Upload
rusiru-malik-chamara
View
441
Download
17
Embed Size (px)
Citation preview
Management of
Information Systems
Syllabus
Introduction to MIS, IS/IT strategy
Strategic IS/IT planning
MIS applications and SDLC
Alternatives to SDLC
Operations Management
Controls & IS’s
Measuring IT investment and their returns
Reference Books:
Management of Information
Technology
Carroll W. Frenzel & John C. Frenzel
Management Information Systems
Laudon & Laudon
Assessment %
Presentation 10
Pre-Course Assignment 20
Main Assignment 20
End-of Term Exam 50
Introduction to MIS, IS/IT
Strategy
References
Management of Information
Technology - chapter 1,2,3
Carroll W. Frenzel
Management Information Systems –
chapter 1,2
Laudon & Laudon
Information System (IS) Aggregation of components that work
together to process data and produce information
IS can be defined technically as a set of interrelated components that collect (retrieve),process, store & distribute information to support decision making & control in an organization
[Laudon,1998]
Globalization
Transformation of industrial
economies
Transformation of the environment
Why do we need
Information Systems?
Globalization
Success of organizations depends on
their ability to operate globally.
24/7 global service requirements
Global Competition
Global delivery systems
Transformation of Industrial
Economies
Information has become a basic resource
in today’s society – information society
Some services would not exists or would
be too expensive without information.
Transformation of the Enterprise
The traditional hierarchical, centralized
organizations:
Employees are specialists
Operates based on standard rules
Mass produces a standardized product
Can operate without IT
The new flattened, decentralized
organization:
Employees are generalists
Operates on access to real time
information
Produces mass customized products or
services
Relies on IT
Manual
(Pens paper)
Information Systems
Informal Formal
Computer Based
(CBIS)
(Hardware/software)
Types of Information
Systems
Groups
Served
Knowledge &
Data Workers
Type of Information System
Senior Managers
Middle
Managers
Operational
Managers
Strategic
Level
Management
Level
Sales &
marketingManufacturing Accounting HR
Knowledge
Level
Operational
Level
Mangers at different levels of an
organization make different kinds of
decisions
Kind of information necessary to
support their decisions are also different
Therefore, different types of
information systems have to be
designed to meet the various needs
Types of IS
ESS - Strategic level
MIS - Management level
DSS
KWS - Knowledge level
OAS
TPS - Operational level
Transaction Processing
System (TPS)
Found at the operational level of an
organization.
Supports operational Managers &
operations personnel.
It is a computerized system that records the
daily routine transactions necessary to
conduct business.
Main purpose: To answer routine questions
(What happened to Mr. XXX’s payment?) and
to track the flow of transactions through the
organization.
Information must be easily available, current
and accurate.
Usually has high volumes of inputs and
outputs.
Examples: Hotel reservation systems,
order entry systems, banking systems,
airline reservation systems etc.
Main Features :
TPS spans the boundary between the
organization and the environment.
TPS produce information for the other
types of systems.
A failure in the TPS often means
disaster for the organization
Imagine what will happen if:
A reservation system at an airline
fails.
When a bank’s TPS crashes.
Knowledge Work Systems
(KWS)
Supports skilled knowledge workers in
creating and integrating new knowledge.
Examples:
CAD systems used by product designers,
simulation systems, financial systems etc.
Knowledge Workers are people who
create, use and distribute information
such as executives, accountants,
engineers, lawyers etc.
Office Automation Systems
(OAS)
Supports general office work for handling and
managing documents and facilitating
communication.
Used mainly by data workers (clerical staff) to
produce professional documents and to control
the flow of paper work in an organization.
Examples:
Word processors, Spreadsheet
packages, presentation packages,
note taking packages (notepads,
appointment books) etc.
Communication systems for
transmitting messages such as E-mail
and teleconferencing systems etc.
Management Information
Systems (MIS)
Serves the management level of an
Organization.
MIS extracts, process and summarizes data
from the TPS and provides periodic
(weekly, monthly, quarterly) reports to
managers for monitoring, controlling,
decision making and administrative
activities of the organization.
Features of an MIS:
Contains only company internal data
Uses simple routines (summaries and
comparisons )
Relies on existing past & present data
Examples:
Sales management systems,
inventory control systems, annual
budgeting systems etc.
Decision Support Systems
Helps managers make decisions
Have more analytical power than other
systems. These systems use sophisticated
analysis and modelling tools such as what-if
analysis, Goal-seeking /optimization
analysis
Offers users flexibility, adaptability and
quick response.
Use internal information from TPS and MIS
but often brings in information from
external sources (eg: Stock prices or prices
of competitors)
Example: Production scheduling systems,
Pricing analysis systems etc
Executive Support Systems
Helps senior managers address strategic
issues and long term trends, in the
organization and the external environment.
Help answer questions like:
What are the long term industry trends?
What products should we be selling in five
years?
Main purpose: match changes in the external
environment with existing organizational
capabilities
These systems are designed to incorporate
data about external events.
Draws summarizing information from MIS &
DSS.
User friendly, but very expensive to
maintain.
Concepts of Information
Systems
Critical Success Factors
Critical Success Factors are those few areas in
which results, if they are satisfactory, will
ensure successful competitive performance for
the organization.
CFS identifies the areas where things MUST
go right - the necessary conditions for
success
Examples:
The executives of a department store
would probably consider factors such as
its sales promotion efforts to be critical
to its survival and success
Automotive Industry- Styling, Energy
Standards
Hospital- Cost control, healthcare
standards
The CSF method is applied in the form of
interviews usually conducted in two or three
sessions.
1. Goals of the managers are discussed and
recorded. CSF’s that affects these goals are
brought forward.
2. Information needed about these CSFs and
how and where to obtain these information
are established.
Information
Technology’s Strategic
Importance
Strategic Information Systems
• A SIS is an information system which
supports an organization in fulfilling it’s
business goals.
• Information systems whose unique
function or specific application shapes
the organization’s competitive strategy
and provides competitive advantage
for the company.
• Systems that fundamentally change the
organization itself.
• It is not an ESS……
– SIS can be at any level
– SIS achieves competitive advantage
– SIS cannot be outsourced
• Examples: American airlines reservation
system, Stock Brokerage System of Merrill
Lynch.
External Environment
• Refers to the forces and institutions
outside the organization that can
affect the firm’s performance.
• External environment is made up of:
– General environment
– Task environment
General Environment
• Includes everything outside the
organization such as:
– Political environment.
– Economic forces.
– Socio- cultural influences.
– Technological factors.
Task Environment
• The layer of external environment that
directly influences the organization’s
operations and performance.
• This includes sectors that have a direct
working relationship with the
organization. Eg: suppliers, customers
etc.
Porter’s Model
• The model helps to understand the
basic forces affecting an
organization in a competitive
environment.
• These forces include:
– Threat of Potential new entrants into its
industry
– Companies offering substitute products
and services
– Firm’s Suppliers
– Firm’s customers (buyers)
– Firm’s competitors
Threat of new entrants
• If an industry is very profitable, then the
expectation is that new firms may attempt to
enter into the industry
• Threat of new entry is largely determined by
the presence of barriers to entry and exit.
• Barriers of entry are obstacles which prevent
the entry of firms into an industry.
• There are several sources of barriers
to entry:
– Economies of scale
• As a firm grows in size, or as the scale of
production increases, certain economies
occur which serve to reduce the average
cost of production.
– Initial capital requirements
– Legislation/govt regulations
– Advertising and branding etc…
• Barriers to exit refer to the cost of
leaving an industry. The cost of exit
depends upon how industry-specific the
assets of the firm are.
Competition from substitutes
Competition from substitutes depend on:
• Relative price performance of substitutes
• Switching costs
• Brand loyalty of customers for the
product.
Bargaining Power of Suppliers
• Suppliers can exert bargaining powers on buyers by raising prices or reducing quality.
• A supplier group is powerful if:
– Industry is dominated by a few companies
– Product is unique or if it has built up
switching costs
– The industry is not an important customer
of the supplier group.
– If the brand of the supplier is powerful.
Bargaining powers of the buyers
• A buyer group is powerful if:
– Purchases in large volumes.
– Standard products where the buyers can
find alternatives
– The industry’s product is unimportant to
the quality of the buyer’s product or
service
– Buyers pose a threat to making the
industry’s product.
Rivalry between Established Firms
• Numerous equally balanced competitors
create intense rivalry.
– This can be due to lack of differentiation or
switching costs etc.
• Use tactics like:
– Price competition
Sometimes competition can be so fierce between
firms that prices are driven below costs
– Product introduction
– Advertising
• The model shows that competitors must take
strategic actions to:
• Diminish customer or supplier power
• Lower the possibility of substitute
products entering the market
• Discourage new entrants
• Gain competitive edge within the
existing industry
Competitive Strategies
Strategic Thrusts (Wiseman)
• Strategic thrusts are major
competitive moves made by a firm.
These thrusts are:
– Product differentiation
– Cost
– Innovation
– Growth
– Alliance
– Time –added by Frenzel
Product Differentiation
• Create unique new products & services
that can easily be distinguished from those
of the competitors
– Examples:
• Volvo better safely features
• Whirlpool dishwashers that run
quietly …
Or….Perceive products as different from
and better than those of competitors
Differentiation variables….
• Product –
– Design, style, features, performance,
repairability etc
• Service –
– Ordering ease, delivery method,
training, maintenance & repair etc
• Personnel –
– Competency, courtesy, credibility,
reliability, responsiveness etc
Cost
• Reduce costs to the firm
• Increase costs to competing firms
• Make a more upscale product at
lower costs than the makers of
other brands with comparable
features and attribute
• Save costs through:
–Economies of scale through
automation, specialization etc.
–Economies of scope through
extension into additional
operations which can share
infrastructure costs.
Innovation
• Developing new products and
services
• Two kinds:
– Product innovation
• Creation of new products
• New features in existing products
– Process innovation
• To improve efficiency and effectiveness of
a process.
Growth
• Product growth
• Functional growth
– Advantage through expansions,
forward & backward integration
• Geographic growth
Alliance
–Advantage is attained by reaching
agreements , forming joint
ventures, or making strategic
acquisitions
• Improved Cash Flow
• Innovative Products
• Credibility etc.
Time
• Competitive advantage is secured
by rapid responses to changing
market conditions or by supplying a
more timely flow of products or
services
Other Considerations…..
• Organization and Environment
• Financial Implications
• Legal Considerations
Developing the Organization's IT
Strategy
Some definitions
Mission
Overriding purpose in line with the
values or expectations of the
stakeholders.
Johnson & Scholes
Communicates “Who we are, what we
do, and where we are headed”
Therefore, the key elements of a
mission statement can be identified as:
– Obligations to the stakeholders
– Scope of the business
– Sources of competitive advantage
– View of the future
“We are in the business of developing
competencies in people and
organizations through training and
consultancies”
NIBM
Goal
A broad statement of long-term (typically
a time horizon of one year or more)
accomplishments an organization wishes to
attain.
Example:
– To increase the market share
Objective
Specific commitment to achieving a measurable result within a specific period of time , usually a year or less.
An objective should be:
– Specific
– Measurable
– Related to time
Therefore,
– Test 1: does the statement tell what the
intended result is?
– Test 2: does the statement specify when
the intended result is to be accomplished?
– Test 3: can the intended result be
measured?
Examples:
–To achieve an 18% increase in brand
X sales by December 2010.
–To reduce bad-debt loss by Rs
50,000 during the next 6 months.
Mission Increase shareholder's wealth.
Goal Obtain a satisfactory return on
investment (ROI).
Objective A ROI of 16% by the end of year
2010.
Example:
Strategy
A collection of statements that express
or propose a means through which an
organization can fulfill its primary
purpose or mission.-Frenzel
Can be seen as the matching of resources
and activities of an organization to the
environment
A company must either fit its strategy to the
industry environment in which it operates, or
be able to reshape the industry environment
to its advantage through its chosen strategy.
A strategy ….
Strategic Management
Process of formulating and implementingstrategies to advance an organization’s mission and objectives and secure competitive advantage.
Process by which an organization establishes its objectives, formulates actions designed to achieve these objectives in the desired timescale, implements the actions and assesses progress and results.
Strategy Development
Process
Examine the mission statement of the
organization.
Carry out a comprehensive
environmental analysis.
Assess the findings in terms of opportunities
the organization can exploit and threats it
faces.
Analyze the organization’s internal
resources (financial capital, technical
expertise, skilled work force etc) and
thereby identify the Organization’s internal
strengths and weaknesses.
Develop set of Objectives
Formulate the strategies
Assess the performance of the
implemented strategies by examining
and comparing the results with the
original plans.
This will enable an organization to
determine to what level it has achieved
its goals.
Maintenance Process
–Review the environment and reassess
the course of action.
Strategy Document Outline
Examine the nature of business.
Environment surrounding the
business activities.
Goals and objectives the units hope
to achieve.
Strategy ingredients.
Strategy Ingredients
Statement of intended course of action
–Steps should lead to realize objectives
–Be consistent with other interests
–Be preferred over other alternatives
Assumptions
–Major assumptions the strategy
is based on
–Technical capabilities, functional
support, potential competitive
reactions
Risks associated with the strategy
–Nature of risks in the strategy
–Potential impact on the strategy
Available options
–What optional course of action can
offer reasonable insurance against
significant risks
Conditions on which the strategy
depends
–What strategies are the key
dependencies?
–Their nature and significance
Statement of required resources
–HW, SW and staff requirements
Financial Projections
–Revenue, cost and capital requirements.
Alternatives Rejected
–Documentation of alternatives with
reasons for their rejection.
Types of Strategies
A business strategy seeks to determine
how an organization should compete in
each of its businesses.
Strategy is about how to compete
successfully in particular market.
Business Strategies
Concerns are therefore about:
• How advantages could be achieved over
competitors
• What new opportunities could be
identified
• What products or services should be
developed etc.
These strategies have revenue and profit
goals
Functional strategies are directed at
improving the effectiveness of functional
operations within a company such as
manufacturing, marketing, HR, R & D etc
These strategies should support business
strategies.
Functional Strategies
A specific strategy for dealing with
unique threats/situations (usually
outside the normal planning cycle) or
Capitalize on current opportunities
Stand-alone Strategies
The time horizon depends upon the
business the organization is in.
It is usually an annual process
– The time periods are usually analyzed
on a rolling basis, with the horizon
constantly moving forward in
increments of the organization’s fiscal
year.
The Strategic Time Horizon
Strategy Maintenance
Business conditions change with effects on
the strategy. Therefore, strategies require
periodic examinations.
Actual developments must be tracked
against assumptions, dependencies and risks.
Periodically or when deviations arise, the
entire strategy should be re-examined and
updated.
IT strategy Topics
To address Business Aspects
– IT strategies need to be aligned
with the firm’s goals and
objectives.
To capitalize on Technical Issues
–Strategy should reveal the
practical utilization of technologies
in support of the organization’s
goals and objectives.
To comply or achieve Financial
Matters
–IT strategy must match the firm’s
financial ground rules
–Strategy must acknowledge
resource constraint
To address organizational Concerns
–How does IT strategy affect other
areas and vice versa
–The strategy should demonstrate IT
organization’s contribution to the firm
Personnel Considerations
–To recruit, train and keep good
people both in the department and
across the entire firm
Information Technology
Planning
Planning is a process by which strategy is
converted to action.
Good planning is essential to continued
success in a business
Model for IT
Planning
Application Considerations
The application portfolio consists of the complete
set of application programs the firm uses to
conduct its automated business functions.
The plan should deal with the application portfolio
Selection of projects to be implemented
Which application deserves maintenance, revision, or
expansion? Which should be scraped? What new needs
are there? What resources are available to implement
the projects selected?
System Operations
These are the processes for running the
applications of an organization
This includes data collection, application
execution & distribution , Storage of
results etc.
IT managers must plan system operations
to satisfy customers. Therefore, careful
planning must be done to identify their
needs.
This is important as the organization
depends on these outputs for a successful
and efficient operation.
System operations planning should
include:
Service level planning, problem, change and
recovery management, capacity planning
and network planning.
Resource Planning
IT resource items consists of money,
equipment, people and space.
Space plans
Requirements of space and other facilities,
A/C, ventilation, electrical power, telecom
equipment etc.
People plans
Identifies requirements for people according
to skill level and considers their development
and deployment over the planning period.
This addresses hiring, training, re-training
etc.
Financial plans
Summarizes equipment, space, people and
miscellaneous costs.
Administrative Actions
Plan’s assumptions and ground rules should
be clearly laid out.
Coordinate with units that the plan affects.
Plan review meetings with functional
managers , steering committees to guide
the planning process.
Technology Planning
Monitor advances in technology
Assess new technologies for the firm
Evaluate benefits and problems of new
technologies
Areas such as Programming tools,
Operating systems, Vendor application
S/W, Advances in storage devices,
Telecommunication systems etc should be
addressed.
Other Approaches to
Planning
Nolan's Stages of Growth
Nolan's theory about stages of growth
can be used to determine which stage the
firm is in and then make plans according
to the movement to the next stage.
Stages of Growthby Richard Nolan & Cyrus Gibson
1. Initiation
2. Contagion
3. Control
Organizational use of Information Technology
tends to follow a predictable pattern over
time.
4. Integration
5. Data Administration
6. Maturity
Stages:
Critical Success Factors
Any plans formulated by the IT
department should cover the overall
critical success factors for the
organization, so that the necessary
conditions for success are met.
Business Systems Planning
Developed by IBM.
Main objective: to identify the data that is
essential to run a business. Therefore, it focuses
on data and the processes of an organization.
Defines an Information Architecture for the
organization. The basic building blocks of the
architecture are Data Classes and Business
Processes.
Integrated Approach (Sullivan)
BSP
Stage of
Growth
EclecticCSF
Low
Low High
High
Degree of Infusion
Degre
e o
f D
iffu
sion
Sullivan found two factors correlated with
planning effectiveness:
Infusion:
Degree to which IT has penetrated the firm (high
impact or low impact on the firms)
Diffusion:
Extent to which IT is disseminated throughout the
firm (concentrated or spread)
For example, CSF method is suitable if IT has
spread throughout the organization but has a low
impact.
The Planning Horizon
The time over which various plans are
active (time span of the plan)
Three types of plans:
Strategic plans
Tactical plans
Operational plans
The plans cover:
Different time periods
Different amounts of detail
Strategic plan
Represents long term implementation.
Typically covers a period of two years from
now and goes further into the future (about 5
years).
The plan should cover actions for achieving the
long-rang goals and objectives, allocate
resources, convert assumptions to realities,
mitigate risks etc.
Therefore, an organization’s strategic plan is
also a financial statement of projected
revenues, expenses, costs, investments etc.
Tactical Plans (intermediate-range plans)
Covers from now to about two years into the
future.
These plans are usually used to measure
manager performance.
Operational Plans
Short-range, from now to 3 months, based on
prior tactical planning
Provides direction on a day-to-day/week-to-
week basis
Plans are detailed, subject to frequent
modifications.
Used by first-line, non managerial employees
Planning Time
Planning schedules for an organization
should be closely related to its fiscal
calendar.
The entire process is cyclical and
repetitive.
Managing Application
Development
Reasons for development difficulties
• Those associated with programming.
• Problems related to the firm or its
management.
– Inadequate development tools
– Improperly skilled developers
– Environmental factors
• Schedule pressures, unrealistic expectations, company
policies etc
– Weak management controls
Application Project
Management
• Business case development
• Phase review process
• Managing reviews
• Resource allocation and control
• Risk analysis
• Risk reduction actions
• Development managers use these items as a decision-making framework
Steps in application project management
List outs:
• Investment resources and investment returns
– Benefits (tangible and non-tangible)
– Expected costs
In preparing the document:
– State objectives of the project
– Carry out a cost benefit analysis. Use standard
financial analysis methods. (eg: NPV, IRR, PB
methods) for alternative courses of action.
– Calculate ROI
Business Case Development
Phase Review Process
• Occurs when each phase in the SDLC ends.
• End result is a decision to continue the
project, continue with modifications or
terminate it. Therefore, managers require
significant amount of critical information to
accurately assess the project’s progress and
make judgments
The phase review must cover
– Project description
– goals, objectives
– Budget and staffing plans
– Plans Vs. actual accomplishments etc
The review is conducted by:
– IT manager or his representative
– Client
– Reps of all functions influencing or affected by
the project
Managing the Review Process
• Document each phase review clearly.
• Documentation should include:
– Project scope, contents, resources,
schedules
– Phase review results and conclusions
• Prepare summery reports and
distribute to all concerned parties.
Resource Allocation and Control
• Plans and schedules of allocation of
resources for a project.
• The phase reviews should compare
expected resource consumption to
actual
Risk Analysis
• Managers must search for areas of risk.
• Develop quantifiable measures for risk
measurements.
• Track risk measures to recognize trends
over the project’s life.
Risk Reduction
• Eliminating all project risks may be
impossible!! ……but…
• Identification of risky areas is important
• Leading indicators alert the managers
when the project is heading for trouble.
Development Alternatives
Development Choices
Build it your self
Buy it
Let some one build it for you -Outsourcing
End user development
In many organizations, end users are
developing systems with little or no
formal assistance from the specialists.
Examples:
Business application programs for
Accounting,marketing, finance
WP, Spreadsheet , DB design (Access)
Engineering design packages etc
Benefits
Improved requirements determination
User involvement and satisfaction
Breaking the barrier between the user and
the programmers
Problems
Cannot develop large, complex systems.
Lack of proper quality assurance standards
and controls.
Uncontrolled data.
Proliferation of “private” information
systems.
Cannot develop large, complex systems.
Purchased applications
When to purchase ?
Where functions are common to many
companies.
Where in-house resources are scarce.
Advantages
Early availability
Well-known functions
Known and verifiable quality
Lower total cost
Availability of maintenance
Periodic updates
Education and training
Disadvantages:
Strategic systems cannot be purchased.
Integration problems.
Difficult to customize.
Outsourcing
Advantages
Economy
Service quality.
Predictability- Reduces uncertainty of costs
Freeing up human resources for other
projects.
Freeing up financial capital
Reduce risk of failure
Disadvantages
Bureaucratic
Dependency
Changes to specifications - costs MONEY
Diffuses company information
When to outsource?
When there are limited opportunities
for the company to distinguish itself
competitively through a particular IS
application.
When the predictability of
uninterrupted IS service is not very
important.
When outsourcing does not strip the
company of the technical know-how
required for further IS innovation.
When the firm’s existing IS capabilities
are limited, ineffective, or technically
inferior.
Other Alternatives
Partnerships, JVs, alliances etc
Service Bureaus
Eliminates development, maintenance costs
Reduces in-house HW requirements
Developing and
Managing Customer
Expectations
Service Level Agreement (SLA)
It is a contract between a service provider
and the customer that specifies in
measurable terms:
The services provided
Acceptable and unacceptable service levels
Metrics associated with the services
Liabilities on the part of the service provider
and the customer, and
Actions to be taken in specific circumstances.
Establish acceptable service levels for IT
clients. Thereby gives a clear understanding
of what is expected from and delivered by
IT operations
Reduces conflicts, levels expectations, places
IT services on a more business-like basis and
reduces threats from competitive suppliers or
outsourcing
Purpose of a SLA
SLA ContentsEffective date of agreement
Agreements duration
Type of service provided
Service measures
Availability, performance, reliability, response times
Resources needed and/or costs charged
Customer duties and responsibilities
Monitoring and reviewing
Handling of disputes
Reporting mechanism
Signatures
SLA Service Specification - Example
Type of Service Application
Service
Hours of Use
Data entry Inventory
application
Daily
6.00am –
7.00pm
System
Availability:
Week days
Saturday
Sunday
6.00am to 7.00 pm
Can be scheduled 24hrs in
advance
Emergency service only
Problem, Change and
Recovery Management
Problem, change and recovery mgt
ensure service level attainment
Purpose is to correct deviations from
the norm and prevent future deviations
Problem Management
Problem
An incident, event or failure that
negatively impacts the ability to
deliver the services committed in SLA
Process of minimizing the impact of a
problem affecting the service levels
Method for detecting, reporting and
correcting problems affecting the
service-level attainment.
Problem Management
Goals of problem management
Reduce service defects & incidents
Reduce defect cost
..and thereby achieve committed service
levels
Problem Sources
Hardware, Software, Network, Human or
procedural errors, Environmental
conditions
Problem Management
Process
Problem Reports
The purpose is to record the status of
incidents from detection through solution.
The report should include:
Time and duration of incident, description,
category, severity code, individuals
responsible for the solution, estimated repair
date, action taken to recover, actual repair
date, final resolution action.
Problem Logs
Records all problems/incidents and the
actions assigned during some fixed period
( eg: last 12 months).
Problem Determination
Problem Status Meetings
The committee clarifies the problem based on
description, category and severity etc.
Assign priorities, draw up action plans,
decide responsibilities and target dates for
resolution
Status reporting
Resolution status is reported to the
committee
If satisfactory, the problem report is
closed
If change is required change management
process is invoked
Problem Management Reports
Summery reports must be prepared
documenting the effectiveness of the
problem management process.
The summery data can be used to reveal
trends that will enable service providers to
set new service levels.
Benefits of using a formal approach
There is a standard way to approach every
problem. This saves time.
The solutions will be permanent.
The number of incidents will reduce.
Improved quality of IT services.
Learn from the mistakes. This will minimize
failure and reduce the impact of failure.
Obtain a better “first-time fix” rate of
incidents.
Problem Management Success
Process is designed to solve problems and
not to evaluate people.
Managers must foster a free and open
atmosphere.
Participants should take the responsibility of
resolution; not equivalent to accepting
responsibility for causing the incident.
Change Management
Why do we need change
management?
Changes tend to generate problems
Change is a way of life for IT …
Change Management
It is a disciplined approach to analyzing
and implementing system changes.
It is a management technique for
planning, coordinating, handling and
reporting system changes that could
negatively impact service delivery
Goal –
To minimize risks associated with system
changes and in turn..
Maintain highest possible service levels
Change Sources
Hardware changes
OS changes, application software changes
Environmental changes
Procedural changes
Equipment relocation
Problem management-induced changes
Change Management Process
Change Request
Records details of change actions from initiation
through implementation.
The report records:
Description of change, risk assessment, testing
procedure, recovery procedure, implementation
plans etc.
Change Analysis
Prioritization and Risk Assessment
Planning for Change
Management Authorization
Change Management Team
Consists of IT Personnel, HW and SW
vendor liaisons, facility manager etc.
Reporting Change Management
Results
Communicate successful change
implementation to all relevant parties
Periodically assess process effectiveness and
trends using log
Areas requiring change, problem areas,
expectation Vs results, emergency action taken
etc
Change Management benefits
Reduce adverse impact of change on the
quality of the SLA.
Better assessment of cost of proposed
change.
Greater ability to absorb a larger volume
of change.
Recovery Management
Recovery management is the process of
planning to provide services to the
users in the event of a failure or
disaster.
Recovery management needs to examine all
possible “what-if? ” scenarios.
Classify them by severity and potential
occurrence and come up with plans for
dealing with the various scenarios.
High Recovery Planning
Low Contingency
Management
Problem
Management
Risk of Loss
High Low
Plans that deal with potential situations that
have a high probability of occurrence with
risk of loss varying from low to high.
These plans provide backup resources to
help restore services.
Recovery Plans
Contingency Plans
Plans that deal with potential situations that
have a high risk but have a low probability
of occurrence.
The plans ensure successful performance of
critical jobs during periods when services
and resources are lost or damaged.
Crucial Applications
The applications most critical to the firm’s
operation should be identified to enable
prioritization for recovery planning and
implementation.
Understand the tradeoffs that may be
necessary to enable recovery to occur.
Environment
Plans should include all environmental
parameters needed for a successful
operation of every application.
Environmental factors can include:
H/W components, software, communication
resources, new data, knowledgeable
personnel etc
Emergency planning prepares for natural
and man-made disasters and catastrophic
events and must include the entire firm.
Steps should be taken to limit the damage,
solve problems and resume normal business
activities.
Emergency Planning
In emergency planning, early detection &
containment is important to limit the
damage.
Therefore, plans should include procedures
for evacuations, shelter, containment, and
suppression.
Plans must be clearly and concisely
documented, frequently tested, made
known and trained, the potential
personnel.
Strategies
Several strategies may be available
for coping with emergencies and
disasters:
Manual procedures
Back-up systems
Data services
Manual procedures
Least efficient and least desirable.
Suitable for small outages or simple systems
Back-up systems
Back up systems may be located in-house or at
cooperating firms
Service bureau firms can also be used to
handle processing in emergencies.
When planning….
Personnel strategies
In-house staff/external staff
Provisions for notifying key people
Equipment and space planning
Written emergency processes
Emergency personnel roster and
responsibilities
Recovery plan testing
Measuring IT Investments and
Their Returns
Many firms spend around 2-5% of
revenue on IT every year.
Most organizations treat IT expenses as
overheads.
Accounting for IT resources is complex
IT resources take different forms (H/W,
S/W, maintenance, labor, N/W
operations etc)
Many hidden costs (eg: administrative
OH)
Resources are scattered throughout the
organization.
Due to these reasons, IT investments are
restrained due to the incapability of
quantifying the returns.
Therefore, a sound IT cost accounting system
is critical.
Measure progress towards objectives
Provide basis for financial control
Communicate important information to
managers
Measure individual and unit performances
Objectives of Resource Accountability
Recovering Costs from
Client
Helps clarify costs and benefits of IT
services
Strengthen communication between IT
service provider and client.
Reduce unnecessary expenses and thereby
improve the overall effectiveness.
Benefits of IT Cost Recovery
Encourages effective resource use.
Enables IT benchmarking.
Disadvantages
Administrative overheads
Some organizations may not be
intellectually prepared to operate an
effective charge-back system.
Charge-back
It is an alternative IT accounting method which
distributes all costs of IT to users as accurately
as possible, based on actual costs and usage
levels.
Although accurate allocation sounds desirable in
principle, it can create problems in practice.The
most accurate measures of use may reflect
technological factors that are totally
incomprehensible to the user.
Goals of Charge-back Systems
Ease in administration cost effective
Easily understood by customers
Simple parameters make the charging
process easy to administer
Equitable distribution of costs
Promote effective use of IT resources
Provide incentives towards newer
technologies.
Methods for handling IT cost
recovery
Profit Center
An organizational unit or department
designated as a separate entity for the
purpose of revenue generation and
cost collection with decision-making
capabilities.
It is like a business within a business.
Therefore, has its own revenue/profit
targets and expenses.
IT recovers its’ costs and expenses by
charging the clients-> Can develop
profits or losses on its operations
Advantages
Platform for education- Promote business
management
Users and IT managers gain exposure to
financial consequences of otherwise
hidden issues.
Provide benchmarks and comparisons
Helps measure IT effectiveness
Improves financial management
Real costs helps in SLA negotiations, to
make develop/buy decisions of
application portfolio
Disadvantages
Administrative overheads
Not necessarily improve overall
performance
Internal competition, internal friction
Profit itself can be a problem
Cost center
These are divisions that add to the cost
of the organization, but only adds
indirectly to the profit of the
organization.
For example: R & D, marketing,
customer service.
Promotes intensely interactive planning and
budgeting by IT providers and client.
Due to budget mismatches, the planning
process will be iterative.
In the ideal situation:
IT budget = Client’s budget for IT services.
But in actual practice variances will exists.
Variances can be handled by:
Carrying the variance at a higher level
Distributing profit/loss to clients
Adjusting rates
Relationship to Client Behavior
To promote IT use or new technology adoption,
firm can increase IT funding but bare the cost at
corporate level
As the firm mature in IT use, cost-center approach
can be used to improve the effective use of IT
Mature sophisticated firms with attractive IT assets
can adopt profit-centers approach and sell the
services outside
Controls and Information
Systems
Why are computerized systems more
vulnerable than manual systems?
Complex IS cannot be replicated
No visible changes
Procedures are invisible -> not easily
understood or audited
Easy to abuse
Effect of disaster can be more
extensive than in a manual system
Accessible by many individuals
Easy access -> difficult to control
Online systems are even more difficult
to control
Threats to Information Systems
Hardware, software failures.
Personal actions, user errors.
Terminal access penetration, theft of
data, services and equipment.
Electric problems, Fire and other disaster
situations.
Telecommunication problems
New threats
Risk of the Web
Confidential information (credit card
numbers) could be intercepted
Hacking
Computer Viruses and Worms
Creating a Control Environment
Controls: all methods, policies and
organization procedures that ensure
the safety of the organization’s assets,
accuracy and reliability of its records
and operational adherence to
management standards.
Systems are controlled by:
General controls
Application controls
General Controls
Those that control:
The design, security and use of computer
programs and
Security of data files throughout the
organization.
Consists of a combination of system
S/W and manual procedures.
Ensures the effective operation of all
programmed procedures throughout the
organization
General controls are classified as:
Implementation controls
Software controls
Hardware controls
Computer operations controls
Data security controls
Administrative controls
Implementation controls
Examine the system development
process at various points to ensure
that the process is well managed and
controlled.
Use of formal review points to approve
or disapprove system implementation
Establish system feasibility
Documentation of the system
Software controls
Ensures the security and reliability of
software.
Monitors the use of software and
prevents unauthorized access to S/W
Hardware Controls
Ensures the physical security and correct
performance of H/W.
Equipment can be physically secured by:
Restricting access
Protecting from adverse environmental factors
Provision of emergency backups
Use of mechanisms to check H/W malfunction etc.
Computer Operations Controls
Ensures that the programmed procedures
are consistently and correctly applied.
Controls can be applied to:
Computer operations, backup and recovery
procedures, storage, processing of data etc.
Instructions should be fully documented,
reviewed and approved by a responsible
official.
Data File Security Controls
Ensures data files are not subject to
unauthorized access, change or
destruction.
Data can be protected by:
Restrict access to computer terminals
Use of passwords
Restrictions to files etc.
Administrative controls
Formalized standards, rules, procedures
and disciplines to ensure that the controls
are executed and enforced.
Administrative controls include:
Segregation of functions
Written policies/procedures
Supervision
Application Controls
Specific controls unique to each computerized
application
Objectives:
Completeness
All transactions must be entered/recorded.
Accuracy
Data must be accurately captured /recorded
Validity
Maintenance
Application controls are classified as:
Input controls
Processing controls
Output controls
Input Controls
To check data for accuracy and
completeness when data is entered.
Input controls can be for:
Input authorization, data conversions,
data editing etc.
Processing Controls
Routines for establishing that data
are complete and accurate during
updating.
Eg: Run control totals, edit checks
Output Controls
Ensures that the results of computer
processing are accurate, complete and
properly distributed.
Eg: Balance O/P with processed and
I/P, audits of output reports,
specifications of output recipients.
/ University College Dublin An Cotaiste Ollscoile, Baile Atha Cliath
WINTER EXAMINATION - 2006
BACHELOR OF SCIENCE (SRI LANKA) SSc 10
Management Of Information Systems
MIS 2721
Professor Lucas Introna
Professor Andrew Deegan
Ms. Gangani Wickramasinghe *
Time Allowed: 3 hours
Instructions for Candidates
Answer any FIVE questions
All questions carry equal marks
1. Explain the characteristics that distinguish a Strategic Information System (SIS)
from other kinds of systems? Discuss with examples, the different strategic thrusts
an organization could pursue. How can critical success factors of an organization
be used to determine Information Systems opportunities?
2 . What is Strategic Management? Discuss the main elements of a strategy document
with suitable examples: Explain the main types of strategies developed by an
organization. Why is strategy maintenance important?
3. Discuss the elements of an IT organization's planning model with suitable
examples. How can the Critical Success Factors (CSF) approach be used for IT
planning? For what type of company is thi s method of planning useful? Explain
the relationship between strategic and tactical plans. How are operational plans
related to tactical plans?
4. Today, Outsourcing has become a popular development choice for organizations.
Analyze the pros and cons of outsourcing contracts by an organization . What are
the possible risks an organization may face by using purchased applications?
What are its advantages?
5. What is Change Management? Explain, as an IT Manager how you would carry
out the change management process in your organization. What are the benefits
of adopting such a formal approach? How is a Service Level Agreement (SLA)
related to change management?
6. " Computer systems more vulnerable to destruction, fraud, error and abuse as
compared to manual systems". Comment. As an IT Manager, explain how
General and Application controls can help you to protect IT assets from theft,
damage and misuse?
7. What are the objectives of resource accountability? What are the disadvantages of
an IT cost recovery process? What alternatives can IT Managers use to charge for
application development? What are the characteristics of each method?
000
f University College Dublin An Col;iiste Ollscoile. Baile Atha Cliath
WINTER EXAMINATIONS - 2007
Bachelor of Science (Sri Lanka) BSc 11
Management of Information Systems
MIS2006L
Dr. Lucas Introna
Professor Andrew Deegan
Ms. G. Wickramasinghe*
Time Allowed: THREE (3) hours
Instructions for Candidates:
Answer any FIVE (5) questions
© UCD 2007/08/Modular Page 1 of 3
1. Differentiate between the characteristics of a Strategic Information System
(SIS) and an Information System at the strategic level. Discuss Porter's
model of forces governing competition, taking any industry of your choice as
an example. How can critical success factors of an organization be used to
determine Information Systems opportunities?
2. Explain the purpose of developing functional strategies. How are functional
strategies related to a company's business strategy? What are the main
ingredients a strategy statement must cover? Explain with suitable examples.
What role does an environmental assessment play in formulating strategies?
3. What is an Operational Plan? How is an Operational plan related to a
Tactical plan? ABC Ltd has not updated its IT plans for the past few years.
The IT manager has asked your help in initiating an IT planning process.
What advice would you offer to develop a good IT plan? Discuss with suitable
examples. How can Stages of Growth approach be used in IT planning? For
what type of company is this method of planning useful?
4. Discuss the main steps in an Application Project Management process.
Discuss in detail the following software development methodologies and
tools. Analyze the advantages and drawbacks of each method.
a. Object-Oriented Software Development.
b. Rapid Application Development (RAD).
c. CASE tools.
5. What are the other software development alternatives an organization can
pursue other than developing in-house? Discuss the advantages and
drawbacks of two such alternatives. What types of systems are most suitable
for outsourcing? Explain with examples
© UCD 2007/0S/Modular Page 2 of 3
6. What is the purpose of a Service Level Agreement (SLA)? Discuss the
relationship between the disciplines of Problem, Change and Recovery
Management and a Service Level Agreement. Explain the main steps in an
effective Problem Management process. What are the benefits of having
such a systematic approach to handle problems?
7. What are General Controls and Application Controls? As an IT Manager,
explain how General Controls will help you to protect your organization 's IT
assets. "The accuracy of a cost-recovery system is not very important to an
IT Manager". Comment on this statement. Compare and contrast Profit-center
and Cost-center methods for recovering IT costs.
000
© UCD 2007/08/Modular Page 3 of 3
University College Dublin An CoUiiste otlscoile. Bilile Atha Cliath
WINTER EXAMINATIONS 2008
BACHELOR OF SCIENCE (Batch 12) SRI LANKA
Management of Information Systems
Professor Lucas Introna
Professor Andrew Deegan
Mrs. G. Wickckramasignhe •
Time Allowed: 3 hours
Instructions for Candidates:
Answer FIVE (5) questions
All questions carry equal marks
1. "Information and Information Systems have become increasingly important with the
transformation of Industrial Economies". Comment on this statement. What are the main
characteristics of a Strategic Information System? Discuss with examples how "Innovation"
can be used as a competitive move by an organization. Explain the term "Critical Success
Factor". How can organizatious use critical success factors to determine InfOlmation Systems
needs?
2. Explain the terms "Strategy" and "Strategic Managemenf'. Explain the purpose of developing
stand-alone strategies. Why is it important to analyze the environment in order to formulate
strategies? Discuss according to Porter's Model how "new entrants" can affect an organization in
a competitive environment. Consider any industry of your choice as an example.
3. What is an Operational Plan? How is it different from a Strategic Plan? Discuss the main
considerations that smTOund system operations planning? What role does "technology" play in
planning for the IT division? Explain how critical success factors of an organization are used in
IT planning. For what type of organization is this method more suitable?
4. Explain with suitable examples the various software development difficulties related to an
organization or its management. Discuss the essential areas that need to be addressed in
developing a Business Case in software project management. Explain the main objectives of a
Phase Review in Software development. What are the areas a Project Manager must consider as
sources of risk in a project?
5. Discuss in detail the fullowing software development methodologies. Analyze the advantages and
drawbacks of each method.
a. Object..()riented Software Development (OOSD).
b. Test Driven Development (TDD).
What are the other development alternatives available for an organization, other than developing
in-house? Discuss the advantages of one such alternative. What type of system is most suitable to
purchase? Explain with examples.
@ UCD 2008J09IModuiar Page 2 013
6. ''A Service Level Agreement reduces coriflicts between the client and the service provider and
places IT services on a more business-like basis ". Comment on this statement. Explain the
contents of a Service Level Agreement. What is Recovery Management? How is Contingency
Planning related to Recovery Management? Discuss the main considerations that snrround
Contingency Planning.
7. "A well designed cost recovery system improves IT's effectiveness". Comment on this statement.
What are the objectives of resource accountability? Explain the goals of an IT chargeback
system. Discuss the characteristics of a profit center method and cost center method of IT cost
recovery.
000
@UCD 2008AJ9lModular Page 3 of 3