BUSI 1401Foundations of

Information Systems

Mid-term Review

Chapters 1 ~ 5, 12
Time, Location, and Format

Time: Oct 12 at 09:00 – 11:00 am

Location: NI 3020, NI 4038, NI 4050
Format: In-person digital – Bring your laptop to the exam. Take
your charger if you think you need it.
Exam Structure

Chapter 1 to 5, Chapter 12
Multiple Choice: 30 questions, 1.5 marks each, 45 marks in total.
True or False: 5 questions, 1 mark each, 5 marks in total
Short answer questions: 5 questions, 50 marks in total
Chapter 1: Introduction to Information Systems
Informed Users
Who is an informed user?
An informed user is a person knowledgeable about IS and IT.
In general, informed users obtain greater value from whichever
technologies they use.

Benefits of being an informed user:

1. You benefit more when you understand what is “behind” IT
applications
2. You can provide valuable input

3. You can recommend and help select IT applications

4. You will be aware of new technology

5. You understand how IT improves performance

6. Understanding IT is beneficial to entrepreneurs

Chapter 1: Introduction to Information Systems
Digital Transformation

Digital transformation is the business strategy that leverages

IT to dramatically improve employee, customer, and business
partner relationships; to support continuous improvement in
business operations and business processes; and to develop
new business models and businesses.

New technologies that enable digital transformation include big

data, social computing, cloud computing, artificial intelligence,
and more
Chapter 1: Introduction to Information Systems
IT Components
An information system that
uses computer technology
to perform some or all of its
intended tasks

Consist of
Hardware
IT
Software Components
Databases
Networks
Non-IT
Procedures Components
People
Chapter 1: Introduction to Information Systems
IT Components
Hardware consists of devices such as the processor, monitor,
keyboard, and printer. Together, these devices accept, process, and
display data and information.
Software is a program or collection of programs that enables the
hardware to process data.
A database is a collection of related files or tables containing data.
A network is a connecting system (wireline or wireless) that
enables multiple computers to share resources.
Procedures are the instructions for combining these components
to process information and generate the desired output
People use the hardware and software, interface with it, or utilize
its output
Chapter 1: Introduction to Information Systems
IT Components
IT components form the
information technology platform.
IT personnel use these components
(IT platform) to develop information
systems, oversee security and risk,
and manage data.
These activities cumulatively are
called information technology
services.
The IT components plus IT services
compose the organization’s
information technology
infrastructure.
At the top of the pyramid are the
various organizational information
systems.
Chapter 1: Introduction to Information Systems
Different Types of IS
Each Functional Area
Information System (FAIS)
(also known as a departmental
information system) supports a
particular functional area within
the organization:
Human resources (HR)
Accounting
Finance
Marketing
Production/operations
Chapter 1: Introduction to Information Systems
Different Types of IS
Two information systems support
the entire organization:

Enterprise Resource Planning

(ERP) systems
Provide communication
among functional area ISs
through an integrated
database
Processing Systems (TPS)
Support the monitoring,
collection, storage, and
processing of data from
the organization’s day-to-
day operations for basic
business transactions
Chapter 1: Introduction to Information Systems
Different Types of IS
Interorganizational
Information Systems
(IOS): Information systems
that connect two or more
organizations.

IOSs support many

interorganizational operations
Supply chain management
(SCM) systems
Electronic commerce (e-
commerce) systems
Chapter 1: Introduction to Information Systems
Examples of IS
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Business Process
A business process is an ongoing collection of related
activities or tasks that in a specific sequence create a product or
a service of value to the organization, its business partners, and
its customers.
Managing accounts payable, Managing account collection,
Collecting sales taxes

Comprised of three elements:

Inputs: Materials, services, and information that flow through
and are transformed as a result of process activities
Resources: People and equipment that perform process
activities
Outputs: The product or service created by the process
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Effectiveness and Efficiency
Effectiveness focuses on doing
the things that matter; that is,
creating outputs of value to the
business process customer
Making high-quality products,
Meeting the monthly sales
quota.
Efficiency focuses on doing
things without wasting
resources;
Progressing from one process
activity to another without
delay or without wasting
money.
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Business Process Reengineering
Idea of BPR: to become more competitive, businesses need to
radically redesign their business processes to reduce costs and
increase quality
BPR: A radical redesign of an organization’s business processes to
increase productivity and profitability
Examines business processes with a “clean sheet/slate”
approach
Determine how to best reconstruct those processes to improve
business functions
It is not easy -- many organizations found this strategy too difficult,
too radical, too lengthy, and too comprehensive
Failure rate: ~70%
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Business Process Improvement (BPI)

A less radical, less disruptive, and more incremental approach

An incremental approach to move an organization toward
business-process-centered operations
Focuses on reducing variation in process outputs by identifying
the underlying cause of the variation
BPI is usually performed by teams of employees that include a
process expert—usually the process owner
Six Sigma is a popular methodology for BPI
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Business Process Improvement (BPI)

A successful BPI project generally follows five basic phases:

1. Define: The BPI team documents the existing “as is” process

activities, process resources, and process inputs and outputs,

usually as a graphical process map or diagram.
2. Measure: The BPI team identifies relevant process metrics,

such as time and cost to generate one output (product or

service), and collects data to understand how the metrics
evolve over time.
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Business Process Improvement (BPI)

A successful BPI project generally follows five basic phases:

1. Analyze: The BPI team examines the “as is” process

map and the collected data to identify problems with the

process and their root causes.
2. Improve: The BPI team identifies possible solutions for

addressing the root causes, maps the resulting “to be”

process alternatives, and selects and implements the
most appropriate solution.
3. Control: The team establishes process metrics and

monitors the improved process after the solution has

been implemented to ensure the process performance
remains stable.
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Business Process Management

A management system that includes methods and tools to

support the design, analysis, implementation, management, and
continuous optimization of core business processes throughout
the organization.

Important components of BPM:

Process modeling
Business activity monitoring (BAM)
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Business Pressures

Market pressures
Globalization
Changing nature of the workforce
Powerful customers

Technology Pressures
Technological innovation and obsolescence
Information overload
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Business Pressures
Societal/political/legal pressures
Social responsibility
Some corporations and individuals are willing to spend time and money
to address various social problems. These efforts are known as
organizational social responsibility or individual social responsibility.
E.g., Green IT, Digital Divide
Compliance with government regulations

Canadian Sarbanes-Oxley Act (C-SOX) (Bill 198), PIPEDA (Personal

Information Protection and Electronic Documents Act) …
Protection against terrorist attacks
Ethical issues

Information-processing activities, Monitoring employee email, Privacy of

customer data
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Porter’s Competitive Forces Model

The best-known framework for analyzing competitiveness

Identifies five major forces:
1. Threat of entry of new competitors

2. Bargaining power of suppliers

3. Bargaining power of customers (buyers)

4. Threat of substitute products or services

5. Rivalry among existing firms within the industry

Organizations use Porter’s competitive forces model to design

general strategies
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Strategies for Competitive Advantage

To be successful, organizations examine the five forces and determine

how they intend to respond to them
An organization responds to the structure of its industry by choosing
a competitive strategy
Cost leadership: I can sell at a lower price than you can.
Differentiation: I am better because I am different.
Innovation: I am doing something new and you cannot catch up.
Operational effectiveness: I can do the same thing more
efficiently than you can
Customer orientation: I treat my customers better than you do.
Chapter 2: Organizational Strategy, Competitive
Advantage, and Information Systems
Porter’s Value Chain Model
Primary activities: relate to Support activities: Support
production and distribution of primary activities
products and services
Firm infrastructure
Inbound logistics (inputs: (accounting, finance,
receiving & storing inventory)
Operations (using inputs for management)
manufacturing and testing) Human resources
Outbound logistics (storage management
and distribution)
Marketing and sales Product and technology
(convincing customers to development (R&D)
purchase the products
/services) Procurement
Services (supporting customers
with service after sale)
Chapter 3: Ethics and Privacy
Approaches of ethics
Ethics refers to the principles of right and wrong that individuals use to make choices
that guide their behaviour.

Utilitarian approach: An ethical action is the one that provides the most good or
does the least harm.
Rights approach: An ethical action is the one that best protects and respects the
moral rights of the affected parties.
Moral rights can include the rights to make one’s own choices about what kind of
life to lead, to be told the truth, to not to be injured, and to enjoy a degree of
privacy
Fairness approach: Ethical actions treat all human beings equally, or, if unequally,
then fairly, based on some defensible standard.
Common good approach: Respect and compassion for all others is the basis for
ethical actions. It emphasizes the common conditions that are important to the
welfare of everyone
Deontology approach: The morality of an action is based on whether that action
itself is right or wrong under a series of rules, rather than based on the consequences
of that action.
Chapter 3: Ethics and Privacy
Tenets of Ethics
Fundamental tenets of ethics include:
Responsibility means that you accept the consequences of your
decisions and actions.
Accountability refers to determining who is responsible for
actions that were taken.
Liability is a legal concept that gives individuals the right to
recover the damages done to them by other individuals,
organizations, or systems.

What is unethical is not necessarily illegal

For example, a bank’s decision to foreclose on a home can be
technically legal, but it can raise many ethical questions
Death penalty
Chapter 3: Ethics and Privacy
Categories of ethical issues

Four general categories of ethical issues related to IT:

1.

1. Privacy: Collecting, storing, and disseminating information

about individuals.
2. Accuracy: Authenticity, fidelity, and correctness of
information that is collected and processed.
3. Property: The ownership and value of information.
4. Accessibility: Who should have access to information and
whether they should pay a fee for this access.
Chapter 3: Ethics and Privacy
Privacy
Privacy: The right to be left alone and to be free of unreasonable
personal intrusions.
Information privacy: The right to determine when, and to what
extent, information about you can be gathered and/or
communicated to others.

Court decisions in many countries have followed two rules fairly

closely:
The right of privacy is not absolute. Privacy must be balanced
against the needs of society.
The public’s right to know supersedes the individual’s right of
privacy.
Chapter 3: Ethics and Privacy
Informed consent

Methods of informed consent:

Opt-out model permits the company to collect personal
information until the customer specifically requests that the
data not be collected
Opt-in model prohibits an organization from collecting any
personal information unless the customer specifically
authorizes it.
Chapter 4: Information Security and Controls
Unintentional threats

Unintentional threats are acts performed without malicious

intent that nevertheless represent a serious threat to
information security.
Human error (A major category): Carelessness with
computing devices
Social engineering: The attacker impersonates someone else
on the telephone, such as a company manager or an IS
employee
Chapter 4: Information Security and Controls
Deliberate threats
Common deliberate threats:
1. Espionage or trespass

when an unauthorized individual attempts to gain illegal

access to organizational information
2. Information extortion

an attacker either threatens to steal, or actually steals,

information from a company
3. Sabotage or vandalism

defacing an organization’s website, potentially damaging the

organization’s image and causing its customers to lose faith
in the organization
Chapter 4: Information Security and Controls
Deliberate threats

1. Theft of equipment or information

2. Identity theft
deliberate assumption of another person’s identity, usually to
gain access to their financial information or to frame them for
a crime
3. Compromises to intellectual property
Intellectual property is the property created by individuals or
corporations that is protected under trade secret, patent, and
copyright laws
Chapter 4: Information Security and Controls
Deliberate threats
1. Software attacks
Attackers used malicious software—called malware—to infect as
many computers worldwide as possible, to the profit-driven, Web-
based attacks of today
Ransomware

2. Alien software
Alien software is clandestine software that is installed on your
computer through duplicitous methods. It typically is not as
malicious as viruses, worms, or Trojan horses, but it does use up
valuable system resources. It can also enable other parties to track
your Web surfing habits and other personal behaviours.
Adware, spyware, spamware, cookies
Chapter 4: Information Security and Controls
Deliberate threats
1. Supervisory control and data acquisition (SCADA) attacks
Attacking large-scale distributed measurement and control system
SCADA systems are used to monitor or to control chemical, physical, and
transport processes such as those used in oil refineries, water and
sewage treatment plants, electrical generators, and nuclear power plants
in August 2017, there was a SCADA attack on a petrochemical plant in
Saudi Arabia. Security experts determined that the attack was
intended to cause an explosion.

2. Cyberterrorism and cyberwarfare

Malicious acts in which attackers use a target’s computer systems,
particularly through the Internet, to cause physical, real-world harm or
severe disruption, often to carry out a political agenda.
Gathering data, attacking critical infrastructure, for example, through
SCADA systems
Chapter 4: Information Security and Controls
Chapter 4: Information Security and Controls
Risk
Risk management: the process that identifies, controls, and
minimizes the impact of threats, in an effort to reduce risk to
manageable levels.
Goal: identify, control, and minimize the impact of threats
Three processes: risk analysis, risk mitigation, and control
evaluation

Risk Analysis
assessing the value of each asset being protected
estimating the probability that each asset will be compromised
comparing the probable costs of the asset’s being compromised
with the costs of protecting that asset
Chapter 4: Information Security and Controls
Risk

Risk Mitigation
Risk acceptance: Accept the potential risk, continue
operating with no controls, and absorb any damages that
occur
Risk limitation: Limit the risk by implementing controls that
minimize the impact of the threat
Risk transference: Transfer the risk by using other means to
compensate for the loss, such as by purchasing insurance
Chapter 4: Information Security and Controls

Control Evaluation
The organization identifies security deficiencies and calculates
the costs of implementing adequate control measures to
compare against the value of those control measures.
If the costs of implementing a control are greater than the value
of the asset being protected, the control is not cost effective
Chapter 4: Information Security and Controls
Categories of Controls
Control environment (Most Important)
The control environment encompasses management attitudes
toward controls, as evidenced by management actions, as
well as by stated policies and procedures that address ethical
issues and the quality of supervision.
General controls
General controls apply to more than one functional area.
Physical controls, access controls, and communications
controls
Application controls
Controls specific to one application, such as payroll, are
application controls.
Chapter 4: Information Security and Controls
Access Control

Authentication: confirms the identity of the person requiring

access
Authorization: determines which actions, rights, or privileges
the person has, based on their verified identity.
Chapter 5: Data and Knowledge Management

Clickstream data: the data that visitors and customers

produce when they visit a website and click on hyperlinks

Data rot: Problems with the media on which the data are stored
Temperature, humidity, and exposure to light can cause
physical problems with storage media and thus make it
difficult to access the data.
Finding the machines needed to access the data could be
difficult.
Chapter 5: Data and Knowledge Management

Data governance is an approach to managing information

across an entire organization.
A subset of IT governance
It involves a formal set of business processes and policies that
are designed to ensure that data are handled in a certain, well-
defined fashion.
The organization follows unambiguous rules for creating,
collecting, handling, and protecting its information.
Objective: make information available, transparent, and useful
for the people who are authorized to access it, from the moment
it enters an organization until it becomes outdated and is
deleted.
Chapter 5: Data and Knowledge Management
Master and transactional data

Master data are a set of core data, such as customer, product,

employee, vendor, geographic location, and so on, that span the
enterprise’s information systems.
Transactional data are generated and captured by operational
systems, describe the business’s activities, or transactions.
Master data are applied to multiple transactions, and they are
used to categorize, aggregate, and evaluate the transactional
data.
Chapter 5: Data and Knowledge Management
Master and transactional data
Chapter 5: Data and Knowledge Management
Master and transactional data
Master data is relatively permanent data collected on entities in
the business.
E.g., date describing employees, inventory items, departments,
and licenses.
Transaction data are the records of day-to-day business events.
E.g., Purchase orders, sales invoices, and payroll disbursements.
Master data are applied to multiple transactions
E.g., the PURCHASE_ ORDER table would need master data from
the SUPPLIER and INVENTORY tables in order to determine
whom the order goes to and what items are on the order.
Source: Bradford, M. (2015). Modern ERP: select, implement and use
today’s advanced business systems ([3rd ed.]). Lulu.
Chapter 5: Data and Knowledge Management
File management environment

Mid-1950s ~ early 1970s: File Management environment

Data file: a collection of highly related records
Each application has a specific data file related to it

Problems with file management

Data redundancy: The same data are stored in multiple
locations.
Data isolation: Applications cannot access data associated
with other applications.
Data inconsistency: Various copies of the data do not agree.
☞ Database systems minimize these problems.
Chapter 5: Data and Knowledge Management
Big Data

Big Data is a collection of data that is so large and complex

that it is difficult to manage using traditional database
management systems.

Big Data is about predictions

Predictions come from applying mathematics to huge
quantities of data to infer probabilities.

Diverse, high-volume, high-velocity information assets that

require new forms of processing in order to enhance decision
making, lead to insights, and optimize business processes
Chapter 5: Data and Knowledge Management
Big Data

Extreme volume: Huge volume of big data

Rapid velocity: The rate at which data flow into an organization
is rapidly increasing
Diverse variety: Big Data formats change rapidly: satellite
imagery, broadcast audio streams, digital music files …
Chapter 5: Data and Knowledge Management
Data warehouse and data mart

A data warehouse is a repository of historical data that are

organized by subject to support decision-makers within the
organization.
A data mart is a low-cost, scaled-down version of a data
warehouse that is designed for the end-user needs in a strategic
business unit (SBU) or an individual department.
Chapter 5: Data and Knowledge Management
Data warehouse and data mart
Basic characteristics of data warehouses and data marts
Organized by business dimension or subject
Data are organized by subject—for example, by customer,
vendor, product, price level, and region.
Use online analytical processing (OLAP)
Organizational Database: Online transaction processing
(OLTP): business transactions are processed online as soon as
they occur.
Data warehouses and data marts: online analytical
processing (OLAP): the analysis of accumulated data by end-
users
Integrated
Data are collected from multiple systems and are then integrated
around subjects
Chapter 5: Data and Knowledge Management
Data warehouse and data mart
Basic characteristics of data warehouses and data marts (Cont.)
Time variant
Data warehouses and data marts maintain historical data;
that is, data that include time as a variable. A warehouse
or mart may store years of data.
Nonvolatile
Data warehouses and data marts are nonvolatile—that is,
users cannot change or update the data.
Multidimensional
Data warehouses and marts store data in more than two
dimensions.
E.g., Data cube
Chapter 5: Data and Knowledge Management
Data quality dimensions
Accuracy: the degree to which data represent real-world things,
events, or an agreed-upon source
Completeness: the percentage of data populated vs. the
possibility of 100% fulfillment
Less or no missing data
Consistency: Consistent data can be explained as how close your
data aligns or is in uniformity with another dataset or a reference
dataset.
Uniqueness: The occurrence of an object or an event gets
recorded one time in a dataset.
An event or entity should only get recorded only once. No one
wants duplicate data because it can cause double counting or
create misreporting
Chapter 5: Data and Knowledge Management
Data quality dimensions

Timeliness: It is the time lag between actual event time vs. the
event captured in a system to make it available for use.
ASAP
Validity: Data validity describes the closeness of data value to
predetermined values or a calculation.
A liquor shop cannot have a customer who is less than 19
years old.
Chapter 5: Data and Knowledge Management
Knowledge and knowledge management
Knowledge management (KM) is a process that helps organizations
manipulate important knowledge that makes up part of the
organization’s memory, usually in an unstructured format.
Explicit knowledge deals with more objective, rational, and technical
knowledge.
Codified and documented in a form that can be distributed to others
or transformed into a process or a strategy.
E.g., an organization’s policies, procedural guides, reports, products,
strategies, goals, core competencies, and IT infrastructure of the
enterprise
Tacit knowledge is the cumulative store of subjective or experiential
learning.
Generally imprecise and costly to transfer
Highly personal, difficult to formalize or codify
E.g., an organization’s experiences, insights, expertise, know-how,
trade secrets, skill sets, understanding, learning, and culture.
Chapter 12: Data Analytics

Business analytics encompasses not only applications but also

technologies and processes
It includes both “getting data in” (to a data mart or
warehouse) and “getting data out” (through BA applications)

Not all organizations use BA in the same way:

BA in smaller organizations: Excel spreadsheets
BA in larger organizations: Enterprise-wide, a wide variety of
applications

BA is a competitive necessity for organizations

Chapter 12: Data Analytics
Online analytical processing (OLAP)
“Slicing and dicing”: Extract a
sub cube
E.g., selecting “Canada” for
the country dimension and
“2023” for the Date
dimension
“Drilling down” in the data to
greater detail
E.g., “year” to “month” to
“day” in the Date dimension
“Rolling up” the data to
greater summarization (less
detail).
Chapter 12: Data Analytics
Decision support systems (DSS)

Combine models and data to analyze semistructured problems

and some unstructured problems that involve extensive user
involvement
Can contribute to all levels of decision making
Employ mathematical models
Sensitivity analysis, what–if analysis, and goal-seeking
analysis