1

COURSE CODE: MAS 1204

COURSE NAME: BUSINESS INFORMATION SYSTEMS
COURSE LEVEL: 1 (SEMESTER II)
CREDIT UNITS: 3 Credit Units

Learning Outcomes
 Identify and describe the nature, types and use of information
 Identify and describe computer technology in a business context
 Develop business strategies using information systems
 Explain various IT hardware, software, networking, and communication technologies
 Explain the appropriate procedures of building or acquiring information system
 Describe security and ethical issues related to information systems

1.0 INTRODUCTION TO INFORMATION SYSTEMS MANAGEMENT

Over the years, a transformation to an information society has been taking place, and computers and
telecommunications technologies have changed the way that organisations operate. We live in an
information age, and no business of any size can survive and compete effectively without embracing
information technology. Information is a resource of fundamental importance to an organisation. It
is necessary to understand how to apply modern technology in a business in order to achieve the
goal of the organisation. Information is the key to effective planning and efficient management of
any organisation. Information collected, stored and analyzed under Business Information Systems
can be directly utilised for both day-to-day operations and for planning.

1.1 DATA AND INFORMATION

Before we provide a definition for information systems, we first explain the terms ‗data‘,
‗information‘, and systems.

1.1.1 DATA

The word data is the plural of datum, which means fact, observation, assumption or occurrence.
Data consists of raw facts about an issue, event or situation, such as an employee‘s name, number
of hours worked in a week, sales order, patient‘s illness etc. More precisely, data are representations
of random facts pertaining to people, things, ideas and events. Data are represented by random
symbols such as letters of the alphabets, numerals, words, values or other special symbols or
images. Data can exist naturally or be created artificially. Artificial data is often produced as a
byproduct of another business process.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 2

Types of Data

 Alphanumeric Data: this represents numbers, letters, and characters

 Image Data: this represents graphic images, and pictures
 Audio Data: this represents sounds, noise or tones
 Video Data: this represents moving images or pictures.

Data Processing
Each organisation, regardless of its size or purpose, generates data to keep record of events or
transactions that take place within the business. Generating and organizing this data in a useful way
is called data processing. Data Processing is also referred to as manipulation of data into a more
useful form. Such processing could include numerical calculations, operations (e.g. classification of
data), transmission of data from one place to another. Organisations undertake data processing
activities to obtain information with which to control and support all activities of the organisations.

We can identify two types of processing cycles:

 Basic Data Processing cycle and
 The Expanded Data Processing cycle

Basic Data Processing Cycle

This includes the three basic steps: Input, Processing, Output.

Figure 1: The Information Process

 Input: The activity of gathering and capturing raw data e.g. using a keyboard, mice, camera,
biometric scanner etc. Also at this step initial data or input data are prepared in some
convenient form for processing. E.g. computers input data is recorded into input medium
such as internal memory, cards, disks, flash etc.
 Processing: In information systems processing involves converting or transforming data into
useful outputs using a Central Processing Unit (CPU). Input data are changed, or combined
with other information to produce data in a more useful form. This can include filtering,
calculating (aggregating, dividing, summing, subtracting), recording, duplicating, sorting,
merging, verifying, deleting, etc. E.g. pay checks may be calculated from the time cards or a

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 3
summary of sales for the month may be calculated from the sales orders.
 Output: In information systems, output involves producing useful information usually in the
form of documents and reports.eg using monitors, printers. Results of the preceding
‗processing‘ step are collected. The form of the output result depends on the use of the data.
E.g. pay checks for employee, printed summary of monthly sales for management, or data to
be stored for further processing.

Expanded Data Processing Cycle

The expanded data processing cycle includes additional steps such as Origination, Distribution, and
Storage.
 Origination: refers to the processes of collecting the original data into source documents. E.g.
graded test papers
 Distribution/Dissemination: refers to distribution of the output to where it is needed for
immediate use of storage. Recordings of the output data are often called report documents.
E.g. class grade sheets
 Storage: is a crucial step in many data processing procedures. The processed results are
stored for use as input data in the future. A unified set of data storage is called a file which
consists of records. A collection of files forms a database.
 Monitoring and Feedback
 Controlling

Advantages of Electronic Data Processing

Over the ages data processing systems have evolved from very manual systems that are motorised
by human hands, through electromechanical devices, to electronic devices of the modern age that
continue to evolve. There are several advantages of electronic data processing
 Speed and Accuracy
 Automatic operations: Carry out a sequence of many different data processing operations
without human intervention
 Decision making capability: Computers can perform certain decision instructions
automatically like determining whether a statement is true or false. Based on that result,
choosing one or the other course of action out of alternatives.

Types of Processing
 Batch processing: Refers to processing of data or information by grouping it into groups or
batches. Also known as serial/sequential, tacked/queued of offline processing. The
fundamental of batch processing is that the different jobs of different users are processed in
the order received. Once the stacking of jobs is complete, they are sent for processing while
maintaining the same order. This processing of a large volume of data helps in reducing the
processing costs thus making it data processing economical. Examples include: Examination,
payroll and billing system.
 Real time processing: This processing method entails processing where the results are
displayed immediately or in lowest time possible. The data fed into the information system is
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 4
used almost instantaneously for processing purpose. No lag is expected in this processing
type. Receiving and processing of transaction is carried out simultaneously. This method is
costlier than batch processing because the hardware and software capabilities are better.
Example includes banking system, tickets booking for flights, trains, movie tickets, rental
agencies etc.
 Online processing: The nature of processing of this type of data processing requires use of
network connections and data is stored and used on different or remote computers. The job
received by the system is processed at same time of receiving. This can be considered and is
often mixed with real-time processing. It depends on having good networks.

1.1.2 INFORMATION

By itself, data is not that useful. To be useful, it needs to be given context. By adding the context,
data is converted into information. When data are organized or arranged in a meaningful manner
(data processing), they become information. Therefore, information can be viewed as a collection of
facts (data) organised in such a way that they have additional value beyond the value of the facts
(data) themselves. Defining and organizing relationships amongst data creates information.

Data and Information Classification

Organisational information systems capture data, process and output information for dissemination
to the right place or persons. This data and information in the organisation comes from different
sources and is used for various purposes to enable the organisation to achieve its goals. We can
classify this information based on different things.

Information Classification according to its Source

 Internal (activities, transactions, and employees of the organisation)
 External (from the various partners, public domain, customers etc)

Information Classification according to its Form

 Structured (Presented in Reports, Receipts, Tables, and graphs)
 Unstructured (Delivered verbally or on ad-hoc basis)
 Formal (agreed or established way of reporting and communication, e.g. reports, account
statements)
 Informal (ad-hoc communication e.g. grapevine, conversation, unconfirmed notes)

NB: Information transmitted by formal means tends to be presented in a consistent manner and will
often use the same basic formats. This allows the recipient to quickly and easily locate items of
interest. Because formal information is usually more structured, it is most likely to present a
comprehensive look of the situation it describes. It tends to be more accurate and relevant since it is
created for a specific purpose. However, information that is presented formally may be rigid and
limiting in terms of the type, form and content.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 5

Information Classification in Terms of its Purpose and Application

TARGET
PURPOSE SOURCE TYPE OF INFORMATION
AUDIENCE
The materials used to promote the
Promotional external internal
organisation‘s products or services.
The data collected and provided to support
business decisions, such as planning and
budgeting, business intelligence, market
internal internal/external
intelligence, competitive intelligence,
Decision
customer and business partner feedback,
Support
and operations and functional control.
The information provided to stakeholders
external internal such as annual financial reports and
sustainability reports.
Company data such as latest news,
internal/external community activities, and internal
internal
information such as organisational changes,
Informational
promotions, and the like.
General information, such as opinions
external internal
expressed in blogs.
Instructional information such as best
internal internal/external
practices and manuals.
Activity
Training information such as best practices
Support
external internal and manuals for using products and
services. Often embedded.
internal/external Data processed for transactions such as
internal
order-to-cash and procure-to-pay.
Transaction
Data sent to partners in the value chain to
Processing internal/external
external perform transactions, such as orders and
bills of materials.
Information collected from
employees/teams, and shared through
wikis, different library reports, and research
Knowledge internal internal/external studies to buildup the knowledge base as
Building information source for decision making.
The information can be classified on its
usage.
Training and how-to materials; often sold to
external internal
customers.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 6

Structured Example: Example:

Monthly Sales Sales figures
Report Supplier directory
Market research
report

Unstructured Example: Example:

Verbal report Recorded call from
Informal Emails call centre.
Informal Formal

Figure 2: Information Classification Matrix

1.1.3 SYSTEM

Simply put, a system is an organized collection of parts (or subsystems) that are highly integrated to
accomplish an overall goal.

The system has various inputs, which go through certain processes to produce certain outputs,
which together, accomplish the overall desired goal for the system. Not every system has a single
goal and very often systems are made up of many smaller systems (subsystems), all contributing to
meeting the overall system objective. For example, an organisation is made up of many
administrative and management functions, products, services, groups and individuals all working to
achieve overall organisational objectives. If one part of the system is changed, the nature of the
overall system is often changed, as well -- by definition then, the system is systemic, meaning
relating to, or affecting, the entire system.

There are numerous types of systems which range from simple to complex. For example, there are
biological systems (for example, the heart), mechanical systems (for example, a thermostat),
human/mechanical systems (for example, riding a bicycle), ecological systems (for example,
predator/prey) and social systems (for example, groups, supply and demand and also friendship).
In organisations too there are common ways of referring to systems:
 Simple System and Complex System: A simple system has few components and the
relationship or interaction between elements is uncomplicated and straight forward. A
complex system has many elements that are highly related and interconnected. Complex
systems, such as social systems, are comprised of numerous subsystems, as well. These
subsystems are arranged in hierarchies, and are integrated to accomplish the overall goal of
the system. Each subsystem has its own boundaries, and includes various inputs, processes,
outputs and outcomes geared to accomplish an overall goal for the subsystem. Complex

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 7
systems usually interact with their environments and are therefore open systems.
 Open and Closed System: An open system interacts with its environment while a closed
system has no interaction with the environment. A closed system does not take in
information and therefore is likely to atrophy, that is to vanish. An open system receives
information, which it uses to interact dynamically with its environment. Openness increases
the system‘s likelihood to survive and prosper.
 Stable and Dynamic System: A stable system undergoes very little change over time while
a dynamic system undergoes rapid and constant change over time. All organisations are
dynamic systems that operate as subsystems within the environment.
 Adaptive and Non-Adaptive System: An adaptive system (sometimes known as-organizing
or cybernetic) responds to changes in the environment and modifies its operation
accordingly. The outputs obtained from system may respond to sometimes uncertain system
may respond to the same stimuli in different way. Examples of adaptive systems include
human beings, plants and business organisations. Non adaptive system is not able to change
to change in response to changes in the environment.
 Permanent and Temporary System: A permanent system exists for a relatively long period
of time while a temporary system exists for only a relatively short period of time.
 A high-functioning system continually exchanges feedback among its various parts to
ensure that they remain closely aligned and focused on achieving the goal of the system. If
any of the parts or activities in the system seems weakened or misaligned, the system makes
necessary adjustments (control) to more effectively achieve its goals.

Therefore we can say in order to monitor the performance of a system, some kind of feedback
mechanism is required. In addition control must be exerted to correct any problems that occur and
ensure that the system is fulfilling its purpose.

Figure 3: Open System

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 8
1.1.4 INFORMATION SYSTEMS

An Information System (IS) is a set of interrelated components that collect, manipulate, store and
disseminate data and information to achieve an objective or goal. In order for an information system
to support the organisation it should have a feedback and control mechanism that improves the
function of the system. Business Information Systems are the combination of hardware, software,
communication networks and procedures that people and organisations use to collect, filter, process,
create, and distribute data and information for their success. In Business Information Systems
(BIS), the feedback mechanism helps organisations to achieve their goals such as increasing profits
or improving customer service. Examples of Business Information systems include Accounting IS,
Human Resource IS, Inventory Information System, Results Management Information System and
many others.

Components of an Information System

Information Systems are made up of six components:
1. hardware(machines and media),
2. software(programs and procedures),
3. networks (communications media and network support)
4. data(data and knowledge bases),
5. people(end-users and IS Specialists), and
6. processes/procedures
The components work together to perform input, processing, output, storage, and control activities
that convert data resources into information products. The first three fit under the category
technology but people and process/procedures are really what separate the idea of information
systems from more technical fields, such as computer science. In order to fully understand
information systems, one must understand how all of these components work together to bring value
to an organisation.

The role of an information system is to convert data from internal and external sources into
information that can be used to aid effective decisions making. An organisation may have different
types of information systems, some of which are useful for the day-to-day operational decisions,
and some of which are used in making tactical and strategic decisions.

Activities of an Information System

Information systems are required to run the day-to-day operations in an organisation. The three
main activities of IS are to input, process and output data and information.
 Input: In information systems, input is the activity of gathering and capturing raw data eg
using a keyboard, mice etc.
 Processing: In information systems processing involves converting or transforming data into
useful outputs using a Central Processing Unit (CPU).
 Output: In information systems, output involves producing useful information usually in the
form of documents and reports.eg using monitor, printers.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 9

However, a cybernetic information system is one that includes the activities of feedback, and
control. This is a self-monitoring and self-regulating system.
 Feedback: is data or information about the performance of a system. For example, data
about sales performance is feedback to a sales manager.
 Control: involves monitoring and evaluating feedback to determine whether a system is
moving toward the achievement of its goal. The control function then makes necessary
adjustment to a system's input and processing components to ensure that it produces proper
output. For example, a sales manager exercises control when he or she reassigns salespersons
to new sales territories after evaluating feedback about their sales performance.

Study Questions: Explain your answers

1. Are computers the same as information systems?

2. How different is an Information System from Information Technology?
3. Differentiate between the following: Information System (IS), Management Information
System (MIS), and Information System Management (ISM).
4. Are all IS computerized?
5. Identify at least two IS that you use.

ATTRIBUTES OF INFORMATION QUALITY

Organisations today cannot be successful by only providing the technology that processes and
delivers information. They must also understand the value of the information relevant to the
business, and the ways it is created and used. Bad information can lead an organisation to waste
resources on ineffective projects, but quality information can identify needs, direct targeted services
and create efficiencies in every day work.

Quality information is defined as "information that is suitable for all of an organisation's purposes."
The challenge for the organisation is to make sure that the data can be used to perform the tasks
identified as requiring that information. The following attributes provide a guide to determining the
quality of information:

1.2.1 Content Dimension

This describes the scope and content of the information. It has aspects such as:
 Accuracy: Accurate information is error free. In some cases, inaccurate information is
sometimes generated because inaccurate data is fed into the transformation process (this is
commonly called garbage in, garbage out [GIGO]). If information is inaccurate, it is of
limited value to a business.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 10
 Completeness: Complete information contains all the important facts. For example, an
investment report that does not include all-important costs is not complete.
 Relevancy: Relevant information is important to the decision maker and related to the needs
of the user for a specific situation. Information that wood prices might drop may not be
relevant to a computer chip manufacturer.
 Conciseness: Only the information that is needed is produced. In fact, too much information
can cause information overload, whereby a decision maker has too much information and is
unable to determine what is really important.
 Scope: Appropriate scope (broad vs. narrow)
 Performance: Appropriate for measuring progress, activities etc

1.2.2 Form Dimension

Describes how the information is presented to the recipient. It has aspects such as:
 Clarity: Information produced should be understandable and clear to the decision maker or
users. Information should be simple and not overly complex to the user.
 Detail: complexity vs. abstract. Sophisticated and detailed information may not be needed.
 Order: Quality information should be arranged or organised in a way that is valuable to the
decision maker. For example a receipt, or invoice.
 Presentation: Quality information should be packaged in a way that is most favourable to
the decision maker. Narrative, Numeric etc
 Media: hard vs. soft (audio, video etc)

1.2.3 Cost Dimension

 Economical: Information should also be relatively economical to produce. Decision makers

must always balance the value of information with the cost of producing it.
 Flexibility: Flexible information can be used for a variety of purposes. For example,
information on how much inventory is on hand for a particular part can be used by a sales
representative in closing a sale, by a production manager to determine whether more
inventory is needed, and by a financial executive to determine the total value the company
has invested in inventory.

1.2.4 Time Dimension

This describes a time period within which the information deals, and the frequency within which the
information is received. Aspects under the time dimension are:
 Timeliness: Timely information is delivered when it is needed. Knowing last week‗s weather
conditions will not help when trying to decide what to wear today.
 Currency: is up to date (current),
 Frequency: The information is produced as often as needed. Daily reports, or annual
performance reports being received at the right time.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 11
 Time Period: Information is given for the correct time period (past, present or future).

1.2.5 Security Dimension

 Reliability: Reliable information can be depended on. In many cases, the reliability of the
information depends on the reliability of the data collection method. In other instances,
reliability depends on the source of the information. A rumor from an unknown source that
oil prices might go up may not be reliable.
 Verifiable: Information should be verifiable. This means that you can check it to make sure
it is correct, perhaps by checking many sources for the same information. A rumor from an
unknown source that oil prices might go up may not be verifiable.
 Confidentiality: Information should be secure from access by unauthorized users.
 Accessiblity: Information should be easily accessible by authorized users to be obtained in
the right format and at the right time to meet their needs.

Self study Questions:

 How can an organisation assess the quality of an information system?
 What are the qualities of good information?

METHODS OF DATA AND INFORMATION COLLECTION

Quality information begins with the collectors of data and the methods of collection. There are
several methods of collecting the data required and these can be used to source data within and
outside the organisation.
 Observation: depends on the observer and influenced by his/her bias
 Experiment: Information can be collected through designing of the experiment where the
quality of information depends on the experimentation technique. It is performed on trial
basis of controlling the specific parameters.
 Survey: Survey method occurs through the questioners‘ session. According to the quality of
question, quality of information can be decided.
 Subjective estimation: If the above ways are unsuccessful then this method is applied to
collect expert opinion.
 Transaction processing: This method consists of data processing of each transaction that
has representation throughout the organisation.
 Interviewing: A technique that is primarily used to gain an understanding of the underlying
reasons and motivations for people‘s attitudes, preferences or behavior. Interviews can be
undertaken on a personal one-to-one basis or in a group. They can be conducted at work, at
home, in the street or in a shopping centre, or some other agreed location.
 Case study: The term case-study usually refers to a fairly intensive examination of a single

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 12
unit such as a person, a small group of people, or a single company. Case-studies involve
measuring what is there and how it got there. In this sense, it is historical. It can enable the
researcher to explore, unravel and understand problems, issues and relationships.
 Publications: Publication provides various public forums. E.g. Newspapers, government
agencies, online information etc.
 Purchased from outside: The information can be purchased from outside the organisation.
It may be expensive and it may have a bias depending on the source.
 Government agencies: It is available but cannot be directly used by all.

1.4 CHOICE OF DATA COLLECTION METHODS

Data collection methods used by the organisation and integrated into the information system should
be based on the source of information. Business Information Demand (BID) is the organisation's
continuously increasing and changing need for current, accurate, integrated information, often on
short or very short notice, to support its business activities.

Understanding the BID allows organisations to appropriately plan for information systems that can
capture and provide access to the information needed to support the organisation‘s activities.

Therefore the following steps guide in choosing the method of data collection which will
inadvertently be dependent on the source of data or information to be collected.
1. Identify the goal(s) of the organisation
2. Identify the activities required to achieve the goals
3. Identify the tasks required to support the activities
4. Identify the data resources or information required to support the task.
5. Then identify the source of information
6. Choose the appropriate data collection method.

Factors affecting the choice of data collection method

 Time: Urgency with which the information required.
 The purpose and scope of the information required.
 Cost: do the benefits of the data collection method outweigh cost? If you are surveying 10
people, it is cheaper to use paper, than set up and manage an electronic system.
 Information Availability: where is the information?
 Ease of use: do all people use or have access to the technology? If you create a digital survey
for the elderly and send it to 1000 people, will they be able to actually use it?
 Nature of data collected: if you are trying to find out the average shoe size of every pupil at
school, is it worth distributing paper surveys and then typing it in? How else could it be
done?
 Data security: is the data collection method secure enough to store data? If you are asking
personal information, where is this being kept? Is paper sensible? If electronic, how will you

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 13
keep it safe?
 Requirements of the organisation or concerned bodies.
 Method issues: Different methods all have specific problems

2.0 HARDWARE, SOFTWARE, NETWORKING AND COMMUNICATIONS

2.1 COMPUTER HARDWARE DEVICES

The physical parts of computing devices are referred to as hardware. These are the digital devices
that you can physically touch. They include devices such as the following:
• desktop computers • e-readers
• laptop computers • storage devices, such as flash drives
• mobile phones • input devices, such as keyboards, mice, and scanners
• tablet computers • output devices such as printers and speakers.
Digital technologies are now being integrated into many everyday objects; so the days of a device
being labelled categorically as computer hardware may be ending. Examples of these types of
digital devices include automobiles, refrigerators, and even soft-drink dispensers.

The Personal Computer

A personal computer is designed to be a general-purpose device. That is, it can be used to solve
many different types of problems. Almost every digital device uses the same set of components and
follow the same basic logical structure, so examining the personal computer will give insight into
the structure of most digital devices. All computers perform the following five basic operations for
converting raw input data into information useful to their users.

S.No. Operation Description

1 Take Input The process of entering data and instructions into the
computer system.
2 Store Data Saving data and instructions so that they are available
for processing as and when required.
3 Processing Data Performing arithmetic, and logical operations on data in
order to convert them into useful information.
4 Output The process of producing useful information or results
Information for the user, such as a printed report or visual display.
5 Control the Directs the manner and sequence in which all of the
workflow above operations are performed.

Hardware represents the physical and tangible components of a computer, i.e. the parts that can be
seen and touched.
 Input devices − keyboard, mouse, etc.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2022 - 2023
 14

 Output devices − printer, monitor, etc.

 Internal components − CPU, motherboard, etc.
 Storage − RAM, Hard disk, SSD, Removable media, etc.

2.1.1 Input Devices

All personal computers need components that allow the user to input data. The Keyboard and the
Mouse are the primary input devices to a personal computer, though variations of each have been
introduced with varying levels of success over the years. A number of many new devices now use a
touch screen as the primary way of entering data. Scanners also allow users to input documents into
a computer, either as images or as text. Microphones can be used to record audio or give voice
commands. Webcams and other types of video cameras can be used to record video or participate in
a video chat session.

2.1.2 Output Devices

The most obvious output device is a display, visually representing the state of the computer. In
some cases, a personal computer can support multiple displays or be connected to larger-format
displays such as a projector or large-screen television. Besides displays, other output devices
include speakers for audio output and printers for printed output.

2.1.3 Internal Components

 Motherboard: The motherboard is the main circuit board on the computer. The CPU,
memory, and storage components, among other things, all connect into the motherboard.
Motherboards come in different shapes and sizes, depending upon how compact or
expandable the computer is designed to be. Most modern motherboards have many integrated
components, such as video and sound processing, which used to require separate
components. The motherboard provides much of the bus of the computer (the term bus refers
to the electrical connection between the different computer components). The bus is an
important determiner of the computer‘s speed: the combination of how fast the bus can
transfer data and the number of data bits that can be moved at one time determine the speed.
 The Central Processing Unit (CPU): The core of any computing device architecture is the
central processing unit (CPU). The CPU
can be thought of as the ―brains‖ of the
device. The CPU carries out the
commands sent to it by the software and
returns results to be acted upon. The two
main manufacturers of CPUs for
personal computers are Intel and
Advanced Micro Devices (AMD). The
speed (―clock time‖) of a CPU is
measured in hertz. A hertz is defined as one cycle per second. Using the binary prefixes
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 15

mentioned earlier, we see that a kilohertz (kHz) is one thousand cycles per second, a
megahertz (mHz) is one million cycles per second, and a gigahertz (gHz) is one billion
cycles per second. The CPU‘s processing power is increasing at an amazing rate, and many
CPU chips now contain multiple processors per chip. These chips, known as dual-core (two
processors) or quad-core (four processors), increase the processing power of a computer by
providing the capability of multiple CPUs.

2.1.4 Storage Devices

These are devices where data can be stored. A computer offers both temporary (Primary) and
permanent (Secondary) storage capabilities.
With improvement of digital devices‘ capacities, new terms were developed to identify the
capacities of processors, memory, and disk storage space. Prefixes were applied to the word byte to
represent different orders of magnitude. The table below illustrates the different units of data
storage:
Table 1: A Listing of Binary Prefixes
Prefix Represents Example
Kilo one thousand kilobyte=one thousand bytes
Mega one million megabyte=one million bytes
Giga one billion gigabyte=one billion bytes
Tera one trillion terabyte=one trillion bytes
Peta one quadrillion petabyte=one quadrillion bytes
Exa one quintillion Exabyte=one quintillion bytes

 Random-Access Memory: When a computer starts up, it begins to load information from
the hard disk into its working memory. This working memory, called random-access
memory (RAM), can transfer data much faster than the hard disk. Any program that you are
running on the computer is loaded into RAM for processing. In order for a computer to work
effectively, some minimal amount of RAM must be installed. In most cases, adding more
RAM will allow the computer to run faster. One characteristic of RAM is that it is ―volatile‖,
which means that it can store data as long as it is receiving power; when the computer is
turned off, any data stored in RAM is lost. (Primary Storage)
 Hard Disk: The computer needs a place to store data for the long term. Most of today‘s
personal computers use a hard disk for long-term data storage. A hard disk is where data is
stored when the computer is turned off and where it is retrieved from when the computer is
turned on. Why is it called a hard disk? A hard disk consists of a stack of spinning disks
inside a hard metal case. (Secondary Storage)
 Solid-State Drives (SSD): Perform the same function as hard disks but for longer-term
storage. Instead of spinning disks, the SSD uses flash memory, which makes them much
lighter and faster than hard disks. Solid-state drives are currently a bit more expensive than
hard disks. SSDs are primarily utilized in portable computers, making them lighter and more
efficient. Some computers combine the two storage technologies, using the SSD for the most
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 16

accessed data (such as the operating system) while using the hard disk for data that is
accessed less frequently. (Secondary Storage)
 Removable Media: Besides fixed storage components, removable storage media are also
used in most personal computers. Removable media allows you to take your data with you.
And just as with all other digital technologies, these media have gotten smaller and more
powerful. Early computers used floppy disks, which could be inserted into a disk drive in the
computer. Data was stored on a magnetic disk inside an enclosure. A relatively new portable
storage technology, the USB flash drive device attaches to the universal serial bus (USB)
connector, which became standard on all personal computers beginning in the late 1990s.
Flash drive storage capacity has skyrocketed over the years.

2.1.5 Connection Ports and Devices

In order for a computer to be useful, it must have channels for receiving input from the user and
channels for delivering output to the user. These input and output devices connect to the computer
via various connection ports, which generally are part of the motherboard and are accessible outside
the computer case.

 USB connector: Today, almost all devices plug into a computer through the use of a USB
port. This port type, first introduced in 1996, has increased in its capabilities, both in its data
transfer rate and power supplied.
 Bluetooth: Besides USB, some input and output devices connect to the computer via a
wireless-technology standard called Bluetooth. Bluetooth (invented in the 1990s) exchanges
data over short distances of 25m to 60m using radio waves. For devices to communicate via
Bluetooth, both the personal computer and the connecting device must have a Bluetooth
communication chip installed.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 17

2.1.6 Types of Personal Computers

As the technologies of the personal computer have become more common, many of the components
have been integrated into other devices that previously were purely mechanical. Ever since the
invention of the personal computer, users have clamoured for a way to carry them around.
 Portable Computers: In 1983, Compaq Computer Corporation developed a portable PC
which weighed about 14kg. By today‘s standards, the PC was not very portable. The
computer was designed like a suitcase, to be lugged around and laid on its side to be used.
Besides portability, the Compaq was successful because it was fully compatible with the
software being run by the IBM PC, which was the standard for business. Portable computing
has continued to improve and now laptop and notebook computers can weigh from 1-4 kg
and run on batteries. As more and more organisations and individuals move much of their
computing to the Internet, laptops are being developed that use ―the cloud‖ for all of their
data and application storage. These laptops are extremely light because they have no need of
a hard disk at all! For example, Samsung‘s Chromebook. A Chromebook is a laptop of a
different breed. Instead of Windows 10 or macOS, Chromebooks run Google's Chrome OS.
These machines are designed to be used primarily while connected to the Internet, with most
applications and documents living in the cloud.
 Smartphones: The first modern-day mobile phone was invented in 1973, resembled a brick,
weighed 1kg, and cost $4000! Since then, mobile phones have become smaller and less
expensive; today mobile phones are a modern convenience available to all levels of society.
Mobile phones have become more like small computers (smart phones). The first smartphone
was the IBM Simon, introduced in 1994. In January of 2007, Apple introduced the iPhone.
Its ease of use and intuitive interface made it an immediate success and solidified the future
of smartphones. Running on an operating system called iOS, the iPhone was really a small
computer with a touch-screen interface. In 2008, the first Android phone was released, with
similar functionality.
 Tablet Computers: A tablet computer is one that uses a touch screen as its primary input
and is small and light enough to be carried around easily. They generally have no keyboard
and are self-contained inside a rectangular case. The first tablet computers appeared in the
early 2000s and used an attached pen as a writing device for input. These tablets ranged in
size from small personal digital assistants (PDAs), which were handheld, to full-sized, 14-
inch devices. Most early tablets used a version of an existing computer operating system,
such as Windows or Linux. In January, 2010, Apple introduced the iPad, which ushered in a
new era of tablet computing. The iPad used the finger as the primary input device, and used
iOS as the operating system of the iPhone. Because the iPad had a user interface that was the
same as the iPhone, consumers felt comfortable and sales took off. The iPad has set the
standard for tablet computing. After the success of the iPad, computer manufacturers began
to develop new tablets that utilized operating systems that were designed for mobile devices,
such as Android.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 18

2.2 SOFTWARE

Software constitutes a set of instructions that tell the hardware what to do. It is created through the
process of programming. Without software, the hardware would not be functional. Software can be
broadly divided into two categories:
 Operating systems: Software that manage the hardware and create the interface between the
hardware and the user
 Application software: category of programs that do something useful for the user.

2.2.1 Operating Systems Software

All computing devices run an operating system. The operating system software provides several
essential functions, including:
 Managing Resources: manages the resources of a computer such as the printer, mouse,
keyboard, memory and monitor.
 Providing User Interface: Graphical user interface (GUI) is something developers create to
allow users to easily click something without having to understand how or why they clicked
an icon. Each icon on a desktop represents code linking to the spot in which the icon
represents. It makes it very easy for uneducated users.
 Running Applications: is the ability to run an application such as Word processor by locating
it and loading it into the primary memory. Most operating systems can multitask by running
many applications at once.
 Support for built-in Utility Programs: Finds and fixes errors in the operating system.
 Control Computer Hardware: All programs that need computer hardware must go through
the operating system which can be accessed through the BIOS (basic input output system) or
the device drivers.
 Provides structure for data management: An operating system displays structure/directories
for data management. One can view file and folder listings and manipulate on those files and
folders like (move, copy, rename, delete, and many others).
 Provides a platform for software developers to write applications.

For personal computers, the most popular operating systems are Microsoft‘s Windows, Apple‘s OS
X, and different versions of Linux. Smartphones and tablets run operating systems as well, such as
Apple‘s iOS, Google‘s Android, Microsoft‘s Windows Mobile, and Blackberry. Since 1990, both
Apple and Microsoft have released many new versions of their operating systems, with each release
adding the ability to process more data at once and access more memory. Features such as
multitasking, virtual memory, and voice input have become standard features of both operating
systems. A third personal-computer operating system family that is gaining in popularity is Linux
(pronounced ―linn-ex‖). Linux is a version of the Unix operating system that runs on the personal
computer and is used primarily by scientists and engineers on larger minicomputers. These are very
expensive computers, and software developer Linus Torvalds wanted to find a way to make Unix
run on less expensive personal computers. Linux was the result. Linux has many variations and now
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 19

powers a large percentage of web servers in the world. It is also an example of open-source
software.

2.2.2 Application Software

Application software allows the user to accomplish some goal or purpose. For example, in order to
write a paper, one might use the application-software program Microsoft Word, or use iTunes to
listen to music, or use Firefox to surf the web. Even a computer game is considered application
software.

Types of Application Software

 “Killer” Apps: A ―killer‖ application is one that becomes so essential that large numbers of
people will buy a device just to run that application. For the personal computer, the killer
application was the spreadsheet. In 1979, VisiCalc, the first personal-computer spreadsheet
package, was introduced. It was an immediate hit and drove sales of the Apple II. It also
solidified the value of the personal computer beyond the relatively small circle of technology
geeks. When the IBM PC was released, another spreadsheet program, Lotus 1-2-3, was the
killer app for business users.
 Productivity Software: Productivity software (also known as OAS), allows office
employees to complete their daily work. Many times, these applications come packaged
together, such as in Microsoft‘s Office suite. This package continues to dominate the market
and most businesses expect employees to know how to use this software. A list of these
applications and their basic functions:
o Word processing: This class of software provides for the creation of written documents.
Functions include the ability to type and edit text, format fonts and paragraphs, and add,
move, and delete text throughout the document. They also have the ability to add tables,
images, and various layout and formatting features to the document. Word processors
save their documents as electronic files in a variety of formats e.g. Microsoft Word.
o Spreadsheet: This class of software provides a way to do numeric calculations and
analysis. The working area is divided into rows and columns, where users can enter
numbers, text, or formulas. It is the formulas that make a spreadsheet powerful,
allowing the user to develop complex calculations that can change based on the
numbers entered. Most spreadsheets also include the ability to create charts based on
the data entered e.g. Microsoft Excel,
o Presentation: This class of software provides for the creation of slideshow
presentations. Presentation software allows its users to create a set of slides that can be
printed or projected on a screen. Users can add text, images, and other media elements
to the slides. Microsoft‘s PowerPoint is the most popular software right now.
o Some office suites include other types of software. For example, Microsoft Office
includes Outlook, its e-mail package, and OneNote, an information-gathering
collaboration tool. The professional version of Office also includes Microsoft Access, a
database package.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 20

o Project Management Software: These are computer applications used to develop and
manage projects. They enable the features like identifying the critical path, resource,
time and financial management etc. Examples include; Microsoft Project Visual,
Enterprise Architect
o Desktop publishing software: These are computer applications that enable the
preparation of finer quality text and images. They enable the user to edit images by
moderating the size, colour and even shape or orientation. Examples are; Adobe
Photoshop, InDesign, and Microsoft Publisher.
o Accounting software: These are computer applications that enable entering of cash
inflows and outflows, calculation of depreciation etc. They enable production of
cashbooks, balance sheet, profit and loss statements and other accounting statements.
Examples are; Pastel Accounting, SAGE, Tally, QuickBooks, Sun Systems.
Table 2: Comparison of office application software suites
Word
Category Spreadsheet Presentation Other
Processing
Microsoft Word Excel PowerPoint Outlook(email)
Office Access (database)
OneNote(information gathering)
Apple Pages Numbers Keynote Integrates with iTunes, iCloud, and other
iWork Apple software
Open Writer Calc Impress Base (database), Draw (drawing), Math
Office (equations)
Google Document Spreadsheet Presentation Gmail (email), Forms (online form data
Drive collection), Draw (drawing)

 Off Shelf Packages: refer to programs that are already written and ready to be run upon
their purchase.

Advantages of off shelf packages

- Relatively cheaper than bespoke packages. The user does not face research and
development costs or problems since the package is already in operation
- readily available for purchase.
- user friendly; many have a graphical user interface, sample manuals provided on
purchase.
- Limited risk, since the user has an option to seek information from existing users about
the package before making a decision to purchase.
- Such packages are standardized and one can consult several people who could be using a
similar package.
- Usually compatible with almost all computer types.
- Reduced Errors: system bugs would have been discovered by other users and eliminated
before the final version is made.
- Can easily be integrated or inter-linked with other application programs.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 21

- Designed to perform so many tasks since they are designed to meet needs of a variety of
users.
Disadvantages of off shelf packages
- May not fulfill users‘ specific needs perfectly.
- hard to make adjustments to the software since they are standardized.
- Cannot be used as basis for gaining competitive advantage over others.
- Where the package does too much compared to the company needs, the amount of
extra space occupied in the hardware can lead to memory wastage.
- The package may also be limited to a particular operating system like Microsoft
Office for Windows operating system.
- It may be easy to manufacture viruses that may tamper with such application
programs.

 Utility Software: Includes software that allows you to fix or modify your computer in some
way. Examples include antivirus software and disk defragmentation software. These types of
software packages were invented to fill shortcomings in operating systems. Many times, a
subsequent release of an operating system will include these utility functions as part of the
operating system itself.
 Programming software: is software whose purpose is to make more software. Most of
these programs provide programmers with an environment in which they can write the code,
test it, and convert it into the format that can then be run on a computer. Modern software
applications are written using a programming language which consists of a set of commands
and syntax that can be organized logically to execute specific functions. Using this language,
a programmer writes a program (called the source code) that can then be compiled into
machine-readable form, the ones and zeroes necessary to be executed by the CPU. Examples
of well-known programming languages today include Java, PHP, and various flavors of C
(Visual C, C++, C#). Languages such as HTML and Javascript are used to develop web
pages.

2.2.3 Applications for the Enterprise

 Enterprise Resource Planning (ERP): The ERP system (sometimes just called enterprise
software) was developed to bring together an entire organisation in one software application.
for example, human resource management, sales, marketing, management, financial
accounting, controlling, and logistics are all consolidated into one single package. Simply
put, an ERP system is application software that utilises a central database and is implemented
throughout the entire organisation.
- An ERP is a software application that is used by many of an organisation‘s
employees.
- All users of the ERP edit and save their information from the data source.
- ERP systems include functionality that covers all of the essential components of a

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 22

business.
- An organisation can purchase additional modules for its ERP system that match
specific needs, such as manufacturing or planning.

By consolidating information systems across the enterprise and using the software to enforce
best practices, most organisations see an overall improvement after implementing an ERP.
Some of the more well-known ERP systems include those from SAP, Oracle, and Microsoft.

As ERP systems are typically designed for multinational companies, they have to support
multiple languages, multiple currencies, and country-specific business practices. The sheer
size and the tremendous complexity of these software systems make them complicated to
deploy and maintain. For example, when a customer places an order, the order data flow
automatically to other parts of the company that are affected by them. The order transaction
triggers the warehouse to pick the ordered products and schedule shipment. The warehouse
informs the factory to replenish whatever has been depleted. The accounting department is
notified to send the customer an invoice. Customer service representatives track the progress
of the order through every step to inform customers about the status of their orders.
Managers are able to use firmwide information to make more precise and timely decisions
about daily operations and longer-term planning.

 Customer Relationship Management(CRM): application software designed to manage an

organisation‘s customers. In today‘s environment, it is important to develop relationships
with your customers, and the use of a well-designed CRM can allow a business to
personalize its relationship with each of its customers. Some ERP software systems include
CRM modules. An example of a well-known CRM package is Salesforce.

 Supply Chain Management (SCM): Many organisations must deal with the complex task
of managing their supply chains. At its simplest, a supply chain is the linkage between an
organisation‘s suppliers, its manufacturing facilities, and the distributors of its products.
SCM systems manages the interconnection between these linkages, as well as the inventory
of the products in their various stages of development. Most ERP systems include a supply
chain management module.

2.2.4 Trends in Computing

Mobile Applications
Mobile devices such as tablet computers and smartphones also have operating systems and
application software. A mobile app is a software application programmed to run specifically on a
mobile device. It has been noted that smartphones and tablets are becoming a dominant form of
computing, with many more smartphones being sold than personal computers. This means that
organisations will have to get smart about developing software on mobile devices in order to stay
relevant. One option many companies have is to create a website that is mobile-friendly. A mobile
website works on all mobile devices and costs about the same as creating an app. These days, most
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 23

mobile devices run on one of two operating systems: Android or iOS. Android is an open-source
operating system purchased and supported by Google; iOS is Apple‘s mobile operating system.
Other mobile operating systems of note are Blackberry and Windows.

Integrated Computing
Computing technology is being integrated into many everyday products. From automobiles to
refrigerators to airplanes, computing technology is enhancing what these devices can do and is
adding capabilities that would have been considered science fiction just a few years ago. Examples
of computing technologies being integrated into everyday products include: the Smart House
(Domotics), and the Self-Driving Car etc.

Cloud Computing
Cloud computing is the delivery of shared computing resources, software or data — as a service and
on-demand through the Internet. ―The cloud‖ refers to applications, services, and data storage on the
Internet. These service providers rely on giant server firms and massive storage devices that are
connected via Internet protocols. Cloud computing is the use of these services by individuals and
organisations. Examples of cloud computing include being able to store all the files your need to
access later on over the internet. eg use of drop box, google drive, idrive.

Advantages of Cloud Computing

 No software to install or upgrades to maintain.
 Available from any computer that has access to the Internet.
 Can scale to a large number of users easily.
 New applications can be up and running very quickly.
 Services can be leased for a limited time on an as-needed basis.
 Your information is not lost if your hard disk crashes or your laptop is stolen.
 You are not limited by the available memory or disk space on your computer.
Disadvantages of Cloud Computing
 Your information is stored on someone else‘s computer – how safe is it?
 You must have Internet access to use it. If you do not have access, you‘re out of luck.
 You are relying on a third-party to provide these services.

 Using a Private Cloud: Many organisations are understandably nervous about giving up
control of their data and some of their applications by using cloud computing. But they also
see the value in reducing the need for installing software and adding disk storage to local
computers. A solution to this problem lies in the concept of a private cloud. While there are
various models of a private cloud, the basic idea is for the cloud service provider to section
off web server space for a specific organisation. The organisation has full control over that
server space while still gaining some of the benefits of cloud computing.
 Virtualization: Virtualization software makes it possible to run multiple operating systems
and multiple applications on the same server at the same time. For example, by use of

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 24

virtualization, a single computer can perform the functions of several computers. Companies
such as EMC provide virtualization software that allow cloud service providers to provide
web server access to their clients quickly and efficiently. Organisations are also
implementing virtualization in order to reduce the number of servers needed to provide the
necessary services.

2.2.5 Customized/Tailor-Made/Bespoke Programs

These are tailor made program constructed to meet specific user requirements. These packages are
written by programmers either in house or externally by a software company.

Merits of customized programs

 Ability to satisfy user‘s specific needs
 The company will be able to perform tasks with its software that its competitors cannot do
with theirs thereby gaining a competitive advantage.
 They can easily be modified or upgraded.
 Ownership is to the company that ordered for the software.

Demerits of customized programs

 Time taken to develop the package may be long yet requirements could be urgent.
 The cost of paying programmers makes them expensive. The organisation has to incur
development and consultancy costs in this case.
 They are not flexible i.e. not meant to do various tasks.
 They are expensive to maintain. When they breakdown programmers who are expensive
have to be called in.
 In case of breakdown, the company may be brought to a standstill
 There is a greater probability of bugs in bespoke programs.
 They are not compatible with all computer types i.e. they are designed for specific computer
types.
 The program may not run which means that the programmer has to design another one. This
could even lead to more costs on the side of the user as well as causing delays

2.2.6 Open-Source Software

Open-source software is software that makes the source code available for anyone to copy and use.
It is available in a compiled format that we can simply download and install. The open-source
movement has led to the development of some of the most-used software in the world, including the
Firefox browser, the Linux operating system, and the Apache web server. Many also think open-
source software is superior to closed-source software. Because the source code is freely available,
many programmers have contributed to open- source software projects, adding features and fixing
bugs.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 25

Many businesses are wary of open-source software precisely because the code is available for
anyone to see. They feel that this increases the risk of an attack. Others counter that this openness
actually decreases the risk because the code is exposed to thousands of programmers who can
incorporate code changes to quickly patch vulnerabilities. There are many arguments on both sides
of the aisle for the benefits of the two models.

Some benefits of the open-source model are:

• The software is available for free.
• The software source-code is available; it can be examined and reviewed before it is installed.
• The large community of programmers who work on open-source projects leads to quick bug-
fixing and feature additions.
Some benefits of the closed-source model are:
• By providing financial incentive for software development, some of the brightest minds have
chosen software development as a career.
• Technical support from the company that developed the software

2.3 DATA RESOURCES

Data is an important component of an information system. Without data, hardware and software are
not very useful! Once we have put our data into context, aggregated and analysed it, we can use it to
make decisions for our organisation. We can say that this consumption of information produces
knowledge. This knowledge can be used to make decisions, set policies, and even spark innovation.
Finally, we can say that someone has wisdom when they can combine their knowledge and
experience to produce a deeper understanding of a topic. It often takes many years to develop
wisdom on a particular topic, and requires patience.

Wisdom

Knowledge

Information

Data

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 26

Databases
The goal of many information systems is to transform data into information in order to generate
knowledge that can be used for decision making. In order to do this, the system must be able to take
data, put the data into context, and provide tools for aggregation and analysis. A database is
designed for just such a purpose. A database is an organized collection of related information. It is
an organized collection, because in a database, all data is described and associated with other data.
All information in a database should be related as well. Databases are not always digital – a filing
cabinet, for instance, might be considered a form of database.

2.3.1 Traditional File Processing Systems

Traditional file processing systems include both manual systems and computer based file systems
that are linked to particular application programs. The specific application program performs
services for the end-users such as the production of reports, however each software defines and
manages its own data.

Disadvantages of Traditional File System

1) Data Redundancy: Since each application has its own data file, the same data may have to be
recorded and stored in many files. For example, personal file and payroll file, both contain
data on employee name, designation etc. The result is unnecessary duplicate or redundant
data items. This redundancy requires additional or higher storage space, costs extra time and
money, and requires additional efforts to keep all files up-to-date.
2) Data Inconsistency: Data inconsistency occurs due to the same data items that appear in more
than one file or computer and do not get updated simultaneously in each and every file. Over
the period of time, such discrepancies degrade the quality of information contained in the
data file which affects the accuracy of reports.
3) Lack of Data Integration: Since independent data file exists, users face difficulty in getting
information on any ad hoc query that requires accessing the data stored in many files. In such
a case complicated programs have to be developed to retrieve data from every file or the
users have to manually collect the required information.
4) Program Dependence: The reports produced by the file processing system are program
dependent, which means if any change in the format or structure of data and records in the
file is to be made, the programs have to modified correspondingly.
5) Data Dependence: The software applications in file processing system are data dependent
i.e., the file organisation, its physical location and retrieval from the storage media are
dictated by the requirements of the particular application. For example, in payroll
application, the file may be organized on employee records sorted on their last name, which
implies that accessing of any employee's record has to be through the last name only.
6) Limited Data Sharing: There is limited data sharing possibilities with the traditional file
system. Each application has its own private files and users have little choice to share the
data outside their own applications. Complex programs are required to obtain data from
several incompatible files.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 27

7) Poor Data Control: There was no centralised control at the data element level, hence a
traditional file system is decentralised in nature. It could be possible that the data field may
have multiple names defined by the different departments of an organisation and depending
on the file it was in. This situation leads to different meaning of a data field in different
context or same meaning for different fields. This causes poor data control.
8) Problem of Security: It is very difficult to enforce security checks and access rights in a
traditional file system, since application programs are added in an adhoc manner.
9) Data Manipulation Capability is Inadequate: The data manipulation capability is very limited
in traditional file systems since they do not provide strong relationships between data in
different files.

2.3.2 Database Approach

Database technology (Database Management System- DBMS) eliminates many of the problems of
traditional file organisation by organizing, centralizing, controlling data, and serving many
applications and different groups at the same time.

Database Management Systems

In order for the data in the database to be read, changed, added, or removed, a software program
known as a Database Management System (DBMS) must access it. Many software applications
have this ability: e.g. iTunes can read its database to give you a listing of its songs (and play the
songs); your mobile-phone software can interact with your list of contacts.

DBMS packages generally provide an interface to view and change the design of the database,
create queries, and develop reports. Most of these packages are designed to work with a specific
type of database, but generally are compatible with a wide range of databases. Popular examples of
relational DBMS are MySQL, Microsoft SQL and Oracle.

Advantages of the Database Approach

1) Data Independence: The data is held in such a way that changes to the structure of the
database do not affect any of the programs used to access the data.
2) Consistency of Data: Each item of data is held only once; therefore there is no danger of an
item being updated on one system and not on another.
3) Control Over Redundancy: A database system minimizes the effects of the same information
being held on several files. This saves space and makes updating less time-consuming.
4) Integrity of Data: The DBMS provides users with the ability to specify constraints on data
such as making a field entry essential or using a validation routine.
5) Greater Security of Data: The DBMS can ensure only authorized users are allowed access to
the data.
6) Centralized Control of Data: The Database Administrator will control who has access to what
and will structure the database with the needs of the organisation
7) More Information Available to Users: Users have access to a wider range of data that was
previously held in separate departments and sometimes on incompatible systems.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 28

8) Increased Productivity: The DBMS provides an easy to use query language that allows users
to get immediate response from their queries rather than having to use a specialist
"programmer" to write queries for them.
Disadvantages of the Database Approach
1) Larger Size: More disk space is required and probably a larger and more powerful computer.
2) Greater Complexity: For optimum use the database must be very carefully designed. If not
done well, the new system may fail to satisfy anyone.
3) Greater Impact of System Failure: "All eggs in one basket."
4) More Complex Recovery Procedures: If a system failure occurs it is vital that no data is lost.
5) Initial setup of the database is expensive to install.
6) GIGO

Database Types
Databases can be organized in many different ways, and thus take many forms.

 Relational Databases: The most popular form of database today is the relational database. A
relational database is one in which data is organized into one or more tables. Each table has a
set of fields, which define the nature of the data stored in the table. Database languages such
as SQL are used to read, update and store data in a database.

Other Types of Databases

 Hierarchical: The hierarchical database model, popular in the 1960s and 1970s, connected
data together in a hierarchy, allowing for a parent/child relationship between data.
 Document-Centric: The document-centric model allowed for a more unstructured data
storage by placing data into ―documents‖ that could then be manipulated.
 NoSQL: Perhaps the most interesting new development is the concept of NoSQL (from the
phrase ―not only SQL‖). NoSQL arose from the need to solve the problem of large-scale
databases spread over several servers or even across the world. A NoSQL database can work
with data in a looser way, allowing for a more unstructured environment, communicating
changes to the data over time to all the servers that are part of the database.
 Enterprise Databases: These databases are sometimes installed on a single computer to be
accessed by a group of people at a single location. Other times, they are installed over several
servers worldwide, meant to be accessed by millions. These relational enterprise database
packages are built and supported by companies such as Oracle, Microsoft, and IBM. The
open-source MySQL is also an enterprise database.
 Centralised database: Users from different locations can access this database from a remote
location at the central database, that store entire information and application programs at a
central computing facility for processing. The application programs pick up the appropriate
data from the database based on the transactions sent by the communications controller for
processing the transaction.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 29

 Operational database: This is more of a basic form of database that contain information
relating to the operations of an enterprise. Generally, such databases are organised on
functional lines such as marketing, production, employees, etc.
 Commercial database: This is a database that contains information which external users
may require. However, they will not be able to afford maintaining such huge database by
themselves. It‘s a paid service to the user as the databases are subject specific. The access to
commercial database can be given through commercial links. Some of the database service
providers also offer databases on CD-ROMs and the updated versions of the databases are
made available periodically. The databases on CD-ROMs have the advantage of reduced cost
of communication.
 Personal database: The personal databases are maintained, generally, on personal
computers. They contain information that is meant for use only among a limited number of
users, generally working in the same department. Microsoft Access and Open Office Base
are examples of personal DBMS used to develop and analyse single-user databases.
 Distributed database: These databases have contributions from the common databases as
well as the data captured from the local operations. The data remains distributed at various
sites in the organisation. As the sites are linked to each other with the help of communication
links, the entire collection of data at all the sites constitutes the logical database of the
organisation.

Database Concepts
 Big Data: The term refers to such massively large data sets that conventional database tools
do not have the processing power to analyse. For example, Google must process over one
million customer transactions every hour. Storing and analysing that much data is beyond the
power of traditional database-management tools. Understanding the best tools and techniques
to manage and analyse these large data sets is a problem that governments and businesses
alike are trying to solve.

 Metadata: can be defined as ―data about data.‖ For example, when looking at one of the
values of Year of Birth in the Students table, the data itself may be ―1992″. The metadata
about that value would be the field name Year of Birth, the time it was last updated, and the
data type (integer). When a database is being designed, a ―data dictionary‖ is created to hold
the metadata, defining the fields and structure of the database.

 Data Warehouse: A data warehouse is a large store of data accumulated from a wide range
of sources within a company and used to guide management decisions. Data is extracted
from one or more of the organisation‘s databases and loaded into the data warehouse (which
is itself another database) for storage and analysis. It allows organisations the ability to
analyse data in a historical sense: e.g. how does the data we have today compare with the
same set of data this time last month, or last year.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 30

Organisations find data warehouses quite beneficial for a number of reasons:

o The process of developing a data warehouse forces an organisation to better understand
the data that it is currently collecting and, equally important, what data is not being
collected.
o A data warehouse provides a centralized view of all data being collected across the
enterprise and provides a means for determining data that is inconsistent.
o Once all data is identified as consistent, an organisation can generate one version of the
truth. This is important when the company wants to report consistent statistics about
itself, such as revenue or number of employees.
o By having a data warehouse, snapshots of data can be taken over time. This creates a
historical record of data, which allows for an analysis of trends.
o A data warehouse provides tools to combine data, which can provide new information
and analysis.

 Data Mining: Data mining is the process of analysing data to find previously unknown
trends, patterns, and associations in order to make decisions. Generally, data mining is
accomplished through automated means against extremely large data sets, such as a data
warehouse. Some examples of data mining include:
o An analysis of sales from a large supermarket chain might determine that milk is
purchased more frequently the day after it rains in cities with a population of less than
50,000.
o A bank may find that loan applicants whose bank accounts show particular deposit and
withdrawal patterns are not good credit risks.

The increasing power of data mining has caused concerns for many, especially in the area of
privacy. In today‘s digital world, it is becoming easier than ever to take data from disparate
sources and combine them to do new forms of analysis. In fact, a whole industry has sprung
up around this technology: data brokers. These firms combine publicly accessible data with
information obtained from the government and other sources to create vast warehouses of
data about people and companies that they can then sell.

 Business Intelligence and Business Analytics: With tools such as data warehousing and
data mining at their disposal, businesses are learning how to use information to their
advantage. The term business intelligence is used to describe the process that organisations
use to take data they are collecting and analyse it in the hopes of obtaining a competitive
advantage. Besides using data from their internal databases, firms often purchase information
from data brokers to get a big-picture understanding of their industries. Business analytics is
the term used to describe the use of internal company data to improve business processes and
practices.

 Knowledge Management: The concept of knowledge management (KM) arises from the
fact that all companies/organisations accumulate knowledge over the course of their
existence. Some of this knowledge is written down or saved, but not in an organized fashion.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 31

Much of this knowledge is not written down; instead, it is stored inside the heads of its
employees. Knowledge management is the process of formalizing the capture, indexing, and
storing of the company‘s knowledge in order to benefit from the experiences and insights
that the company has captured during its existence.

2.4 NETWORKS

A network is a system in which computer devices are connected to each other to share information
and resources. When personal computers were first developed, they were stand-alone units, but by
the mid-1990s, a network port was standard on most personal computers. As wireless technologies
began to dominate in the early 2000s, many personal computers also began including wireless
networking capabilities.

Networking communication is full of some very technical concepts based on some simple
principles.
 Servers: Computers that hold shared files, programs, and the network operating system.
Servers provide access to network resources to all the users of the network. There are many
different kinds of servers, and one server can provide several functions. For example, there
are file servers, print servers, mail servers, communication servers, database servers, fax
servers and web servers etc.
 Clients: Clients are computers that access and use the network and shared network
resources. Client computers are basically the customers(users) of the network, as they request
and receive services from the servers.
 Packet: The fundamental unit of data transmitted over the Internet. When a device intends to
send a message to another device, it breaks the message down into smaller pieces, called
packets. Each packet has the sender‘s address, the destination address, a sequence number,
and a piece of the overall message to be sent.
 Packet-switching: This is when a packet is sent from one device to another over a network,
and from one router to another until it is reaches its destination.
 Protocol: In computer networking, a protocol is the set of rules that allow two (or more)
devices to exchange information back and forth across the network.
 Network Card: A network device that connects a computer to a network. It is also known as
the Network Adapter or Network Interface Card (NIC). Network cards are of two types:
Internal and External Network Cards.
 Transmission Media: Used to interconnect computers in a network, such as twisted-pair
wire, coaxial cable, and optical fiber cable. Transmission media are sometimes called
channels.
 Network Cable: Is a wired cable used to connect a device to the network or to other devices
like other computer, printers, etc. Also known as a data cable or Ethernet cable
 Hub: A simple network device that connects other devices to the network and sends packets
to all the devices connected to it.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 32

 Bridge: A network device that connects two networks together and only allows packets
through that are needed.
 Switch: A network device that connects multiple devices on the same network within a
building or campus. For example, a switch can connect your computers, printers, and servers,
creating a network of shared resources. It filters packets based on their destination within the
connected devices.
 Router: A network device used to connect multiple networks together. It receives and
analyses packets and then routes them towards their destination. For example, you would use
a router to connect your networked computers to the Internet and thereby share an Internet
connection among many users.
 Access point: A network device that allows wireless devices to connect to the network. An
access point takes the bandwidth coming from a router and stretches it so that many devices
can go on the network from farther distances away. It can also give useful data about the
devices on the network, provide proactive security, and serve many other practical purposes.

2.4.1 Organisational Networks

Networks can cover anything from a few devices within a single room to millions of devices spread
across the entire globe. Some of the different networks based on size are:
 Personal area network (PAN): organized around an individual person within a single
building. This could be inside a small office or residence. A typical PAN would include one
or more computers, telephones, peripheral devices.
 Local area network (LAN): consists of a computer network at a single site, typically an
individual office building. A LAN is very useful for sharing resources, such as data storage
and printers. The smallest LAN may only use two computers, while larger LANs can
accommodate thousands of computers. Consider an office building where everybody should
be able to access files on a central server or be able to print a document to one or more
central printers. If a local area network, or LAN, is entirely wireless, it is referred to as a
wireless local area network, or WLAN.
 Metropolitan area network (MAN): consists of a computer network across an entire city,
college campus or small region. A MAN is larger than a LAN, which is typically limited to a
single building or site. Depending on the configuration, this type of network can cover an
area from several miles to tens of miles. A MAN is often used to connect several LANs
together to form a bigger network. When this type of network is specifically designed for a
college campus, it is sometimes referred to as a campus area network, or CAN.
 Wide area network (WAN): occupies a very large area, such as an entire country or the
entire world. A WAN can contain multiple smaller networks, such as LANs or MANs. The
Internet is the best-known example of a public WAN.
Some of the different networks based on their main purpose are:
 Storage area network (SAN): is a dedicated network that provides access to consolidated,
block level data storage. SANs are primarily used to make storage devices, such as disk

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 33

arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear
like locally attached devices to the operating system.
 Enterprise private network (EPN): is a network that a single organisation builds to
interconnect its office locations (e.g., production sites, head offices, remote offices, shops) so
they can share computer resources.
 Virtual private network (VPN): is an overlay network in which some of the links between
nodes are carried by open connections or virtual circuits in some larger network (e.g., the
Internet) instead of by physical wires. Sometimes, an organisation will need to allow
someone who is not located physically within its internal network to gain access. This access
can be provided by a virtual private network (VPN).
 Client-Server: Higher-end computers are installed as servers, and users on the local network
can run applications and share information among departments and organisations in what is
called client-server computing.
Some are based on Internet Technologies
 Internet: is the global system of interconnected computer networks that use the Internet
protocol suite (TCP/IP) to link billions of devices worldwide. Most traditional
communications media, including telephony, radio, television, paper mail and newspapers
are being reshaped or redefined by the Internet, giving birth to new services such as email,
Internet telephony, Internet television, online music, digital newspapers, and video streaming
websites to distribute and share information. This has reduced costs, eliminated waste and
improved customer service, compared to paper-based information. Email, instant messaging
and social networks provide high-speed, highly-accessible communications tools, speeding
up processes that are time-critical. Collaboration over the Internet increases productivity,
improves decision making and reduces travel costs. Global Internet access makes it easy for
organisations to do business anywhere in the world without investing in a local physical
presence. Using e-commerce facilities, organisations can sell their products globally, taking
payment electronically and offering customers the convenience of digital delivery for
suitable products or services. Organisations can also provide support to local customers or
partners.
 Intranet: An intranet is an internal network that allows only authorized users (usually
employees) access. It uses Internet technology and offers similar business benefits.
Organisations use intranets to distribute or share information, deploy business applications,
support collaboration and project management, simplify internal communications and
streamline business processes. Just as organisations set up web sites to provide global access
to information about their business, they also set up internal web pages to provide
information about the organisation to the employees.
 Extranet: An extranet extends intranet facilities to locations outside the organisation over
secure network connections. An extranet can connect an organisation with branches, remote
workers, suppliers, distributors, business partners, key customers and other authorized users
to create an extended enterprise. In such cases an extranet, which is a part of the company‘s
network is made available securely to those outside of the organisation. Extranets can be
used to allow customers to log in and check the status of their orders, or for suppliers to
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 34

check their customers‘ inventory levels. Extranets simplify the two-way flow of confidential
information, enabling organisations to collect and share critical business data.

Internet Concepts
 IP Address: Every device that communicates on the Internet, whether it be a personal
computer, a tablet, a smartphone, or anything else, is assigned a unique identifying number
called an IP (Internet Protocol) address. Historically, the IP-address standard used has been
IPv4 (version 4), however because the number of IP addresses has grown to the point where
the use of IPv4 addresses is inadequate, this has led to a new IPv6 standard, which is
currently being phased in. The IPv6 standard is formatted as eight groups of four
hexadecimal digits, e.g. 2001:0db8:85a3:0042:1000:8a2e:0370:7334.
 Domain name: If you had to try to remember the IP address of every web server you wanted
to access, the Internet would not be nearly as easy to use. A domain name is a human-
friendly name for a device on the Internet. These names generally consist of a descriptive
text followed by the top-level domain (TLD). For example, Google‘s domain name is
google.com; google describes the organisation and .com is the top-level domain. In this case,
the .com TLD is designed for commercial companies. Other well-known TLDs include .org,
.net, and .gov.
 DNS: DNS stands for ―domain name system,‖ which acts as the directory on the Internet.
When a request to access a device with a domain name is given, a DNS server is queried. It
returns the IP address of the device requested, allowing for proper routing.

2.4.2 Network Technologies

Web 2.0
In the early years of the World Wide Web, creating and putting up a website required a specific set
of skills: you had to know how to set up a web server, how to get a domain name, how to write web
pages in HTML, and how to troubleshoot various technical issues as they arose. The Web 2.0
technologies provided a website framework all those who did not have the technical skills of a
webmaster to put content online. Web 2.0 applications began a second bubble of optimism and
investment, and have allowed anyone who wanted to have their own blog or photo-sharing site to
have it. Examples include: MySpace, Photobucket, Facebook, WordPress, and Twitter (2006).

The Growth of Broadband

A broadband connection is defined as one that has speeds of at least 256Kbps, though most
connections today are much faster, measured in millions of bits per second (megabits or mbps) or
even billions (gigabits). A broadband connection is usually accomplished via the cable television
lines or phone lines (DSL). Speeds for cable and DSL can vary during different times of the day or
week, depending upon how much data traffic is being used. Broadband access is important because
it impacts how the Internet is used. When a community has access to broadband, it allows them to
interact more online and increases the usage of digital tools overall.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 35

Wireless Networking
These wireless technologies have made Internet access more convenient and have made devices
such as tablets and laptops much more functional. Let‘s examine a few of these wireless
technologies.
 Wi-Fi: Wi-Fi is a technology that takes an Internet signal and converts it into radio waves.
These radio waves can be picked up within a radius of approximately 65 feet by devices with
a wireless adapter. Several Wi-Fi specifications have been developed; starting with 802.11b
(1999), 802.11g specification in 2003 and 802.11n in 2009. Each new specification improved
the speed and range of Wi- Fi, allowing for more uses.
 Mobile Network: As the cellphone has evolved into the smartphone, the desire for Internet
access on these devices has led to data networks being included as part of the mobile phone
network. While Internet connections were technically available earlier, it was really with the
release of the 3G networks that smartphones and other cellular devices could access data
from the Internet. This new capability drove the market for new and more powerful
smartphones, such as the iPhone, introduced in 2007. In 2011, wireless carriers began
offering 4G data speeds, giving the cellular networks the same speeds that customers were
used to getting via their home connection.
 Bluetooth: While Bluetooth is not generally used to connect a device to the Internet, it is an
important wireless technology that has enabled many functionalities that are used every day.
It is the standard method for connecting nearby devices wirelessly. Bluetooth has a range of
approximately 300 feet and consumes very little power, making it an excellent choice for a
variety of purposes. Some applications of Bluetooth include: connecting a printer to a
personal computer, connecting a mobile phone and headset, connecting a wireless keyboard
and mouse to a computer, and connecting a remote for a presentation made on a personal
computer.
 VoIP: A growing class of data being transferred over the Internet is voice data. A protocol
called voice over IP, or VoIP, enables sounds to be converted to a digital format for
transmission over the Internet and then re-created at the other end. By using many existing
technologies and software, voice communication over the Internet is now available to anyone
with a browser (think Skype, Google Hangouts, WhatsApp etc). Beyond this, many
companies are now offering VoIP-based telephone service for business and home use.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 36

3.0 INFORMATION SYSTEMS AND BUSINESS ENVIRONMENT

How information systems are used within the organisation (Internal Business Environment) depends
on the environment surrounding (External Business Environment) the organisation that uses it.
These environments are constantly changing and are greatly affected by technology advances. A
good information system should be able to provide feedback from the environment within which it
is placed, and be able to control by making corrections to the information system.

The organisational environment can be understood on two dimensions: the micro and macro
environment, and the internal and external environment.

Macro Example: Example:

Innovations International Factors
Country Specific Factors
Regulatory Bodies
Technology
Community

Micro Example: Example:

Employees Competitors
Management Customers
Suppliers
Internal External

 The Micro environment is the immediate marketplace of an organisation, which is shaped by

the needs of the customers and how services are provided to them through competitors,
intermediaries, and via suppliers.
 The macro-environment influences are broader, provided by local and international economic
conditions, government initiatives etc.

Because environmental influences on the organisation can quickly change, information systems
should be able to monitor the current environment, and be able to anticipate future environment
trends. Organisations that do not monitor these environmental factors may fail to remain
competitive. This process of monitoring the environment is referred to as environmental scanning or
sensing.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 37

3.1 BUSINESS ENVIRONMENT

3.1.1 WHAT IS AN ORGANISATION?

An organisation is based on three basic elements, that is, capital, land and labor that are primary
production factors provided by the environment and then, the organisation uses them as inputs and
transforms them into products and services in a production function. Products and services are
consumed and then come back as supply inputs.

An organisation may also be defined as a collection of rights, privileges, obligations, and

responsibilities that is delicately balanced over a period of time through conflict and conflict
resolution. In this point of view people who work in organisations develop ways to work, create
relationships, and make arrangements with subordinates and superiors about how the work must be
performed, and details related with that (time, etc).

But how this is related with Information Systems? Because we, as managers, will focus on how
inputs are combined to create outputs when technology changes are introduced in company.
Technological change requires changes in who owns and controls information, who has the right to
access and update that information, and who makes decisions about whom, when, and how.

3.1.2 Features of Organisations

Organisations arrange specialists in a hierarchy of authority in which everyone is accountable to

someone and authority is limited to specific actions governed by abstract rule or procedures. These
rules create a system of impartial and universal decision-making. The organisation is devoted to the
principle of efficiency: maximizing output using limited inputs. Other features of organisations
include their business processes, organisational culture, organisational politics, surrounding
environments, structure, goals, constituencies, and leadership styles. All of these features affect the
kinds of information systems used by organisations.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 38

 Routines and business process: Companies become very efficient because employees
develop routines for producing goods and services. Routines, also called standard operating
procedures, are precise rules, procedures and practises that have been developed to cope with
virtually all expected situations. As employees learn how to do a given task they become
more efficient doing that task and the company can reduce its costs. Business Processes are
collections of such routines. Therefore an organisation is a collection of business processes.

 Organisational Politics: In organisations, people occupy different positions with different

specialties, concerns, and perspectives. As a result, they have different points of view about
how resources, rewards and punishments should be distributed. Political resistance is one of
the greatest difficulties of bringing about organisational change, specially the development of
new information systems. All large information systems investments by a firm that bring
about significant changes in strategy, business objectives, business processes, and procedures
become politically charged events. Managers that know how to work with the politics of an
organisation will be more successful than less-skilled managers in implementing new
information systems.
 Organisational Culture: Organisational culture encompasses this set of assumptions about
what products the culture encompasses this set of assumptions about what products the
organisation should produce, how should do it, where, and for whom. They are rarely
publicly announced or spoken about. Business processes, the actual way business firms
produce value, are usually ensconced in the organisation‘s culture. At the same time,
organisational culture is a powerful restraint on change, especially technological change. Any
technological issue that threatens commonly held cultural assumptions usually meets a great
deal of resistance. Sometimes, the introduction of a new technology goes through the cultural
assumptions, and when this happens, the technology is often stalled while the culture slowly
adjusts.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 39

3.1.3 Information Systems for Environmental Scanning

All organisations operate within an environment that influences the way in which they operate.
They draw resources from the environment and they also supply goods and services to this
environment. However the actions and activities of an organisation may also influence the
environment. Therefore organisations and environments have a reciprocal relationship. On the one
hand, organisations are open to, and dependent on, the social and physical environment that
surrounds them. Without financial and human resources organisations could not exist. Organisations
must respond to legislative and other requirements imposed by government, as well as the actions of
their competitors. On the other hand, organisations can influence their environments.
Information systems help organisations perceive changes in their environments and also help
organisations act on their environments.

Information Systems are key instruments for environmental scanning, helping organisations identify
external and internal changes that might require an organisational response. Environments generally
change much faster than organisations. Most organisations are unable to adapt to a rapidly changing
environment. Inertia built into an organisation‘s standard operating procedures, the political conflict
raised by changes to the existing order, and the threat to closely held cultural values inhibit
organisations from making significant changes.

3.1.4 Disruptive technologies

Disruptive technologies come about when a technology and resulting business innovation come
along to radically change the business landscape and environment. It happens that sometimes they
are substitute products that perform as well or better than anything currently produced (Eg. Car
substituted for the horse-drawn carriage). This means that entire industries are put out of business.
In other cases, they simply extend the market, usually less functionality and much less cost, than
existing products. Eventually they turn into low-cost competitors for whatever was sold before.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 40

Disruptive technologies are tricky. Firms that invent disruptive technologies as ―first movers‖ do
not always benefit if they lack the resources to exploit the technology or fail to see the opportunity.
One example of disruptive technologies is the Internet. The rapid growth of the Internet, intranets,
extranets and other interconnected global networks in the 1990s dramatically changed the
capabilities of information systems in business. Internet- based and web-enabled enterprise and
global electronic business and commerce systems are becoming commonplace in the operations and
management of today‗s business enterprises. Indeed today‗s information systems are still doing the
same basic things that they began doing over 50 years ago. We still need to process transactions,
keep records, provide management with useful and informative reports, and provide support to the
accounting systems and processes of the organisation. However, what has changed is that we now
enjoy a much higher level of integration of system functions across applications, greater
connectivity across both similar and dissimilar system components, and the ability to reallocate
critical computing tasks such as data storage, processing, and presentation to take maximum
advantage of business and strategic opportunities. With increasing capabilities, future systems will
focus on increasing both the speed and reach of our systems to provide even tighter integration
combined with greater flexibility.

The Internet and related technologies and applications have changed the way businesses operate and
people work, and how information systems support business processes, decision-making and
competitive advantage. Today many businesses are using Internet technologies to web-enable
business processes and to create innovative e-business applications.

3.1.5 Impact of IS on the Internal Business Environment

The internal business environment relates to how the organisation is managed and operates.
Information systems within the organisation have transformed the way in which organisations
operate today.

Economic Impact
IT changes both the relative costs of capital and the costs of information. Information systems can
be viewed as a factor of production that can be substituted for traditional capital and labour. As the
cost of information technology decreases, it‘s substituted for labour. Therefore, information
technology should result in a decline in the number of middle managers and clerical workers as
information technology substitutes for their labour.

As cost of Information Technology decreases, it also substitutes for other forms of capital (E.g.
buildings or machinery), which remain relatively expensive. So we should expect managers to
increase their investments in IT because of its declining cost relative to other capital investments. IT
affects the cost and quality of information, and changes economics of information, because it helps
firms contract in size, and can reduce transaction costs (costs incurred when a firm buys from the
marketplace what it cannot make itself). According to transaction cost theory, firms and individuals
seek to economize on transaction costs, much as they do on production costs. Traditionally, firms
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 41

have tried to reduce transportation costs through vertical integration, by getting bigger, hiring more
employees, and buying their own suppliers and distributors (E.g. Ford). IT, especially the use of
networks, can help firms lower the transaction costs, making worthwhile for firms outsourcing some
tasks. By this way firms shrink in size because it is cheaper to outsource work to a competitive
marketplace rather than hire employees, which goes against the traditional way of thinking.

As transaction costs decrease, firm size should shrink because it becomes easier and cheaper for
firm to contract for the purchase of goods and services in the marketplace rather than to make the
product or offer the service itself. Firm size can stay constant or contract even as the company
increases its revenues

IT also can reduce internal management costs. According to agency theory, the firm is viewed as a
―nexus of contracts‖ among self-interested individuals rather than as a unified, profit-maximizing
entity. Principal employs ―agents‖ to perform work on his or her behalf. However, agents need
constant supervision and management, otherwise, they will tend to pursue their own interests rather
than company ones (owner interests and goals). As the firm grows in size and scope, agency costs or
coordination costs rise because owners must expend more and more effort supervising and
managing employees. It allows reducing costs because it becomes easier for managers to oversee a
greater number of employees. Concluding, since IT reduces agency costs and transaction costs, it‘s
expected that costs shrink over time, as investment in IT increases, as well as revenues, which are
also expected to increase.

Behavioural Impact
 Supply-Push to demand-Pull: There has been a move in the organisation from supply-push
to demand-pull. Supply push is where companies do their best to anticipate what customers
want and then produce or provide service according to their predictions. Information systems
are being designed to allow closer relationships between the customer and the seller thereby
causing the production model to shift to Demand Pull where the customers create their own
personalized versions through their demands within the supply chain. Information Systems
are being created to foster suppliers and customers co-creating products and services.
 Self Service: ATMs are an early example of customer self-service. Information systems are
providing customers and suppliers with the ability to see what pertains to their transactions
within the organisation. E.g. Tracking a shipment.
 Real-Time Working: Information systems have allowed organisation to operate in as close
to real time as possible, by indicating the state of 'business terrain' as it exists at the moment.
An example is an organisation knowing inventories as of right now, knowing the breaking
news.
 Team-based working: The current trend in the internal business environment is to have
people working together on projects. Increased ability to meet, collaborate, and communicate
among team members increases sharing of knowledge and information for the running of the
organisation. Information systems that can foster such collaboration and simultaneous
workings are called groupware.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 42

 Anytime, anyplace Information Work: Information systems today are allowing employees
to work remotely, away from their workstations. The advances in wireless technologies
enable people to work in an airport, at a customer site, or even while walking.
 Outsourcing and Strategic Alliances: To become more competitive, organisation are
examining which work they should perform internally and which they should give to others.
Outsourcing is where a third party organisation performs information work for the
organisation for short or long term basis (this is part of the extended enterprise). Information
systems that foster such collaboration are needed to ensure security of the organisations'
information.
 Flattened Organisations: In the traditional hierarchy, people performing the same type of
work are grouped together and overseen by a supervisor. Management principles such as
division of labour and chain of command define this traditional work environment. Research
shows that information systems facilitate flattening of hierarchies by broadening the
distribution of information to empower lower-level employees and increase management
efficiency. IS pushes decision-making rights lower in organisation because lower-level
employees receive the information needed to make efficient decisions, without supervision,
which make them act quickly.

Consequences:
a) High level managers can solve problems and control employees over big distances;
b) Extinction of many middle managers.
c) Management costs also decrease as a percentage of revenues increase,
d) and the hierarchy becomes efficient, etc

Information systems that foster self-managed groups, and allow employees to manage
themselves have led to lower levels of absenteeism, higher productivity, and higher quality of
work.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 43

3.1.6 Impact of IS on the External Business Environment

The external business environment is the platform where organisations compete or collaborate with
each other. Information systems contribute to the external business environment because they allow
information to move faster, increasing the pace at which individuals and organisation can respond to
events. Furthermore information systems are affecting the external business environment in the
following ways:

 Internet Economy: The internet economy is at play today. It began with retailing and selling
over the internet (B2C). This advanced to buyers and suppliers using e-marketplaces to carry
out business deals (B2B). Today‘s economy is bringing together both old and new ways of
operating and Information Systems are a major tool enabling both these worlds to interface
with each other.
 Global Marketplace: The business environment is now global. The entire world has become
the marketplace. Information systems are enabling companies to work globally (Asia/Pacific;
the Americas; Europe and the Middle East and Africa-EMEA). The global marketplace
allows competitors across the globe to bid for work via the Internet.
 Decapitalisation: Tangible items such as capital equipment and buildings were the tenets of
power in the industrial age. Today, intangible items such as ideas, intellectual capital, and
knowledge have become the desirable item. The Business world is moving from tangible to
intangible. It is decapitalising. For this reason managing talent has become as important as
managing finances.
 Faster Business Cycles: The tempo of business has accelerated appreciably. Products on the
market tend to have shorter useful lives. Therefore speed has become of essence.
Information Systems need to be used to accelerate speed to market or to reduce cycle time.
 Accountability and Transparency: Confidence and trust in the way public and private
organisations are managed has been shaken world over. There is greater pressure for
accountability and transparency. Information Systems play a role in implementing the
ensuing regulations and enabling transparency.
 Rising Risks of IT: In many parts of the world, IT has negatively affected people through
network shutdowns, computer viruses, identity thefts, e-mail scams, movement of jobs across
borders. This requires careful thought into the use of IS in the organisation, including the
protection of information created by the IS.

3.2 MANAGERIAL DECISION-MAKING AND INFORMATION SYSTEMS

Managers and their Functions in an Organisation

In order to understand how information systems can benefit managers, we first need to look at what
the functions of managers are, and the kind of information they need for decision-making.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 44

The five basic functions of managers are:

 Planning: Plan which the direction a company is to take, whether to diversify, which areas
of the world to operate in, and how to maximize profit.
 Organizing: Organized resources such as people, space, equipment and services
 Coordinating: coordinate the activities of various departments.
 Decision-making: make decisions about the organisation, the products or services made or
sold, the employees, the use of information technology.
 Controlling: This involves monitoring and supervising the activities of others.

Management information systems must be designed to support managers in as many of these

functions as possible, at different levels (operation, tactic, and strategy) of an organisation.

3.2.1 Various Levels of Decision Making

Information systems can support a variety of management decision-making levels and decisions.
These include the three levels of management activity: strategic management, tactical management,
knowledge management and operational management.

STRATEGIC

MANAGEMENT
LEVEL

KNOWLEDGE LEVEL

OPERATIONAL LEVEL

Figure 4: Level
Level of Decision-Making of Decision-Making
in the Organisation in the Organisation

 Strategic management: It is typical for a board of directors and an executive committee of

the CEO and top executives to develop the overall organisation goals, strategies, policies and
objectives as part of a strategic planning process. They also monitor the strategic
performance of the organisation and its overall direction in the political, economic and
competitive business environment.
 Tactical management: Increasingly, business professionals in self-directed teams as well as
business unit managers develop short- and medium-range plans, schedules and budgets and

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 45

specify the policies, procedures and business objectives for their subunits of the company.
They also allocate resources and monitor the performance of their organisational sub-units,
including departments, divisions, process teams and other workgroups.
 Knowledge Management: This is a level were businesses create and share new
knowledge/information. These are typically used in a business where employees create new
knowledge and expertise - which can then be shared by other people in the organisation to
create further commercial opportunities. Good examples include firms of lawyers,
accountants and management consultants.
 Operational management: The members of self-directed teams or operating managers
develop short range plans such as weekly production schedules. They direct the use of
resources and the performance of tasks according to procedures, and within budgets and
schedules they establish for the teams and other workgroups of the organisation.

3.2.2 Types of Information Systems

Using the four level pyramid model above, we can now compare how the information systems in
our model differ from each other.

a) Transaction Processing Systems (TPS)

Transaction Processing System are operational-level systems at the bottom of the pyramid. They are
usually operated directly by front line staff, which provide the key data required to support the
management of operations. This data is usually obtained through the automated or semi-automated
tracking of low-level activities and basic transactions. These systems are designed to handle a large
volume of routine, recurring transactions. Banks use them to record deposits and payments into
accounts. Supermarkets use them to record sales and track inventory. Most managers use these
systems to deal with tasks such as payroll, customer billing and payments to suppliers.

Functions of a TPS

TPS are ultimately little more than simple data processing systems.
Functions of a TPS in terms of data processing requirements
Inputs Processing Outputs
Validation
Sorting Lists
Transactions Listing Detail reports
Events Merging Action reports
Updating Summary reports?
Calculation

Some examples of TPS

 Payroll systems
 Order processing systems
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 46

 Reservation systems
 Stock control systems
 Systems for payments and funds transfers

The role of TPS

 Produce information for other systems
 Cross boundaries (internal and external)
 Used by operational personnel + supervisory levels
 Efficiency oriented

b) Management Information Systems (MIS)

For historical reasons, many of the different types of Information Systems found in commercial
organisations are referred to as "Management Information Systems". However, within our pyramid
model, Management Information Systems are management-level systems that are used by middle
managers to help ensure the smooth running of the organisation in the short to medium term. The
highly structured information provided by these systems allows managers to evaluate an
organisation's performance by comparing current with previous outputs.

Functions of a MIS

MIS are built on the data provided by the TPS

Functions of a MIS in terms of data processing requirements
Inputs Processing Outputs
Internal Transactions Sorting Summary reports
Internal Files Merging Action reports
Structured data Summarizing Detailed reports

Some examples of MIS

 Sales management systems
 Inventory control systems
 Budgeting systems
 Management Reporting Systems (MRS)
 Personnel (HRM) systems

The role of MIS

 Based on internal information flows
 Support relatively structured decisions
 Inflexible and have little analytical capacity
 Used by lower and middle managerial levels
 Deals with the past and present rather than the future

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 47

 Efficiency oriented

c) Decision Support Systems (DSS)

A Decision Support System is an interactive system that can be used by managers without help from
computer specialists. A DSS provides managers with the necessary information to make intelligent
decisions. A DSS has three fundamental components:
1. Database management system (DBMS): Stores large amounts of data relevant to problems
the DSS has been designed to tackle.
2. Model-based management system (MBMS): Transforms data from the DBMS into
information that is useful in decision making.
3. Dialog generation and management system (DGMS): Provides a user-friendly interface
between the system and the managers who do not have extensive computer training.

These systems are often used to analyze existing structured information and allow managers to
project the potential effects of their decisions into the future. Such systems are usually interactive
and are used to solve ill structured problems. They offer access to databases, analytical tools, allow
"what if" simulations, and may support the exchange of information within the organisation.

Functions of a DSS

DSS manipulate and build upon the information from a MIS and/or TPS to generate insights and
new information.

Functions of a DSS in terms of data processing requirements

Inputs Processing Outputs
Internal
Modelling
Transactions Summary reports
Simulation
Internal Files Forecasts
Analysis
External Graphs / Plots
Summarizing
Information

Some examples of DSS

 Group Decision Support Systems (GDSS)
 Computer Supported Co-operative work (CSCW)
 Logistics systems
 Financial Planning systems
 Spreadsheet Models

The role of DSS

 Support ill- structured or semi-structured decisions
 Have analytical and/or modelling capacity
 Used by more senior managerial levels
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 48

 Are concerned with predicting the future

 Are effectiveness oriented

d) Executive Information Systems (EIS)

Executive Information Systems are strategic-level information systems that are found at the top of
the Pyramid. They help executives and senior managers analyze the environment in which the
organisation operates, to identify long-term trends, and to plan appropriate courses of action. The
information in such systems is often weakly structured and comes from both internal and external
sources. Executive Information System are designed to be operated directly by executives without
the need for intermediaries and easily tailored to the preferences of the individual using them.

Functions of an EIS
EIS organizes and presents data and information from both external data sources and internal MIS
or TPS in order to support and extend the inherent capabilities of senior executives.

Functions of a EIS in terms of data processing requirements

Inputs Processing Outputs
External Data Summarizing Summary reports
Internal Files Simulation Forecasts
Pre-defined models "Drilling Down" Graphs / Plots

Some examples of EIS

Executive Information Systems tend to be highly individualized and are often custom made for a
particular client group; however, a number of off-the-shelf EIS packages do exist and many
enterprise level systems offer a customizable EIS module.

The role of EIS

 Are concerned with ease of use
 Are concerned with predicting the future
 Are effectiveness oriented
 Are highly flexible
 Support unstructured decisions
 Use internal and external data sources
 Used only at the most senior management levels

e) Knowledge Worker System (KWS)

Knowledge work systems (KWS) are specialized systems built for engineers, scientists, and other
knowledge workers charged with discovering and creating new knowledge for a company.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 49

Roles of KWS
Knowledge workers perform three key roles that are critical to the organisation and to the managers
who work within the organisation:
 Keeping the organisation current in knowledge as it develops in the external world—in
technology, science, social thought, and the arts
 Serving as internal consultants regarding the areas of their knowledge, the changes taking
place, and opportunities
 Acting as change agents, evaluating, initiating, and promoting change projects

These systems require sufficient computing power to handle the sophisticated graphics or complex
calculations necessary for such knowledge workers as scientific researchers, product designers, and
financial analysts. Because knowledge workers are so focused on knowledge in the external world,
these systems also must give the worker quick and easy access to external databases.

They typically feature user-friendly interfaces that enable users to perform needed tasks without
having to spend a great deal of time learning how to use the system. Knowledge workers are highly
paid—wasting a knowledge worker‘s time is simply too expensive.

Knowledge workstations often are designed and optimized for the specific tasks to be performed;
so, for example, a design engineer requires a different workstation setup than a financial analyst.
Design engineers need graphics with enough power to handle three-dimensional (3-D) CAD
systems. However, financial analysts are more interested in access to a myriad number of external
databases and large databases for efficiently storing and accessing massive amounts of financial
data.

f) Office automation Systems (OAS)

All tools and methods that are applied to office activities which make it possible to process written,
visual, and sound data in a computer-aided manner. Varied computer software used to digitally
create, collect, store, manipulate, and relay office information needed for accomplishing basic tasks
and goals.

Basic Functions of OAS

 Data Storage: This is the most basic and common OAS activity which includes office
records and forms.
 Word Processing: replaced typewriters. Templates automatically set up font size, paragraph
style, header and footer so that user does not have to reset it again and again.
 Data Exchange: Electronic transfer applications that highlight the exchange of information
between more than one user. The systems allow geographically dispersed user to exchange
information in real time (i.e. online conversations) are considered electronic sharing systems.
 Data Management: Track both short-term and long-term data in the world of financial plans,
workforce allocation plans, marketing, inventory, and other aspects of business.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 50

Some examples of OAS

 Word processing systems
 Spreadsheets, Desktop Publishing
 Image Applications: capture and editing of pictures.
 e-mail, voice mail, and facsimile
 Task management or scheduling systems

Role of OAS
 Paperless work environment
 Simplify operations and minimize computational errors
 Optimal utilization of resources
 Better information sharing and transparency
 Enhanced security and recovery of data

Advantages of Office automation systems

 Increases efficiency
 Less time consuming
 Less paper needed
 Faster decision making
 Speed up in communication
 Accomplishes more in less time
 Greater precision
 Operation of highly repetitive task
 Ease of use
 Better security
 Money saving
 Less storage space is required for data, and copies can be easily transferred off-site for safe
keeping in case of fire or other emergency
 Energy saving
 Space saving
 Increases safety
 Time saving
 Multiple people can be updated simultaneously in the event of schedule changes
 Office workers can process information faster, saving not only time but also supplies, space ,
and effort
 Reduce redundancy, Because the data are all in one place, the volume and related costs are
reduced
 Data integrity, because the data are all in one place, updates are kept current
 Shared data, the same data can be accessed, as applicable. The user can request a subset of
the database and the database system will provide those data
 Data independence, a database system is an independent structure of data storage
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 51

 Fast response to user requests, A database system responds quickly because it allows users to
cross organisation files; the files are not separated by application.
 Centralized security, With all the data in one place, it is easier to control access . This applies
particularly to sensitive or confidential material

Disadvantages of Office automation systems

 Make employee lazy
 Eye strains
 Back pain
 Older staff members may have a harder time adjusting to new technology and be unable to
use it efficiently
 Complexity: Setting up and maintaining a data base require extensive planning. The data
base must be organized so that users can use it quickly and success fully.
 Once in service, it requires maintenance, updating, and monitoring
 Expense, The more complex the system, the more costly the hardware, personnel planning ,
developing and monitoring.
 Vulnerability, Central data cores concentrate information. if hardware or software problems
destroy data, a firm needs clear recovery procedures and adequate personnel support.

g) Expert Systems (ES)and Artificial Intelligence (AI)

These systems use human knowledge captured in a computer to solve problems that ordinarily need
human expertise. Mimicking human expertise and intelligence requires that the computer:
(1) recognize, formulate and solve a problem;
(2) explain solutions and
(3) learn from experience.

These systems explain the logic of their advice to the user; hence, in addition to solving problems
they can also serve as a teacher. They use flexible thinking processes and can accommodate new
knowledge.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 52

EIS

MIS DS
S

KWS TPS
/OAS

Figure 5: Relationship between different IS (ESS MIS DSS TPS KWS OAS)

NB. TPS is a major producer of information for all systems

4.0 INFORMATION SYSTEMS FOR STRATEGIC ADVANTAGE

4.1 STRATEGIC INFORMATION SYSTEMS (SIS) FOR COMPETITIVE ADVANTAGE

On the basis of organisational levels, businesses can use strategic information systems to gain an
edge over competitors. Such systems change organisations‘ goals, business processes, products,
services or environmental relationships, driving them into new forms of behaviour. Information
systems can be used to support strategy at the business, firm and industry level.
 Business Level: At the business level of strategy, information systems can be used to help
firms become low cost producers, differentiate products and services, or serve new markets.
Information systems can also be used to ―lock in‖ customers and suppliers using efficient
customer response and supply chain management applications. Value chain analysis is useful
at the business level to highlight specific activities in the business where information systems
are most likely to have a strategic impact.
 Firm Level: At the firm level, information systems can be used to achieve new efficiencies
or to enhance services by tying together the operations of disparate business units so that they
can function as a whole, let alone promoting the sharing of knowledge across business units.
 Industry Level: At the industry level, systems can provide competitive advantage by
facilitating cooperation with other firms in the industry, creating consortiums or communities
for sharing information, exchanging transactions, or coordinating activities. The competitive
forces model, information partnerships, and network economics are useful concepts for

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 53

identifying strategic opportunities for systems at the industry level.

Putting Strategic use of IS for Competitive Advantage into Perspective

A Strategic Information System is any information system (EIS, OIS, TPS, KMS) that changes the
goals, processes, products, or environmental relationships to help an organisation gain a competitive
advantage or reduce competitive disadvantage.
 Competitive Advantage: Is an advantage over competitors in some measure such as cost,
quality, or speed, a difference in the Value Chain Data.
 Improving Core Competency: Such strategic information systems can result in the
enhancement of core competency in a business by targeting the following:
o Employee productivity
o Operational efficiency
 Strategic Management: Strategic management is the way an organisation maps or crafts the
strategy of its future operations.

4.2 Using Information Systems to Support Strategic Management

The use of Information Technology to support strategic management may involve creating
innovative applications that provide direct strategic advantage to organisations. Such applications
may be exploited in various ways to achieve various ends:
a) Competitive Weapons: Information systems themselves are recognized as a competitive
weapon
b) Changes in Processes: IT supports changes in business processes that translate to strategic
advantage
c) Links with Business Partners: IT links a company with its business partners effectively and
efficiently.
d) Cost Reductions: IT enables companies to reduce costs.
e) Relationships with Suppliers and Customers: IT can be used to lock in suppliers and
customers, or to build in switching costs.
f) New Products: A firm can leverage its investment in IT to create new products that are in
demand in the marketplace.
g) Competitive Intelligence: IT provides competitive (business) intelligence by collecting and
analyzing information about products, markets, competitors, and environmental changes. One of
the most important aspects in developing a competitive advantage is to acquire information on
the activities and actions of competitors. Such information-gathering drives business
performance, by
i) Increasing market knowledge
ii) Improving knowledge management
iii) Raising the quality of strategic planning
However, once the data has been gathered it must be processed into information and subsequently
business intelligence. Porters 5 Forces is a well-known framework that aids in this sort of analysis.

4.2.1 Porter’s Competitive Forces Model

Porter‘s competitive forces model recognizes five major forces that could endanger a company‘s
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 54

position in a given industry. These forces include

a) The threat of entry of new competitors
Within any industry there is always the threat that a new company might enter and attract some of
the existing demand for the products of that industry. This will reduce the revenue and profit of the
current competitors. The traditional response has been for mature businesses in an industry to
develop barriers to entry. These have been:
 Exploiting economies of scale in production;
 Creating brand loyalty;
 Creating legal barriers to entry-for example patents; and
 Using effective production methods involving large capital outlays.
Information technology can assist a business in developing these barriers. In so far as information
technology makes affirm more productive, for instance by reducing labour costs or by speeding up
aspects of the production process, any firm attempting to enter the marketplace will be
competitively disadvantaged without a similar investment in capital. If expensive CAD/CAM
equipment is common for the production of differentiated products speedily them this will also act
as a barrier to entry.
b) The bargaining power of suppliers:
The suppliers provide the necessary input of raw materials, machinery and manufactured for the
firm‘s production process. The suppliers to a business can exert their bargaining power on that
business by pushing up the price of inputs supplied using the threat of taking their supply goods
elsewhere to a competitor business in the same industry. It is in interests of the business to make
alternative rival business who would purchase the supplier‘s goods seem less attractive to the
supplier.
One way of achieving this is by creating good relationships with the supplier by using electronic
data interchange (EDI). EDI require that there that there is an electronic connection between the
business and its suppliers. When supplies are to be ordered this is accomplished by sending
structured electronic messages to the supplier firm. The supplier firm‘s computer decodes these
messages and acts appropriately. The advantage of this for both partners is:
 Reduced delivery times
 Reduced paperwork and associated labor costs; and
 Increased accuracy of information.
For the business that is purchasing supplier, EDI can be part of its just-in-time approach to
manufacturing. This yields benefits in terms of reduced warehousing costs. Creating links with
suppliers is becoming increasingly important in the manufacturing sector, especially between car
manufacturers and the suppliers of component parts.
c) The bargaining power of customers (buyers)
Customers can exert power over a business by threatening to purchase the product or service from a
competitor. This power is large if there are few customers and many competitors who are able to
supply the product or service. One way in which a business may reduce the ability of a customer to
move to another competitor is by introduction switching costs. These are defined as costs, financial
or otherwise, that a customer would incur by switching to another supplier to another supplier. One
way of achieving switching costs is to allow the customer to have on-line ordering facilities for the

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 55

business‘ service or product. it is important that customers gain a benefit from this or there is little
incentive for them to put themselves in a potentially weak bargaining position. For instance, with
electronic banking the belief is that once a customer has established a familiarity with one system,
gaining advantage it, there will be a learning disincentive to switch to another. Another example is
America Hospital supplies. It has improved its competitive position by allowing on-line terminals
into customer hospitals. These allowed the swift order/delivery of suppliers by using less skilled
personnel compared with more expensive purchase agents. Once established, it became very
difficult for a hospital to change suppliers.
Recent developments in proving business with the information and processes, necessary to
understand and track customers‘ behavior has been termed customer relationship management
(CRM). Analysis techniques and sophisticated software tools have been developed to exploit the
potential information contained in databases of customer details and activity. CRM is often refined
in to customer profiling, developing categories of customer and attempting to predict their behavior.
One of the goals of CRM is to prevent churn, the gradual wastage of customers to competitors.
d) The threat of substitute products or services
Substitute products or services are those that are within the industry but are differentiated in some
way. There is always the danger that a business may lose a customer to the purchase of a substitute
product from a rival business because that product meets the needs of the customer more closely.
Information technology can prevent this happening in two ways. First, it can be used to provide
differentiated products swiftly by the use of computer-aided design/computer-aided manufacturing
(CAD/CAM). In this latter case, the business produces the substitute product itself.
e) The rivalry among existing firms in the industry
Unless it is a monopoly position, any business in an industry is subject to competition from other
firms. This is perhaps the greatest competitive threat that the business experiences. Information
technology can be used as part of the firm‘s competitive strategy against its rivals, as illustrated in
the preceding sections. Close linkages with suppliers and customers produce competitive forces
against rivals, as does the investment in technology allowing product differentiation and cost
reductions. In some cases, the investment in information technology will be necessary to pre-empt
the competitiveness of other businesses. The major investment by the banks in automated teller
machines is just one example of this.

Applying Porters’ Five Force Model to the Organisation

A) Developing a Competitor Analysis

In the development of a competitor analysis we first have to analyse the following forces:
Competitive Force: Competitors
 What Drives them?
 What are they Doing and can they do?
 What are their strengths & weaknesses?
 Is Competition intense?

B) We Analyze the Entry Barriers: The next thing to be done is to analyse the entry barriers as
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 56

below:
Competitive Force: Technology and Environment?
If nothing slows entry of competitors competition will become intense. In this analysis, the
following questions may be considered:
 Incumbent Reaction?
 What Actions are required to build market share?
 Production Process?

C) We Analyze the Substitute Products: Next in the analysis is to consider the presence and the
likely impact of substitute products as below:
Competitive Force: the following questions may be asked:
 Products or services from another industry enter the market
 Customers becoming acclimated to using substitutes
 Is the substitute market growing?

D) Fourth Competitive Forces: This takes into account the following considerations with the
respective questions:
 The Suppliers
Who controls the transaction?
E) Fifth Competitive Forces: This takes into account the following considerations with the
respective questions:
 The Buyers
Who controls the transaction?
Each element adds value – question who captures it?

4.2.2 Generic - Competitive Strategies

These strategies are to do with developing a Sustained Competitive Advantage and entail analyzing
the forces that influence a company‘s competitive position. This analysis will assist management in
developing a strategy aimed at establishing a sustained competitive advantage. To establish such a
position, a company needs to develop a strategy of performing activities differently than a
competitor. The generic strategies mentioned here include:
a) Cost Leadership Strategy
Cost leadership strategy is to do with producing products and/or services at the lowest cost in the
industry. Cost leadership strategy is mainly achieved by reducing the organisation costs in
producing goods or providing services. A good example is the automation or automating parts of the
production process. Cost leadership can be achieved by helping suppliers and customers to reduce
cost, usually by forming alliances and linkages that benefit all the parties involved. In other
situations, cost leadership is achieved by calling a competitor‘s costs to increase, by for example
introducing new product features that will be expensive for a competitor to duplicate. Using internet
technologies for e-business can assist in achieving cost leadership. As an example, the airline easy
jet has dramatically reduced staff costs through transferring over 90% of their ticketing online.
b) Differentiation Strategy
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 57

This involves offering different products, services or product features in the marketplace. Also, it
entails creating a unique divide between the organisation‘s products and those of its competitors. In
many cases, differentiation is used to concentrate on a specific niche in the market so that the
company can focus on specific/particular goods and services. A car manufacturer such as Roll
Royce provides a good example of product differentiation. The cars produced by Roll Royce are
perceived as luxury items that indicates status and importance in society. They are considered for
superior to standard production models in terms of quality, reliability and comfort. By creating this
image, Rolls-Royce has succeeded in differentiating its products from those of its competitors. An
e-commerce-related example of differentiation is that of a newspaper personalizing content of its
readers according to their preferences and then making it available via alerts on e-mail or mobile
phone.
c) Niche Strategy: Select a narrow-scope segment (niche market) and be the best in quality, speed, or
cost in that market.
d) Growth Strategy: Increase market share, acquire more customers, or sell more products.
e) Alliance Strategy: Work with business partners in partnerships, alliances, joint ventures, or virtual
companies.
f) Innovation Strategy: Introduce new products and services, put new features in existing products
and services, or develop new ways to produce them. Innovation is concerned with finding new ways
to approach an organisation‘s activities. Good examples of innovation include improving existing
products or creating new ones, forging strategic linkages, improving production, processes and
entering new markets. Additionally, innovativeness may involve highlights of how responsiveness
to the market environment and the flexibility to be able to respond are important capabilities of a
company.
g) Operational Effectiveness Strategy: Improve the manner in which internal business processes are
executed so that a firm performs similar activities better than rivals.
h) Customer-Orientation Strategy: Concentrate on making customers happy
i) Time Strategy: Treat time as a resource, then manage it and use it to the firm‘s advantage.
j) Entry-barriers Strategy: Create barriers to entry.
k) Lock in Customers or Suppliers Strategy: Encourage customers or suppliers to stay with you
rather than going to competitors.
l) Increase Switching Costs Strategy: Discourage customers or suppliers from going to competitors
for economic reasons.

The goal is to perform activities differently than a competitor. Those activities can be linked in a
Value Chain Model.

4.2.3 The Value Chain

According to the value chain model (Porter, 1985), the activities conducted in any organisation can
be divided into two parts: primary activities and support activities.
1.Primary Activities
Are those activities in which materials are purchased, processed into products, and delivered to
customers. Each activity in the case adds value to the product or service hence the value chain. The
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 58

primary value adding activities include:

 Inbound logistics (inputs)
 Operations (manufacturing and testing)
 Outbound logistics (storage and distribution)
 Marketing and sales
2.Support Activities
Unlike primary activities, which directly add value to the product or service, support activities are
operations that support the creation of value (primary activities)
 The firm’s infrastructure (accounting, finance, management)
 Human resources management
 Technology development (R&D)
 Procurement

The initial purpose of the value chain model was to analyze the internal operations of a corporation,
in order to increase its efficiency, effectiveness, and competitiveness. We can extend that company
analysis, by systematically evaluating a company‘s key processes and core competencies to
eliminate any activities that do not add value to the product.

4.2.4 The Value System

A firm‘s value chain is part of a larger stream of activities, which Porter calls a value system. A
value system includes the suppliers that provide the inputs necessary to the firm and their value
chains. This also is the basis for the supply chain management concept. Many of these alliances and
business partnerships are based on Internet connectivity are called interorganisational information
systems (IOSs). These Internet-based EDI systems offer a number of strategic benefits including:
a) Faster business cycle (PO to Receiving)
b) Automation of business procedures (Automated Replenishment)
c) Reduced operational costs
d) Greater advantage in a fierce competitive environment

4.2.5 Global Strategy

Many companies are operating in a global environment. Doing business in this environment is
becoming more challenging as the political environment improves and as telecommunications and
the Internet open the door to a large number of buyers, sellers, and competitors worldwide. This
increased competition is forcing companies to look for better ways to compete globally. Given
below are the global dimensions along which management can globalize:
a) Product
b) Markets & Placement
c) Promotion
d) Where value is added to the product
e) Competitive strategy
f) Use of non-home-country personnel - labour

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 59

4.2.6 Using the Internet Strategically

In the past the Internet has been used as a marketing channel for companies who want to publish
information about themselves and their products. Recently, this has given way to more innovative
uses of the Internet. Organisations have realized that the Internet can be used strategically for
competitive advantage. However, in order to optimize this strategic impact, a company must
continually assess the strategic position of its Internet-based applications. A strategic position
matrix can help a company identify where to concentrate its use of the Internet to gain competitive
advantage. These strategies include:

 Cost and Efficiency Improvements

- this quadrant represents a low amount of internal company, customer, and
competitor connectivity and use of IT via the Internet and other networks.

Strategy: Focus on improving efficiency and lowering costs by using the Internet and
the World Wide Web as a fast, low cost way to communicate with customers,
suppliers, and business partners.

Example: The use of E-mail and a company Web site.

 Performance Improvement in Business Effectiveness

- here a company has a high degree of internal connectivity and pressures to
substantially improve its business processes, but external connectivity by customers
and competitors is still low.

Strategy: Make major improvements in business effectiveness.

Example: Widespread internal use of Internet-based technologies like intranets can

substantially improve information sharing and collaboration within the
business.

 Global Market Penetration

- a company that enters this quadrant of the matrix must capitalize on a high degree
of customer and competitor connectivity and use of IT.

Strategy: Develop Internet-based applications to optimize interaction with customers

and build market share.

Example: Outstanding Web sites with value-added information services and online
customer support.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 60

Product and Service Transformation

- here a company and its customers, suppliers, and competitors are extensively networked.
Internet-based technologies, including Web sites, intranets, and extranets, must now be
implemented throughout the company‘s operations and business relationships.

Strategy: Develop strategic electronic commerce applications to develop and deploy

new Internet-based products and services that strategically reposition it in the
marketplace.

Example: Use the Internet for online transaction processing of sales of products and
services at company Web sites, and electronic document interchange (EDI)
with suppliers.

Internet Value Chains:

The value chain concept helps a company evaluate how to use information technology
strategically. Value chains can also be used to strategically position a company‘s Internet-
based applications to gain competitive advantage. The value chain model can be used to
outline several ways that a:
1. Company‘s Internet connections with its customers could provide business benefits
and opportunities for competitive advantage.
2. Company‘s Internet connections with its suppliers could be used for competitive
advantage.
3. Company‘s internal operations can benefit strategically from Internet-based
applications.

Other Strategies
 Multidomestic Strategy: Zero standardization along the global dimensions.
 Global Strategy: Complete standardization along the seven global dimensions.

4.3 SUSTAINING A STRATEGIC INFORMATION SYSTEM (SIS)

Why is it so difficult to build successful information systems including systems that promote
competitive advantage?
Information systems are closely intertwined with an organisations structure, culture and business
processes. New systems disrupt established patterns of work and power relationships, so there is
often considerable resistance to them when they are introduced.

Implementing strategic systems often requires extensive organisational change and a transition from
one sociotechnical level to another. Such changes are called strategic transitions and are often
difficult and painful to achieve. However, not all strategic systems are profitable, as they can be

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 61

expensive to build. Besides, many strategic information systems are easily copied by other firms, so
strategic advantage is not always sustainable.

Strategic information systems are designed to establish a profitable and sustainable position against
the competitive forces in an industry. Due to advances in systems development it has become
increasingly difficult to sustain an advantage for an extended period. Experience also indicates that
information systems, by themselves, can rarely provide a sustainable competitive advantage.
Therefore, the major problem that companies now face is how to sustain their competitive
advantage.

One popular approach is to use inward systems that are not visible to competitors. These proprietary
systems allow the company to perform the activities on their value chain differently than their
competitors.

4.3.1 Managerial Issues

 Risk in implementing strategic information systems: The investment involved in implementing
an SIS is high. Frequently these systems represent a major step forward and utilize new technology.
Considering the contending business forces, the probability of success, and the cost of investment, a
company considering a new strategic information system should undertake a formal risk analysis.
 Planning: Planning for an SIS is a major concern of organisations (Earl, 1993). Exploiting IT for
competitive advantage can be viewed as one of four major activities of SIS planning. The other
three are aligning investment in IS with business goals, directing efficient and effective
management of IS resources and developing technology policies and architecture.
 Sustaining competitive advantage: As companies become larger and more sophisticated, they
develop sufficient resources to quickly duplicate the successful systems of their competitors.
Sustaining strategic systems is becoming more difficult and is related to the issue of being a risk-
taking leader versus a follower in developing innovative systems.
 Ethical issues: Gaining competitive advantage through the use of IT may involve actions that are
unethical, illegal, or both. Companies use IT to monitor the activities of other companies that may
invade the privacy of individuals working there. In using business intelligence (e.g., spying on
competitors), companies may engage in tactics such as pressuring competitors‘ employees to reveal
information or using software that is the intellectual property of other companies without the
knowledge of these other companies.

4.3.2 The Challenges of Strategic IS

The IS function can help managers develop competitive weapons that use information technology to
implement a variety of competitive strategies to meet the challenges of the competitive forces that
confront any organisation.

Successful strategic information systems are not easy to develop and implement. They may require
major changes in the way a business operates, and in their relationships with customers, suppliers,
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 62

competitors, internal and external stakeholders, and others.

Sustaining Strategic Success:

Success and sustain ability depends on many environmental and fundamental business factors, and
especially on the actions and strategies of a company‘s management team. Sustained success in
using information technology strategically seems to depend on three sets of factors:

 The Environment
- a major environmental factor is the structure of an industry.

 Foundation Factors
- unique industry position, alliance, assets, technological resources, and expertise are
foundation factors that give a company a competitive edge in the market.

 Management Actions and Strategies

- a company‘s management must develop and initiate successful actions and
strategies that shape how information technology is actually applied in the
marketplace. Examples include:
a) Preempting the market by being first and way ahead of competitors in a
strategic business use of IT.
b) Creating switching costs and barriers to entry
c) Developing strategies to respond to the catch-up moves of competitors
d) Managing the business risks inherent in any strategic IT initiatives

Global Information Technology Management

The International Dimension:

International dimensions are becoming more and more important in managing a business in the
global economies and markets of today. Properly designed and managed information systems using
appropriate information technologies are a key ingredient in international business, providing vital
information resources needed to support business activities in global markets.

The Global Company:

A global company is one which balances its strategies and activities to ensure that it is serving
customers in each locality with sensitivity and excellence, while still implementing a whole-world
strategy that serves its global customers with excellence.

Global Business and IT Strategies:

Many firms are moving toward transnational strategies in which they integrate their global
business activities through close cooperation and interdependence between their international
subsidiaries and their corporate headquarters.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 63

Businesses are moving away from:

1) Multinational strategies where foreign subsidiaries operate autonomously

2) International strategies in which foreign subsidiaries are autonomous but are
dependent on headquarters for new processes, products, and ideas.
3) Global strategies, where a company‘s worldwide operations are closely managed by
corporate headquarters.

In a transnational approach, a business depends heavily on its information systems and appropriate
information technologies to help it integrate its global business activities. A transnational business
tries to develop an integrated and cooperative worldwide hardware, software, and
telecommunications architecture for its IT platform.

Global Business and IT Applications

The applications of information technology developed by global companies depend on their

business and IT strategies and their expertise and experience in IT. However, their IT applications
also depend on a variety of global business drivers, that is, business requirements (business drivers)
caused by the nature of the industry and its competitive or environmental forces. Examples include
airlines and hotel chains with global customers, that is, customers who travel widely or have global
operations. Such companies well need global IT capabilities for online transaction processing so
they can provide fast, convenient customer service to their customers or face losing them to their
competitors. The economies of scale provided by global business operations are another business
driver that requires the support of global IT applications.

Business drivers for global IT applications include:

1. Global Customers
2. Global Products
3. Global Operations
4. Global Resources
5. Global Collaboration

The Internet as a Global IT Platform:

Decisions about telecommunications networks are vital to establishing a technology platform for
any company and present major challenges in global IT management. Obviously, global networks
like the Internet that cross many international boundaries can make such issues even more
challenging and strategic.

The Internet and the World Wide Web have become vital components in international business and
commerce. Within a few years, the Internet, with its interconnected networks of thousands of
networks of computers and databases has established itself as a technology platform free of many
traditional international boundaries and limits. By connecting their businesses to this online global
infrastructure, companies can:

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 64

1. Expand their markets

2. Reduce communications and distribution costs
3. Improve their profit margins without massive cost outlays for new
telecommunications facilities.

5.0 Building and Acquisition of Information Systems

In order to deliver genuine benefits, information systems must be built with clear understanding of
the organisation in which they will be used. At the same time, the organisation must be aware of and
open to the influences of information systems to benefit from new technologies

5.1 ACQUISITION OF INFORMATION SYSTEMS

There are many ways through which an organisation can acquire information systems to use in the
daily operations of a business and among them they include;
 Buy a prepackaged system from a software development company or consulting firm.
(Off-shelf)
 Outsource development to a 3rd party. Outside organisations can custom build a system for an
organisation following the given specifications. This option is good when an organisation
does not have enough resources or expertise.
 End user development where individual users and departments build their own custom
systems to perform their company activities.
 Renting
 Leasing
 Mergers and Partnerships

5.2 METHODOLOGIES FOR BUILDING /DEVELOPING BUSINESS INFORMATION

SYSTEMS

In case an organisation decides to build its own system, there are a number of methodologies it can
follow while designing one. A system development methodology is a framework used to structure,
plan, and control the process of developing an information system. A wide variety of such
frameworks have evolved over the years, each with its own advantages and disadvantages. One
system development methodology is not necessarily suitable for use by all projects.

5.2.1 Systems Development Life Cycle (SDLC)

The systems development life cycle (SDLC) is an approach for designing and developing Business
Information Systems solutions. It proceeds in stages: feasibility study, requirements analysis,
design, development, implementation, maintenance and review. Business Information Systems are
designed using the systems development life cycle (SDLC) and other methodologies like prototype,
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 65

Rapid Application Development and Spiral Model.

System life cycle is an organisational process of developing and maintaining systems. It helps in
establishing a system project plan by giving the overall list of processes and sub-processes required
in developing a system. The SDLC is developed following six stages of feasibility study,
requirements analysis, system design, system development, implementation, maintenance and
review as explained below;

1. Problem Identification
Development of Business Information System begins with identification of a business problem that
needs to be solved or opportunity to be exploited which may come up as a routine or unforeseen
circumstance.

2. Feasibility Study
After identifying that there is a problem, then a feasibility study which may include Technical
feasibility, Economic feasibility, Behavioral feasibility, legal feasibility, scheduling feasibility and
Organisational feasibility needs to be carried out:
 Technical feasibility is the assessment of whether hardware, software and communications
components can be developed and /or acquired to solve a business problem.
 Economic feasibility is the assessment of whether a project is an acceptable financial risk
and if the organisation can afford the expense and time needed to complete it. This is done
through cost/benefit analysis.
 Organisational feasibility is the assessment of the organisation‘s ability to access and make
use of the proposed project.
 Behavioural feasibility is the assessment of the human issues involved in a proposed
project, including resistance to change and skills and training needs of employees.
 Legal feasibility determines whether there is any conflict between the proposed system and
legal requirements – for example, will the system contravene the Data Protection Act?
 Operational feasibility is concerned with whether the current work practices and procedures
are adequate to support the new system. It is also concerned with social factors – how the
organisational change will affect the working lives of those affected by the system.
 Schedule feasibility looks at how long the system will take to develop, or whether it can be
done in a desired time-frame.

The completion of this stage is marked by the production of a feasibility report produced by the
systems analyst. If the report concludes that the project should go ahead, and this is agreed by senior
managers, then you proceed to the next stage of detailed requirements analysis.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 66

3. Requirements Analysis
This is where a more detailed investigation into the current system and the requirements of the new
system is carried out. The main purpose is to gather information about the existing system and to
determine requirements for the new or improved system.

Gathering details about the current system and requirements for the new system will involve:
 Interviewing staff at different levels of the organisation from the end-users to senior
management.
 Examining current business and systems documents and output. These may include current
order documents, computer systems procedures and reports used by operations and senior
management.
 Sending out questionnaires and analyzing responses. The questions have to be carefully
constructed to elicit unambiguous answers.
 Observation of current procedures, by spending time in various departments. A time and
motion study can be carried out to see where procedures could be made more efficient, or to
detect where bottlenecks occur.

The system analyst‘s report will examine how data and information flow around the organisation,
and may use data flow diagrams to document the flow. It will also establish precisely and in
considerable detail exactly what the proposed system should do (as opposed to how it will do it).

The outcome of this stage is a set of system requirements.

4. System Design
This stage results in logical and physical design that either describes the new system or describes
how the existing system will be modified.
 Logical system design states what the system will do using abstract specifications and
 Physical system design states how the system will perform its functions, with actual physical

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 67

specifications.

Here the system designers describe how the system will accomplish the business tasks by specifying
the following aspects of a system:
 System outputs, inputs, user interfaces;
 Hardware, software, databases, telecommunications, personnel & procedures;
 Blueprint of how these components are integrated.

5. System Development/ Programming

In this phase programmers develop necessary computer programs and make necessary modifications
to software packages. This involves the translation of a system‘s design specification into computer
code, testing to see if the computer code will produce the expected and desired results under certain
conditions and to delete errors (bugs) in the computer code. These errors are of two types: Syntax
errors (e.g., misspelled word or a misplaced comma) and logic errors that permit the program to run
but result in incorrect output.

6. Implementation
Implementation is the process of converting from the old system to the new system.
Implementation activities are needed to transform a newly developed information system into an
operational system for end users. This should be done following a number of activities like;
 Acquisition - acquire necessary hardware and software resources.
 Training - educate and train management, end users, etc. IS personal must be certain that
end users are trained to operate the new system or the implementation process will fail. End
users must be taught to operate the system and managers must be educated on how the new
technology changes the business processes and authority and responsibilities of management
 Testing - test and make necessary corrections to programs, procedures, and hardware.
System testing involves testing hardware devices, testing and debugging computer programs,
and testing information processing procedures. An important part of testing is the production
of prototypes of displays, reports, and other output. It is important to involve end users in the
testing stage to recognize errors, and to provide feedback
 Documentation - record detailed system specifications. Developing good user
documentation is an important part of the implementation process. An example of
documentation is a manual of operating procedures and sample data input and output.
Documentation is extremely important when solving problems or making changes, especially
if the people who developed the system are no longer with the firm.
 Conversion - convert present system to new and/or improved system. Conversion from the
old system to the new system can be difficult and even painful. This should be done
following any of the four strategies of;
o Parallel conversion is where the old system and the new system operate
simultaneously for a period of time.
o Direct conversion (Plunge) is where the old system is cut off and the new system
turned on at a certain point in time.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 68

o Phased conversion is where components of the new system are introduced in stages,
until the entire new system is operational. This type of conversion is used in larger
systems that can be broken down into individual modules that can be implemented
separately at different times.
o Pilot conversion is where a new system is introduced in one part of the organisation
on a trial basis, when new system is working properly; it is introduced in other parts of
the organisation.

7. System Maintenance
Maintenance involves monitoring, evaluating, and modifying of existing information systems to
make necessary improvements. Post-implementation review is also part of IS maintenance where
the new system is evaluated to be certain that the newly implemented system meets the system
objectives established for them. At this stage, audits are performed to assess the system‘s
capabilities and to determine if it is being used correctly. Here different types of maintenance like
debugging and updating are performed.
 Debugging is a process that continues throughout the life of the system.
 Updating is done to accommodate changes in business conditions like adding new features to
the existing system without disturbing its operation
The different types of maintenance that can be performed include;
 Perfective maintenance is done to improve on performance of the system.
 Adaptive maintenance is done to cope up/adapt to changing needs within a company.
 Corrective maintenance is done to rectify the coding and syntax errors:
 Preventive Maintenance is done to protect the system from breaking down and affecting
usage.

Strengths and Weaknesses of SDLC

Advantages of SDLC
 Formal review at the end of each phase allows maximum management control.
 It creates considerate system documentation.
 Formal documentation enables system requirements to be traced back to stated business
needs.
 It introduces many intermediate products that can be reviewed to see whether they meet the
users‘ needs and conform to standards.
Disadvantages of SDLC
 It encourages too much documentation which is expensive
 Developers tend to misunderstand users‘ needs due to limited involvement of users.
 Limited user involvement tends to affect user ownership of the system.
 SDLC is time consuming
 SDLC rigid and inflexible because of the need to follow sequential process instead of
iteration process.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 69

 SDLC gets users‘ inputs ONLY during Systems analysis.

Alternative Methodologies to SDLC

The SDLC is seen as the starting point from which many alternative methodologies have
developed. Since the SDLC many alternatives have been developed and used. Some of those other
methodologies that can be used to develop Business Information Systems include;
 Prototyping
 Rapid Application Development
 Joint Application Development
 Spiral Model
 Computer Aided Software Engineering (CASE) tools
 Object Oriented Programming (OOP)

5.2.2 Prototyping

This is an iterative approach to systems development. There are two types of prototypes that‘s;
Operational prototype and Non-operational prototype. Operational prototype is where system
designers accesses real data files, edits input data, makes necessary computations and
comparisons, and produces real output while Non-operational prototype is a mockup, or just
model of a proposed system.

Prototyping comprise of the following steps:

 Requirements Definition/Collection. Similar to the Conceptualization phase of the Waterfall
Model, but not as comprehensive. The information collected is usually limited to a subset of
the complete system requirements.
 Design. Once the initial layer of requirements information is collected, or new information is
gathered, it is rapidly integrated into a new or existing design so that it may be folded into the
prototype.
 Prototype Creation/Modification. The information from the design is rapidly rolled into a
prototype. This may mean the creation/modification of paper information, new coding, or
modifications to existing coding.
 Assessment. The prototype is presented to the customer for review. Comments and
suggestions are collected from the customer.
 Prototype Refinement. Information collected from the customer is digested and the prototype
is refined. The developer revises the prototype to make it more effective and efficient.
 System Implementation. In most cases, the system is rewritten once requirements are
understood. Sometimes, the Iterative process eventually produces a working system that can
be the corner stone for the fully functional system.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 70

Advantages of Prototyping
 Reduces development time.
 Reduces development costs.
 Maximum user involvement.
 Developers receive quantifiable user feedback.
 Facilitates system implementation since users know what to expect.
 Results in higher user satisfaction.
 Exposes developers to potential future system enhancements

Disadvantages of prototypes
 Can lead to insufficient analysis.
 Users expect the performance of the ultimate system to be the same as the prototype.
 Developers can become too attached to their prototypes
 Can cause systems to be left unfinished and/or implemented before they are ready.
 Sometimes leads to incomplete documentation.
 If sophisticated software prototypes (4th GL or CASE Tools) are employed, the time saving
benefit of prototyping can be lost.

5.2.3 Rapid Application Development (RAD)

RAD is a methodology for compressing the analysis, design, build, and test phases into a series of
short, iterative development cycles. It involves use of extensive user involvement, prototyping, JAD
sessions, integrated CASE tools, and code generators.

RAD projects are typically staffed with small integrated teams comprising of developers, end users,
and IT technical resources. Small teams, combined with short, iterative development cycles
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 71

optimizes speed, unity of vision and purpose, effective informal communication and simple project
management.

RAD follows the six stages of requirements planning, analysis, system design, construction and
deployment.

Advantages of using RAD

 Iteration allows for effectiveness and self-correction. Studies have shown that human beings
almost never perform a complex task correctly the first time but are extremely good at
making an adequate beginning and then making many small refinements and improvements.
 Small teams, combined with short, iterative development cycles optimize speed, unity of
vision and purpose, effective informal communication and simple project management.
 It creates team work and interaction among team members.
 Documentation is produced as a by-product of completing project tasks.
 It enables tighter fit between user requirements and system specifications
 Works especially well where speed of development is important
 It has the ability to rapidly change system design as demanded by users
 It enables strong user ownership of system due over involvement in its design.
 It concentrates on essential system elements from users‘ point of view.

Disadvantages of using RAD

 It requires system analysts and users to be skilled in using RAD tools.
 It requires a lot of time and commitment from users.
 May try and hurry the project too much
 Loosely documented
 May not address pressing business problems

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 72

5.2.4 Joint Application Development (JAD)

Joint Application Design is a process originally developed for designing a computer-based system
by bringing together business area people (users) and IT (Information Technology) professionals in
a highly focused workshop. JAD centers around a structured workshop session where everyone gets
together in a room and talks it out. Everyone hears what the rest of the group has to say.

JAD follows a number of steps like:

 Identification of a valid sample of users.
 Setting up a JAD team comprising of Users, IS professionals and scribe.
 Running the 1st JAD session with JAD team and Facilitators.
 Developing a system prototype based on agreed requirements.
 Running the 2st JAD session.
 Improvement of system prototype based on JAD session results.
 Development and implementation of the final system.

Advantages of Joint Application Development

 Helps alleviate conflicting requirements.
 Greater user involvement leads to greater user acceptance of final system.
 It shortens time taken to complete a project.
 It improves the quality of the final product by focusing on the up-front portion of the
development lifecycle, thus reducing the likelihood of errors that are expensive to correct
later on.

Disadvantages of Joint Application Development

 Could be expensive and time consuming

5.2.5 Spiral Model

The Spiral Model was designed to include the best features from the Waterfall and Prototyping
Models. This model introduces a new component - risk-assessment in the development process.
Similar to the Prototyping Model, an initial version of the system is developed, and then repetitively
modified based on input received from customer evaluations.

Risk assessment is included as a step in the development process as a means of evaluating each
version of the system to determine whether or not development should continue. If the customer
decides that any identified risks are too great, the project may be halted. For example increase in
costs.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 73

Spiral Model Stages Include:

 Identification of Project Objectives. Similar to the system conception phase of the Waterfall
Model. Objectives are determined, possible obstacles are identified and alternative
approaches are weighed.
 Risk Assessment. Possible alternatives are examined by the developer, and associated
risks/problems are identified. Resolutions of the risks are evaluated and weighed in the
consideration of project continuation. Sometimes prototyping is used to clarify needs.
 Engineering & Production. Detailed requirements are determined and the software piece is
developed.
 Planning and Management. The customer is given an opportunity to analyze the results of the
version created in the Engineering step and to offer feedback to the developer.
 Implementation. Once the system is approved its operationalised using any of the four
strategies of direct cut over, parallel, phased out and pilot implementation.

Advantages of using Spiral Model

 The risk assessment component of the Spiral Model provides both developers and customers
a measuring tool that earlier Process Models do not have. The practical nature of this tool
helps to make the Spiral Model a more realistic Process Model than some of its predecessors.
 Focuses attention on reuse.
 Accommodates changes and growth.
 Eliminates errors and unattractive choices early.
 Limits to how much is enough (not too much design, reqs, etc).
 Treats development, maintenance same way.

Disadvantages of using Spiral Model

 It may be difficult to convince customers that the evolutionary approach is controllable.
 It demands considerable risk assessment expertise and relies on the experts for success
 There is need for further elaboration of project steps (clearer milestones).

5.3 CHANGE MANAGEMENT IN IMPLEMENTATION OF BUSINESS INFORMATION

SYSTEMS

Change is a significant alteration or disruption in peoples‘ expectation patterns. Implementing new

Business Information Systems therefore requires use of change management programs to lower the
risks and costs of resistance and maximize the benefits of acceptance of the implemented system.
5.3.1 Aspects of Change required during and after Implementation of BIS include;

 New IT skills.
 Alteration of patterns of communication.
 Decrease of time spans between communications.
 Modification of points of influence, authority and control.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 74

 Modification of roles, work relationships and reporting responsibilities.

 Changes in data ownership.
 Increase privacy and security concerns.
 Introduction of new management techniques and organisational structures.

5.3.2 Ways of Effecting Proper Change Management during Implementation of BIS

Change management involves analyzing and defining all changes facing the organisation, and
developing programs to reduce the risks and costs, and maximize the benefits. This can be achieved
through;
 Commitment from top management and an organisational design to plan the future of IT and
IS within the business.
 Proper education and training.
 Direct end user participation before implementation to help end users assume ownership of a
system.
 Development of a change action plan.
 Assigning selected managers as change sponsors.
 Development of employee change teams.
 Encourage open communications and feedback about organisational changes.
 Involve as many people as possible in reengineering and other change programs.
 Tell everyone as much as possible about everything more so new system achievements as
often as possible, preferably in person.
 Make liberal use of financial incentives and recognition to motivate early adoption of the
implemented systems.

5.4 MODELS FOR ASSESSING THE BUSINESS VALUE OF BUSINESS INFORMATION

SYSTEMS

Different financial models are used to measure the business value of information systems under the
cost – benefit analysis as below;
 The Payback Method which measures time required to pay back the initial investment on a
project
 Accounting Rate of Return on Investment (ROI) which approximates the accounting income
earned by the investment.
 Present value that measures value of a payment or stream of payments to be received.
 Net present value which determines amount of money an investment is worth. If the cash
flow is positive over the time period, it means that the investment returns more benefits than
it costs.
 Cost-benefit ratio that calculates returns from capital expenditure.
 Profitability index that compares profitability of alternative investments by dividing the
present value of total cash inflow by initial cost.
 Internal Rate of Return (IRR) that measures the rate of return or profit an investment is
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 75

expected to earn.

6.0 SECURING INFORMATION SYSTEMS

6.1 SYSTEM VULNERABILITY AND ABUSE

When data are stored in digital form, they are more vulnerable than when they exist in manual form.

Security refers to the policies, procedures, and technical measures used to prevent unauthorized
access, alteration, theft, or physical damage to information systems.

Controls consist of all the methods, policies, and organisational procedures that ensure the safety of
the organisation's assets; the accuracy and reliability of its accounting records; and operational
adherence to management standards.

Threats to computerized information systems include hardware and software failure; user errors;
physical disasters such as fire or power failure; theft of data, services, and equipment; unauthorized
use of data; and telecommunications disruptions. On-line systems and telecommunications are
especially vulnerable because data and files can be immediately and directly accessed through
computer terminals or at points in the telecommunications network.

Reasons for system vulnerability and abuse:

a) A complex information system cannot be replicated manually.
b) Computerized procedures appear to be invisible and are not easily understood or audited.
c) Although the chances of disaster in automated systems are no greater than in manual
systems, the effect of a disaster can be much more extensive. In some cases all of a system‘s
records can be destroyed and lost forever.
d) On-line information systems are directly accessible by many individuals. Legitimate users
may gain easy access to portions of computer data that they are not authorized to view.
Unauthorized individuals can also gain access to such systems.
e) Through telecommunications networks, information systems in different locations can be
interconnected. The potential for authorized access, abuse, or fraud is not limited to a single
location but can occur at any access point in the network.
f) Wireless networks using radio-based technology are even more vulnerable to penetration
because radio frequency bands are easy to scan.
g) The Internet poses special problems because it was explicitly designed to be accessed easily
by people on different computer systems.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 76

Figure 6: Contemporary Security Challenges and Vulnerabilities

6.1.1 Security Threats to Information Systems

Controls upon information systems are based upon the two underlying principles of the need to
ensure the accuracy of the data held by the organisation and the need to protect against loss or
damage. The most common threats faced by organisational information systems can be placed into
the following categories of accidents, natural disasters, sabotage (industrial and individual),
vandalism, theft, unauthorised use (hacking) and computer viruses which will now be described.

Types of Vulnerabilities
 Illegal access and use: One of the most common security risks in relation to computerised
information systems is the danger of unauthorised access to confidential data. Crimes
involving illegal system access and use of computer services are a concern to both
government and business. Most security breaches involving confidential data can be
attributed to the employees of the organisation.

Since the outset of information technology, computers have been plagued by criminal
hackers. A criminal hacker is a person who attempts to gain unauthorised access to a
computer-based information system, usually via a telecommunications link. In many cases,
criminal hackers are people looking for fun and excitement – the challenge of beating the
system. A criminal hacker is also called a cracker who is a computer-savvy person who
attempts to gain unauthorized or illegal access to computer systems to steal passwords,
corrupt files and programs, or even transfer money. However, this is the popular use of this
term and is considered incorrect by many IT professionals. Hackers enjoy computer
technology and spend time learning and using computer systems. Traditionally, ‗hacking‘
referred to the process of writing program code, so hackers were nothing more than skilled

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 77

computer programmers. Even today, many people consider themselves to be ‗hackers‘ of the
traditional kind and dislike being associated with the stereotype of a computer criminal.

 Data Alteration and Destruction: Data and information are valuable corporate assets. The
intentional use of illegal and destructive programs to alter or destroy data is as much a crime
as destroying tangible goods. Most common of these types of programs are viruses and
worms. Virus is a program that attached itself to other programs. Worms are the once which
are independent program that replicates its own program files until it interrupts the operation
of networks and computer systems. There are over 60,000 known computer viruses today,
with over 5,000 new viruses and worms being discovered each year.

There are several different types of computer virus. Some examples include:
o The link virus attaches itself to the directory structure of a disk. In this way, the virus
is able to manipulate file and directory information. Link viruses can be difficult to
remove since they become embedded within the affected data. Often, attempts to
remove the virus can result in the loss of the data concerned.
o Parasitic viruses insert copies of themselves into legitimate programs, such as
operating system files, often making little effort to disguise their presence. In this way,
each time the program file is run, so too is the virus. Additionally, the majority of
viruses are created as terminate and stay resident (TSR) programs. Once activated, the
virus remains in the computer‘s memory performing various operations in the
background. Such operations might range from creating additional copies of itself to
deleting files on a hard disk.
o Macro viruses are created using the high-level programming languages found in e-
mail packages, web browsers and applications software, such as word processors.
Technically, such viruses are extremely crude but are capable of causing a great deal
of damage.
o With the possible exception of anti-viruses, all viruses must be considered to be
harmful. Even if a virus program does nothing more than reproduce itself, it may still
cause system crashes and data loss. In many cases, the damage caused by a computer
virus might be accidental, arising merely as the result of poor programming.
 Information and Equipment Theft: Theft can be divided into two basic categories; data
theft and physical theft. Data theft normally involves making copies of important files
without causing any harm to the originals. Physical theft, as the term implies, involves the
theft of hardware and software.

Individuals who illegally access systems often do so to steal data and information. Using
password sniffers is another approach. A password sniffer is a small program hidden in a
network or a computer system that records identification numbers and passwords. Using a
password sniffer, a criminal hacker can gain access to computers and networks to steal data
and information, invade privacy, plant viruses, and disrupt computer operations. Service
organisations are particularly vulnerable to data theft since their activities tend to rely heavily
upon access to corporate databases.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 78

In addition to theft of data and software, many different computer systems and equipment
have been stolen from offices. To fight computer crime, many companies use devices that
disable the disk drive and lock the portable computer to the desk. Software and Internet
Piracy Software piracy is the act of illegally duplicating software. Internet piracy means
illegally gaining access to and using the Internet.
 Accidents: A number of estimates suggest that 40–65% of all damage caused to information
systems or corporate data arises as a result of human error. Some examples of the ways in
which human errors can occur include:
 Inaccurate data entry: As an example, consider a typical relational database management
system, where update queries are used to change records, tables and reports. If the contents
of the query are incorrect, errors might be produced within all of the data manipulated by the
query. Although extreme, significant problems might be caused by adding or removing even
a single character to a query. Errors in handling files, including formatting a disk by mistake,
copying an old file over a newer one, and deleting a file by mistake
 Attempts to carry out tasks beyond the ability of the employee. In smaller computer-
based information systems, a common cause of accidental damage involves users attempting
to install new hardware items or software applications. In the case of software applications,
existing data may be lost when the program is installed or the program may fail to operate as
expected.
 Failure to comply with procedures for the use of organisational information systems.
Where organisational procedures are unclear or fail to anticipate potential problems, users
may often ignore established methods, act on their own initiative or perform tasks
incorrectly. Failure to provide access to the most current information by not adding new and
deleting old URL links
 Failure to carry out backup procedures or verify data backups. In addition to carrying
out regular backups of important business data, it is also necessary to verify that any backup
copies made are accurate and free from errors.
 Natural disasters: All information systems are susceptible to damage caused by natural
phenomena, such as storms, lightning strikes, floods and earthquakes.
 Sabotage: With regard to information systems, sabotage may be deliberate or unintentional
and carried out on an individual basis or as an act of industrial sabotage. Individual sabotage
is typically carried out by a disgruntled employee who wishes to exact some form of revenge
upon their employer. The logic bomb (sometimes known as a ‗time bomb‘) is a well-known
example of how an employee may cause deliberate damage to the organisation‘s information
systems. A logic bomb is a destructive program that activates at a certain time or in reaction
to a specific event. In most cases, the logic bomb is activated some months after the
employee has left the organisation.
 Vandalism: Deliberate damage caused to hardware, software and data is considered a
serious threat to information systems security. The threat from vandalism lies in the fact that
the organisation is temporarily denied access to some of its resources. Even relatively minor
damage to parts of a system can have a significant effect on the organisation as a whole. In a

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 79

small network system, for example, damage to a server or shared storage device might
effectively halt the work of all those connected to the network. In larger systems, a reduced
flow of work through one part of the organisation can create bottlenecks, reducing the overall
productivity of the entire organisation. Damage or loss of data can have more severe effects
since the organisation cannot make use of the data until it has been replaced.
 Computer related Mistakes: Errors in computer programs, Installing computing capacity
inadequate for the level of activity on corporate Web sites
 Inadequate planning: Inadequate planning for and control of equipment malfunctions.
Inadequate planning for and control of environmental difficulties (electrical problems,
humidity problems, etc.)
 Denial of service (DoS): As companies begin to rely on network technology to reduce costs,
they become more vulnerable to certain risks. For example, more harm can be caused if an
individual gains access to a network server than if they merely gain access to a single PC.
Similarly, companies relying on the Internet for business communications may find
themselves subject to denial of service attacks. Typically, these attacks involve blocking the
communications channels used by a company. For example, an e-mail system might be
attacked by sending millions of lengthy messages to the company. Other techniques involve
altering company web pages or attacking the systems used to process online transactions. In
these cases, companies are usually forced to shut down services themselves until the problem
can be dealt with. The impact of a denial of service attack can be extremely severe, especially
for organisations that rely heavily on the Internet for e-commerce.
 Trojans: Recently the use of Trojans to disrupt company activities or gain access to
confidential information has grown sharply. Most of the Trojans encountered by business
organisations are designed to gather information and transmit regular reports back to the
owner. Typically, a Trojan will incorporate a key logging facility (sometimes called a
‗keystroke recorder‘) to capture all keyboard input from a given computer. Capturing
keyboard data allows the owner of the Trojan to gather a great deal of information, such as
passwords and the contents of all outgoing e-mail messages. Some Trojans are designed to
give owners control over the target computer system. Effectively, the Trojan acts as a remote
control application, allowing the owner to carry out actions on the target computer as if they
were sitting in front of it. Sometimes, the owner of the Trojan will make no effort to conceal
their activities: the victim sees actions being carried out but is unable to intervene, short of
switching off the computer. More often, however, the Trojan operates silently and the victim
is unaware that their computer is running programs, deleting files, sending e-mail, and so on.
Some programs are designed to disrupt company activities by initiating denial of service
attacks or by attacking company servers. However, incidents involving these kinds of Trojan
are rare since they often require very high levels of access to company systems.
 Identity theft and brand abuse: Identity theft involves using another person‘s identity to
carry out acts that range from sending libellous e-mail to making fraudulent purchases. It is
considered relatively easy to impersonate another person in this way, but far harder to prove
that communications did not originate from the victim. For business organisations, there is a
threat that employees may be impersonated in order to place fraudulent orders. Alternatively,
a company may be embarrassed if rumours or bogus press releases are transmitted via the
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 80

Internet. The term brand abuse is used to cover a wide range of activities, ranging from the
sale of counterfeit goods, for example software applications, to exploiting a well-known
brand name for commercial gain. As an example, the name of a well-known company might
be embedded into a special web page so that the page receives a high ranking in a search
engine. Users searching for the name of the company are then likely to be diverted to the
special web page where they are offered a competitor‘s goods instead.
 Extortion and bribing: Various approaches can be used to extort money from companies
such as cybersquatting and the threat of divulging customer information. Cybersquatting
involves registering an Internet domain that a company or celebrity is likely to want to own.
Although merely registering a domain is not illegal in itself, some individuals attempt to
extort money from companies or celebrities in various ways. Typically, the owner of the
domain will ask for a large sum in order to transfer the domain to the interested party.
Sometimes, however, demands for money may be accompanied by threats, such as the threat
the domain will be used in a way that will harm the victim‘s reputation unless payment is
forthcoming. Although there is an established mechanism for dealing with disputes over
domain names, many victims of cybersquatting choose not to use these procedures since they
do not wish to attract negative publicity.
 Abuse of resources: Organisations have always needed to ensure that employees do not take
advantage of company resources for personal reasons. Whilst certain acts, such as sending
the occasional personal e- mail, are tolerated by most companies, the increased availability of
Internet access and e-mail facilities increases the risk that such facilities may be abused. Two
examples of the risks associated with increased access to the Internet involve libel and
cyberstalking. Cyberstalking is a relatively new form of crime that involves the harassment
of individuals via e-mail and the Internet. Of interest to business organisations is the fact that
many stalkers make use of company facilities in order to carry out their activities. There have
also been cases of ‗corporate stalking‘ where an organisation has used its resources to harass
individuals or business competitors. For an organisation, the consequences of cyberstalking
can include a loss of reputation and the threat of criminal and civil legal action.
 Other risks: This section provides a discussion of two additional examples of emerging
threats: cyberterrorism and stock fraud. Cyberterrorism describes attacks made on
information systems that are motivated by political or religious beliefs. Organisations
involved in the defence industries are often the victims of such attacks. However, many other
companies are also at risk from politically motivated attacks. For example, companies
trading in countries that are in political turmoil or companies with business partners in these
countries also face the risk of such attacks. A number of recent cases have highlighted the
danger of allowing inaccurate or misleading information to propagate across the Internet.
Online stock fraud involves artificially increasing or decreasing the values of stocks by
spreading carefully designed rumours across bulletin boards and chat-rooms. Whilst such
activities may seem relatively harmless, companies can suffer significant losses. Incidences
of online stock fraud highlight an extremely important issue: organisations are at risk from
the distribution of false information across the Internet. It is important to note that the effects
of online stock fraud are not limited only to influencing stock prices. Imagine, for example,
what might happen if bogus press releases began to appear when a company was in the
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 81

process of negotiating a merger or strategic alliance. Preventing inaccurate or misleading

information from appearing on the Internet is fraught with difficulty. The sheer size of the
Internet means that monitoring web sites, chat-rooms and news services places an
unacceptable burden on the resources of even the largest organisations.

6.2 PROTECTING INFORMATION SYSTEMS

A key to successful security implementation is finding a reasonable balance between system

protection and user autonomy and convenience. Security management consists of nurturing a
security-conscious organisational culture, developing tangible procedures to support security, and
managing the myriad of pieces that make up the system. Effective system security depends on
creating a workplace environment and organisational structure where management understands and
fully supports security efforts, and users are encouraged to exercise caution.

Management must:
 Communicate to staff that protecting the system is not only in the organisation"s interests, but
also in the best interest of users.
 Increase staff awareness of security issues.
 Provide for appropriate staff security training.
 Monitor user activity to assess security implementation.

6.2.1 Physical Security

Physical security is a vital part of any security plan and is fundamental to all security efforts--
without it, information security, software security, user access security, and network security are
considerably more difficult, if not impossible, to initiate. Physical security refers to the protection of
building sites and equipment (and all information and software contained therein) from theft,
vandalism, natural disaster, manmade catastrophes, and accidental damage (e.g., from electrical
surges, extreme temperatures, and spilled coffee). It requires solid building construction, suitable
emergency preparedness, reliable power supplies, adequate climate control, and appropriate
protection from intruders.

The reasoning behind such an approach is extremely simple: if access to rooms and equipment is
restricted, risks of theft and vandalism are reduced. Furthermore, by preventing access to
equipment, it is less likely that an unauthorised user can gain access to confidential information.
Locks, barriers and security chains are examples of this form of control.

6.2.2 Data and Information Security

One of an organisation's most valuable assets is its information. Government laws, common sense
and good practice require and suggest that certain types of information (e.g., individual student
records) be protected. Both confidential and non-confidential information in a system should be
protected from unauthorized release as much as from unauthorized modification and unacceptable
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 82

influences on its accessibility.

Components of Information Security

 Confidentiality— ―Preserving authorized restrictions on information access and disclosure,
including means for protecting personal privacy and proprietary information. A loss of
confidentiality is the unauthorized disclosure of information.
 Integrity — ―Guarding against improper information modification or destruction, and
includes ensuring information non-repudiation and authenticity. A loss of integrity is the
unauthorized modification or destruction of information.
 Availability— ―Ensuring timely and reliable access to and use of information. Loss of
availability is the disruption of access to or use of information or an information system.

Information Security Countermeasures

 Carry out a risk assessment to identify data and information security risks and include
solutions in the information system security policy.
 Transmit Information Securely (including e-mail): Use of security features such as
encryption. Physically protect data encryption devices and keys. Inform staff that all
messages sent with or over the organisation's computers belong to the organisation. Use dial-
up communication only when necessary. Install automatic terminal identification, dial-back,
and encryption. Verify the receiver's authenticity before sending information anywhere.
 Present Information for Use in a Secure and Protected Way: Use "views" and "table-
design" applications: A "view" selects only certain fields within a table of information for
display, based on the user's access rights. Other table fields are excluded from the user's view
and are thus protected from use. For example, although a school record system may contain a
range of information about each student, Food Services staff can view only information
related to their work and Special Education staff can view only information related to their
work. This type of system maintains information much more securely than traditional paper
systems, while at the same time increasing statistical utility and accountability options.
 Back up Information Appropriately: Back up not only information, but also the programs
used to access information, such as operating system utilities so that access to them is
retained even if the hard drive goes down. Maintain current copies of critical application
software and documentation as securely as if they were sensitive data. Choose backup
software that includes an encryption and have verification features. Rotate backup tapes.
 Store Information Properly: Apply recommended storage principles to original and backup
files alike. Clearly label disks, tapes, containers, cabinets, and other storage devices.
Segregate sensitive information, restrict handling of sensitive information to authorized
personnel, write-protect important files, train staff to promptly notify the system
administrator when data are, or are suspected of being, lost or damaged, and create a media
library if possible.
 Dispose of Information in a Timely and Thorough Manner: Institute a specific
information retention and disposal policy as determined by the organisation's needs and legal
requirements.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 83

6.2.3 Software Security

Software is the means by which users control what they are doing on a computer system.
Application software affects all areas of computing. Its security, therefore, is essential to the overall
security of your information and system. Software security requires policies on software
management, acquisition and development, and pre-implementation training. Examples of Software
threats include: Natural events (e.g., aging and dirty media), intentional acts of destruction (e.g.,
hacking, creation of computer viruses, and copyright infringement), unintentionally destructive acts
(e.g., accidental downloading of computer viruses, losing instructions, and programming errors).

Software Security Countermeasures

 Carry out a risk assessment to identify software security risks and include solutions in the
information system security policy.
 Coordinate (and centralize) the organisation's software management: use formal testing
and certification procedures for new or modified software, maintain an off-site location for
critical backup copies, secure master copies of software and associated documentation, never
lend or give proprietary software to unlicensed users, and test software backup files
periodically to ensure that they "restore" properly, use only licensed and organisationally
approved software on workplace equipment, permit only authorized personnel to install
software, train staff on software use and security policies. The best designed software for
accessing and manipulating information is useless if staff are unable to use it properly.
 Regulate Software Acquisition and Development: Properly define security needs before
purchasing or developing new software, require written authorization before anyone tampers
with software, conduct design reviews (that include users) throughout the development
process to ensure that the product will satisfy functional specifications and security
requirements, modify archived copies of software (not the copy that is up and running on the
system) so that active applications and files are not put at risk, software that is developed or
modified by a programmer must be reviewed by an independent programmer to verify that
all code is appropriate and correct, master files of all developed software should be maintain
because the software belongs to the organisation and not the programmer, ensure that
documentation for all new or revised programming is made and includes the name of the
developer, the name of the programming language, the development date, the revision
number, and the location of the master copy (i.e., the source code), verify authenticity of
public software programs, avoid using 'bleeding edge' software for mission-critical activities.
 Detecting and preventing virus infection: The risk of virus infection can be reduced to a
minimum by implementing a relatively simple set of security measures. All new disks,
machines and any software originating from an outside source should be checked with a
virus detection program before use.
 Thoroughly Test Newly Acquired and Developed Software: Verify that new or upgraded
software meets anticipated user needs, current system requirements, and all organisational
security standards, never test application software with "live" data, test software in a separate
test environment and on independent machines.
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 84

Move to ethical consideratio

Major Personal Data Protection Principles
 Purpose and manner of collection: This provides for the lawful and fair-collection of
personal data and sets out the information a data user must give to a data subject when
collecting personal data from that subject.
 Accuracy and duration of retention: This provides that personal data should be accurate, up-
to-date and kept no longer
 Use of personal data: This provides that unless the data subject gives consent otherwise
personal data should be used for the purposes for which they were collected or a directly
related purpose.
 Security of personal data: This requires appropriate security measures to be applied to
personal data (including data in a form in which access to or processing of the data is not
practicable).
 Information to be generally available: This provides for openness by data users about the
kinds of personal data they hold and the main purposes for which personal data are used.
 Access to personal data: This provides for data subjects to have rights of access to and
correction of their personal data.

6.2.4 User Access Security

User access security refers to the collective procedures by which authorized users access a computer
system and unauthorized users are kept from doing so. user access security limits even authorized
users to those parts of the system that they are explicitly permitted to use (which, in turn, is based on
their "need-to-know").

User Access Security Countermeasures

 Implement individual User account by which each user accesses the System: Limit user
access to only those files they need to do their jobs, Avoid shared accounts, secure the user
account name list, monitor account activities through the audit trail feature, terminate
dormant accounts after a pre-set period of inactivity (e.g., 30 days). Require Users to
"Authenticate" themselves in order to access their account. The following authentication
options progress from least secure to most secure, as well as from least expensive to most
expensive:
o Something the user knows (e.g., a password--see below)
o Something the user has (e.g., an electronic key card)
o Something the user is (e.g., biometrics--finger printing, voice recognition, and hand
geometry)

 Passwords: Because passwords are the most common method of user authentication, they
deserve special attention.
Password selection:
o Require that passwords be at least six characters in length (although eight to ten are
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 85

preferable).
o Prohibit the use of passwords that are words, names, dates, or other commonly
expected formats.
o Forbid the use of passwords that reflect or identify the account owner (e.g., no
birthdates, initials, or pet names).
o Require a mix of characters (i.e., letters/numbers and upper/lower case if the system is
case sensitive).
o One way to effectively create apparently random passwords that can be memorized
easily is to use the first letter of each word in a favorite quote, capitalize every other
letter, and add a number. For example, Longfellow's "One if by land, two if by sea"
(from Paul Revere's Ride) becomes the password "oIbLtIbS3".23
Password maintenance:
o Require the system administrator to change all pre-set passwords that are built into
software (e.g., supervisor, demo, and root), systematically require passwords to be
changed at pre-set intervals (e.g., once per month), maintain zero-tolerance for
password sharing.
o Forbid unsecured storage of personal passwords (e.g., they should not be written on a
note and taped to the side of a monitor), Never send a password as a part of an e-mail
message,
o Mask (or otherwise obscure) password display on the monitor when users type it in,
remind users that it is easy to change passwords if they think that theirs may have
been compromised, maintain an encrypted history of passwords to make sure that
users are not simply recycling old passwords when they should be changing them,
monitor the workplace to ensure that all regulations are being followed.

 The security manager must be open to the concerns of system users.

 Establish Standard Account and Authentication Procedures (known as log-in procedures):
 Limit users to acceptable log-in times, locations, and number of allowable log-in attempts,
Users should be required to log off every time they leave their workstations (e.g., for lunch,
breaks, and meetings)
 Recognize that routine physical security plays an important role in user access management:
Protect every access node in the system. An "access node" is a point on a network through
which you can access the system. If even one such point is left unsecured, then the entire
system is at risk. Protect cables and wires as if they were access nodes, disconnect CD drives
from servers because sophisticated intruders can boot-up from an external disk drive, install
screen savers (with mandatory locking features) to prevent information from being read by
anyone who passes by.
 Pay particular attention to remote access systems (i.e., when someone, including an
authorized user, accesses your system from off-site via a modem): Use software that requires
"message authentication" in addition to "user authentication": Even if a user can provide the
right password, each message sent and received must have its delivery verified to ensure that
an unauthorized user didn't interrupt the transmission.
 Investigate security features of external networks to which the system connects: If
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 86

security cannot be verified, then additional precautions must be taken by installing firewalls
on the system at external access points
 Biometric controls: These controls make use of the unique characteristics of individuals in
order to restrict access to sensitive information or equipment. Scanners that check
fingerprints, voice prints or even retinal patterns are examples of biometric controls. Until
relatively recently, the expense associated with biometric control systems placed them out of
reach of all but the largest organisations. Many organisations have now begun to look at
ways in which biometric control systems can be used to reduce instances of fraud.

6.2.5 Network Security

Network security has emerged as one of today's highest-profile information security issues. Many
organisations have already connected their computing resources into a single network; others are in
the process of doing so. Network security goals fall within two major domains.
 protecting your networks, information, and other assets from outside users who enter your
network from the Internet.
 The second deals with safeguarding information as it is being transmitted over the network
especially the internet.

Network Security Countermeasures

 Protect Your Network from Outsiders: implementation of relatively straightforward
security measures like encryption software, virus scans, remote access regulations, and
passwords, use firewalls, locate equipment and information that is intended for external users
outside of the firewall.
 Protect Transmissions Sent over the Internet: Use Secure Sockets Layer (SSL) Servers to
secure financial and information transactions made with a Web browser, authenticate
messages through the use of digital signatures, digital certificates, time stamps or sequence
numbers. Another way to recognize when messages have been modified is to challenge the
"freshness" of the message. This is done by embedding time stamps, sequence numbers, or
random numbers in the message to indicate precisely when and in what order the message
was sent. If a received message's time and sequence are not consistent, you will be alerted
that someone may have tampered with the transmission.

6.2.6 Formal Information System Security Policy

Perhaps the simplest and most effective control is the formulation of a comprehensive policy on
security. Amongst a wide variety of items, such a policy will outline:
 what is considered to be acceptable use of the information system,
 what is considered unacceptable use of the information system,
 the penalties available in the event that an employee does not comply with the security policy
and the details of the controls in place, including their form and function and plans for
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 87

developing these further.

Once a policy has been formulated, it must be publicised in order for it to become effective. In
addition, the support of management is essential in order to ensure that employees adhere to the
guidelines contained within the policy.

6.2.7 Organisational Procedures

Under normal circumstances, a set of procedures for the use of an information system will arise
from the creation of a formal security policy. Such procedures should describe in detail the correct
operation of the system and responsibilities of users. Additionally, the procedures should highlight
issues related to security, should explain some of the reasoning behind them and should also
describe the penalties for failing to comply with instructions.

6.3 APPROACHES TO INFORMATION SYSTEMS PROTECTION

In general, there are four major approaches that can be taken to ensure the integrity of an
information system. These are containment, deterrence, obfuscation and recovery.

 Containment: The strategy of containment attempts to control access to an information

system. One approach involves making potential targets as unattractive as possible. This can
be achieved in several ways but a common method involves creating the impression that the
target information system contains data of little or no value. It would be pointless, for
example, attempting to steal data that had been encrypted. The data would effectively be
useless to anyone except the owner. A second technique involves creating an effective series
of defences against potential threats. If the expense, time and effort required to gain access to
the information system is greater than any benefits derived from gaining access, then
intrusion becomes less likely.

 Deterrence: A strategy based upon deterrence uses the threat of punishment to discourage
potential intruders. The overall approach is one of anticipating and countering the motives of
those most likely to threaten the security of the system. A common method involves
constantly advertising and reinforcing the penalties for unauthorised access. It is not
uncommon, for example, to dismiss an employee for gaining access to confidential data.
Similarly, it is not uncommon for organisations to bring private prosecutions against those
who have caused damage or loss to important information systems.

 Obfuscation: Obfuscation concerns itself with hiding or distributing assets so that any
damage caused can be limited. One means by which such a strategy can be implemented is
by monitoring all of the organisation‘s activities, not just those related to the use of its
information systems. This provides a more comprehensive approach to security than
containment or deterrence since it also provides a measure of protection against theft and
other threats. A second method involves carrying out regular audits of data, hardware,
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 88

software and security measures. In this way, the organisation has a more complete overview
of its information systems and can assess threats more accurately. A regular software audit,
for example, might result in a reduction in the use of illegal software. In turn, this might
reduce the number of virus infections suffered by the organisation, avoid potential litigation
with software companies and detect illegal or unauthorised use of programs and data. The
dispersal of assets across several locations can be used to discourage potential intruders and
can also limit the damage caused by a successful attack. The use of other techniques, such as
backup procedures, can be used to reduce any further threats.

 Recovery: A strategy based upon recovery recognises that, no matter how well defended, a
breach in the security of an information system will eventually occur. Such a strategy is
largely concerned with ensuring that the normal operation of the information system is
restored as quickly as possible, with as little disruption to the organisation as possible. The
most important aspect of a strategy based upon recovery involves careful organisational
planning. The development of emergency procedures that deal with a number of
contingencies is essential if a successful recovery is to take place. In anticipating damage or
loss, a great deal of emphasis is placed upon backup procedures and recovery measures. In
large organisations, a backup site might be created, so that data processing can be switched to
a secondary site immediately in the event of an emergency. Smaller organisations might
make use of other measures, such as RAID facilities or data warehousing services.

7.0 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS

Technology can be a double-edged sword. It can be the source of many benefits but it can also
create new opportunities for invasion of privacy, and enabling the reckless use of that information in
a variety of decisions about an entity.

Ethics refers to the principles of right and wrong; that individuals, acting as free moral agents, use to
make choices to guide their behaviors. Basics concepts for ethical analysis include:

 Responsibility: means that you accept the potential costs, duties, and obligations for the
decisions you make.

 Accountability is a feature of systems and social institutions and means mechanisms are in
place to determine who took responsible action, and who is responsible.

 Liability is a feature of political systems in which a body of laws is in place that permits
individuals to recover the damages done to them by other actors, systems, or organisations.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 89

 Due process is a related feature of law-governed societies and is a process in which laws are
known and understood, and there is an ability to appeal to higher authorities to ensure that the
laws are applied correctly.

7.1 MORAL DIMENSIONS IN INFORMATION SYSTEMS

The major ethical, social, and political issues raised by information systems include the following
moral dimensions:

 Information rights and obligations:

Privacy is the claim of individuals to be left alone, free from surveillance or interference
from other individuals or organisations, including the state. What information rights do
individuals and organisations possess with respect to themselves? What can they protect?
Informed consent can be defined as consent given with knowledge of all the facts needed to
make a rational decision.

 Property rights and obligations. How will traditional intellectual property rights be protected
in a digital society in which tracing and accounting for ownership are difficult and ignoring such
property rights is so easy?

Intellectual Property: Intellectual property is considered intangible property created by

individuals or corporations. Information technology has made it difficult to protect intellectual
property because computerized information can be so easily copied or distributed on networks.
Intellectual property is subject to a variety of protections under three different legal traditions:
trade secrets, copyright, and patent law.

o Trade Secrets: Any intellectual work product – a formula, device, pattern, or

compilation of data-used for a business purpose can be classified as a trade secret,
provided it is not based on information in the public domain.
o Copyright: Copyright is a statutory grant that protects creators of intellectual property
from having their work copied by others for any purpose during the life of the author
plus an additional 70 years after the author‘s death.
o Patents: A patent grants the owner an exclusive monopoly on the ideas behind an
invention for 20 years. The congressional intent behind patent law was to ensure that
inventors of new machines, devices, or methods receive the full financial and other
rewards of their labor and yet make widespread use of the invention possible by
providing detailed diagrams for those wishing to use the idea under license from the
patent‘s owner.

 Accountability and Control: Who can and will be held accountable and liable for the harm
done to individual and collective information and property rights?

 System Quality: Three principle sources of poor system performance are:

1) software bugs and errors

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 90

2) hardware or facility failures caused by natural or other causes and

3) poor input data quality.

The software industry has not yet arrived at testing standards for producing software of
acceptable but not perfect performance. What standards of data and system quality should we
demand; to protect individual rights and the safety of society?

 Quality of Life: What values should be preserved in an information- and knowledge-based

society?

 Balancing Power: Center Versus Periphery: Lower level employees many be empowered
to make minor decisions but the key policy decisions may be as centralized as in the past.
 Rapidity of Change: Reduced Response Time to Competition: Information systems have
helped to create much more efficient national and international market. The now-more-
efficient global marketplace has reduced the normal social buffers that permitted businesses
many years to adjust to competition. We stand the risk of developing a ―just-in-time society‖
with ―just-in-time jobs‖ and ―just-in-time‖ workplaces, families, and vacations.
 Maintaining Boundaries: Family, Work, and Leisure: The danger to ubiquitous
computing, telecommuting, nomad computing, and the ―do anything anywhere‖ computing
environment is that it is actually coming true. The traditional boundaries that separate work
from family and just plain leisure have been weakened. The work umbrella now extends far
beyond the eight-hour day.
 Dependence and Vulnerability: Today our businesses, governments, schools, and private
associations, such as churches are incredibly dependent on information systems and are,
therefore, highly vulnerable if these systems fail. The absence of standards and the criticality
of some system applications will probably call forth demands for national standards and
perhaps regulatory oversight.
 Computer Crime and Abuse: New technologies, including computers, create new
opportunities for committing crimes by creating new valuable items to steal, new way to steal
them, and new ways to harm others. Computer crime is the commission illegal acts through
the use of a computer or against a computer system. Simply accessing a computer system
without authorization or with intent to do harm, even by accident, is now a federal crime.
Computer abuse is the commission of acts involving a computer that may not illegal but
that are considered unethical. The popularity of the Internet and e-mail has turned one form
of computer abuse – spamming – into a serious problem for both individuals and businesses.
Spam is junk e-mail sent by an organisation or individual to a mass audience of Internet
users who have expressed no interest in the product or service being marketed.
 Employment: Trickle-Down Technology and Reengineering Job Loss: Reengineering
work is typically hailed in the information systems community as a major benefit of new
information technology. It is much less frequently noted that redesigning business processes
could potentially cause millions of mid-level managers and clerical workers to lose their
jobs. One economist has raised the possibility that we will create a society run by a small
―high tech elite of corporate professionals…in a nation of permanently unemployed‖ (Rifkin,

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 91

1993). Careful planning and sensitivity to employee needs can help companies redesign
work to minimize job losses.
 Increasing Racial and Social Class Gaps: Several studies have found that certain income
groups are less likely to have computers or online Internet access. Public interest groups want
to narrow this digital divide by making digital information services – including the Internet –
available to virtually everyone.
 Health Risks: RSI, CVS, and Technostress: The most common occupational disease today
is repetitive stress injury (RSI). RSI occurs when muscle groups are forced through repetitive
actions often tens of thousands of repetitions under low-impact loads. The single largest
source of RSI is computer keyboards. The most common kind of computer-related RSI is
carpal tunnel syndrome (CTS), in which pressure on the median nerve through the wrist‘s
bony structure, called a carpal tunnel, produces pain. Millions of workers have been
diagnosed with carpal tunnel syndrome. Computer vision syndrome (CVS) refers to any
eyestrain condition related to display screen use in desktop computers, laptops, e-readers,
smart-phones, and hand-held video games. Its symptoms, which are usually temporary,
include headaches, blurred vision, and dry and irritated eyes. The newest computer-related
malady is technostress, which is stress induced by computer use. Its symptoms include
aggravation, hostility toward humans, impatience, and fatigue. Technostress is thought to be
related to high levels of job turnover in the computer industry, high levels of early retirement
from computer-intense occupations, and elevated levels of drug and alcohol abuse.
 The Problem of Electronic Waste: Personal computers have been around for over thirty-
five years. Millions of them have been used and discarded. Mobile phones are now available
in even the remotest parts of the world and, after a few years of use, they are discarded.
Often, they get routed to any country that will accept them. Many times, they end up in
dumps in developing nations. These dumps are beginning to be seen as health hazards for
those living near them. Though many manufacturers have made strides in using materials
that can be recycled, electronic waste is a problem with which we must all deal.
Some Computer Waste Examples:
- Some companies discard old software and even complete computer systems when
they still have value.
- Some companies waste corporate resources to build and maintain complex systems
never used to their fullest extent.
- Employees may waste the amount of company time and money for playing
computer games, sending unimportant e-mail, or accessing the Internet. Junk e-
mail, also called spam, and junk faxes also cause waste.

7.2 KEY TECHNOLOGY TRENDS THAT RAISE ETHICAL ISSUES

 Dependence and vulnerability to system errors: The doubling of computing power every 18
months has made it possible for most organisations to use information systems for their core
production processes. As a result, our dependence on systems and our vulnerability to system
errors and poor data quality have increased. Social rules and laws have not yet adjusted to this

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 92

dependence. Standards for ensuring the accuracy and reliability of information systems are not
universally accepted or enforced.

 Increase in capacity to Collect and store data on individuals: Advances in data storage
techniques and rapidly declining storage costs have been responsible for the multiplying
databases on individuals—employees, customers, and potential customers—maintained by
private and public organisations. These advances in data storage have made the routine violation
of individual privacy both cheap and effective. Already massive data storage systems are cheap
enough for regional and even local retailing firms to use in identifying customers.

 Advances in data analysis techniques for large pools of data are a third technological trend
that heightens ethical concerns because companies and government agencies are able to find out
much detailed personal information about individuals. With contemporary data management
tools companies can assemble and combine the myriad pieces of information about you stored
on computers much more easily than in the past. Credit card purchases can make personal
information available to market researchers, telemarketers, and direct mail companies. Advances
in information technology facilitate the invasion of privacy

o Profiling – the use of computers to combine data from multiple sources and create
electronic dossiers of detailed information on individuals.
o Non-obvious relationship awareness (NORA) – a more powerful profiling capabilities
technology, can take information about people from many disparate sources, such as
employment applications, telephone records, customer listings, and ―wanted‖ lists,
and correlated relationships to find obscure hidden connections that might help
identify criminals or terrorists.

 Advances in networking, including the Internet, promise to reduce greatly the costs of moving
and accessing large quantities of data and open the possibility of mining large pools of data
remotely using small desktop machines, permitting an invasion of privacy on a scale and with a
precision heretofore unimaginable. The development of global digital superhighway
communication networks widely available to individuals and businesses poses many ethical and
social concerns. Who will account for the flow of information over these networks? Will you be
able to trace information collected about you? What will these networks do to the traditional
relationships between family, work, and leisure? How will traditional job designs be altered
when millions of ―employees‖ become subcontractors using mobile offices for which they
themselves must pay?

7.3 ETHICAL ANALYSIS GUIDELINES

In order to carry out proper ethical analysis, one may follow 5 steps:
 Identify and describe clearly the facts: Find out who did what to whom, and where, when,
and how.
 Define the conflict or dilemma and identify the higher-order values involved: Ethical,
Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018
 93

social, and political issues always reference higher values. The parties to dispute all claim to
be pursuing higher values. Typically, ethical issue involves worthwhile values.
 Identify stakeholders: Every ethical, social and political issue has stakeholders (people
interested in the outcome, who have invested in the situation, and usually who have vocal
opinions). We should find out the identity of these groups and what they want.
 Identify the options that you can reasonably take: If none of the opinions satisfy all
interests involved, but some options do a better job than others, arriving at a good solution
may not be balancing consequences for stakeholders.
 Identify the potential consequences of your options: Some options may be ethically
correct but could have disastrous consequences from other points of view. Ask yourself
―What if I choose this option consistently over time?‖

Candidate Ethical Principles:

What ethical principles or rules one should bear in mind and use to take a decision? What higher-
order values should inform one‘s judgment? When we are taking decisions on any role, there are
some principles one should take in mind:

 Do unto others as you would have them do unto you (Golden Rule): Putting yourself into the
place of others, and thinking of yourself as the object of the decision, can help you think
about fairness in decision making.
 If an action is not right for everyone to take, it is not right for anyone (Immanuel Kant‘s
Categorical Imperative): Ask yourself if everyone did this could the organisation or society
survive?
 If an action cannot be taken repeatedly, it is not right to take at all (Descartes‘ Rule of
Change): This is the slippery slope rule: an action may bring about a small change that is
acceptable now, but if it is repeated it may bring about unacceptable changes in the long run.
 Take the action that achieves the higher or greater value (Utilitarian Principle): This rules
assumes you can prioritise values in a rank order and understand the consequences of various
courses of action.
 Take the action that produces the least harm or least potential cost (Risk Aversion Principle):
Some actions have extremely high failure costs of very low probability eg building a nuclear
generating facility in an urban area, or extremely high failure costs of moderate probability
eg speeding and car accidents. Avoid these high failure cost actions and by paying greater
attention to high failure cost potential of moderate to high probability.
 Assume that virtually all tangible and intangible objects are owned by someone unless there
is a specific declaration otherwise- Ethical ―no free lunch‖ Rule: if something someone else
has created is useful to you, it has value, and you should the creator wants compensation for
this work.

Business Information System –BAF1, BMS1, BBA1, BAS1, BBSED1, BPL1, BED1
APPROVED NOTES FOR SEMESTER II 2017 - 2018