STUDY MATERIAL. M.B.A. PROGRAMME (Code No. 411) (Effective from ) II SEMESTER

Transcription

1 St. PETER S UNIVERSITY St. Peter s Institute of Higher Education and Research (Declared Under Section 3 of the UGC Act, 1956) AVADI, CHENNAI TAMIL NADU STUDY MATERIAL M.B.A. PROGRAMME (Code No. 411) (Effective from ) II SEMESTER 209MBT25 COMPUTER APPLICATIONS AND MANAGEMENT INFORMATION SYSTEM St. PETER S INSTITUTE OF DISTANCE EDUCATION Recognized by Distance Education Council and Joint Committee of UGC AICTE - DEC, New Delhi. (Ref. F.No.DEC/SPU/CHN/TN/Recog/09/14 dated & Ref. F.No.DEC/Recog/2009/3169 dated )

2 Author: P. Bhardwaj Copyright 2011, Excel Books Pvt. Ltd. No Part of this publication which is material protected by this copyright notice may be reproduced or transmitted or utilized or stored in any form or by any means now known or hereinafter invented, electronic, digital or mechanical, including photocopying, scanning, recording or by any information storage or retrieval system, without prior written permission from the publisher. Information contained in this book has been published by Excel Books Private Limited and has been obtained by its authors from sources believed to be reliable and are correct to the best of their knowledge. The University has edited the study material to suit the curriculum and distance education mode. However, the publisher/university and its author shall in no event be liable for any errors, omissions or damages arising out of use of this information and specifically disclaim any implied warranties or merchantability or fitness for any particular use. Produced and printed by: Excel Books Private Ltd, A-45, Naraina, Phase-I, New Delhi

3 PREFACE St. Peter s University has been recognized by the Distance Education Council, and Joint Committee of UGC- AICTE-DEC, for offering various programmes including B.Tech., D.Tech., MBA, MCA and other programmes in Humanities and Sciences through Distance Education mode. The Methodology of Distance Education includes self-instructional study materials in print form, face-to-face counseling, practical classes, virtual classes in phased manner and end assessment. The basic support for distance education students lies on the self instructional study materials. Keeping this in mind, the study materials under distance mode are prepared. The main features of the study materials are (1) learning objectives (2) self explanatory study materials unitwise (3) self tests (4) list of references for further studies. The material is prepared in simple English and graded in terms of technical content. It is built upon the pre-requisite knowledge. Students are advised to study the materials several times and get benefitted. The face-to-face session in the counseling centre will help them to clear their doubts and difficult concepts which they would have faced during the learning process. Students should remember that self study and sustained motivation are the two important requirements for a successful learning under the distance education mode. We wish the students to put forth their best efforts to become successful in their chosen field of learning. Registrar St. Peter s University

4

5 CONTENTS Page No. Scheme of Examinations Syllabus of Computer Applications and Management Information System Model Question Paper vi x xi UNIT I: INTRODUCTION Lesson 1 Introduction to Information System 3 UNIT II: SYSTEM DEVELOPMENT Lesson 2 System Development Life Cycle 19 Lesson 3 Modern Information System 46 UNIT III: INFORMATION SYSTEM Lesson 4 Functional Areas of Information Systems 61 Lesson 5 Decision Support System 78 Lesson 6 Executive Information System 88 Lesson 7 International Information Systems 107 UNIT IV: IMPLEMENTATION AND CONTROL Lesson 8 Information Systems Security 119 Lesson 9 Coding Techniques and Data Representation 142 Lesson 10 Cost/Benefit Analysis 169 Lesson 11 Assessing the Value and Risk Information System 184 Lesson 12 Software Life Cycle Models 198 UNIT V: BUSINESS APPLICATIONS IN BUSINESS Lesson 13 Microsoft Office 213 Lesson 14 Computer Application in Business 236

6 Scheme of Examinations I Semester Code No. Course Title Credit Marks Theory EA Total 109MBT11 Management Principles & Organizational Behaviour MBT12 Economic Analysis for Business Decisions MBT13 Statistics for Management MBT14 Applied Operation Research for Management MBT15 Financial and Management Accounting MBT16 Legal Environment of Business MBT17 Executive Communication Total II Semester Code No. Course Title Credit Marks Theory EA Total 209MBT21 Production & Operation Management MBT22 Financial Management Decisions MBT23 Marketing for Managers MBT24 Human Resource Management MBT25 Computer Applications and Management Information System MBT26 Total Quality Management MBT27 Applied Research Methods in Management MBP01 Computer Lab for Business Administration Record Total

7 III Semester Code No. Course Title Credit Marks Theory EA Total 309MBT01 International Business Management MBT02 Strategic Management E1*** Electives I E2*** Electives II E3*** Electives III E4*** Elective IV E5*** Elective V E6*** Elective VI Total *** Any one group of electives from Marketing, Finance, Human Resource Management and System is to be chosen. IV Semester Code No. Course Title Credit Marks Theory EA Total 409MBT01 Marketing Research and Consumer Behaviour MBT02 Entrepreneurship Development MBP01 Project and Vivavoce * Total * In lieu of Project and Vivavoce, 409MBT03 - E-Commerce Technology and Management (6 Credits) is offered for Distance Education Students.

8 LIST OF ELECTIVES MARKETING ELECTIVES Code No. Course Title Credit Marks Theory EA Total 309MBT03 Retail Management MBT04 Services Marketing MBT05 Advertising and Sales Promotion MBT06 International Marketing MBT07 Brand Management MBT08 Rural and Social Marketing Total FINANCE ELECTIVES Code No. Course Title Credit Marks Theory EA Total 309MBT09 Security Analysis and Portfolio Management MBT10 Merchant Banking and Financial Services MBT11 International Trade Finance MBT12 Strategic Financial Management MBT13 Corporate Finance MBT14 Derivatives Management Total

9 HUMAN RESOURCE MANAGEMENT ELECTIVES Code No. Course Title Credit Marks Theory EA Total 309MBT15 Managerial Behaviour and Effectiveness MBT16 Organisational Change & Intervention Strategy MBT17 Industrial Relations and Labour Welfare MBT18 Labour Legislations MBT19 Strategic Human Management and Development MBT20 Corporate governance & Corporate Social Responsibility Total SYSTEM ELECTIVES Code No. Course Title Credit Marks Theory EA Total 309MBT21 Software Development MBT22 Database Management Systems MBT23 Enterprise Resource Planning for Management MBT24 Software Project and Quality Management MBT25 Decision Support System MBT26 Information Technology for Management Total

10 209MBT25 COMPUTER APPLICATIONS AND MANAGEMENT INFORMATION SYSTEM Syllabus UNIT I: INTRODUCTION Information system - Establishing the framework - Business model - Information system architecture - Evolution of information systems. UNIT II: SYSTEM DEVELOPMENT Modern information system - System development life cycle - Structured methodologies - Designing computer based method, procedures control, designing structured programs. UNIT III: INFORMATION SYSTEM Functional areas, Finance, marketing, production, personnel - Levels, Concepts of DSS. EIS, ES - Comparison, concepts and knowledge representation - Managing international information system. UNIT IV: IMPLEMENTATION AND CONTROL Testing security - Coding techniques - Detection of error - Validation - Cost benefits analysis - Assessing the value and risk information systems, systems methodology - Objectives - Time and Logic, Knowledge and Human dimension - Software life cycle models - Verification and validation. UNIT V: BUSINESS APPLICATIONS IN BUSINESS MS office - MS Excel, MS Power Point, MS Word, MS Access, MS Front Page, MS Project, Accounting packages Statistical Packages, Operations Research Package, Packages) in functional areas of management. TEXT BOOKS: 1. Kenneth C. Laudon and Jane Price Laudon, Management Information Systems Managing the digital firm, Pearson Education Asia. 2. Ashok Arora, Akshayabhatia, Management Information Systems, Excel Books, Ist edition. 3. GV Satyasekhar, Management Information System, Excel Books, Ist edition. 4. Pradip Kumar Sinha, Management Information System, Excel Books, Ist edition. REFERENCES: 1. Gordon B. Davis, Management Information System: Conceptual Foundations, Structure and Development, McGraw Hill, Joyce j. Elam, Case Series for Management Information System, Silmon and j Schuster, Custom Publishing Steven Alter, Information System A Management Perspective, Addison -Wesley, James AN 0' Brein, Management Information Systems, Tata McGraw Hill, New Delhi, Turban Mc Lean, Wetherbe, Information Technology Management making Connection for Strategic Advantage - John Wiley, Ralph -Stair and George W. Reynolds, Principles of Information Systems A Managerial Approach Learning, 2001.

11 MODEL QUESTION PAPER M.B.A. DEGREE EXAMINATIONS Second Semester 209MBT25 - COMPUTER APPLICATIONS AND MANAGEMENT INFORMATION SYSTEM (Regulations 2009) Time: 3 Hours Maximum: 100 marks Answer ALL the questions PART A (10 2 = 20 Marks) 1. Compare Information and Data. 2. Define Information System. 3. What is DDL? 4. Explain System Development Life Cycle. 5. Name any three coding techniques. 6. Define RAD. 7. What is a prototype? 8. Mention the role of DSS in management decision making. 9. What are the different feasibility studies? 10. List down the advantages of using SPSS. PART B (5 16 = 80 Marks) 11. (a) Explain in detail the different types of information system. or (b) Today s business cannot survive without the help of information Systems. Do you agree with this statement? Discuss. 12. (a) (i) What are the major challenges that faced by the organisations in developing information system? (ii) Explain any two business models used for Information System. or (b) What is an OS? Explain in detail the functions of an OS. 13. (a) Give a detailed note on Spiral model of software development. or (b) Explain the steps involved in systems development life cycle. 14. (a) (i) What is mean by System Audit? (ii) What are the important features of DSS? or (b) Explain as how will you design computer based Controls?

12 15. (a) (i) Describe four types of Scales used in SPSS with suitable examples. (ii) What is SPSS? Explain in Brief. or (b) (i) Brief out the various software packages used in manufacturing Industries and list down the benefits of using it.

13 1 Introduction to Information System UNIT I Introduction

14 2 Computer Applications and Management Information System

15 LESSON 1 INTRODUCTION TO INFORMATION SYSTEM 3 Introduction to Information System STRUCTURE 1.0 Objectives 1.1 Introduction 1.2 Information System 1.3 Need of Information in Managing Business 1.4 Establishing the Information Framework Basic Framework of an Information System Types of Controls Information System Audit 1.5 Classification of Information Systems 1.6 Business Models Business Systems Business Process Modeling Business Process Re-engineering 1.7 Managing Information Systems 1.8 Information System Architecture 1.9 Evolution of Information Systems 1.10 Let us Sum up 1.11 Glossary 1.12 Suggested Readings 1.13 Questions 1.0 OBJECTIVES After studying this lesson, you should be able to: Explain the concept of information system Describe the need of information system Explain the classification of information system Describe managing information systems 1.1 INTRODUCTION This lesson introduces the subject and gives an overview of the Information Systems, their evolution and classification. The lesson attempts to give an overview of business

16 4 Computer Applications and Management Information System process design as Business Processes are at the core of any information system. The objective is also to provide an overview of the life cycle of information from understanding the need in organisations to designing, implementing and managing the system. Details will be discussed in the relevant lessons. 1.2 INFORMATION SYSTEM An increasingly competitive world calls for: Reduction in cycle times, Reduction in inventory, Development of new products to meet the ever-increasing demands of the customer. Information resource is critical to the development of more effective operational and management processes within an enterprise. Use of IT in organisations has moved from mere problem solving to enterprise-wide IT strategies enabling resource planning and customer management. The strategic and operational importance of information as a resource in business is no longer questionable. Business Information Systems has now become synonymous with Information Technology (IT) which has become an integral part of any enterprise. Globalisation and the competitive environment have threatened the survival of businesses. Speed is the cutting edge. Businesses are increasingly expanding into global markets. Managing and accomplishing these strategies would be impossible without Information Technology. It has facilitated both speed and change management, which is transforming the business processes, and the way business is conducted and managed, marketing strategies, product development strategies, customer service, internal operations and logistics are today heavily dependent on information technology. Information systems encompass many complex business technologies, applications and behavioral aspects. A manager or an end user, therefore, needs to understand and appreciate five major areas of IT for business strategies, covering business information systems, IT applications in business, information system development methodologies, fundamental understanding of IT components such as hardware, software, networks, database, network and telecommunication, and management of IT resources and IT enabled business strategies. In the words of Paul Strassman, It is not computers that make the difference, but what people do with them. 1.3 NEED OF INFORMATION IN MANAGING BUSINESS An Information System is an organised system, which collects, transforms and disseminates information in an organisation. It is an integration of hardware, software, data, network & communication, processes and people which transforms data resources into a variety of information products to support decision-making, coordination, and planning & control of business strategies. Information Systems also help organisations analyse problems, visualise complex scenarios and create new products. Today s managers require all the help they can get. The environment is undergoing significant changes thereby placing tremendous pressure on organisations and their managers. Information Systems have therefore become an integral part of all businesses. In an increasingly competitive world, it has become necessary for enterprises to reduce cycle times, reduce inventory and develop new products to meet the ever-increasing demands of the customer. Information resource is critical to the

17 development of more effective operational and management processes within an enterprise. The use of IT in organisations has moved from an environment of just problem solving to enterprise-wide IT strategies enabling resource planning and customer management. The basic reason for use of Information Technology in business is to support operations, managerial decision-making and strategic planning through information systems. However it is necessary to understand that Information Systems are more than a mere set of technologies that support business operations or effective managerial decision-making. IT which supports Information Systems can change the way businesses work. 5 Introduction to Information System 1.4 ESTABLISHING THE INFORMATION FRAMEWORK Basic Framework of an Information System The basic framework of an Information System consists of: Input: Consists of data, instructions and involves capturing and assembling elements that enter the system to be processed. Processing: Involves transformation processes that convert input into output. Data storage is an important function, which retains the relevant input data for providing the output required. Output: Involves transferring elements that have been produced by a transformation process to their destination and consists of reports, queries, computations and information products. Feedback: It is data about the performance of a system. Control: Involves monitoring and evaluating feedback to determine whether a system is moving towards the achievement of the goal. The framework is diagrammatically depicted below: Information System Input Processing Classify Arrange Calculate Output Feedback Environment Figure 1.1: Framework of an Information System Input captures or collects raw data from within the organisation or from its external environment. Processing converts this raw input into a meaningful form and Output transfers the processed information to the people who use it or to the activities for which it will be used. Output in the form of feedback is returned to the appropriate members of the organisation to help them control or correct the input stage. Feedback in the case of IT-enabled services helps monitor & control the business process. Environmental actors such as customers, suppliers, stockholders, regulatory agencies and competitors impact/interact with the organisations or the Information Systems.

18 6 Computer Applications and Management Information System The demands of the business determine the type of processing. If the user needs periodic or occasional reports or output, as in payroll or end-of-year reports, batch processing is most efficient. If the user needs immediate information and processing, as in an airline or hotel reservation system, then the system should use online processing. The manner in which data are input into the computer affects how the data can be processed. Information systems collect and process information in one of two ways: through batch or through online processing. There are two major processing approaches. Batch Input and Processing In batch processing, transactions, such as orders or payroll time cards, are accumulated and stored in a group, or batch, until the time when, because of some reporting cycle, it is efficient or necessary to process them. This was the only method of processing until the early 1960s, and it is still used today in older systems or some systems with massive volumes of transactions. Online Input and Processing In online processing, which is now very common, the user enters transactions into a device (such as a data entry keyboard or bar code reader) that is directly connected to the computer system. The transactions usually are processed immediately. The input, storage, processing and output functions are performed by the system's components. These components are hardware, software, stored data, personnel and procedures. Hardware and software are the information technology for an information system while personnel and procedures are the components that involve human resources in a system. To fully understand Information Systems, a manager/business end user must understand the organisation, its business & management processes and the Information Technology dimensions (Hardware, Software, Data & Storage technology, Network & Communication technology) of systems and their capability to provide solutions to challenges and problems in the business environment Types of Controls Like any other vital business assets the resources of information system, hardware, software, networks and data need to be protected by built in control to ensure their quality and security. Effective controls provides IS security which includes accuracy, integrity and safety of IS activities and resources. Controls can minimise errors, fraud and destruction in the internet worked IS that interconnect end users and organisations. Effective controls also provide quality assurances for IS. This can help reduce the risk of potential negative impact that IT can have on business survivals and success. Three basic types of controls need to be developed to ensure the quality and security of IS. These controls are IS controls, procedural controls and facility controls. IS controls are methods and devices that attempt to ensure the accuracy, validity and propriety of IS activities. Controls must be developed to ensure proper data entry, processing techniques, storage methods and information outputs. Thus IS controls are designed to monitor and maintain the quality and security of the input, processing, output and storage activities of any IS.

19 Input Controls Input controls ensure that the proper data enters the system. These are executed through password and other security codes, data entry screens with validation and prerecorded and pre-numbered forms. A programmed control can be built in to conduct checks for invalid codes, data fields and transactions. Data entry and other systems activities are frequently monitored by the use of control totals/batch totals. A batch total is the specific item of data within a batch of transactions. Such as sales amount or balance outstanding. 7 Introduction to Information System Processing Controls Once the business data is entered correctly processing controls need to take over to ensure proper procedure. The processing controls are developed to identify errors in arithmetic calculations and logical operations. They are also used to ensure that data is not lossed or do not go unprocessed. These controls includes both hardware and software controls. Hardware controls includes built-in checks to ensure the accuracy of computer processing. Some of these checks are malfunction detection, redundant components and special purpose microprocessor associated circuitry that may be used to remote diagnostic and maintenance. Software controls ensure that the right data are being processed. These include checkpoints and also helped in building audit trail, which allows transaction process to be traced through all the steps of processing. Output Controls Output controls are developed to ensure that information products are correct and complete and available to authorized users in a timely manner. Pre-numbered output forms can be used to control the loss of important output documents. End users should be motivated to provide feedback on the quality of the output which would help in improving the use of information products. Storage Controls These controls are built-in to protect the data resources. Control responsibilities of files of computer programmes and data base can be assigned to specific people. These employees are responsible for maintaining and controlling access to both program libraries and databases. Account codes, passwords and security codes are frequently used to authorised users only. A catalogue of authorised users enables computer systems to identify the eligible users and determined which type of authorized to receive. Backup mechanism for ensuring the availability of data in case of failure is also one of the storage controls. Facility Controls Facility controls are methods that protect an organisations computing and network facilities and their contents from lost or destruction. Computer network and computer centers are subject hazards such as accident, natural disastrous, sabotage and theft of resources. Safeguards and control procedures are necessary to protect the IT resources and vital data resources of the organisations Information System Audit An Information System should be periodically audited by internal auditing team in order to ensure that proper and adequate information systems control, procedural control and other managerial controls have been developed and implemented. Auditing around the computer systems verifies the accuracy and propriety of input of data and output produce without evaluating the software that process the data. Auditing through the computer systems involves verifying the accuracy and integrity

20 8 Computer Applications and Management Information System of the software that process the data as well as the input of the data and output produced by the computer systems. Another objective of auditing procedure is to test the integrity of an application's audit trail. This feature can be found on many online transactional procedure systems and network control programs. Such an audit trail helps an auditor to check for errors or frauds and also helps the IS security specialists trails and evaluate the trail of hacker attacks on computer networks. Check Your Progress 1 1. Define information system What do you mean by feedback? CLASSIFICATION OF INFORMATION SYSTEMS Information systems perform three vital roles in any type of organisation: Support of business operations Support of managerial decision making Support of strategic competitive advantage Information systems can be classified in several ways. They could be classified by the specific organisational function they serve, by the organisational levels they support or by the support they provide. Information Systems can therefore be classified into two major groups operational support systems and the management support systems. This classification highlights the major roles the information system plays in the operations and management of a business. The following figure depicts this classification. Transaction Processing System (TPS): These systems support operations personnel and supervisors covering repetitive, mission critical activities such as order processing, securities trading, cash management, materials management, and plant scheduling. They primarily record and process data resulting from business transactions. These systems produce a variety of information products purchase orders, payslips, sales receipts, customer statements and financial statements. Process Control Systems: These systems make routine decisions that control operational processes. Enterprise Collaboration Systems: These involve the use of groupware tools to support communication, coordination and collaboration among the members of a group and the enterprise. These systems depend on intranets, the Internet, extranets and other networks. The goal of such systems is to enhance the productivity and creativity of teams and workgroups in the business environment. This system is also complimented by office automation system which supports office workers in their day to day activities covering word processing, document management and event tracking.

21 Information Systems 9 Introduction to Information System Operations Support Systems Management Support Systems Transaction Processing Systems Management Information Systems Process Control Systems Decision Support Systems Enterprise Collaboration Systems Executive Information Systems Figure 1.2: Classification of Information Systems Management Information System (MIS): These systems emphasize the management orientation of information systems which support management decision making at all levels. These systems provide a variety of reports and displays to managers. The contents of these are defined by managers in advance. These systems collate information about internal operations updated by transaction processing systems and business environment data from external sources. Decision Support System (DSS): These systems are interactive, computer-based systems which use decision /analytical models and specialised databases to assist the decision making process of managerial end users. It provides managers and analysts with analytical modeling and simulation capabilities for sales analysis, production scheduling, costing/pricing/profitability analysis. Executive Information or Support System (EIS): These are management information systems tailored to the strategic information needs of top level executives in areas of planning and forecasting. 1.6 BUSINESS MODELS Business Systems Information Systems directly support both operations and management activities in the business functions of accounting, finance, human resources management, marketing, and operations management. These are business information systems which support the functional areas of business. The major functional information systems are: Accounting information system Finance information system Production scheduling system Inventory control system Marketing information system Human resources management information system In each functional area, some routine and repetitive tasks that are essential to the operation of the organisation are supported by the transaction processing system while the management information system supports the management activity.

22 10 Computer Applications and Management Information System Strategic systems deal with decisions that significantly change the manner in which business is conducted. The strategic role of information systems involves using IT to develop products, services and capabilities that give an organisation the competitive advantage Business Process Modeling In a business world that is increasingly competitive, companies frequently find that their organisation structures and processes are not allowing them to adapt to change quickly enough. Many of these companies have decided to adopt modern business practices and IT technology that supports them a change that affects many aspects of an organisation. The following challenges are common: Business processes are not visible to people working in the organisation. If there is no common baseline to start from, it is difficult to discuss what to change. Different parts of an organisation use different variants of the same process. This lack of alignment in practices and terminology causes confusion and makes it difficult to assess what should be changed. Technology has become essential to how business is run. Both the business management and IT management teams see the need to collaborate more than they traditionally have. Companies that didn't used to think of their products and offerings as software now find that software is how the products are represented. For example, much of the financial and banking industry has been changed over the past five to ten years through online representations of essential service offerings. Everything we do is a process and could conceivably be put into a Standard Operating Procedure (SOP). Within any process there will be different viewpoints from both the observer and the executioner of the process. Additionally, there will be traceability where one can follow through the steps involved in the evolution of the process. There will also be roles for those people or things (shareholders) involved in the process. Finally, there has to be a reason why that process is being performed. What requirement has necessitated the use of that particular process? Who follows processes? People, as individuals, and organisations follow processes. Such processes can best be understood and analysed through modeling. A business process is always governed by business policies and business rules. Hence while, mapping the process and collecting process requirements, it is essential to capture the following elements of the process: Activity flow: sequence of activities from start to end along with their interdependencies and inter-relationships Information flow: inputs and outputs for each of the activity mapped as part of activity flow Business rules: business policies governing the flow of business process Performer: performer of the activity; a person, a group of persons, or a system Activity turnaround time Activity cost Process Modeling is known under various names, including Business Process Modeling, Business Process Management and Business Re-engineering, to name but a few. Modeling techniques can be applied to all these. If business requirements demand new functionality in your applications, or if the business is going through an automation effort, business process modelling could be input to an application development effort in order to generate software requirements. Business Process

23 Modeling refers to the techniques for visualizing and reasoning about processes and structures in the organisation, and is becoming increasingly important. The most commonly followed techniques of process mapping is flowcharting. Flowchart is a graphical representation of sequence of activities carried out as part of the process from start to end along with their inter-relationships and inter-dependence. The other diagrams used to understand the system are Activity Flow Diagram and Data Flow Diagram. 11 Introduction to Information System Business Process Re-engineering The two cornerstones of any organisation are the people and the processes. If individuals are motivated and working hard, yet the business processes are cumbersome and non-essential activities remain, organisational performance will be poor. Business Process Reengineering is the key to transforming how people work. What appear to be minor changes in processes can have dramatic effects on cash flow, service delivery and customer satisfaction. The design of workflow in most large corporations was based on assumptions about technology, people, and organisational goals that were no longer valid. They suggested seven principles of reengineering to streamline the work process and thereby achieve significant levels of improvement in quality, time management and cost. The method was popularly referred to as Business Process Re-engineering (BPR), and was based on an examination of the way information technology was affecting business processes. Business process reengineering is the analysis and redesign of workflow within and between enterprises. The main proponents of re-engineering were Michael Hammer and James Champy. In a series of books including Reengineering the Corporation, Reengineering Management, and The Agenda, they argue that far too much time is wasted, passing on tasks from one department to another. Davenport (1992) prescribes a five-step approach to the Business Process Reengineering model: Develop the business vision and process objectives: The BPR method is driven by a business vision which implies specific business objectives such as cost reduction, time reduction, output quality improvement. Identify the business processes to be redesigned: most firms use the 'high-impact' approach which focuses on the most important processes or those that conflict most with the business vision. A lesser number of firms use the 'exhaustive approach' that attempts to identify all the processes within an organisation and then prioritise them in order of redesign urgency. Understand and measure the existing processes: to avoid the repeating of old mistakes and to provide a baseline for future improvements. Identify IT levers: awareness of IT capabilities can and should influence BPR. Design and build a prototype of the new process: the actual design should not be viewed as the end of the BPR process. Rather, it should be viewed as a prototype, with successive iterations. 1.7 MANAGING INFORMATION SYSTEMS In order to ensure that the information system designed and implemented is continuously updated and running as per business requirements, system development and the IT infrastructure need to be managed. An IS should be periodically audited by internal auditing team in order to ensure that proper and adequate information systems

24 12 Computer Applications and Management Information System control, procedural control and other managerial controls have been developed and implemented. Auditing around the computer systems verifies the accuracy and propriety of input of data and output produce without evaluating the software that process the data. Auditing through the computer systems involves verifying the accuracy and integrity of the software that process the data as well as the input of the data and output produced by the computer systems. Another objective of auditing procedure is to test the integrity of an application's audit trail. This feature can be found on many online transactional procedure systems and network control programs. Such an audit trail helps an auditor to check for errors or frauds and also helps the IS security specialists trails and evaluate the trail of hacker attacks on computer networks. 1.8 INFORMATION SYSTEM ARCHITECTURE The information system architecture, according to Synnott (1987), is a conceptual framework for the organisational IT infrastructure. It is a plan for the structure and integration of the information resources in the organisation. Synnott proposes a model for information system architecture, which comprises of two major parts. The centralised portion serves the entire organisation and it includes the business architecture (information needs of the organisation), the data architecture, and the communications architecture. The decentralised (upper) portion focuses on an organisational function or on some service or activity (e.g. human resources, computers, end-user computing, and systems). Each entity includes operational, managerial and strategic applications. Types of Information System Architecture One way to classify information system architecture is by the role the hardware plays. It is possible to distinguish two extreme cases: a mainframe environment and a PC environment. The combination of these two creates a third type of architecture, the distributed or networked environment. Mainframe Environment In the mainframe environment, a mainframe computer does processing. The users work with passive (or dumb ) terminals, which are used to enter or change data and access information from the mainframe. This was the dominant architecture until the mid 1980s. Very few organisations use this type of architecture exclusively today. An extension of it is an architecture where PCs are used as smart terminals. Yet, the core of the system is the mainframe with its powerful storage and computational capabilities. The Network Computers (NCs) that were introduced in 1997 are redefining the role of the centralized computing environment. PC Environment In the PC configuration, only PCs form the hardware information architecture. They can be independent of each other, but normally the PCs are connected via electronic networks. This architecture is common for many small and medium-size organisations. Networked (Distributed) Environment Distributed processing divides the processing work between two or more computers. The participating computers can be all mainframe, all midrange, all micros, or, as in most cases, a combination they can be in one location or in several. Cooperative processing is a type of distributed processing in which two or more geographically dispersed computers are teamed together to execute a specific task. Another important

25 configuration of distributed processing is the client/server arrangement, where several computers share resources and are able to communicate with many other computers via LANs. When a distributed system covers the entire organisation, it is referred to as an enterprise wide system and its parts are frequently connected by an intranet. A distributed environment with both mainframe and PCs is very flexible and is commonly used by most medium and large-size organisations. This basic classification is analogous to a transportation, such as a train or a plane. In this case, several riders share the vehicle and use it at specified times and must obey several rules. This is like using a mainframe. Second, you can use your own car, which is like using a PC. Third, you can use both; for example, you can drive to the train station and take the train to work, or you can drive to the airport and take a plane to your vacation destination. This last arrangement, which is analogous to a distributed system, is flexible, providing the benefits of the other two options. Thanks to communication networks and especially the Internet and intranets, networked computing is becoming the dominant architecture of most organisations. This architecture permits intra and inter-organisational cooperation in computing, accessibility to vast amounts of data, information, and knowledge, and high efficiency in the use of computing resources. The concept of networked computing drives today s new architecture. The Internet, intranet and extranets are based on client/server architecture and enterprise wide computing, the newest architectural concepts. The principles of these concepts are briefly explained in this section. 13 Introduction to Information System Client/Server Architecture A client/server arrangement divides networked computing units into two major categories: clients and servers, all of which are connected by LANs and possibly VANs. A client is a computer such as a PC or a workstation attached to a network, which is used to access shared network resources. A server is a machine that provides clients with these services. Examples of servers are a database server that provides connection to another network, to commercial databases, or to a powerful processor. In some client/server systems there are additional computing units, referred to as middleware. The purpose of client/server architecture is to maximize the use of computer resources. Client/server architecture provides a way for different computing devices to work together, each doing the job for which it is best suited. The role of each machine need not be fixed; a workstation, for example, can be a client in one task and a server in another. Another important element is sharing. The clients, which are usually inexpensive PCs, share more expensive devices, the servers. There are several modules of client/server architecture. In the most traditional model, the mainframe acts as a database server providing data for analysis, done by spreadsheets, database management systems, and other 4GLs, for the PC clients. Client/server architecture gives a company as many access points to data as there are PCs on the network. It also lets a company use more tools to process data and information. Client/server architecture has changed the way people work in organisations; for example, people are empowered to access databases at will. Enterprise wide Computing Client/server computing can be implemented in a small work area or in one department on a LAN. Its main benefit is the sharing of resources within that department. However, many users frequently need access to data, applications,

26 14 Computer Applications and Management Information System services, electronic mail, and real-time flows of data, which are in different LANs or databases, so that they can improve their productivity and competitiveness. The solution is to deploy an enterprise wide client/server architecture, that is, to combine the two concepts to form a cohesive, flexible, and powerful computing environment. Check Your Progress 2 Fill in the blanks: 1. A.. is always governed by business policies and business rules. 2. The two cornerstones of any organisation are the.. and the processes. 1.9 EVOLUTION OF INFORMATION SYSTEMS The first computers were designed to compute formulas for scientific and military applications during and immediately after World War II. The first business applications began in the early 1950s, and the computers did repetitive, large volume transactions computing tasks involving summarizing and organising data in the accounting, finance and personnel areas. In the 1960s, a new category of Information Systems started to develop. Systems arrived that accessed, organised, summarised and displayed information for decision making in the functional areas. These systems are known as Management Information Systems (MIS) and are geared towards support for middle-level managers. These systems are characterised mainly by their ability to produce predefined periodic reports such as a daily list of employees and the hours they work, or a monthly report of expenses as compared to a budget. MIS had a historical orientation; as it described events after they occurred. Support systems for operations began to emerge in the late 1960s and early 1970s when networked computing and electronic communication became prevalent. Airline reservation systems are perhaps the best example of this development. Parallely, Office Automation System (OAS) that supported the day-to-day work evolved. At around the same time, computers were introduced to manufacturing environments. Applications ranged from robotics to Computer-aided Design and Manufacturing (CAD/CAM). By the early 1970s, the demand for all types of IT support systems had begun to accelerate. A new concept of Decision Support Systems (DSS) emerged which focused on providing managers with ad hoc and interactive support for their decision making processes. They were also used to forecast trends and provide interactive support for the decision making process. These systems could be tailored to the unique decision making styles of managers as they confronted specific problems in the environment. Most top executives however did not directly use either the reports of MIS or the analytical modeling capabilities of decision support systems. This necessitated the development of Executive Information Systems (EIS) which were designed to provide the senior executives an easy way to get the critical information they want in the required formats as and when they want. Breakthroughs occurred in the development and application of artificial intelligence techniques to business information systems in the form of Expert Systems (ES) and knowledge based systems that provided expert advice in certain areas.

27 By 1980 information systems acquired a strategic role and IT became an integral part of business processes, products and services that help an organisation to gain the competitive advantage. There was a need to improve the quality of information and hence ensure the accuracy of input data. This necessitated bringing the input as close to the point of origin as possible, which therefore resulted in IT enabling the business processes. Today the rapid growth of the Internet, Intranet and Extranet has dramatically changed the capabilities of information systems in business and a new concept of enterprise wide systems has emerged which directly supports both operational and management activities in business. 15 Introduction to Information System 1.10 LET US SUM UP In this lesson, we have looked at the need for information systems, their evolution and classification, information controls, the need for business process design and finally the management of these systems. The subsequent lessons will discuss the details of the IS components, the development process, various applications, and management of the information systems GLOSSARY Information System: A collection of elements that capture data and convert it in information and disseminate to the decision-makers in an organisation. Information Technology: Hardware and software that perform data processing tasks, such as capturing, transmitting, storing, retrieving, manipulating or displaying data. Input: Consists of data, instructions and involves capturing and assembling elements that enter the system to be processed. Output Controls: Output controls are developed to ensure that information products are correct and complete and available to authorised users in a timely manner. Check Your Progress: Answers CYP 1 1. An Information System is an organised system, which collects, transforms and disseminates information in an organisation. 2. It is data about the performance of a system. CYP 2 1. business process 2. people 1.12 SUGGESTED READINGS Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, 1991.

28 16 Computer Applications and Management Information System Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, QUESTIONS 1. Why are information systems essential in business today? Identify at least two trends in the global business environment that have made information systems so important. 2. Evaluate the role of information systems in supporting various levels of business strategy. Why is there considerable resistance in organisations towards introduction of information systems? 3. How are information systems changing the management process? What specific managerial roles can information systems support? 4. How can information systems support an organisation's business operations, decision making by their managers and give them a competitive advantage? Identify examples within your organisation to illustrate your answer. 5. What are the key management challenges involved in building, operating and maintaining information systems today? 6. What controls are needed for improved security in end user computing? Identify three controls that could be used in your area of work. How could it be implemented in an information system, which is being used by you? 7. Why is an Information Audit necessary? What aspects of an information system need to be audited?

29 17 System Development Life Cycle UNIT II System Development

30 18 Computer Applications and Management Information System

31 LESSON 2 SYSTEM DEVELOPMENT LIFE CYCLE 19 System Development Life Cycle STRUCTURE 2.0 Objectives 2.1 Introduction 2.2 System Development Life Cycle 2.3 Definition of SDLC (System Development Life Cycle) 2.4 Phases of SDLC 2.5 Project Selection Feasibility Analysis System Analysis and Project Planning System Design System Coding System Testing Implementation Maintenance 2.6 System Life Cycle Stages and Activities SDLC Phases Related to Management Controls Baselines in the SDLC Complementary to SDLC 2.7 Typical Tasks in the Development Process Life Cycle 2.8 Approaches in System Development Ad-hoc Development Waterfall Model Iterative Development Prototyping Exploratory Model Spiral Model Reuse Model Creating and Combining Models Information Gathering System Analysis 2.9 Problems with the System Development Life Cycle Approach 2.10 Business Systems Concept 2.11 Strengths and Weaknesses of SDLC Contd

32 20 Computer Applications and Management Information System 2.12 Let us Sum up 2.13 Glossary 2.14 Suggested Readings 2.15 Questions 2.0 OBJECTIVES After studying this lesson, you should be able to: Explain concept of SDLC Describe typical task in development process life cycle Explain approaches in system development Describe strengths and weaknesses of SDLC 2.1 INTRODUCTION The System Development Life Cycle (SDLC) is the traditional system development method used by most organisations today. The SDLC is a structured frame that consists of sequential processes by which information systems are developed. These include investigation, system analysis, system design, programming testing, implementation, operation and maintenance. These processes, in turn, consist of well-defined tasks. Some of these tasks are present in most projects, whereas others are present in only certain types of projects. That is, large projects typically require all the tasks, whereas, smaller development projects may require only a subset of the tasks. In the past, developers used the 'Waterfall approach' to the SDLC in which tasks in one stage were completed before the work proceeded to the next stage. Today, system developers go back and forth among the stages as necessary. This lesson presents the concept of the Systems Development Life Cycle (SDLC), which provides the framework for all activities in the development process. 2.2 SYSTEM DEVELOPMENT LIFE CYCLE There is a fundamental dilemma faced by anyone developing a computer application. Most problems are so large they have to be split into smaller pieces. The difficulty lies in combining the pieces back into a complete solution. Often each piece is assigned to a different team, and sometimes it takes months to complete each section. Without a solid plan and control, the entire system might collapse. Thousands of system development projects have failed or been canceled because of these complications. Partly because of the problems that have been encountered in the past, and partly because of technological improvements, several techniques are available to develop computer systems. The most formal approach is known as the Systems Development Life Cycle (SDLC). Large organisations that develop several systems use this method to coordinate the teams, evaluate progress, and ensure quality development. Most organisations have created their own versions of SDLC. Any major company that uses SDLC also has a manual that is several inches thick (or comparable online documentation) that lays out the rules that MIS designers have to follow. Although these details vary from firm to firm, all of the methods have a common foundation. The goal is to build a system by analysing the business processes and breaking the problem into smaller, more manageable pieces.

33 Improvements in technology improve the development process. The powerful features of commercial software make it easier to build new applications. Programmers and designers can work with larger, more powerful objects. For example, instead of programming each line in Java, a report can be created in a few minutes using a database management system or a spreadsheet. Prototyping is a design technique that takes advantage of these new tools. The main objective of proto typing is to create a working version of the system as quickly as possible, even if some components are not included in the early versions. The third method of creating systems, end-user development relies on users to create their own systems. This method typically uses advanced software (such as spreadsheets and database management systems) and requires users who have some computer skills. It is important to be careful when you implement any new system. Case studies show that major problems have arisen during implementation of systems. In fact, some organisations have experienced so many problems that they will deliberately stick with older, less useful systems just to avoid the problems that occur during implementation. Although changes can cause problems, there are ways to deal with them during implementation. There have been some spectacular failures in the development of computer systems. Projects always seem to be over budget and late. Worse, systems are sometimes developed A systems analyst facilitates the development of information systems and computer applications. The systems analyst performs systems analysis and design. Systems analysis is the study of a business problem or need in order to recommend improvements and specify the requirements for the solution. System design is the specification or construction of a technical, computer-based solution as specified by the requirements identified in a systems analysis. Personal qualities helpful to systems analysts include: Problem-solving abilities Communication skills Computer/IT experience Self-discipline and Self-motivation Project management capabilities Systems are enhanced for a number of reasons: Adding features to the system Business and government requirements change over time Technology, hardware and software are rapidly changing 21 System Development Life Cycle 2.3 DEFINITION OF SDLC (SYSTEM DEVELOPMENT LIFE CYCLE) System development for business applications is not an easy task. In developing a large integrated system such as MIS, many people are involved and many months or even years are spent. However, a small independent application such as Payroll can be developed in few weeks or months by a single or few programmers. For such small systems, system development activities may be done implicitly without proper documentation. But, for large systems, these activities must be done explicitly with proper planning and documentation. Whether a system is small or large, system development revolves around a life cycle that begins with the recognition of users'

34 22 Computer Applications and Management Information System needs and understanding their problems. Such a life cycle comprising various phases is called System Development Life Cycle. 2.4 PHASES OF SDLC System development begins with the recognition of user needs followed by a sequence of activities which are performed step by step. The basic activities or phases that are performed for developing a system are: Feasibility Analysis (Preliminary Investigations) System Analysis (Requirements Analysis) and Project Planning System Design System Coding System Testing Implementation Maintenance The various phases of SDLC are illustrated in Figure 2.1. Feasibility Analysis System Analysis Maintenance Phase-I Phase-II Phase-VII Phase-VI SDLC Phase-III System Design Phase-IV Implementation Phase-V System Testing System Coding Figure 2.1: Seven Phases of System Development Life Cycle 2.5 PROJECT SELECTION Project selection starts with recognition of the need for change. The idea for change originates in the environment (government, consumers, union, etc.) or from within the firm (user, analyst, etc.). While deciding about the project to design, a number of factors are considered: technical (availability of qualified specialists), operational (user s experience with similar projects) and economic (cost effectiveness of the proposed system). Political consideration also plays a role in the final selection.

35 2.5.1 Feasibility Analysis Feasibility analysis is the first phase in the development of a new system (candidate system). This phase starts when the user faces a problem in the current system (manual or already computerised) and hence, recognises a need for improving an information system. Some of the examples for recognising a need are: The accountant of a company may feel that it is very time consuming to maintain the account books manually. He may not be able to prepare the financial statements on time due to slow manual operations. The management may recognize the need for getting MIS report for effective decision-making and financial planning. If an information system is already computerised, it may become slow and inefficient for meeting new demands of the users. As the information technology is evolving very rapidly, the application software developed few years back in one operating environment (say DOS or UNIX) may become outdated due to popularity of graphical operating environments such as Windows. Due to the Y2K problem, systems developed during the nineteenth century either may not work or may provide unexpected and incorrect information. There may be many more reasons due to which users either want to develop new system or improve the existing system. Some of the reasons for needing system change recognized by different groups of people within and outside the organisation are summarised in Table 2.1. Table 2.1: Reasons for Needing System Change 23 System Development Life Cycle Source of Change Management Administrative Staff Sales & Marketing Staff Production Staff Quality Purchase Department Inventory Customer Government Other Organisations Union Reason for Change Unable to get MIS reports required for decision-making and planning. Unable to handle the workload due to manual or outdated (a) Unable to achieve sales targets due to inefficient marketing system. (b) Unable to process orders and handle despatch on time due to inefficient invoicing/order processing system. Unable to manufacture items on schedule and with required due to lack of computerised production planning and control system. Unable to control inventory of items due to inefficient control system. Slow, inefficient and unsatisfactory public dealings and consumer services provided by the organisation. Implementation of new or revised rules and regulations imposed on the organisation. Competing in the market for best products and services. Settlement of disputes regarding provident funds, revision of salaries and increments, etc. After recognising need for system change, the user submits a formal request to the Information Systems (IS) department of the organisation or an outside software development company either for a new system or for modifying the current system. After receiving the request, the overall incharge of software development team, System Analyst, begins the preliminary investigations to determine whether the system requested is feasible to develop or not. During preliminary investigations, the

36 24 Computer Applications and Management Information System analyst understands the major requirements of the system by meeting with the users. He asks a number of questions to the user regarding the current working of the system, problems of the current system and their present needs. All these activities are a part of feasibility analysis phase. At the end of feasibility analysis, a business proposal or a feasibility study report is put forth by outsider software company or in-house IS department. On acceptance of the proposal, the SDLC enters into the phase of system analysis and project planning System Analysis and Project Planning When the System analyst decides that the requested system is feasible and the management agrees to continue the development process, SDLC enters into its next phase determination of system requirements. This phase includes studying of existing system in detail and collecting data in order to find out the requirements of the users. This phase is also called Requirements Analysis. The major objective of requirements analysis is to identify 'what' is needed from the system. During this phase, the analyst identifies the detailed requirements of the users. At this stage, he does not emphasizes on 'how' the system will meet these objectives. System or Requirements analysis phase consists of two sub-phases Problem Analysis and Requirements Specification. In problem analysis, the analyst understands the existing system for finding the requirements of the proposed new system (sometimes also called candidate system). In requirements specifications, the analyst specifies all the requirements on a document called Software Requirements Specifications (SRS) document. The SRS is validated by the users by reviewing their requirements specified during analysis. After completion of SRS document, the analyst makes a plan to manage the software project. System planning is the most essential part of analysis phase. During system planning, the total cost of developing the software is estimated alongwith the total duration of the project. A project team is organised with a detailed staff requirements for each phase. How a software project is planned? What are the major activities of systems planning? System Design After successful completion of system analysis and planning, the system is designed. In system design phase, first the system is broken down into different modules and then its each module is designed. The various activities of system design includes identification of input data and output reports, design of input forms and output forms, design of data files and developing various procedures to process the data. The major objective of system design is to produce the best model of the system as per the requirements of the users. During this phase, the analyst also studies the working environment and designs the system accordingly. A system is designed on the basis of many principles and according to a methodology. The users and managers also put certain restrictions in designing the system. All these important issues will be discussed dealing with Modularization and Module Specification. The various design reports are the outputs of system design phase System Coding The next phase is concerned with translating the system design specification developed thus far into a working entity. Thus, if the system is mechanical, parts are procured and assembled according to the design specification. When the design (properly documented) is accepted by the requested department, the analyst begins developing the software using a programming language. This is the phase when the programmers play their role in development of the system. They start designing data structures and writing of programs as per the documents prepared during design phase. They test their individual programs and integrate them into a single system. The

37 development phase can be categorized into two sub-phases Database design and Program design. Database design is the most important aspect of developing a new system. Program design is mainly concerned with writing of programs (coding), editing of programs using a text editor or word processor, debugging and finally testing them. During this phase, a team of programmers work under guidance of their project leader (systems analyst) and do all the coding. 25 System Development Life Cycle System Testing Testing is the most vital phase of SDLC. In this phase, the system as a whole is tested with different techniques to ensure that the system is bug free. Although, during design phase, the programmers test their programs but this sort of testing is generally unorganised without preparation of test data. During testing phase, the testing is done in systematic and organised way in order to ensure the reliability of the system and to make it error free. The major objective of testing is to find all possible errors that can occur during implementation of the system Implementation After testing, the system is installed at the user's place and implemented. Implementation is the most crucial phase of SDLC. During implementation process, the manual or old computerised system is converted to newly developed computerised system. Many different activities are performed in conversion process on Systems Implementation and Maintenance. After conversion, the users are trained for operating and maintaining the system. Implementation is generally considered the last phase of SDLC. However, the systems development work continues until the users of the requested department accept the candidate system Maintenance After implementation, the systems need to be maintained in order to adapt to the changing business needs. Maintenance is sometimes not considered as a phase of SDLC, but it is an essential part of a software project that never ends. Generally more than 50 percent of total system development time is spent in maintaining the system. This is because if the system is not properly maintained, it may fail. Maintenance includes the activities that ensure to keep the system operational even if it is required to be modified later. The activities of maintenance phase can be divided into two broad categories Corrective maintenance and Adaptive maintenance. If there are bugs (errors) in the system, they are corrected by the activities of corrective maintenance. If certain modifications are required in the system, they can be incorporated into the system by the activities of adaptive maintenance. Maintenance phase is also considered as the most expensive phase of SDLC. Check Your Progress 1 Fill in the blanks: 1. A. facilitates the development of information systems and computer applications. 2.. starts with recognition of the need for change. 3.. is the first phase in the development of a new system. 4.. is validated by the users by reviewing their requirements specified during analysis.

38 26 Computer Applications and Management Information System 2.6 SYSTEM LIFE CYCLE STAGES AND ACTIVITIES Before proceeding further, let us have a quick look at the stages every system is going through in its lifetime in any organisation. Figure 2.2: System Development Life Cycle If we are analysing these stages we might come across the following activities done in developing, implementing and maintaining a system. These activities are sequential in happening during the process of developing any type of systems. Identify problems, opportunities, and objectives Determine information requirements Analyse system needs Design the recommended system Develop and document the software Implement and evaluate the system Maintain the system Once we know the activities involved in the Development of Systems, it becomes necessary to know how these activities are carried out by the companies. There are various methods or options a company can have for developing and implementing its information systems. Let us see some of the practices mainly followed by many of the successful companies SDLC Phases Related to Management Controls The SDLC phases serve as a programmatic guide to project activity and provide a flexible but consistent way to conduct projects to a depth matching the scope of the project. Each SDLC phase objective is described in this section with key deliverables, a description of recommended tasks, and a summary of related control objectives for effective management. It is critical for the project manager to establish and monitor control objectives during each SDLC phase while executing projects. Control objectives help to provide a clear statement of the desired result or purpose and should

39 be used throughout the entire SDLC process. Control objectives can be grouped into major categories (Domains), and related to the SDLC phases. To manage and control an SDLC initiative, each project will be required to establish some degree of a Work Breakdown Structure (WBS) to capture and schedule the work necessary to complete the project. The WBS and all programmatic material should be kept in the Project Description section of the project notebook. The WBS format is mostly left to the project manager to establish in a way that best describes the project work. There are some key areas that must be defined in the WBS as part of the SDLC policy. Figure 2.3 describes three key areas that will be addressed in the WBS in a manner established by the project manager. 27 System Development Life Cycle Figure 2.3: Work Breakdown Structure The upper section of the Work Breakdown Structure (WBS) should identify the major phases and milestones of the project in a summary fashion. In addition, the upper section should provide an overview of the full scope and timeline of the project and will be part of the initial project description effort leading to project approval. The middle section of the WBS is based on the seven SDLC phases as a guide for WBS task development. The WBS elements should consist of milestones and tasks as opposed to activities and have a definitive period (usually two weeks or more). Each task must have a measurable output (e.g. document, decision, or analysis). A WBS task may rely on one or more activities (e.g. software engineering, systems engineering) and may require close coordination with other tasks, either internal or external to the project. Any part of the project needing support from contractors should have a SOW written to include the appropriate tasks from the SDLC phases. The development of a SOW does not occur during a specific phase of SDLC but is developed to include the work from the SDLC process that may be conducted by external resources such as contractors Baselines in the SDLC Baselines are an important part of the SDLC. These baselines are established after four of the five phases of the SDLC and are critical to the iterative nature of the model. Each baseline is considered as a milestone in the SDLC: Functional Baseline: established after the conceptual design phase. Allocated Baseline: established after the preliminary design phase. Product Baseline: established after the detail design and development phase. Updated Product Baseline: established after the production construction phase.

40 28 Computer Applications and Management Information System Complementary to SDLC Complementary Software development methods to SDLC are: Software Prototyping Joint Applications Design (JAD) Rapid Application Development (RAD) Extreme Programming (XP); extension of earlier work in Prototyping and RAD Open Source Development End-user Development Object Oriented Programming Table 2.2: Comparison of Methodologies (Post & Anderson 2006) SDLC RAD Open Source Object JAD Prototype End User Control Formal MIS Weak Standard Joint User User Time Frame Long Short Medium Any Medium Short Short Users Many Few Few Varies Few One or Two MIS staff Many Few Hundreds Split Few One or Two Transaction/DSS Transaction Both Both Both DSS DSS DSS One None Interface Minimal Minimal Weak Windows Crucial Crucial Crucial Documentation & Training Integrity & Security Vital Limited Internal In objects Vital Vital Unknown In objects Limited Weak None Limited Weak Weak Reusability Limited Some Maybe Vital Limited Weak None Few people in the modern computing world would use a strict waterfall model for their SDLC as many modern methodologies have superseded this thinking. Some will argue that the SDLC no longer applies to models like Agile computing, but it is still a term widely in use in Technology circles. 2.7 TYPICAL TASKS IN THE DEVELOPMENT PROCESS LIFE CYCLE Professional system developers and the customers they serve share a common goal of building information systems that effectively support business process objectives. In order to ensure that cost-effective, quality systems are developed which address an organisation s business needs, developers employ some kind of system development Model to direct the project s life cycle. Typical activities performed include the following: System conceptualization System requirements and benefits analysis Project adoption and project scoping System design Specification of software requirements

41 Architectural design Detailed design Unit development Software integration & testing System integration & testing Installation at site Site testing and acceptance Training and documentation Implementation Maintenance After seeing all the above activities, it is time to know about the methodology or approach which can be used in System Development. All these methodologies are using some of the above tasks through which they all achieve 100 % in System Development. 29 System Development Life Cycle 2.8 APPROACHES IN SYSTEM DEVELOPMENT Ad-hoc Development Early systems development often took place in a rather chaotic and haphazard manner, relying entirely on the skills and experience of the individual staff members performing the work. Today, many organisations still practice Ad-hoc Development either entirely or for a certain subset of their development (e.g. small projects). I can point out that with Ad-hoc Process Models, process capability is unpredictable because the software process is constantly changed or modified as the work progresses. Schedules, budgets, functionality, and product quality are generally (inconsistent). Performance depends on the capabilities of individuals and varies with their innate skills, knowledge, and motivations. There are few stable software processes in evidence, and performance can be predicted only by individual rather than organisational capability. Even in undisciplined organisations, however, some individual software projects produce excellent results. When such projects succeed, it is generally through the heroic efforts of a dedicated team, rather than through repeating the proven methods of an organisation with a mature software process. In the absence of an organisationwide software process, repeating results depends entirely on having the same individuals available for the next project. Success rests solely on the availability of specific individuals provides no basis for long-term productivity and quality improvement throughout an organisation Waterfall Model The Waterfall Model is the earliest method of structured system development. Although it has come under attack in recent years for being too rigid and unrealistic when it comes to quickly meeting customer s needs, the Waterfall Model is still widely used. It is attributed with providing the theoretical basis for other Process Models, because it most closely resembles a generic model for software development.

42 30 Computer Applications and Management Information System The Waterfall Model consists of the following steps: System Conceptualization: System Conceptualisation refers to the consideration of all aspects of the targeted business function or process, with the goals of determining how each of those aspects relates with one another, and which aspects will be incorporated into the system. Systems Analysis: This step refers to the gathering of system requirements, with the goal of determining how these requirements will be accommodated in the system. Extensive communication between the customer and the developer is essential. System Design: Once the requirements have been collected and analysed, it is necessary to identify in detail how the system will be constructed to perform necessary tasks. More specifically, the System Design phase is focused on the data requirements (what information will be processed in the system?), the software construction (how will the application be constructed?), and the interface construction (what will the system look like? What standards will be followed?). Coding: Also known as programming, this step involves the creation of the system software. Requirements and systems specifications from the System Design step are translated into machine readable computer code. Testing: As the software is created and added to the developing system, testing is performed to ensure that it is working correctly and efficiently. Testing is generally focused on two areas: internal efficiency and external effectiveness. The goal of external effectiveness testing is to verify that the software is functioning according to system design, and that it is performing all necessary functions or sub-functions. The goal of internal testing is to make sure that the computer code is efficient, standardized, and well documented. Testing can be a labor-intensive process, due to its iterative nature. Problems associated with the Waterfall Model Although the Waterfall Model has been used extensively over the years in the production of many quality systems, it is not without its problems. In recent years it has come under attack, due to its rigid design and inflexible procedure. Let me tell you the problems associated with the waterfall model below: Real projects rarely follow the sequential flow that the model proposes. At the beginning of most projects there is often a great deal of uncertainty about requirements and goals, and it is therefore difficult for customers to identify these criteria on a detailed level. The model does not accommodate this natural uncertainty very well. Developing a system using the Waterfall Model can be a long, painstaking process that does not yield a working version of the system until late in the process Iterative Development The problems with the Waterfall Model created a demand for a new method of developing systems which could provide faster results, require less up-front information, and offer greater flexibility. With Iterative Development, the project is divided into small parts. This allows the development team to demonstrate results earlier on in the process and obtain valuable feedback from system users. Often, each iteration is actually a mini-waterfall process with the feedback from one phase providing vital information for the design of the next phase. In a variation of this model, the software products which are produced at the end of each step (or series of steps) can go into production immediately as incremental releases.

43 Problems Associated with the Iterative Model While the Iterative Model addresses many of the problems associated with the Waterfall Model, it does present new challenges. Let us see them as follows: The user community needs to be actively involved throughout the project. While this involvement is a positive for the project, it is demanding on the time of the staff and can add project delay. Communication and coordination skills take center stage in project development. Informal requests for improvement after each phase may lead to confusion a controlled mechanism for handling substantive requests needs to be developed. The Iterative Model can lead to scope creep, since user feedback following each phase may lead to increased customer demands. As users see the system develop, they may realise the potential of other system capabilities which would enhance their work. 31 System Development Life Cycle Variations on Iterative Development A number of Process Models have evolved from the Iterative approach. All of these methods produce some demonstrable software product early on in the process in order to obtain valuable feedback from system users or other members of the project team. We will see them below Prototyping The Prototyping Model was developed on the assumption that it is often difficult to know all of your requirements at the beginning of a project. Typically, users know many of the objectives that they wish to address with a system, but they do not know all the nuances of the data, nor do they know the details of the system features and capabilities. The Prototyping Model allows for these conditions, and offers a development approach that yields results without first requiring all information up-front. When using the Prototyping Model, the developer builds a simplified version of the proposed system and presents it to the customer for consideration as part of the development process. The customer in turn provides feedback to the developer, who goes back to refine the system requirements to incorporate the additional information. Often, the prototype code is thrown away and entirely new programs are developed once requirements are identified. There are a few different approaches that may be followed when using the Prototyping Model: creation of the major user interfaces without any substantive coding in the background in order to give the users a feel for what the system will look like, development of an abbreviated version of the system that performs a limited subset of functions; development of a paper system (depicting proposed screens, reports, relationships etc.), or use of an existing system or system components to demonstrate some functions that will be included in the developed system. Now, we will see the various steps involved in Prototyping. Requirements Definition/Collection: It is similar to the conceptualisation phase of the Waterfall Model, but not as comprehensive. The information collected is usually limited to a subset of the complete system requirements. Design: Once the initial layer of requirements information is collected, or new information is gathered, it is rapidly integrated into a new or existing design so that it may be folded into the prototype.

44 32 Computer Applications and Management Information System Prototype Creation/Modification: The information from the design is rapidly rolled into a prototype. This may mean the creation/modification of paper information, new coding, or modifications to existing coding. Assessment: The prototype is presented to the customer for review. Comments and suggestions are collected from the customer. Prototype Refinement: Information collected from the customer is digested and the prototype is refined. The developer revises the prototype to make it more effective and efficient. System Implementation: In most cases, the system is rewritten once requirements are understood. Sometimes, the Iterative process eventually produces a working system that can be the cornerstone for the fully functional system. Problems Associated with the Prototyping Model Like other methods, prototyping is also having the following problems. Prototyping can lead to false expectations. Prototyping often creates a situation where the customer mistakenly believes that the system is finished when in fact it is not. More specifically, when using the Prototyping Model, the pre-implementation versions of a system are really nothing more than one-dimensional structures. The necessary, behind the-scenes work such as database normalization, documentation, testing, and reviews for efficiency have not been done. Thus the necessary underpinnings for the system are not in place. Prototyping can lead to poorly designed systems. Because the primary goal of Prototyping is rapid development, the design of the system can sometimes suffer because the system is built in a series of layers without a global consideration of the integration of all other components. Variation of the Prototyping Model A popular variation of the Prototyping Model is called Rapid Application Development (RAD). RAD introduces strict time limits on each development phase and relies heavily on rapid application tools which allow for quick development Exploratory Model In some situations it is very difficult, if not impossible, to identify any of the requirements for a system at the beginning of the project. Theoretical areas such as Artificial Intelligence are candidates for using the Exploratory Model, because much of the research in these areas is based on guess-work, estimation, and hypothesis. In these cases, an assumption is made as to how the system might work and then rapid iterations are used to quickly incorporate suggested changes and build a usable system. A distinguishing characteristic of the Exploratory Model is the absence of precise specifications. Validation is based on adequacy of the end result and not on its adherence to pre-conceived requirements. The Exploratory Model is extremely simple in its construction; it is composed of the following steps: Initial Specification Development: Using whatever information is immediately available, a brief System Specification is created to provide a rudimentary starting point. System Construction/Modification: A system is created and/or modified according to whatever information is available.

45 System Test: The system is tested to see what it does, what can be learned from it, and how it may be improved. System Implementation: After many iterations of the previous two steps produce satisfactory results, the system is dubbed as finished and implemented. 33 System Development Life Cycle Problems associated with the Exploratory Model There are numerous criticisms of the Exploratory Model: It is limited to use with very high-level languages that allow for rapid development, such as LISP. It is difficult to measure or predict its cost-effectiveness. As with the Prototyping Model, the use of the Exploratory Model often yields inefficient or crudely designed systems, since no forethought is given as to how to produce a streamlined system Spiral Model The Spiral Model was designed to include the best features from the Waterfall and Prototyping models, and introduces a new component - risk-assessment. The term spiral is used to describe the process that is followed as the development of the system takes place. Similar to the Prototyping Model, an initial version of the system is developed, and then repetitively modified based on input received from customer evaluations. Unlike the Prototyping Model, however, the development of each version of the system is carefully designed using the steps involved in the Waterfall Model. With each iteration around the spiral (beginning at the center and working outward), progressively more complete versions of the system are built. Risk assessment is included as a step in the development process as a means of evaluating each version of the system to determine whether or not development should continue. If the customer decides that any identified risks are too great, the project may be halted. For example, if a substantial increase in cost or project completion time is identified during one phase of risk assessment, the customer or the developer may decide that it does not make sense to continue with the project, since the increased cost or lengthened timeframe may make continuation of the project impractical or unfeasible. The Spiral Model is made up of the following steps: Project Objectives: Objectives are similar to the system conception phase of the Waterfall Model. Objectives are determined, possible obstacles are identified and alternative approaches are weighed. Risk Assessment: Possible alternatives are examined by the developer, and associated risks/problems are identified. Resolutions of the risks are evaluated and weighed in the consideration of project continuation. Sometimes prototyping is used to clarify needs. Engineering & Production: Detailed requirements are determined and the software piece is developed. Planning and Management: The customer is given an opportunity to analyse the results of the version created in the Engineering step and to offer feedback to the developer.

46 34 Computer Applications and Management Information System Problems Associated with the Spiral Model Due to the relative newness of the Spiral Model, it is difficult to assess its strengths and weaknesses. However, the risk assessment component of the Spiral Model provides both developers and customers with a measuring tool that earlier Process Models do not have. The measurement of risk is a feature that occurs everyday in real-life situations, but (unfortunately) not as often in the system development industry. The practical nature of this tool helps to make the Spiral Model a more realistic Process Model than some of its predecessors Reuse Model The basic premise behind the Reuse Model is that systems should be built using existing components, as opposed to custom-building new components. The Reuse Model is clearly suited to Object-Oriented computing environments, which have become one of the premiere technologies in today s system development industry. Within the Reuse Model, libraries of software modules are maintained that can be copied for use in any system. These components are of two types: procedural modules and database modules. When building a new system, the developer will borrow a copy of a module from the system library and then plug it into a function or procedure. If the needed module is not available, the developer will build it, and store a copy in the system library for future usage. If the modules are well engineered, the developer with minimal changes can implement them. The Reuse Model consists of the following steps: Definition of Requirements: Initial system requirements are collected. These requirements are usually a subset of complete system requirements. Definition of Objects: The objects, which can support the necessary system components, are identified. Collection of Objects: The system libraries are scanned to determine whether or not the needed objects are available. Copies of the needed objects are downloaded from the system. Creation of Customized Objects: Objects that have been identified as needed, but that are not available in the library are created. Prototype Assembly: A prototype version of the system is created and/or modified using the necessary objects. Prototype Evaluation: The prototype is evaluated to determine if it adequately addresses customer needs and requirements. Requirements Refinement: Requirements are further refined as a more detailed version of the prototype is created. Objects Refinement: Objects are refined to reflect the changes in the requirements. Problems Associated with the Reuse Model A general criticism of the Reuse Model is that it is limited for use in object-oriented development environments. Although this environment is rapidly growing in popularity, it is currently used in only a minority of system development applications. After seeing the various approaches and alternatives of System Development, now we can discuss how to combine two are more models in Developing a System. This will help us to overcome the problems associated with individual models.

47 2.8.8 Creating and Combining Models In many cases, parts and procedures from various Process Models are integrated to support system development. This occurs because most models were designed to provide a framework for achieving success only under a certain set of circumstances. When the circumstances change beyond the limits of the model, the results from using it are no longer predictable. When this situation occurs it is sometimes necessary to alter the existing model to accommodate the change in circumstances, or adopt or combine different models to accommodate the new circumstances. The selection of an appropriate Process Model hinges primarily on two factors: organisational environment and the nature of the application. Frank Land, from the London School of Economics, suggests that suitable approaches to system analysis, design, development, and implementation be based on the relationship between the information system and its organisational environment. There are four categories of relationships are as: Unchanging Environment: Information requirements are unchanging for the lifetime of the system (e.g. those depending on scientific algorithms). Requirements can be stated unambiguously and comprehensively. A high degree of accuracy is essential. In this environment, formal methods (such as the Waterfall or Spiral Models) would provide the completeness and precision required by the system. Turbulent Environment: The organisation is undergoing constant change and system requirements are always changing. A system developed on the basis of the conventional Waterfall Model would be, in part; already obsolete by the time it is implemented. Many business systems fall into this category. Successful methods would include those, which incorporate rapid development, some throwaway code (such as in Prototyping), the maximum use of reusable code, and a highly modular design. Uncertain Environment: The requirements of the system are unknown or uncertain. It is not possible to define requirements accurately ahead of time because the situation is new or the system being employed is highly innovative. Here, the development methods must emphasize learning. Experimental Process Models, which take advantage of prototyping and rapid development, are most appropriate. Adaptive Environment: The environment may change in reaction to the system being developed, thus initiating a changed set of requirements. Teaching systems and expert systems fall into this category. For these systems, adaptation is key, and the methodology must allow for a straightforward introduction of new rules. So far, we have discussed about the various models and approaches in System Development. Most of the models are developed around the basic activities in System Development what we have seen earlier. Now, for clear and complete understanding we will see them in detail. 35 System Development Life Cycle Problem Detection, Initial Investigation, Feasibility Study The system development cycle is driven by the realization that there are deficiencies in the system and these problems need to be addressed. A problem is a gap (variance) between expectation and reality; variance is large enough that it falls outside defined tolerance limits, and therefore is worth the effort/resources/cost needed to be expended to fix it. There are two major problems for which we could do system development. Maintenance: on an existing system Development: building a new or replacement system

48 36 Computer Applications and Management Information System If the development cycle is driven by the detection of problems, how do we detect them? When we observe: Lack of relevancy Lack of completeness Lack of correctness (accuracy) Lack of security Lack of timeliness Lack of economy Lack of efficiency Lack of reliability Lack of usability Throughput: number of error-free transactions per unit of time. How do we observe these things? Users may tell us (complaints) Take surveys (e.g., questionnaires) Managers may tell us (complaints) Audits by outsiders We can ask (scouting) Lower sales, loss of revenue Continuous measurement of variances (TQM approach) The purpose of the Initial Investigation is to make a recommendation: Take no action. (not a valid problem) Provide training/instruction/information to the end user to resolve the problem. Defer action to later. (adding an enhancement rather than fixing a deficiency) Do Maintenance to correct minor problem. Consider major modification or system replacement. As a systems analyst, you must be able to handle project initiation, determine project feasibility and project scheduling, and manage activities and systems analysis team members. Feasibility Study There are few questions which we can answer through feasibility study Is the proposed project worth doing? Is it possible to do? For answering these questions Feasibility Study has to be done in the following kinds. Economic feasibility (cost-benefit analysis) (tangible economic benefit) Technical feasibility Operational/social feasibility

49 A feasibility study assesses the economic, technical, and operational merits of the proposed project. A project is economically feasible if costs do not overshadow benefits. A project is technically feasible if the technology is available and capable of meeting users' requests. A project is operationally feasible if the proposed system will operate and be used once it is installed. Important criteria for project selection are: that the requested project be backed by management that it be timed appropriately for commitment of resources (adequate time frame) that it moves the business toward attainment of its goals that it is practicable (adequate resources on the part of the analyst and the organisation) that it is important enough to be considered over other projects (worthiness of the project) What are the objectives of the proposed project? Acceptable objectives include: Reduce errors/improve accuracy Reduce costs Integrate subsystems: reduce complexity, streamline processes, combine processes Shorten time requirements (speed up processes) Reduce redundancy in storage, output Improve customer service Automate manual processes in support of the above Unacceptable objectives include: Ego-related (personal or organisational ego) To gain power To gain respect, admiration "Because it's Cool!" Automation for automation's sake alone 37 System Development Life Cycle Information Gathering After done the feasibility study, we can realize whether the project or proposed system is feasible to be developed. Then, the next step is to collect information required for developing the new system. This particular activity will be done with an objective of the available data and the future requirements of the organisation to be collected. This can be done by employing the following methods: Interviews A planned, formal, scheduled meeting. (make an appointment) Used to gather information. Interactive, flexible, adaptable, flexible. Time consuming; non-standardised responses may be difficult to evaluate. The interviewer should have basic objectives. Explain objectives to subject.

50 38 Computer Applications and Management Information System Give subject time to prepare. Interview should be held in subject's own office or department. Interviewer comments should be noncommittal; neutral, non-leading questions. Avoid premature conclusions, selective perception. Be careful not to accept negative responses too readily. Beware of subjects who try too hard to please. Listen!! Questionnaires Impersonal, often mass-produced. Response rate may be low (discarded and not returned). Suitable when number of respondents is large. Cheaper, faster than interviewing when number of respondents is large. Useful when the same information is required from all respondents. Produces specific, limited accounts of information. If the population is very large, it can be sampled. Samples must be random, not convenient. Same information can be sought in different ways through multiple questions. Redundant questions can be compared for consistency of information/responses. Standardised responses: fill-in-the-blank, multiple choice, rating scales, rankings. Open-ended responses: more difficult to tabulate Standardised responses can be tabulated rapidly and analysed using statistical distribution techniques. Observation A qualified person watches, or walks through, the actual processing associated with the system. Performance of the people being observed may be affected by the presence of the observer. Avoid taking notes: can affect the process performance if workers notice notes are being taken. Information gathered relates directly to observed performance: facts, not opinion. Reviewing Existing Documentation Often there is little to tell you what is happening within the current information system. Keeping documentation up to date is not always a high organisational priority. Documentation may be out of date. Many organisations have undocumented/informal procedures. (Formal organisation chart vs. what is really happening)

51 The Work Environment Physical arrangement of work areas will provide additional details associated with work flows and job performance. Information gathered should describe the physical movement of documents, forms, people, or transmitted data within offices where work is done. One method is to depict the floor plan of the office and trace the work flow onto it. New systems may disrupt existing work flows. Human factors: personal relationships may have developed around existing work flows. 39 System Development Life Cycle Direct and Indirect Probes Direct probe (e.g., questionnaires, interviews, in-person observation) Indirect probe (review existing documentation; taking random samples) Why indirect probes? Measurement itself can affect what is being measured. Direct investigation can be an interruption to the process or a distraction. Human factors: direct (overt) observation can impact on the performance of the workers System Analysis In order to prepare the systems proposal in an effective way, systems analysts must use a systematic approach to identify hardware and software needs ascertaining hardware and software needs, identifying and forecasting costs and benefits, comparing costs and benefits, and choosing the most appropriate alternative. In ascertaining hardware and software needs, systems analysts may take the following steps: Inventory computer hardware already available in the organisation. Estimate both current and projected workload for the system. Evaluate the performance of hardware and software using some predetermined criteria. Choose the vendor according to the evaluation. Acquire the hardware and software from the selected vendor. When inventorying computer hardware, systems analysts should check such items as type of equipment, status of the equipment (on order, in use, in storage, in need of repair), estimated age of equipment, projected life of equipment, physical location of equipment, department or individual responsible for equipment, and financial arrangement for equipment (owned, leased, rented). When evaluating hardware, the involved persons, including management, users, and systems analysts, should take the following criteria into consideration: time required for average transactions (including time for input and output), total volume capacity of the system, idle time of the central processing unit, and size of memory provided. When evaluating hardware vendors, the selection committee needs to consider hardware support, software support, installation and training support, maintenance support, and the performance of the hardware. When evaluating software packages, the selection committee needs to take the following factors into consideration as well as total dollar amount to purchase them.

52 40 Computer Applications and Management Information System They are performance effectiveness, performance efficiency, ease of use, flexibility, quality of documentation, and manufacturer support. Systems analysts should take tangible costs, intangible costs, tangible benefits, and intangible benefits into consideration to identify costs and benefits of a prospective system. To select the best alternative, systems analysts should compare costs and benefits of the prospective alternatives. Through the use of effectively organising the content, writing in a professional style, and orally presenting the proposal in an informative way, the analyst can create a successful systems proposal. After analysing all these aspects, now being a system analyst or a MIS manager, you have to develop a System Proposal which comprises of the following: Cover letter Title page of project Table of contents Executive summary (including recommendation) Outline of systems study with appropriate documentation Detailed results of the systems study Systems alternatives (3 or 4 possible solutions) Systems analysts recommendations Summary Appendices (assorted documentation, summary of phases, correspondence, etc.) When writing a systems proposal, systems analysts should use examples, illustrations, diagrams, tables, figures, and graphs to support main points of the proposal. 2.9 PROBLEMS WITH THE SYSTEM DEVELOPMENT LIFE CYCLE APPROACH A number of problems can be associated with the system development life cycle approach. All of them are related directly or indirectly to the partial usage of the potential of systems analysts and programmers. Due to the magnitude of these problems, the traditional SDLC approach has been censured. Bottom-up Implementation Underlying the SDLC approach, is a tendency by many systems project managers to implement the new systems from the bottom up. Then use of bottom up implementation is one of the major weaknesses of this approach. The project manager is expected to carry out module testing (lowest level) first, then sub-system testing (next level) and finally, system testing (highest level). Although bottom-up implementation is ideal for assembling automobiles on an assembly line (once the prototype model has been thoroughly tested) it is not considered a good approach for setting new systems in place. Unfortunately, systems analysts are in the business of producing one-of-a-kind systems, for which, the bottom-up approach has a number of shortcomings. Frey the Specifications Another major problem with the traditional SDLC approach is its insistence that the phases proceed sequentially from one to the next. There is natural human tendency to do this. The project manager wants to be able to say that the analysis phase is over.

53 Many organisations formalize this with a ritual known as freezing the specifications, or freezing the design document. This, however, is unrealistic. The systems analysts doing the work may have made one or more mistakes and thereby have produced a defective output. A complex job is rarely right at the very first attempt. 41 System Development Life Cycle High Maintenance Costs The inefficiency and unreliability of the traditional SDLC approach are often dramatically apparent; during the maintenance phase. Typically, at least 50 percent of the total cost of computer programs is consumed in their maintenance. Maintenance is an inexact process, that frequently involves major alterations in the system. This high cost of maintenance is a direct result of the properties of the conventional SDLC approach. Lack of Structured Techniques The traditional approach to systems analysis and design tends to neglect the use of structured techniques. Unfortunately, many systems analysts, programmers and project managers feel that the traditional approach is the top by management. Simply because the management said nothing about the use of structured techniques, they are not obliged to use them in their planning or day to day activities. Failure to Meet User Needs The SDLC approach tends to be unresponsive to the user s needs because of the lack of user s involvement throughout the project as well as due to the length of time required to produce a usable system. It is labor-intensive, thus providing numerous opportunities for human errors. Due to the inefficiencies of the traditional approach, a large backlog of systems still waiting to be developed piles up. Users often perceive their systems departments as obstacles to progress. The end result is a growing dissatisfaction with the traditional SDLC approach. In short, this approach is not deemed to be user friendly BUSINESS SYSTEMS CONCEPT In economics, a business is a legally-recognized organisational entity existing within an economically free country designed to sell goods and/or services to consumers, usually in an effort to generate profit. Most businesses must accomplish similar functions regardless of size, legal structure or industry. These functions are often organised into departments. Common departments include (but are not limited to): Accounting: Typically responsible for financial reporting, financial controls and the raising of the capital necessary to run the business. Human Resources: Typically responsible for hiring, firing, payroll, benefits, etc. Marketing and sales: Responsible for selling the business' goods or services to the customer and for managing the relationships with the customer. Marketing: Typically responsible for promoting interest in, and generating demand for, the business' products or services, and positioning them within the market. Sales: Finding likely purchasers and obtaining their agreement (known as a contract) to buy the business' products or services. Operations: Makes the product or delivers the service.

54 42 Computer Applications and Management Information System Production: Produces the raw materials into the delivered goods, if they require processing. Customer service: Supports customers who need help with the goods or services. Procurement: Responsible for acquiring the goods and services necessary for the business. Strategic sourcing: Determines the business' needs and plans for acquiring the necessary raw materials and services for the business. Purchasing: Processes the purchase orders and related transactions. Research and Development: Tests to create new products and to determine their viability (e.g. pilot plants). Information Technology: Manages the business' computer and data assets. Communications/Public Relations: Responsible for communicating to the outside world. Administration: Provides administrative support to the other departments (such as typing, filing, etc.). Internal Audit: An independent control function typically accountable to the Board of Directors for reporting on the proper functioning of the other departments. Management: Management is sometimes listed as a "department" but typically refers to the top level of leadership within the business regardless of their functional role STRENGTHS AND WEAKNESSES OF SDLC The primary purpose of the SDLC method of designing systems is to provide guidance and control over the development process. As summarized in the following table, there are strengths and weaknesses to this methodology. SDLC management control is vital for large projects to ensure that the individual teams work together. There are also financial controls to keep track of the project expenses. The SDLC steps are often spelled out in great detail. The formality makes it easier to train employees and to evaluate the progress of the development. It also ensures that steps are not skipped, such as user approval, documentation, and testing. For large, complex projects, this degree of control is necessary to ensure the project can be completed. Another advantage of SDLC is that by adhering to standards while building the system, programmers will find the system easier to modify and maintain later. The internal consistency and documentation make it easier to modify. With 80 percent of MIS resources spent on maintenance, this advantage can be critical. In some cases the formality of SDLC causes problems. Most important, it increases the cost of development and lengthens the development time. Remember that often less than 25 percent of the time is spent on actually writing programs. A great deal of the rest of the time is spent filling out forms and drawing diagrams. The formality of the SDLC also causes problems with projects that are hard to define. SDLC works best if the entire system can be accurately specified in the beginning. That is, users and managers need to know exactly what the system should do long before the system is created. That is not a serious problem with transaction-processing systems. However, consider the development of a complex decision support system. Initially, the users may not know how the system can help. Only through working with the system on actual problems will they spot errors and identify enhancements.

55 Although some large projects could never have been completed without SDLC, its rigidity tends to make it difficult to develop many modern applications. Additionally, experience has shown that it has not really solved the problems of projects being over budget and late. As a result of this criticism, many people are searching for alternatives. One possibility is to keep the basic SDLC in place and use technology to make it more efficient. Other suggestions have been to replace the entire process with a more efficient development process, such as prototyping. Consider the assistance of technology first. 43 System Development Life Cycle Strength Control Monitor large projects Detailed steps Evaluate costs and completion targets documentation Well-defined user input Ease of maintenance Development and design standards tolerates changes in MIS staffing Weakness Increased development time Increased development costs systems must be defined up front rigidity Hard to estimate costs, project overruns user input sometimes limited Check Your Progress 2 1. Fill in the blanks: (a).. model states that the various phases of SDLC are organised in a linear order. (b).. analysis begins when the user recognizes a need for improving an information system. 2. State whether the following statements are true or false: (a) Testing is the most expensive phase of SDLC. (b) All software development activities must be done explicitly with proper planning and documentation LET US SUM UP System development revolves around a-life cycle that begins with the recognition of users needs and understanding their problems. Such a life cycle comprising various phases is called System Development Life Cycle (SDLC). System development process is divided into several phases such as Feasibility Analysis, System Analysis, System Design, System Coding, Testing, Implementation and Maintenance. The evolution of system development Process Models has reflected the changing needs of computer customers. As customers demanded faster results, more involvement in the development process, and the inclusion of measures to determine risks and effectiveness, the methods for developing systems changed. In addition, the software and hardware tools used in the industry changed (and continue to change) substantially. Faster networks and hardware supported the use of smarter and faster operating systems that paved the way for new languages and databases, and applications that were far more powerful than any predecessors. Numerous changes in the system development environment simultaneously spawned the development of more practical new Process Models and the demise of older models that were no longer useful.

56 44 Computer Applications and Management Information System 2.13 GLOSSARY System Development Life Cycle: Whether a system is small or large, system development revolves around a life cycle that begins with recognition of users' needs and understanding their problems. Such a life cycle comprising various phases is called System Development Life Cycle. Feasibility Analysis: The preliminary investigations to determine whether the system requested is feasible to develop or not. Software Requirement Specification Document: In requirements specifications, the analyst specifies all the requirement on a document called Software Requirement Specification Document. System Testing: The most vital phase of SDLC in which the system as a whole is tested with different techniques to ensure that the system is bug free. Implementation: The most crucial phase of SDLC. During Implementation process the manual or old computerised system is converted to newly developed computerised system. Modular Design: This approach results in the development of a system and application within it, in an orderly and planned fashion. Structured Programming: Techniques used by programming to improve the logical flow of a program by decomposing, the computer code into modules, which are sections of code, or subsets of the entire program. Check Your Progress: Answers CYP 1 1. systems analyst 2. Project selection 3. Feasibility analysis 4. SRS CYP 2 1. (a) Waterfall (b) System 2. (a) False (b) True 2.14 SUGGESTED READINGS Pankaj Sharma, Enterprise Resource Planning, APH Publishing Corporation, New Delhi, Hanson, J.J., Successful ERP Implementations Go Far beyond Software, San Diego Business Journal (5 July 2004). Olinger, Charles, The Issues behind ERP Acceptance and Implementation, APICS: The Performance Advantage

57 Millman, Gregory J., What Did You Get from ERP and What Can You Get?, Financial Executive (May 2004). Ellen Monk, Bret Wagner, Concepts in Enterprise Resource Planning, Course Technology, Second Edition, 2005 Daniel E. O Leary, ERP Systems: Systems, Life Cycle, E-commerce, and Risk, Cambridge University Press, Murrell G. Shields, E-Business and ERP: Rapid Implementation and Project Planning, Wiley, Alexis Leon ERP Demystified 2/E, Tata McGraw-Hill, New Delhi Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, System Development Life Cycle 2.15 QUESTIONS 1. What is system development life cycle? How does it related to systems analysis? 2. Describe the importance of various phases of SDLC in brief. 3. What are the problems associated with SDLC? 4. Briefly describe the design and testing phase of SDLC. 5. Explain the various stages of the System Development. 6. Write an essay about the various approaches in System Development.

58 46 Computer Applications and Management Information System LESSON 3 MODERN INFORMATION SYSTEM STRUCTURE 3.0 Objectives 3.1 Introduction 3.2 Modern Information System 3.3 Structured Methodologies Need for Structured Techniques Methodologies Available 3.4 Designing Computer based Method 3.5 Principles of System Design 3.6 Constraints on MIS Design 3.7 Design Methodologies 3.8 Procedures Control 3.9 Designing Structured Programs 3.10 Let us Sum up 3.11 Glossary 3.12 Suggested Readings 3.13 Questions 3.0 OBJECTIVES After studying this lesson, you should be able to: Describe modern information system Define structured methodologies Describe principles of system design Explain designing methodologies 3.1 INTRODUCTION The importance of Information Technology (IT) infrastructure is recognised more and more within companies and corporations. In addition to the increasing interest shown for IT infrastructure by practitioners, the academic literature abounds with research and studies related to the topic. The sooner companies realise the importance of building and leveraging IT infrastructure, the better will be the value and higher the return they can capitalize on. But what is IT infrastructure, actually? Firm-wide centrally coordinated IT infrastructure consists of technology components (such as communication technology and data) which individuals with technical and managerial

59 competence use to produce standard and shared services. These services are then provided for shared and standard, firm-wide and business-specific applications, at the service levels required, according to standards defined in the IT architecture. It is understood, of course, that the flexibility of IT infrastructure and the securing of compatibility within and between the IT infrastructures of business units, industry and the public must also be arranged. This study, however, is delimited to firm-wide IT infrastructure. 47 Modern Information System 3.2 MODERN INFORMATION SYSTEM Modern information systems, exemplified by the Internet and corporate intranets, are typically large and complex. The software applications and other components composing them are also complex. Software agents are becoming an essential part of these systems because they mitigate the complexity. They achieve this in two important ways one technical and the other psychological. Technically, each agent provides a locus of intelligence for managing a subset of the information in the system, either on its own initiative or under the direction of a user. Each intelligent agent can be readily replicated and then distributed as needed. This agent-based approach to information management is both scalable and cost-effective. Psychologically, people need abstractions by which they can understand, manage, and use complex systems effectively. A natural and convenient abstraction appears to be one based on anthropomorphizing the information system components that is, treating the components as animate. In this abstraction, software components are like human agents. The abstraction is effective, because people have a lot of experience in dealing with other people, and they can apply their experience to understanding and dealing with complex software. Animate components are an example of a more general trend in software engineering to construct software that mimics real-world objects. If the mimicry is done well, the software will appear familiar and thus easy to use. The net result is a great interest in software agents. Role of Information Technologies on the Emergence of New Organisational Forms During the last years, a consensus is emerging that to survive in the competitive turbulence that is engulfing a growing number of industries, firms will need to pinpoint innovative practices rapidly, to communicate them to their suppliers and to stimulate further innovation. In order to be competitive, companies are forced to adopt less hierarchical and more flexible structures, and to define strategies able to combine reduced costs, high quality, flexibility and a quick answer to customer requirements. Now a days, there are very few companies with enough resources to form its value chain on their own. Therefore, some changes are taking place within individual companies and in their relations with other organisations, creating new structures in which relationships between customers and suppliers are suffering considerable changes. One of these changes is concerned with the formation of networks in which there is a division of labour that allows each company to exploit their distinctive advantages, and be more competitive globally. In a network model, a set of juridically independent companies establish cooperative long term links in order to achieve a higher level of competitiveness. The enterprises that belong to a network have not all the elements needed for manufacturing a product or providing a service under their absolute control. Therefore, the success of this kind of structures is conditioned by the coordination degree obtained along the realisation of inter-organisational activities, which requires an efficient communication system

60 48 Computer Applications and Management Information System among the partners. The Information Technology (IT) represents a supportive element that facilitates the transfer of information across organisational boundaries. In this lesson we analyse the inclusion of the Inter-organisational Information Systems (IOS) concept within the network model and discuss the role IT plays in enabling organisational transformation towards emergent forms of organisation. In order to attain relatively low costs in the last two decades the enterprises followed strategies of backward-forward integration, based on the improvement of the effects of the experience curve and the scale economies. We consider that this internal growth may be inadequate to face the new situations appearing in the nineties and, no doubt, those that will appear in the next century. The individual enterprise has less capability for foreseeing the consequences of the different business decisions; however, the need for competing in a more and more complex context requires the adoption of quick decisions, which facilitate the flexibility of the enterprise. New technologies, fast changing markets and global competitiveness are revolutionizing relationships both within and between organisations. Thus, the new environment requires from the enterprises a strategy able to agglutinate reduced costs, high quality, flexibility, and a quick response to the needs of the customer. Now a days, the enterprises have to compete in a more and more turbulent scene, which obliges them to adopt less hierarchical and more flexible structures. During the last years, a major transformation in the strategy of many enterprises has been observed with a tendency to disintegration. This is accompanied by a need for increasing the quality of the products or services offered, which requires more interdependency among the different corporate units. As a consequence of it, several transformations both inside the enterprises and in the relationships between them are taking place, which establishes new structures through which the relationships among competitors, customers and suppliers are changing substantially. One of these changes is the cooperation established among different enterprises, which allows them to develop their competitive capability. Companies are forming strategic alliances because there is an increasing acknowledgement that organisations operate in a relational context of environmental connectedness and that organisational survival and performance depend upon connections with other organisations. The co-operation among enterprises allows their flexibility and their innovative capacity to be increased. Current products are based on so many critical technologies that most of the enterprises cannot keep constantly updated in all of them. Network Structure The concept of the network s form of organisation has been particularly popular with management writers for its potential to build the flexible organisation with the ability to meet the challenges of a changing and global environment. Despite both the abundant available literature and the existence of a certain consensus on some aspects, there is still too much ambiguity in the concepts used in this area. Taking into account the formation of networks, which is an interesting field of recent development with strong repercussions on the inter-organisational relationships, it is necessary to clear the existing terminological confusions in order to formulate its theory and to improve its implementation. Starting from the definition, a network is a specific kind of relationship joining a particular group of people, objects, or events. Two factors needed for constituting a network can be obtained from this definition; first, a network is formed by a group of elements; second, these elements establish specific relationships among them. We must show that the establishment of a co-operative network is not a purpose itself but it must be a dynamic structure that allows consolidating the competitive position of its members.

61 By means of a network structure, the competitive position of the enterprises can be reinforced as these concentrate on what they do best, and on what maintains their success in the market. In this way, other enterprises make the activities left, in which they have distinctive competences too. The enterprises outsource those activities that are ballast and bureaucratize them. The enterprises that belong to a network have not all the elements needed for manufacturing a product or providing a service under their absolute control. Within the networks, the involved elements belong to independent enterprises and are placed along the value system of a product or service. All this drives to an organisational structure in which the enterprises generate more value in those areas where they have specific competencies. The success of these emergent organisational forms seems to be based, on a great extent, on an effective co-ordination by means of the use of advanced information systems, which are based on the Information Technologies (IT). There is an increasing interest in the relationship between the emerging organisational ways and the function of the IT/IS insofar as the progresses in each field have influenced the others. 49 Modern Information System Information Technology on the Emergence of Networks At the moment, the most spectacular and potentially powerful uses of the information systems technology go beyond the individual borders of the enterprises. In fact, the most important function of IT in the nineties is the better management of the interdependencies among the enterprises. Information Technology has to be the most powerful instrument to reduce the co-ordination costs. While the traditional uses of IT tried to facilitate the internal processes of the enterprises, the Inter-organisational Information Systems (IOS) are addressed towards the efficiency of a group of enterprises. Most of the studies about IOS have focused on the incidence of IT on the flows of information among the organisations, its capability of reducing the transaction costs, and its potential to achieve competitive advantages. Many authors have verified that: IT influences the nature, punctuality and detail level of the information shared by enterprises IT reduces the transaction costs, while it provides a better management of the risks IT reduces the co-ordination costs. In order to benefit from the advantages of IT, the enterprises have to keep in mind that IT cannot be isolated from its organisational context. We do not agree with the existence of causation between the implementation of IT and the organisational changes in the enterprise driving to an increase in the competitiveness of the enterprises. On the contrary, the technological and organisational implementations are both sides of the same issue, since they depend on and determine each other. We think that, although IT might have the above mentioned positive effects on the organisations, the will and capabilities of the directors of the company are needed in order to make the most of those advantages. In order to make the most of the whole potential of the IOS, it will be required that the managing directors get involved with the project, since they have a wider and more strategic view of the company. In this way, a system coherent with the objectives of the company would be implemented. This system would allow taking even more profit from IT, what would have positive repercussions on the enterprise and would facilitate the achievement of its objectives. The active participation of the Management Board in the planning of the IOS brings a problem related to the fact that IT is a relatively

62 50 Computer Applications and Management Information System new resource that did not exist when most of the current managers were trained. Therefore, they usually do not feel comfortable with these new technologies. As a proof of this, we will consider an example. McKesson was a dealer company of chemical products. This company knew that its success was linked to that of its customers, which were small stores, so it established a close relationship with them. By means of an appropriate use of Information Technologies, it helped its customers to maximize their profits, since it gave them useful information for competing with the big pharmaceutical chains, which were getting a greater market share. The McKesson Corporation directors idea was so successful that many other enterprises of the sector tried to imitate it, but they made a terrible mistake. They thought that the network created by McKesson was just a computerized system with terminals connected in other enterprises. The secret of the success of this company were not the computer links; information technology did not create the network. The network s success was due to the fact that the directors of McKesson were aware of both the relationships along the added value chain and the need to strengthen as much as possible every link within the chain, so cooperative behaviors could be established in order to provide the share of information and the quick response to the changes of the demand. Another example, widely mentioned in the literature on Information Systems, is the one of the American Hospital Supply Company whose success has shown up the need to consider the network established not only as a mere system of electronic data exchange, but also as a better implementation of the technology found within a context of changes in the commercial relationships between the enterprise and its main customers. They state that the implementation of this kind of technologies per se does not bring any competitive advantages; on the contrary, they must be accompanied by some particular elements, generally intangible, which facilitate the operation of the organisation by means of a better distribution of the information and the experience. They also reflect a collaborative attitude among the enterprises. A positive consequence of the revolution of communication and Information Technologies is that there are more available options for designing the labour now, because the technology can be used to increase the capacities of the workforce, and the information can be transferred to those places were the labour is carried out. Workers do not need to be located according to parameters of time and space to co-ordinate any more. We consider that technology, although it is not the ground for the emergence of a new and innovative way of organising the enterprises, plays an important role in its operation. Technology allows doing things in a different way, which provides the directors some organisational possibilities that would be unthinkable without its implementation. Thus, using a mathematical expression, we can state that Information Technologies are necessary but they are not enough to achieve greater business competitiveness. Role of IOS within the Network Structure The enterprises involved in an alliance must decide whether to use the manual management of all the exchanged data, or to complement that management with the interconnection of their respective computer applications. This interconnection may bring, however, compatibility problems in the integration of the data from the different enterprises, since those applications would have possibly been designed without taking into account any requirement of integration among enterprises. The establishment of co-operation networks implies the need for wider communication in

63 the organisational field, as well as the requirement of capability to integrate the information systems from different enterprises. The enterprises inside a network cannot operate properly if they have not the possibility to communicate quickly, accurately, and over long distances. Within a network, it does not make any sense to restrict the application of modern computer technologies to the individual borders of each enterprise. The Management Board of the enterprises in the network must, on the contrary, consider the possibilities of coordinating the processing of data outside the limits of their own organisations by means of an IOS. The application of the IT which provides the electronic integration among the shareholders of an industry may make easier the outsourcing of activities, as well as be a basic part of the proper operation of the reticular structures. An IOS may play an important role in the coordination of interdependent activities, which would be carried out by distant organisational units. Thus, the enterprises can reduce their dependency on strategies of backward-forward integration in order to ensure the control over the production process. The concept of network emphasizes the interdependency among enterprises, which is provoked by the presence and the sharing of the following key attributes: objectives, experience, labour, taking of decisions, responsibility, trust, and acknowledgement or reward. The enterprises within a network will adopt a common objective, namely to provide a quicker and better service to the final customer. With this aim in view, independent organisations will have to establish close interrelationships, in which Information Technologies have a vital role to play. In this way, the aim of optimising the flow of profits along the supply chain could be achieved too. IOSs are, basically, new means to facilitate the relationships among organisations; they are, therefore, a strategic instrument. However, an IOS allows to obtain operative advantages too, such as: Reducing paper-work and manual operations; Reducing the stock levels; Accelerating the product and material flow; Standardizing of procedures; Accelerating the flow of information about changes on the demand; Reducing telecommunication costs. 51 Modern Information System The IT is a basic support that facilitates the co-ordination of different enterprises through EDI systems, shared databases, , videoconferences, which will allow them to work together. They will be able to share information on the markets, on the needs for materials, on stock levels, production schedules, and delivery programs. A key factor in an efficient exchange of information within a network is the computer connection of its members. The computer links accelerate the transference of information, since it provides the automatic transmission of data between physically distant computers. These links can be used as a strategic instrument to increase the competitiveness of the enterprise, binding it electronically with its customers and suppliers through inter-organisational systems. The electronic connection facilitates the approaching of the linked enterprises, which means that the companies may provide the customers direct access to the internal databases, as well as just-in-time stock control.

64 52 Computer Applications and Management Information System Check Your Progress 1 Fill in the blanks: 1. The. represents a supportive element that facilitates the transfer of information across organisational boundaries. 2.. are addressed towards the efficiency of a group of enterprises. 3.3 STRUCTURED METHODOLOGIES Structured analysis is a development method for analysis of an existing system. It is a set of techniques that allow the analyst to design the proposed system. The main purpose of structured analysis is to completely understand the current system Need for Structured Techniques Because of the many problems of the traditional system development life cycle approach, several new structured approaches have appeared whose purpose is to provide a more disciplined and productive development environment. These include structured analysis and design methodologies along with structured programming. Currently, these have been widely accepted by the data processing industry as a part of an attempt to improve the reliability and productivity of design and programming processes. Project managers of structured methodologies find a discipline inherent in them that provide the key to improving the productivity of their systems analysts and programmers Methodologies Available The structured methodology of systems analysis, design and implementation focuses on building a logical model of the system in order to give systems analysts, programmers, and users a common picture of the system and its interrelationships. It includes partitioning a large system into manageable smaller ones and organising the details into an understandable structure by utilising a top-down approach, i.e., employing functional or hierarchical decomposition. In addition, structured methodology includes developing and maintaining the system specifications, especially for the outputs and the as usable working requirements that are complete and only minimally redundant. In essence, the structured methodology to be employed in systems analysis and design as well as implementation throughout this text would be a combination of the data flow, output-oriented and top-down methodologies. The best features of each would be used for the structured system development cycle approach presented. Modular System Concept An integral part of this structured methodology is the modular system concept. Under this framework, separate but detailed management information system modules are identified. For example, the finance (cash management, capital budgeting, and sources of funds), can be further divided into minor and basic modules. Thus, using this approach, the system can be subdivided into its component parts, from the highest to the lowest level. Modular Design Not only can the modular (or building block) approach be used for analysing the present information system but also it can be employed for designing a new system. This approach results in the development of a system and applications within it, in an

65 orderly and planned fashion. The focus in this text is on incorporating the modular approach within the structured system development cycle. 53 Modern Information System Modular Programs Another important use of the modular system concept is its application to computer programs i.e., structured programs. Structured programming puts programs block by block, so as to be able to change individual program modules without the need for reconstructing the entire computer program. Also, this modular approach or building block approach allows programming personnel to test each sub-section (containing several modules) in isolation of the final program. To make use of this concept effectively, computer applications must specify all the interacting functions among modules; otherwise, many program modules would be developed and available, but not used. Hence, a key feature of this approach is the integration of the modules as they are developed. Once program modules have been so written, the task of making major changes to programs would be minimised by structured programmings because only the individual programs modules can be tested before inserting them in the required program. In sum, the modular system concept is an important part of structured methodology for effective systems analysis, design, and programming. It breaks down a system and its computer programs into their logical parts of that modules could be logically grouped for implementation and case of alteration. 3.4 DESIGNING COMPUTER BASED METHOD The major objective of system design is to develop the best possible design as per the requirements and working environment for operating the system. The best possible design should have the following properties: Correctness: The design should be correct as per the requirements. Completeness: The design should have all the components like data structures, modules, external interfaces, etc. Efficiency: Expensive and scarce resources should be used efficiently by the system. Consistency: There should not be any inconsistency in the design. Maintainability: The design should be so simple that it is easily maintainable by other designers. 3.5 PRINCIPLES OF SYSTEM DESIGN System design for large applications like MIS is a complex task. The design is based on the following basic principles: Problem Partitioning: While designing a system for complex problems, the problem is broken down into small manageable pieces (modules) that could be solved separately. Some of the modules may depend upon each other, but it is expected that most modules must be independent of each other, so that they can be easily maintained. This principle of design is known as problem partitioning. Abstraction: Abstraction is a concept related to problem partitioning. While partitioning the problem, the designer focuses on one module at a time, without knowing the internal details of other modules. This principle of design that defines the overall external behaviour of the system or component without knowing the internal details of that system or component is called abstraction.

66 54 Computer Applications and Management Information System Abstraction may either be function-based or data-based. In functional abstraction, a component is specified by the function it performs; while in data abstraction, a component is specified by the data that system uses. Structured design methodology is based on functional abstraction, while object-oriented design methodology is based on data abstraction. We will discuss these methodologies in subsequent sections. Top-down Design: A system is a hierarchy of components (modules) with highest level component corresponding to the complete system. A design, that starts from the highest level component of the hierarchy and decomposes it into lower levels, is known as top-down design. In top-down design approach, the lower levels are decomposed further and further until the desired level is achieved. Bottom-up Design: A design that starts from the lowest level component of hierarchy and proceeds to higher level component is known as bottom-up design. The bottom-up design approach is basically based on the principle of abstraction. Modular: A modular system consists of discrete components and each component must support abstraction. A system is considered modular on the following criteria: Coupling: Coupling is the strength of interconnections between modules. A module is said to be highly coupled, when it is strongly dependent on other modules. It means that in order to modify such modules, one must understand the interdependent modules. A module is said to be loosely coupled, when it is weekly dependent on other modules. It means that changes to one module will have a minimal effect on other modules. It is obvious from the above discussion, that all the modules must be loosely coupled for a good design, so that they can be modified separately. Cohesion: Cohesion is the strength of different elements within a module. A module is said to be highly cohesive, when the different elements of a module are tightly bounded within the module. A module is said to be loosely cohesive, when the elements are weekly bounded within the module. A good design should have highly cohesive modules. 3.6 CONSTRAINTS ON MIS DESIGN We have discussed that the major objective of a system design is to develop the best possible design as per the requirements of users. However, the user or manager also put certain limitations or restrictions in designing the system. These constraints limit the freedom of a designer in achieving the objective. But, the designer must consider these constraints in order to design a realistic system. Design constraints can be internal or external to an organisation. Internal Constraints: The constraints that are due to the internal environment of the organisation are known as internal constraints. The major internal constraints on MIS design are listed below: Support of top management in designing the system; Structure of the organisation and positions of managers; Company policies; Availability of persons skilled in systems and computers; Availability of budget; Limitation of development time; Hardware and software standards that must be followed.

67 External Constraints: The constraints that are due to the external environment of the organisation are known as external constraints. The major external constraints on MIS design are listed below: Needs and satisfaction of the customers; Government policies; Restrictions imposed by unions. 55 Modern Information System 3.7 DESIGN METHODOLOGIES The scope of the systems design is guided by the framework for the new system developed during analysis. More clearly defined logical methods for developing system that meets user requirements has led to new techniques and methodologies that fundamentally attempt to do the following: Improve productivity of analysts and programmers Improve documentation and subsequent maintenance and enhancements Cut down drastically on cost overruns and delays Improve communication among the user, analyst, designer, and programmer Standardize the approach of analysis and design Simplify design by segmentation. 3.8 PROCEDURES CONTROL These controls specify how an organisations computer and network resources should be operated for maximum security. They help to ensure the accuracy and integrity of computer and network operations and systems development activities. These would include the standard procedures and documentation standards for the operations of IS. Request for system development and program changes need to be subjected to a review process before being authorised for execution. Conversion to move hardware, software, network components and installation of newly developed information systems should also be subjected to a formal change management mechanism. This minimises the negative effects on the accuracy and integrity of ongoing systems and helps in scheduling the installation. Natural and man-made disasters do happen. It is therefore necessary for organisations to develop disasters recovery procedures and formalise them in disasters recovery plan. In to-days environment IS support the whole organisations and the business activities are totally dependent on IT. In such a case, it is necessary to draw up a Business Continuity Plan (BCP) to ensure that there is continuity in business when a disaster happens. 3.9 DESIGNING STRUCTURED PROGRAMS A well-designed structured program consists of a set of independent, single function modules linked by a control structure that resembles a military chain of command or an organisation chart (Figure 3.1). Each module is represented by a rectangle. At the top of the control structure is a single module called the root (or the main control module). All control flows from the root which calls (or invokes) its level-2 child (or son) modules. The level-2 modules, in turn, call their level-3 children, and so on. The calling module (sometimes called the parent) passes data and/or control information to the child and receives data and/or control information back from the child; otherwise,

68 56 Computer Applications and Management Information System the modules are viewed as independent black boxes. Note that control always returns to the calling module. Figure 3.1: A Well-designed Structured Program Consists of a Set of Independent Single Function Modules Linked by a Control Structure. A module with no children (a lowest-level module) is called a leaf and often implements a single algorithm. Library modules (e.g., a standard subroutine) are indicated by a rectangle marked with two vertical lines; see the leaf labeled Library module in Figure 3.1. The modules are often assigned identifying numbers or codes that indicate their relative positions in the hierarchy. For example, the root might be designated module 1.1, the level-2 modules might be designated 2.1, 2.2, 2.3, and so on. Other designers use letters (or even Roman numerals) to designate levels; for example, module A.1 is the root, module B.3 is the third module at level 2, module C.6 is the sixth module at level 3, and so on. Sometimes, more complex numbering schemes are used to indicate a path through the hierarchy. The key is consistency. Check Your Progress 2 Fill in the blanks: 1. is a development method for analysis of an existing system. 2. A design that starts from the lowest level component of hierarchy and proceeds to higher level component is known as 3.10 LET US SUM UP IT infrastructure is described in a number of ways, but the elements for describing it remain largely the same. The foundation is formed by the technology components, which human IT infrastructure uses to provide the required IT services for business needs. There are many kinds of standards with defined related processes, which channel the development and maintenance of IT infrastructure for business purposes. IT infrastructure must be built and maintained so that it is sufficient for the internal requirements of the firm, but also to fulfill the external requirements for connection to public or industry based infrastructure. Some studies emphasize certain elements more than others. However, it can be stated that current literature holds a common understanding of what IT infrastructure actually is, even though this understanding can be presented in a variety of ways. Enterprise level software is software which provides business logic support functionality for an enterprise, typically in commercial

69 organisations, which aims to improve the enterprise's productivity and efficiency. Some enterprise software vendors using the latter definition develop highly complex products that are often overkill for smaller organisations, and the application of these can be a very frustrating task. 57 Modern Information System 3.11 GLOSSARY Computer System: System consisting of computers and peripherals required to control the computer devices and process data by executing programs. Hardware: Physical device in a computer system. CPU: Component of a computer that execute machine language instructions. RAM: Semi-conductor components of computers that temporarily store instruction and data currently being used. Input/Output Interface Hardware: Devices such as I/O ports, I/O busses, buffers, channels, and input/output control units, which assist the CPU in its input/output assignments. These devices make it possible for modern computer systems to perform input, output, and processing functions simultaneously. Check Your Progress: Answers CYP 1 1. Information Technology (IT) 2. Inter-organisational Information Systems (IOS) CYP 2 1. Structured analysis 2. bottom-up design 3.12 SUGGESTED READINGS Pankaj Sharma, Enterprise Resource Planning, APH Publishing Corporation, New Delhi, Hanson, J.J., Successful ERP Implementations Go Far beyond Software, San Diego Business Journal (5 July 2004). Olinger, Charles, The Issues behind ERP Acceptance and Implementation, APICS: The Performance Advantage Millman, Gregory J., What Did You Get from ERP and What Can You Get?, Financial Executive (May 2004). Ellen Monk, Bret Wagner, Concepts in Enterprise Resource Planning, Course Technology, Second Edition, 2005 Daniel E. O Leary, ERP Systems: Systems, Life Cycle, E-commerce, and Risk, Cambridge University Press, Murrell G. Shields, E-Business and ERP: Rapid Implementation and Project Planning, Wiley, Alexis Leon ERP Demystified 2/E, Tata McGraw-Hill, New Delhi Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, 1991.

70 58 Computer Applications and Management Information System Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, QUESTIONS 1. What are the roles of information technology in modern era? 2. Describe the needs of structured techniques. 3. Distinguish between modular design and modular programs. 4. Explain various principles of system design.

71 59 Functional Areas of Information Systems UNIT III Information System

72 60 Computer Applications and Management Information System

73 LESSON 4 FUNCTIONAL AREAS OF INFORMATION SYSTEMS 61 Functional Areas of Information Systems STRUCTURE 4.0 Objectives 4.1 Introduction 4.2 Nature of Tactical and Strategic Information Systems 4.3 Tactical Accounting and Financial Information Systems Cash Management Systems Capital Budgeting Systems Investment Management Systems 4.4 Strategic Accounting and Financial Information Systems Financial Condition Analysis Systems Long-range Forecasting Systems 4.5 Marketing Information Systems Sales Management Systems Advertising and Promotion Systems Pricing Systems Distribution Channel Systems Competitive Tracking Systems 4.6 Strategic Marketing Information Systems Sales Forecasting Systems Marketing Research Systems Product Planning and Development Systems 4.7 Tactical Production Information Systems 4.8 Strategic Production Information Systems Site Planning and Selection Systems Technology Planning and Assessment Systems Process Positioning Systems Plant Design Systems 4.9 Tactical Human Resource Information Systems 4.10 Strategic Human Resource Information Systems Workforce Planning Systems Information Systems Supporting Labour Negotiations Contd

74 62 Computer Applications and Management Information System 4.11 Let us Sum up 4.12 Glossary 4.13 Suggested Readings 4.14 Questions 4.0 OBJECTIVES After studying this lesson, you should be able to: Explain nature of tactical and strategic IS Describe strategic accounting and financial IS Describe tactical production IS Explain Strategic HRIS 4.1 INTRODUCTION As you move up the organisational ladder from supervisory positions to middle and upper management positions, you will make decisions that have an increasingly greater impact on the organisation. The decisions you may face along the way are diverse and could include decisions similar to these: Should you purchase a new piece of equipment or lease the equipment for a threeyear period? Is the idle cash of your firm being invested wisely? Should you invest money in new computer equipment or in additional merchandise for resale? What criteria will you use to create territories for your salespeople and how large of a territory should each salesperson cover? What products should be emphasized through advertising or promotion to reach the firm's sales goals? What are the best potential sites for a new retail store location? How many and what types of workers will be needed to staff a new plant in another state? This lesson examines the types of tactical and strategic decisions that you may make as you move up the ranks of middle and upper management. Specifically, we examine the application of information technology to some of the tactical and strategic information systems frequently used by middle and upper management in four organisational functions: accounting/finance, marketing, production, and human resource management. 4.2 NATURE OF TACTICAL AND STRATEGIC INFORMATION SYSTEMS Tactical information systems support management decision making by providing managers with regular summary reports, regular exception reports, ad hoc reports, and other information that helps them (1) control their areas of responsibility and (2) allocate their resources to pursue organisation goals. While the focus of

75 operational information systems is on the completion of tasks, the focus of tactical information systems is on resource allocation; that is, how do you allocate the resources available to you to reach organisational goals. In contrast, strategic-level information systems are goal oriented. That is, these systems are designed to support organisational goal and direction setting. Examples of tactical and strategic information systems in four business functions 63 Functional Areas of Information Systems Accounting/Finance Marketing Production Human Resources Tactical Systems: Budgeting Cash management Sales management Advertising and promotion Materials requirement planning Just in time Job analysis and design Recruiting Capital budgeting Pricing Capacity planning Recruiting Investment management Distribution channel Production scheduling Succession planning Competitive tacking Product design and development Manufacturing resource planning Computer integrated manufacturing Strategic Systems: Financial condition analysis Sales forecasting Site planning and selection Workforce planning Long-term forecasting Market research Technology planning and assessment Labour negotiations Product planning and development Process positioning Plant design It is difficult at times to categorise some information systems as dearly tactical or dearly strategic. For example, some marketing information systems, such as marketing research systems and competitor tracking information systems, dearly could support both tactical and strategic planning decision-making. Sometimes the decision to categorise a decision as tactical or strategic comes down to the length of time the decision is likely to impact an organisation. That is, decisions that will impact an organisation for a year or less are often viewed as tactical, while decisions that will impact an organisation for more than a year are often viewed as strategic. The computerisation of financial accounting systems changed the way managers viewed accounting information. A large database of information became available in computerised form, and it could be viewed or manipulated much more easily than data in traditional hard copy form. So managers began to view this information as a resource for tactical planning. Suddenly managers could obtain important summaries and comparisons of financial accounting data easily and swiftly. In the past this information would have taken a great deal of time to extract from a manual financial accounting system. The result was that managers began to view the financial accounting system as more than merely a transaction-processing system, a producer of checks, invoices, and statements. It became a repository of important data that assists management in tactical decision-making and long-range strategic planning.

76 64 Computer Applications and Management Information System 4.3 TACTICAL ACCOUNTING AND FINANCIAL INFORMATION SYSTEMS Budgeting Systems permits managers to track actual revenues and expenses and compare these amounts to expected revenues and expenses. It also allows managers to compare current budget amounts to those of prior fiscal periods, other divisions, and other departments-even to industry-wide data. Comparisons of budget data against such standards allow managers to assess how they use their resources to achieve their goals. For example, a manager may view the budget to find the amount of money actually spent in the purchasing department on supervisory versus clerical staff. The manager may then compare those amounts to the amounts spent by other purchasing departments in the organisation or in the industry. For example, the general ledger system of a financial accounting system may provide these reports: Current budget allocations, expenditures, and variances by budget line item. Current budget allocations compared to the previous year's allocations. Current revenues and expenditures compared to the previous year's revenues and expenditures. Current revenues and expenditures compared to the average of the other units or divisions of the organisation. Projected expenditures and variances for each budget line item for the entire year based on the expenditures incurred to date. Regularly produced tactical-level reports, such as budget variance reports, often generate managerial questions and concerns. These in turn may lead managers to query the financial accounting database for answers or solutions. Suppose, for example, that you are an accounting manager and supervise several departments, including the billing department. Suppose further that the regular budget report shows that the wages line of the billing department report is much higher than in prior years. To find out why, you might query the financial accounting database for answers. If the database stores the number of statements produced each month, the number of employees in the billing department, and the costs associated with the billing department, you might obtain various measures of the productivity of that department, such as the average number of statements produced per billing department employee and the average cost per statement. If you found poor productivity results, you might then examine the productivity of each billing supervisor compared to the average for the organisation or the productivity of each billing clerk compared to the average for the department. This information might lead you to decisions about changing supervisory personnel, providing training for specific billing clerks, acquiring new equipment to produce customer statements, or other possible remedies. Note that the system does not make the decisions for you; it provides information to help you identify and remedy problems. It is a decision-support system, not a decision system Cash Management Systems A cash flow report shows the estimated amount of cash that will be received and spent each month. The report shows which months will have excess funds that might be put to use and which months will have insufficient funds, which may require the organisation to borrow cash to meet its working capital or fixed asset acquisition needs.

77 Cash management systems are more difficult 'to sustain for smaller organisations that may not be able to afford the resources necessary to track cash balances on a day-to-day basis and invest the excess to maximise organisation s income. Recognising that difficulty, Merrill Lynch, a brokerage house, created a product in the 1970s that offered business customers an account combining the attributes of a money market account, a brokerage account, a margin credit account, and a checking account. The product, called the Cash Management Account (CMA) provided business customers with automatic deposits of cash and dividends from other accounts into a money market account. This option gave organisation high interest rates on idle cash resulting from sales of stock, receipts of dividends, or deposits made for the purchase of stock. Organisations could also use a debit card and checks to withdraw money from the money market account. The result was that a small organisation could use the service to maximize its income from idle cash sometimes available in its normal cash flow. 65 Functional Areas of Information Systems Capital Budgeting Systems A capital budget contains information about the planned acquisition or disposal of major plant assets during the current year. The manager may compare the various capital spending plans using three commonly used evaluation tools: net present value, internal rate of return, and payback period. Before the plant asset is acquired, the manager should compare and evaluate various plans for its acquisition using some financial software tool, such as an electronic spreadsheet. For example, suppose a manager is considering acquiring a large electronic printer and estimates that her firm will keep the machine for five years. The printer may be purchased or leased. Each method requires the manager to spend different amounts of money over different periods of time. The manager can improve the decision to buy or lease by evaluating the present value of the funds each method requires Investment Management Systems Investment management overseeing the organisation's investments in stocks, bonds, and other securities-is an important part of cash management. Managing investments is also an important part of managing the organisation's pension plan. Whatever their source of investment funds, most organisations invest money in securities of one kind or another. Careful management of these investments is necessary to ensure the achievement of organisation goals. 4.4 STRATEGIC ACCOUNTING AND FINANCIAL INFORMATION SYSTEMS Strategic accounting and financial information systems typically include several types of information flows: Internally generated financial condition analysis data, describing the status of the organisation. Externally generated economic, demographic, and social data describing the present and future environments for the organisation. Forecasts of the future of that organisation in those environments. Two major outcomes of financial strategic planning are the setting of financial goals and directions of the organisation. The former may include setting goals for investments and return on investments. The latter may involve deciding on new investment opportunities or on the mix of capital sources used to fund the organisation. A major source of computerised information about the current and future Status of the organisation is the organisation's own financial accounting database. A major source

78 66 Computer Applications and Management Information System of computerised information on the present and future environments in which the organisation must operate are on-line databases that contain economic, special, demographic, technological, and political information. Projecting likely scenario for the organisation using these two categories of data is the art of forecasting. Its major purpose of strategic decision making is to use long-range forecasts to reduce the risk involved in major organisational decisions Financial Condition Analysis Systems Computerised accounting systems provide the user with many reports to which conditions and analysis tools may be applied. For example, the manager may use a variety, analysis tools, on the data reported on the income statement and balance sheet. Many computerised accounting systems supp reports that automatically calculate and present the results of these tools and ratio. Along with the data and reports, these tools and ratios make up the organisation financial condition analysis system. This system provides management with variety of measures of the soundness of the organisation and makes it possible to explore ways of improving the organisations financial condition. Table 4.1: Commonly used Financial Ratios Ratio name Current ratio Working Capital Inventory turnover Debt-to-equity ratio Rate earned on stockholder s equity Earnings per share Ratio formula Current assets Current liabilities Current assets Current liabilities Cost of goods sold Average inventory Stockholder equity Total liabilities Net income Average stockholder s equity Net income Number of shares Long-range Forecasting Systems Strategic planners demand forecasts on a variety of factors that will affect organisation performance in the future. Some forecasts may involve the use of internally generated data. For example, past sales data may be used to project future sales. Other forecasts may use only external data or both internal and external data. For example, forecasting economic indicators helps planners understand the likely economic environment in which the organisation must operate in the future. Forecasting the financial health of the organisation through long-range budget estimates including a variety of possible wage negotiation settlements, actions by competitors, interest rate fluctuations, fuel cost changes, and different inflation rates provides planners with opportunities to consider actions that will help the organisation survive bad times or take advantage of a future environment. Information used in forecasting the future environment includes descriptions of the past activities of an organisation, data on the present economy and forecasts of the future economy, information on the present demographic structure of the region or country and forecasts of the future demographic structure, and descriptions of the current social structure and social mores and predictions of the future structure of society and societal mores. 4.5 MARKETING INFORMATION SYSTEMS As you learned, the marketing function is the satisfaction of the needs and wants of customers-current and potential. Marketing managers engage in many planning activities in the pursuit of the marketing function. These planning activities result in a combination of products, services, advertising, promotion, price, and product delivery

79 methods ultimately offered to the organisation's customers, which is referred to as the marketing mix. Tactical marketing information systems differ from operational marketing information systems because in addition to producing information on a regular basis, they also generate ad hoc reports, create unexpected as well as expected output, produce comparative as well as descriptive information, provide summary information as opposed to detailed data, include both internal and external data sources, and process subjective as well as objective data. A great deal of the data that tactical marketing information systems utilize is collected by operational financial information systems. Tactical marketing information systems often combine operational-level financial data with other data to support tactical decision making by marketing managers. Tactical decisions are often made by managers when they prepare and implement marketing plans through which they hope to reach top management's sales and profit. A major objective of marketing managers is to reach the sales goals set by top management. To accomplish this objective, marketing managers must make many tactical decisions, such as how sales territories should be shaped, how the sales force should be allocated within those territories, and what emphasis should be placed in the products offered and customers served. Marketing managers must decide how to reward salespeople to encourage increased sales efforts, which market segment should be emphasized to best reach sales goals, and which products and service will best appeal to each segment. They also must monitor the progress of the sales effort to determine if their decisions were correct or if they need to change the tactical plans. 67 Functional Areas of Information Systems Sales Management Systems Sales management systems enable marketing managers to assess the productivity of the sales force; the fertileness of sales territories; and the success of products by salesperson, territory, and customer type. Sales management systems keep track of salesperson call activities, sales orders, and customer activity. The systems allow the manager to identify weak territories or weak products in a territory; to compare salesperson performance by product and customer type; to compare salesperson performance against salesperson goals; to analyse salesperson calls within territories or by customer type; to identify trends in customer purchases; to identify potential shortages or excess stock in inventory; and to perform other planning, controlling, and organising tasks with ease and speed Advertising and Promotion Systems Marketing managers also need to develop advertising and promotional tactics to implement strategic sales goals set by top management. Managers must decide which advertising media and promotional devices to use to reach the selected market segments, when to use these media and devices, and what overall mix of promotional activities to deploy to achieve sales goals. Advertising and promotion systems assist managers in these tasks Pricing Systems Pricing systems provide information to managers that help them set prices for their products and services. These information systems are important because the price of a product or service affects the sales volume and profitability of the organisation. The marketing manager usually selects a price that will recover production costs and provide a profit, but the price chosen is constrained by the prices of competitors for similar products or services and for alternative products or services. To make pricing decisions, the marketing manager should know the expected demand for the product

80 68 Computer Applications and Management Information System or similar products, the desired profit margin for the organisation, the costs of producing the product or providing the service, and the prices of competing as well as substitute products. Substitute products refer to products that might be used instead of the original product, particularly when that product is viewed as too expensive by the customer. For example, a person might drive to a destination if the price of an airline ticket is viewed as too expensive Distribution Channel Systems To support the marketing manager, the marketing information system should provide distribution channel decision-support systems. These systems should provide information on the costs of using the various distribution channels, the time lags caused by the various channels, the reliability of the various channels in delivering the products and services, and the market segment situation provided by the channels. The systems should also track the demand and inventory at all levels of the distribution channels so that the manager may anticipate excess inventories and shortfalls Competitive Tracking Systems To ensure that your organisation s marketing mix will continue to satisfy customers, you must keep abreast of major competitors and their activities. In the end, market share is likely to be greatest for the organisation that provides the marketing mix most closely matching a given market segment s needs and wants. Competitive Intelligence, or knowledge of the competitor prices, products, sales, advertising, and promotions, must be gathered if the organisation is to avoid falling behind the competition in the eyes of the customers. Gathering competitive intelligence is carried out through competitive tracking systems. It should be noted that data about competitors can be used both tactically and strategically by managers. Check Your Progress 1 Fill in the blanks: 1. A report shows the estimated amount of cash that will be received and spent each month. 2. provide the user with many reports to which conditions and analysis tools may be applied. 3. provide information to managers that help them set prices for their products and services. 4.6 STRATEGIC MARKETING INFORMATION SYSTEMS To develop an overall marketing plan, an organisation may engage in a variety of tactical and strategic planning activities. The strategic activities may include segmenting the market into target groups of potential customers based on common characteristics, needs, or wants; selecting those market segments the organisation wishes to reach; planning products and services to meet those customers' needs and forecasting sales for the market segments and products. The tactical activities have already been described and include planning the marketing mix the best combination of product, price, advertising, promotion, financing, and distribution channels to reach the chosen target groups. The strategic activities revolving around sales forecasting and product planning decision making will now be discussed.

81 4.6.1 Sales Forecasting Systems Strategic sales forecasting systems usually include several varieties of forecasts: forecasts of sales for the industry as a whole, forecasts of sales for the entire organisation, forecasts of sales for each product or service, forecasts of sales for a new product or service, and forecasts for market segments. The results of these sales forecasts are often further categorized by sales territory and sales division. Regardless of type, sales forecasts are usually based on more than historical data; they are not merely projections of past trends. Sales forecasts are also based on assumptions about the activities of the competition, governmental action, shifting customer demand, economic trends, demographic trends, and a variety of other pertinent factors, including even the weather. 69 Functional Areas of Information Systems Marketing Research Systems In large organisations, research departments conduct and manage marketing research. In smaller companies, marketing research may be completed by outside consultants or by personnel who must wear several hats. Regardless of how the function is completed, the results of marketing research provide important input to both tactical and strategic decision making. These following activities are typical of a marketing research department. Conducting trend analyses of industry sales of products and services identical or similar to those offered by the organisation to identify products or services that are on the ascent or descent. Analysing population and target group characteristics, especially for trends or changes in data that could affect the organisation. Analysing and identifying consumer preferences, including testing products and services. Determining and analysing customer satisfaction with the organisation's existing products and services. Estimating market share for all of each product and service offered Product Planning and Development Systems The major objective of product planning and development systems is to make information about consumer preferences obtained from the marketing research system and from customer inquiries available for the development of new products. The primary output of planning and development activities is a set of product specifications. In a manufacturing organisation, these specifications would be given to the engineering department, which would try to design a product to meet them. Similar activities occur in service organisations for example, a survey of bank. Customers may indicate that they would like a checking account that also acts like a savings account an account in which they could place all their money, maximise the amount of cash earning interest, avoid multiple statements, and avoid the need to shift funds between savings and checking accounts. Bank personnel charged with product development may then identify specifications for such a product that meet current banking laws and regulations. These specifications may require the new account to carry the same rate of interest as a passbook savings account, earn interest on the average balance on deposit during a month, not limit the number of deposits or withdrawals during a month, maintain a minimum balance of $500, and pay interest monthly. The specifications can be tested and refined through additional consumer surveys and focus groups or through testing the product in a subset of the market, such as one branch of the bank.

82 70 Computer Applications and Management Information System 4.7 TACTICAL PRODUCTION INFORMATION SYSTEMS Production systems encompass all the activities necessary to ensure the manufacture of products or services. To perform its functions, the production system must locate production sites, plan the layout of those sites, and produce a production plan. The production system has to acquire the raw materials, parts, and subassemblies needed to produce the products or services described in the plan and to identify how many workers of each type are required. The system must then allocate or acquire workers with the appropriate skills, make certain that sufficient work space and production equipment are available, and schedule an integrated use of these resources to produce the correct quantity of goods at the correct time to meet the marketing system's forecasted needs. While production is under way, the system also must monitor the use and cost of those resources. Materials Requirements Planning Systems Inventory management can be taken a step further so that the system automatic produces purchases orders for stock that needs to be reordered. Materials Requirement Planning (MRP) software is basically a set of programs that use data from master production schedule, inventory files, and bill-of-materials systems-or list raw materials and components needed to create each product-to help manage production and inventory. MRP systems perform a great deal of calculation and record keeping. When (quantities of raw materials and parts are large, the calculations and record keeping become too time-consuming to complete manually, except at high costs. The computer, however, has made such calculations and purchase-order preparation possible for all of organisations, and in recent years, software to implement materials requires planning has become abundant. Just-in-Time Systems The just-in-time (JIT) system is not tactical information system, but a tactical approach to production. The just-in-time approach was created by the Toyota Motor Company of Japan and has generated many advantages to organisations, especially those that do repetitive production. The purpose of the approach is to eliminate waste in the use of equipment, parts, space, workers' time, and materials, including the resources devoted to inventories. The basic philosophy of JIT is that operations should occur just when they are required to maintain the production schedule. To assure a smooth flow of operations in that environment, sources of problems must be eradicated. That means that quality must be emphasized because quality problems interfere with the even flow of work. For inventory management, JIT translates into having just as much inventory on hand as is absolutely needed, which is achieved by developing efficient and effective production controls. Capacity Planning Systems In addition to ensuring that enough raw materials will be on hand for planned production, the production manager must also see to it that enough production capacity will be available to meet production goals. The purpose of capacity planning is to make certain that sufficient personnel, space, machines, and other production facilities are available at the right time to meet the organisation's planned production. Managers also utilize capacity planning to minimize excess production capacity. Capacity planning decisions are tactical production decisions and include allocating personnel and production facilities. Selecting sites for constructing plant facilities,

83 acquiring plant facilities, and planning those facilities to meet long-term production goals are usually categorised as strategic planning production decisions. Production Scheduling Systems The purpose of the production schedule is to allocate the use of specific production facilities for the production of finished goods to meet the master production schedule. To manage the scheduling process, a number of scheduling tools have been developed. Two of these tools are Gantt and PERT (Program Evaluation and Reporting Technique) charts. These tools allow managers to control projects and project completion times and also to determine the impact problems will have on project completion dates. For example, top management may ask a manager to complete a project sooner than originally planned. The manager may then consider ways to shorten the duration of the project by completing two tasks at once. However, to complete two tasks concurrently may raise production costs substantially, because two production teams and two production facilities may be needed. To solve the problem, the manager may create what-if scenarios with the project conditions using the PERT chart tool. However, Product Design and development systems completing multiple PERT charts manually requires extensive calculations and may prove frustrating to the manager. Computer-generated PERT charts let the manager simulate many scenarios with speed and ease. 71 Functional Areas of Information Systems Product Design and Development Systems Many tactical decisions must be made to design and develop a product, especially a new product. The design engineering team usually depends on product specification information derived from customer surveys, target population analysis, or other marketing research systems. The primary objective of the design engineering team is to develop a product that meets perceived needs of customer. However, the team's tactical task is to achieve that objective with the least demand on company resources. Designing products to contain or reduce costs often results in ingenious uses of raw materials, labour and machinery. Through careful design, an engineering team can often design a product that can be produced at lower costs than competitors can produce it. Careful design may also lead to a simpler product, which leads in turn to fewer maintenance problems, better customer acceptance, fewer product returns, and increased product repeat sales. Through the use of product design and development systems, the engineering team may provide the company with important competitive advantages. Manufacturing Resource Planning Systems More recently, software that provides for Manufacturing Resource Planning (MRP-II) has become available. MRP-II software extends the production information system to finance, marketing, human resource management, and other organisational functions. A fully developed MRP-II system includes modules that provide material requirements planning, shop-floor control, inventory management, and capacity planning. The system also accesses cost accounting data through integration with the financial accounting system. MRP-II systems usually accept data from a wide range of shop-floor data collection equipment, including voice recognition equipment, factory robots, production-line sensors, process control systems, bar code readers, and CAD workstations. Computer-integrated Manufacturing Systems Many production professionals envision a day when factory and product planning control, design, and operation will be totally integrated and almost totally

84 72 Computer Applications and Management Information System computerised. Some software and hardware firms that provide MSP, MRP, MRP-II, CAD, CAM, CAI CAT, CAPP, CA, robotics, and related information systems are joining forces through mergers, acquisitions, and joint projects to integrate current production hardware an software products into systems that provide Computer- Integrated Manufacturing (CIM), A growing number of manufacturers are utilising CIM or at least a great major component of CIM-to run their factories. Implementing CIM can lead to considerable cost savings, improvement in quality, and more flexible responses to customer. 4.8 STRATEGIC PRODUCTION INFORMATION SYSTEMS Strategic production information systems provide support for top-management-leve1 production decisions such as: Selecting a plant site. Constructing a plant addition. Building a new plant. Designing and laying out a production facility. Choosing the technologies that will be used in the production processes. Choosing responsibility for production processes-deciding basic policies on vertical integration and outsourcing. Decisions of this magnitude require the commitment of a large amount of capital and other resources over a long period of time and thus are strategic in nature. Clearly, such decisions must not be made lightly Site Planning and Selection Systems Site planning systems usually rely on a variety of internal and external sources. Some of the external information needed is relatively objective and quantitative, such as the availability and cost of trained or experienced labour and the degree to which it is unionized, the availability and cost of transportation for raw materials and finished goods, the availability of suitable sites, the cost of land, the proximity of raw materials suppliers and finished goods customers, the availability and costs of power, and the rate of property and income taxation Technology Planning and Assessment Systems Having access to information on new; production technologies allows top management to make better and more informed decisions about which production technologies to use for a product or service. Technology assessment systems, which identify new technologies and assess them for their strategic advantage, can help top management in many areas, not merely production. Like site planning, technology information systems may include CD-ROM databases, traditional library resources, Internet sites, and on-line databases maintained by government agencies, industry groups, private research groups, and consulting organisations. They may also include technology assessment groups within the production or engineering arms of the organisation Process Positioning Systems An important part of any organisation's strategic production plan is the span of production processes it decides to perform for any given product or product line. Decisions of this nature are called process positioning, or vertical integration. An organisation might purchase raw materials, fabricate parts, assemble; parts into

85 subassemblies, and then assemble and test the complete product. It may, on the other hand, decide to purchase already constructed subassemblies and parts from others and limit its internal span of production processes to assembling and testing the plant Design Systems completed product. Outsourcing subassemblies, for example, to production facilities in third world countries, may allow the organisation to gain a competitive advantage by being a low-cost leader for its products. 73 Functional Areas of Information Systems Plant Design Systems Designing and laying out a manufacturing plant requires large amounts of diverse information about the proposed plant, including engineering data on the proposed site, proposed production technologies, the number and duties of plant personnel, the expected schedule for the use of the facility, the area transportation system, choices of water and power systems and their costs, the cost and availability of construction materials, the plans for shop-floor information systems, and the need for physical security. Much of this information is available to the plant design system from the site planning, technology assessment, and process positioning decision processes. 4.9 TACTICAL HUMAN RESOURCE INFORMATION SYSTEMS To assist managers in managing human resources, a number of information systems, called Human Resource Information Systems (HRIS), have been developed. Human resource information systems contain personal information about the employees of an organisation, and securing this information against unwanted or unwarranted access, use, or distribution is terribly important to the individuals involved. Unwarranted access, use, or distribution is also likely to be illegal under current legislation and can subject the organisation to serious legal liability. Security issues surrounding databases, such as the human resource information database and the computer systems that house these databases, are discussed in greater detail. Human resource information systems include a number of tactical and strategic information systems. Tactical HRIS include job analysis and design, recruitment, training and development, and employee compensation. Strategic HRIS include information systems that support workforce planning and labour negotiation. Job Analysis and Design Systems Job analysis and design includes describing the jobs needed in an organisation and the qualities of the workers needed to fill those jobs. These tasks involve the development of job descriptions for every type of position in an organisation. Each job description specifies the purposes, tasks, duties, and responsibilities of each job and the conditions and performance standards under which those duties and responsibilities must be carried out. Job analysis and design also includes the development of job specifications for each type of job. A job specification describes the skills, knowledge, experience, and other personal characteristics required to perform the jobs that are listed in job descriptions. In short, job descriptions describe the jobs, and job specifications describe the workers needed to fill those jobs. Recruiting Systems A recruiting system should provide the organisation with a bank of qualified applicants from which it may fill vacant positions identified through the position control system and described by the job analysis and design information system. The recruiting function should also ensure that the organisation is in compliance with

86 74 Computer Applications and Management Information System various federal, state, and local statutes and contract regulations for affirmative action and equal employment opportunity. Compensation and Benefits Systems To help human resource manager s control their compensation and benefit plans, organisations must keep and maintain information describing the various pay plans and fringe benefits as well as the choices of each employee. The compensation and benefits system may support a variety of tactical human resource decisions, especially when compensation and benefits information is related to information from internal and external sources. For example, you may wish to relate the pay received by employees with the same job duties or job titles to identify employees who are paid more or less than they should be for the skills they have and the duties they must complete. Succession Planning Systems An important role of human resource departments is to make certain that replacements for key organisational personnel are available when the positions key personnel occupy become vacant because of death, injury, retirement, or other reasons. Planning for the succession of these key people means identifying replacement employee STRATEGIC HUMAN RESOURCE INFORMATION SYSTEMS Human resource planning ensures that the organisation has the right kinds and the right numbers of people at the right places at the right time to achieve its objectives. Several types of human resource planning are strategic in nature, including workforce planning and labour negotiations Workforce Planning Systems Organisations involved in long-term strategic planning, such as those planning to expand into new market areas, construct factories or offices in new locations, or add new products, will need information about the quantity and quality of the available workforce to achieve their goals. Information systems that support workforce planning serve this purpose. This type of planning involves identifying the human resources needed to meet the organisational objectives specified in the strategic plan and that means forecasting the supply and demand of the required workforce. These forecasts are estimates of the characteristics, quantity, and pricing of the labour force needed to achieve the long-term plans of the organisation. Forecasting human resource needs requires information to answer a number of planning questions, including the following: What should be the labour force of the organisation look like to meet the strategic plan? What skills, experiences, knowledge, and other qualities should be organisation s human resource process? In other words, what job descriptions and specialisations does the strategic plan require? What quantities of human resources with the qualities already identified are needed to carry out the strategic plan? In other words, how many positions for each job title does the strategic plan need? What are the current human resources of the organisation and how well do they satisfy the organisation's strategic needs for human resources? What other human resources are available to achieve the strategic plan?

87 Information Systems Supporting Labour Negotiations Negotiating with craft, maintenance, office, and factory unions requires information gathered from many of the human resource information systems already discussed. In addition, negotiators need information from the financial accounting system and from external sources, including competitor wage agreements and appropriate economic data for the industry, employee group, and geographical region. Much of the external information required by a negotiating team can be obtained from the on-line data-bases discussed earlier. The human resource team completing the negotiating needs to obtain numerous ad hoc reports that analyse the organisation's and union's positions within the framework of both the industry and the current economic situation. The negotiating team must receive these ad hoc reports on a very timely basis because additional questions and tactics will occur to the team while they are negotiating. 75 Functional Areas of Information Systems Check Your Progress 2 Fill in the blanks: 1. The.. system is not tactical information system, but a tactical approach to production decisions are tactical production decisions and include allocating personnel and production facilities LET US SUM UP Tactical information systems support managers in the allocation of resources to meet top managements goals. Strategic planning information systems support the setting of organisation goals. There are many applications of information becomes to tactical and strategic planning decisions in business and organisations. This lesson briefly defines applications to planning decisions in finance, marketing, production and human resources. Financial information systems include tactical terms such as budgeting, cash management, capital budgeting, and investment management, and strategic systems, such as financial conditions analysis and long-term forecasting. Marketing information systems support managers in the management and control of the sales force, sales campaigns, advertising promotion campaigns, and the distribution and delivery of goods and services, as well as in tracking competitors. Tactical and strategic production information systems support decision making for the allocation and planning of manufacturing and production resources. The continued use and refinement of computer support for manufacturing production operations and decisions is leading organisations to an integrated approach to the management of manufacturing and production systems. Human resource departments are responsible for many facets of human resource management, including tactical decision-making in the areas of recruiting, training, compensation, benefit management, and job analysis and design. HR managers also provide top management with information for strategic planning, including providing workforce plans and support for labour negotiations GLOSSARY Budgeting Systems: To track actual revenues and expenses. Cash Flow Report: The estimated amount of cash received and spent each month.

88 76 Computer Applications and Management Information System Cash Management Systems: To track cash balances on a day-to-day basis. Capital Budget: Information about the planned acquisition or disposal of major plant assets during the current year. Investment Management: Overseeing the organisation's investments in stocks, bonds, and other securities. Check Your Progress: Answers CYP 1 1. cash flow 2. Computerised accounting systems 3. Pricing systems CYP 2 1. just-in-time (JIT) 2. Capacity planning 4.13 SUGGESTED READINGS Pankaj Sharma, Enterprise Resource Planning, APH Publishing Corporation, New Delhi, Hanson, J.J., Successful ERP Implementations Go Far beyond Software, San Diego Business Journal (5 July 2004). Olinger, Charles, The Issues behind ERP Acceptance and Implementation, APICS: The Performance Advantage Millman, Gregory J., What Did You Get from ERP and What Can You Get?, Financial Executive (May 2004). Ellen Monk, Bret Wagner, Concepts in Enterprise Resource Planning, Course Technology, Second Edition, 2005 Daniel E. O Leary, ERP Systems: Systems, Life Cycle, E-commerce, and Risk, Cambridge University Press, Murrell G. Shields, E-Business and ERP: Rapid Implementation and Project Planning, Wiley, Alexis Leon ERP Demystified 2/E, Tata McGraw-Hill, New Delhi Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, 1985.

89 4.14 QUESTIONS 1. Discuss and find out one summary report and one exception report that might be useful for these types of managers: (a) Accounting Manager (b) Budget Officer (c) Investment Manager 2. Discuss the information requirements for strategic planners concerned about the environment in which the organisation may find itself 5 to 10 years from now. 3. Discuss and present how a marketing manager might use the Internet to monitor competitors. 77 Functional Areas of Information Systems

90 78 Computer Applications and Management Information System LESSON 5 DECISION SUPPORT SYSTEM STRUCTURE 5.0 Objectives 5.1 Introduction 5.2 Decision Support Systems (DSS) 5.3 Framework of Decision Support Systems Need for an Expanded Framework An Expanded Framework 5.4 Types of DSS Data-Driven DSS Model-Driven DSS Knowledge-Driven DSS Document-Driven DSS Communications-Driven and Group DSS Inter-organisational or Intra-Organisational DSS Function-Specific or General Purpose DSS 5.5 Components of DSS 5.6 Overview of a DSS 5.7 Web-based DSS 5.8 Let us Sum up 5.9 Glossary 5.10 Suggested Readings 5.11 Questions 5.0 OBJECTIVES After studying this lesson, you should be able to: Define decision support system Describe DSS framework Explain various components of DSS Describe various types of DSS

91 5.1 INTRODUCTION The more information you have, based on internal experiences or from external sources, the better your decisions. Business executives are faced with the same dilemmas when they make decisions. They need the best tools available to help them. Decision makers to make quality decisions should, to the best of their abilities: Thoroughly check a wide range of alternatives Gather full range of goals and implications of choices Weigh costs and risks of both positive and negative consequences Intensively search for new information for evaluating alternatives Take all new information into account, even when it doesn't support initial course of action Re-examine positive and negative consequences of all alternatives, including initially rejected ones Make detailed provisions for implementation, including contingency plans for known risks 79 Decision Support System 5.2 DECISION SUPPORT SYSTEMS (DSS) It helps executives make better decisions by using historical and current data from internal information systems and external sources. By combining massive amounts of data with sophisticated analytical models and tools, and by making the system easy to use, they provide a much better source of information to use in the decision-making process. Decision Support Systems are a class of computerised information systems that support decision-making activities. DSS are interactive computer-based systems and subsystems intended to help decision makers use communications technologies, data, documents, knowledge and/or models to successfully complete decision process tasks. DSS and MIS In order to better understand a decision support system, let's compare the characteristics of an MIS system with those of a DSS system: MIS Structured decisions Reports based on routine flows of data General control of organisation Structured information flows Presentation in form of reports Traditional systems development DSS Semi structured, unstructured decisions Focused on specific decisions/classes of decisions End-user control of data, tools, and sessions Emphasizes change, flexibility, quick responses Presentation in form of graphics Greater emphasis on models, assumptions, ad hoc queries Develop through prototyping; iterative process You can also understand the differences between these two types of systems by understanding the differences in the types of decisions made at the two levels of management. Are your decisions routines, or are your decisions non-routines?

92 80 Computer Applications and Management Information System 5.3 FRAMEWORK OF DECISION SUPPORT SYSTEMS A conceptual framework for Decision Support Systems (DSS) is developed based on the dominant technology component or driver of decision support, the targeted users, the specific purpose of the system and the primary deployment technology. Five generic categories based on the dominant technology component are proposed, including Communications-Driven, Data-Driven, Document-Driven, Knowledge- Driven, and Model-Driven Decision Support Systems. Each generic DSS can be targeted to internal or external stakeholders. DSS can have specific or very general purposes. Finally, the DSS deployment technology may be a mainframe computer, a client/server LAN, or a Web-Based architecture. The goal in proposing this expanded DSS framework is to help people understand how to integrate, evaluate and select appropriate means for supporting and informing decision-makers. Because of the limitations of hardware and software, early DSS systems provided executives only limited help. With the increased power of computer hardware, and the sophisticated software available today, DSS can crunch lots more data, in less time, in greater detail, with easy to use interfaces. The more detailed data and information executives have to work with, the better their decisions can be Need for an Expanded Framework Decision Support Systems should be defined as a broad category of information systems for informing and supporting decision-makers. DSS are intended to improve and speed-up the processes by which people make and communicate decisions. We need to improve how we define Decision Support Systems on both a conceptual level and on a concrete, technical level. Both managers and DSS designers need to understand categories of decision support so they can better communicate about what needs to be accomplished in informing and supporting decision makers. The DSS literature includes a number of frameworks for categorising systems. Steven Alter (1980) developed the broadest and most comprehensive one more than 20 years ago. A new, broader typology or framework than Alter s (1980) is needed because Decision Support Systems are much more common and more diverse than when he conducted his research and proposed his framework. Decision Support Systems do vary in many ways. Some DSS focus on data, some on models and some on communications. DSS also differ in scope, some DSS are intended for one primary user and used stand-alone for analysis and others are intended for many users in an organisation. A Decision Support System could be categorized in terms of the generic operations it performs, independent of type of problem, functional area or decision perspective. His seven types included: file drawer systems, data analysis systems, analysis information systems, accounting and financial models, representational models, optimization models, and suggestion models An Expanded Framework The following expanded DSS framework is still evolving. The author and others have used the framework to classify a large number of software packages and systems. Anecdotal reports indicate that people who have tried to use it in describing a proposed or existing DSS have found it comprehensive, useful and parsimonious. It seems to help one categorize the most common Decision Support Systems currently in use. The framework focuses on one major dimension with 5 generic types of DSS and 3 secondary dimensions. The primary dimension is the dominant technology component or driver of the decision support system; the secondary dimensions are the targeted users, the specific purpose of the system and the primary deployment technology. Some DSS are best classified as hybrid systems driven by more than one major DSS component.

93 5.4 TYPES OF DSS 81 Decision Support System Data-Driven DSS Data-Driven DSS take the massive amounts of data available through the company's TPS and MIS systems and cull from it useful information which executives can use to make more informed decisions. They don't have to have a theory or model but can "free-flow" the data. The first generic type of Decision Support System is a Data-Driven DSS. These systems include file drawer and management reporting systems, data warehousing and analysis systems, Executive Information Systems (EIS) and Spatial Decision Support Systems. Business Intelligence Systems are also examples of Data-Driven DSS. Data-Driven DSS emphasize access to and manipulation of large databases of structured data and especially a time-series of internal company data and sometimes external data. Simple file systems accessed by query and retrieval tools provide the most elementary level of functionality. Data warehouse systems that allow the manipulation of data by computerised tools tailored to a specific task and setting or by more general tools and operators provide additional functionality. Data-Driven DSS with Online Analytical Processing (OLAP) provide the highest level of functionality and decision support that is linked to analysis of large collections of historical data Model-Driven DSS A second category, Model-Driven DSS, includes systems that use accounting and financial models, representational models, and optimisation models. Model-Driven DSS emphasize access to and manipulation of a model. Simple statistical and analytical tools provide the most elementary level of functionality. Some OLAP systems that allow complex analysis of data may be classified as hybrid DSS systems providing modeling, data retrieval and data summarisation functionality. Model-Driven DSS use data and parameters provided by decision-makers to aid them in analysing a situation, but they are not usually data intensive. Very large databases are usually not needed for Model-Driven DSS. Model-Driven DSS were isolated from the main Information Systems of the organisation and were primarily used for the typical "what-if" analysis. That is, "What if we increase production of our products and decrease the shipment time?" These systems rely heavily on models to help executives understand the impact of their decisions on the organisation, its suppliers, and its customers Knowledge-Driven DSS The terminology for this third generic type of DSS is still evolving. Currently, the best term seems to be Knowledge- Driven DSS. Adding the modifier driven to the word knowledge maintains a parallelism in the framework and focuses on the dominant knowledge base component. Knowledge-Driven DSS can suggest or recommend actions to managers. These DSS are personal computer systems with specialized problem-solving expertise. The "expertise" consists of knowledge about a particular domain, understanding of problems within that domain, and "skill" at solving some of these problems. A related concept is Data Mining. It refers to a class of analytical applications that search for hidden patterns in a database. Data mining is the process of sifting through large amounts of data to produce data content relationships Document-Driven DSS A new type of DSS, a Document-Driven DSS or Knowledge Management System, is evolving to help managers retrieve and manage unstructured documents and Web

94 82 Computer Applications and Management Information System pages. A Document-Driven DSS integrates a variety of storage and processing technologies to provide complete document retrieval and analysis. The Web provides access to large document databases including databases of hypertext documents, images, sounds and video. Examples of documents that would be accessed by a Document-Based DSS are policies and procedures, product specifications, catalogs, and corporate historical documents, including minutes of meetings, corporate records, and important correspondence. A search engine is a powerful decision aiding tool associated with a Document-Driven DSS Communications-Driven and Group DSS Group Decision Support Systems (GDSS) came first, but now a broader category of Communications-Driven DSS or groupware can be identified. This fifth generic type of Decision Support System includes communication, collaboration and decision support technologies that do not fit within those DSS types identified. Therefore, we need to identify these systems as a specific category of DSS. A Group DSS is a hybrid Decision Support System that emphasizes both the use of communications and decision models. A Group Decision Support System is an interactive computer-based system intended to facilitate the solution of problems by decision-makers working together as a group. Groupware supports electronic communication, scheduling, document sharing, and other group productivity and decision support enhancing activities We have a number of technologies and capabilities in this category in the framework Group DSS, two-way interactive video, White Boards, Bulletin Boards, and Inter-Organisational or Intra-Organisational DSS A relatively new targeted user group for DSS made possible by new technologies and the rapid growth of the Internet is customers and suppliers. We can call DSS targeted for external users an Inter-organisational DSS. The public Internet is creating communication links for many types of inter-organisational systems, including DSS. An inter-organisational DSS provides stakeholders with access to a company s intranet and authority or privileges to use specific DSS capabilities. Companies can make a data-driven DSS available to suppliers or a Model-Driven DSS available to customers to design a product or choose a product. Most DSS are intra-organisational DSS that are designed for use by individuals in a company as "standalone DSS" or for use by a group of managers in a company as a Group or Enterprise-Wide DSS Function-Specific or General Purpose DSS Many DSS are designed to support specific business functions or types of businesses and industries. We can call such a Decision Support System a function-specific or industry-specific DSS. A Function-Specific DSS like a budgeting system may be purchased from a vendor or customized in-house using a more general-purpose development package. Vendor developed or off-the-shelf DSS support functional areas of a business like marketing or finance; some DSS products are designed to support decision tasks in a specific industry like a crew scheduling DSS for an airline. A task-specific DSS has an important purpose in solving a routine or recurring decision task. Function or task-specific DSS can be further classified and understood in terms of the dominant DSS component, that is as a Model-Driven, Data-Driven or Suggestion DSS. A function or task-specific DSS holds and derives knowledge relevant for a decision about some function that an organisation performs (e.g., a marketing function or a production function). This type of DSS is categorised by purpose; function-specific DSS help a person or group accomplish a specific decision task. General-purpose DSS software helps support broad tasks like project management, decision analysis, or business planning.

95 5.5 COMPONENTS OF DSS Traditionally, academics and MIS staffs have discussed building Decision Support Systems in terms of four major components: User interface Database Models and analytical tools and DSS architecture and network This traditional list of components remains useful because it identifies similarities and differences between categories or types of DSS. The DSS framework is primarily based on the different emphases placed on DSS components when systems are actually constructed. Data-Driven, Document-Driven and Knowledge-Driven DSS need specialized database components. A Model-Driven DSS may use a simple flat-file database with fewer than 1,000 records, but the model component is very important. Experience and some empirical evidence indicate that design and implementation issues vary for Data-Driven, Document-Driven, Model-Driven and Knowledge-Driven DSS. Multi-participant systems like Group and Inter-Organisational DSS also create complex implementation issues. For instance, when implementing a Data-Driven DSS a designer should be especially concerned about the user's interest in applying the DSS in unanticipated or novel situations. Despite the significant differences created by the specific task and scope of a DSS, all Decision Support Systems have similar technical components and share a common purpose, supporting decision-making. A Data-Driven DSS database is a collection of current and historical structured data from a number of sources that have been organised for easy access and analysis. We are expanding the data component to include unstructured documents in Document-Driven DSS and "knowledge" in the form of rules or frames in Knowledge- Driven DSS. Supporting management decision-making means that computerized tools are used to make sense of the structured data or documents in a database. Mathematical and analytical models are the major component of a Model-Driven DSS. Each Model-Driven DSS has a specific set of purposes and hence different models are needed and used. Choosing appropriate models is a key design issue. Also, the software used for creating specific models needs to manage needed data and the user interface. In Model-Driven DSS the values of key variables or parameters are changed, often repeatedly, to reflect potential changes in supply, production, the economy, sales, the marketplace, costs, and/or other environmental and internal factors. Information from the models is then analysed and evaluated by the decision-maker. Knowledge-Driven DSS use special models for processing rules or identifying relationships in data. The DSS architecture and networking design component refers to how hardware is organised, how software and data are distributed in the system, and how components of the system are integrated and connected. A major issue today is whether DSS should be available using a Web browser on a company intranet and also available on the Global Internet. Networking is the key driver of Communications-Driven DSS. 83 Decision Support System

96 84 Computer Applications and Management Information System TPS TPS DSS Database DSS Software System Models OLAP Tools Datamining Tools User Interface User 5.6 OVERVIEW OF A DSS Figure 5.1 The DSS software system must be easy to use and adaptable to the needs of each executive. A well-built DSS uses the models that the text describes. You've probably used statistical models in other classes to determine the mean, median, or deviations of data. These statistical models are the basis of data mining. The What-If decisions most commonly made by executives use sensitivity analysis to help them predict what effect their decisions will have on the organisation. Executives don't make decisions based solely on intuition. The more information they have, the more they experiment with different outcomes in a safe mode, the better their decisions. That's the benefit of the models used in the software tools. Examples of DSS Applications Organisation American Airlines Equico Capital Corporation General Accident Insurance Bank of America Frito-Lay, Inc. Burlington Coat Factory National Gypsum Southern Railway Texas Oil and Gas Corporation United Airlines U.S. Department of Defense DSS Application Price and route selection Investment evaluation Customer buying patterns and fraud detection Customer profiles Price, advertising, and promotion selection Store location and inventory mix Corporate planning and forecasting Train dispatching and routing Evaluation of potential drilling sites Flight scheduling Defense contract analysis

97 5.7 WEB-BASED DSS Of course, no discussion would be complete without information about how companies are using the Internet and the Web in the customer DSS decision-making process. Figure 5.2 shows an Internet CDSS (Customer Decision-Support System). 85 Decision Support System Figure 5.2 Customer Decision Support on the Internet Here's an example: You decide to purchase a new home and use the Web to search real estate sites. You find the perfect house in a good neighborhood but it seems a little pricey. You don't know the down payment you'll need. You also need to find out how much your monthly payments will be based on the interest rate you can get. Luckily the real estate Web site has several helpful calculators (customer decision support systems) you can use to determine the down payment, current interest rates available, and the monthly payment. Some customer decision support systems will even provide an amortization schedule. You can make your decision about the purchase of the home or know instantly that you need to find another house. Check Your Progress 1. OLAP stands for.. 2. EIS stands for.. 3. GDSS stands for..

98 86 Computer Applications and Management Information System 5.8 LET US SUM UP Executives make semi-structured and unstructured decisions based on historical and current data, from both internal and external sources. Well-built Decision-Support Systems help them make better decisions by making more of these kinds of data available in the decision-making process. Data mining is one of the most effective tools for gathering useful information provided it's used properly. In addition to data, the components of a DSS include effective software tools, and a user interface that is easy to use. Decision-makers receive and analyse information using many different media, including traditional print, group and interpersonal information exchanges, and computer based tools. One set of computer-based tools has been termed Decision Support Systems. For more than 30 years, researchers and Information Systems specialists have built and studied a wide variety of systems for supporting and informing decision-makers that they have called Decision Support Systems or Management Decision Systems. 5.9 GLOSSARY Decision Support Systems (DSS): Computerised information systems that support decision-making activities. Data-driven DSS: The massive amounts of data available through the company's TPS and MIS systems Model-driven DSS: The systems that use accounting and financial models Knowledge-driven DSS: Dominant knowledge base component. Check Your Progress: Answer 1. Online Analytical Processing 2. Executive Information Systems 3. Group Decision Support Systems 5.10 SUGGESTED READINGS Pankaj Sharma, Enterprise Resource Planning, Aph Publishing Corporation, New Delhi, Hanson, J.J., Successful ERP Implementations Go Far beyond Software, San Diego Business Journal (5 July 2004). Olinger, Charles, The Issues behind ERP Acceptance and Implementation, APICS: The Performance Advantage Millman, Gregory J., What Did You Get from ERP and What Can You Get?, Financial Executive (May 2004). Ellen Monk, Bret Wagner, Concepts in Enterprise Resource Planning, Course Technology, Second Edition, 2005 Daniel E. O Leary, ERP Systems: Systems, Life Cycle, E-commerce, and Risk, Cambridge University Press, Murrell G. Shields, E-Business and ERP: Rapid Implementation and Project Planning, Wiley, Alexis Leon ERP Demystified 2/E, Tata McGraw-Hill, New Delhi

99 Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, Decision Support System 5.11 QUESTIONS 1. Discuss the issues in designing the DSS for any organisation. 2. Which of the following are decision support systems? Explain the reasons for your answers. (a) A marketing system that provides a weekly sales report summarized by product line. (b) A sales prospect database that managers can use to make queries, such as list the names of all prospects having the postal code (c) A personnel information system that provides a listing of all new hires, changes, and terminations at the beginning of each week. (d) A financial system that projects the cash flow impacts of two investment decisions. 3. Discuss the qualitative benefits of DSS and present it. 4. Briefly write a short note on various types of DSS with examples. 5. Explain Web based DSS and its benefits.

100 88 Computer Applications and Management Information System LESSON 6 EXECUTIVE INFORMATION SYSTEMS STRUCTURE 6.0 Objectives 6.1 Introduction 6.2 Role of EIS in the Organisation 6.3 Executive Support Systems Examples of ESS Characteristics of ESS Difference between ESS and DSS 6.4 Enterprise Systems Benefits of Enterprise Systems Challenge of Enterprise Systems 6.5 Enterprise Information Systems 6.6 Expert System Need of Expert System Building Block of Expert System 6.7 Knowledge Management in the Organisation Information Systems and Knowledge Management Information and Knowledge Work Systems Examples of Knowledge Work Systems Comparison of Various Information System 6.8 Let us Sum up 6.9 Glossary 6.10 Suggested Readings 6.11 Questions 6.0 OBJECTIVES After studying this lesson, you should be able to: Define EIS Describe ESS benefits Explain enterprise and expert systems Explain information system and knowledge management

101 6.1 INTRODUCTION Executive Information Systems (EIS) supply the necessary tools to senior management. The decisions at this level of the company are usually never structured and could be described as "educated guesses." Executives rely as much, if not more so, on external data than they do on data internal to their organisation. Decisions must be made in the context of the world outside the organisation. The problems and situations senior executives face are very fluid, always changing, so the system must be flexible and easy to manipulate. 89 Executive Information Systems 6.2 ROLE OF EIS IN THE ORGANISATION Executives often face information overload and must be able to separate the chaff from the wheat in order to make the right decision. On the other hand, if the information they have is not detailed enough they may not be able to make the best decision. An EIS can supply the summarized information executives need and yet provide the opportunity to drill down to more detail if necessary. As technology advances, EIS are able to link data from various sources both internal and external to provide the amount and kind of information executives find useful. As common software programs include more options and executives gain experience using these programs, they're turning to them as an easy way to manipulate information. Many executives are also turning to the Web to provide the flexibility they need. Nature of Executive's Work We now know the basics of EIS. This means that which type of work executives normally do or perform for which they require not a DSS but ESS. This is highly required before building an ESS. Because without the knowledge of executives work we cannot decide about the system which is suitable for him. Basically manager's role is divided into three categories: Interpersonal role: Roles like figurehead, leader, and liaison Informational roles: Roles of monitor, disseminator, spokesperson Decisional roles: Entrepreneur, disturbance handler, resource alligator, negotiator. Most of the ESS support all these roles for executive's successful working. If we pay attention then we can see that for interpersonal roles and informational roles with very few advances to DSS the executives can start using ESS. But executives mainly require the ESS for decisional roles. To determine the information needs of executives, it is necessary to specify the activities, which are performed in decisional role. We divide the work of executives in relation to the decision roles into 2 phases. Phase 1 is the identification of problems or opportunities. Phase 2 is the decision of what to do about it. Functional units like finance, production, accounting, and personnel etc. generate the internal information. The external information comes from the sources such as online databases, newspaper, industry newsletters, government reports, personal contacts etc. We know that the combined information is very important because that is the source needed for successful competition and survival. As the data is large the information is needed to be scanned further. The collected information is then checked and verified for its correction that is it is evaluated for the further use of the organisation. Finally the evaluated information is sent for qualitative or quantitative analysis. Then the

102 90 Computer Applications and Management Information System executive makes a decision whether an opportunity occurs or problem occurs. If there is a problem then information is given as an input for the next step else it is again scanned for further evaluation. Finally the executives take the decision. 6.3 EXECUTIVE SUPPORT SYSTEMS As with DSS, executive support systems are developed using the prototyping method. Prototyping allows iterative, quick changes to the system. Executives are busy people who don't want to spend a lot of time in the development process. They know what they want, they want it quickly, and they want it to work the first time. That's a tough goal for developers. ESS must support many of the executive's informational requirements or she will find other ways to supplement her decision-making tasks. If the system doesn't provide the flexibility to scout out problems, new opportunities, or keep an eye on the competition, executives will ignore the system and seek other ways of getting the information they need mainly other people. As more executives come up through the ranks, they are more familiar with and rely more on technology to assist them with their jobs. Executive Support Systems don't provide executives with ready-made decisions. They provide the information that helps them make their decisions. Executives use that information, along with their experience, knowledge, education, and understanding of the corporation and the business environment as a whole, to make their decisions. Executives are more inclined to want summarized data rather than detailed data (even though the details must be available). ESS rely on graphic presentation of information because it's a much quicker way for busy executives to grasp summarized information. Because of the trend toward flatter organisations with fewer layers of management, companies are employing ESS at lower levels of the organisation. This trend will probably continue as more managers become knowledgeable about the power and flexibility of ESS. Advantages The various advantages of ESS are: Simple for high-level executives to use operations do not require extensive computer experience Provides timely delivery of company summary information Provides better understanding of information Filters data for better time management Provides system for improvement in information tracking Disadvantages The various disadvantages of ESS are: Computer skills required to obtain results Requires preparation and analysis time to get desired information Detail oriented Provides detailed analysis of a situation Difficult to quantify benefits of DSS How do you quantify a better decision? Difficult to maintain database integrity Provides only moderate support of external data and graphics capabilities

103 6.3.1 Examples of ESS The examples of ESS provided in the lesson offer interesting contrasts of how each organisation uses its system to aid in the decision-making process. The Sutter Home Winery uses mostly external data, including information from the Internet, in its ESS. It organises the information in order to help executives make decisions based on trends in the marketplace. The information includes data on competitors and information from market research. Sutter uses its system output to determine sales forecasts, marketing campaigns, and investment plans. Managers at the Royal Bank of Canada are able to choose their own criteria (from among 15 choices) to drill down and navigate data through easy-to-use interfaces. They don't have to accept data in formats chosen by someone else who may not understand individual manager's needs. Data analysis is more timely because the information is quicker to obtain and more convenient than before. Virtually all of the information in the U.S. General Services Administration's ESS is internal data used to help executives manage the government's assets and inventory of buildings. The information is used for analysis of the efficient, or inefficient, use of buildings. The systems includes the ability to drill down to more specific detail if necessary. Output includes graphs and pictures of the inventory. Huge amounts of data are available quicker and are more specific to the user's needs. 91 Executive Information Systems Characteristics of ESS An ESS has many distinct characteristics that differentiate it from other applications software. A list of these features is presented in table below. A successful executive information system minimizes hard copy reports while keeping high-level executives up dated. With an ESS, qualitative information is obtained without producing volumes of paper. Advanced internal control and communication are typical focuses of an ESS. The ability to view exception reporting on the computer screen is an example of an ESS-facilitated management control technique. Most Executive Support Systems highlight the areas of the business that are going astray. Color codes are used to display data that are in an acceptable or unacceptable range as defined by the executive. This technique allows the computer to track important project assignments within a company using the executive information system. An ESS allows access to external as well as company internal information. Characteristics Degree of use Computer skills required Flexibility Principle use Decisions supported Data supported Output capabilities Graphic concentration Data access speed Description High, consistent, without need of technical assistance Very low -must be easy to learn and use High - must fit executive decision making style Tracking, control Upper level management, unstructured Company internal and external Text, tabular, graphical, trend toward audio/video in future High, presentation style Must be high, fast response Difference between ESS and DSS Decision support systems, reflected to as DSS, are another type of computer information system designed support and improve the decision-making process. Many more computer users will be familiar with DSS because these systems were developed as a support tool for middle to lower level managers and system analysts. Like the

104 92 Computer Applications and Management Information System ESS, DSS are made up of several distinct components. While both types contain a modeling capability and database component, the presentation components are typically not as sophisticated in a DSS. The reason is that DSS were developed to support decisions from the middle level up, while an ESS concentrates on supporting the very top level of management. Although both ESS and DSS are designed to support and improve the decisionmaking process, the actual type of decision an executive makes differs from that of a middle manager. The ESS can be thought of as a system that provides information to help formulate intelligent queries, which can then be passed on to the DSS. An analyst can then perform a detailed analysis, not an executive. The intention of the ESS is to allow executives to familiarize themselves with the organisation as a whole, and not just one particular area. The DSS usually provides very detailed information to assist analysis of problems in one section/department of a business. Another primary difference is the ability of an ESS to incorporate "what if' models in the program. With this ability, the user can perform impact analyses, such as "What is the effect on profits if we close Plant A." Another important difference is that external data retrieved from on-line databases as well as internal data will be examined when answering a query to the ESS. The DSS typically only places a moderate emphasis on incorporating external data into the decision process. While each system tracks and reports the status of certain activities, the level of detail provided when a problem occurs is vastly different. An ESS delivers primarily summary information. It allows for details to be given by incorporating the "drilling down" capability. The DSS will attempt to provide all the details incorporated into the problem analysis the first time. 6.4 ENTERPRISE SYSTEMS A large organisation typically has many different kinds of information systems that support different functions, organisational levels, and business processes. Many organisations are also building enterprise systems, also known as Enterprise Resource Planning (ERP) systems, to provide firm wide integration. Figure 6.1: Enterprise Systems Enterprise systems can integrate the key business processes of an entire firm into a single software system that allows information to flow seamlessly throughout the organisation. These systems may include transactions with customers and vendors. Enterprise Systems (ES) are large-scale, integrated application-software packages that use the computational, data storage, and data transmission power of modern

105 Information Technology (IT) to support processes, information flows, reporting, and data analytics within and between complex organisations. In short, ES are Packaged Enterprise Application Software (PEAS) systems, where all three adjectives, packaged, enterprise, and application, in combination, restrict the set of things that can be called ES. Although some people have equated the terms enterprise system and Enterprise Resource Planning (ERP) system, since the term ERP now has a reasonably clear meaning it is convenient to use the term enterprise system to refer to the larger set of all large organisation-wide packaged applications with a process orientation including Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Supply Chain Management (SCM). Enterprise systems are built on, though do not include, software platforms such as SAP s NetWeaver and Oracle's Fusion and, usually, a relational database. In addition, although data warehousing or business intelligence systems are enterprise-wide packaged application software often sold by ES vendors, since they do not directly support execution of business processes, it is often convenient to exclude them from the definition of ES. ES is a special class of enterprise application software (namely packaged enterprise application software), which, in turn, is a type of enterprise software. Here, the adjective "enterprise" is used to connote "enterprise class" software, i.e., software designed for use in large organisations. Clearly, under the preceding definition, ES is also a special class of application software (namely packaged enterprise application software). 93 Executive Information Systems Figure 6.2: Enterprise Systems Computer-based systems built using ES are types of Enterprise Information System, or Management Information System, which, in turn, are types of Information System (IS). The distinction between ES and IS is that "ES" refers to software, whereas an IS is a social system that uses IT, i.e., an IS includes people often in an organisational setting as well as IT.

106 94 Computer Applications and Management Information System Benefits of Enterprise Systems The various benefits of enterprise systems are: Firm Structure and Organisation: One Organisation Companies can use enterprise systems to support organisational structures that were not previously possible or to create a more disciplined organisational culture. Management: Firm wide Knowledge-based Management Process In addition to automating many essential business transactions, such as taking orders, paying suppliers, or changing employee benefit status, enterprise systems can also improve management reporting and decision making. Technology: Unified Platform Enterprise systems promise to provide firms with a single, unified, and allencompassing information system technology platform and environment. Enterprise systems promise to create a single, integrated repository that gathers data on all the key business processes. Business: More Efficient Operations and Customer-driven Business Process Enterprise systems can help create the foundation for a customer-driven or demand organisation. By integrating discrete business processes such as sales, production, finance, and logistics, the entire organisation can efficiently respond to customer requests for products or information, forecast new products, and build and deliver them as demand requires Challenge of Enterprise Systems Although enterprise systems can improve organisational coordination, efficiency, and decision making, they have proven very difficult to build. Employees must take on new job functions and responsibilities. Enterprise systems require complex pieces of software and large investment of time, money, and expertise. Daunting Implementation Enterprise systems bring dramatic changes to business. They require not only deepseated technological changes but also fundamental changes in the way the business operates. High Up-front Cost and Future Benefits The costs of enterprise systems are large, up-front, highly visible, and often politically changed. Although the costs to build the system are obvious, the benefits often cannot be precisely quantified at the beginning of an enterprise project. One reason is that the benefits often accrue from employees using the system after it is completed and gaining the knowledge of business operations heretofore impossible to learn. Inflexibility Enterprise system software tends to be complex and difficult to master, with a worldwide shortage in people with the expertise to install and maintain it. The software is deeply intertwined with corporate business. Realizing Strategic Value Companies may also fail to achieve strategic benefits from enterprise systems if integrating business process processes using the generic models provided by standard

107 ERP software prevents the firm from using unique business processes that had been sources of advantage over competitors. 95 Executive Information Systems Check Your Progress 1 1. CRM stands for 2. DSS stands for 3. ESS stands for 6.5 ENTERPRISE INFORMATION SYSTEMS Enterprise Information System is generally any kind of computing system that is of enterprise class. This means typically offering high quality of service, dealing with large volumes of data and capable of supporting some large organization (an enterprise). Enterprise Information Systems provide a technology platform that enables organisations to integrate and coordinate their business processes. They provide a single system that is central to the organisation and ensure that information can be shared across all functional levels and management hierarchies. Enterprise systems are invaluable in eliminating the problem of information fragmentation caused by multiple information systems in an organisation, by creating a standard data structure. A typical Enterprise Information System would be housed in one or more Data centers, run Enterprise software, and could include applications such as Content Management Systems and typically cross organisational borders. The word enterprise can have various connotations. Frequently the term is used only to refer to very large organisations. However, the term may be used to mean virtually anything, by virtue of it having become the latest corporate-speak buzzword. (See Criticisms of Enterprise software) 6.6 EXPERT SYSTEM First of all we must understand that an expert system is nothing but a computer program or a set of computer programs which contains the knowledge and some inference capability of an expert, most generally a human expert, in a particular domain. As expert system is supposed to contain the capability to lead to some conclusion based on the inputs provided, information it already contains and its processing capability, an expert system belongs to the branch of Computer Science called Artificial Intelligence. Mere possessing an algorithm for solving a problem is not sufficient for a program to be termed an expert system, it must also possess knowledge i.e., if there is an expert system for a particular domain or area and if it is fed with a number of questions regarding that domain then sooner or later we can expect that these questions will be answered. So we can say that the knowledge contained by an expert system must contribute towards solving the problems for which it has been designed. Also knowledge in a expert system must be regarding a specific domain. As a human being cannot be an expert in every area of life, similarly, an expert system which tries to simulate the capabilities of an expert also works in a particular domain. Otherwise it may be require to possess potentially infinite amount of knowledge and processing that knowledge in finite amount of time is an impossible task.

108 96 Computer Applications and Management Information System Taking into consideration all the points which have been discussed above, let us try to give one of the many possible definitions of an Expert System: An Expert System is a computer program that possesses or represents knowledge in a particular domain, has the capability of processing/manipulating or reasoning with this knowledge with a view to solving a problem, giving some achieving or to achieve some specific goal. An expert system may or may not provide the complete expertise or functionality of a human expert but it must be able to assist a human expert in fast decision making. The program might interact with a human expert or with a customer directly. Basic Properties of an Expert System The basic properties of expert system are: It tries to simulate human reasoning capability about a specific domain rather than the domain itself. This feature separates expert systems from some other familiar programs that use mathematical modeling or computer animation. In an expert system the focus is to emulate an expert s knowledge and problem solving capabilities and if possible, at a faster rate than a human expert. It perform reasoning over the acquired knowledge, rather than merely performing some calculations or performing data retrieval. It can solve problems by using heuristic or approximate models which, unlike other algorithmic solutions are not guaranteed to succeed. AI programs that achieve expert-level competence in solving problems in different domains are more called knowledge based systems. A knowledge-based system is any system which performs a job or task by applying rules of thumb to a symbolic representation of knowledge, instead of employing mostly algorithmic or statistical methods. Often the term expert systems is reserved for programs whose knowledge base contains the knowledge used by human experts, in contrast to knowledge gathered from textbooks or non-experts. But more often than not, the two terms, expert systems and knowledge-based systems are taken us synonyms. Together they represent the most widespread type of AI application. The area of human intellectual endeavour to be captured in an expert system is sometimes called the task domain. Task refers to some goal-oriented, problem-solving activity. Domain refers to the area within which the task is being performed. Some of the typical tasks are diagnosis, planning, scheduling, configuration and design. For example, a program capable of conversing about the weather would be a knowledge-based system, even if that program did not have any expertise in meteorology, but an expert system must be able to perform weather forecasting. Expert System Definition A model and associated procedure that exhibits, within a specific domain, a degree of expertise in problem solving that is comparable to that of a human expert. An expert system is a computer system which emulates the decision-making ability of a human expert. Simply put, an expert system contains knowledge derived from an expert in some narrow domain. This knowledge is used to help individuals using the expert system to solve some problem. Since it is quite difficult to encode enough knowledge into a system so that it may solve a variety of problems. We have not reached the point yet where this can be done.

109 The traditional definition of a computer program is usually: Algorithm + Data Structures = Program In an expert system, the definition changes to: Inference Engine + Knowledge = Expert System 97 Executive Information Systems Need of Expert System There are many reasons to use an expert system. Here are some of the primary reasons: Helps preserve knowledge-builds up the corporate memory of the firm. Helps if expertise is scarce, expensive, or unavailable. Helps if under time and pressure constraints. Helps in training new employees. Helps improve worker productivity. Expert systems are necessitated by the limitations associated with conventional human decision-making processes, including: Human expertise is very scarce. Humans get tired from physical or mental workload. Humans forget crucial details of a problem. Humans are inconsistent in their day-to-day decisions. Humans have limited working memory. Humans are unable to comprehend large amounts of data quickly. Humans are unable to retain large amounts of data in memory. Humans are slow in recalling information stored in memory. Humans are subject to deliberate or inadvertent bias in their actions. Humans can deliberately avoid decision responsibilities. Humans lie, hide, and die. Coupled with these human limitations are the weaknesses inherent in conventional programming and traditional decision-support tools. Despite the mechanistic power of computers, they have certain limitations that impair their effectiveness in implementing human-like decision processes. Conventional programs: Are algorithmic in nature and depend only on raw machine power Depend on facts that may be difficult to obtain Do not make use of the effective heuristic approaches used by human experts Are not easily adaptable to changing problem environments Seek explicit and factual solutions that may not be possible Building Block of Expert System There are basically four steps to building an expert system. Analysis Specification

110 98 Computer Applications and Management Information System Development Deployment The spiral model is normally used to implement this approach. The spiral model of developing software is fairly common these days. Expert system development can be modeled as a spiral, where each circuit adds more capabilities to the system. There are other approaches, such as the incremental or linear model, but we prefer the spiral model. Analysis The purpose of analysis is to identify a potential application. Possible applications include diagnostics, a controller, etc. During analysis the developer must also assess the suitability of knowledge-engineering technology for this application. You must ask yourself the question, will something else work better? This is true for applying any type of artificial intelligence to solve a problem. If there is a numerical method or heuristic that is well established, than stick with that approach and use artificial intelligence to solve problems which are difficult. Specification The specification step is where the developer defines what the expert system will do. Here the developer must also work with the expert to learn enough about the task to plan system development. The expert is a human who is identified as being the domain expert in a particular field. The developer must familiarise himself with the problem so that system development can be performed. The developer will spend a significant amount of time in this phase acquiring knowledge. Defining what an expert system should do can be challenging. It may be difficult to obtain reliable information. Some experts may solve problems differently, or tell the developer what they think he wants to hear. The experts may envision a different functionality for the system than the developer, who better understands the limitations of the software. It is also important to assure the experts that the purpose of the expert system is not to replace the experts, but to proliferate their knowledge and expertise throughout the organisation. Also, once an expert system is developed, it cannot create new ways to solve problems. It is up to the human experts to continually refine their knowledge and find better ways of solving problems. Development The development step consists of several important tasks. Here, the developer must learn how the expert performs the task (knowledge acquisition) in a variety of cases. There are basically three kinds of cases the developer should discuss with the expert: current, historical, and hypothetical. Current cases can be covered by watching the expert perform a task. Historical cases can be discussed by discussing with the expert a task that was performed in the past. And, hypothetical cases can be covered by having the expert describe how a task should be performed in a hypothetical situation. The knowledge acquisition process, which started in the specification phase, continues into the development phase. The developer must extract knowledge from the previous case discussions. The types of knowledge the developer looks for can be grouped into three categories: strategic, judgemental, and factual. Strategic knowledge is used to help create a flow chart of the system. Judgemental knowledge usually helps define the inference process and describes the reasoning process used by the expert. Finally, factual knowledge describes the characteristics and important attributes of objects in the system.

111 Deployment In the deployment phase the developer installs the system for routine use. He also fixes bugs, updates, and enhances the expert system. 99 Executive Information Systems 6.7 KNOWLEDGE MANAGEMENT IN THE ORGANISATION Creating and using knowledge is not limited to information-based companies: it is necessary for all organisations, regardless of industry sector. It's not enough to make good products; companies must make products that are better, less expensive to produce, and more desirable than those of competitors. Using corporate and individual knowledge wisely will help companies do that. In the last few years, companies have downsized and flattened their organisations. Many of the employees who were laid off had been with the company for years. When they walked out the door, they took experience, education, contacts, and information with them. The companies are finding out how important that human resource is to their success. And as companies continue to expand on a global basis and increase their use of technology to connect workers, they have to devise methods of disseminating information quickly to as many people as possible. If an employee in Chicago has experience with a certain production method, it would be silly not to share that information with employees in Singapore so that they don't "reinvent the wheel." So as knowledge becomes a central productive and strategic asset, the success of the organisation increasingly depends on its ability to gather, produce, maintain, and disseminate knowledge. To understand the concept of knowledge management, think of knowledge as a resource just like buildings, production equipment, product designs, and money. All these resources need to be systematically and actively managed Information Systems and Knowledge Management There are two main components to a Knowledge Management system: Office Automation Systems (OAS) and Knowledge Work Systems (KWS). We're all pretty familiar with OAS systems that secretaries, clerical workers, and some professionals use. In fact, you've probably used some of the same applications contained in an OAS. The most popular is the Microsoft Office suite, which includes word processing (Word), personal information management systems (Outlook), spreadsheets (Excel), and database software (Access). OAS systems help disseminate and coordinate the flow of information created by someone other than themselves, BOTH internally and externally to the organisation. KWS, on the other hand, support the creation and integration of new knowledge that is beneficial to the organisation. One could argue that the most important element of a KWS is the tacit knowledge that resides in the minds of the employees. Most other types of knowledge you can learn from books. Tacit knowledge usually comes from experience. Figure 6.3 shows the types of systems an organisation would use to create knowledge, capture and codify it, share the knowledge among people, and distribute it with various Office Automation Systems.

112 100 Computer Applications and Management Information System Share Knowledge Group Collaboration Systems Groupware Intranets Office Automation Systems Word Processing Imaging and Web Publishing Electronic Calendars Desktop Databases Distribute Knowledge Artificial Intelligence Systems Expert Systems Neural Nets Fuzzy Logic Genetic Algorithms Intelligent Agents Capture and Codify Knowledge Knowledge Work Systems CAD Virtual Reality Investment Workstations Create Knowledge Figure 6.3: How Contemporary Information Systems Support Workers Knowledge Work and Productivity We could have a good discussion of productivity gains as a result of the increased use of Information Systems of all kinds. The latest figures say that "productivity growth - which languished at 1% during the 1970s and '80s - has taken a long-term leap to 2% or more as companies use information technology to become more efficient." To add another dimension, it has long been known that our government does not adequately measure the dollar value associated with the export of information to foreign countries and the products created in the Information Services sector. It's not as easy to count the products from Information Services, such as software or financial advice, as it is to count the number of cars loaded onto a ship bound for Europe. One of the more interesting aspects of the discussion here is the statement "É-value created by computers may primarily flow to customers rather than to the company making the investments." The customer is happier; but is the company more productive? And although the company may not necessarily be able to count the productivity gains, it can realize gains from satisfied customers who return for more products or more information or more services. Simply throwing a computer on an employee's desk does not make him or her instantly more productive or instantly smarter. You have to train people on the best use of the system. The company as a whole also has to rethink processes, workflows, and goals. If you had a problem or an inefficient process before, new hardware and software won't automatically fix it: think business process redesign and paradigm shifts. Information and knowledge are key business assets that must be nurtured, protected, grown, and managed for the benefit of the entire organisation Information and Knowledge Work Systems Information work is the art of creating and processing information. We use the term "art" because some companies do a very good job of creating, processing, and managing their information; others do such a poor job that these tasks become a detriment to the success of the organisation. Which kind of company do you want to work for or own?

113 The two groups of employees primarily concerned with KWS are the data workers who process and distribute information and the knowledge workers who create knowledge and information. There are several ways to distinguish these two groups. You can also distinguish the two by the type of work they perform and how they create and use information. Here are some questions to help you: Do they create original ideas, or do they process, record, and store someone else's? Do they make their own original decisions regarding the information? Do they establish procedures to create and process the information, or do they follow someone else's procedures? Distributing Knowledge: Office and Document Management Systems 101 Executive Information Systems The Organisation Customers Government Suppliers Auditors Manufacturing and Production Finance Marketing and Sales Human Resources Figure 6.4 The office, as we know it in the traditional sense, is the setting for the generation and processing of information. As the above figure shows, it's where different roles mesh into a smooth "machine" of producing information, knowledge, and ideas instead of a product that you can touch, feel, or smell. Office Activity Managing documents Scheduling Communicating Technology Word processing; desktop publishing, document imaging; Web publishing; work flow managers Electronic calendars; groupware, intranets ; voice mail; spreadsheets; user-friendly interfaces to mainframe databases. The table describes typical Office Automation Systems and the activities they support, all of which are vital to the success of the organisation. While some OAS still rely on stacks and stacks of paper, modern technology emphasizes digital sourcing, storage, and distribution. As computers and associated technology become more embedded into the normal workflow of offices, more is being done without paper. For instance, a clerical worker can create a document, send it to co-workers or supervisors for their input via , have it returned electronically, correct it, and distribute it online. But no matter how much we talk about a paperless society, we are actually generating more paper than ever. One of the emerging technologies that is enhancing the productivity and ease-of-use of Office Automation Systems and reducing paper problems is the document imaging system, which converts documents and images into digital form so they can be stored and accessed by computer. Documents not in use are stored on-line on an optical disk system called a jukebox. The index server maintains the information the system will use to locate, access, and retrieve a document.

114 102 Computer Applications and Management Information System A wonderful example of document imaging systems is bank checks. Most banks don't return canceled checks any more. They make a digital image of the check, store it electronically, and then destroy the piece of paper. If you ever need a copy of one of your old checks, you have to request it. While the initial use of paper isn't reduced, the cost of processing and mailing the checks to the customer is gone altogether. The advantages of using document imaging systems lie in the chance to redesign workflows. If companies aren't willing to do this, then they are laying out a lot of money to buy and install a system that they'll never fully use. Creating Knowledge: Knowledge Work Systems In this section we'll review many different Knowledge Work Systems (KWS) so that you have a clear understanding of how they differ from OAS and other Information Systems. These systems help create new products or improve old ones, and they're also used to integrate new data into the flow of information that is so vital to an organisation. It's important that you understand the functions KWS perform. They: Keep the organisation up-to-date in knowledge Serve as internal consultants Act as change agents Requirements of Knowledge Work Systems The first requirement of a KWS is that it provides knowledge workers with the necessary tools: Graphics tools Analytical tools Communication tools Document management tools External Knowledge base SOFTWARE Graphics Visualisation Modelling Simulation Document management Communications User interface Hardware platform: knowledge workstation Figure 6.5 The above figure also shows how the elements of a KWS work together. Note that this kind of system requires links to external knowledge bases.

115 Most KWS require powerful workstations that can process the huge graphics files some professionals need or perform the massive calculations other types of professionals require. We're not talking clip art or simple adding or subtracting. We are talking huge amounts of data that must be processed quickly and the necessary storage for large files. The workstations must also have the necessary equipment and telecommunication connections that enable the knowledge workers to connect to external sources of information via Extranets, Intranets, or the Internet. These systems must have system and application software that is easy to use and manipulate, and intuitive to learn. 103 Executive Information Systems Examples of Knowledge Work Systems Pick up any business or technology magazine, or watch the news channels and you'll find numerous examples of how companies are using Knowledge Work Systems to recreate their core processes, create new products or services, or improve old ones. The text gives some excellent examples: Computer-aided design (CAD) applications are used by design engineers to build new products or improve old ones. It used to take 3-4 years and millions of dollars to design a new car. With improved CAD systems, automobile manufacturers have reduced the time to months and cut the cost by millions of dollars. Boeing Company has seen the same startling results in their design process for airplanes. Virtual reality systems have sophisticated imagery that makes you feel like you're "right there!" You may have seen this system on TV shows or in the movies. You're usually required to wear special equipment that feeds your reactions back to the computer so that it can plan its responses to your input. The U.S. Air Force uses virtual reality systems to help train pilots. VRML (Virtual Reality Modeling Language) is a set of specifications for interactive 3-D modeling on the Web. Many companies are putting their training systems right on the Internet so that people can have access to the latest information and can use it when they need it. Some Web sites use Java applets to help process the programs on the local workstation. How would you like to make investment decisions based on information that is 90 days old or older? Would you have very much faith in a system that told you only how the company did financially last year, or would you also like to know how the company performed last quarter? That's the idea behind investment workstations. They combine information about companies that is internal and external, new and old, in order to advise clients on the best use of their investment dollars. Massive amounts of data must be processed quickly in order to keep up with changing market conditions and the changing nature of the industries themselves Comparison of Various Information System Types of System Transaction Processing Systems Input Process Output Users Examples Transaction, events Data entry, listing, sorting, merging, updating Detailed reports, lists, summary of transactions Lower level managers, supervisors Sales transactions, Insurance claims Contd..

116 104 Computer Applications and Management Information System Management Information System (MIS) Output from TPS, high volume of data Routine reports, simple model, low level analysis Summary and exception reports Middle-level managers Monthly sales report Decisions Support System (DSS) Output from TPS and MIS, low level data Analytical modeling of business data Interactive queries and responses Top-level managers, Professionals Investment portfolios, plant expansion Executive Information System (EIS) Aggregate data (external and internal) Graphics, interactive Projections, responses to queries Senior managers Enterprise wide performance Expert System (ES) Knowledge base, inference engine, user interface Heuristic searches, fuzzy logic, generic algorithms, production system Analysis reports, expertise to whole organisation Information workers, professionals MYCIN, Diagnostic/troubleshoot ing, decision management, RI Knowledge Management Systems (KWS) Knowledge base, Data warehouses Modeling, simulation, data mining Create, organise shape, business knowledge, patterns Professionals, teaching staff Computer aided design system, knowledge base decision making system Check Your Progress 2 1. ERP stands for.. 2. KWS stands for 3. OAS stands for. 6.8 LET US SUM UP In the past few years, some additional terms like business intelligence, data mining, on-line analytical processing, groupware, knowledge ware, and knowledge management have been used for systems that are intended to inform and support decision-makers. The new terms are imprecisely defined and subject to marketing hyperbole. This proliferation of terms creates problems in conducting research and in communicating with decision-makers about decision support systems. The solution is developing an expanded and well-defined framework for categorizing decision support systems. The terms framework, taxonomy, conceptual model and typology are often used interchangeably. Taxonomies classify objects and typologies show how mutually exclusive types of things are related. Frameworks provide an organising approach and a conceptual model shows how ideas are related. The general desire is to create a set of labels that help people organise and categorize information. 6.9 GLOSSARY Executive Information System: A type of decision support system that collects, analyses, and presents data in a format that is easy to use by top executives. To achieve this objective, the EIS is based on a model of the entire company. In most

117 cases the model is presented graphically and the executives retrieve information by pointing to objects on the screen. Enterprise Resource Planning: An integrated computer system running on top of a DBMS. It is designed to collect and organise data from all operations in an organisation. Existing systems are strong in accounting, purchasing, and HRM. Enterprise Network: A network that connects multiple subnetworks across an entire firm. Often, the networks use different protocols and different computer types, which complicates transmitting messages. 105 Executive Information Systems Check Your Progress: Answers CYP 1 1. Customer relation management 2. Decision support system 3. Executive support system CYP 2 1. Enterprise resource planning 2. Knowledge Work Systems 3. Office Automation Systems 6.10 SUGGESTED READINGS Pankaj Sharma, Enterprise Resource Planning, APH Publishing Corporation, New Delhi, Hanson, J.J., Successful ERP Implementations Go Far Beyond Software, San Diego Business Journal (5 July 2004). Olinger, Charles, The Issues behind ERP Acceptance and Implementation, APICS: The Performance Advantage Millman, Gregory J., What Did You Get from ERP and What Can You Get?, Financial Executive (May 2004). Ellen Monk, Bret Wagner, Concepts in Enterprise Resource Planning, Course Technology, Second Edition, 2005 Daniel E. O Leary, ERP Systems: Systems, Life Cycle, E-commerce, and Risk, Cambridge University Press, Murrell G. Shields, E-Business and ERP: Rapid Implementation and Project Planning, Wiley, Alexis Leon ERP Demystified 2/E, Tata McGraw-Hill, New Delhi Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, 2003.

118 106 Computer Applications and Management Information System Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, QUESTIONS 1. Describe various roles of EIS in the organisation. 2. Define expert system. 3. Explain building blocks of expert system. 4. Describe various characteristics of ESS. 5. Explain knowledge management in the organisation.

119 LESSON 7 INTERNATIONAL INFORMATION SYSTEMS 107 International Information Systems STRUCTURE 7.0 Objectives 7.1 Introduction 7.2 Growth of International Information Systems Developing the International Information Systems Infrastructure The Global Environment: Business Drivers and Challenges 7.3 Organising International Information Systems Global Systems to Fit the Strategy Reorganising the Business Managing Global Systems 7.4 Technology Issues and Opportunities Problems of International Networks Main Technical Issues 7.5 New Technical Opportunities and the Internet 7.6 Let us Sum up 7.7 Glossary 7.8 Suggested Readings 7.9 Questions 7.0 OBJECTIVES After studying this lesson, you should be able to: Explain growth factors of International IS Define technology issues and opportunities Describe International IS organising criteria 7.1 INTRODUCTION The world just keeps getting smaller and smaller. No company can afford to ignore foreign markets or the impact of foreign competition on the domestic business environment. You have to adapt to the changing faces, literally, of your competition and devise a plan to bring your organisation into its focus.

120 108 Computer Applications and Management Information System 7.2 GROWTH OF INTERNATIONAL INFORMATION SYSTEMS Globalisation is possible even with very small businesses because of the technological advances in computer networks and telecommunications. Is your organisation developing a Web site for E-commerce? You'd better have it available in 4 or 5 foreign languages. That's what it takes today to compete Developing the International Information Systems Infrastructure You must have an Information System in place that will support the communications, coordination of people and products, and order processing for both domestic and foreign markets (international information systems infrastructure). You have to understand the characteristics and individual needs of foreign markets, just as you need to understand the domestic markets. Wal-Mart learned the hard way that it couldn't just walk into a foreign country and builds a store mirroring those in the United States. Sales were very low and the products just weren't moving in many of its foreign stores. It wasn't until Wal-Mart analysed store designs and layouts, quizzed potential customers, and focused on foreign operations without the bias from domestic stores that the company realized it was a much different world outside the U.S. It rearranged stores, stocked more items from within the countries, met local customers' needs, and dramatically increased sales. Don't start creating all those juiced-up Information Systems as soon as you decide to pursue the foreign marketplace. We said before that every Information System implementation plan must be in harmony with the basic business plan. In fact, you must first develop the overall business strategy for entering the global arena. Then and only then can you begin to think about how the Information System will be synchronized with the basic strategy The Global Environment: Business Drivers and Challenges The following list gives you an idea of some of the global business drivers, factors influencing the direction of businesses that organisations must consider in today's environment. General Cultural Factors Global communication and transportation technologies Development of global culture Emergence of global social norms Political stability Global knowledge base Specific Business Factors Global markets Global production and operations Global coordination Global workforce Global economics of scale

121 Perhaps the most important challenge facing corporations and companies wanting to open foreign markets is that of the global culture. We're beginning to share more culture because of increased telecommunications and the Internet. However, when you are merging two entities, one domestic and one foreign, into one business, the culture of that merged organisation can be an important influence on how well the company does. Countries that we traditionally have thought of as Third World, or underdeveloped, are emerging as forces to be reckoned with. Chile, Brazil, Mexico, and others play as big a part in the global economy and its effect on worldwide trade as our own country. Advanced telecommunications systems now allow companies to work around the clock and around the world. Companies may choose to locate parts of their corporate offices in other countries because they fit better with the corporation's overall global strategy in that location. Ask yourself this question: Who says all corporate offices must be located in the continental U.S.? You know that doing business in foreign countries is not all that easy. There is tremendous risk associated with global businesses. Russia is a prime example of how difficult it can be for businesses to establish themselves in foreign markets amid political turbulence and disorder. Just when your company thinks all is well with its foreign establishment, a terrorist attack can put a crimp in the best-laid plans. It's not always that desperate, but companies should make a point of adapting to foreign cultures, just as Wal-Mart had to. For instance, in many countries afternoon siestas are the norm. Other countries have religious and historical laws that prevent women from working or accepting jobs that place them in the position of supervising men. The point is that not everyone thinks, works, acts, and plays like Americans. A startling example of how domestic and foreign cultures and laws collide is the case of individual information and privacy. In many European countries, companies and governmental organisations are not allowed to collect certain pieces of information about individuals. If they are allowed to collect the information, there are very strict laws about how they must store it and who can access it. The individual must be notified first before the information can be given to another entity. Contrast that with the American business practice of collecting individual information without the person's knowledge and then selling that data to whoever pays for it. Corporations and companies must reconcile these differences in order to allow transborder data flow between their merged Information Systems. If you thought building an Information System for an organisation doing business only in the U.S. was tough, think about some of the factors we've just discussed and then imagine how you would build a system that takes disparate practices into account. So why do companies even attempt to build themselves into global merchants? Because the potential payoff is enormous! 109 International Information Systems 7.3 ORGANISING INTERNATIONAL INFORMATION SYSTEMS First you have to decide what you're going to do-you have to choose a strategy. Then you have to organise your business around this strategy. The last step is to build the system that will incorporate the first two.

122 110 Computer Applications and Management Information System Table 7.1: Global Strategies and Business Organisation Strategy Business Function Domestic Exporter Multinational Franchiser Transnational Production Centralised Dispersed Coordinated Coordinated Finance/Accounting Centralised Centralised Centralised Coordinated Sales/Marketing Mixed Dispersed Coordinated Coordinated Human Resources Centralised Centralised Coordinated Coordinated Strategic Management Centralised Centralised Centralised Coordinated Table 7.1 shows the four main strategies that can form the basis for a global organisational structure. Domestic exporter: Most operations are located in the domestic country, and the company exports products to foreign companies. A company located in India which imports rugs to the United States would fit this category. All corporate offices are in India, and products are sent to distributors in the U.S. Multinational: Part of the company is located in the domestic country, and other parts are located in foreign countries. Japanese automobile manufacturers might be in this category. Years ago we complained loudly in the U.S. about cheaper Japanese-made cars flooding our markets and demanded that they produce vehicles in our country if they wanted to sell them in our country. So they left their corporate operations in Japan, built some factories in America, and satisfied our concerns. Franchiser: Some operations are located in the domestic homeland, while extended activities associated with the product are conducted in foreign countries. Starbucks Coffee Company is a primary example of this type of global business. Its corporate headquarters is located in Seattle, Washington. Recipes for products are developed in Seattle. Some coffee beans are roasted in Seattle and then shipped to coffee shops in England. These operations are franchised to keep quality controls in place, and the final product is made in the local area. Transnational: One globe, one company. DaimlerChrysler is the perfect example of a transnational corporation. Its Web site ( describes it as "the first automotive, transportation and services company with a truly global structure." Corporate headquarters are "located in Stuttgart, Germany and Auburn Hills, Michigan, USA." DaimlerChrysler did business in 200 countries with 441,500 employees at the end of Manufacturing facilities are located in 34 countries around the world. Bill Vlasic's article in The Detroit News, Jan. 6, 1999, quoting Andreas Renschler at DaimlerChrysler, says: "The biggest difference between people is not the national culture. It's how you think things have to be done. We have to integrate their experiences, and use the best of the best." Global Systems to Fit the Strategy Once you've decided which global business strategy to follow, it's time to decide how your Information System will support it. Figure 7.1 gives you an idea of the type of information system which will best support the different business strategies. To summarise the text definition of each type of system: Centralised: Everything is located at the domestic home base. Duplicated: Development occurs at the home base; operations are located at foreign locations.

123 Decentralised: Each business unit, regardless of location, has its own system. Networked: All business units participate in development and operations. 111 International Information Systems System configuration Strategy Domestic Exporter Multinational Franchiser Transnational Centralised Duplicated Decentralised Networked Figure 7.1: Global Strategy and Systems Configurations Reorganising the Business You have to decide what your overall business goals are, what makes sense for your organisation, fit the Information System structure to your needs, and never lose sight of new opportunities. Organise value-adding activities along lines of comparative advantage. Starbucks has to decide where to locate the marketing function to maximize its potential. Perhaps it can centralise this function in Seattle so the theme of the current marketing campaign is the same in every coffee shop. It is very picky about maintaining quality control over the bean roasting processes. Is this process better left in Seattle, or should it be moved to England to maintain freshness and high quality? Develop and operate systems units at each level of corporate activity national, regional, and international. Wal-Mart would probably maintain small Information Systems in each foreign country to support its local operations. A regional Information System would support entire geographic areas such as Southern Europe. Each of these regions would be connected to the main system in the United States that supports activities on a global scale. Establish a world headquarters and a global Chief Information Officer (CIO) position. DaimlerChrysler has one person who is responsible for the entire Information System spanning the globe. While smaller units spread throughout the world would actually carry out the operations, the CIO would ensure total integration of all local, regional, and global systems Managing Global Systems Take all the problems and challenges you can think of when developing a single Information System for a domestic operation and then multiply it by tens or hundreds. Now you understand the problem of developing a system to support a global operation. Management Challenges Management challenges of global systems are: Agreeing on common user requirements Introducing changes in business procedures Coordinating applications development

124 112 Computer Applications and Management Information System Coordinating software releases Encouraging local users to support global systems 7.4 TECHNOLOGY ISSUES AND OPPORTUNITIES The advances in technology, and the desire to seize new business opportunities presented by the advances, is what induces organisations to undertake the changes we've been discussing Problems of International Networks Problems of international networks are: Costs and tariffs Network management Installation delays Poor quality of international service Regulatory user requirements Changing user requirements Disparate standards Network capacity Main Technical Issues Hardware, software, and telecommunications are special problems in a global setting: you need to synchronize, harmonize, integrate. Hardware and Systems Integration Most global companies are a result of merging several units into one cohesive success story. When the merger takes place, you can't just buy all new hardware and software. It's too expensive for one thing, and it probably won't make sense. You have to figure out how you're going to get all the different types of hardware to work together in one seamless system. You have to get one type of software "talking" to another type of software. You've already figured out your core business processes. Now you should figure out which type of software, some of which may already be present in the various units of the merged organisation, is the best to use for each process. If you're currently using proprietary software and choose to keep it, you will probably need a bridge, or middleware software, in order for it to work across all your business units and regions. Each region of the business is used to working according to its standards. For instance, the German unit has been storing data according to its standards and definitions. The Asian units have been using different standards and definitions to accomplish the same task. The idea is to get the data conformed to one standard across all units so that it can be shared efficiently and effectively. Each unit is going to have to adapt in order for that to work. That's where the central office comes into the picture. It will have to determine the end goal of the business and the final information requirements needed, take the best of the best, adapt the rest, and solidify all the units into a cohesive whole.

125 Connectivity Most Indians don't think twice about the reliability of our telecommunications systems. When you pick up the phone in Peoria, you expect it to work and work well. When you log onto your Internet Service Provider, you expect instantaneous connections at relatively high speeds. When you travel from state to state, you know that the telephone system will work the same in Texas as it does in Pennsylvania. And you expect reasonably low rates for telephone service, television, and Internet service. Not so in foreign countries. When you're trying to establish global communication networks, you must work through the maze of various laws, high to low levels of service reliability, different rate charges and currency exchanges, and different companies and governments controlling the telecommunication systems. You can attack this problem three different ways: Build your own network: very expensive, time consuming, and not an option in some countries. Patch together a public network: very expensive, time consuming, and a hodgepodge of services. Outsource telecommunication requirements: economies of scale, rely on previous experiences of outsourcers, limited to data transmissions. As the Internet grows outside the U.S., more corporations are turning to it as a solution to the connectivity problem. To be sure, there are still problems associated with using the Internet. But its open standards, ease of use, and expanding connections offer viable solutions. 113 International Information Systems Software We mentioned before that different foreign units probably have divergent standards for their Information Systems. Trying to merge databases from several domestic units is tough enough. Trying to merge databases from different countries can be quite troublesome because of the added layer of politics, traditions and languages. Even though the English language is widely accepted in foreign business circles, and it seems reasonable to build software programs based on that language, the decision will create its own problems. Foreign business units may resent having to use applications written in a different language what's wrong with Spanish, they may say? While most of the upper management of the foreign business units may understand English and can use it, will the data workers know the language, or will they have to learn it at the same time they are learning a new Information System? Traditionally, companies have merged their transaction processing systems into one or a few worldwide applications. Now they are looking to do the same with collaborative workgroup software, and well they should. We mentioned at the beginning of this course that many companies are "time-shifting" their projects around the world. A person in New York City may work on the new advertising campaign all day Tuesday. When she's done for the day, she may send the project electronically to a collaborator in New Delhi, India. He will work on it for several hours and forward it on to the third team member located in Munich, Germany. All of them need to be able to communicate using collaborative software in a common language.

126 114 Computer Applications and Management Information System 7.5 NEW TECHNICAL OPPORTUNITIES AND THE INTERNET As with everything in our world today, the Internet is offering businesses vast new opportunities and challenges. The Virtual Private Networks (VPNs) that we already discusses are eliminating many of the bottlenecks that companies have found in their telecommunication systems and filling the void of critical communication systems in foreign nations. With the advancements in cellular and satellite telephone systems, emerging nations can forego the cost of stringing wires through rural areas by using new technology and still offer their people conveniences they haven't had before. Reliance on the Internet to overcome disadvantages in telecommunications systems will answer some of the problems companies have had. But, as we noted before, the Internet will create other problems that global corporations will have to solve. Check Your Progress 1. VPNs stands for. 2. CIO stands for. 7.6 LET US SUM UP Global businesses must devote time and attention to understanding the cultures of countries in which they want to do business. Not only must they merge their business units, they must also merge their people into a cohesive team. They must understand and deal with external factors in both the domestic and foreign environments. There are four main global strategies businesses can use to organise their global efforts: domestic exporter, multinational, franchiser, and transnational. Determining the global strategy will help a business determine its Information System structure. Analyse each workflow process and decide which business unit can best carry it out. Go with the best of the best. Match the structure of your Information System to that of your core business processes. Make the benefits clear to all levels of the organisation. Use cooptation to encourage ownership of the system. Manage the changes in the Information Systems as intensely as you manage anything else. Differences in hardware, software, and telecommunications throughout the organisation and the countries in which you're doing business pose tremendous challenges in integrating disparate business units into a cohesive global whole. The Internet can help resolve some of these issues, though it will create other problems. 7.7 GLOSSARY Globalisation: Trend away from distinct national economic units and toward one huge global market. Confiscation: Confiscation is the process of a government's taking ownership of a property without compensation. International Strategy: Trying to create value by transferring core competencies to foreign markets where indigenous competitors lack those competencies. Multipoint Strategy: Emphasising the need to be responsive to the unique conditions prevailing in different national markets.

127 Check Your Progress: Answer 1. Virtual Private Networks 2. Chief Information Officer 115 International Information Systems 7.8 SUGGESTED READINGS Pankaj Sharma, Enterprise Resource Planning, APH Publishing Corporation, New Delhi, Hanson, J.J., Successful ERP Implementations Go Far Beyond Software, San Diego Business Journal (5 July 2004). Olinger, Charles, The Issues behind ERP Acceptance and Implementation, APICS: The Performance Advantage Millman, Gregory J., What Did You Get from ERP and What Can You Get?, Financial Executive (May 2004). Ellen Monk, Bret Wagner, Concepts in Enterprise Resource Planning, Course Technology, Second Edition, 2005 Daniel E. O Leary, ERP Systems: Systems, Life Cycle, E-commerce, and Risk, Cambridge University Press, Murrell G. Shields, E-Business and ERP: Rapid Implementation and Project Planning, Wiley, Alexis Leon ERP Demystified 2/E, Tata McGraw-Hill, New Delhi Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, QUESTIONS 1. What is the reason for the growth of international information system? 2. How will you manage global system? Explain. 3. Describe main technical issues of international information system. 4. Define Internet.

128 118 Computer Applications and Management Information System

129 117 Information Systems Security UNIT IV Implementation and Control

130 118 Computer Applications and Management Information System

131 LESSON 8 INFORMATION SYSTEMS SECURITY 119 Information Systems Security STRUCTURE 8.0 Objectives 8.1 Introduction 8.2 Information Security 8.3 Security Environment 8.4 Control and Audit-System Vulnerability and Abuse Threats to Computerised Information Systems Concerns for System Builders and Users Information Systems Auditing ERP-Audit 8.5 Business Value of Security and Control 8.6 Security Services 8.7 Designing for Security Computer Encryption Firewall Application Gateway Antivirus Software Regular Backups 8.8 Security Protection and Recovery 8.9 Need for Security 8.10 Ensuring System Quality 8.11 Let us Sum up 8.12 Glossary 8.13 Suggested Readings 8.14 Questions 8.0 OBJECTIVES After studying this lesson, you should be able to: Explain IS Security and Control Define Business Value Describe system quality

132 120 Computer Applications and Management Information System 8.1 INTRODUCTION Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses. This damage can range from errors harming database integrity to fires destroying entire computer centers. Losses can stem, for example, from the actions of supposedly trusted employees defrauding a system, from outside hackers, or from careless data entry clerks. Precision in estimating computer security-related losses is not possible because many losses are never discovered, and others are "swept under the carpet" to avoid unfavourable publicity. The effects of various threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. This lesson will help you to understand some of the security methods. If you are reading this and are thinking that you can get all the information required to make your network completely secure, then you are sadly mistaken. There's no such thing as perfect, 100% computer security. In many ways, computer security is almost a statistical game. You can reduce but not eliminate the chance that you may be penetrated by an intruder or virus. Indian companies have robust security practices comparable to those followed by Information security is not only a technical issue, but also a business and governance challenge that involves risk management, reporting, and accountability. Effective security requires the active engagement of executive management to assess emerging threats and provide strong cyber security leadership. The term penned to describe executive management s engagement is corporate governance. Corporate governance consists of the set of policies and internal controls by which organisations, irrespective of size or form, are directed and managed. Information security governance is a subset of organisations overall governance program. Risk management, reporting, and accountability are central features of these policies and internal controls. 8.2 INFORMATION SECURITY Information Security Components or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications to identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organisational. Essentially, procedures or policies are implemented to tell people (administrators, users and operators) how to use products to ensure information security within the organisations. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently but incorrectly used interchangeably. These fields are often interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and the correct operation of a computer system without concern for the information stored or processed by the computer.

133 121 Information Systems Security Figure 8.1: Information Security Governments, military, corporates, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, Securing network and allied infrastructure, Securing Applications and database(s), Security testing, Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few. Security Classification for Information An important aspect of information security and risk management is recognising the value of information and defining appropriate procedures and protection requirements for the information. Not all information is equal and so not all information requires the same degree of protection. This requires information to be assigned a security classification. The first step in information classification is to identify a member of senior management as the owner of the particular information to be classified. Next, develop

134 122 Computer Applications and Management Information System a classification policy. The policy should describe the different classification labels, define the criteria for information to be assigned a particular label, and list the required security controls for each classification. Some factors that influence which classification information should be assigned include how much value that information has to the organisation, how old the information is and whether or not the information has become obsolete. Laws and other regulatory requirements are also important considerations when classifying information. The type of information security classification labels selected and used will depend on the nature of the organisation, with examples being: In the business sector, labels such as: Public, Sensitive, Private, Confidential. In the government sector, labels such as: Unclassified, Sensitive but Unclassified, Restricted, Confidential, Secret, Top Secret and their non-english equivalents. In cross-sectoral formations, the Traffic Light Protocol, which consists of: White, Green, Amber and Red. All employees in the organisation, as well as business partners, must be trained on the classification schema and understand the required security controls and handling procedures for each classification. The classification a particular information asset has been assigned should be reviewed periodically to ensure the classification is still appropriate for the information and to ensure the security controls required by the classification are in place. 8.3 SECURITY ENVIRONMENT IT definitely has raised India s bar globally because of its unmatched value proposition - in terms of the skill sets, higher productivity coupled with quality and scalability. The Information Technology sector has indeed played a significant role in transforming India s image globally. A secure and reliable environment defined by strong copyright, IT and cyber laws is an imperative for the growth and future success of the ITS/BPO industries. NASSCOM has been proactive in pushing this cause and ensuring that the Indian Information Security environment benchmarks with the best across the globe. ITS/BPO companies in India are taking as many precautions as possible to ensure that data and personal information of their customers is protected. That means following international best practices, getting procedures audited by independent parties and making sure that these procedures are up to date and are being closely followed. Security Environment in India Security environment in India are: western companies. Indian companies primarily comply with BS 7799 a global standard that covers all domains of security Companies sign Service Level Agreements (SLA), which have very strict confidentiality and security clauses built into them at the network and data level. Such SLAs also cover all relevant laws that the companies want its offshore providers to comply with and actions that can be taken in case of breaches Spending on security ranges from 5% to 15% of the IT budget Laws such as the IT Act 2000, Indian Copyright Act, Indian Penal Code Act and the Indian Contract Act, 1972 provide adequate safeguards to companies offshoring work to US and UK

135 Most of the BPO companies providing services to UK clients ensure compliance with UK Data Protection Act 1998 (DPA) through contractual agreements Companies dealing with US clients require compliance depending upon the industry served. E.g. Healthcare requires compliance with HIPAA, Financial services require compliance with GLBA. To ensure compliance with such laws, Indian vendors follow security practices as specified by clients such as security awareness, protection of information, non-disclosure agreements, screening of employees, etc. Further, clients conduct periodic audits to ensure compliance Many companies in India are undergoing/have undergone SAS 70 Audit. SAS-70 assignments helps service companies operating from India to implement and improve internal controls, ensure minimal disruptions to business from clients auditors, and is potent marketing tool in the face of increasing competition. Insurance premiums paid by Indian BPO companies for insuring themselves for security breaches have been declining since the past two years-a telling indicator of the robust security practices being followed by Indian companies. Table 8.1: Security Environment Country Comparison 123 Information Systems Security Law India China Philippines IPR Copyright Patent Product Patent 2005 DATA PROTECTION Data Protection Laws Comprehensive framework 2004 Vertical Specific Laws CYBER Digital signature Hacking Privacy 8.4 CONTROL AND AUDIT-SYSTEM VULNERABILITY AND ABUSE As our society and the world itself come to depend on computers and information systems more and more, systems must become more reliable. The systems must also be more secure when processing transactions and maintaining data. These two issues, which we address in this lesson the biggest issues facing those wanting to do business on or expand their operations to the Internet. The threats are real, but so are the solutions Threats to Computerised Information Systems Threats to computerized information systems are: Hardware failure Fire Software failure Electrical problem

136 124 Computer Applications and Management Information System Personnel actions User errors Terminal access penetration Program changes Theft of data, services, equipment Telecommunications problems The above list points out some of the technical, organisational, and environmental threats to Information Systems. The weakest link in the chain is poor management of the system. If managers at all levels do not make security and reliability their number one priority, then the threats to an Information Systems can easily become real. With distributed computing used extensively in network systems, you have more points of entry, which can make attacking the system easy. The more people you have using the system, the more potential for fraud and abuse of the information maintained in that system. Yes, it's hard to control everyone's actions. That is why you have to make it everybody's business to protect the system. It is easy for people to say that they are only one person and therefore they will not make much difference. Nevertheless, it only takes one person to disable a system or destroy data. Hackers Those who intentionally create havoc or do damage to a computer system, have been around for a long time. Many companies don't report hackers attempts to enter their systems because they don't want people to realize their systems are vulnerable. That makes gathering real statistics about hacking attempts and successes hard. It is a huge problem, though. Some hackers penetrate systems just to see if they can. They use special computer systems that continually check for password files that can be copied. Or they look for areas of the system that have been "left open," so to speak, which they can use to enter the system. Sometimes they don't do any damage, but far too often they destroy files, erase data, or steal data for their own use. Other hackers attack systems because they don't like the company. Password theft is the easiest way for hackers to gain access to a system. No, they don't come into your office at night and look at the piece of paper in your desk drawer that has your password written on it. They generally use specially written software programs that can build various passwords to see if any of them will work. That's why you should use odd combinations of letters and numbers not easily associated with your name to create your password. The longer the password, the harder it is to replicate. Have you ever picked up a cold or the flu from another human? Probably. You then spread it to two or three other people through touch or association. Those people spread it to two or three more people each. Pretty soon it seems that everyone on campus or at work is sick. That is how computer viruses are spread. You copy a file from an infected source, use the file, and maybe send it to friends or associates. The virus is now on your computer and spreads to files other than the original. You then send the same or even a different file to a few friends and their computers are infected. In March 1999 a virus called Melissa was written by a hacker and sent out via an attachment. While the virus didn't damage any computer files or data, it severely hampered normal operations of many companies and Internet Service Providers through the increased number of s it generated. Here's what CERT (Computer Emergency Response Team) said about it: "Melissa was different from other macro

137 viruses because of the speed at which it spread. The first confirmed reports of Melissa were received on Friday, March 26, By Monday, March 29, it had reached more than 100,000 computers. Some sites had to take their mail systems off-line. One site reported receiving 32,000 copies of mail messages containing Melissa on their systems within 45 minutes." Whether you use a stand-alone PC or your computer is attached to a network, you're just asking for trouble if you don't have antivirus software. This type of software checks every incoming file for viruses. Not if, but when, you receive an infected file, the software alerts you to its presence. You can choose to delete the file or "clean" it. Make sure you update your antivirus software every 30 to 60 days because new viruses are constantly being written and passed around. 125 Information Systems Security Concerns for System Builders and Users Every user must be concerned about potential destruction of the Information Systems on which they rely. We can't stress this point enough. Let us look at three concerns: disasters, security, and errors. Natural disasters such as fires and earthquakes can strike at any time. A spilled cup of coffee can also do some damage! Many companies create fault-tolerant systems that are used as back-ups to help keep operations running if the main system should go out. These back-up systems add to the overall cost of the system, but think about the losses if the company's system goes down. Add the cost of lost productivity by the employees to the lost transactions and unhappy customers. Just imagine what would happen if an airline reservation system (a typical online transaction processing system) went down. Have you ever called a company to place an order for a new dress and it couldn't take your order because the computer was down? Maybe you called back later and maybe you didn't. Companies spend a lot of money on physical security such as locks on doors or fences around supply depots. They need to do the same thing on their Information Systems. Here the security is in the policies, procedures, and technical measures the company uses to keep out unauthorized users or prevent physical damage to the hardware. Surely you've heard the saying, "Garbage In, Garbage Out." What may seem like a simple error to you may not be to the customer. Let's flip that around; what if you wanted to fly to Dallas on March 15 and the reservation clerk booked you on a flight for April 15? The potential for error exists all through the processing cycle. You must be cognizant of these error points when designing and building a system, especially an end-user developed system. Information Systems is the heart of an organisation. Its success is dependent on its methodologies and its process framework. Teamed up with the right infrastructure, companies which have properly planned information systems in place are the ones who gain maximum competitive advantage Information Systems Auditing Frequently a manager of an information system faces a need to evaluate the actual properties of an information system. The reason may be conformity of a development project delivered to the requirements set, or a proof to be provided in terms of the quality of one s information system or any of its parts or, for instance, a particular software security solution. Characteristic of today s organisations is an abundance of information and information systems. Frequently information and its support technologies are

138 126 Computer Applications and Management Information System frequently regarded as the most valuable assets. In the rapidly changing work environment, expectations related to benefits from information technologies are high. Therefore management demands emphasize that information systems should demonstrate ever-enhancing quality, higher functionality, easier use, a shorter delivery period and ever-improving service levels. Primarily, companies appreciate the benefits they gain from an effective and updated information system. However, frequently, risks emerge as new technologies are implemented and are not fully conceived. Still, successful organisations perceive and manage the risks related to the implementation of new technologies and establish the required quality, reliability and security demands to their information systems. At the same time, they demand that the above mentioned requirements be realized at an expense as small as possible. Since it is becoming a common practice that enterprises and organisations do not themselves provide solutions to the problems of information technology and they make more use of the services of information system software development companies. A demand for highly qualified IT personnel in companies is decreasing. At the same time, an adequate level of know how is required to establish tasks for a company s information system, order an information system and check how well the information system developed conforms to the requirements set. The IS Management program offers assistance in building a comprehensive decision support environment to help the enterprise make smart and informed decisions. A team of expert consultants train the customer s IT executives in critical processes like auditing and monitoring the IS, analysing benefits through IT spends and activities and quality initiation procedures. Besides maintaining the ongoing process framework, MINFO offers training in specific project management techniques to achieve targets with maximum efficiency. More and more organisations across the world are concerned with the investments in IT versus derived and perceived benefits. IT enabled businesses in the true sense seems a distant dream. Begin with the IT/IS Audit to know your score. We review the complete IT infrastructure, Networking, Business Applications, Data Security and controls. The primary focus of this audit is to protect the information assets in line with business risks. Audit is conducted with the help of comprehensive audit checklists and necessary audit tools ERP-Audit The objective of the audit is to assess the implementation and identify the gaps in the areas of People, Process, Data and Systems and suggest the necessary improvements and implement the same. Deliverables from the Audit Gap Analysis Recommendations Clear Plan to implement the recommendations Future Roadmap for Continuous Improvement The audit was conducted across all factories and one area office. Interview techniques were used to gather the data. Cross sections of people were interviewed. The people interviewed were: Core Team Members

139 End Users Business Heads Based on the initial discussions the focus process areas were identified as follows: Order Booking Process Sales Planning Process MRP run and Manufacturing Planning Process Execution of MRP Results On-line monitoring of the production process at various stages with respect to sales plan and expected date of delivery Materials Management Process Delivery Process Invoicing Process Financial and Controlling Process 127 Information Systems Security 8.5 BUSINESS VALUE OF SECURITY AND CONTROL Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. Persons desiring secure communications have used wax seals and other sealing devices to signify the authenticity of documents, prevent tampering, and ensure the confidentiality of correspondence. Julius Caesar is credited with the invention of the Caesar cipher in 50 B.C., which was created in order to prevent his secret messages from being read should a message fall into the wrong hands. World War II brought about many advancements in information security and marked the beginning of the professional field of information security. WWII saw advancements in the physical protection of information with barricades and armed guards controlling access into information centers. It also saw the introduction of formalised classification of data based upon the sensitivity of the information and the identification of those who could have access to the information. During WWII, background checks were also conducted before granting clearance to classified information. The end of the 20th century and the early years of the 21st century saw rapid advancements in telecommunications, computing hardware and software, and data encryption. The availability of smaller, more powerful and less expensive computing equipment made electronic data processing within the reach of small business and the home user. These computers quickly became interconnected through a network generically called the Internet or World Wide Web. The rapid growth and widespread use of electronic data processing and electronic business conducted through the Internet, along with numerous occurrences of international terrorism, fueled the need for better methods of protecting the computers and the information they store, process and transmit. The academic disciplines of computer security, information security and information assurance emerged along with numerous professional organisations all sharing the common goals of ensuring the security and reliability of information systems.

140 128 Computer Applications and Management Information System Check Your Progress 1 Fill in the blanks: 1... theft is the easiest way for hackers to gain access to a system. 2. Information security means SECURITY SERVICES Security in the Cyberspace Cyberspace provides a complex digital network that is ever-expanding, linking various aspects of life. While cyberspace serves as a fertile soil for growth in efficiency, productivity, business and communications, it is prone to the infestation of digital threats. The same infrastructure we exchange information on is a verdant platform for the execution of malicious intent, whereby ICT is exploited and its elements abused for the interest of insidious parties. As such, it is imperative that countries protect their digital environment from being defaced or infiltrated by sinister forces. More and more consumer electronics platforms will be connected to the Internet. This increasing connectivity will enable new distribution mechanisms, but it will also increase the risks for both the devices and the content owners and distributors. Cyberspace security that we refer to is a big field, including physical and virtual security of personal computers, servers and other Internet working devices. The Cyberspace security should not only cater for the technical view of cyberspace security, but also the social aspect too which has caused lot of damage by social engineering. Today typical computing platforms lack the most important aspect - trust. Past security solutions are not normally integrated into the Operating System (OS) kernel of a computer. They come in the form of standard unsafe OS kernels, which are then given enhanced protection by several skins of protection such as virus scanners, firewalls and others. It has been shown that these external protection mechanisms are barely protective enough against today s threats. It is now known that a real tight protection can be achieved with focus on seamless integration of the security module and kernel into the core functionality, as well as through a separated and protected hardware security kernel. 8.7 DESIGNING FOR SECURITY Information security is provided on computers and over the Internet by a variety of methods. A simple but straightforward security method is to only keep sensitive information on removable storage media like floppy disks. But the most popular forms of security all rely on encryption, the process of encoding information in such a way that only the person (or computer) with the key can decode it Computer Encryption Encryption is the transformation of data into a form that is as close to impossible as possible to read without the appropriate knowledge. Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form.

141 Encryption and decryption generally require the use of some secret information, referred to as a key. For some encryption mechanisms, the same key is used for both encryption and decryption; for other mechanisms, the keys used for encryption and decryption are different. Today's cryptography is more than encryption and decryption. Authentication is as fundamentally a part of our lives as privacy. We use authentication throughout our everyday lives when we sign our name to some document for instance and, as we move to a world where our decisions and agreements are communicated electronically, we need to have electronic techniques for providing authentication. Cryptography provides mechanisms for such procedures. A digital signature binds a document to the possessor of a particular key, while a digital timestamp binds a document to its creation at a particular time. These cryptographic mechanisms can be used to control access to a shared disk drive, a high security installation, or a pay-per-view TV channel. The field of cryptography encompasses other uses as well. With just a few basic cryptographic tools, it is possible to build elaborate schemes and protocols that allow us to pay using electronic money, to prove we know certain information without revealing the information itself and to share a secret quantity in such a way that a subset of the shares can reconstruct the secret. While modern cryptography is growing increasingly diverse, cryptography is fundamentally based on problems that are difficult to solve. A problem may be difficult because its solution requires some secret knowledge, such as decrypting an encrypted message or signing some digital document. The problem may also be hard because it is intrinsically difficult to complete, such as finding a message that produces a given hash value. Computer encryption is based on the science of cryptography, which has been used throughout history. Before the digital age, the biggest users of cryptography were governments, particularly for military purposes. The existence of coded messages has been verified as far back as the Roman Empire. But most forms of cryptography in use these days rely on computers, simply because a human-based code is too easy for a computer to crack. Most computer encryption systems belong in one of two categories. Broadly speaking, there are two types of encryption methods: Secret-key cryptography Public-key cryptography 129 Information Systems Security Firewall If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, I can t use that site because they won t let it through the firewall. If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers. Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that s why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you

142 130 Computer Applications and Management Information System will learn more about firewalls, how they work and what kinds of threats they can protect you from. A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. Let s say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be: Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network. Firewalls use one or more of three methods to control traffic flowing in and out of the network: Packet filtering: Packets (small chunks of data) are analysed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service: Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection: A newer method that doesn t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded What It Protects You From There are many creative ways that unscrupulous people use to access or abuse unprotected computers: Remote login: When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors: Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access that provides some level of control of the program.

143 SMTP session hijacking: SMTP is the most common method of sending over the Internet. By gaining access to a list of addresses, a person can send unsolicited junk (spam) to thousands of users. This is done quite often by redirecting the through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace. Operating system bugs: Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. Denial of service: You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash. bombs: An bomb is usually a personal attack. Someone sends you the same hundreds or thousands of times until your system cannot accept any more messages. Macros: To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer. Viruses: Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data. Spam: Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer. Redirect bombs: Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up. Source routing: In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default. Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept . The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. 131 Information Systems Security

144 132 Computer Applications and Management Information System You can also restrict traffic that travels through the firewall so that only certain types of information, such as , can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it. One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind Application Gateway An application gateway is an application program that runs on a firewall system between two networks. It is also known as application proxy or application-level proxy. When a client program establishes a connection to a destination service, it connects to an application gateway, or proxy. The client then negotiates with the proxy server in order to communicate with the destination service. In effect, the proxy establishes the connection with the destination behind the firewall and acts on behalf of the client, hiding and protecting individual computers on the network behind the firewall. This creates two connections: one between the client and the proxy server and one between the proxy server and the destination. Once connected, the proxy makes all packet-forwarding decisions. Since all communication is conducted through the proxy server, computers behind the firewall are protected. While this is considered a highly secure method of firewall protection, application gateways require great memory and processor resources compared to other firewall technologies, such as stateful inspection Antivirus Software Antivirus software are computer programs that attempt to identify, neutralize or eliminate malicious software. Antivirus is so named because the earliest examples were designed exclusively to combat computer viruses; however most modern antivirus software is now designed to combat a wide range of threats, including worms, phishing attacks, rootkits, trojan horses and other malware. Antivirus software typically uses two different techniques to accomplish this: Examining (scanning) files to look for known viruses matching definitions in a virus dictionary. Identifying suspicious behavior from any computer program which might indicate infection. This technique is called heuristic analysis. Such analysis may include data captures, port monitoring and other methods. Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach Regular Backups Each computer user has their responsibility to make regular backups to protect their computer data. The task of backing up the data found on your computer is often the most overlooked and hardly ever done until its too late action within the computer end-user community. With the software tools now available, it no longer is the arduous task that is once was a few years ago.

145 Once your system is in use, your next consideration should be to back up the file systems, directories, and files. Files and directories represent a significant investment of time and effort. At the same time, all computer files are potentially easy to change or erase, either intentionally or by accident. If you take a careful and methodical approach to backing up your file systems, you should always be able to restore recent versions of files or file systems with little difficulty. When a hard disk crashes, the information contained on that disk is destroyed. The only way to recover the destroyed data is to retrieve the information from your backup copy. There are several different methods of backing up. The most frequently used method is a regular backup, which is a copy of a file system, directory, or file that is kept for file transfer or in case the original data is unintentionally changed or destroyed. Another form of backing up is the archive backup; this method is used for a copy of one or more files, or an entire database that is saved for future reference, historical purposes, or for recovery if the original data is damaged or lost. Usually an archive is used when that specific data is removed from the system. 133 Information Systems Security 8.8 SECURITY PROTECTION AND RECOVERY Today, businesses face ever-growing data protection and recovery challenges: Natural disasters and human threats Explosive data growth, which can increase costs exponentially New regulations requiring uniform processes and accountability A litigious environment demanding quick retrieval for discovery purposes Security breaches from viruses, worms, hackers Any number of events can impact your business and IT operations from simple enduser mistakes to a failed device to the loss of an entire data center due to a disaster. Data Protection and Recovery has become more critical than ever. Recent news reports have highlighted the problems universities, financial institutions and others have faced with the loss of important customer and employee data. Regulatory requirements have increased the emphasis on having a solid data protection and recovery plan in place. Recovery management goes beyond the backup-and-restore paradigm to offer an efficient way to protect data and help ensure its continual availability. Using replication and snapshot technology to create a recovery tier within the storage environment, a recovery management implementation can provide enterprise IT organisations with uninterrupted access to data. When implementing data protection strategies, many organisations face a similar problem: too much data, too many applications, and not enough time to back everything up and restore it all. A different approach to solving this problem is an approach that has the potential to protect any amount of data as often as necessary and to recover that data virtually instantaneously when needed. For applications and databases, such an approach could prevent data corruption and virus attacks from causing vital operations to go down for hours or even days. For a business, this approach could mean having continuous access to the data and information needed for analysis, decision making, and actions, leading to enhanced competitiveness. An alternative to traditional backup and restore processes, the modern technique uses creating and managing online replicas of production data. When a replica is online, it

146 134 Computer Applications and Management Information System is immediately available and does not have to undergo a lengthy restore process before it can be used. This is a dramatic change from data backup even backup-to-disk in which the backup copy is not immediately usable but must first go through a restore process. Depending on how much data is involved, a typical restore process for a Microsoft Exchange or Oracle database can take several days during which time the end users cannot use or process orders, grinding business operations to a halt. Creating online replicas using snapshot and replication technologies has been possible for some time. But whereas in the past, these technologies were restricted to large, expensive storage devices, they are now becoming widely available. Dell currently offers entry-level and midtier storage devices that incorporate snapshot and replication technologies. Data recovery is a process by which individual data elements such as files or folders are encrypted for more than one person or entity. By encrypting for more than one person or escrow entity, an escrow entity may be a designated administrator within an organisation to perform a data recovery role. Figure 8.2: Data Protection and Recovery

147 Data may be retrieved in clear-text form by a third party. Data recovery does not necessarily imply that private key recovery has occurred, however, key recovery may be one method to achieve data recovery. Data recovery can be achieved without private key recovery in the Windows XP operating system that is based on symmetrically encrypted data blocks. Both Secure Multi-purpose Internet Mail Extensions (S/MIME) and Encrypting File System (EFS) use symmetrically encrypted data blocks, with the symmetric key being protected by one or more public keys of a public/private key pair. In this scenario, the symmetric key may be protected (encrypted) with more than one user, and therefore more than one public key. Data recovery can occur through a second user decrypting the data. In the case of EFS, files can be opened and data recovered through the use of a Data Recovery Agent (DRA) as shown in the Figure Information Systems Security Some Security Threats & Solutions Threat Security Function Technology Data intercepted, read or modified illicitly False identity with an intention of fraud Unauthorized user on one network gains access to another Encryption Authentication Firewall 8.9 NEED FOR SECURITY Encoder data to prevent tempering Identity verification of both sender & receiver Filters and prevents certain traffic from entering the network or server Symmetric and Asymmetric encryption Digital signature Firewalls: Virtual private nets For over twenty years information security has held that confidentiality, integrity and availability (known as the CIA Triad) are the core principles of information security. Confidentiality Confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company s employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds. Integrity In information security, integrity means that data cannot be modified without authorization. (This is not the same thing as referential integrity in databases.)

148 136 Computer Applications and Management Information System Integrity is violated when an employee (accidentally or with malicious intent) deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorised user vandalizes a web site, when someone is able to cast a very large number of votes in an on-line poll, and so on. Availability For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing DoS attacks (denial-of-service attacks). In 2002, Donn Parker proposed an alternative model for the classic CIA triad that he called the six atomic elements of information. The elements are confidentiality, possession, integrity, authenticity, availability, and utility. The merits of the Parkerian hexad are a subject of debate amongst security professionals. Authenticity In computing, e-business and information security it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine (i.e., they have not been forged or fabricated). It is also important for authenticity to validate that both parties involved are who they claim they are. Non-repudiation In law, non-repudiation implies one s intention to fulfill one s obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. Electronic commerce uses technology such as digital signatures and encryption to establish authenticity and non-repudiation. Figure 8.3: Security Awareness

149 Risk Management The CISA Review Manual 2006 provides the definition of risk management: Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organisation in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organisation. There are two things in this definition that may need some clarification. First, the process of risk management is an ongoing iterative process. It must be repeated indefinitely. The business environment is constantly changing and new threats and vulnerabilities emerge every day. Second, the choice of countermeasures (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected. Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (manmade or act of nature) that has the potential to cause harm. The likelihood that a threat will use a vulnerability to cause harm creates a risk. When a threat does use a vulnerability to inflict harm, it has an impact. In the context of information security, the impact is a loss of availability, integrity, and confidentiality, and possibly other losses (lost income, loss of life, loss of real property). It should be pointed out that it is not possible to identify all risks, nor is it possible to eliminate all risk. The remaining risk is called residual risk. A risk assessment is carried out by a team of people who have knowledge of specific areas of the business. Membership of the team may vary over time as different parts of the business are assessed. The assessment may use a subjective qualitative analysis based on informed opinion, or where reliable dollar figures and historical information is available, the analysis may use quantitative analysis. 137 Information Systems Security 8.10 ENSURING SYSTEM QUALITY There's a reason why we explained all those methods and procedures and processes in previous lesson for building good, solid Information Systems. They ensure system quality so that the product produced by the system is as good as it can be. Software Quality Assurance Just as you must assure quality of other products and other work, you must assure the quality of your software. Methodologies It's easier to find the flaws in a system if you create all new systems and programs the same way every time. If you want to check the system, fix the system, add to the system, or audit the system, you won't have to spend time figuring out how it was built in the first place. In this case, predictability leads to efficiency. The documentation that most people fail to develop makes it easier to determine how the system is built and how it operates. Yep, it's a headache, but it's useful and necessary. Resource Allocation Most companies and most people spend the majority of their time in the programming phase of system development. Not a good idea. Just accept the fact that the more time you spend analysing and designing a system, the easier the programming and the

150 138 Computer Applications and Management Information System better the system. You will save a lot of time and headaches and money. Honest, it really does work that way! Software Metrics Be objective when you're assessing the system by using software metrics to measure your system. Emotions tend to cost money and use unnecessary resources. The text gives several good examples of metrics you can use to measure your system inputs, processes, and outputs. For metrics to be successful, they must be: Carefully designed Formal Objective Measure significant aspects of the system Used consistently Agreed to by users advance Testing You can't ignore testing as a vital part of any system. Even though your system may appear to be working normally, you should still verify that it is working according to the specifications. Walkthroughs are an excellent way to review system specifications and make sure they are correct. Walkthroughs are usually conducted before programming begins, although they can be done periodically throughout all phases of system development. Once a system has been coded, it is much harder and more expensive to change it. We're beginning to sound like a broken record, but it's important that you understand and remember that the more work you do before the programming phase begins, the less trouble you'll have later. You can't just start pounding the keyboard and hope everything works out okay. Quality Tools Just as you would manage any big project a house, a highway, a skyscraper you must manage the entire systems development project. You can do it much easier using project management software that allows you to keep track of the thousands of details, deadlines, tasks, and people involved in the project. This type of software also helps you keep everything in sync. Data Quality Audits We spoke earlier of MIS audits, which check the system and its general controls and application controls. Data quality audits verify the data themselves. Many of the principles we discussed in the MIS audit apply to this type of audit. A company should formally record the number and types of errors customers report. Using this record can help managers do data quality audits by giving them ideas of where they can start looking for problems or areas that need to be improved. A few comments regarding the three items in the text: Survey end users for their perceptions of data quality: How do they see it? Looking at your data through a different set of eyes can reveal problems you weren't aware of. Survey entire data files: This can be expensive and time-consuming, but very fruitful.

151 Survey samples from data files: Make sure the sample is big enough and random enough to uncover problems. It's better for the company or organisation to uncover poor quality data than to have customers, suppliers, or governmental agencies uncover the problems. Managers can ensure Information Systems quality through methodologies, adequate resource allocation, software metrics, testing, and the use of quality tools. If data quality suffers, it's a sure bet the information obtained from that data will be of poor quality also. Check Your Progress 2 Fill in the blanks: 1. is the transformation of data into a form that is as close to impossible as possible to read without the appropriate knowledge. 2. A is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. 3. An is an application program that runs on a firewall system between two networks. 139 Information Systems Security 8.11 LET US SUM UP Information security is provided on computers and over the Internet by a variety of methods. Most computer encryption systems belong in one of two categories Secret-key cryptography and Public-key cryptography. A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. The company will therefore have hundreds of computers that all have network cards connecting them together. The firewall can implement security rules. Operating system bugs - Like applications, some operating systems have backdoors. A virus is a small program that can copy itself to other computers. Viruses range from harmless messages to erasing all of your data. An application gateway is an application program that runs on a firewall system between two networks. It is also known as application proxy or application-level proxy. Since all communication is conducted through the proxy server, computers behind the firewall are protected. Antivirus software are computer programs that attempt to identify, neutralize or eliminate malicious software. Each computer user has their responsibility to make regular backups to protect their computer data. Once your system is in use, your next consideration should be to back up the file systems, directories, and files. A non-damaging virus is still a virus, not a prank. Data recovery does not necessarily imply that private key recovery has occurred, however, key recovery may be one method to achieve data recovery. Data recovery can be achieved without private key recovery in the Windows XP operating system that is based on symmetrically encrypted data blocks GLOSSARY Computer Security: It is a technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system. Confidentiality: It means that information cannot be access by unauthorised parties. Authentication: It means that users are who they claim to be.

152 140 Computer Applications and Management Information System Availability: It means that resources are accessible by authorised parties. Integrity means that information is protected against unauthorised changes that are not detectable to authorized users. Encryption: It is a process of coding information which could either be a file or mail message in into cipher text a form unreadable without a decoding key in order to prevent anyone except the intended recipient from reading that data. Firewall: It is a dedicated appliance, or software running on another computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules. Application Gateway: It is an application program that runs on a firewall system between two networks Antivirus Software: It is a computer program that attempts to identify, neutralize or eliminate malicious software. Threat: Any person, act, or object that poses a danger to computer security is called a threat. Countermeasure: Any kind of policy, procedure, or action that recognizes, minimizes, or eliminates a threat or risk is called a countermeasure. Risk: Any kind of analysis that ties-in specific threats to specific assets with an eye toward determining the costs and/or benefits of protecting that asset is called risk, or risk assessment. Vulnerability: Any kind of asset that is not working optimally and is mission-critical or essential to the organisation, such as data that are not backed-up, is called a vulnerability. Control: Any kind of counter measure that becomes fairly automated and meets the expectations of upper management is called a control. Check Your Progress: Answers CYP 1 1. Password 2. protecting information CYP 2 1. Encryption 2. firewall 3. application gateway 8.13 SUGGESTED READINGS Pankaj Sharma, Enterprise Resource Planning, APH Publishing Corporation, New Delhi, Hanson, J.J., Successful ERP Implementations Go Far Beyond Software, San Diego Business Journal (5 July 2004). Olinger, Charles, The Issues behind ERP Acceptance and Implementation, APICS: The Performance Advantage Millman, Gregory J., What Did You Get from ERP and What Can You Get?, Financial Executive (May 2004).

153 Ellen Monk, Bret Wagner, Concepts in Enterprise Resource Planning, Course Technology, Second Edition, 2005 Daniel E. O Leary, ERP Systems: Systems, Life Cycle, E-commerce, and Risk, Cambridge University Press, Murrell G. Shields, E-Business and ERP: Rapid Implementation and Project Planning, Wiley, Alexis Leon ERP Demystified 2/E, Tata McGraw-Hill, New Delhi Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, Information Systems Security 8.14 QUESTIONS 1. Explain the need and importance of IS Security Control and Audit System vulnerability and abuse. 2. Explain the method of minimising risks of IS. 3. Describe system quality. 4. What is computer security? Why it is required? Describe the role of password in computer security.

154 142 Computer Applications and Management Information System LESSON 9 CODING TECHNIQUES AND DATA REPRESENTATION STRUCTURE 9.0 Objectives 9.1 Introduction 9.2 Data Representation 9.3 Number Systems 9.4 Decimal Representation in Computers 9.5 Alphanumeric Representation ASCII EBCDIC Comparison of ASCII and EBCDIC UNICODE Indian Standard Code for Information Interchange (ISCII) 9.6 Data Representation for Computation 9.7 Data Types 9.8 Complements 9.9 Arithmetic Operations 9.10 Fixed Point Representation 9.11 Decimal Fixed Point Representation 9.12 Floating Point Representation 9.13 Error Detection Codes 9.14 Binary Codes 9.15 Let us Sum up 9.16 Glossary 9.17 Suggested Readings 9.18 Questions 9.0 OBJECTIVES After studying this lesson, you should be able to: Describe data representation Define number systems Explain alphanumeric representation Describe data types Define complements

155 9.1 INTRODUCTION In this lesson you learn the concepts of binary Data Representation in the Computer System. This lesson will re-introduce you to the number system concepts. The number systems defined in this lesson include the Binary, Octal, and Hexadecimal notations. In addition, details of various number representations such as floating-point representation, BCD representation and character-based representations have been described in this lesson. Finally the Error detection and correction codes have been described in the lesson. 143 Coding Techniques and Data Representation 9.2 DATA REPRESENTATION The basic nature of a Computer is as an information transformer. Thus, a computer must be able to take input, process it and produce output. The key questions here are: How is the Information represented in a computer? Well, it is in the form of Binary Digit popularly called Bit. How is the input and output presented in a form that is understood by us? One of the minimum requirements in this case may be to have a representation for characters. Thus, a mechanism that fulfils such requirement is needed. In computers information is represented in digital form, therefore, to represent characters in computer we need codes. Some common character codes are ASCII, EBCDIC, ISCII etc. These character codes are discussed in the subsequent sections. How are the arithmetic calculations performed through these bits? We need to represent numbers in binary and should be able to perform operations on these numbers. 9.3 NUMBER SYSTEMS Number system is used to represent information in quantitative form. Some of the common number systems are binary, octal, decimal and hexadecimal. A number system of base (also called radix) r is a system, which has r distinct symbols for r digits. A string of these symbolic digits represents a number. To determine the value that a number represents, we multiply the number by its place value that is an integer power of r depending on the place it is located and then find the sum of weighted digits. Decimal Numbers Decimal number system has ten digits represented by 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9. Any decimal number can be represented as a string of these digits and since there are ten decimal digits, therefore, the base or radix of this system is 10. Thus, a string of number can be represented as: Binary Numbers In binary numbers we have two digits 0 and 1 and they can also be represented, as a string of these two-digits called bits. The base of binary number system is 2. For example, is a valid binary number.

156 144 Computer Applications and Management Information System Decimal Equivalent of a Binary Number For converting the value of binary numbers to decimal equivalent we have to find its value, which is found by multiplying a digit by its place value. For example, binary number is equivalent to: = = = 42 in decimal. Octal Numbers An octal system has eight digits represented as 0,1,2,3,4,5,6,7. For finding equivalent decimal number of an octal number one has to find the quantity of the octal number which is again calculated as: Octal number (23.4) 8. (Please note the subscript 8 indicates it is an octal number, similarly, a subscript 2 will indicate binary, 10 will indicate decimal and H will indicate Hexadecimal number, in case no subscript is specified then number should be treated as decimal number or else whatever number system is specified before it.) Decimal Equivalent of Octal Number (23.4) 8 = = /8 = = (19.5) 10 Hexadecimal Numbers The hexadecimal system has 16 digits, which are represented as 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F. A number (F2) H is equivalent to F = (15 16) + 2 // (As F is equivalent to 15 dor decimal) = = (242) 10 Conversion of Decimal Number to Binary Number For converting a decimal number to binary number, the integer and fractional part are handled separately. Let us explain it with the help of an example: Example 1: Convert the decimal number to binary number. Solution: Integer Part = 43 Fraction Part = On dividing the quotient of integer part repeatedly by 2 and separating the remainder till we get 0 as the quotient On multiplying the fraction repeatedly and separating the integer as you get it till you have all zero in fraction

157 Integer Part Quotient on division by 2 Remainder on division by Please note in the figure above that: Read 145 Coding Techniques and Data Representation The equivalent binary to the Integer part of the number is (101011) 2 You will get the Integer part of the number, if you READ the remainder in the direction of the Arrow. Fraction On Multiplication by 2 Integer part after Multiplication Read Please note in the figure above that: The equivalent binary to the Fractional part of the number is 001. You will get the fractional part of the number, if you READ the Integer part of the number in the direction of the Arrow. Thus, the number ( ) 2 is equivalent to (43.125) 10. You can cross check it as follows: = /8 = (43.125) 10 One easy direct method in Decimal to binary conversion for integer part is to first write the place values as: Step 1: Take the integer part e.g. 43, find the next lower or equal binary place value number, in this example it is 32. Place 1 at 32. Step 2: Subtract the place value from the number, in this case subtract 32 from 43, which is 11. Step 3: Repeat the two steps above till you get 0 at step 2. Step 4: On getting a 0 put 0 at all other place values.

158 146 Computer Applications and Management Information System These steps are shown as: = = = = Is the required number. You can extend this logic to fractional part also but in reverse order. Try this method with several numbers. It is fast and you will soon be accustomed to it and can do the whole operation in single iteration. Conversion of Binary to Octal and Hexadecimal The rules for these conversions are straightforward. For converting binary to octal, the binary number is divided into groups of three, which are then combined by place value to generate equivalent octal. For example the binary number can be converted to Octal as: (Please note the number is unchanged even though we have added 0 to complete the grouping. Also note the style of grouping before and after decimal. We count three numbers from right to left while after the decimal from left to right.) Thus, the octal number equivalent to the binary number is (153.12) 8. Similarly by grouping four binary digits and finding equivalent hexadecimal digits for it can make the hexadecimal conversion. For example the same number will be equivalent to (6B.28) H B (11 in hexadecimal is B) Thus equivalent hexadecimal number is (6B.28) H Conversely, we can conclude that a hexadecimal digit can be broken down into a string of binary having 4 places and an octal can be broken down into string of binary having 3 place values. Following Table gives the binary equivalents of octal and hexadecimal numbers. Binary Equivalent of Octal and Hexadecimal Digits Octal Number Binary coded Octal Hexadecimal Number Binary-coded Hexadecimal Contd

159 A B C D E F Decimal Check Your Progress 1 1. Convert the following binary numbers to decimal. (a) (b) Convert the following decimal numbers to binary. (a) 23 (b) (c) Convert the numbers given in question 2 to hexadecimal from decimal or from the binary. 147 Coding Techniques and Data Representation 9.4 DECIMAL REPRESENTATION IN COMPUTERS The binary number system is most natural for computer because of the two stable states of its components. But, unfortunately, this is not a very natural system for us as we work with decimal number system. So, how does the computer perform the arithmetic? One solution that is followed in most of the computers is to convert all input values to binary. Then the computer performs arithmetic operations and finally converts the results back to the decimal number so that we can interpret it easily. Is there any alternative to this scheme? Yes, there exists an alternative way of performing computation in decimal form but it requires that the decimal numbers should be coded suitably before performing these computations. Normally, the

160 148 Computer Applications and Management Information System decimal digits are coded in 7-8 bits as alphanumeric characters but for the purpose of arithmetic calculations the decimal digits are treated as four bit binary code. As we know 2 binary bits can represent 2 2 = 4 different combinations, 3 bits can represent 2 3 = 8 combinations, and similarly, 4 bits can represent 2 4 = 16 combinations. To represent decimal digits into binary form we require 10 combinations, but we need to have a 4-digit code. One such simple representation may be to use first ten binary combinations to represent the ten decimal digits. These are popularly known as Binary Coded Decimals (BCD). Table below shows the binary coded decimal numbers. Binary Coded Decimals (BCD) Decimal Let us represent in BCD. Binary Coded Decimal Compare the equivalent BCD with equivalent binary value. Both are different. 9.5 ALPHANUMERIC REPRESENTATION But what about alphabets and special characters like +, -, * etc.? How do we represent these in a computer? A set containing alphabets (in both cases), the decimal digits (10 in number) and special characters (roughly in numbers) consist of at least elements ASCII One such standard code that allows the language encoding that is popularly used is ASCII (American Standard Code for Information Interchange). This code uses 7 bits to represent 128 characters, which include 32 non-printing control characters, alphabets in lower and upper case, decimal digits, and other printable characters that

161 are available on your keyboard. Later as there was need for additional characters to be represented such as graphics characters, additional special characters etc., ASCII was extended to 8 bits to represent 256 characters (called Extended ASCII codes). There are many variants of ASCII, they follow different code pages for language encoding, however, having the same format. You can refer to the complete set of ASCII characters on the web. The extended ASCII codes are the codes used in most of the Microcomputers. The major strength of ASCII is that it is quite elegant in the way it represents characters. It is easy to write a code to manipulate upper/lowercase ASCII characters and check for valid data ranges because of the way of representation of characters. In the original ASCII the 8th bit (the most significant bit) was used for the purpose of error checking as a check bit. 149 Coding Techniques and Data Representation EBCDIC Extended Binary Coded Decimal Interchange Code (EBCDIC) is a character-encoding format used by IBM mainframes. It is an 8-bit code and is NOT Compatible to ASCII. It had been designed primarily for ease of use of punched cards. This was primarily used on IBM mainframes and midrange systems such as the AS/400. Another strength of EBCDIC was the availability of wider range of control characters for ASCII. The character coding in this set is based on binary coded decimal, that is, the contiguous characters in the alphanumeric range are represented in blocks of 10 starting from 0000 binary to 1001 binary. Other characters fill in the rest of the range. There are four main blocks in the EBCDIC code: to Used for control character to Punctuation characters to Lowercase characters to Uppercase characters and numbers There are several different variants of EBCDIC. Most of these differ in the punctuation coding. More details on EBCDIC codes can be obtained from further reading and web pages on EBCDIC Comparison of ASCII and EBCDIC EBCDIC is an easier to use code on punched cards because of BCD compatibility. However, ASCII has some of the major advantages on EBCDIC. These are: While writing a code, since EDCDIC is not contiguous on alphabets, data comparison to continuous character blocks is not easy. For example, if you want to check whether a character is an uppercase alphabet, you need to test it in range A to Z for ASCII as they are contiguous, whereas, since they are not contiguous range in EDCDIC these may have to be compared in the ranges A to I, J to R, and S to Z which are the contiguous blocks in EDCDIC. Some of the characters such as [] \{}^~ are missing in EBCDIC. In addition, missing control characters may cause some incompatibility problems UNICODE This is a newer International standard for character representation. Unicode provides a unique code for every character, irrespective of the platform, Program and Language. Unicode Standard has been adopted by the Industry. The key players that have adopted Unicode include Apple, HP, IBM, Microsoft, Oracle, SAP, Sun, Sybase, Unisys and many other companies. Unicode has been implemented in most of the

162 150 Computer Applications and Management Information System latest client server software. Unicode is required by modern standards such as XML, Java, JavaScript, CORBA 3.0, etc. It is supported in many operating systems, and almost all modern web browsers. Unicode includes character set of Dev Nagari. The emergence of the Unicode Standard, and the availability of tools supporting it, is among the most significant recent global software technology trends. One of the major advantages of Unicode in the client-server or multi-tiered applications and websites is the cost saving over the use of legacy character sets that results in targeting website and software products across multiple platforms, languages and countries without re-engineering. Thus, it helps in data transfer through many different systems without any compatibility problems. In India the suitability of Unicode to implement Indian languages is still being worked out Indian Standard Code for Information Interchange (ISCII) The ISCII is an eight-bit code that contains the standard ASCII values till 127 from it contains the characters required in the ten Brahmi-based Indian scripts. It is defined in IS 13194:1991 BIS standard. It supports INSCRIPT keyboard which provides a logical arrangement of vowels and consonants based on the phonetic properties and usage frequencies of the letters of Bramhi-scripts. Thus, allowing use of existing English keyboard for Indian language input. Any software that uses ISCII codes can be used in any Indian Script, enhancing its commercial viability. It also allows transliteration between different Indian scripts through change of display mode. 9.6 DATA REPRESENTATION FOR COMPUTATION As discussed earlier, binary codes exist for any basic representation. Binary codes can be formulated for any set of discrete elements e.g. colours, the spectrum, the musical notes, chessboard positions etc. In addition these binary codes are also used to formulate instructions, which are advanced form of data representation. We will discuss about instructions in more detail in the later blocks. But the basic question which remains to be answered is: How are these codes actually used to represent data for scientific calculations? The computer is a discrete digital device and stores information in flip-flops, which are two state devices, in binary form. Basic requirements of the computational data representation in binary form are: Representation of sign Representation of magnitude If the number is fractional then binary or decimal point, and Exponent The solution to sign representation is easy, because sign can be either positive or negative, therefore, one bit can be used to represent sign. By default it should be the left most bit (in most of the machines it is the Most Significant Bit). Thus, a number of n bits can be represented as n+l bit number, where n+lth bit is the sign bit and rest n bits represent its magnitude. The decimal position can be represented by a position between the flip-flops (storage cells in computer). But, how can one determine this decimal position? Well to simplify the representation aspect two methods were suggested: (1) Fixed point representation where the binary decimal position is assumed either at the beginning or at the end of a number; and (2) Floating point representation where a second register is

163 used to keep the value of exponent that determines the position of the binary or decimal point in the number. But before discussing these two representations let us first discuss the term complement of a number. These complements may be used to represent negative numbers in digital computers. 151 Coding Techniques and Data Representation 9.7 DATA TYPES Data types in digital system are mainly three types, and these are: Bits Nibble Bytes 1. Bits: Bits is a single digits of digital system, like binary digits 0, 1 are also called as bit. Example: 0, 1, 1, 1, 0, etc. 2. Nibble: A group of four bits is known as nibble. Example: 1001, 0011, 1111, 0000 etc 3. Bytes: A group of eight bits or 2 nibbles is known as byte. Example: , , etc COMPLEMENTS There are two types of complements for a number of base (also called radix) r. These are called r s complement and (r 1) s complement. For example, for decimal numbers the base is 10, therefore, complements will be 10 s complement and (10 1) = 9 s complement. For binary numbers we talk about 2 s and 1 s complements. But how to obtain complements and what do these complements means? Let us discuss these issues with the help of following example: Example 2: Find the 9 s complement and 10 s complement for the decimal number 256. Solution: 9 s Complement The 9 s complement is obtained by subtracting each digit of the number from 9 (the highest digit value). Let us assume that we want to represent a maximum of four decimal digit number range. 9 s complement can be used for BCD numbers. 9 s complement of Similarly, for obtaining 1 s complement for a binary number we have to subtract each binary digit of the number from the digit s Complement Adding 1 in the 9 s complement produces the 10 s complement. 10 s complement of 0256 = = 9744

164 152 Computer Applications and Management Information System Please note on adding the number and its 9 s complement we get 9999 (the maximum possible number that can be represented in the four decimal digit number range) while on adding the number and its 10 s complement we get (The number just higher than the range. This number cannot be represented in four digit representation.) Example 3: Find 1 s and 2 s complement of 1010 using only four-digit representation. Solution: 1 s Complement The 1 s complement of 1010 is The number is The 1 s complement is Please note that wherever you have a digit 1 in number the complement contains 0 for that digit and vice versa. In other words to obtain 1 s complement of a binary number, we only have to change all the 1 s of the number to 0 and all the zeros to 1 s. This can be done by complementing each bit of the binary number. 2 s Complement Adding 1 in 1 s complement will generate the 2 s complement The number is The 1 s complement is Fro 2 s complement add 1 in 1 s complement Please note that = 1 0 in binary The number is Most Significant bit Least significant bit The 1 s complement is The 2 s complement can also be obtained by not complementing the least significant zeros till the first 1 is encountered. This 1 is also not complemented. After this 1 the rest of all the bits are complemented on the left. Therefore, 2 s complement of the following number (using this method) should be (you can check it by finding 2 s complement as we have done in the example). The number is The 2 s complement is No change in these bits

165 The number is The 2 s complement is Coding Techniques and Data Representation No change in number and its 2 s Complement, a special case The number is The 2 s complement is ARITHMETIC OPERATIONS No change in this bit only We all are familiar with the arithmetic operations such as addition, subtraction, multiplication, and division of decimal numbers. Similar operations can be performed on binary numbers; infact binary arithmetic is much simpler than decimal arithmetic because here only two digits, 0 and 1 are involved. Binary Addition The rules of binary addition are given in Table. Rules of Binary Addition Augend Addend Sum Carry Result In the first three rows above, there is no carry, that is, carry = 0, whereas in the fourth row a carry is produced (since the largest digit possible is 1), that is, carry = 1, and similar to decimal addition it is added to the next higher binary position. Example 4: Add the binary numbers: and Solution: Carry Binary Subtraction The rules of binary subtraction are given in Table. Rules of Binary Subtraction Minuend Subtrahend Difference Borrow

166 154 Computer Applications and Management Information System Except in the second row above, the borrow = 0. When the borrow = 1, as in the second row, this is to be subtracted from the next higher binary bit as it is done in decimal subtraction. Example 5: Perform the following subtraction: Solution: Here, in column 1 and 2, borrow = 0 and in column 3 it is 1. Therefore, in column 4 first subtract 0 from 1 and from this result obtained subtract the borrow bit. Binary Multiplication Binary multiplication is similar to decimal multiplication. In binary, each partial product is either zero (multiplication by 0) or exactly same as the multiplicand (multiplication by 1). Example 6: Multiply 1001 by Solution: X In a digital circuit, the multiplication operation is performed by repeated additions of all partial products to obtain the full product. Binary Division Binary division is obtained using the same procedure as decimal division. Example 7: Divide by Ans:

167 9.10 FIXED POINT REPRESENTATION The fixed-point numbers in binary uses a sign bit. A positive number has a sign bit 0, while the negative number has a sign bit 1. In the fixed-point numbers we assume that the position of the binary point is at the end, that is, after the least significant bit. It implies that all the represented numbers will be integers. A negative number can be represented in one of the following ways: Signed magnitude representation Signed 1 s complement representation, or Signed 2 s complement representation. (Assumption: size of register = 8 bits including the sign bit) 155 Coding Techniques and Data Representation Signed Magnitude Representation Decimal Number Sign Bit Representation (8 bits) No change in the Magnitude, only sign bit changes Signed 1 s Complement Representation Decimal Number Representation (8 bits) Magnitude (7 bits) Sign Bit Magnitude/1 s complement for negative number (7 bits) For negative number take 1 s complement of all the bits (including sign bit) of the positive number Signed 2 s Complement Representation Decimal Number Representation (8 bits) Sign Bit Magnitude/1 s complement for negative number (7 bits) For negative number take 2 s complement of all the bits (including sign bit) of the positive number Arithmetic Addition The complexity of arithmetic addition is dependent on the representation, which has been followed. Let us discuss this with the help of following example. Example 8: Add 25 and -30 in binary using 8 bit registers, using: 1. Signed magnitude representation 2. Signed 1 s complement 3. Signed 2 s complement

168 156 Computer Applications and Management Information System Solution: Number Sign Magnitude Representation Sign Bit Magnitude To do the arithmetic addition with one negative number only, we have to check the magnitude of the numbers. The number having smaller magnitude is then subtracted from the bigger number and the sign of bigger number is selected. The implementation of such a scheme in digital hardware will require a long sequence of control decisions as well as circuits that will add, compare and subtract numbers. Is there a better alternative than this scheme? Let us first try the signed 2 s complement. Number Sign Magnitude Representation Sign Bit Magnitude Now let us perform addition using signed 2 s complement notation: Operation Decimal equivalent number Signed 2 s complement representation Comments Carry out Sign out Magnitude Addition of two positive number Addition of smaller Positive and larger negative number Simple binary addition. There is no carry out of sign bit Perform simple binary addition. No carry into the sign bit and no carry out of the sign bit Positive value of result s complement of above result Addition of larger Positive and smaller negative number Perform simple binary addition. No carry into the sign bit and carry out of the sign bit Addition two negative numbers Discard the carry out bit Perform simple binary addition. There is carry into the sign bit and carry out of the sign bit No overflow Discard the carry out bit Positive value of result s complement of above result

169 Please note how easy it is to add two numbers using signed 2 s Complement. This procedure requires only one control decision and only one circuit for adding the two numbers. But it puts on additional condition that the negative numbers should be stored in signed 2 s complement notation in the registers. This can be achieved by complementing the positive number bit by bit and then incrementing the resultant by 1 to get signed 2 s complement. 157 Coding Techniques and Data Representation Signed 1 s Complement Representation Another possibility, which also is simple, is use of signed 1 s complement. Signed 1 s complement has a rule. Add the two numbers, including the sign bit. If carry of the most significant bit or sign bit is one, then increment the result by 1 and discard the carry over. Let us repeat all the operations with 1 s complement. Operation Addition of two positive number Addition of smaller Positive and larger negative number Positive value of result Addition of larger Positive and smaller negative number Decimal equivalent number Signed 1 s complement representation Carry out Sign out Magnitude Comments Simple binary addition. There is no carry out of sign bit Perform simple binary addition. No carry in to the sign bit and no carry out of the sign bit s complement of above result Add carry to Sum and discard it There is carry in to the sign bit and carry out of the sign bit. The carry out is added it to the Sum bit and then discard no overflow. Addition two negative numbers Add carry to sum and discard it 1 Perform simple binary addition. There is carry in to the sign bit and carry out of the sign bit No overflow Positive value of result s complement of above result Another interesting feature about these representations is the representation of 0. In signed magnitude and 1 s complement there are two representations for zero as: Representation Signed magnitude Signed 1 s complement

170 158 Computer Applications and Management Information System But, in signed 2 s complement there is just one zero and there is no positive or negative zero. +0 in 2 s Complement Notation: in 1 s complement notation: Add 1 for 2 s complement: 1 Discard the Carry Out Thus, -0 in 2 s complement notation is same as +0 and is equal to Thus, both +0 and -0 are same in 2 s complement notation. This is an added advantage in favour of 2 s complement notation. The highest number that can be accommodated in a register, also depends on the type of representation. In general in an 8 bit register 1 bit is used as sign, therefore, the rest 7 bits can be used for representing the value. The highest and the lowest numbers that can be represented are: For signed magnitude representation (2 7 1) to (2 7 1) = (128 1) to (128 1) = 127 to 127 For signed 1 s complement 127 to 127 But, for signed 2 s complement we can represent +127 to 128. The 128 is represented in signed 2 s complement notation as Arithmetic Subtraction The subtraction can be easily done using the 2 s complement by taking the 2 s complement of the value that is to be subtracted (inclusive of sign bit) and then adding the two numbers. Signed 2 s complement provides a very simple way for adding and subtracting two numbers. Thus, many computers (including IBM PC) adopt signed 2 s complement notation. The reason why signed 2 s complement is preferred over signed 1 s complement is because it has only one representation for zero. Overflow: An overflow is said to have occurred when the sum of two n digits number occupies n+ 1 digits. This definition is valid for both binary as well as decimal digits. What is the significance of overflow for binary numbers? Well, the overflow results in errors during binary arithmetic as the numbers are represented using a fixed number of digits also called the size of the number. Any value that results from computation must be less than the maximum of the allowed value as per the size of the number. In case, a result of computation exceeds the maximum size, the computer will not be able to represent the number correctly, or in other words the number has overflowed. Every computer employs a limit for representing numbers e.g. in our examples we are using 8 bit registers for calculating the sum. But what will happen if the sum of the two numbers can be accommodated in 9 bits? Where are we going to store the 9th bit? The problem will be better understood by the following example. Example: Add the numbers 65 and 75 in 8 bit register in signed 2 s complement notation

171 The expected result is +140 but the binary sum is a negative number and is equal to 116, which obviously is a wrong result. This has occurred because of overflow. How does the computer know that overflow has occurred? If the carry into the sign bit is not equal to the carry out of the sign bit then overflow must have occurred. Another simple test of overflow is: if the sign of both the operands is same during addition, then overflow must have occurred if the sign of resultant is different than that of sign of any operand. For example: 159 Coding Techniques and Data Representation Decimal Carry out Sign bit 2 s Complement Mantissa Decimal Carry out Sign bit 2 s complement Mantissa Carry into Sign bit = 1 Carry into Sign bit = 0 Carry out of Sign bit = 1 Carry out of Sign bit = 1 Therefore, No Overflow Therefore, Overflow Thus, overflow has occurred, i.e. the arithmetic results so calculated have exceeded the capacity of the representation. This overflow also implies that the calculated results will be erroneous DECIMAL FIXED POINT REPRESENTATION The purpose of this representation is to keep the number in decimal equivalent form and not binary as above. A decimal digit is represented as a combination of four bits; thus, a four digit decimal number will require 16 bits for decimal digits representation and additional 1 bit for sign. Normally to keep the convention of one decimal digit to 4 bits, the sign sometimes is also assigned a 4-bit code. This code can be the bit combination which has not been used to represent decimal digit e.g may represent plus and 1101 can represent minus. For example, a simple decimal number 2156 can be represented as: Sign Although this scheme wastes considerable amount of storage space yet it does not require conversion of a decimal number to binary. Thus, it can be used at places where the amount of computer arithmetic is less than that of the amount of input/output of data e.g. calculators or business data processing situations. The arithmetic in decimal can also be performed as in binary except that instead of signed complement, signed nine s complement is used and instead of signed 2 s complement signed 9 s complement is used. More details on decimal arithmetic are available in further readings.

172 160 Computer Applications and Management Information System Check Your Progress 2 1. Write the BCD equivalent for the three numbers given below: (a) 23 (b) (c) Find the 1 s and 2 s complement of the following fixed-point numbers. (a) (b) (c) Add the following numbers in 8-bit register using signed 2 s complement notation (a) +50 and 5 (b) +45 and 65 (c) +75 and +85 Also indicate the overflow if any FLOATING POINT REPRESENTATION Floating-point number representation consists of two parts. The first part of the number is a signed fixed-point number, which is termed as mantissa, and the second part specifies the decimal or binary point position and is termed as an Exponent. The mantissa can be an integer or a fraction. Please note that the position of decimal or binary point is assumed and it is not a physical point, therefore, wherever we are representing a point it is only the assumed position. Example: A decimal in a typical floating point notation can be represented in any of the following two forms: This number in any of the above forms (if represented in BCD) requires 17 bits for mantissa (1 for sign and 4 for each decimal digit as BCD) and 9 bits for exponent (1 for sign and 4 for each decimal digit as BCD). Please note that the exponent indicates the correct decimal location. In the first case where exponent is +2, indicates that actual position of the decimal point is two places to the right of the assumed

173 position, while exponent 2 indicates that the assumed position of the point is two places towards the left of assumed position. The assumption of the position of point is normally the same in a computer resulting in a consistent computational environment. Floating-point numbers are often represented in normalised forms. A floating point number whose mantissa does not contain zero as the most significant digit of the number is considered to be in normalised form. For example, a BCD mantissa which is is in normalised form because these leading zero s are not part of a zero digit. On the other hand a binary number is not in a normalised form. The normalised form of this number is: 161 Coding Techniques and Data Representation Sign Normalized Mantissa Exponent (assuming fractional Mantissa) A floating binary number in a 16-bit register can be represented in normalised form (assuming 10 bits for mantissa and 6 bits for exponent). Sign bit Mantissa (Integer) Exponent A zero cannot be normalised as all the digits in mantissa in this case have to be zero. Arithmetic operations involved with floating point numbers are more complex in nature, take longer time for execution and require complex hardware. Yet the floatingpoint representation is a must as it is useful in scientific calculations. Real numbers are normally represented as floating point numbers. The following figure shows a format of a 32-bit floating-point number Sign Biased Exponent = 8 bits Significand = 23 bits Floating Point Number Representation The characteristics of a typical floating-point representation of 32 bits in the above figure are: Left-most bit is the sign bit of the number; Mantissa or significand and should be in normalised form; The base of the number is 2, and A value of 128 is added to the exponent. (Why?) This is called a bias. A normal exponent of 8 bits normally can represent exponent values as 0 to 255. However, as we are adding 128 for getting the biased exponent from the actual exponent, the actual exponent values represented in the range will be 128 to 127. Now, let us define the range that a normalised mantissa can represent. Let us assume that our present representations has the normalised mantissa, thus, the left most bit cannot be zero, therefore, it has to be 1. Thus, it is not necessary to store this first bit and it is being assumed implicitly for the number. Therefore, a 23-bit mantissa can represent = 24 bit mantissa in our representation. Thus, the smallest mantissa value may be: The implicit first bit as 1 followed by 23 zero s, that is,

174 162 Computer Applications and Management Information System Decimal equivalent = = 0.5 The Maximum value of the mantissa: The implicit first bit 1 followed by 23 one s, that is, Decimal Equivalent For finding binary equivalent let us add 2-24 to above mantissa as follows: Binary: = = 1 = ( ) Therefore, in normalised mantissa and biased exponent form, the floating-point number format as per the above figure, can represent binary floating-point numbers in the range: Smallest Negative number Maximum mantissa and maximum exponent = ( ) Largest negative number Minimum mantissa and Minimum exponent = Smallest positive number = Largest positive number = ( ) In floating point numbers, the basic trade-off is between the range of the numbers and accuracy, also called the precision of numbers. If we increase the exponent bits in 32- bit format, the range can be increased, however, the accuracy of numbers will go down, as size of mantissa will become smaller. Let us take an example, which will clarify the term precision. Suppose we have one bit binary mantissa then we can represent only 0.10 and 0.11 in the normalised form as given in above example (having an implicit 1). The values such as 0.101, and so on cannot be represented as complete numbers. Either they have to be approximated or truncated and will be represented as either 0.10 or Thus, it will create a truncation or round off error. The higher the number of bits in mantissa better will be the precision. In floating point numbers, for increasing both precision and range more number of bits are needed. This can be achieved by using double precision numbers. A double precision format is normally of 64 bits. Institute of Electrical and Electronics Engineers (IEEE) is a society, which has created lot of standards regarding various aspects of computer, has created IEEE standard 754 for floating-point representation and arithmetic. The basic objective of developing this standard was to facilitate the portability of programs from one to another computer. This standard has resulted in development of standard numerical capabilities in various microprocessors. This representation is shown in figure below.

175 S Biased exponent (E) Significand (N) Single Precision = 32 bits S Biased exponent (E) Significand (N) 163 Coding Techniques and Data Representation Double Precision = 64 bits IEEE Standard 754 Format Table below gives the floating-point numbers specified by the IEEE Standard 754. Values of Floating Point Numbers as per IEEE Standard 754 Single Precision Numbers (32 bits): Exponent (E) Significand (N) Value/Comments 255 Not equal to 0 Do represent a number or + depending on sign bit 0<E<255 Any ± (1.N) s E-127 For example, if S is zero that is positive number. N = 101 (rest 20 zeros) and E = 207 Then the number is = + (1.101) = x Not equal to 0 ± (0.N) ± 0 depending on the sign bit Double Precision Numbers (64 bits): Exponent (E) Significand (N) Value/Comments 2047 Not equal to 0 Do represent a number or + depending on sign bit 0<E<2047 Any ± (1.N) s E Not equal to 0 ± (0.N) ± 0 depending on the sign bit Please note that IEEE standard 754 specifies plus zero and minus zero and plus infinity and minus infinity. Floating point arithmetic is more sticky than fixed point arithmetic. For floating point addition and subtraction we have to follow the following steps: Check whether a typical operand is zero Align the significand such that both the significands have same exponent Add or subtract the significand only and finally The significand is normalised again These operations can be represented as x + y = (N x 2 Ex-Ey + N y ) 2 Ey and x y = (N x 2 Ex-Ey -N y ) 2 Ey Here, the assumption is that exponent of x (E x ) is greater than exponent of y (E y ), N x and N y represent significand of x and y respectively.

176 164 Computer Applications and Management Information System While for multiplication and division operations the significand need to be multiplied or divided respectively, however, the exponents are to be added or to be subtracted respectively. In case we are using bias of 128 or any other bias for exponents then on addition of exponents since both the exponents have bias, the bias gets doubled. Therefore, we must subtract the bias from the exponent on addition of exponents. However, bias is to be added if we are subtracting the exponents. The division and multiplication operation can be represented as: x y = (N x N y ) 2 Ex+Ey x y = (N x N y ) 2 Ex-Ey 9.13 ERROR DETECTION CODES Binary information, be it pulse-modulated signals or digital computer input or output, may be transmitted through some form of communication medium such as wires or radio waves. Any external noise introduced into a physical communication medium changes bit values from 0 to 1 or vice versa. An error detection code can be used to detect error during transmission. The detected error cannot be corrected, but its presence is indicated. The usual procedure is to observe the frequency of errors. If errors occur only once in a while, at random, and without a pronounced effect on the overall information transmitted, then either nothing is done or the particular errorneous message is transmitted again. If errors occur so often as to distort the meaning of the received information, the system is checked for malfunction. Computer is an electronic media; therefore, there is a possibility of errors during data transmission. Such errors may result from disturbances in transmission media or external environment. But what is an error in binary bit? An error bit changes from 0 to 1 or 1 to 0. One of the simplest error detection codes is called parity bit. Parity bit: A parity bit is an error detection bit added to binary data such that it makes the total number of 1 s in the data either odd or even. For example, in a seven bit data an 8th bit, which is a parity bit may be added. If the added parity bit is even parity bit then the value of this parity bit should be zero, as already four 1 s exists in the 7-bit number. If we are adding an odd parity bit then it will be 1, since we already have four 1 bits in the number and on adding 8th bit (which is a parity bit) as 1 we are making total number of 1 s in the number (which now includes parity bit also) as 5, an odd number. Parity bit is an extra-bit included with a message to make the total number of 1 s either odd or even. A message of four bits and a parity bit, P, are shown in figure 6. In (a), P is chosen so that the sum of all 1 s is odd (in all five bits). In (b), P is chosen so that the sum of all 1 s is even. During transfer of information from one location to another, the parity bit is handled as follows. Table 9.6: Error Detection Codes (a) Message P (odd) (b) Message P (even) Contd

177 Coding Techniques and Data Representation In the sending end, the message (in this case the first four bits) is applied to a paritygeneration network where the required P bit is generated. The message, including the parity bit, is transferred to its destination. In the receiving end, all the incoming bits (in this case five) are applied to a parity-check network to check the proper parity adopted. An error is detected if the checked parity does no correspond to the adopted one. The parity method detects the presence of one, three, or any odd combination of errors. An even combination of errors is undetectable BINARY CODES Electronics digital systems use signals that have two distinct values and circuit elements that have two stable states. There is a direct analogy among binary signals, binary circuit elements, and binary digits. A binary number of n digits, for example, may be represented by n binary circuit elements, each having an output signal equivalent to a 0 or a 1. Digital systems represent and manipulate not only binary numbers, but also many other discrete elements of information. Any discrete element of information distinct among a group of quantities can be represented by a binary code. For example, red is one distinct color of the spectrum. The letter A is one distinct letter of the alphabet. A bit, by definition, is a binary digit. When used in conjuction with a binary code, it is better to think of it as denoting a binary quantity equal to 0 or 1. To represent a group of 2 n distinct element in a binary code requires a minimum of n bits. This is because it is possible to arrange n bits in 2 n distinct ways. For example, a group of four distinct quantities can be represented by a two-bit code, with each quantity assigned one of the following bit combinations: 00, 01, 10, 11. A group of eight elements requires a threebit code, with each element assigned to one and only one of the following: 000, 001, 010, 011, 100, 101, 110, 111. These examples show that the distinct bit combinations of an n-bit code can be found by counting in binary from 0 to (2 n 1). Some bit combinations are unassigned when the number of elements of the group to be coded is not a multiple of the power of 2. The ten decimal digits 0, 1, 2,., 9 are an example of such group. A binary code that distinguishes among ten elements must contain at least four bits; three bits can distinguish a maximum of eight elements. Four bits can form 16 distinct combinations, but since only ten digits are coded, the remaining six combinations are unassigned and not used. Although the minimum number of bits required to code 2n distinct quantities is n, there is no maximum number of bits that may be used for a binary code. For example, the ten decimal digits can be coded with ten bits, and each decimal digit assigned a bit combination of nine 0 s and 1. In this particular binary code, the digit 6 is assigned the bit combination

178 166 Computer Applications and Management Information System Check Your Progress 3 1. Represent the following numbers in IEEE-754 floating point single precision number format: 37 (a) (b) Find the even and odd parity bits for the following 7-bit data: (a) (b) (c) (d) LET US SUM UP This lesson provides an in-depth coverage of the data representation in a computer system. We have also covered aspects relating to error detection mechanism. The unit covers number system, conversion of number system, conversion of numbers to a different number system. It introduces the concept of computer arithmetic using 2 s complement notation and provides introduction to information representation codes like ASCII, EBCDIC, etc. The concept of floating point numbers has also been covered with the help of a design example and IEEE-754 standard. The information given on various topics such as data representation, error detection codes etc. although exhaustive yet can be supplemented with additional reading. In fact, a course in an area of computer must be supplemented by further reading to keep your knowledge up to date, as the computer world is changing with by leaps and bounds. In addition to further reading the student is advised to study several Indian Journals on computers to enhance his knowledge GLOSSARY ASCII: American Standard Code for Information Interchange Register: A register is a group of binary cells. Bit: A bit by definition is a binary digit. Byte: A combination of four bits Decimal Numbers: Decimal number system has ten digits represented by 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9. Binary Numbers: In binary numbers we have two digits 0 and 1 and they can also be represented, as a string of these two-digits called bits.

179 Check Your Progress: Answers CYP 1 1. (a) thus; Integer = ( ) = ( ) = (8+4) = 12 Fraction = ( ) = = = (b) = The decimal equivalent is = = = (a) The decimal number 23 is (b) The decimal number is (c) The decimal number 892 in binary is (a) The decimal number 23 in hexadecimal is 17 And The hexadecimal number 17 in binary is (b) The decimal number in hexadecimal is 31.4 And The hexadecimal number 31.4 in binary is (c) The decimal number 892 in hexadecimal is 37C And The hexadecimal number 37C in binary is Coding Techniques and Data Representation CYP 2 1. (a) 23 in BCD is (b) in BCD is (c) 892 in BCD is s complement is obtained by complementing each bit while 2 s complement is obtained by leaving the number unchanged till first 1starting from least significant bit after that complement each bit. (i) (ii) (iii) Number s complement s complement Contd

180 168 Computer Applications and Management Information System 3. (a) Carry in to sign bit = 1 Carry out of sign bit = 1 Therefore, no overflow The solution is = +45 (b) No carry into sign bit, no carry out of sign bit. Therefore, no overflow. (c) Carry into sign bit = 1 Carry out of sign bit = 0 Overflow. CYP 3 1. (a) the number is = (b) the number is Data Even parity bit Odd parity bit SUGGESTED READINGS Langholx, Kandel, Gideon Longholx, Abraham Kandel, Joe L. Mott, Foundations of Digital Logic Design, World Scientific Farhat A. Farhat, Hassan A. Farhat, Digital Design and Computer Organisation, CRC Press M. Morris Mano, Computer System Architecture (3rd Edition) (Hardcover) Publisher: Prentice Hall; 3 edition (October 19, 1992) Linda Null, Julia Lobur, The Essentials of Computer Organisation and Architecture (Hardcover) Publisher: Jones & Bartlett Pub; 2nd edition (February 15, 2006) M. Morris Mano, Digital Logic & Computer Design, PHI Alan B. Marcovitz, Introduction to Logic Design, TMH, Second Edition, 2005 R.P. Jain, Modern Digital Electronics, TMH. Stallings, Computer Organisation and Architecture, PHI, 2 nd Edition Rhyne, V.T., Fundamentals of Digital Systems Design, Englewood Cliffs, N.J, PHI, 9.18 QUESTIONS 1. Convert 347 decimal number into binary. 2. What is octal number? Convert (347) 8 into decimal number? 3. What do you meant by ASCII code? 4. Explain briefly UNICODE. 5. What do you meant by complement? Explain 9 s and 10 s complements. 6. Briefly explain the arithmetic operation give example all the operations. 7. What do you mean by error detection code? 8. Explain what is binary code.

181 LESSON 10 COST/BENEFIT ANALYSIS 169 Cost/Benefit Analysis STRUCTURE 10.0 Objectives 10.1 Introduction 10.2 Real Cost 10.3 Real Benefits 10.4 Cost-Benefit Analysis Identification of Costs and Benefits Classification of Costs and Benefits 10.5 Evaluation Selection of Evaluation Method 10.6 Feasibility of the Project 10.7 Let us Sum up 10.8 Glossary 10.9 Suggested Readings Questions 10.0 OBJECTIVES After studying this lesson, you should be able to: Describe the real cost of processing Explain cost-benefit analysis Describe various methods of evaluation Define feasibility of the project Describe various types of feasibility 10.1 INTRODUCTION Cost is associated with the two activities of development and operation as follows: Development comprises all the stages from the initial investigation stage to the successful handover of a final system to the users. Operation also includes maintenance of the system. It is rare for a computer based system to run for years without substantial changes being needed to allow necessary alternations changing business requirements or improvements in hardware and software. In fact, it is the experience of many

182 170 Computer Applications and Management Information System long-established computer software firms that the major part of their analysis and programming effort is devoted to the maintenance of existing systems. So, an important objective is to minimize costs in these areas. Benefits are also of different type and can be grouped on the basis of advantages they provide to the management REAL COST The real cost of processing includes four different categories of possible costs as follows: Hardware Costs: The hardware costs include the costs of actual purchase or lease of computers, terminals, storage and output devices, as well as any additional furniture and other equipments. It is generally more difficult to determine the actual cost of hardware when the system is shared by various users than for a dedicated stand-alone system. Software Costs: The software costs are also easy to estimate if we use packaged software for particular applications. There should be quoted price for each application package. The problem becomes more complex if we wish to modify an existing package. This would require quotations from one or more systems design consultants. The most difficult pricing situation occurs when only customised software would match our needs. Nonetheless, we should be able to negotiate costs with our programming consultant. It is recommended that we agree upon a reasonable figure, if possible. Installation and Implementation Cost: The hardware and software costs are treated as our initial system cost for tax calculation purposes. In addition, installation and implementation costs, some of which have been itemised below, may be included in the initial pricing. Initial operator training may be included in the system price. However, we may also have to pay for backup personnel in manual processes while the training is in progress. Some of the heads, which would incur costs, are as follows: Modifications may be required to the room which would house the system. Some systems may require temperature, humidity or dust control equipment to be installed. We may wish to install fire or smoke detectors, fire extinguishers, security locks and the like. Stabilised power supply must be accounted for. Conversion costs of moving from our old system to a new one may arise. Extra programming may be required even with pre-packaged software. Consultant's fees should be included if use their services selecting and implementing our system. Ongoing Support and Growth Costs: Even where we cannot estimate a cost accurately, it's wise to include an estimate based on whatever information can be gathered. The support and growth costs are as follow: Maintenance cost, which may be between 10 to 12 percent. Equipment rental is a major expense in case we opt for a pleasing plan. Training of new operators may be required.

183 We may experience idle time cost when our computers are down and operators can't be assigned to other productive tasks. Finance changes on borrowed capital used for system acquisition. Insurance premium to cover the risk of damage to our system and records. Power and utilities charges. Software maintenance contract costs. This service provides continuous scheduled updates and removal of bugs and viruses. Consumable supplies, like paper, printer ribbons, and magnetic storage media (disk or tape), are a significant continuing cost. The cost of upgrading our system to accommodate future growth. Personnel Costs: Personnel costs include the salaries and benefits (insurance, vacating time, sick pay, etc.) provided to EDP staff as well as to those involved in developing the system. Costs incurred during the development of a system are one time costs and are known as developmental costs. Once the system has been installed, the costs of operating and maintaining the system become recurring costs. Supply Costs: Supply costs are variable costs that increase use of paper, ribbons, disk and the like. They should be estimated and included in the overall cost of the system. 171 Cost/Benefit Analysis 10.3 REAL BENEFITS A system is also expected to provide benefits. The first task is to identify each benefit and then, assign a monetary value to it for the cost-benefit analysis. The benefits of a project include four types: 1. Cost-saving Benefits: Cost-saving benefits lead to reduction in administrative and operational costs. A reduction in the size of the clerical staff used in the support of an administrative activity is an example of a cost-saving benefit. 2. Cost-avoidance Benefits: Cost-avoidance benefits are those which eliminate costs. No need to hire additional staff in future to handle an administrative activity is an example of a cost avoidance benefit. 3. Improved-service-level Benefits: Improved-service-level benefits are those where the performance of a system is improved by a new computer-based method. Registering a student in fifteen minutes rather than an hour is an example of this type of benefit. 4. Improved-information Benefits: Improved-information benefits is where computer based methods lead to better information for decision making. For example, a system that reports the most, improved fifty customers, as measured by an increase in sales is an improved-information. This information makes it easier to provide better service to major customers COST-BENEFIT ANALYSIS We can define cost-benefit analysis as: That method by which we find and estimate the value of the gross benefits of a new system specification.

184 172 Computer Applications and Management Information System That method by which we find and determine the increased operating costs associated with the above mentioned gross benefits. The subtraction of these operating costs from the associated gross benefits to arrive at net benefits. That method by which we find and estimate the monetary value of the development costs that produce the above mentioned benefits. Those methods by which we show the time-phased relationship between net benefits and development costs as they relate to cash flow, payback on investment, and time-in-process taking (or not taking) into operation factors such as inflation etc. In short, the calculation of actual net benefit as cash flowback overtime. Steps in Cost/Benefit Analysis Cost/benefit analysis is the major activity of feasibility study for determining the economic feasibility of the project. It is done in the following steps: Identification of costs and benefits. Classifications of costs and benefits. Selection of evaluation method. Determining the feasibility of the project Identification of Costs and Benefits First of all, the analyst identifies those costs and benefits of the project, that can be measured. For example, the cost of hardware, system software, stationery, etc. and the savings from reduced costs can easily be identified and measured. The analyst also identifies those costs and benefits which cannot be measured. For example, it is often difficult to measure the cost incurred in providing better customer service and improving company image during implementation of a new system Classification of Costs and Benefits After identifications of various costs and benefits, they are classified. Costs element can be classified into two categories - tangible and intangible costs. Tangible costs are those costs whose values can be precisely determined. For example, equipment costs, material costs (stationery, documentation, etc.), personnel costs (salaries and remunerations), facility costs (air-conditioning, wiring, etc.), operating costs (computer time, etc.) and other costs (consultancy, travelling, etc.) are the major tangible costs. Intangible costs, on the other hand, are those whose values cannot be precisely determined. For example, the cost of breakdown of online system and problems faced by employees during implementation of new system are intangible costs. Benefits can also be classified as tangible and intangible benefits. Tangible benefits are those savings that can be actually measured. For example, decrease in production costs and increase in sales are tangible benefits. Intangible benefits, on the other hand, cannot be measured. For example, improvement in the company's image due to computerisation is the intangible benefit. Let us review each category: Tangible costs and benefits: Tangibility refers to the ease with which, costs or benefits can be measured. For example, an outlay of cash for any specific item or activity is referred to as a tangible cost. The purchase of hardware or software, personnel training and salaries are examples of tangible accounts costs. They are readily identified and measured.

185 Benefits are often more difficult to specify exactly than costs. For example, suppliers can easily quote the cost of purchasing a terminal but it is difficult for them to tell specific benefits or financial advantages for using it in a system. Tangible benefits such as completing jobs in fewer hours or producing error free reports are quantifiable. Intangible costs and benefits: Costs that are known to exist but whose financial value cannot be accurately measured are corporate known to as intangible costs. The estimate is only an approximation. It is difficult to fix exact intangible costs. For example, employee morale problems because of installing new system in an intangible cost. How much moral of an employee has tree affected cannot be exactly measured in terms of financial values. Intangible costs may be difficult even to identify, such as an improvement in customer satisfaction from a real-time order entry system. Intangible benefit such as more satisfied customers or an improved corporate image because of using new system are not easily quantified. Both tangible and intangible costs and benefits should be taken into consideration into evaluation process. If the project is evaluated on a purely intangible basis, benefit exceed costs by a substantial margin, then we will call such project as cost effective. On the other hand, if intangible costs and benefits are included, the total cost (tangible as well as intangible) exceed the benefits which makes the project an undesirable investment. Hence, it is desirable that systems projects should not be evaluated on the basis of intangible benefits alone. Direct or indirect costs and benefits: Direct costs are those which are directly associate with a system. They are applied directly to the operator. For example, the purchase of floppy for Rs 400/- is a direct cost because we can associate the floppy box with money spend. Direct benefits also can be specifically attributable to a given project. For example, a new system that can 30% more transactions per day is a direct benefit. Indirect benefits are realized as a by-product of another system. For example, a system that tracks sales calls on customers provides an indirect marketing benefit by giving additional information about competition. In this case, competition information becomes an indirect benefit although its work in terms of money cannot be exactly measured. Fixed or variable costs and benefits: Some costs and benefits remain constant, regardless of how a system is used. Fixed costs are considered as sunk costs. Once encountered, they will not recur. For example, the purchase of an equipment for a computer centre is called as fixed cost as it remains constant whether in equipment is being used extensively or not. Similarly, the insurance, purchase of software etc. In contrast, variable costs are incurred on a regular basis. They are generally proportional to work volume and continue as long as the system is in operation. For example, the cost of computer forms vary in proportion to the amount of processing or the length of the reports desired. Fixed benefits also remain constant. By using a new system, if 20% of staff members are reduced, we can call it a fixed benefit. The benefit of personnel saving may occur every month. Variable benefits, on the other hand, are realised on a regular basis. For example, the library information system that saves two minutes in providing information about a particular book whether it is issued or not, to the borrower compared with the manual system. The amount of time saved varies with the information given to the number of borrowers. 173 Cost/Benefit Analysis

186 174 Computer Applications and Management Information System 10.5 EVALUATION Computerised information systems are developed and utilized by two categories of organisations: Firms, which have the in-house capability. Service bureaus, which develop them for usage by the outside clients. In both cases, the basic investments are of a high order in terms of not only the computer system, but also in terms of site preparation involving air-conditioning, civil and electrical works followed by recruitment of manpower (computer-centre manager, system analysts, programmers and operators beside input/output, quality control, data preparation and other support staff) and their training. There can be only one objective behind making such sizeable investments and that is to provide satisfaction to the end user, in-house or outside. System cost: In most cost-conscious organisation, an initial estimate is prepared for the on-line cost of developing the system and the recurring costs of running the system. The cost estimation has to cover details such as: Routine manpower (systems, programming, operations and for service bureau, marketing staff). Manual manpower ( specially employed to handle production, quality control, correction of check-bots etc.) Data preparation (direct entry or punch entry or punch lord kind, whether done in house or by outside agencies) Consumable stores (Stationery, cards or floppy disk, carbon, ribbons etc.) Computer time (actual usage house often logged by the computers itself) Administrative expenses Logistic expenses (for the conveyance of manpower, transportation of documents or output report etc.) Miscellaneous expenses (Overtime etc.) Need for Evaluation: Whether or not service bureaus face their irritated customers or user organisations meet their dissatisfied departmental heads, a sound principal to run computerised information systems is to introduce a reliable procedure for management of hardware, software and data preparation. Such practices, as regular and time bound squares and components, do help hardware management. Attention to programming capability, scientific design and development of systems and a high-quality support for system software is invaluable for software management. Data preparation is a week link in most of the organisations and quality control of entered data is a music, among other factors. An actual evaluation plan has to begin from the stage when one knows what has been spent on a computerised information system and then, projected to find out whether there has been value for money spent or not. Such an evaluation is certainly not easy and can be approached in a twofold manner the realization from the process side of system evaluation and from the product side of output reports. Process Evaluation: A process evaluation is carried out from the computer professional's point of view. Design of the system and the quality of programming have to stand the rigours of careful assessment. Quite often the system design in presented by the project leader to the entire application software group and gains

187 from their friendly criticism. Programming standards are today quite high and a modular approach is far preferable to single integrated programmes. Internal or internal training in efficient program writing techniques can achieve surprisingly good results. Another aspect of process evaluation is the utilizations of hardware resources. In all computers capable of running multiple programs there should be adequate prior consideration to arrive at different memory partitions, and to allocate inputoutput devices in a judicious way to each partition. The allocation of certain tapes or discs to production or development jobs often helps in obtaining an efficient and steady mix of jobs. The test for evaluation is to ensure optimal system utilizations, with the least possible idleness of any single device. The third aspect of process evaluation is to check whether there is minimum wastage of computer-time. It may happen that well-designed systems with good quality programmes are running with an apparently maximum waste of hardware resources and still they may hide many wasteful runs. This arises due to two reasons associated with development and production stages of the information system. At the development stage, lack of rigorous quality control may allow many avoidable runs of the programmes. At the production stage lack of full scale debugging may make some programs prone to repeated runs. In fact the best relevant check is to lay down permissible number of development runs and ensure fitness of the programmes for release for production runs without wasting systems resources. Product Evaluation: The product evaluation is concerned with the end user and has to ensure that the output reports are of acceptable quality are continue to be of use. Instances are not that computer outputs, which have long from out of use, are not pointed out as such by managers (users) out of difference to the higher level policy of computerization while the managers continue to use their little pocketbooks containing relevant data. To avoid such a possibility, organisations having a fairly long tradition of computer based information systems should, once in a while take stock of the existing automation and computerised operations. The objective was to devise a questionnaire for each uses department, outlining the group of computer applications for these. General questions related to the usefulness, quality level and achievement of promised improvement and responses were asked on a three tier basis. Specific questions were also framed regarding the reported items of information, frequency of reports, nature of formats and reporting levels. The purpose of the questionnaire was to elicit frank responses from the managers about the utility of the prevailing computerised information systems. The replies received were then tabulated and put up to the higher management for evaluation of each computerised system from three angles, should the system be continued as such? Or should the system be curtailed or even replaced altogether by other some useful systems? Or should the system be modified to cover more ground so that its utility were enhanced? The result of such an introspection are not always as per expectations and managers do not feel comfortable to answer such questions or the questions themselves are not formulated clearly or followed up seriously. These considerations however do not belittle their usefulness. 175 Cost/Benefit Analysis

188 176 Computer Applications and Management Information System Check Your Progress 1 State whether the following statements are true or false: 1. It is difficult to measure the cost incurred in providing better customer service. 2. Improvement in the company's image due to computerisation is an intangible benefit. 3. The period prior to break-even is the investment period Selection of Evaluation Method The common methods of evaluating the costs and benefits are: Payback Method Present Value Method Net Benefit Method Break-even Method We will now discuss all these methods in detail alongwith suitable examples. Payback Method The payback method of evaluating the costs and benefits is a common method to determine the time when the accumulated benefits will equal the initial investment. With this method, the analyst knows the time, when the money spent on the project will be recovered. The payback period is, generally, calculated by using the following formula: Overall Cost Qutlay + Installation Period Payback Time = Annual Cash Return (A B) + (C D) + G = E F Where, A is Capital Investment B is Investment Credit Difference (%) C is Cost Investment D is Company's federal income tax bracket E is Benefits after federal income tax F is Depreciation G is Installation Period Example In developing 'Stock Monitoring System' (as discussed in our case scenario), the vice president of the company requested a cost/benefit analysis. The systems analyst identified the various costs and benefits of the project and computed the following data: (i) Capital Invested on purchase of hardware and software Rs 1,00,000 (ii) Benefits Rs 2,00,000 (iii) Investment Credit 10%

189 (iv) Cost Investment Rs 20,000 (v) Company's Income Tax Bracket 40% (vi) Local Taxes 4% (vii) Installation period 1 Year (viii) Expected life of capital 5 Years Calculation of the payback period: Capital Investment (A) = Rs 1,00,000 Investment Credit Difference (B) = 100% 10% = 90% Cost Investment (C) = Rs 20,000 Company's Federal Income Tax Bracket (D) = 100% 40% = 60% Benefits after federal Income tax (E) are calculated as follows: Benefits before federal income tax = Benefits (Depreciation + Local Taxes) = 2,00,000 ((Capital/Life) + Local Taxes) = 2,00,000 ((2,00,000/5) + 2,00, ) = 2,00,000 (40, ,000) = 2,00,000 48,000 = 1,52,000 Benefits after federal income tax = Benefits before federal income tax (Benefits before federal income tax D) = 1,52,000 (1,52, ) = 60,800 Depreciation(E) = 2,00,000/5 = Rs 40, Cost/Benefit Analysis Payback Time = (1,00, ) + (20, ) 1 60,800 40,000 = 1,02, years 1,00,800 Thus, after 2 years, the money spent on the project will be recovered. Hence, the project is economically feasible. Present Value Method The payback method has certain drawbacks. The values of today's money and tomorrow's money are not the same. In payback method, today's cost is compared with tomorrow's benefits and, thus, the time value of money is not considered. The present value method compares the present values to future values by considering the time value of invested money. The present value is computed with following formula: Where, P is the present value; F is the future value; F P (1 r /100) n

190 178 Computer Applications and Management Information System r is the rate of interest; and n is the number of years. The project is considered to be economically feasible if the project cost is less than or equal to the present value. Now, let us understand this method by the following example. Example Suppose, the average annual benefit is Rs 20,000 for a project of life 5 years. The money is invested by considering the interest rate to be 10 per cent. By using the above formula, the present value for each year is calculated as shown in Table The calculation of present value after 2 years is illustrated below: Given, F = Rs 20,000 Then, r = 10 n = 2 P 20, 000 (1 10/100) 2 Rs The Break-even is the time when costs of current and candidate systems become equal. We can conclude that the project would be economically feasible for getting the benefit of Rs 20,000 after 1 year if the project cost is less than or equal to Rs 18, (present value). Calculations of Present Value for a Software Project of Life 5 Years Year Estimated Future Value Per Year Present Value of Benefits 1 20,000 18, ,000 16, ,000 15, ,000 13, ,000 12, Net Benefit Method The net benefit method is the simplest method of cost/benefit analysis. In this method, the net benefit is calculated by subtracting the total estimated cost from the total estimated benefit. Although it is the easiest method, its has main drawback is that it does not consider the time value of money. Calculations of Net Benefits by Subtracting Estimated Costs from Estimated Net Benefits Year Estimated Benefit Estimated Costs Estimated Net Benefits , , ,000 10, 000-8, ,000 10, 000-1, ,000 10, , , , , 000 Total 56, ,000 6, 000

191 Break-even Method Break-even method is another useful method of cost/benefit analysis, that is based on the principle of payback method. As in payback method, the costs and accumulated benefits are compared to find the time when the money invested is recovered, similarly, in break-even method, the costs of current and candidate system are compared to find the time when both are equal. This point is called the break-even point. The period prior to break-even is the investment period and the period beyond break-even is the return period. Illustration of Break-even Point Based on Cost Estimates of Current and Candidate System 179 Cost/Benefit Analysis Year Cost of Current Systems Cost of Candidate System Period Time 1 5,000 10, 000 Investment 2 10, ,500 Investment 3 15, , 000 Break-even 4 20, ,500 Return 5 25, , 000 Return 10.6 FEASIBILITY OF THE PROJECT Feasibility is the determination of whether a project is worth doing. The process followed in making this determination is called a feasibility study. This type of study determines if a project can and should be taken. Once it has been determined that a project is feasible. The analysist can go ahead and prepare at the project specification which finalises project requirements. Generally, feasibility studies are undertaken within tight time constraints and normally culminate in a written and oral feasibility report. The contents and recommendations of such a study will be used as a sound bases for deciding whether to proceed, postpone or cancel the project. Thus since the feasibility study may lead to the commitment of large resources, it becomes necessary that it should be conducted competently and that no fundamental errors of judgement are made. Types of Feasibility In the conduct of the feasibility study, the analyst will usually consider seven distinct, but inter-related types of feasibility. They are: Technical Feasibility: This is concerned with specifying equipment and software that will successfully satisfy the user requirement. The technical needs of the system may vary considerably, but might include: The facility to produce outputs in a given time. Response time under certain conditions. Ability to process a certain volume of transaction at a particular speed. Facility to communicate data to distant location. Out of all types of feasibility, technical feasibility generally is the most difficult to determine. Operation Feasibility: It is mainly related to human organisational and political aspects. The points to be considered are: What changes will be brought with the system? What organisational structures are disturbed? What new skills will be required? Do the existing staff members have these skills? If not, can they be trained in due course of time?

192 180 Computer Applications and Management Information System Generally project will not be rejected simply because of operational infeasibility but such considerations are likely to critically affect the nature and scope of the eventual recommendations. This feasibility study is carried out by a small group of people who are familiar with information system techniques, who understand the parts of the business that are relevant to the project and are skilled in system analysis and design process. Economic Feasibility: Economic analysis is the most frequently used technique for evaluating the effectiveness of a proposed system. More commonly known as cost/benefit analysis; the procedure is to determine the benefits and savings that are expected from a proposed system and compare them with costs. If benefits out weigh costs, a decision is taken to design and implement the system. Otherwise, further justification or alternative in the proposed system will have to be made if it has a chance of being approved. This is an ongoing effort that improves in accuracy at each phase of the system life cycle. A number of approaches for assessing the costs of solutions have been suggested. Approaches include the following: Last cost: This is based on the observation that costs are easier to control and identify the revenues. Thus, it assumes that there is no change in income caused by the implementation of a new system. In such an evaluation, only the costs are listed and the option with the lowest cost is selected. Time to payback: This method of economic evaluation is an attempt to answer the question. How long would it be until we get out money back on this investment in system? This requires data on both costs and benefits. This method of evaluation has two significant disadvantages: It only considers the time taken to return the original investment and ignores the system's long term profitability. The method does not recognize the time value of money. Benefits that accrue in the distant future are not worth as much as similar benefits that occur more quickly but this method fails to recognize this. Cost-effectiveness: Some type of cost benefit analysis is performed for each alternative. Rough projections of equipment requirements and costs, operational costs, manpower costs, maintenance cost, etc., need to be made. Projections of potential, tangible as well intangible benefits are also needed to be made. For example, tangible benefits are: ability to obtain information, which was previously not available, faster or timely receipt of information, improved or better decision making, improvement in planning and control etc. Social Feasibility: Social feasibility is a determination of whether a proposed project will be acceptable to the people or not. This determination typically examines the probability of the project being accepted by the group directly affected by the proposed system change. Management Feasibility: It is a determination of whether a proposed project will be acceptable to management. If management does not accept a project or gives a negligible support to it, the analyst will tend to view the project as a non-feasible one. Legal Feasibility: Legal feasibility is a determination of whether a proposed project infringes on known Acts, statutes, as well as any pending legislation. Although in some instances the project might appear sound, on closer investigation it may be found to infringe on several legal areas.

193 Time Feasibility: Time feasibility is a determination of whether a proposed project can be implemented fully within a stipulated time frame. If a project takes too much time it is likely to be rejected. 181 Cost/Benefit Analysis Check Your Progress 2 Fill in the blanks: 1. With.. method, the analyst knows the time, when the money spent on the project will be recovered. 2. Break-even method is based on the principle of.. method. 3. Decrease in production cost is an example of.. benefit LET US SUM UP Cost is associated with development and maintenance. An important objective is to minimize costs in these areas. The real cost of processing includes Hardware costs, Software costs, Installation and Implementation cost, Ongoing support and growth costs, Personnel Costs and Supply cost. A system is also expected to provide benefits. The benefits of a project include cost-saving benefits, cost-avoidance benefits, improved-service-level benefits and Improved-information benefits. Cost/benefit analysis is the major activity of feasibility study for determining the economic feasibility of the project. It is done by Identification and classification of costs and benefits, selection of evaluation method and determining the feasibility of the project. The common method of evaluating the costs and benefits are Payback Method, Present Value Method, Net Benefit Method and Break-even Method. Feasibility is the determination of whether a project is worth doing. The process followed in making this determination is called a feasibility study. Feasibility studies are undertaken within light time constraints and normally culminate in a written and oral feasibility report. Seven distinct, but inter-related types of feasibility. They includes Technical feasibility, operation feasibility, Economic feasibility, Social feasibility, Management feasibility, Legal feasibility, Time feasibility GLOSSARY Hardware Costs: The costs of actual purchase or lease of computers, terminals, storage and output devices, as well as any additional furniture and other equipments. Cost-saving Benefits: Benefits that leads to reduction in administrative operational costs. A reduction in the size of the clerical staff used in the support of an administrative activity is an example of a cost-saving benefit. Cost-avoidance Benefits: Benefit which eliminate cost is known as cost-avoidance benefits. Improved-service-level Benefits: Benefits where the performance of a system is improved by a new computer based method. Improved-information Benefits: Benefits where the computer based method lead to better information for decision making. Tangible Benefits: Those savings that can be actually measured. Intangible Benefits: Those benefits that cannot be measured.

194 182 Computer Applications and Management Information System Intangible Costs: Costs that are known to exist but whose financial value cannot be accurately measured are corporate. Direct Cost: Those costs which are directly associate with a system. Fixed Costs and Benefits: Costs and benefits that remain constant, regardless of how a system is used. Variable Benefits: Benefits that are realised on a regular basis. Feasibility: The determination of whether a project is worth doing. Technical Feasibility: Specifying equipment and software that will successfully satisfy the user requirement. Economic Feasibility: To determine the benefits and savings that are expected from a proposed system and compare them with costs. Social Feasibility: A determination of whether a proposed project will be acceptable to the people or not. Management Feasibility: A determination of whether a proposed project will be acceptable to management. Legal Feasibility: A determination of whether a proposed project infringes on known Acts, statutes, as well as any pending legislation. Check Your Progress: Answers CYP 1 1. True 2. True 3. True CYP 2 1. payback 2. payback 3. tangible 10.9 SUGGESTED READINGS William N. Sweet, Alexander Kossiakoff, Systems Engineering, Wiley-IEEE. Patrick McDermott, Zen and the Art of Systems Analysis, iuniverse. Robert Sugden, Allan M. Williams, The Principles of Practical Cost-Benefit Analysis, Oxford University Press. Penny A. Kendall, Introduction to System Analysis and Design: A Structured Approach, 1996, Irwin. Gary B. Shelly; Thomas J. Cashman, Harry J. Rosenblatt, System Analysis and Design, 2001, Course Technology. Preeti Gupta, System Analysis and Design, 2005, Firewall Media. Charles S. Wasson, System Analysis, Design, and Development: Concepts, Principles, and Practices, Wiley-Interscience, Ronald G Noice, System Analysis & Design, Oxford University Press Canadian Branch, 1984.

195 Jeffrey L. Whitten; Lonnie D. Bentley; Kevin C. Dittman, Systems Analysis and Design Methods, McGraw-Hill, Joseph S. Valacich; Joey F. George; Jeffrey A. Hoffer, Essentials of System Analysis and Design, Prentice Hall, Cost/Benefit Analysis QUESTIONS 1. Name different types of costs and benefits. 2. What is cost/benefit analysis? Enumerate the major steps of this analysis. 3. Give a good definition of cost-benefit analysis. 4. What is payback method of cost evaluation? Determine the feasibility of a project based on this method for following data: Capital Invested on Computer Rs 2,00,000 Benefits Rs 3,00,000 Investment Credit 10% Cost Investment Rs 50,000 Company's Income Tax Bracket 40% Local Taxes 10% Installation Period 2 years Expected life of capital 4 years 5. Consider the average annual benefit is Rs 50,000 for a project of life 4 years. The money is invested by considering the interest rate to be 10 per cent. Calculate the present value of money for each year.

196 184 Computer Applications and Management Information System LESSON 11 ASSESSING THE VALUE AND RISK INFORMATION SYSTEM STRUCTURE 11.0 Objectives 11.1 Introduction 11.2 Risk with Respect to Information Systems 11.3 How is Risk Assessed? Quantitative Risk Assessment Qualitative Risk Assessment 11.4 Assessing Risk 11.5 How is Risk Managed? 11.6 Communicating Risks and Risk Management Strategies 11.7 Implementing Risk Management Strategies 11.8 Common Risk Assessment/System Methodologies and Tools National Institute of Standards & Technology (NIST) Methodology OCTAVE FRAP COBRA Risk Watch 11.9 Time and Logic Knowledge and Human Dimension Let us Sum up Glossary Suggested Readings Questions 11.0 OBJECTIVES After studying this lesson, you should be able to: Explain risk information system Define assessing risk Describe risk management strategies Explain knowledge and human dimension

197 11.1 INTRODUCTION The fundamental precept of information security is to support the mission of the organisation. All organisations are exposed to uncertainties, some of which impact the organisation in a negative manner. In order to support the organisation, IT security professionals must be able to help their organisations management understand and manage these uncertainties. Managing uncertainties is not an easy task. Limited resources and an ever-changing landscape of threats and vulnerabilities make completely mitigating all risks impossible. Therefore, IT security professionals must have a toolset to assist them in sharing a commonly understood view with IT and business managers concerning the potential impact of various IT security related threats to the mission. This toolset needs to be consistent, repeatable, cost-effective and reduce risks to a reasonable level. Risk management is nothing new. There are many tools and techniques available for managing organisational risks. There are even a number of tools and techniques that focus on managing risks to information systems. 185 Assessing the Value and Risk Information System 11.2 RISK WITH RESPECT TO INFORMATION SYSTEMS Risk is the potential harm that may arise from some current process or from some future event. Risk is present in every aspect of our lives and many different disciplines focus on risk as it applies to them. From the IT security perspective, risk management is the process of understanding and responding to factors that may lead to a failure in the confidentiality, integrity or availability of an information system. IT security risk is the harm to a process or the related information resulting from some purposeful or accidental event that negatively impacts the process or the related information. Risk is a function of the likelihood of a given threat-source s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organisation. Why is it Important to Manage Risk? The principle reason for managing risk in an organisation is to protect the mission and assets of the organisation. Therefore, risk management must be a management function rather than a technical function. It is vital to manage risks to systems. Understanding risk, and in particular, understanding the specific risks to a system allow the system owner to protect the information system commensurate with its value to the organisation. The fact is that all organisations have limited resources and risk can never be reduced to zero. So, understanding risk, especially the magnitude of the risk, allows organisations to prioritise scarce resources HOW IS RISK ASSESSED? Risk is assessed by identifying threats and vulnerabilities, then determining the likelihood and impact for each risk. It s easy, right? Unfortunately, risk assessment is a complex undertaking, usually based on imperfect information. There are many methodologies aimed at allowing risk assessment to be repeatable and give consistent results.

198 186 Computer Applications and Management Information System The general processes of risk assessment are: Quantitative Risk Assessment Quantitative risk assessment draws upon methodologies used by financial institutions and insurance companies. By assigning values to information, systems, business processes, recovery costs, etc., impact, and therefore risk, can be measured in terms of direct and indirect costs. Mathematically, quantitative risk can be expressed as Annualised Loss Expectancy (ALE). ALE is the expected monetary loss that can be expected for an asset due to a risk being realised over a one-year period. ALE = SLE ARO Where: SLE (Single Loss Expectancy) is the value of a single loss of the asset. This may or may not be the entire asset. This is the impact of the loss. ARO (Annualised Rate of Occurrence) is how often the loss occurs. This is the likelihood. While utilizing quantitative risk assessment seems straightforward and logical, there are issues with using this approach with information systems. While the cost of a system may be easy to define, the indirect costs, such as value of the information, lost production activity and the cost to recover is imperfectly known at best. Moreover, the other major element of risk, likelihood, is often even less perfectly known. For example, what is the likelihood that someone will use social engineering to gain access to a user account on the accounting system? Therefore, a large margin of error is typically inherent in quantitative risk assessments for information systems. This might not always be the case in the future. As the body of statistical evidence becomes available, trends can be extrapolated on past experience. Insurance companies and financial institutions make excellent use of such statistics to ensure that their quantitative risk assessments are meaningful, repeatable and consistent. Typically, it is not cost-effective to perform a quantitative risk assessment for an IT system, due to the relative difficulty of obtaining accurate and complete information. However, if the information is deemed reliable, a qualitative risk assessment is an extremely powerful tool to communicate risk to all level of management. Quantitative risk measurement is the standard way of measuring risk in many fields, such as insurance, but it is not commonly used to measure risk in information systems. Two of the reasons claimed for this are: The difficulties in identifying and assigning a value to assets, The lack of statistical information that would make it possible to determine frequency. Thus, most of the risk assessment tools that are used today for information systems are measurements of qualitative risk Qualitative Risk Assessment Qualitative risk assessments assume that there is already a great degree of uncertainty in the likelihood and impact values and defines them, and thus risk, in somewhat subjective or qualitative terms. Similar to the issues in quantitative risk assessment, the great difficulty in qualitative risk assessment is defining the likelihood and impact values. Moreover, these values need to be defined in a manner that allows the same scales to be consistently used across multiple risk assessments.

199 The results of qualitative risk assessments are inherently more difficult to concisely communicate to management. Qualitative risk assessments typically give risk results of High, Moderate and Low. However, by providing the impact and likelihood definition tables and the description of the impact, it is possible to adequately communicate the assessment to the organisation s management. 187 Assessing the Value and Risk Information System Identifying Threats As was alluded to in the section on threats, both threat-sources and threats must be identified. Threats should include the threat-source to ensure accurate assessment. Some common threat-sources include: Natural Threats: floods, earthquakes, hurricanes Human Threats: threats caused by human beings, including both unintentional (inadvertent data entry) and deliberate actions (network based attacks, virus infection, unauthorized access) Environmental Threats: power failure, pollution, chemicals, water damage. Some common threats given in Table 11.1 Partial List of Threats with Threat Sources Taken into Consideration. Table 11.1: Partial List of Threats with Threat Sources Taken into Consideration Threat (Including Threat Source) Accidental Disclosure Acts of Nature Alteration of Software Bandwidth Usage Electrical Interference/Disruption Intentional Alteration of Data System Configuration Error (Accidental) Telecommunication Malfunction/Interruption Description The unauthorized or accidental release of classified, personal, or sensitive information. All types of natural occurrences (e.g., earthquakes, hurricanes, tornadoes) that may damage or affect the system/application. Any of these potential threats could lead to a partial or total outage, thus affecting availability. An intentional modification, insertion, deletion of operating system or application system programs, whether by an authorized user or not, which compromises the confidentiality, availability, or integrity of data, programs, system, or resources controlled by the system. This includes malicious code, such as logic bombs, Trojan horses, trapdoors, and viruses. The accidental or intentional use of communications bandwidth for other then intended purposes. An interference or fluctuation may occur as the result of a commercial power failure. This may cause denial of service to authorized users (failure) or a modification of data (fluctuation). An intentional modification, insertion, or deletion of data, whether by authorized user or not, which compromises confidentiality, availability, or integrity of the data produced, processed, controlled, or stored by data processing systems. An accidental configuration error during the initial installation or upgrade of hardware, software, communication equipment or operational environment. Any communications link, unit or component failure sufficient to cause interruptions in the data transfer via telecommunications between computer terminals, remote or distributed processors, and host computing facility. Individuals who understand the organisation, industry or type of system (or better yet all three) are key in identifying threats. Once the general list of threats has been compiled, review it with those most knowledgeable about the system, organisation or industry to gain a list of threats that applies to the system.

200 188 Computer Applications and Management Information System It is valuable to compile a list of threats that are present across the organisation and use this list as the basis for all risk management activities. As a major consideration of risk management is to ensure consistency and repeatability, an organisational threat list is invaluable. Identifying Vulnerabilities Vulnerabilities can be identified by numerous means. Different risk management schemes offer different methodologies for identifying vulnerabilities. In general, start with commonly available vulnerability lists or control areas. Then, working with the system owners or other individuals with knowledge of the system or organisation, start to identify the vulnerabilities that apply to the system. Specific vulnerabilities can be found by reviewing vendor web sites and public vulnerability archives, such as Common Vulnerabilities and Exposures (CVE - or the National Vulnerability Database (NVD - If they exist, previous risk assessments and audit reports are the best place to start. Additionally, while the following tools and techniques are typically used to evaluate the effectiveness of controls, they can also be used to identify vulnerabilities: Vulnerability Scanners: Software that can examine an operating system, network application or code for known flaws by comparing the system (or system responses to known stimuli) to a database of flaw signatures. Penetration Testing: An attempt by human security analysts to exercise threats against the system. This includes operational vulnerabilities, such as social engineering Audit of Operational and Management Controls: A thorough review of operational and management controls by comparing the current documentation to best practices (such as ISO 17799) and by comparing actual practices against current documented processes. It is invaluable to have a base list of vulnerabilities that are always considered during every risk assessment in the organisation. This practice ensures at least a minimum level of consistency between risk assessments. Moreover, vulnerabilities discovered during past assessments of the system should be included in all future assessments. Doing this allows management to understand that past risk management activities have been effective ASSESSING RISK Assessing risk is the process of determining the likelihood of the threat being exercised against the vulnerability and the resulting impact from a successful compromise. When assessing likelihood and impact, take the current threat environment and controls into consideration. Likelihood and impact are assessed on the system as it is operating at the time of the assessment. Do not take any planned controls into consideration. Table 11.2 Sample Risk Determination Matrix can be used to evaluate the risk when using a three level rating system. Table 11.2: Sample Risk Determination Matrix Likelihood Impact High Moderate Low High High High Moderate Moderate High Moderate Low Low Moderate Low Low

201 In a qualitative risk assessment, it is best not to use numbers when assessing risk. Managers, especially the senior level managers that make decisions concerning resource allocation, often assume more accuracy than is actually conveyed when reviewing a risk assessment report containing numerical values. Recall that in a qualitative risk assessment, the likelihood and impact values are based on the best available information, which is not typically well grounded in documented past occurrences. The concept of not providing any more granularity in risk assessment reports than was available during the assessment process is roughly analogous to the use of significant digits in physics and chemistry. Roughly speaking, significant digits are the digits in a measurement that are reliable. Therefore, it is impossible to get any more accuracy from the result than was available from the source data. Following this logic, if likelihood and impact were evaluated on a Low, Moderate, High basis, Risk would also be Low, Moderate or High. If the risk assessment report does not clearly communicate the proper level of granularity, the number of impact and likelihood rating levels should be increased. Some organisations prefer to use a four or even five level rating for impact and likelihood. However, understand that the individual impact and likelihood levels must still be concisely defined. 189 Assessing the Value and Risk Information System Check Your Progress 1 Fill in the blanks: 1... is the potential harm that may arise from some current process or from some future event measurement is the standard way of measuring risk in many fields, such as insurance, but it is not commonly used to measure risk in information systems HOW IS RISK MANAGED? Recall that the purpose of assessing risk is to assist management in determining where to direct resources. There are four basic strategies for managing risk and these are: Mitigation Transference Acceptance Avoidance. For each risk in the risk assessment report, a risk management strategy must be devised that reduces the risk to an acceptable level for an acceptable cost. For each risk management strategy, the cost associated with the strategy and the basic steps for achieving the strategy (known as the Plan of Action & Milestones or POAM) must also be determined. Mitigation Mitigation is the most commonly considered risk management strategy. Mitigation involves fixing the flaw or providing some type of compensatory control to reduce the likelihood or impact associated with the flaw. A common mitigation for a technical security flaw is to install a patch provided by the vendor. Sometimes the process of determining mitigation strategies is called control analysis.

202 190 Computer Applications and Management Information System Transference Transference is the process of allowing another party to accept the risk on your behalf. This is not widely done for IT systems, but everyone does it all the time in their personal lives. Car, health and life insurance are all ways to transfer risk. In these cases, risk is transferred from the individual to a pool of insurance holders, including the insurance company. Note that this does not decrease the likelihood or fix any flaws, but it does reduce the overall impact (primarily financial) on the organisation. Acceptance Acceptance is the practice of simply allowing the system to operate with a known risk. Many low risks are simply accepted. Risks that have an extremely high cost to mitigate are also often accepted. Beware of high risks being accepted by management. Ensure that this strategy is in writing and accepted by the manager(s) making the decision. Often risks are accepted that should not have been accepted, and then when the penetration occurs, the IT security personnel are held responsible. Typically, business managers, not IT security personnel, are the ones authorized to accept risk on behalf of an organisation. Avoidance Avoidance is the practice of removing the vulnerable aspect of the system or even the system itself. For instance, during a risk assessment, a website was uncovered that let vendors view their invoices, using a vendor ID embedded in the HTML file name as the identification and no authentication or authorization per vendor. When notified about the web pages and the risk to the organisation, management decided to remove the web pages and provide vendor invoices via another mechanism. In this case, the risk was avoided by removing the vulnerable web pages COMMUNICATING RISKS AND RISK MANAGEMENT STRATEGIES Risk must also be communicated. Once risk is understood, risks and risk management strategies must be clearly communicated to organisational management in terms easily understandable to organisational management. Managers are used to managing risk, they do it every day. So presenting risk in a way that they will understand is key. Ensure you do not try to use fear, uncertainty and doubt. Instead, present risk in terms of likelihood and impact. The more concrete the terms are, the more likely organisational management will understand and accept the findings and recommendations. With a quantitative risk assessment methodology, risk management decisions are typically based on comparing the costs of the risk against the costs of risk management strategy. A return on investment (ROI) analysis is a powerful tool to include in the risk assessment report. This is a tool commonly used in business to justify taking or not taking a certain action. Managers are very familiar with using ROI to make decisions. With a qualitative risk assessment methodology, the task is somewhat more difficult. While the cost of the strategies is usually well known, the cost of not implementing the strategies is not, which is why a qualitative and not a quantitative risk assessment was performed. Including a management-friendly description of the impact and likelihood with each risk and risk management strategy is extremely effective. Another effective strategic is showing the residual risk that would be effective after the risk management strategy was enacted.

203 Risk Risk Description Table 11.3: Sample Risk Management Table Impact Likelihood Risk Mgmt Strategy Cost Residual Risk after Implementing Risk Mgmt Strategy 191 Assessing the Value and Risk Information System Moderate Failure in environmental systems (e.g. air conditioning) leaves systems unavailable. Failure in environmental controls could cause system to become unavailable for more than 48 hours Past data indicates this happens 1-2 times annually Implement a hot spare at the alternate site $ 250,000 Low 11.7 IMPLEMENTING RISK MANAGEMENT STRATEGIES A Plan of Action & Milestones (POAM) should be part of the risk assessment report presented to management. The POAM is a tool to communicate to management on the proposed and actual completion of the implementation of the risk management strategies. The first step in implementing risk management strategies is to get management to approve the POAM. Afterwards, the various individuals and teams report upon their progress. This in turn is reported to management and tracked as part of the ongoing process of risk management. Table 11.4 shows Sample POAM. The POAM contains the risk, the risk management strategy, the Point Of Contact (POC) responsible for implementing the strategy, the resources required and the various milestones that comprise the implementation. For each milestone, a target completion date and an actual completion date is listed. Note that the POAM is a tool to communicate to management, rather than a project management plan. Table 11.4: Sample POAM Risk Risk Mgmt Strategy POC Resource Required Milestones Target Completion Date Actual Completion Date Failure environmental systems (e.g. air conditioning) leaves systems unavailable Implement a hot spare at the alternate site Joe Smith $100,000 hardware, $50,000 software, $100,000 labor Procure hardware & software Install hardware Install software Configure system Test system 9/1 9/15 10/1 10/15 11/ COMMON RISK ASSESSMENT/SYSTEM METHODOLOGIES AND TOOLS There are numerous risk assessment/management methodologies and tools. The following methodologies and tools were developed for managing risks in information systems. National Institute of Standards & Technology (NIST) Methodology OCTAVE FRAP

204 192 Computer Applications and Management Information System COBRA Risk Watch National Institute of Standards & Technology (NIST) Methodology NIST Special Publication (SP) , Risk Management Guide for Information Technology Systems is the US Federal Government s standard. This methodology is primarily designed to be qualitative and is based upon skilled security analysts working with system owners and technical experts to thoroughly identify, evaluate and manage risk in IT systems. The process is extremely comprehensive, covering everything from threat-source identification to ongoing evaluation and assessment. The NIST methodology consists of nine steps: Step 1: System Characterization Step 2: Threat Identification Step 3: Vulnerability Identification Step 4: Control Analysis Step 5: Likelihood Determination Step 6: Impact Analysis Step 7: Risk Determination Step 8: Control Recommendations Step 9: Results Documentation OCTAVE The Software Engineering Institute (SEI) at Carnegie Mellon University developed the Operationally Critical, Threat, Asset and Vulnerability Evaluation (OCTAVE) process. The main goal in developing OCTAVE is to help organisations improve their ability to manage and protect themselves from information security risks. OCTAVE is workshop-based rather than tool based. This means that rather than including extensive security expertise in a tool, the participants in the risk assessment need to understand the risk and its components. The workshop-based approach espouses the principle that the organisation will understand the risk better than a tool and that the decisions will be made by the organisation rather than by a tool. There are three phases of workshops. Phase 1 gathers knowledge about important assets, threats, and protection strategies from senior managers. Phase 1 consists of the following processes: Process 1: Identify Senior Management Knowledge Process 2: (multiple) Identify Operational Area Management Knowledge Process 3: (multiple) Identify Staff Knowledge Process 4: Create Threat Profiles Phase 2 gathers knowledge from operational area managers. Phase 2 consists of the following processes: Process 5: Identify Key Components Process 6: Evaluate Selected Components Phase 3 gathers knowledge from staff. Phase 3 consists of the following processes:

205 Process 7: Conduct Risk Analysis Process 8: Develop Protection Strategy (workshop A: strategy development) (workshop B: strategy review, revision, approval) These activities produce a view of risk that takes the entire organisation s viewpoints into account, while minimizing the time of the individual participants. The outputs of the OCTAVE process are: Protection Strategy Mitigation Plan Action List 193 Assessing the Value and Risk Information System FRAP The Facilitated Risk Assessment Process (FRAP) is the creation of Thomas Peltier. It is based upon implementing risk management techniques in a highly cost-effective way. FRAP uses formal qualitative risk analysis methodologies using Vulnerability Analysis, Hazard Impact Analysis, Threat Analysis and Questionnaires. Moreover, FRAP stresses pre-screening systems and only performing formal risk assessments on systems when warranted. Lastly, FRAP ties risk to impact using the Business Impact Analysis as a basis for determining impact. Thomas Peltier has written a book on FRAP and several consulting companies, including RSA and Peltier Associates, teach FRAP COBRA The Consultative, Objective and Bi-functional Risk Analysis (COBRA) process was originally created by C&A Systems Security Ltd. in It takes the approach that risk assessment is a business issue rather than a technical issue. It consists of tools that can be purchased and then utilized to perform self-assessments of risk, while drawing on the expert knowledge embedded in the tools. The primary knowledge bases are: IT Security (or default) Operational Risk 'Quick Risk' or 'high level risk' e-security There are two primary products, Risk Consultant and ISO Compliance. Risk Consultant is a tool with knowledge bases and built in templates that allow the user to create questionnaires to gather the information about the types of assets, vulnerabilities, threats, and controls. From this information, Risk Consultant can create reports and make recommendations, which can then be customized. ISO Compliance is similar, only this product is focused on ISO compliance Risk Watch Risk Watch is another tool that uses an expert knowledge database to walk the user through a risk assessment and provide reports on compliance as well as advice on managing the risks. Risk Watch includes statistical information to support quantitative risk assessment, allowing the user to show ROI for various strategies. Risk Watch has several products, each focused along different compliance needs. There are products based on NIST Standards (U.S. government), ISO 17799, HIPAA and Financial Institution standards (Gramm Leach Bliley Act, California SB 1386 (Identify Theft standards), Facilities Access Standards and the FFIEC Standards for Information Systems).

206 194 Computer Applications and Management Information System 11.9 TIME AND LOGIC Critical systems frequently occur as real-time systems, embedded systems, hybrid systems, distributed systems, and cyber-physical systems. They are also becoming more and more important in application domains, including aviation, automotive, railway, robotic, or medical applications. To ensure the correct functioning of safetycritical systems, it is necessary to model and reason about hardware (including physical properties or movement), software, communication aspects, and qualitative and quantitative aspects of the system environment. Especially, the role of the system environment is becoming crucial for faithful system analysis. Classical computer analysis mostly ignores the computer environment, is abstract with respect to the passing of real time, and has no notion of space, with the possible exception of communication distance. The interfacing with physical processes in modern safetycritical systems requires rethinking the foundations of system analysis. Logics for system analysis, system modeling, and specification, are primary tools to analyse system behavior. Logic is equally important for understanding the theoretical foundations of system analysis and as the basis for practical analysis tools that establish correct functioning of systems or find bugs in their designs. Depending on the nature of the system, modeling languages that are amenable to logical analysis and the study of correctness properties could include logical representations, automata, state charts, Petri nets, dataflow models, or systems of differential equations. Several system models can be analysed rigorously with the help of techniques like logical calculi, decision procedures, model checking, and abstraction KNOWLEDGE AND HUMAN DIMENSION Humans play a much more important role in content-oriented management approaches. For instance, Wersig's approach to information management does not centre on information technology or formal theories but on how humans handle information in reality. While it is typical for technology-oriented information management approaches to model information systems in a very formal way (entity relationship diagrams, data flow diagrams, etc.), content-oriented concepts use much less formalistic methods. This has also to do with the fact that the term information system has a much wider meaning, which is not only restricted to computers. For this reason, it is not the goal to thoroughly automate and completely formalize information processes. According to Wersig (1989), order should only be established for circumstances where it is essential; allowing creative solutions with their inherent qualities to unfold from what may appear to be chaos. Information Resources Management A series of authors mainly from the information sciences take a holistic perspective on information management integrating more or less all the aspects discussed above. Although there is not a well established term, these approaches are referred to as information resources management in the following. According to Bergeron (1996), IRM is grounded in the following assumptions: Recognition of information as a resource; An integrative management perspective; Management of the information life cycle; A link with strategic planning. Human resource information systems support human resource management in organisations. They include information systems for staffing the organisation, training and development, and compensation administration. HRM websites on the Internet or

207 corporate intranets have become important tools for providing HR services to present and prospective employees. Knowledge Management Knowledge can be divided into two types, Tacit knowledge and Explicit knowledge. Tacit knowledge is implicit, whereas Explicit knowledge is rule-based knowledge that is used to match actions to situations by invoking appropriate rules. An organisation promotes the learning of Tacit knowledge to increase the skills and creative capacities of its employees and takes advantage of Explicit knowledge to maximize efficiency. 195 Assessing the Value and Risk Information System Explicit Knowledge knowledge that can be more easily attained and is often expressed or documented in a formal, systematic manner frequently in words and numbers. Examples include Management Directives, Executive Orders, policy manuals, and reference guides. Explicit knowledge is used in the design of routines, standard operation procedures, and the structure of data records. These forms of knowledge can be found in any organisation. It allows an organisation to enjoy a certain level of operational efficiency and control. Explicit knowledge promotes equable, consistent organisational responses. Tactic Knowledge knowledge that can also be attained, but is not as easily transferred. Tacit knowledge can be attained through dialogue, job shadowing, storytelling, and sharing of best practices and lessons learned. It usually is rooted in an individual's experiences, intuition, insight, judgment, and knowledge of organisational values. Individuals with tacit knowledge are usually considered to be experts within their organisations and frequently sought out for guidance and input. Tacit knowledge includes hands-on skills, best practices, special know-how, and intuitions. Personal knowledge that is difficult to articulate. Tacit knowledge in an organisation ensures task effectiveness. It also provides for a kind of creative vitality intuition and spontaneous insight can often tackle tough problems that would otherwise be difficult to solve. Traditionally the transfer of Tacit knowledge is through shared experience, through apprenticeship and job training. Tacit knowledge is cultivated in an organisational culture that motivates through shared vision and common purpose. An organisation must adopt a holistic approach to knowledge management that successfully combines Tacit and Explicit knowledge at all levels of the organisation. Personal knowledge is leveraged with Explicit knowledge for the design and development of innovative products, services and processes. Check Your Progress 2 Fill in the blanks: 1... is the practice of simply allowing the system to operate with a known risk. 2. A.. analysis is a powerful tool to include in the risk assessment report.

208 196 Computer Applications and Management Information System LET US SUM UP Successful and effective risk management is the basis of successful and effective IT security. Due to the reality of limited resources and nearly unlimited threats, a reasonable decision must be made concerning the allocation of resources to protect systems. Risk management practices allow the organisation to protect information and business process commensurate with their value. To ensure the maximum value of risk management, it must be consistent and repeatable, while focusing on measurable reductions in risk. Establishing and utilizing an effective, high quality risk management process and basing the information security activities of the organisation on this process will lead to an effective information security program in the organisation GLOSSARY Risk: Risk is a function of the likelihood of a given threat-source s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organisation. Assessing Risk: Assessing risk is the process of determining the likelihood of the threat being exercised against the vulnerability and the resulting impact from a successful compromise. Transference: Transference is the process of allowing another party to accept the risk on your behalf. Check Your Progress: Answers CYP 1 1. Risk 2. Quantitative risk CYP 2 1. Acceptance 2. return on investment (ROI) SUGGESTED READINGS Bhatnagar, S.C. and K.V. Ramani, Computers and Information Management, Printice Hall of India Private Ltd, New Delhi, Goyal D.P., Management Information Systems (MIS), Deep & Deep Publications, New Delhi, O, Brien, James A., Management Information Systems, Galgotia Publications (P) Ltd., New Delhi, Scott, George M., Principles of Management Information Systems, McGraw-Hill Book Company, Singapore, Post, Gerald V., Management Information Systems: Solving Business Problems with Information Technology, Third Edition, Tata McGraw-Hill Publishing Company Limited, New Delhi, Davis, Gordon B. and Margrethe H. Olsen, Management Information Systems, McGraw-Hill Book Company, Singapore, 1985.

209 11.14 QUESTIONS 1. What do you mean by quantitative risk assessment? 2. How will you managed risk? Explain. 3. Define OCTAVE. 4. Describe knowledge management in detail. 197 Assessing the Value and Risk Information System

210 198 Computer Applications and Management Information System LESSON 12 SOFTWARE LIFE CYCLE MODELS CONTENTS 12.0 Objectives 12.1 Introduction 12.2 Waterfall Life Cycle Model 12.3 Prototype Life Cycle Model 12.4 Rapid Application Development Life Cycle Model 12.5 Spiral Model 12.6 Verification and Validation Verification vs. Validation Static and Dynamic V&V 12.7 Let us Sum up 12.8 Glossary 12.9 Suggested Readings Questions 12.0 OBJECTIVES After studying this lesson, you should be able to: Explain waterfall life cycle model Describe RAD life cycle model Define verification and validation 12.1 INTRODUCTION A project life cycle is divided into several phases: concept, development, implementation and close-out. In the concept phase, uncertainty is highest as the purpose of the project is defined. In the development phase, project work plans and budgets are defined. In the implementation phase, the actual work on the projects product, service or result takes place. The close out phase marks the completion of work and sponsor or customer acceptance. Software projects follow this same life cycle but have some life cycle models that are distinct from other kinds of projects. There are two unique frameworks involved in software development. They are the predictive life cycle and adaptive software development. Each one differs in their approach to the software development life cycle. The predictive life cycle favors optimization over adaptability, whereas adaptive software development is much more flexible while welcoming change.

211 The predictive life cycle requires that the scope of the project be clearly defined up front to include the schedule and cost of the project. A majority of time is spent clarifying the requirements of the software before anything is constructed. Because so much is invested in planning, deviations from the plan are rare. Within the predictive life cycle, there are several models such as the waterfall life cycle, the spiral life cycle, the incremental build life cycle, the prototyping life cycle, and the Rapid Application Development (RAD) life cycle. 199 Software Life Cycle Models 12.2 WATERFALL LIFE CYCLE MODEL The waterfall lifecycle is the natural way of managing the development something innovative and complex. It or something better, is particularly necessary where the development is subject to a contracted project. Note innovative, for members of this class, writing a program to read a list of numbers, sort them, and print in descending order, contains neither novelty, complexity nor risk. Hence, it requires little or no planning, analysis, design - over and above what can be done almost unconsciously. On the other hand, it is unlikely that a viable dissertation project could be completed without some form of planning and phasing of tasks. We have already mentioned that using the waterfall model: the project proceeds according to clearly defined phases; a preceding phase must be completed before the next starts; phase completion is judged by the outcome of the phase matching the requirements defined by the previous phase. This is natural and logical - how rational and careful people proceed: look before you leap. Not that all software developers, or project students, are rational and careful; and it is easy for the inexperienced to misjudge the levels of complexity, novelty or risk. This lesson gives a detailed analysis of the waterfall lifecycle and techniques associated with structured systems analysis and design. After identifying some shortcomings of these we introduce alternative lifecycles which in some way improve on these inadequacies. You may wonder why we are devoting time and space to a process which is known to be inadequate, there are three good reasons: A good many software standards documents still assume a waterfall lifecycle. Non-technical managers, and those responsible for external development projects, like (demand) such an approach. An understanding of the waterfall process (and its inadequacies) is a prerequisite to study of alternative processes - which, in any case are often based on it. You will have noted our introduction of the term process: we define an information systems development process as a framework for the tasks that are required to build high quality software. In this context software and information system can be taken as equivalent. The phases of a typical waterfall process are: Concept Feasibility analysis User Definition of System Requirements Developer Definition of System Requirements High-Level Design Detailed Design

212 200 Computer Applications and Management Information System Implementation and coding Integration and Test System Test Acceptance Test Operations Maintenance Now, we will analyse these in some detail to show up some of the weaknesses, but first some discussion of formality in the process. Formal Project Lifecycle Some Definitions Deliverable: A document, piece of software, or piece of hardware to be delivered to user (buyer, customer, client) as part of contract; the secret, for large jobs, is to have intermediate deliverables - so that bad news (or good) is known early enough to take corrective action. Analogy: Continuous assessment for university courses; inspection of a house during building. Milestone: One of a number of predefined points during the project which mark completion of part of the work or acceptance of a deliverable by the customer; can mark time at which go-ahead to a next phase is decided; also progress payment points. Analogy: Passing of year s exams and assessments; laying of foundations of a house. Input: Information, data, documentation etc. supplied by user to developer for use during project; e.g. sample employee data for use as test data. Output: Any product of a phase. Review: Inspection of a deliverable (in most significant cases involving user) to see if it meets requirements; success may mark the reaching of a milestone. Baseline: Current agreed plan, specification, or design or system - usually reviewed; cannot be changed, except by express agreement of all parties. Baseline often corresponds to a deliverable.

213 Concept Examples: Current wages software produces errors. Entrepreneur identifies opportunity to develop a computer based system to read children's bedtime stories. Club secretary fed-up keeping manual records. Feasibility: Preliminary exploration of possible solutions/technologies/suppliers. Take a hard look at benefits versus drawbacks and costs of candidate solutions/technologies/suppliers. Is anyone else doing (has done) something similar. Are we in cloud-cuckoo-land? Produce first cut project plan and budgets. Risk analysis. Probably needs involvement of a consultant/systems analyst. User Definition of Requirements: The user documents as much as he knows about the job the system must do. May specify also: schedule and cost constraints; special constraints, e.g. run on a specific platform; all supplementary requirements: documentation, maintenance, quality, standards compliance, intermediate reviews. Problem: Often users don't know what they want, and, even if they do, they cannot express it with any precision. See Prototyping and related processes. Outputs: User Requirements Document (URD). Request for Tender (RFT) or Request for Quotation (RFQ). Developer Definition of Requirements: In reality, this phase needs three sub phases. Initial Analysis: Developer analyses user s requirement and, performs further investigation of requirements, produces developers version of requirements: System Requirements Document (SRD). The SRD is now a specification and part of the contract. Prepare project plan, including costing and schedule. Risk analysis. Problem: Cost estimation. Proposal: We are now in the realm of business contracts and the SRD is now a specification and part of the contract and will probably become a technical annex to a business proposal from developer to user. Detailed Analysis: Starts once business proposal accepted by user. Up to this the developer will have been working unpaid. The main concern in Initial Analysis was the size of the project. This is real systems analysis. Specification of unambiguous and testable requirements. These will be the criteria for user acceptance, see Acceptance Test. Risk analysis: identify risks, analyse, categorise/prioritise, and produce backup-policies. Bad risks may need a Pilot Project to resolve them. See Spiral Model. 201 Software Life Cycle Models

214 202 Computer Applications and Management Information System Problems: (Again) Difficulties in capturing requirements. See Prototyping and related processes. The project can get stuck in the analysis black-hole. Difficulties in specifying requirements with precision and lack of ambiguity (testable). Input: URD. Outputs: Revised SRD. Tender or Quotation (proposal) from developer. Milestones: Kickoff (project start). Software Requirements Review (a Deliverable). High-Level Design: Decompose into subsystems/modules. Allocate to teams or individuals. Design tests for subsystems. Other names are Architectural Design, Preliminary Design, Product Design. Input: SRD Outputs: Architectural Design Document (ADD) (Deliverable). System Test Document (STD) (Deliverable). Milestone: Architectural Design Review. Problem: Does the decomposition technique provide really decoupled modules? That is, Can teams work independently? The answers to these questions have massive implications for maintenance and reuse. See Object-oriented Analysis and Design. Detailed Design: Decompose further into subsystems (or units or components) such that approx. one person can cope. Specify these subsystems. Design tests for (sub) subsystems. Input: ADD. Outputs: Detailed Design Document (DDD). Detailed Test Document (specifications and test data). Milestone: Detailed Design Review. Implementation and Coding: Code and test components each programmer. Notice how far into project. Outputs: Revised Detailed Design Document (DDD). Coded and Tested Software. Test documentation.

215 Integration and Test: Components and modules are brought together to form higher level systems. And tested. Repeat until you have a working system. System Test: You should now have a working system! The full system is tested, in the developer s environment. Acceptance Test: Assess the system against the requirements defined in SRD. Probably done under users control and supervision, and in their environment. Final payment hinges on this. Operations: The system gets used - hopefully! Maintenance: Following we identify four types of development (change) necessitated during maintenance. Correction: Correct defects in the software: defects relating to incorrect requirements, or incorrectly specifications; defects from any of the construction phases bugs. Adaptation: Adapt to changes in the original software and hardware platform, e.g. simpler: MS-DOS to Windows. Complex: stand-alone to client-server. Enhancement: Customer identifies additional requirements. Prevention: After many sets of changes, the software deteriorates, or otherwise becomes difficult to maintain. See Reengineering, Legacy Systems. Problems: Programmers do not like doing maintenance. Maintenance needs a project of its own. It is very uncommon to include maintenance in a (development) contract. Cost estimation. Normal software cost estimation is difficult enough; most estimation models do not include maintenance. Design deficiencies make system impossible to extend. Deterioration of legacy systems. When do you decide to start again from scratch, or reengineer? Discussion for Waterfall Process Summary In this type of development, each of the stages (requirements, design, development, and test) is separate and do not overlap. Each stage has a set of exit criteria which must be met before the next stage can begin. Once a stage has been entered, changes to a previous phase should not happen, but if they are required, the changes tightly controlled. Pros Very straight-forward. Project can move quickly to the implementation phase. Cons Project may miss functionality if not all requirements were captured in the requirements stage. Requires a very specific description of requirements and very little volatility in requirements. 203 Software Life Cycle Models

216 204 Computer Applications and Management Information System Bugs are expensive to fix and new requirements are expensive to incorporate. Complete testing is not possible, as unit testing is not a taken into consideration in this model. A Real Example In the couple of years, , before I took this lecturing job, I was technical manager of a project which developed attitude-and-orbit control software for the ISO (Infra-red Space Observatory) satellite for European Space Agency, see my web page for more details. That project was governed by a number of quality assurance standards, the most applicable of which was the ESA Software Engineering Standards, which, in turn, was based on IEEE and US Department of Defence standards. This standard mandated the waterfall lifecycle. Check Your Progress 1 State whether the following statements are true or false: 1. The waterfall lifecycle is not the natural way of managing the development something innovative and complex. 2. The SRD is now a specification and part of the contract. 3. Components and modules are brought together to form higher level systems PROTOTYPE LIFE CYCLE MODEL The prototyping life cycle model involves heavy user involvement while developers generate functional requirements and physical design specifications simultaneously. A model is created that is analysed, inspected, and tested by knowledge workers who can then offer recommendations to improve it. Prototyping model was probably the first realistic of early models because many aspects of the system are unclear until a working prototype is developed. It was advocated by Brooks in early 60th. Prototype based development requires more talented managers and good planning while waterfall model works (or does not work) with bad or stupid managers works just fine as the success in this model is more determined by the nature of the task in hand then any organisational circumstances. Like always humans are flexible and programmer in waterfall model can use guerilla methods of enforcing a sound architecture as manager is actually a hostage of the model and cannot afford to look back and re-implement anything substantial. Summary Prototyping consists of developing a partial implementation of the system to give the users a feel for what the developer has in mind. The users then give feedback on what they think of the prototype what works and what doesn t and the developer can make changes more easily and efficiently than if the changes were to be made later on in development. Pros May take longer to develop using this method because of the long process of developing prototypes which may be radically altered or thrown-away. Requires a pretty good knowledge of the problem domain in order to create a prototype in the first place.

217 Cons Since it takes longer to get to the implementation stage, not all project resources are needed at the beginning of the project. Allows for less understanding of the overall requirements and for requirements volatility since the users can evaluate and modify the prototype before the final product is produced. 205 Software Life Cycle Models 12.4 RAPID APPLICATION DEVELOPMENT LIFE CYCLE MODEL The Rapid Application Development (RAD) life cycle model focuses on building applications in a very short amount of time with compromises in usability, features, and/or execution speed. The emphasis on speed helps ensure that clients requirements do not change before the cycle is complete, as was often the case when applying the waterfall life cycle model in the past. RAD is, in essence, the try before you buy approach to software development. The theory is that end users can produce better feedback when examining a live system, as opposed to working strictly with documentation. RAD-based development cycles have resulted in a lower level of rejection when the application is placed into production, but this success most often comes at the expense of a dramatic overruns in project costs and schedule. The RAD approach was made possible with significant advances in software development environments to allow rapid generation and change of screens and other user interface features. The end user is allowed to work with the screens online, as if in a production environment. This leaves little to the imagination, and a significant number of errors are caught using this process. The down side to RAD is the propensity of the end user to force scope creep into the development effort. Since it seems so easy for the developer to produce the basic screen, it must be just as easy to add a widget or two. In most RAD lifecycle failures, the end users and developers were caught in an unending cycle of enhancements, with the users asking for more and more and the developers trying to satisfy them. The participants lost sight of the goal of producing a basic, useful system in favor of the siren song of glittering perfection. For this reason, the software development team does not use a pure RAD approach, but instead blends limited prototyping in with requirements and design development during a conventional waterfall lifecycle. The prototypes developed are specifically focused on a subset of the application, and do not provide an integrated interface. The prototypes are used to validate requirements and design elements, and the development of additional requirements or the addition of user interface options not readily supported by the development environment is actively discouraged SPIRAL MODEL In the spiral model, there are five core tasks: planning and design (largely corresponding to the classical analysis phase), approval (requirements specification), realisation (design and implementation), revision (testing and modification), and evaluation (integration and system-level testing). The process iterates through these tasks, getting closer and closer to the end by adding increments (e.g., new functions, new design, new modules, new or improved testing procedures, new or improved parts of the user interface, new integration and testing certificates, and so on) to the product in each iteration.

218 206 Computer Applications and Management Information System The spiral model underlies many processes, such as DBWA (Design by Walking Around), and PADRE (Plan-Approve-Do-Review-Evaluate). The DBWA process combines the spiral model with multiple design views, flexible structuring of development teams, and dynamic changes in modes of working (e.g., working individually, working in pairs, or working in small teams), in order to improve the process efficiency and parallelism. The PADRE process uses the spiral model at multiple levels the project level, the phase level, and the individual software module level thus creating the spiral in a spiral in a spiral effect. Approve Plan Do Evaluate Review and Revise The spiral is a risk-reduction oriented model that breaks a software project up into mini-projects, each addressing one or more major risks. After major risks have been addressed, the spiral model terminates as a waterfall model. Spiral iterations involve six steps: Determine objectives, alternatives and constraints. Identify and resolve risks. Evaluate alternatives. Develop the deliverables for that iteration and verify that they are correct. Plan the next iteration. Commit to an approach for the next iteration. Strengths Early iterations of the project are the cheapest, enabling the highest risks to be addressed at the lowest total cost. This ensures that as costs increase, risks decrease. Each iteration of the spiral can be tailored to suit the needs of the project. Weaknesses It is complicated and requires attentive and knowledgeable management to pull it off. Spiral Summary For projects with risky elements, it's beneficial to run a series of risk-reduction iterations which can be followed by a waterfall or other non-risk-based lifecycle. Variants The spiral model is a variant of "dialectical spiral" and as such provides useful insights into the life cycle of the system. It can be considered as a generalisation of the prototyping model. That why it is usually implemented as a variant of prototyping model with the first iteration being a prototype.

219 12.6 VERIFICATION AND VALIDATION If incorrect data enters the system, it is usually very costly to make the necessary corrections. Also, how expensive would it be to have your operator record a quantity of 100 rather than 10 for a shipment of sport cars? The shipping charges for sending the cars to the customer and then of having them returned would be only one of the costs. While the 90 extra cars were in transit, they would not be available to other customers (which could result in a loss of sales) or could be damaged. There are many methods which are commonly used to verify data entering the system as input. Some of them are: Key Verification: A second operator re-keys the data already recorded. This method is used for verifying data recorded in punched cards or on diskettes and magnetic tapes. Then two floppies are compared to correct record by record which mismatched during comparison after verifying from the original documents. This is most effective method used by Computer Service Bureaus for data validation. Use of Self-checking Numbers: The computer can be programmed to reject numbers that have been transposed or have one or more wrong digits. Check digits and self checking numbers routines can be effectively used for numbers in a series, such as student roll numbers, account numbers, part numbers, or invoice numbers are popular for such jobs. Visually Displaying and Identifying Characteristics: When using a terminal, a part number is entered. Displayed in the VDT is the description of the part, which is then visually confirmed by the operator. Hash Totals: Sometimes numbers are added to produce a meaningless total called a hash total. For example, totalling is made of the quantity of all items purchased. When the records are entered and processed, the hash total is compared to the original total. If the two totals agree, it is an indication that all quantities were entered correctly and all records were processed. Checking between a Range of Numbers: The numbers on the orders being processed on a given day should fall between, say, 4999 (the last number from the previous day) and 6001 (the next order number that will be on all the orders processed by the next day). If the order number recorded on the input record does not fall within that range, an error message will be generated. Reasonableness Test: Based upon past history, some inputs can be checked to see if it is reasonable. For example, because of long standing company policy, it is unlikely that any employee will have more than 20 hours of overtime. If more than 20 hours of overtime are recorded in an employee's current transaction record, an error message will be generated as the data is being edited. Similarly, in "date of birth" field, it is checked that no date is more than 31, month number is not more than 12, and the year is not more than the current year or current year minus minimum age prescribed. Verification of Codes: The pay and fringe benefits are calculated for employees based upon their payroll status, assuming that the valid status code must be either an H' (hourly), 'S' (salaried), 'T' (trainee), or a 'P' (part-time), an error message would be generated if the code used was not on H,S,T or P. Verification of Data Type: Some input fields should contain only numeric data while others should contain only alphabetic data. The fields can be edited to make certain that only the right type of data is recorded in each field. Verification that Certain Combinations of Data Exists: For example, all students may be coded with either a 'W' or 'V'. The 'V' denotes a non-work-study student 207 Software Life Cycle Models

220 208 Computer Applications and Management Information System while the 'W' indicates that the student is on work-study. The only valid account numbers for a work-study student are 2155 and Any other account number for a 'W' coded student is invalid. Sequence Check: If the numbers in the source document are serial and the documents are in order, the input records will also be in numerical sequence. A check can be made by the program to determine whether the records are in either ascending or descending order Verification vs. Validation Verification: "Are we building the product right" The software should conform to its specification Validation: "Are we building the right product" The software should do what the user really requires V & V must be applied at each stage in the software process Two principal objectives Discovery of defects in a system Assessment of whether the system is usable in an operational situation Static and Dynamic V&V STATIC Software inspections Concerned with analysis of the static system representation to discover problems May be supplement by tool-based document and code analysis DYNAMIC Software testing Concerned with exercising and observing product behaviour The system is executed with test data and its operational behaviour is observed Static verification Requirements specification High-level design Formal specification Detailed design Program Prototype Dynamic validation Check Your Progress 2 Fill in the blanks: 1...identifies opportunity to develop a computer based system to read children's bedtime stories. 2. Requires a very specific. of requirements and very little volatility in requirements.

221 12.7 LET US SUM UP Software lifecycle models are not interchangeable. To deliver a quality system, it's critical to know the risks facing your project and to use a model that reduces those risks. The following describes standard project lifecycle models, and reviews their strengths and weaknesses. These standard models can be adapted to fit the industry issues, corporate culture, time constraints and team vulnerabilities which comprise your environment. The software lifecycle is a pivotal concept in the understanding of projects, mapping out the progress of the project from birth to death. However, there seems to be an almost endless confusion over what the project lifecycle is. It is important to understand the project lifecycle, because it is one of the three fundamental dimensions of project concepts; the others being the project processes and the project topics, or knowledge areas. The first mistake is to confuse the product life with the project life. If you would not employ a project manager to supervise your production manager, then the project has finished. At the other end, facility closures are also projects. They start when the production stops and end when the project manager is finished. These are special cases in a product s life and are not normal production, even if that involves mass customization. 209 Software Life Cycle Models 12.8 GLOSSARY DBWA: Design by Walking Around PADRE: Plan-Approve-Do-Review-Evaluate RAD: Rapid Application Development DDD: Detailed Design Document STD: System Test Document Check Your Progress: Answers CYP 1 1. False 2. True 3. True CYP 2 1. Entrepreneur 2. description 12.9 SUGGESTED READINGS Belanger, T.C., Choosing a Project Life Cycle, chapter 6 of Field Guide to Project Management, edited by D. I. Cleland, Van Nostrand Reinhold, NY, 1997, p62. Boehm, B., A Spiral Model of Software Development and Enhancement. IEEE Computer 21, May 1988, pp

222 210 Computer Applications and Management Information System QUESTIONS 1. Explain water life cycle model in detail. 2. What do your mean by RAD life cycle model? 3. Distinguish between verification and validation.

223 211 Microsoft Office UNIT V Business Applications in Business

224 212 Computer Applications and Management Information System

225 LESSON 13 MICROSOFT OFFICE 213 Microsoft Office STRUCTURE 13.0 Objectives 13.1 Introduction 13.2 Starts Office Introducing the 2007 Microsoft Office System 13.4 Office Microsoft Office System Requirements Office 2007 Different Packages Microsoft Office 2007 is Versatile 13.5 Microsoft Word 13.6 Microsoft Excel 13.7 Microsoft Powerpoint 13.8 Microsoft Outlook 13.9 Microsoft Onenote Microsoft Access Microsoft Frontpage Microsoft Project What s New in Office Office 2007 User Interface Using the Ribbon Command Tabs Command Sets Contextual Tools Dialog Launchers Galleries New File Menu Quick Access Toolbar New View Controls Let us Sum up Glossary Suggested Readings Questions

226 214 Computer Applications and Management Information System 13.0 OBJECTIVES After studying this lesson, you should be able to: Describe Microsoft Office 2007 Describe various packages of Office 2007 Explain MS Excel, Word etc INTRODUCTION Microsoft Office 2007 contains the most needed applications a word processor, a spreadsheet program, a presentation program, an and contact management program, a note-taking program and more inside a single system. Office is designed so that its programs work well together, and although you might not need every program in Office, you can easily share information between any Office programs that you do want to use. Program collections such as Office are often called program suites STARTS OFFICE 2007 Follow this procedure to start a program, such as Outlook 2007, on a computer running Windows XP: Click the Start button, point to All Programs, click Microsoft Office, and then click Microsoft Office Outlook Folders on the Windows Vista Start menu expand vertically. Folders on the Windows XP Start menu expand horizontally. Like this you also open any application of office Figure 13.1

227 13.3 INTRODUCING THE 2007 MICROSOFT OFFICE SYSTEM The 2007 Microsoft Office system goes far beyond previous releases in helping you run your business and expand your reach. More than a set of tools for the everyday essentials (word processing, spreadsheets, communication, and more), the 2007 release offers a whole set of integrated new capabilities that support you in marketing and sales functions; offer professional templates for high-quality presentations and documents; and assist you in more efficient, effective, and in some cases, instant communications. Here are just a few of the features you ll want to make sure to try in the 2007 Microsoft Office system. Throughout the 2007 release, you ll find a new, simplified, and results-oriented user interface that gives you just the tools you need when you need them; enhanced integration among all the applications; great new templates; support for PDF and XPS file formats; and features to make sharing your work easier and safer than ever. In Office Outlook 2007, the new To-Do Bar enables you to see at a glance all your upcoming tasks and appointments. You can flag messages to turn them into tasks and also color-categorize contacts, tasks, and messages. The integration of tasks on your daily calendar helps you schedule time to complete important tasks. In Microsoft Office Word 2007, find the style you like by letting Quick Styles show you a fast rendering of the choices you re thinking about making; use building blocks of content for boilerplate text in your documents; add references now with a single click; improve the graphics in your document by using SmartArt; publish to your blog directly from within Office Word 2007; explore the major enhancements in document review and comparison; and create large mailings more easily using the Mail Merge tab. In Microsoft Office Excel 2007, try out dramatically increased processing speed and power, larger worksheets, the powerful charting enhancements, conditional formatting, Web dashboard, and enhanced PivotTable support. In Microsoft Office PowerPoint 2007, experiment with the great new themes, custom layouts, SmartArt and text effects, and style galleries. In Microsoft Office Publisher 2007, use Publisher Tasks to walk you step-bystep through creating your publication, use dynamic previews to see how your publication will look before you finalise options, reuse content you create in other applications in your Publisher materials, and finish your publication with full fourcolor commercial printing support. Additionally, Office Publisher 2007 is seamlessly integrated with Office Outlook 2007 with Business Contact Manager so that you can create, track, and evaluate marketing campaigns. In Microsoft Office Access 2007, work with the dramatically improved user interface to switch among data views, and create tables, reports, lists, queries, macros, and forms easier than ever. New full-featured templates enable you to begin building your own solution based on trackable applications that are ready right out of the box. Gather information by using forms and add the information directly to the related tables in your Office Access 2007 database. In Microsoft Office OneNote 2007, use the new OneNote Guide to learn all about the ins and outs of the program; work with multiple notebooks and sync your 215 Microsoft Office

228 216 Computer Applications and Management Information System notebooks on your desktop, laptop, and mobile devices; add tables, files, and documents easily; share notes in real time using the Shared Live worksessions. In Microsoft Office Groove 2007, learn to create a collaborative workspace that brings together the resources and communication support your team needs whether they are all online together or not. Office Groove 2007 works with Windows SharePoint Services and Microsoft Office SharePoint Server 2007 so that you can easily check out documents from SharePoint document libraries, work on them in your Office Groove 2007 workspace, and return them to the SharePoint site when you re through OFFICE 2007 An application that contains multiple programs, each of which performs a separate function. These programs generally work well together, with each one easily reading the other programs data. The following is a quick overview of the primary Office programs: Word A word processor with which you can create notes, memos, letters, school papers, business documents, books, newsletters, and even web pages. Excel An electronic spreadsheet program with which you can create graphs and worksheets for financial and other numeric data. After you enter your financial data, you can analyse it for forecasts, generate numerous what-if scenarios, and publish worksheets on the Web. PowerPoint A presentation graphics program with which you can create presentations for seminars, schools, churches, web pages, and business meetings. Not only can PowerPoint create the presentation overheads, but it also can create the speaker s presentation notes and print compacted audience handouts. Outlook An program, appointment calendar, meeting scheduler, contact manager, alarmbased reminder, to-do list manager, and notes program. This kitchen-sink approach to a program works well in Outlook; as data moves across your life in s and tasks and notes and appointments, you ll be able to keep track of everything. OneNote A powerful note-taking program for desktops, laptops, and tablet PCs that integrates any kind of data in the notes. You can draw, type, and insert audio, video, and graphics into your notes and place all those elements anywhere on the page you want them to go. Advanced searching techniques make finding your data later simple. In addition to these five major programs, different Office installations include several other programs, such as the Access database that helps you manage, report, and update huge quantities of data. The Publisher program includes desktop publishing capabilities to enable you to produce newsletters, fliers, menus, invitations, certificates, and even simple web pages easily. The Office programs share many common features. This means that after you learn one Office program, it s easier to master the next one due to the similar interface.

229 Word s Ribbon 217 Microsoft Office PowerPoint s Ribbon Figure 13.2 The Office programs share common features to make it easier to learn each program. In addition to working with familiar interfaces in the Office products, you can insert data that you create in one program into another program within the Office suite. If you create a financial table with Excel, for instance, you can put the table in a Word document that you send to your board of directors and embed the table in a PowerPoint presentation to stockholders. After you learn how to use any program in the Office suite, you will be far more comfortable using all the others because of the common interface Microsoft Office System Requirements Microsoft Office 2007 require these features in your system: A PC with an Intel Pentium 500 MHz (or higher) processor. 1 gigahertz (GHz) and 512 MB of RAM or higher for Microsoft Office Outlook 2007 with Business Contact Manager. Microsoft Windows Server 2003 or later, or Microsoft Windows XP Service Pack MB RAM or higher. 2 GB required for installation DVD drive Super VGA (800x600) or higher-resolution monitor (1024x768 recommended). Mouse, touchpad, trackball, or other pointing device (optional). Peripheral devices as needed: printer, scanner, digital camera, microphone, and so on (optional). Broadband Internet connection Office 2007 Different Packages Several versions of Office are available, each with a different intended audience and each with a unique collection of programs. These are the Office 2007 suites available: Office Basic 2007: For home and small-business users. Includes Word, Excel, and Outlook. Office Home and Student 2007: Aimed at home and student users. Includes Word, Excel, PowerPoint, and OneNote.

230 218 Computer Applications and Management Information System Office Standard 2007: Considered the most common programs sought in the Office suite, the Office Standard 2007 includes Word, Excel, PowerPoint, and Outlook. Office Small Business 2007: Supplies the tools that a small business might benefit most from. Includes Word, Excel, PowerPoint, Outlook, and Publisher. Outlook is enhanced with new contact-management capabilities useful for customer follow-up and sales leads with the Business Contact Manager add-in program. Office Professional 2007: Considered to be the suite most favored by medium-tolarger organisations as well as computing-intensive small businesses, the Office Professional 2007 suite includes Word, Excel, PowerPoint, Outlook, Access, and Publisher. Outlook includes the Business Contact Manager extension. Office Professional Plus 2007: Includes all of Office Professional 2007 as well as InfoPath and Communicator, allowing for the handling of forms and communication across a group of collaborators as might be required for large team projects. Office Enterprise 2007: Considered the top suite with everything, it includes Word, Excel, PowerPoint, Outlook, OneNote, Access, Publisher, InfoPath, Communicator, and Groove (another group-collaboration communications system to access Communicator and InfoPath) Microsoft Office 2007 is Versatile The Office products are general-purpose, meaning that you can customize applications to suit your needs. You can use Excel as your household budgeting program, for example, and also as your corporation s interactive balance-sheet system. You can integrate Office into your networked system. This way, Office provides useful features whether you are networked to an intranet, to the Internet, or to both. You can share Office information with others across the network. Office fits well within the online world by integrating Internet access throughout the Office suite MICROSOFT WORD When you need to write any text-based document, look no further than Word. Word is a word processor that supports many features, including the following: Automatic corrections for common mistakes as you type using special automaticcorrecting tools that watch the way you work and adapt to your needs Templates and styles that make quick work of your document s formatting Advanced page-layout and formatting capabilities Numbering, bulleting, bordering, and shading tools Integrated grammar and spelling tools to help ensure your document s accuracy Newsletter-style multiple columns, headers, footers, and endnotes in your publications Graphical tools that enable you to emphasize headers, draw lines and shapes around your text, and work with imported art files in your documents. Figure 13.3 shows a Word editing session. Even though Word is a word processor, you can see from the figure that it supports advanced formatting, layout, and graphics capabilities so that you can produce professional documents, newsletters, invitations, and just about any publication that combines words and pictures.

231 219 Microsoft Office Figure 13.3: Word Easily Handles Text, Graphics, and Advanced Formatted Layout of any Document you want to create 13.6 MICROSOFT EXCEL Excel s primary goal is to help you organise and manage financial information such as income statements, balance sheets, and forecasts. Typically such data is organised into a worksheet, sometimes called a spreadsheet. Excel is an electronic spreadsheet program that supports many features, including the following: Automatic cell formatting; the Live Preview feature makes formatting even quicker than ever before Automatic worksheet computations that enable you to generate a worksheet that automatically calculates when you make a change to a portion of the worksheet Built-in functions, such as financial formulas, that automate common tasks Automatic row and column completion of value ranges, with automatic completion of ranges of data Formatting tools that let you turn worksheets into professionally produced reports Powerful data sorting, searching, filtering, and analysing tools that enable you to turn data into an organised collection of meaningful information Powerful charts and graphs that can analyse your numbers and turn them into simple trends Figure 13.4 shows an Excel editing session. The user is entering balance sheet information for a company s projected assets and liabilities. If you have worked with other worksheet programs, you might be surprised at how fancy Excel can get. Excel s automatic formatting capabilities and the new themes available in Excel 2007 make creating attention-getting worksheets simple.

232 220 Computer Applications and Management Information System Figure 13.4: Excel Helps you Create, Edit, and Format Highly Visual Worksheets 13.7 MICROSOFT POWERPOINT Have you ever presented a talk and longed for a better approach to messy overhead slides? Have you seen the pros wow their audiences with eye-catching, professional computerised presentations? With PowerPoint 2007, there is simply no reason why you shouldn t be wowing your audiences as well. Professional presentations are now within your reach. PowerPoint supports many features, including the following: The use of extensive templates and themes to generate great-looking presentations with little effort Sample designs that provide you with fill-in-the-blank presentations Screen display modes that imitate how you ll eventually project your slides on a larger screen Complete color and font control of your presentation slides A collection of art files, icons, and sounds that you can embed to make your presentations more attention-getting Numerous transitions and fades between presentation slides to keep your audience s attention The capability to save presentations as web pages that you can then present on the Internet. Figure 13.5 shows a PowerPoint editing session. The user is getting ready for a presentation and has only a few minutes to prepare color slides for the meeting. With PowerPoint, a few minutes are more than enough time!

233 221 Microsoft Office Figure 13.5: PowerPoint Helps you Create, Edit, and Format Professional Presentations 13.8 MICROSOFT OUTLOOK Microsoft Outlook 2007 is perhaps the Office program that does the most varied tasks. Outlook lets you manage the details of your life. Not only is Outlook a truly interactive contact, mail, planning, and scheduling program, but it s also fun to use. Outlook helps you do many things with your contact data, including these: Send, receive, and manage from multiple accounts Customize your s backgrounds and automatic signatures that give your s the look and function you need Manage all your personal and business contacts; you can keep track of multiple addresses, phone numbers, mailing addresses, and notes, and even keep a photographic image with the contact so that you ll always remember faces Schedule meetings and use to invite the attendees Color-code appointments, s, and tasks by category so that you can more easily organise your data and spot important data that needs your attention Manage all your appointments, and receive reminders when it s time to act on something in your calendar Track prioritized to-do lists so that tasks will never fall between the cracks again Write notes to yourself that act as yellow sticky notes when you view them in Outlook Figure 13.6 shows an Outlook session. All the user s s appear in the center column showing the recipient and the subject. You click one of these headers to see the s details in the right pane.

234 222 Computer Applications and Management Information System Figure 13.6: Manage Your from Multiple Accounts with Outlook To give you a preview of how Outlook s calendar feature works, the Figure 13.7 shows a three-day view of a calendar that s filled with appointments and reminders. Under your calendar resides your Tasks area. Outlook tasks are things to do that don t have specific start and stop times as appointments and meetings have. As you finish tasks, you cross them off your list by letting Outlook know they re complete. Outlook draws a line through them but keeps track of them for reference. Figure 13.7: Manage Appointments and Tasks with Outlook s Calendar Note: Outlook provides many ways to view your data. You can view a week at a time or a month at a time, or if today s appointments are numerous, you can view just a single day s calendar. When you set reminders for certain items, Outlook pops up a message and alerts you with an audible reminder as those things come due.

235 13.9 MICROSOFT ONENOTE Although Outlook can manage notes for you, Outlook s notes are more limited to small reminders that you might otherwise jot down on a yellow sticky note. To really keep track of notes, you should use OneNote In spite of its name, OneNote 2007 is more than a note-taking program. OneNote is unique in that it manages just about any kind of data you want to manage, including the following: Text Graphics Handwriting (as would be needed for tablet PCs) Scanned data Audio clips Video clips Other Office 2007 program data files OneNote begins with a blank page. What you put on that page and where you put it is up to you. The beauty of OneNote is appreciated only when one tries it. Unlike the other Office 2007 programs introduced earlier, OneNote is more difficult to introduce in a simple features list. The best way to explain what OneNote does is to think of it as a big pad of paper waiting for you to begin doing whatever you might do with a big pad of paper. One thing you might do is take your pad of paper to a meeting and jot notes. You could take minutes of the meeting, write yourself reminders that you ll have to attend to later, perhaps doodle once in a while in the margins, circle important notes you take, underline key words, and if you re really prepared, use a colored highlighting pen to emphasize vital things you put on that pad. Figure 13.8 shows OneNote in action. Note the various forms of data shown: text, a table, graphics, handwriting, a bulleted and numbered list, and web graphics, and they all reside side-by-side on OneNote s screen. 223 Microsoft Office Figure 13.8: OneNote Hardly Cares what kind of Data you add to its pages or where you put that Data

236 224 Computer Applications and Management Information System Note: Perhaps the biggest reason OneNote is so powerful is its capability to search through all your notes quickly. After a year or two of adding to OneNote, you may soon find yourself with information overload. Don t worry, when you want to locate anything you ve stored, just search. OneNote even searches many of your data s graphics trying to locate text within that image that might match your search MICROSOFT ACCESS Before you start working with Microsoft Access you must take note of the following: Access is a member of the Microsoft Office software and therefore it shares most of the features with other applications like Word and Excel. There is generally more than one way to accomplish a task in Access. For instance you can perform a task by clicking at appropriate tool button or clicking at appropriate menu option or by pressing specified key combinations. The methods suggested in the unit are simple ones to get you going. For details you can always press F1 key to use the help facility. Starting a session of Access is no way different from starting any other Windows based application, e.g., Word or Excel. To start a session of Access: Click on the Start Button. Select Microsoft Access from the Program Menu. Click at the icon. As a result, Access session begins in its window. Note that the Access icon may be available at some locations other than that shown here depending on the current configuration of your system. Access Window MS-Access is just another Windows based application and hence its window has all the common components as shown below: Figure 13.9: Access Window