and BPR implementations. Some of this research has come to the following conclusions:
• Reengineering and related organizational issues are as important as the technical implementation issues (Kumar and Van Hellersberg, 2000; Markus and Tanis, 2000)
• Managers in many cases must choose between making the ERP system fit the organization or the organization fit the ERP system (Soh, Sia, Tay-Yoh, 2000)
• For an ERP system to help transform the organization and gain new competitive capabilities, a full organizational and operational change is required (Willcocks and Sykes, 2000)
• To be successful, manager must first transform the organization and then implement the ERP system
Large bodies of research are available on the role of ERP and BPR implementations. Some of this research has come to the following conclusions:
• Reengineering and related organizational issues are as important as the technical implementation issues (Kumar and Van Hellersberg, 2000; Markus and Tanis, 2000)
• Managers in many cases must choose between making the ERP system fit the organization or the organization fit the ERP system (Soh, Sia, Tay-Yoh, 2000)
• For an ERP system to help transform the organization and gain new competitive capabilities, a full organizational and operational change is required (Willcocks and Sykes, 2000)
• To be successful, manager must first transform the organization and then implement the ERP system
2-22Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Enterprise Systems – Integrated (Interorganizational)
Integrated PackagesRichly functional systems designed to support externally focused functions (Upstream – Supply Chain Management and Downstream – Customer Relationship Management)
Integrated PackagesRichly functional systems designed to support externally focused functions (Upstream – Supply Chain Management and Downstream – Customer Relationship Management)
Integrated Packages• Highly integrated with internal systems (ERP) through the use of interfaces and specialty software
• Organizational fit for these systems is very high as they are highly specific to the function they support
• These are usually packaged applications that are supplied and supported by the ERP vendor or other third-party system integrators
• Customization or modifications are also discouraged to minimize support cost but the applications are highly configurable
Integrated Packages• Highly integrated with internal systems (ERP) through the use of interfaces and specialty software
• Organizational fit for these systems is very high as they are highly specific to the function they support
• These are usually packaged applications that are supplied and supported by the ERP vendor or other third-party system integrators
• Customization or modifications are also discouraged to minimize support cost but the applications are highly configurable
2-23Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Recommendations for Enterprise System Success
Get Help from Outside ExpertsImplementation success is enabled by deep application experience and access to supporting tools and methods
Take a Multidisciplinary Approach to ImplementationsEnterprise systems span the entire organization and as such require input and participation from all functions
Thoroughly Train UsersTraining in organization, business process, and application functions is critical to success and must be reinforced
Secure Executive SponsorshipThe highest level support is required to obtain resources and make and support difficult reengineering decisions
2-24Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
1. Discuss how organizations can use information systems for automation, organizational learning, and strategic support
2. Describe information systems’ critical strategic importance to the success of modern organizations
2-25Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
3. Formulate and present the business case for a system and understand why it is sometimes difficult to do so
4. Explain why and how companies are continually looking for new ways to use technology for competitive advantage
2-26Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Business Strategy
Business Strategy
Streamline Business Processes
Solidify Business Relationships/
Improve Customer Service
Maximize Technology
Benefits
Improve Profitability & Reduce Costs
Reach Global Markets
2-27Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Strategy and Competitive Advantage
Sources of Competitive Advantage• Having the best-made product on the market• Delivering superior customer service• Achieving lower cost than rivals• Having proprietary manufacturing technology• Having shorter lead-times in developing and testing new
products• Having a well-known brand name and reputation• Giving customers more value for their money
Achieving StrategyProviding support in a way that enables the firm to gain or sustain competitive advantage over rivals
Achieving StrategyProviding support in a way that enables the firm to gain or sustain competitive advantage over rivals
2-29Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Presenting the Business Case – Success Factors
Know your AudienceA number of people may be involved in the decision making process. The key is to present information that is relevant and important to them
IS Manager - He/She has overall responsibility for development, deployment, and maintenance of systems. Concern about IS organization impact are likely
Company Executives - They represent various stakeholders in the organization. The may also have their own agenda at stake when making decisions about expenses
Steering Committee – A collection of various company stake holders whose goal is to balance the needs and concerns in making a recommendation to the CEO
Know your AudienceA number of people may be involved in the decision making process. The key is to present information that is relevant and important to them
IS Manager - He/She has overall responsibility for development, deployment, and maintenance of systems. Concern about IS organization impact are likely
Company Executives - They represent various stakeholders in the organization. The may also have their own agenda at stake when making decisions about expenses
Steering Committee – A collection of various company stake holders whose goal is to balance the needs and concerns in making a recommendation to the CEO
The key to successfully presenting the business case depends on thorough presentation and paying attention to the following factors
2-31Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Systems That Span Organizational Boundaries
2-32Information Systems Today, 2/C/e ©2008 Pearson Education Canada
System Description: Functional Area Info Systems
2-33Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Value Chain Analysis
Value Chain Analysis (Porter 1985, 2001 )Is a process of analyzing an organization’s activities to determine where value is added to products and/or services and what costs are incurred in doing so.
2-34Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Systems Roles in the Value Chain
Systems play a significant role throughout the Value Chain to achieve competitive advantage and:
• Must be appropriate for the business strategy (e.g. cost) • Are usually coupled with Business Process Reengineering that
addresses process to enhance company operations
Systems play a significant role throughout the Value Chain to achieve competitive advantage and:
• Must be appropriate for the business strategy (e.g. cost) • Are usually coupled with Business Process Reengineering that
addresses process to enhance company operations
2-35Information Systems Today, 2/C/e ©2008 Pearson Education Canada
The Value Chain - Primary Activities
Functional areas within an organization that process inputs and produce outputs. These activities may vary widely based on the unique requirements of a company’s industry
Functional areas within an organization that process inputs and produce outputs. These activities may vary widely based on the unique requirements of a company’s industry
Primary Activities include:• Inbound Logistics – receiving and stocking raw
materials, parts, products• Operations/Manufacturing – processing orders and
raw materials into finished product• Outbound Logistics – distribution of the finished
product to customers • Marketing and Sales – creating demand for the product
(pre-sales activities)• Customer Service – providing support for the product
or customer (post-sales activities)
Primary Activities include:• Inbound Logistics – receiving and stocking raw
materials, parts, products• Operations/Manufacturing – processing orders and
raw materials into finished product• Outbound Logistics – distribution of the finished
product to customers • Marketing and Sales – creating demand for the product
(pre-sales activities)• Customer Service – providing support for the product
or customer (post-sales activities)
2-36Information Systems Today, 2/C/e ©2008 Pearson Education Canada
The Value Chain - Support Activities
Support activities are business activities that enable Primary Activities. These activities can be unique by industry but are generally more typical across industries.
Support activities are business activities that enable Primary Activities. These activities can be unique by industry but are generally more typical across industries.
Support Activities include:• Infrastructure – hardware and software that must be
implemented to support applications for primary activities
• Human Resources – employee management activities: hiring, interview scheduling, and benefits management
• Technology Development – the design and development of applications that support the organization
• Procurement – purchase of goods or services that are required as inputs to primary activities
Support Activities include:• Infrastructure – hardware and software that must be
implemented to support applications for primary activities
• Human Resources – employee management activities: hiring, interview scheduling, and benefits management
• Technology Development – the design and development of applications that support the organization
• Procurement – purchase of goods or services that are required as inputs to primary activities
2-37Information Systems Today, 2/C/e ©2008 Pearson Education Canada
• Use the value chain to:– Plan for a better way of meeting customer
demands.– Identifying processes that add value.– Identifying processes that reduce value.
Developing a Competitive Business Strategy
2-38Information Systems Today, 2/C/e ©2008 Pearson Education Canada
How does a business optimize its value process?
Developing a Competitive Business Strategy
2-39Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Differentiator – adding value to the process
Developing a Competitive Business Strategy
2-40Information Systems Today, 2/C/e ©2008 Pearson Education Canada
• Disintermediation – using the Internet as a delivery vehicle, intermediate players in a distribution channel can be bypassed.
Key E-Commerce Strategies
2-41Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Recurring vs. Non-Recurring• Recurring - Ongoing costs or benefits identified in
a business case (IT staff to support system)• Non-Recurring - One-time costs or benefits
identified in a business case (software purchase)
Tangible vs. Intangible• Tangible - Cost and benefits that are easily
identified (e.g. headcount or labour cost)• Intangible - Cost and benefits that are not easily
identified (i.e. increased customer service)
Business cases typically include both Recurring/Non-recurring and Tangible/Intangible costs and benefits
Developing a Competitive E-Business Strategy
Recurring/Non-Recurring and Tangible/Intangible
2-42Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Sources of differentiation
Tangible sources
Speed of delivery
Convenience
Customisation
Intangible sources
Reputation
Brand
Productrange
Quality
Tangible and intangible sources of differentiation
Developing a Competitive E-Business Strategy
2-43Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
1. What is auditing?
2. Type of auditors• External• Internal
3. Overview of the auditing process (Four key stages)
4. Six areas of organizational risk• Focus on Overall Risks and• Storage of Data
The Auditing of Information Systems
2-44Information Systems Today, 2/C/e ©2008 Pearson Education Canada
THE NATURE OF AUDITING
• An overview of the auditing process– All audits follow a similar
sequence of activities and may be divided into four stages:
• Planning• Collecting evidence• Evaluating evidence• Communicating audit
results
Communicating Audit Results
Evaluating Evidence
Collecting Evidence
Planning
2-45Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Making Sense of This
• There are six areas of risk in an organization’s information systems as identified here:– 1.Overall (General)– 2. System development, acquisition and – 3. modification– 4. The working of the programs in the system
(processing)– 5. The capture and input of data into the system
(source data)– 6. The storage of data that has been input (data files)
2-46Information Systems Today, 2/C/e ©2008 Pearson Education Canada
For each area of risk (1 to 6)
• A.What are some actual risks (e.g., possible error or fraud)?
• B. What are some controls to counteract these risks?
• C. What might an internal auditor do, specifically, to assess each such control, and how would s/he do it?
2-47Information Systems Today, 2/C/e ©2008 Pearson Education Canada
OBJECTIVE 1: OVERALL SECURITYEvaluate General Controls
• 1 B Control procedures to minimize general risks:– Developing an information security/protection plan.– Restricting physical and logical access.– Encrypting data.– Protecting against viruses.– Implementing firewalls.– Instituting data transmission controls.– Preventing and recovering from system failures or disasters,
including:• Designing fault-tolerant systems.• Preventive maintenance.• Backup and recovery procedures.• Disaster recovery plans.• Adequate insurance.
2-48Information Systems Today, 2/C/e ©2008 Pearson Education Canada
OBJECTIVE 1: OVERALL SECURITY
• 1C1 Audit procedures: Systems review– Inspecting computer sites.– Interviewing personnel.– Reviewing policies and procedures.– Examining access logs, insurance policies,
and the disaster recovery plan.
2-49Information Systems Today, 2/C/e ©2008 Pearson Education Canada
OBJECTIVE 1: OVERALL SECURITY
1C2 Audit procedures: Tests of controls
– Auditors test security controls by:• Observing procedures.• Verifying that controls are in place and work as
intended.
2-50Information Systems Today, 2/C/e ©2008 Pearson Education Canada
OBJECTIVE 6: DATA FILES
6A1The sixth objective concerns the accuracy, integrity, and security of data stored in machine-readable files (including relational tables in a database)
• Data storage risks include:– Unauthorized modification of data– Destruction of data– Disclosure of data
• If file controls are seriously deficient, especially with respect to access or backup and recovery, the auditor should strongly recommend they be rectified.
2-51Information Systems Today, 2/C/e ©2008 Pearson Education Canada
OBJECTIVE 6: DATA FILES
6A2 Types of errors and fraud– Destruction of stored data due to:
• Inadvertent errors• Hardware or software malfunctions• Intentional acts of sabotage or vandalism
– Unauthorized modification or disclosure of stored data
2-52Information Systems Today, 2/C/e ©2008 Pearson Education Canada
OBJECTIVE 6: DATA FILES
6B Control procedures– restrictions on physical access to data files– Logical access (access by program) controls
using passwords– Encryption of highly confidential data– Use of virus protection software– Maintenance of backup copies of all data files
in an off-site location
2-53Information Systems Today, 2/C/e ©2008 Pearson Education Canada
OBJECTIVE 6: DATA FILES
6C1 Audit procedures: System review– Review logical access policies and
procedures.– Review operating documentation to determine
prescribed standards for:• Use of file labels and write-protection mechanisms.• Use of virus protection software.• Use of backup storage.• System recovery, including checkpoint and
rollback procedures.
2-54Information Systems Today, 2/C/e ©2008 Pearson Education Canada
OBJECTIVE 6: DATA FILES
6C2
Review systems documentation to examine prescribed procedures for:
• Use of concurrent update controls and data encryption• Control of file conversions• Reconciling master file totals with independent control totals
– Examine disaster recovery plan.– Discuss data file control procedures with systems
managers and operators.
2-55Information Systems Today, 2/C/e ©2008 Pearson Education Canada
AUDIT SOFTWARE
6C3 Computer audit software (CAS) or generalized audit software (GAS) are computer programs that have been written especially for auditors.
• Two of the most popular:– Audit Control Language (ACL)– IDEA
• Based on auditor’s specifications, CAS generates programs that perform the audit function.
• CAS is ideally suited for examination of large data files to identify records needing further audit scrutiny.
2-56Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
1. Understand the process used by organizations to manage the development of information systems
2. Describe each major phase of the system development life cycle: systems identification, selection, and planning; system analysis; system design; system implementation; and system maintenance
2-57Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
3. Describe prototyping, rapid application development, object-oriented analysis, and design methods of systems development along with each approach’s strengths and weaknesses
4. Understand the factors involved in building a system in-house, along with situations in which it is not feasible
2-58Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
5. Explain three alternative systems development options: external acquisition, outsourcing, and end-user development
2-59Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Options for Acquiring System Capabilities
2-60Information Systems Today, 2/C/e ©2008 Pearson Education Canada
The Systems Development Life Cycle
The System Development Life Cycle (SDLC) is a structured method complete with techniques developed to manage the life cycle of an information system
The System Development Life Cycle (SDLC) is a structured method complete with techniques developed to manage the life cycle of an information system
2-61Information Systems Today, 2/C/e ©2008 Pearson Education Canada
System Identification, Selection, and Planning
2-63Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Systems Analysis
Collecting System Requirements (Traditional)A combination of methods are used:
• Interviews – discussions with stakeholders (i.e. users)• Questionnaires – surveys to assess use and attitudes• Observations – watch process and systems use• Document Analysis – reviewing current documents
Collecting System Requirements (Traditional)A combination of methods are used:
• Interviews – discussions with stakeholders (i.e. users)• Questionnaires – surveys to assess use and attitudes• Observations – watch process and systems use• Document Analysis – reviewing current documents
Collecting System Requirements (Alternative)A combination of traditional methods are used:
• Critical Success Factors (CSFs) – a process of interviewing, recoding, analyzing and merging factors defined as critical by personnel at all levels of an organization
• Joint Application Design (JAD) - a method that brings together users and analysts in a room to define requirements. This method greatly reduces design time
Collecting System Requirements (Alternative)A combination of traditional methods are used:
• Critical Success Factors (CSFs) – a process of interviewing, recoding, analyzing and merging factors defined as critical by personnel at all levels of an organization
• Joint Application Design (JAD) - a method that brings together users and analysts in a room to define requirements. This method greatly reduces design time
2-64Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Systems Analysis - Critical Success Factors
2-65Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Systems Analysis - Joint Application Design
• JAD is a special type of a group meeting in which all (most) users meet with an analyst at the same time
• Users jointly define and agree upon system requirements or design dramatically reducing the design time
• JAD is a special type of a group meeting in which all (most) users meet with an analyst at the same time
• Users jointly define and agree upon system requirements or design dramatically reducing the design time
2-68Information Systems Today, 2/C/e ©2008 Pearson Education Canada
System Implementation – System Conversion
Conversion Approaches – the process of taking information from an old system to populate a new system. This is accomplished through manual and/or automated methods
Conversion Approaches – the process of taking information from an old system to populate a new system. This is accomplished through manual and/or automated methods
2-69Information Systems Today, 2/C/e ©2008 Pearson Education Canada
System Implementation – System Documentation
System DocumentationThe collection of materials produced with an information system to support the ongoing operation and development
System DocumentationThe collection of materials produced with an information system to support the ongoing operation and development
Documentation Types
• User and reference guides – step-by-step instructions for using the system features and functions
• User training and tutorials – manuals and exercises designed to educate users and build competence in system use. These training manuals and tutorials can be supported by a database that utilizes realistic data
• Installation procedures and trouble-shooting suggestions – manuals and procedures designed to support technical personnel in installing and problem solving during system operation
Documentation Types
• User and reference guides – step-by-step instructions for using the system features and functions
• User training and tutorials – manuals and exercises designed to educate users and build competence in system use. These training manuals and tutorials can be supported by a database that utilizes realistic data
• Installation procedures and trouble-shooting suggestions – manuals and procedures designed to support technical personnel in installing and problem solving during system operation
2-70Information Systems Today, 2/C/e ©2008 Pearson Education Canada
System Implementation – System Training
Training Approaches – the processes used to educate users in new business processes and system features and functions with the goal of building competence to ensure operational success (see possible methods below)
Training Approaches – the processes used to educate users in new business processes and system features and functions with the goal of building competence to ensure operational success (see possible methods below)
2-72Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Needs for Alternatives to Internal Systems Building
Limited IS Staff
Limited IS Skill Sets
IS Staff is Overworked
Problem IS Performance
The IS organization does not have the capability to build the system itself
The IS organization does not have personnel with the correct skill sets to build the system
Current IS organization staff demands and priorities make it impossible to build a system
The IS organization does not have the appropriate performance level to build a system
Often it is not feasible to consider building an information system internally. Below are four situations that discourage the idea of internal development:
2-73Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Alternatives to Internal Development
OutsourcingTurning over some or all responsibility for an organization’s information systems development and operations to an outside firm
OutsourcingTurning over some or all responsibility for an organization’s information systems development and operations to an outside firm
External AcquisitionThe purchasing of an existing system (hardware, software, databases, network) from an outside vendor such as IBM, EDS, or Accenture
External AcquisitionThe purchasing of an existing system (hardware, software, databases, network) from an outside vendor such as IBM, EDS, or Accenture
End-user DevelopmentCapitalizing on the sophistication of current users, this technique allows the system users to develop their system functions using a variety of tools
End-user DevelopmentCapitalizing on the sophistication of current users, this technique allows the system users to develop their system functions using a variety of tools
2-74Information Systems Today, 2/C/e ©2008 Pearson Education Canada
External Acquisition – Steps to Proceed
Steps in External Acquisition1. System identification, selection, and planning (same
as internal method)2. Systems analysis (same as internal method)3. Development of a Request for Proposal (RFP) – a
report that is used to tell vendors what the requirements are and how they might be able to meet those requirements (hardware, software, training, etc.)
4. Proposal evaluation – may include viewing system demonstrations, evaluating the performance of those systems, and examining criteria important to the organization and judging how the proposed systems respond to those criteria
5. Vendor selection – using a scoring system devised to evaluate the competing proposal and then selecting the proposal that best fits the organization’s needs
Steps in External Acquisition1. System identification, selection, and planning (same
as internal method)2. Systems analysis (same as internal method)3. Development of a Request for Proposal (RFP) – a
report that is used to tell vendors what the requirements are and how they might be able to meet those requirements (hardware, software, training, etc.)
4. Proposal evaluation – may include viewing system demonstrations, evaluating the performance of those systems, and examining criteria important to the organization and judging how the proposed systems respond to those criteria
5. Vendor selection – using a scoring system devised to evaluate the competing proposal and then selecting the proposal that best fits the organization’s needs
2-75Information Systems Today, 2/C/e ©2008 Pearson Education Canada
External Acquisition – The RFP (Request for Proposal)
2-76Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Outsourcing – Why Consider?
A firm might outsource some (or all) of its information system service for many reasons:
• Cost and quality concerns – current cost and quality of information systems is unacceptable
• Problems in IS performance – IS is having trouble meeting acceptable service standards
• Supplier pressures – aggressive sales tactics
• Simplifying, downsizing, and reengineering – having a need to focus on core processes
• Financial factors – turning over IS systems can strengthen a balance sheet
• Organizational culture – political or organizational problems that are difficult for IS to overcome
• Internal irritants – tension between the IS staff and users
A firm might outsource some (or all) of its information system service for many reasons:
• Cost and quality concerns – current cost and quality of information systems is unacceptable
• Problems in IS performance – IS is having trouble meeting acceptable service standards
• Supplier pressures – aggressive sales tactics
• Simplifying, downsizing, and reengineering – having a need to focus on core processes
• Financial factors – turning over IS systems can strengthen a balance sheet
• Organizational culture – political or organizational problems that are difficult for IS to overcome
• Internal irritants – tension between the IS staff and users
2-77Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Outsourcing – Relationship Management
Managing the IS RelationshipOngoing management of the outsourcing alliance is the single most important aspect of the outsourcing project’s success. The following are recommendations for best management:
• A strong CEO and CIO should continually manage the legal and professional relationship with the outsourcer
• Clear, realistic performance measurements of the systems and of the outsourcing arrangement (e.g. tangible and intangible costs and benefits)
• The interface between the customer and outsourcer should have multiple levels (i.e. links to deal with policy and relationship issues)
Managing the IS RelationshipOngoing management of the outsourcing alliance is the single most important aspect of the outsourcing project’s success. The following are recommendations for best management:
• A strong CEO and CIO should continually manage the legal and professional relationship with the outsourcer
• Clear, realistic performance measurements of the systems and of the outsourcing arrangement (e.g. tangible and intangible costs and benefits)
• The interface between the customer and outsourcer should have multiple levels (i.e. links to deal with policy and relationship issues)
2-78Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
1. Analyze the ethical, social, and political issues that are raised by information systems
2. Discuss the ethical concerns associated with information privacy, accuracy, property, and accessibility
3. Identify the main moral dimensions of an information society and specific principles for conduct that can be used to guide ethical decisions
2-79Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Learning Objectives
4. Define computer crime, and list several types of computer crime
5. Contrast what is meant by the term “computer virus,” “worm,” Trojan Horse,” and “logic or time bomb”
6. Describe and explain the differences between cyberwar and cyberterrorism
2-80Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Privacy - How to Maintain
Avoid having Cookies left on your machineUse settings in your browser to block cookies from being deposited on your machine by primary and third parties
Use caution when requesting confirmation emailUse a separate e-mail account from normal to protect information from your employer, sellers, and any one using your computer
Visit sites anonymouslyUse online privacy services that provide total privacy by blocking all techniques used to identify you online (e.g. Anonymizer)
Choose websites monitored by independent organizationsUse rating sites to identify merchant sites whose privacy policies conform to standards and are monitored (e.g epubliceye.com)
2-81Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Accuracy
Information AccuracyConcerned with assuring the authenticity and fidelity of information, and identifying those responsible for information errors that harm people
Information AccuracyConcerned with assuring the authenticity and fidelity of information, and identifying those responsible for information errors that harm people
Sources of information errorErrors in computer output can come from two primary sources. These are:
• Machine Errors – errors in the computer program logic, communication and/or processing that receives, processes, stores, and presents information
• Human Errors – errors by the person(s) entering data or information into the computer system
2-82Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Property
Information PropertyConcerned with who owns information about individuals and how information can be sold and exchanged
Information PropertyConcerned with who owns information about individuals and how information can be sold and exchanged
Privacy Statements Are stated policies from the organizations collecting the information and how they intend to use it. These are legally binding statements
• Internal Use – used within the organization only • External Use – can be sold to outside parties
Information OwnershipThe organization storing the information owns it if it is given willingly…even if unknowingly by use of their sites (e.g. online surveys, credit card transactions, etc.)
2-83Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Property - PIPEDA
Personal Information Protection and Electronic Documents Act (PIPEDA)
The law gives individuals the right to• know why an organization collects, uses or discloses their personal
information; • expect an organization to collect, use or disclose their personal
information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;
• know who in the organization is responsible for protecting their personal information;
• expect an organization to protect their personal information by taking appropriate security measures;
• expect the personal information an organization holds about them to be accurate, complete and up-to-date;
• obtain access to their personal information and ask for corrections if necessary; and
• complain about how an organization handles their personal information if they feel their privacy rights have not been respected.
2-84Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Information Property - PIPEDA
Personal Information Protection and Electronic Documents Act (PIPEDA)
The law requires organizations to:•obtain consent when they collect, use or disclose their personal information; •supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction; •collect information by fair and lawful means; and •have personal information policies that are clear, understandable and
readily available.
2-85Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Destructive Code that Replicates
Viruses These programs disrupt the normal function of a computer system through harmless pranks or by destroying files on the infected computer. They come in several types:
• Boot Sector – attaches to the section of a hard disk or floppy disk that boots a computer.
• File Infector – attach themselves to certain file types such as .doc, .exe, etc.
• Combination – viruses can change types between boot sector and file infector to fool antivirus programs
• Attachment – released from an e-mail when an attachment is launched. Can also send themselves your address book
Viruses These programs disrupt the normal function of a computer system through harmless pranks or by destroying files on the infected computer. They come in several types:
• Boot Sector – attaches to the section of a hard disk or floppy disk that boots a computer.
• File Infector – attach themselves to certain file types such as .doc, .exe, etc.
• Combination – viruses can change types between boot sector and file infector to fool antivirus programs
• Attachment – released from an e-mail when an attachment is launched. Can also send themselves your address book
Worms This destructive code also replicates and spreads through networked computers but does damage by clogging up memory to slow the computer versus destroying files
Worms This destructive code also replicates and spreads through networked computers but does damage by clogging up memory to slow the computer versus destroying files
2-86Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Computer Crimes – Destructive Code
2-87Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Destructive Code that Doesn’t Replicates
Trojan HorsesThese programs do not replicate but can do damage as they run hidden programs on the infected computer that appears to be running normally (i.e. a game program that creates an account on the unsuspecting user’s computer for unauthorized access)
Trojan HorsesThese programs do not replicate but can do damage as they run hidden programs on the infected computer that appears to be running normally (i.e. a game program that creates an account on the unsuspecting user’s computer for unauthorized access)
Logic or Time BombsA variation of a Trojan Horse that also do not replicate and are hidden but are designed to lie in wait for a triggering operation. (i.e. a disgruntled employee that sets a program to go off after they leave the company)
• Time Bombs – are set off by dates (e.g. a birthday)
• Logic Bombs – are set off by certain operations (e.g. a certain password)
Logic or Time BombsA variation of a Trojan Horse that also do not replicate and are hidden but are designed to lie in wait for a triggering operation. (i.e. a disgruntled employee that sets a program to go off after they leave the company)
• Time Bombs – are set off by dates (e.g. a birthday)
• Logic Bombs – are set off by certain operations (e.g. a certain password)
2-88Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Cyberwar and Cyberterrorism
Cyberwar
An organized attempt by a country’s military to disrupt or destroy the information and communications systems of another country. Common targets include:
• Command and control systems
• Intelligence collection and distribution systems
• Information processing and distribution systems
• Tactical communication systems
• Troop and weapon positioning systems
• Friend-or-Foe identification systems
• Smart weapons systems
Cyberwar
An organized attempt by a country’s military to disrupt or destroy the information and communications systems of another country. Common targets include:
• Command and control systems
• Intelligence collection and distribution systems
• Information processing and distribution systems
• Tactical communication systems
• Troop and weapon positioning systems
• Friend-or-Foe identification systems
• Smart weapons systems
2-89Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Cyberwar and Cyberterrorism
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack):
• an attempt to make a computer resource unavailable to its intended users.
• motives for, and targets of a DoS attack may vary• generally consists of the concerted efforts of a person
or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
• perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack):
• an attempt to make a computer resource unavailable to its intended users.
• motives for, and targets of a DoS attack may vary• generally consists of the concerted efforts of a person
or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
• perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
2-90Information Systems Today, 2/C/e ©2008 Pearson Education Canada
Cyberwar and Cyberterrorism
Cyberterrorism
The use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals
Cyberterrorism
The use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals
Responses to the ThreatAt greatest risk are those that depend highly on computers and networking infrastructure (i.e. governments, utilities, transportation providers, etc.) Responses include:
• Improved intelligence gathering techniques
• Improved cross-government cooperation
• Providing incentives for industry security investment
Responses to the ThreatAt greatest risk are those that depend highly on computers and networking infrastructure (i.e. governments, utilities, transportation providers, etc.) Responses include:
• Improved intelligence gathering techniques
• Improved cross-government cooperation
• Providing incentives for industry security investment