it strategy and management
TRANSCRIPT
Ch
rist
ian
Re
ina
, CIS
SP
20
09
ME
T C
S7
82
Ve
rsio
n 1
.0
This document may be used only for informational, educational, and noncommercial purposes. You are free to copy, distribute, publish and alter this document under the conditions that you give credit to the original
author. 2009 – Christian Reina, CISSP.
Mo
du
le 1
– B
usi
ne
ss M
od
els
& S
tra
teg
ies
Introduction It is no longer adequate for IT professionals to be good technologists or managers. They need to understand what makes their organizations successful and what drives their business so that their ideas, decisions, and actions are all in furtherance of that success. Understanding what makes an organization succeed is grounded in an understanding of business models and how businesses compete. Business Models A business model is a conceptual framework, describing the way in which a business makes money. It can be subdivided into four sub-models; market, operational, financial, and competitive. A business model is a conceptual framework that expresses the underlying economic logic and system that prove how a business can deliver value to customers at an appropriate cost and make money. 1. Market Model
Company's offerings
Focus: standardized mass market products and services, mass customization, providing individual customized produces and services
Product positioning
Market positioning
Custom or volume business
Value proposition: why would customers want it? 2. Operational Model
Company size
organization and management
Employee relationships
Resource management
Supply chain management
Sales and delivery channels 3. Financial Model
Profit margin, earnings, Earnings Before Interest, Taxes, Depreciation and Amortization (EBITDA)
Company growth
Business costs
Revenue and profit model
Intellectual property
Value to its investors 4. Competitive Model
Competitors
Competitive forces
Competitive advantage
Complementary offerings
External business relationships
Common Business Models:
Manufacturer Manufacture a product which is distributed to customers through various sales channels
Razor and Blades Manufacture a product (e.g., razors or printers) that is sold at a low price or even given away free, while the real money is made on a second product (e.g., blades or ink) consumed in using the main product
Retail Sell products (and sometimes related services) purchased from manufacturers and distributors to consumers through retail outlets
Catalog Sell offerings through catalogs
Consignment Sell products provided by suppliers (generally at a price determined by the supplier)—pay the supplier only after the product is sold
Distributor Distribute products obtained from manufacturers and upstream distributors to volume and retail customers
Build-to-Order Manufacture a product using JIT (Just In Time) delivery of parts needed to produce the product. It requires a solid relationship between suppliers and distributors. Dell has had much success using this model.
Business / IT Planning A process which focuses on discovering innovative approaches to satisfy a company's customer value and business value. A CEO and CIO work together as a coadaptation process. 1. Strategic Development: Business strategies that
support a company's vision. 2. Resource Management: Strategic plans for managing or
outsourcing a company's IT resources 3. Technology Architecture: Strategic IT choices that
reflect an information technology architecture to support business initiatives.
a. Technology Platforms b. Data resources c. Application architecture d. IT Organization
Competitive Forces In 1985, Michael Porter described how businesses develop strategies to respond to competitive forces in its industry. He listed five competitive forces [Qui04a] which are very useful to keep in mind and can be used as a checklist to ensure that one is not overlooking factors.
1. The rivalry of competitors 2. The threat of new entrants: as a result of low barriers to
entry
3. The threat of substitutes: Disruptive technologies (or
more generally, disruptive innovations) initially appeal to
a small market niche, but evolve to become major
competitors, changing the market and affecting the
value proposition for the technology they displace.
4. The bargaining power of buyers: Note that buyers do
not necessarily correspond to the ultimate end-users of
a product or service, but can include intermediaries,
such as wholesalers or resellers
5. The bargaining power of suppliers
** It can also be useful to consider the bargaining power of
partners
Competitive Strategies Watching for general changes in the business environment is
sometimes called PEST Analysis, after the acronym of the four
environmental components:
Political (including regulatory changes)
Economic
Social (including short and long term cultural changes)
Technological
PEST Analysis is a component of a broader activity called
Environmental Scanning, which involves paying attention to any
changes that can affect a company's success.
Organizations develop competitive strategies (also called
business strategies) in order to:
respond to competitive forces
respond to other changes in the business environment
take advantage of opportunities that arise
1. Position-based Approach.
Product Positioning
Cost Leadership: Sell for less
Differentiation: Customers who value the
differences and availability of complements.
Market Positioning (Market Focus): Build strong
relationship with customers by increasing their loyalty.
Mo
du
le 1
– B
usi
ne
ss M
od
els
& S
tra
teg
ies
2. Advantage-based Approach. A competitive advantage is a characteristic of a business that allows it to be more profitable than its competitors. An advantage-based approach focuses on how a company can build a sustainable competitive advantage -- one which
- can be maintained over a significant period of time
- is based on some characteristic of the business that is difficult or impossible to replicate.
Developing or Acquiring Intellectual Property
Economies of Scale and Scope: horizontal integration (merger or acquisition of businesses that provide specialized processes for a large volume business
Network Effects: more people more value. A company can induce or strengthen network effects through its pricing model.
Switching costs
Resources and capabilities: Exclusive rights to resources
Legislation and Regulations
Brand
IT and Business Processes: Significant costs for competitors to replicate technology.
Knowledge and culture ** These act as barriers of entry First Mover Advantage: first company to produce a product based on brad and innovative capacity.
Cost reduction is not a competitive strategy, but it is often a way to achieve other strategic goals like producing positioning and additional funds.
3. Relationship-based Approach. This focuses on how the company can develop or strengthen its external relationships to more effectively compete. This is different from the position and advantage based because is a systematic consideration of each type of external relationship and how it can be improved.
Customers: customization, customer service, personalizatioin, special offers
Channels: Sales and distribution channels. o Direct channels: A company's
website/retails outlets, and sales force
o Indirect channels (Channel partners): distributors, wholesalers, resellers, catalog, and independent retail stores. Dependent intermediaries focus on a company's products/services while independent intermediaries have wide variety of sources.
Forward integration: company manages the path to its customers therefore eliminating channel conflicts with complete forward integration.
Suppliers: Companies can eliminate or reduce the bargaining power of suppliers through backward integration (also a kind of vertical integration). Backward integration is the degree to which a company directly obtains the supplies it needs through multiple levels of the supply chain, and through supply intermediaries.
Partners: o Operational partners o Complement partners o Channel partners o Integration partners
Competitors: Coopetition (cooperation) among competitors
o Standards o Cross-Licensing: Reduces
patent litigation.
4. Model-based Approach: The model-based approach to competitive strategy focuses on how a company's business model and strategies can or should evolve.
Enhance - Incrementally improves positioning of existing products and services in their existing market segments, and strengthens existing relationships
Expand - Adds new products or services, targets new market segments, and adds new relationships
Extend - Enters new lines of business or adopts new business models
Exit - Drops products, services, market segments, relationships, lines of business, or business models
Basis of Competition Competition is often based on price, service, customizability,
convenience, quality, reliability, or reputation. Clayton Christensen
has pointed out that the basis of competition within an industry
often tends to evolve, from functionality, to reliability, to
convenience, and then to price.
Strategic Advantage of IT
If a company emphasized strategic business uses of information
technology, its management would view IT as a major competitive
differentiator. They would then devise business strategies that use
IT. Competitive advantage comes from your math, your workflow,
and your processes through your systems. This is where IT
becomes the enabler to new business capabilities.
Reengineering Business Processes:
o BPR: Business process reengineering.
o Organizational redesign: Multidisciplinary
process teams
Agile Company: Ability of a company to prosper in
rapidly changing environments. It depends heavily on
Internet Technologies
o Price products based on value
o Cooperation with everyone (customer,
competitors etc)
o Flexible organizational structures
o Entrepreneurial Spirit.
Virtual Company: Users IT to link people, organizations,
assets, and ideas.
Knowledge-Creating Company: Making personal
knowledge available to others is the central activity of
the knowledge-creating company.
o Explicit: Data
o Tacit: People
Mo
du
le 2
– I
T S
yst
em
s in
th
e D
igit
al
Org
an
iza
tio
n
Terms Metcalfe’s law: states that the usefulness, or utility, of a network equals the square of the number of users. Telecommunications: The exchange of information in any form over networks. Industry has changed from government regulated monopolies to a deregulated market with fiercely competitive suppliers of telecommunications services. Open Systems: Information systems that use common standards. Interoperability. Middleware: general term for any programming that serves to glue together two separate programs. Internet2: High-performance network that uses an entirely different infrastructure that the public internet. Networks are connected via Abilene. Telecommunications business value: Overcome geographic barriers, time barriers, cost barriers, structural barriers. Internet business value: Provides a synthesis of computing and communication capabilities that adds value to every part of the business cycle. Substantial cost savings. Intranet business value: An enterprise portal for applications in communication and collaboration, business operations and management, web publishing, and intranet portal management. Extranet: Improve communication with customers and partners. Connect the inter-networked enterprise to consumers, business customers, suppliers, and other business partners. Telecommunications network model: Terminals, telecommunications processors, telecommunications channels, telecommunications control software. Network requirements: Reliability, Scalability, Security, Economy, Responsibility Types of networks: WANs, LANs, VPNs, Client/server networks, P2P, Network computing (three-tier client/server) Telecommunications Media: Twisted pair, coaxial, fiber optics, terrestrial microwave, communications satellites, cellular phone systems, LAN radio. Problem of the “Last Mile”: Homes connected to a fiber network have are wired with twisted-pair and cannot handle the bandwidth provided by fiber. Wireless web: very thin clients like pagers, smart phones, PDAs and other devices are growing in wireless networks. Inter-network processors: switches, routers, hubs, gateways Multiplexer: Allows a single communications channel to carry simultaneous data transmissions from many terminals.
Network management:
Traffic management
Security
Network monitoring
Capacity monitoring Network topologies: star, ring, bus, mesh OSI Model:
1. Physical 2. Data link 3. Network 4. Transport 5. Session 6. Presentation 7. Application
TCP/IP Model:
1. Physical 2. Network 3. Internet 4. Host-to-Host 5. Application
Voice over IP: makes use of a packet-based network to carry voice calls rather than a traditional circuit-switched network. Bandwidth:
Wi-Fi: 11-54MB
Token ring: 16MB
High speed Ethernet: 100MB
FDDI: 100MB
DDN: 2.4K – 2MB
PSN: 64K – 1.5MB
Frame Relay: 1.5MB – 45MB
ISDN: 64k – 2MB
ATM: up to 2.4 GB
SONET: 45MB – 40G IT Systems in the Digital Organizations
Functional Business Systems: Functional Business Systems are the basic systems that support primary business functions
o Manufacturing Information Systems o Procurement Systems o Logistics Systems o Accounting Information Systems o Financial Management Systems o Sales and Marketing Information Systems o Human Resource Information Systems
Enterprise Business Systems: Enterprise Business Systems are major cross-enterprise business systems that support essential business functionality (CRM, SCM, ERP, EAI, BPM)
Enterprise Communication and Collaboration Systems: Enterprise Communication and Collaboration Systems allow users to communicate, conference, share knowledge, and collaboratively work together.
Business Intelligence and Decision Support Systems: Business Intelligence and Decision Support Systems include data warehouses and OLAP (online analytical processing) systems, data mining, and model-based decision support systems.
E-Commerce Systems: E-Commerce Systems support marketing, sales, and delivery of products and services using the web.
IT System Extent and Visibility
System Extent: The extent of a system is the degree to which it affects business units across the organization
Functional Primarily limited to one business unit or functionality area (e.g., Accounting, HR) within the organization
Cross-Functional Integrates functionality across multiple business units and business functions
System Visibility: The visibility of a system is the degree to which the operations and processes of the system can be directly experienced from outside of the organization
Internal Operations and processes of the system are only visible within the organization e.g., to customer service representatives
External Operations and processes are visible externally (e.g., to customers, suppliers, and/or partners) e.g., online banking interfaces
Extent/Visibility Matrix: Indicating IT systems on an extent/visibility chart is a way of understanding the relative involvement required from internal and external parties, and therefore the degree and complexity of interactions needed to make the system successful. Competitive and Operational Perspectives on IT Competitive Perspective: The competitive perspective considers impacts from the point of view of competitive strategy
improve product positioning
improve market positioning
create a sustainable competitive advantage
New lines of business Operational Perspective: The operational (or organizational) perspective considers impact from the point of view of the organization and its operations. Operational benefits can directly result in competitive benefits.
Technology
business processes
structure
management
individuals and culture
Mo
du
le 2
– I
T S
yst
em
s in
th
e D
igit
al
Org
an
iza
tio
n
Role of IT within the Organization Interestingly enough, the rise of utility computing and software-as-a-service (which we'll discuss in more detail later) is causing the pendulum to swing back towards IT as a cost center, albeit one with a much more strategic role in the organization. Sustaining Competitive Advantage with IT
Build IT systems that provide valuable functionality, and that are difficult and expensive to replicate.
Keep IT systems proprietary with internal visibility only
Tailor the system to the organization; design it for unique, organization-specific, processes and strategic approaches.
Continually improve the IT system faster than your competitors.
Use IT to innovate-develop new features, products, and processes, and better market and product positioning
The Value Chain The Primary Activities of the Value Chain Framework
Inbound Logistics How the organization acquires and manages its supplies
Operations How the organization (using its supplies) produces products and services
Outbound Logistics How the organization prepares its products and services for delivery
Marketing and Sales How the organization markets and sells its products and services
Customer Services Post-sale services to customers Secondary Activities:
Administrative (including accounting, finance and management)
Human Resources
Technology Research and Development (other than the actual manufacturing of products themselves)
Procurement (though one can also think of this as a separate primary activity, preceding inbound logistics)
The Value System: The value chain is focused on the activities within an individual organization. The value system (also called the value network) extends the value chain in two ways:
1. On the incoming end-including an organization's suppliers, and their suppliers. This is called the supply chain.
2. On the outgoing end-including an organization's sales and distribution channels.
Organizational and Operational Impact of IT 1. Impacts on Technology: IT deployments generally do
not exist within a technology vacuum. They need to be matched and integrated with an organization's existing IT, and to some degree, take into account future IT plans.
2. Impacts on Business Processes: Six Sigma is a business management strategy which is highly focused on reducing defects and errors in manufacturing or business processes.
3. Impacts on Structure: Technology can allow businesses to reorganize and redeploy employees to better exploit opportunities and respond to competitive forces.
4. Impacts on Management: IT that improves connectivity or automates management tasks enables managers to spend more time interacting with the people they manage, to focus on leading, rather than just organizing and directing.
5. Impacts on Individuals and Culture within the Organization: Technology can fundamentally change the nature of human communication, especially with regard to presence, attentiveness, signaling, and response times.
Organizational Agility IT has supported organizational agility, and has itself been a major driver of agility. In particular, IT has affected:
Structural agility-through distributed teams and outsourcing, largely driven by the increasing capabilities of internet-based communication and collaboration
Business process agility-through rapid changes in business processes, largely driven by workflow and business process management systems
Management agility-through better decision making, largely driven by the growth of business intelligence systems, including data mining and decision support systems
Internet 2 Consortium or UCAID (University Corporation for Advanced Internet Development) The Internet2 Consortium is a non-profit group which consists mainly of universities, government and some corporate members within the networking domain. The main purpose behind the Internet2 Consortium is to:
Developing and maintaining a leading-edge network.
Fully exploiting the capabilities of broadband connections through the use of new-generation applications.
Transferring new network services and applications to all levels of educational use, and eventually the broader Internet community.
Characterizing Communication and Collaboration Systems Media Type: what kind of data is being communicated (e.g., discrete vs. continuous, its format, etc.)? Participation: are the senders and receivers users or applications, and are they individuals or groups? Immediacy: is the communication synchronous (where information is received at the same time as, or very shortly after, the sender sends it), or asynchronous? Task-Focus: is the system focused on accomplishing a particular task, or does it just generally enable communication? Types of Systems
1. User Communication Systems:
Characterizing Media Types:
i. Composition: Unitary, Sequential, Segmented
ii. Format iii. Sensory and Cognitive capabilities iv. Physicality
Audio and Video Streaming
P2P
VoIP
IM
2. Information Sharing Systems
Blogs
Wikis
Knowledge Management Systems (KMS)
3. Collaborative Work Systems
4. Conferencing and Synchronous Collaboration Systems
Conferencing and Virtual Teams
Mo
du
le 3
– I
T E
nte
rpri
se S
yst
em
s
Customer Relationship Management (CRM)
―The business focus‖, customer-centric strategy or customer-
focused business was one of the top business strategies. It is a
single complete view of every customer at every touch point and
across all channels and provides the customer with a single,
complete view of the company and its extended channels. A
cross-functional enterprise system that integrates and automates
many of the customer-serving processes in sales, marketing, and
customer services.
Contact and Account Management
Sales
Marketing and Fulfillment
Customer Service and Support
Retention and Loyalty Programs
The Three Phases of CRM
1. Acquire: Help the business by doing a superior job
using CRM
2. Enhance: Supporting superior service
3. Retain: Identify and reward customers
Benefits
Identify and target best customers
Real-time customization
Keep track of customer contacts
Failures
Lack of preparation
Lack of understanding
Types:
Operational CRM:
o Customer interactions
o Easier to do business with
Analytical CRM:
o In-depth customer history, preferences,
information
o Analyze, predict, deliver
o Approach with relevant information
Collaborative CRM:
o Easy collaboration with customer, suppliers,
and partners
o Improves efficiency throughout the supply
chain
o Greater responsiveness
Portal-based CRM:
o Empowers employees to respond to
customers
o Access, link, use all internal/external
customer information
Enterprise Resource Planning (ERP)
―The Business Backbone‖. Helps reduce inventories, shorten
cycle times, lower costs, and improve overall operations. A cross-
functional enterprise backbone that integrates and automates
many internal business processes and information systems within
the manufacturing, logistics, distribution, accounting, finance, and
human resource functions of a company.
Benefits:
Quality and Efficiency
Decreased costs
Decision support
Enterprise agility
―The risk was certainly disruption of business because if you do
not do ERP properly, you can kill your company, guaranteed.‖
Causes of Failures:
Underestimate complexity
Too much too fast
Insufficient training
Trends in ERP:
Flexible ERP
Web-Enabled ERP
Interenterprise ERP
e-Business Suites
Supply Chain Management (SCM)
―The Business Network‖. Accurate order processing, just-in time
inventory management, and timely order fulfillment. A major e-
business application development initiative. A cross-functional
interenterprise system that uses information technology to help
support and manage the links between some of a company’s key
business processes and those of its suppliers, customers, and
business partners. . Create a fast, efficient, and cost effective
network of business relationships.
Supply Chain Life Cycle:
Commit
Schedule
Make
Deliver
SCM Functional Processes:
Strategic Sourcing and Procurement
Production Logistics
Distribution Network and warehouse Operations
Forecast and demand planning
Customer order fulfillment/service
Transportation and shipment management
Electronic Data Interchange (EDI): Involves the electronic
exchange of business transaction documents over the Internet
and other networks between.
The Role of SCM:
Objectives Outcomes
Strategic What Objectives
Service levels
Network design
Tactical How much Demand forecast
Inventory targets
Operational When, Where Work center
scheduling
Order/inventory
tracking
Execution Do Order cycle
Material
movement
Benefits:
Strategic relationships with suppliers
Reductions in inventory levels
Quicker times to market
Lower costs
Accuracy
Failure:
Lack of proper demand planning knowledge, tools, and
guidelines
Inaccurate demand forecasts
Lack of adequate collaboration
Inaccurate inventory numbers
Trends in SCM:
Stage 1 Stage 2 Stage 3
Information
sharing
Product/sales data
Sourcing help
Logistics
Order fulfillment
Order
management
Inventory
management
Resource
allocation
Systems use and
integration
Intranet/extranet
links to trading
partners
Collaborative
marketing
Sales and service
SCM optimization
Collaborative
design and
delivery
Extranet and
exchange-based
collaboration
Mo
du
le 3
– I
T E
nte
rpri
se S
yst
em
s
Data, Application and Business Process Integration
IT Integration across the enterprise faces three challenges:
1. Data Integration Problem - Integrate related (and
sometimes overlapping) data stored in separate
disconnected data repositories.
a. Data Consistency still maintains the data in
the existing separate repositories, but uses
consistency mechanisms,
b. Data View Integration depends upon some
mechanism to provide a single unified view of
the data, which is still stored in separate
repositories. Data View Integration approach
often has the lowest cost and the lowest risk,
i. Database Federation creates a
view which looks like a typical
database.
ii. OO Mapping uses a standard
transactional Object Oriented
mapping layer, such as EJB, JDO,
Castor, or Hibernate, which
explicitly coordinates requests to
the multiple underlying data
repositories.
iii. Service Wrapping provides a
service (perhaps a web service)
with a custom API (Application
Program Interface) that provides
modification and access of the
needed data.
c. Data Migration moves some or all of the data
to a single (centralized or distributed)
repository.
2. Application Integration Problem - Allow independent
applications to call or send information or notifications to
one another. The primary goal of application integration
(also called Enterprise Application Integration, or EAI,
when it connects applications across the enterprise) is
to allow applications to pass information or notifications
to one another, and use each other's functionality.
a. Ways to integrate disparate applications:
i. Custom Integration
ii. Development Platform
Standardization (.Net)
iii. Application Platform
Standardization (SAP)
iv. Distributed Application
Infrastructure Stadardization
(CORBA, DCE)
v. Multi-Infrastructure
Architectures (Java, Web
services)
3. Business Process Integration Problem - Integrate
and streamline business processes that span the
enterprise, that require data from disparate sources and
that need to interact with multiple applications.
Web Services
XML
SOAP (Simple Object Access Protocol)
The important characteristics of SOAP are:
SOAP requests are made to a separate URL which
understands SOAP
Responses are formatted in XML, allowing easy
parsing
Requests use XML as well, for easier separation of
the arguments to the request
SOAP can be also used to pass along control and
state information
SOAP is usually transmitted using HTTP over
TCP/IP, although other protocols, notably SMTP,
are supported as well
The SOAP envelope can also contain a Header (in
addition to the Body), which is flexible enough to
support a wide range of add-on mechanisms such
as security, reliability, etc.
Web Services and Complex Business Processes
Using web services for business processes that are spread out in
time, that involve parallel activities or complex business logic or
that involve multiple partners are even more complex. Managing
complex business processes is known as Workflow Management,
or Business Process Management, or when applied to a web
service architecture, as Web Service Orchestration.
Service Oriented Architecture (SOA) A service-oriented architecture is one in which:
application functionality is made available through
services
services are distributed, generally across an intranet,
but sometimes across an extranet, or even possibly
across the public internet
The interfaces to these services are implementation-
independent. That is, even if a service is implemented
in Java, there is nothing Java-specific about its
interface, and no requirement that clients of the service
use or understand Java.
Often there are two transparency requirements specified for
SOA's as well:
location-transparency—a client that needs a service does not
have to be bound to using that service at a specific site.
transport-transparency—a client that needs a service does not
have to be bound to using that service with a specific transport
protocol stack.
Message-oriented middleware (MOM), like Java's JMS, IBM's
MQSeries and Microsoft's MSMQ, do not even require that a
service be running for a client to send a request.
Service-oriented architectures do not need to be built using web
services; it's just that the combination of SOAP, WSDL and UDDI
is an excellent match for SOA requirements.
Software as a Service (SaaS)
The advent of SOA has provided a business opportunity for
companies to be, to an extent, the IT department of their
customers.
Workflow and Business Process Management Systems
Workflow management systems manage and track the flow of
work (tasks and associated documents) through an organization,
and sometimes across organizations.
Workflow systems manage workflow by:
determining when a workflow is to be started (explicitly
by users, or triggered by system events, including data
modification, alarms and timeouts)
organizing a workflow as a sequence of tasks,
potentially with conditions and loops
structuring tasks into subtasks (sometimes
hierarchically), also called stages or activities, or
defining them as sub-workflows in their own right
determining the actions to take when tasks and
subtasks are completed, and determining the conditions
under which subtasks can be started (typically the
completion of some set of other subtasks)
providing mechanisms to back out of
erroneous/incomplete workflows, undoing (often by
compensating for) actions already performed
Mo
du
le 3
– I
T E
nte
rpri
se S
yst
em
s
transmit and manage information and documents as
work flows from task to task; these are often forms, to
be successively filled in as work flows through the
system
monitor and log task status and the flow of work,
providing information on request, including overall
reports and alerts on bottlenecks
transmit and manage information and documents as
work flows from task to task; these are often forms, to
be successively filled in as work flows through the
system
monitor and log task status and the flow of work,
providing information on request, including overall
reports and alerts on bottlenecks
Product vs. Customer-Centric Organizations
A product-centric organization organizes its product
groups by product (or service) line. Sales and marketing
groups are then part of each separate product division.
Problem:
multiple sales people
Customer-centric organizations organize both its
product groups and its sales and marketing
organizations by market segment.
Problem:
duplication of effort (duplicate products)
Supply Chain Planning within the Organization
Demand Planning forecasts what you expect your
customers will need and when, based on previous
history, input from knowledgeable parties (e.g., buyers,
channel partners, and customers), and other predictive
variables (the weather, the economy, etc.).
Production Planning forecasts and plans production.
This may be particularly complicated when
manufacturing facilities can be used to manufacture
multiple products, or when they are shared or
outsourced.
Supply Planning forecasts and plans the flow of
supplies, particularly important when suppliers need
substantial lead times and when demand and
availability of supplies are unpredictable (due, for
example, to problems with their own planning and
suppliers).
There are two approaches to forecasting
Automated forecasting calculates forecasts based on
historic data along with other variables, including, to
some degree, those supplied by knowledgeable parties.
Collaborative forecasting uses collaboration systems to
allow knowledgeable parties to agree on forecasts,
potentially in conjunction with information provided by
automated forecasting systems.
SCM Agility
Classic manufacturing uses an approach known as ―Make and
Sell.‖ Companies can do better if they can delay commitments for
supplies and resources until they have orders for products.
An intermediate approach is called ―Sense and Respond.‖ It
requires
Real-time sensing of how demand is changing (typically
via access to the planning systems of companies in its
downstream supply chain), and
Dynamic adjustment of production and supply to adjust to
changes in demand.
The long-term success of Sense and Respond is really dependent
on three key characteristics (AAA)
1. Agility is able to respond to rapid changes.
2. Adaptability focuses on longer-term changes in
the supply chain.
3. Alignment with partners and suppliers
Business Intelligence Broadly, business intelligence (BI) is the aggregation, analysis, and
exploration of business data for the purpose of making business
decisions. BI systems have their genesis in what used to be called
Executive Information Systems (EIS).
OLAP vs. OLTP
Operational Database
Data Warehouse
Usage Transactional (OLTP)
Analytical (OLAP)
Organized for Modifications Queries
Modifications Continual Generally Periodic
Queries Narrow-scope Low-complexity
Broad-scope High-complexity
Breadth of Data All operational data All operational data or just aggregated summaries
Span of Data Recent, active data Historical data
Database Relational Relational/ Dimensional
Data Organizational
Normalized Denormalized
Extraction, Transformation and Loading (ETL)
Enterprise Information Integration-to make it possible to rapidly
pull together the disparate sources of changing information and
flow them into the data warehouse, sometimes known as CTF
(Capture, Transform, and Flow). This activity of determining how
to extract and integrate data from disparate data sources, how to
aggregate and transform them, and how to load them into a data
warehouse is a complex activity known as ETL (Extraction,
Transformation and Loading).
Data Mining (DM)
Data mining is, in essence, the discovery of knowledge,
especially as it relates to business operations.
Goals of Data Mining
Novel/Significant
Understandable/Useful
Causal: All data has random variations that can show
up as spurious patterns and relationships. Good data
mining algorithms and approaches aim to filter these
out.
Types of Data Mining
Market Basket Analysis—Finds collections of data
items which frequently occur together in the same
―market basket‖ (often products in a shopping cart)
and formulates the cause
Classification—Attempts to classify or categorize
data items based on their features
Clustering—Finding groups of data items, some of
whose features are all similar to one another.
Trend Analysis—Finding changing patterns over
time, and associated factors.
Data Mining Activities
Discovery/Modeling
Forensics
Prediction
Detection
Decision Support Systems (DSSes)
Decision support systems (DSSes) assist mangers in deciding
on courses of actions. To an extent, most of the preceding
systems are DSSes. They also include expert systems-
applications that encode human expertise to use in reasoning
about a specific area. Neural networks involve an architecture
based on the brain that uses data to create predictors.
Mo
du
le 4
– E
-Co
mm
erc
e &
Se
curi
ty
E-Commerce The entire online process of developing, marketing, selling, delivering, servicing, and paying for products and services transacted on inter-networked, global marketplaces of customers, with the support of a worldwide network of business partners.
Selling process: o Marketing Discovery
Market/product research Market Stimulation/Education Terms negotiation
o Transaction Processing Order Receipt Order Selection and Priority Order Billing/Payment Mgmt
o Service and Support Order scheduling/fulfillment Customer service and support
Buying Process o Marketing Discovery
Product discovery Product evaluation Terms negotiation
o Transaction Processing Order placement Order tracking Order payment
o Service and support Product receipt Product service and support
Categories Business to Consumer (B2C) Consumer to Consumer (C2C) Business to Business (B2B)
E-Commerce Processes
Electronic Payment Process
Business to Consumer (B2C) Second Mover Strategy:
1. Be better, faster, cheaper, easier 2. Trip up incumbents with tactics from other fields 3. Swipe their business models and start your own race 4. Follow the biggest leader you can find 5. Aim for the leader’s Achilles’ heel
Success Factors:
Selection & Value
Performance & Service
Look & Feel
Advertisement & Incentives
Personal attention
Community Relationship
Security & Reliability
Web Store Requirements
Business to Business (B2B)
Clicks and Bricks in E-Commerce Capitalizing on any unique strategic capabilities that may
exist in a company’s traditional business operations that could be used to support an e-commerce business
Gaining several strategic benefits of integrating e-commerce into a company’s traditional business.
Artificial Intelligence in Business The goal of AI is to develop computers that can simulate the ability to think, as well as see, hear, walk, talk, and feel. AI Domains
1. Cognitive Science Applications: Based on research in biology, neurology, psychology, mathematics, and many allied disciplines. It focuses on researching how the human brain works and how humans think and learn.
a. Expert Systems b. Learning systems c. Fuzzy logic d. Generic algorithms e. Neural Networks f. Intelligent agents
2. Robotics Applications: AI, engineering, and physiology. Applications designed to give robots the powers of sight, or visual perception; touch, dexterity, locomotion, and navigation.
3. Natural Interface Applications: a. Natural languages b. Speech recognition c. Multisensory interfaces d. Virtual Reality
Mo
du
le 4
– E
com
me
rce
& S
ecu
rity
Expert Systems Components:
Knowledge Base: frame-based, object-based, case-based, or rule-based
Software resources: inference engine, user interface programs
Applications: Diagnose illnesses, search for minerals, analyze compounds, recommend repairs, or financial planning. Benefits: Outperform a single human expert, preserve and reproduce the knowledge. Limitations: Inability to learn, maintenance problems, and development costs ** Knowledge engineering: professional who works with experts to capture the knowledge they possess and then builds the knowledge base.
Neural Networks Computing systems modeled after the brain’s meshlike network of interconnected processing elements (neurons). Learns to recognize patterns and relationships in data sets.
Fuzzy Logic Systems Represent a small, but serious, application of AI in business. It’s a method of reasoning that resembles human reasoning. Allows approximate values and inferences (Fuzzy logic) and incomplete data (fuzzy data).
Genetic Algorithms Uses Darwinian and other mathematical functions to simulate an evolutionary process that can yield better solutions to a problem. Useful for situations in which thousands of solutions are possible and must be evaluated to produce and optimal solution.
Virtual Reality Relies on multisensory input/output devices such as a tracking headset with video goggles. Virtual reality is also called telepresense. VR becomes telepresense when users use VR systems tow or alone or together at a remote site.
Intelligent Agents A software surrogate for a n end user or a process that fulfills a stated need or activity. They are special purpose, knowledge based information systems that accomplish specific tasks for users. Types:
Interface Tutors
Presentation agents
Network navigation agents
Role-Playing agents
Search agents
Information brokers
Information filters
Security Terms Business ethics: concerned with the numerous ethical questions that managers must confront as part of their daily business decision making. Stockholder Theory: Managers are agents of the stockholders, and their only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices Social contract theory: states that companies have ethical responsibilities to all members of society, which allows corporations to exist according to a social contract. Companies need to enhance the economic satisfaction of consumers and employees and avoid fraudulent practices Responsible Professional:
Acting with integrity
Increase professional competence
Setting high standards
Accepting responsibility
Advancing the health, privacy, and general welfare of the public
Cracker: a person who maintains knowledge of the vulnerabilities he or she finds and exploits them for private advantage. Time and Resource Theft: unauthorized use fo computer systems and networks.
Sales Channels and the Web Information Interactions: Interactions through which customers obtain information about a product. Purchase Interaction: The process through which customers actually purchase the product.
1. Physical Sales Interactions: Highly personal product interaction. Information interaction varies based on expertise of the sales representative. Sales representative drives the sale.
a. Bricks and Mortar b. Retail Store Model c. Show Model d. Party Model e. Door-to-Door Model
2. Remote Sales Interactions: Lack interaction with the product, but a lot of written material. Information and purchase interaction varies.
a. Sales Advertisement Model b. Cold Call Model c. Catalog / Brochure Model d. Home Shopping Network Model e. Web-Based Sales Interactions f. Virtual Sales Interactions
Delivery Channels and the Web Information based products that have already been
delivered online for some time includes articles, reports, computer programs, and music.
Information-based services have been available since the early web, using the forms-based functionality initially available in HTML and HTTP.
Physical products and services cannot (yet?) be delivered online. However, airline flights, movies, and appliances are all cases where the online sales process results in a ticket.
Sales Terms Blurred Offers: A product that requires a service Auctions: A bidding model that can either be open or closed. Forward auctions are offer-based and reverse auctions / procurement auctions are request-based.
Market Models Infomediaries: cnet.com
Product/Service Aggregators: esurance.com
Information Aggregators: choicepoint.com
Brokers
Portals: yahoo.com
E-Commerce Marketing and Advertising Advertising: Click-throughts, cross-selling, up-selling.
Stickiness: Keep users on a website
Personalization: Requires knowing about the customer: o demographics o personal info o preferences o behavioral info
Ad selection and placements
E-Commerce Software Components Site Management Components
Content and Catalog Management
Access Control and Security
Weblog Analysis
Profiling
Personalization
Advertisement
Indexing Business Transaction Support Components
Exchange Management
Order Management
Workflow Management
Electronic Payment
Order Tracking and Scheduling User Interaction Components
Customization
Event Notification
Community Facilitation
Review
Recommendation
Mo
du
le 4
– E
com
me
rce
& S
ecu
rity
Proprietary e-Commerce Web Services Proprietary web services provide competitive advantage in two ways: (1) as barriers to entry, since viable competitors must now also build competitive web-service interfaces tied into their internal systems, and (2) through increasing switching costs, since customers who use their services must engineer their own systems to interface with those web services.
Security, Availability, Privacy, and Compliance
Integrity: Ensure that electronic transactions and data resources are not tampered with at any point, either accidentally or maliciously. Availability: Ensure uninterrupted service to authorized users. Confidentiality: Safeguard user privacy and prevent the theft of enterprise information, both stored and in transit. Accountability: Monitor and trace attacks in progress as well as damage from successful attacks (security auditing and intrusion detection). Prevent system users from later denying completed transactions and other actions (non-repudiation).
Effects of Security Attacks and Accidents Theft of Data and Software
Theft of Service
Denial of Service (DoS)
Tampering and Abetting
Intangible Damage
Tangible Damage
IT-Related Threats and Countermeasures Physical System Attacks
Password Attacks
Discretionary Access Control Attacks
Network Attacks
Security Exploits
Social Engineering
Remote Control Attacks
Epidemic Attacks
Privacy and Confidentiality Personal Information
Demographic information
Preference information
Purchase histories
Customer interests and profiles,
Employee information
Financial information
Medical information
Education information
Legal information
Contact information
Location information Privacy Regulations
HIPPA
GLBA
EU Data Privacy Directive
FERPA
FTC Act
Compliance, Controls and Accountability The Sarbanes-Oxley Act
The CEO and CFO are required to certify that their company's financial reports are true and accurate
Companies and their auditors must maintain accounting documents and work papers for a minimum of seven years.
Companies must promptly report any changes in financial condition or any significant problems that might affect the value of the company.
IT Controls IT controls are business processes and practices which prevent errors and illicit activities that affect the reliability of data and software.
IT controls include mechanisms for addressing:
the approval process for hardware, network and software changes
policies for code and architecture review
backup and recovery procedures
mechanisms for monitoring and filtering outgoing e-mail, web postings, and web-service calls
audit trails to track all data and code modifications, as well as viewing of sensitive (e.g., financial or medical) information (including who performed the action and when)
Mo
du
le 5
– I
T M
an
ag
em
en
t
Developing Business / IT Strategies Organizational planning process:
1. team building, modeling, and consensus 2. evaluating accomplishments and acquired resources 3. analyzing business, economic, political and societal
environments 4. anticipating and evaluating the impact of future
developments 5. building a shared vision and deciding on what goals they
want to achieve 6. deciding which actions to take to achieve their goals
Strategic planning: deals with the development of an organization’s mission, goals, strategies, and policies. Tactical planning: involves the setting of objectives and the development of procedures, rules, schedules, and budgets Operational planning: short-term basis to implement and control day to day operations. Converging trends:
Technology: o E-commerce o Customer information technology o Death of distance
Competitive Imperatives o Imperatives
Real growth Globalization New entrants Customer orientation
o Enablers Alliances Outsourcing
Deregulation o Regulated markets opening up o Fewer regulatory impediments in business o Single currency zones
Customer Sophistication/Expectations o Better and more convenient o Service o Better quality o Added value o Brand ―savvy‖
Risks:
1. Business operations risk 2. Program risk 3. Business interruption risk 4. Market risk
SWOT Analysis: Strengths, Weaknesses, Opportunities, and Threats is used to evaluate the impact that each possible strategic opportunity can have on a company and its use of IT.
S: Core competencies/Resources
W: Areas of substandard performance
O: Potential new business markets
T: Potential for business losses
Business Model: Conceptual framework that expresses the underlying economic logic and system that prove how a business can deliver value to customers at an appropriate cost and make money. Components of a Business Model:
Customer value
Scope
Pricing
Revenue source
Connected activities
Implementation
Capabilities
Sustainability Business /IT Planning Balanced Scorecard: BSC is a method for measuring a company’s activities in terms of its vision and strategies.
Financial perspective: cash flow, ROI, market value
Customer perspective: Customer surveys, complaints, competitive rankings
Business Process Perspective: Process cost, Measure performance key business processes
Learning and Growth Perspective: Staff training, employee suggestions
Strategic positioning matrix:
Cost and efficiency improvements: Low internal connectivity and use of IT
Performance Improvement in Business Effectiveness: High internal connectivity, Low external connectivity
Global Market Penetration: High degree of customer/competitor connectivity
Product and Service Transformation: Company, customers, suppliers and competitors are extensively networked. E-Business strategies in place
o Market creator: Amazon.com o Channel reconfiguration: Dell o Transaction intermediary: eBay o Infomediary: HomeAdvisor o Self-service innovator: Employease o Supply chain innovator: McKesson and
Ingram Micro o Channel mastery: Charles Schwab
Business Application Planning Begins after the strategic phase of business/IT planning has occurred. Involves the evaluation of proposals, evaluation of business case, and development/ implementation of the business applications.
Implementation Challenges A process that carries out the plans for changes in business/IT strategies and applications that wee developed in the planning process.
End user resistance: Education and training can help resolve problems, but most important is end user involvement.
A Change Management Process
Mo
du
le 5
– I
T M
an
ag
em
en
t
Information Systems Development LifeCycle
Feasibility Studies: A preliminary study where the information needs of prospective users and the resource requirements, costs, benefits, and feasibility of a proposed project are determined. A very rough analysis of its viability that must be continually refined over time.
Planning
3 Phases of Planning
Initial Planning determines the project's goals, stakeholders, scope, functionality, and governance
System Planning
determines the architecture and components needed to implement the project
Implementation Planning
determines, in detail, how the project will be implemented, how the resulting system will be deployed and maintained, and how resulting operational and organizational changes will be effected
Project Failure and Recovery
Poor Planning Potential Failure
Do an inadequate job of identifying the stakeholders and determining how they should be involved....
Increase the risk that the project won't meet their needs, or even if it does, the stakeholders will resist using it because they weren't involved in planning it
Do an inadequate job of developing metrics to evaluate the project....
Increase the risk that it won't meet its requirements
Do an inadequate job of determining the processes for project administration and governance....
Increase the risk that the project will go over schedule or budget, or that it will fail because no one is looking out for the big problems until it's too late
Initial Planning Phases
Project Initiation
o Identification of problems and opportunities the project is meant to address
o Preliminary identification of the goals, scale, and scope of the project
o Determining the project stakeholders-i.e., who cares about the project or might be affected it-and how they should be involved in it
o Establishment of project leadership and governance
Preliminary Analysis o Validating the problems and opportunities o Determining the causes of the problems and
the drivers of the opportunity
o Validating project goals
o Identifying risks
o Determining the preliminary feasibility of the
project
Project Investment Metrics
o ROI (Return on Investment)
o EVA (Economic Value Added)
o ROO (Return on Opportunity)
System Planning Phases
System Design and Evaluation
o Exploration of alternatives for the design and
architecture of the system
o Exploration of alternative technologies and
components to implement the various
designs
o Research, prototyping, testing and evaluation
to determine the feasibility of various
alternatives
Feasibility and Impact Analysis
o How effectively the system meets the project
goals
o The cost and return of the system
o The time it will take to build the system
o Risks specific to the system (especially if it
uses components or an approach that hasn't
been successfully deployed in similar
situations)
o Risks and costs due to impacts on existing
technologies, business processes, structure,
management, individuals and culture, and
relationships
o Legal/contractual feasibility and impacts
Commitment
o Finalizing requirements, scale and scope
o Determining system architecture, technology
and components
o Negotiating contracts and building
relationships with vendors
Mo
du
le 5
– I
T M
an
ag
em
en
t
Deployment Approaches
The Parallel approach involves running both the new and old system simultaneously, and cutting over entirely to the new system only when it is clear that it is working adequately. This is a very safe approach, but it can be costly to set up an environment in which both systems can run simultaneously. The Parallel approach can be combined with the Pilot or Phase approach-that is, a Pilot or Phase can run with both an old and a new system. This may be less costly than a full Parallel approach.
The Pilot approach involves switching a small subset of (presumably less significant) transactions to the new system. This will work well if the success of the Pilot is a good predictor of the success of the full system.
In each phase, additional transactions are incrementally transferred to the new system. The Phased approach can also be used to move functionality incrementally to the new system.
The Plunge approach often seems to be the simplest and least costly. However, if the new system has bugs, then it is important that either
the new system is still usable (albeit with workarounds) and retains data integrity
it is possible to back out to the old system, without losing any transactions
If this is not possible, then the bugs will result in system unavailability with all the attendant consequences. Implementation Planning Determines, in detail, how the project will be implemented, how the resulting system will be deployed and maintained, and how resulting operational and organizational changes will be effected.
Project Management Systems: Project management systems help managers ensure that projects are delivered on-time, on-budget, and up to quality standards.
Requirements and Issue Management Systems: Model and maintain complex sets of project requirements, allowing managers to categorize and associate attributes with them, and to specify and analyze dependencies and other relationships among them.
Issue management systems track and maintain project issues, including relationships between them, and how the issues are resolved.
Change management and bug tracking systems are special cases of issue management systems, and are sometimes integrated with them.
Integration with project management systems provides additional synergies, such as being able to analyze the risk of meeting requirements based on the risks in the schedule of the associated tasks
Negotiation Support Systems: provide automated support for complex negotiations, often over the detailed terms of a contract, the details of a project or outsourcing arrangements, including service level agreements. Negotiation support systems are sometimes part of other systems, including logistics systems.
Evaluating IT Projects Underway and Completed Progress Metrics measure progress towards successful completion of a project and management/reduction of risk based, for example, on milestones. Result Metrics measure whether the objectives of a project are met-for example, product reliability, process efficiency, usability, revenues, or customer retention. Outsourcing IT Development Using Contractors
The organization may simply not have the capabilities and expertise needed for the development (and can't acquire them in a reasonable time or for a reasonable cost).
The capabilities are available, but the employees with those capabilities are needed more urgently for other purposes.
The capabilities are only needed in the short-term, and the organization doesn't want to make the commitment to permanently hire the necessary employees.
Why outsource development?
Inability to find contractors.
Lack of high-level or managerial expertise.
Organizational or operational problems.
A need to develop capabilities elsewhere.
Outsourcing and Alignment: The organization outsourcing the
work wants to get the most amount of high quality work done at
the lowest cost; the outsourcing vendor would like to perform the
work in a way that minimizes its expenditures and maximizes its
current and future revenues.
Security Issues for Outsourced Development: An organization
needs to understand the existing security practices of the potential
vendor (including existing safeguards and how it handles security
breaches), and decide what additionally needs to be encoded in
its outsourcing contract.
Outsourcing IT Services and Functions
Hosting Companies
Application Service Providers, ASPs and Software as a
Service, SaaS
o Service Level Agreements: ensure that
hosting companies, ASP's, and SaaS
vendors provide service that meets their
requirements.
Functional IT Outsourcing: Functional IT outsourcing can be
problematic. Successful arrangements can require surprisingly
large amounts of time, money and energy, both to initially forge an
agreement and to manage the outsourcing arrangement on an
ongoing basis. Despite its problems, there are still good reasons
for functional IT outsourcing. Startups and companies missing key
capabilities obviously can benefit from outsourcing.
Utility Computing and the Future of IT: Virtualization, grid
computing and web services are leading to the treatment of
hardware and applications as pluggable components, under the
banner of ―utility computing.‖
Offshoring IT: While the cost savings are greater, and therefore
are a stronger incentive to outsource, the potential for problems is
greater as well, and must be factored in along with the increased
cost savings
Mo
du
le 5
– I
T M
an
ag
em
en
t
Vulnerability and Security Management Vulnerability management focuses on the assessment of risks, and overall planning of projects and approaches to mitigate them. Security management additionally covers development and management of the structures and processes that protect an organization on an ongoing basis, all of which we'll discuss in the following pages. Risk Assessment Vulnerability Management starts with risk assessment. The risks that affect a company, their seriousness, and their overall impact, may not even be clear unless there is an ongoing effort to assess them. Vulnerability Management Beyond risk assessment, a systematic approach to vulnerability management is important for a couple of reasons:
Even if a company has the resources, it may not be reasonable or useful to address each risk or problem as the organization becomes aware of it. Some need to be addressed specifically and immediately, some can be addressed as part of larger initiatives, and based on an overall analysis, some need to be deferred.
Solutions exist at many levels, from point solutions to re-architecting the entire enterprise to address the various threats and problems. Determining the right mix and schedule for solutions requires careful planning and involvement of key stakeholders across the enterprise.
The investment metrics for security projects focused on countermeasures are based on evaluating:
the likelihood of a possible threat
the cost of implementing the countermeasures
the cost of damage if countermeasures are not implemented
The investment metrics for security projects focused on facilitating damage recovery are based on evaluating:
the likelihood of the damage
the cost of facilitating the damage recovery
the cost of recovery if it is not facilitated in advance Security Management
network security—for monitoring network threats,
software security—ensuring that software development and customization is done safely
employee security—including access control
Vulnerability and Security Management To operate effectively, an organization's systems, internal networks, and external connections must remain available. Organization Damage from Cyber-Terrorism
Code reviews, or more generally, reengineering the software development process, are essential as part of reducing the possibility of erroneous and malicious code.
Network components, including firewalls, routers and switches, contain a significant amount of code, and may have dangerous vulnerabilities.
Business Continuity Planning Disasters and security attacks can affect a business' ability to continue operating effectively at four different levels of seriousness:
Loss of access to data and information
Loss of system and network access
Loss of equipment and facilities
Loss of personnel Crisis Management and Disaster Recovery Part of disaster recovery planning is making sure that there are processes in place, and personnel identified, who will deal with crises as they occur, decide how serious they are, and determine what to do about them.
Mo
du
le 6
–
Pending
Mo
du
le 6
–