1.

Business Process Management & IT

Business Process Management (BPM) is based on the observation that each product
that a company provides to the market is the outcome of a number of activities
performed. Business Process activities can be performed by the company’s employees
manually or by the help of information systems.

Some of the concepts that are used in BPM are:

Six Sigma is a set of strategies, techniques, and tools for process improvement. It
seeks to improve the quality of process outputs by identifying and removing the
causes of defects and minimizing variability in manufacturing and business processes.
It was developed by Motorola in 1986.

Total Quality Management (TQM): The continuous process of reducing or eliminating

errors in manufacturing, streamlining supply chain management, improving the
customer experience and ensuring that employees are up-to-speed with their
training. While TQM shares much in common with with the Six Sigma
improvement process, it is not the same as Six Sigma. While it focuses on ensuring
that internal guidelines and process standards reduce errors, Six Sigma looks to
reduce defects.

What is a Process: A process is defined as a sequence of events that uses inputs to

produce outputs. From a business perspective, a process is a coordinated and
standardized flow of activities performed by people or machines.

Process Management: Process management is based on a view of an organization as a

system of interlinked processes.

Business Process Management (BPM): BPM may be defined as: “The achievement of
an organization’s objectives through the improvement, management and control of
essential business processes”.

 Achievement: Realizing the strategic objectives as outlined in the

organization’s strategic plan.

Page | 1
  Organization: The organization in this context refers to an enterprise
or parts of an enterprise.
 Objectives: The objectives of a BPM implementation range from the
strategic goals of the organization. BPM is not an objective in itself, but
rather a means to achieving an objective.
 Improvement: It is about making the business processes more efficient and
effective.
 Management: It refers to the process and. By this we mean arranging
the people, their skills, motivation, performance measures, rewards, the
processes themselves and the structure and systems necessary to support
a process.

 Control: It has been said that BPM is about managing our end-to-
end business and If we cannot measure something, we cannot control
and manage it.
 Essential: Not every process in an organization contributes towards the
achievement of the organization’s strategic objectives. Essential processes
are the ones that do.

BPM Principles and Practices

BPM Principles:

1. BPM’s first principle is processes are assets that create value for
customers. They are to be continuously improved. Core processes
and processes that generate the most value to customers, should be
carefully managed.
2. A managed process produces consistent value to customers.

Page | 2
 Management of processes entails the tasks of measuring, monitoring,
controlling, and analyzing business processes. Measuring of
business processes provides information regarding these business
processes. Process information allows organizations to predict,
recognize, and diagnose process deficiencies, and it suggests the
direction of future improvements.
3. The third principle is continuous improvement of processes. The
business environment usually dictates that organizations need to
improve to stay competitive.

BPM Practices:

 Appoint process owners

 Senior management needs to commit and drive BPM
 Continuously train the workforce
 Align employee bonuses and rewards to business process performance;

Business Processes and Process flow

Organizations have many different business processes such as completing a sale, purchasing
raw materials, paying employees etc.

Some of the key Business Processes pertaining to accounting, sales and purchase are
explained below:

Accounting:-
Accounting covers the business processes involved in recording and processing accounting
events of a company, which will include the following transactions:

(a) Source Document: a document the capture data from transactions and
events (eg. Invoice, Cash Receipt).
(b) Journal: transactions are recorded into journals from the source document.
Page | 3
 (c) Ledger: entries are posted to the ledger from the journal.
(d) Trial Balance: unadjusted trial balance containing totals from all
account heads is prepared.
(e) Adjustments: appropriate adjustment entries are passed.
(f) Adjusted Trial balance: the trial balance is finalized post adjustments.
(g) Closing entries: appropriate entries are passed to transfer
accounts to financial statements.

Sales:-
The typical life cycle of a sales transaction which may include the following
transactions:
(i) Customer Order: a purchase order received from a customer specifying
the type, quantity and agreed prices for products.
(ii) Recording: availability of the items is checked and customer order is booked.
(iii) Pick release: the items are moved from the warehouse to the staging area.

Page | 4
 (iv) Shipping: the items are loaded onto the carrier for transport to the customer.
(v) Invoice: invoice of the transaction is generated and sent to the customer.
(vi) Receipt: money is received from the customer against the invoices.

(vii) Reconciliation: the bank reconciliation of all the receipts is performed.

Purchase:-
Typical life cycles of a purchase transaction which may include the following
transactions are stated below:
(a) Purchase requisition: a document is prepared requesting the purchase
department to place an order with the vendor specifying the quantity
and time frame.
(b) Request for quote: an invitation is sent to the vendors to join a
bidding process for specific products.
(c) Quotation: the vendors provide cost quotations for the supply of products.
(d) Purchase order: a commercial document is issued to the vendor
specifying the type, quantity and agreed prices for products.
(e) Receipts: the physical receipt of goods and invoices.
(f) Payments: the payments are made against the invoices.

Classification of Business Processes

Business processes are broadly classified into two categories. These are:
1. ‘Organizational’ Business Processes and
2. ‘Operational’ Business Processes.

Organizational business processes: These are high-level processes that

are typically specified in textual form by their inputs, their outputs, their
expected results and their dependencies on other organizational business

Page | 5
 processes. Organizational business process to manage incoming raw
materials provided by a set of suppliers is an example of an
organizational business process.
The strategy of a company, its goals, and its organizational business
processes can be described in plain text, enriched with diagrams.

The Organizational business is influenced by the business strategy of the

enterprise, i.e., by the target markets, by business strategies opening new
opportunities, and, in general, by the overall strategic goals of the
enterprise.

Operational Business Processes: These are the processes that constitute the core
business and create the primary value stream. Few examples of Operational Processes
are purchasing, manufacturing, advertising, marketing and sales.

BPM Implementation
 Factors to consider in implementing BPM:
 Scope: A single process, a department, the entire company
 Goals: Process understanding, improvement, automation, re-engineering,
optimization
 Methods to be used: Six Sigma, BPM Life Cycle Method, TQM, Informal methods
 Skills Required: Consultants, Train Employees, Formal Certification, Basic
Education, Existing Skill sets
 Tools to be used: White-Boards, Sticky Notes, Software For Mapping, Software for
Simulation
 Investments to Make: Training, Tools, Time

Page | 6
  Need for a BPM implementation:

 Create the long-term future positioning of the business and enhance its
future capability;
 Create short-term cost effectiveness and improvement to current
customer service;
 Initiate continuous improvement from the base of the current, but
improved, processes;
 Introduce a knowledge of product and customer profitability;
 Re-engineer the business radically and provide clear future competitive
differentiation;
 Address the cultural barriers that prevent effective cross-functional and
hierarchical working;
 Introduce leadership and a role for managers and empowered staff.

BPM Technology
BPM = Process and Organization (including people) + Technology

By including Technology in BPM, the organization can manage the flow of activities along
different applications, and the people involved and also reduce execution time.

 Value Chain Automation

Value chain refers to separate activities which are necessary to strengthen an

organization's strategies. Value Chain Analysis is a useful tool for working out how
we can create the greatest possible value for our customers.

Page | 7
 Six business functions of the value chain are as follows :
(i) Research and development
(ii) Design of products, services, or processes
(iii) Production
(iv) Marketing and Sales
(v) Distribution
(vi) Customer service

 Benefits & Risks in Business Process Automation (BPA)

BPA is a strategy to automate business processes so as to bring benefit to
enterprise in terms of cost, time and effort. The key benefits and risks of
BPA are given below:

 Benefits:-
Saving on costs: Automation leads to saving in time and labour costs.
Staying ahead in competition: Today, in order to survive, businesses
need to adopt automation
Fast service to customers: Business managers realized that
automation could help them to serve their customers faster and
better.

 Risks:-
Risk to jobs: Jobs that were earlier performed manually by several
employees would post-automation would be mechanized, thereby
posing a threat to jobs.
False sense of security: Automating poor processes will not gain
better business practices.

Page | 8
 Accounting Systems Automation
An Accounting Information System which is known as AIS is defined as a system of
collection, storage and processing of financial and accounting data that is used by
decision makers. An accounting information system is generally a computer-based method
for tracking accounting activity

 Basic Functions of an Accounting Information System (AIS)

(i) Collect and store data: Collect and store data about organization’s
business activities and transactions by capturing transaction data from
source documents and posting data from journals to ledgers.
(ii) Record transaction: Record transactions data into journals. These
journals present a chronological record of what occurred and provide
management with information useful for decision making.
(iii) Safeguarding organisational assets: The two important methods for
accomplishing this objective is by providing adequate documentation
of all business activities and an effective segregation of duties.
Documentation allows management to verify that assigned
responsibilities were completed correctly. Segregation of duties
refers to dividing responsibility.

 Processing Cycles of an Accounts BPM

(i) Financing Cycles: A transaction processing cycle combines one or
more types of transactions having related features or similar
objectives. The cycle consists of a set of transactions leading to the
recognition of a major economic event on the financial statements.
It is through the study of transaction cycles that we gain a clear view
of a firm’s processing framework.
(ii) Revenue Cycle: It includes transactions surrounding the recognition of revenue
involving accounts like Sales, Accounts Receivable, Inventory and General

Page | 9
 Ledger. It involves capturing and recording of customer orders; shipment of the
goods; and recording of the cost of goods sold. The billing process and the
recording of sales and accounts receivable; the capturing and recording of
cash receipts.

(iii) Expenditure Cycle: It includes transactions surrounding the

recognition of expenditures involving accounts like Purchases,
Accounts Payable, Cash Disbursements etc.
It includes preparation and recording of purchase orders; receipt of
goods and the recording of the cost of inventoryand also includes the
preparation of employee paychecks.

(iv) Human Resource Cycle

Source Document Function
W4 forms Collect employee withholding data.
Time cards Record time worked by employees.
Job time tickets Record time spent on specific jobs.

(vi) Data Processing Cycle: It may be noted, that all the above cycles
of processing involves data processing activities which has been
updated and stored. The stored information has details about the
resources affected by the event and people / personnel who
participated in the activity.

If the process of updating of the data stored is periodic, it is referred

to as batch processing and if involves immediate updating as each
transaction occurs, it is referred to as on-line, real-time processing.

Page | 10
 Impact of IT on BPM and Risks of failure of IT

BPM Systems or suites (BPMS) are a new class of software that allows enterprises to devise
process centric IT solutions.

 Benefits of BPMS

BPMS, as a technology, can deliver endless benefits to any sized organization but more
importantly these benefits are unique to a company:

(a) Automating repetitive business processes: Processes such as report

creation and reduces the manual operational costs and helps
employees to concentrate on activities that are important to the
success of business.

(b) BPMS works by 'loosely coupling' with a company's existing

applications: This enables it to monitor, extract, format and distribute
information to systems and people; in line with business events or
rules.

(c) Operational Savings: BPM focuses on optimization of processes. The

processes that are repetitive are optimized and lead to reduced
expenses which translate to immediate cost savings. By automating a
task, ROI of BPM that requires six hours of manual intervention,
one can expect to cut that time to half.

(d) Reduction in the administration involved in Compliance Standards:

Be it a quality assurance initiative such as the ISO (International
Organization for Standardization) standards, a financial audit law, or
an IT systems best‐practice implementation, companies worldwide

Page | 11
 are seeing the need to manage compliance as part of their everyday
business activities. The BPM is ideally suited to help support
companies in their quest for process improvement and
compliance/governance certification. It gives full control over
process and document change, clarity of inherent risks, and
ease with which process knowledge is communicated across the
company.

(e) Freeing‐up of employee time: While the proverb “time is money” is

often over‐used, it is very relevant to this topic, because in business,
for each additional hour it takes to complete a manual business
process, there is a hard cost associated with employee time as well as
soft costs associated with losing business or lowered productivity.
Another area where time comes into play is in opportunity costs.

 Business Risks of failure of IT

Some of the other reasons for failure of BPMS include:
 Superficial or deficient executive involvement
 Not flexible enough or too complicated to be customized to meet
the precise workflow and business process.
 Failure to identify future business needs

 Persistent compatibility problems with the diverse legacy

systems of the partners.
 Software fails to meet business needs
 System may be over-engineered when compared to the actual
requirements.
 Technological obsolescence.

Page | 12
 Business Process Reengineering

“Business Process Reengineering (BPR) is defined as the fundamental rethinking

and radical redesign of business processes to achieve dramatic improvements in
critical contemporary measures of performance such as cost, quality and speed.”

This has a few important key words, which need clear understanding:
Dramatic achievement means to achieve 80% or 90% reduction (in say,
delivery time, work in progress or rejection rate) and not just 5%, 10%
reduction. This is possible only by making major improvements and
breakthroughs, and not small incremental changes like in Total Quality
Management (TQM).
Radical redesign means BPR is reinventing and not enhancing or
improving. In a nutshell, a “clean slate approach” of BPR says that
“Whatever you were doing in the past is all wrong”, do not get biased
by it or reassemble, the new system is to be redesigned afresh.
Fundamental rethinking means asking the question “why do you do
what you do”, thereby eliminating business processes altogether if it
does not add any value to the customer. There is no point in
simplifying or automating a business process which does not add any
value to the customer.

 BPR Success factors

BPR implies not just change but dramatic change in the way a business
functions. Some of the key factors for BPR projects to succeed are:

(i) Organization wide commitment: Changes to business processes
would have a direct impact on processes, organisational
structures, work culture, and job competencies. This requires
strong leadership, support from the top management. Top
management not only has to recognise the need for change but
also has to convince every affected group.

Page | 13
 (ii) BPR team composition: A BPR team is formed which would be
responsible to take the BPR project forward and make key
decisions and recommendations. The BPR team would include
active representatives from top management, business process
owners, technical experts and users. It is important that the teams
must be kept of manageable size (say 10 members) to ensure well-
coordinated, effective and efficient completion of the entire BPR
process.

(iii) Business needs analysis: It is important to identify exactly what
current processes need reengineering. This would help determine
the strategy and goals for BPR. A series of sessions are held with
the process owners and stakeholders and all the ideas would be
evaluated to outline and conceptualize the desired business
process. The outcome of this analysis would be BPR project .

(iv) Adequate IT infrastructure: Adequate investment in IT

infrastructure is of vital importance for successful BPR
implementation.

(v) Effective change management: BPR involves changes in people behaviour and
culture, processes and technologies. Hence, resistance would be a natural
consequence which needs to be dealt with effectively. The success of BPR
depends on how effectively management conveys the need for change to
the people.

(vi) Ongoing continuous improvement: BPR is an ongoing process,

hence innovation and continuous improvement are key to the
successful implementation of BPR.

Page | 14
 3. Computer Networks & Network Security

Classifications of Networks:

1 Class I Function Based Classification

Data Network A communication network that transmits data.
Voice Network A communication network that transmits voice.
Multimedia A communication network that transmits data, voice, image,
Network video etc.
2 Class II Area Coverage Based Classification
LAN A Local Area Network (LAN) is a group of computers and
network devices connected together, usually within the same
building, campus or spanned over limited distance. It provides
high speed data transfer and is relatively inexpensive.
MAN A Metropolitan Area Network (MAN) is a larger network that
usually spans in the same city or town. Cable network is an
example of a MAN.
WAN A Wide Area Network (WAN) is not restricted to a geographical
location, although it might be confined within the bounds of a
state or country. The technology is high speed and relatively
expensive. The Internet is an example of a world-wide public
WAN.
3 Class III Forwarding-based Classification
Switched Network Switched Network is a type of network that provide switched
communication system and in which users are connected with
each other through the circuits, packets, sometimes message
switching and the control devices. Active network elements like
switch, router, gateways etc. participate in communication.
Public switch telephone network is an example of switched
networks.
Shared Network A Shared Network is also known as Hubbed Network which is
connected with a hub. When packets arrive in to the network, all
segments can see packets. LAN using hub is an example of
shared networks.
Hybrid Networks Network comprising the features of switched and shared
networks.

4 Class IV Ownership-based Classification

Public Network Network established for all users across the world is known as
public network. Internet is an example of public network.

Page | 15
 Private Network Private Network is used by particular organization, particular
campus or particular enterprise only. This is a network that is not
available to the outside world. Intranet is an example of it.
Virtual Private A Virtual Private Network (VPN) is a network that uses a public
Network (VPN) network, such as the Internet, to provide secure access to
organization's private network. A key feature of a VPN is its
Leased Network ability to work
Dedicated over both
or leased linesprivate networks
exist to support as well as public
network
networks like the Internet. Using a method called tunneling, a
communication.
VPN use the same hardware infrastructure as existing Internet or
Intranet links.
5 Class V Media-based Classification

Wired Network Network communication supported by physical (wired) medium.

Wireless Network Network communication supported by wireless medium.

Area coverage based classification is discussed below:

(i) Local Area Networks (LAN): A typical LAN connects as many as

hundred or so microcomputers that are located in a relatively small
area, such as a building or several adjacent buildings. Organizations
having their own LAN enable its multiple users to share software, data,
and devices. LANs use high-speed media (1 Mbps to 30 Mbps or more)
and are mostly privately owned and operated.
Following are the salient features of LAN:
· Multiple user computers connected together.
· Machines are spread over a small geographic region.
· Communication channels between the machines are usually privately owned.

(ii) Metropolitan Area Networks (MAN): A Metropolitan Area Network (MAN) is

somewhere between a LAN and a WAN. The terms MAN is sometimes used to
refer to networks which connect systems or local area networks within a
metropolitan area (roughly 40 km in length from one point to another). MANs
are based on fiber optic transmission technology and provide high speed (10
Mbps or so), interconnection between sites.

Page | 16
 A MAN can support both data and voice. Cable television networks are examples
of MANs that distribute television signals. A MAN just has one or two cables and
does not contain switching elements.

(iii) Wide Area Networks (WAN): A WAN covers a large geographic

area with various communication facilities such as long distance
telephone service, satellite transmission, and under-sea cables. Examples
of WANs are interstate banking networks and airline reservation systems.
Wide Area Networks typically operate at lower link speeds (about 1 Mbps).
Following are the salient features of WAN:
· Multiple user computers connected together.
· Machines are spread over a wide geographic region.
· Communications channels between the machines are usually
furnished by a third party (for example, the Telephone Company, a
public data network, a satellite carrier).
 Channels are of relatively low capacity (measuring throughput in kilobits per second,
Kbits/s).

Network Architecture

Network architecture refers to the layout of the network, consisting of the hardware,
software, connectivity, communication protocols and mode of transmission, such as
wired or wireless. Every computer network supports two basic network architectures:
Client-Server and Peer-to-Peer.

1. Client-Server: Client-Server network consists of servers and clients. Servers are

typically powerful computers running advanced network operating systems and
user workstations (clients) which access data or run applications located on the
servers.

Page | 17
 Advantages:

(i) A client server can be scaled up to many services that can also be
used by multiple users.
(ii) A client server enables the roles and responsibilities of a computing
system. This means that it can update all the computers connected to
it. An example of this would be software updates or hardware updates.
(iii) All the data is stored on the servers, which generally have far greater security
controls than most clients.

Disadvantages:
(i) When the server goes down or crashes, all the computers connected to it
become unavailable to use.
(ii) Simultaneous access to data and services by the user takes little more time for
server to process the task.

2. Peer-to-Peer: In Peer-to-Peer architecture, there are no dedicated servers. All

computers are equal, and therefore, are termed as peer. This arrangement is
suitable for environments with a limited number of users (usually ten or less).

Advantages:
(i) Peer to Peer Networks are easy and simple to set up and only require a
Hub or a Switch to connect all the computers together.
(ii) It is very simple and cost effective.
(iii) If one computer fails to work, all other computers connected to it continue to
work.

Page | 18
Disadvantages:
(i) There can be problem in accessing files if computers are not connected
properly.
(ii) It does not support connections with too many compute rs.
(ii) The data security is very poor in this architecture.

Components of a Network

There are five basic components in any network:

1. The sender (Source Host)
2. The communication interface devices
3. The communication channel (Medium)
4. The receiver (Destination Host)
5. Communication software

1. Source/Destination Host: A host is any computer on a network that is a

repository for services available to other computers on the network. A
host is simply an endpoint where users gain access to the networks.

2. Communication Interface Devices:

(i) Network Interface Card (NIC): Every computer in a network has a

special card called an Network Interface Card (NIC) which provides the
connector to attach the network cable to a server or a workstation. The
on-board circuitry then provides the protocols and commands required
to support this type of network card. An NIC has additional memory for
buffering incoming and outgoing data packets, thus improving the network
throughput. A slot may also be available for remote boot PROM,

Page | 19
 permitting the board to be mounted in a diskless workstation.

Characteristics of NICs include following:

 NIC constructs, transmits, receives, and processes data to and from a host to
network.
 Each NIC has 8 bytes permanent and unique MAC (Media Access
Control) address provided by manufacturer. This address is also
known as Physical Address.
 The NIC requires drivers to operate.

(ii) Switch and Router: These are hardware devices used to direct messages
across a network. Switches create temporary point to point links between
two nodes on a network and send all data along that link. Router is a kind of
connecting device which makes forwarding decisions of data packet on the
basis of network addresses.
The primary purpose of a router is to examine the source and destination IP
addresses of data packets it receives and to direct those packets out the
appropriate port and over the best path available at the time.

(iii) Hub: A hub is a multi port connecting device that is used to interconnect LAN
devices. Each node is connected to the hub by means of simple twisted pair wires. The
hub then provides a connection over a higher speed link to other LANs, the company’s
WAN, or the Internet. A hub can be used to extend the physical length of a network. Hubs
can be active or passive.

(iv) Bridges, Repeaters and Gateways: Workstations in one network often need
access to computer resources in another network or another part of a WAN.
For example, an office manager using a local area network might want to
access an information service that is offered by a WAN over the public phone
system. In order to accommodate this type of need, bridges and routers are often

Page | 20
necessary.
Bridges: The main task of a bridge computer is to receive and pass data
from one LAN to another. In order to transmit this data successfully, the
bridge magnifies the data transmission signal. This means that the bridge
can act as a repeater as well as a link.
Repeaters: These are devices that solve the snag of signal degradation
which results as data is transmitted along the various cables. The
repeater boosts or amplifies the signal before passing it through to the
next section of cable.
Gateways: Gateways are also similar to bridges in that they relay data
from network to network. They do not, as a rule, possess the management
facilities of routers but like routers they can translate data from one
protocol to another. Gateways are usually used to link LANs of different
topologies, e.g., Ethernet and Token Ring, so enabling the exchange of data.

(v) MODEM: MODEM stands for Modulator/Demodulator. In the simplest form, MODEM
is defined as an encoding as well as decoding device used in data transmission.

In other words, MODEM is a device that converts a digital computer signal into an
analog telephone signal (i.e. it modulates the signal) and converts an analog telephone signal
into a digital computer signal (i.e. it demodulates the signal) in a data communication system.

Modems are used for handling data flow from an input device to the CPU and vice versa
through the common carrier network. MODEMs are required to tele-communicate computer
data with ordinary telephone lines because computer data is in digital form but telephone lines
are analogue.

(vi) Protocol converters: Dissimilar devices cannot communicate with each other unless a
strict set of communication standards is followed. Such standards are commonly referred to
as protocols. A protocol is a set of rules required to initiate and maintain communication
between a sender and receiver device. Thus, a protocol converter is a device that
provides interoperability amongst networking devices by converting protocols of one device
to another.

Page | 21
(vii) Multiplexer (MUX): This device enables several devices to share one
communication line. The multiplexer scans each device to collect and transmit data on a
single line to the CPU. It also communicates transmission from the CPU to the
appropriate terminal linked to the Multiplexer. This process of continuously scanning by
multiplexer is called Polling. The devices are polled and periodically asked whether there is
any data to transmit.

3. Communication Channel (Medium)

Communication or Transmission media is divided into two groups:

(i) Guided Media: Guided Transmission Media uses a "cabling" system that guides the data
signals along a specific path. The types of guided media are described as follows:

Twisted-Pair Cables: These are most commonly used transmission media to transmit
electrical signals. Twisted-Pair cables contain pairs of insulated copper wires twisted
together. Twisting reduces the impact of interferences. There are two types of twisted-
pair cables called Unshielded Twisted-Pair (UTP) cable and Shielded Twisted-Pair
(STP) cable. Main difference between both cables is that, Shielded Twisted-Pair
(STP) cables are surrounded by an additional shielding, which makes STP cables more
secure, less prone to interferences but expensive.

Cost of these cable are comparably very low. Twisted-Pair cables can carry data at a
speed of 10 Mbps, 100 Mbps and 1000 Mbps and can transmit data up to 100 meters.

Co-axial cables: Also called as coax, these contain central copper wire as its core that is
surrounded by two layers of protective shielding. This shielding reduces
electromagnetic interference. Co-axial cables used in computer networks are of two

Page | 22
 type thick co-axial and thin co-axial cable. Coax can transmit data at a maximum
speed of 10 Mbps up to 500 meters.

Optical Fiber : An optical fiber (or fiber) as shown in Fig 3.4.3.3 is a glass or plastic fiber
that carries light along its length. Fibers are used instead of metal wires because
signals travel along them with less loss, and they are immune to electromagnetic
interference. Optical Fiber cables permits transmission over longer distances and at
higher data rates (called bandwidth), than other forms of communications.

(ii) Unguided Media: Unguided Transmission Media consists of a means for the data
signals to travel but nothing to guide them along a specific path. The data signals are not
bound to a cabling media and as such are often called Unbound Media. Some of the
common examples of unguided media are Radio wave, Microwave and Infrared wave.

These are described as follows:

· Radio Waves: Wireless networks do not require any physical media or
cables for data transmission. Radio waves are an invisible form
of electromagnetic radiation that varies in wavelength from around a
millimeter to 100,000 km, making it one of the widest ranges in the
electromagnetic spectrum. Radio waves are most commonly used
transmission media in the wireless Local Area Networks.
· Micro Waves: Microwaves are radio waves with wavelengths ranging
from as long as one meter to as short as one millimeter. These are
used for communication, radar systems, radio astronomy, navigation
and spectroscopy.
Page | 23
 · Infrared Waves: Infrared light is used in industrial, scientific,
and medical applications. Night-vision devices using infrared
illumination allow people or animals to be observed without the
observer being detected. Infrared tracking, also known as infrared
homing, refers to a passive missile guidance system which uses the
emission from a target of electromagnetic radiation in the infrared
part of the spectrum to track it.

4. Communications Software: Communications software manages the flow

of data across a network. It performs the following functions:
· Access control: Linking and disconnecting the different devices;
automatically dialing and answering telephones; restricting access to
authorized users; and establishing parameters such as speed, mode, and
direction of transmission.
· Network management: Polling devices to see whether they are ready to
send or receive data; queuing input and output; determining system
priorities; routing messages; and logging network activity, use, and errors.
· Data and file transmission: Controlling the transfer of data, files, and
messages among the various devices.
· Error detection and control: Ensuring that the data sent was indeed the data
received.
· Data security: Protecting data during transmission from unauthorized
access.

Communication Satellites: Communication satellites use the atmosphere as the

medium to transmit signals. A satellite is some solar-powered electronic device that
receives, amplifies, and retransmits signals; the satellite acts as a relay station between
satellite transmissions stations on the ground (earth stations).

Page | 24
They are used extensively for high-volume as well as long-distance communication of both
data and voice. It is cost-effective method for moving large quantities of data over long
distances. However, satellites are very expensive to develop and place in orbit and have
an age limit of 7-10 years. Signals weaken over long distances; weather conditions and
solar activity can also cause noise interference.

Client: A client is a single-user workstation that provides a presentation services and the
appropriate computing, connectivity and the database services relevant t the business
need. Client computers can be classified as Fat Client, Thin Client or Hybrid Client.

Fat / Thick Client: A fat client or thick client is a client that performs the bulk of
any data processing operations itself, and does not necessarily rely on the
server. In, thick clients do not rely on a central processing server, but the
server is accessed primarily for storage purposes.

Thin Client: Thin clients use the resources of the host computer. A thin client
generally only presents processed data provided by an application server,
which performs the bulk of any required data processing. A thin client machine is
going to communicate with a central processing server, meaning there is little
hardware and software installed on the user's machine.

Hybrid Client: A hybrid client is a mixture of the above two client models.
Similar to a fat client, it processes locally, but relies on the server for storing
persistent data. This approach offers features from both the fat client
(multimedia support, high performance) and the thin client (high manageability,
flexibility). Hybrid clients are well suited for video gaming.

Page | 25
 Multi-Tier Architecture

 Single Tier Systems/ One-Tier Architecture

A single computer that contains a database and a front-end (GUI) to access the
database is known as Single Tier System. Generally, this type of system is
used in small businesses.

One-tier architecture involves putting all of the required components for a

software application or technology on a single server or platform.

Advantages: A single-tier system requires only one stand-alone

computer. It also requires only one installation of proprietary
software which makes it the most cost-effective system available.
Disadvantages: It can be used by only one user at a time. A single tier
system is impractical for an organization which requires two or more users
to interact with the organizational data stores at the same time.

 Two Tier Systems/ Two Tier Architecture

A two-tier system consists of a client and a server. A two-tier architecture is a

software architecture in which a presentation layer or interface runs on a client, and a data
layer or data structure gets stored on a server. In other words, the database is stored on
the server, and the interface used to access the database is installed on the client.

The advantages of Two-Tier systems are as follows:

-The system performance is higher.
-Since processing is shared between the client and server, more users could
interact with system.

Page | 26
 -By having simple structure, it is easy to setup and maintain entire system
smoothly.

The disadvantages of Two-Tier systems are as follows:

-Performance deteriorates if number of users is greater than 100.
-There is restricted flexibility and choice of DBMS, since data language used
in server is proprietary to each vendor.

 n-Tier Architecture

n-Tier Architecture is a client–server architecture in which presentation, application

processing, and data management functions are logically separated. The most widespread
use of multi-tier architecture is the Three-tier architecture.

The three tiers in three-tier architecture are as follows:

i. Presentation Tier: Occupies the top level and displays
information related to services available on a website. This tier
communicates with other tiers by sending results to the browser
and other tiers in the network.
ii. Application Tier: Also called the middle tier, logic tier, business
logic or logic tier, this tier is pulled from the presentation tier. It
controls application functionality by performing detailed
processing.
iii. Data Tier: Houses database servers where information is stored and
retrieved. Data in this tier is kept independent of application servers or
business logic.

The following are the advantages of Three-Tier systems:

Clear separation of user-interface-control and data presentation
from application-logic: Through this separation more clients are able to have
access to a wide variety of server applications..

Page | 27
 Dynamic load balancing: If problems in terms of performance occur,
the server process can be moved to other servers at runtime.
Change management: It is easy and faster to exchange a component on
the server than to furnish numerous PCs with new program versions.

The disadvantages of Three-Tier systems are as below:

It creates an increased need for network traffic management, server
load balancing, and fault tolerance.
Current tools are relatively immature and are more complex.

Ownership Based Classification of Networks

a. Public Data Network: A public data network is defined as a network

shared and accessed by users not belonging to a single organization. It is a
network established and operated by a telecommunications administration, or
a recognized private operating agency, for the specific purpose of providing
data transmission services for the public. The Internet is an example of a Public
Data Network.
b. Private Data Network: Private data networks provide businesses, government
agencies and organizations of all sizes a dedicated network to continuously
receive and transmit data critical to both the daily operations and data for critical
needs of the organization.
c. Virtual Private Networks (VPN): A VPN is a private network that uses a
public network (usually the Internet) to connect remote sites or users
together. The VPN uses "virtual” connections routed through the Internet
from the business's private network to the remote site or employee. By
using a VPN, businesses ensure security -- anyone intercepting the encrypted
data can't read it.

Page | 28
 Network Computing

Centralized Computing: Centralized computing is computing done at a central

location, using terminals that are attached to a central computer. The computer itself
controls all the peripherals/clients connected to it.

This type of arrangement does have some disadvantages. The central computer
performs the computing functions and controls the remote terminals. This type of system
relies totally on the central computer. Should the central computer crash, the entire system
will "go down" (i.e. will be unavailable).

Decentralized Computing: Decentralized computing is the allocation of

resources, both hardware and software, to each individual workstation, or office location.
centralized computing exists when the majority of functions are carried out, or obtained
from a remote centralized location.

Network Topologies

Four basic topologies used in wide area and local area telecommunications
networks are the:
1. Star network (Refer Notes)
2. Ring network
3. Bus network
4. Mesh Network

 Bus Network: In a bus network, a single length of wire, cable, or optical

fiber connects a number of computers. The features of a bus network are as
follows:
-All communications travel along this cable, which is called a bus.

-Bus networks have a decentralized approach.

Page | 29
 Advantages of bus network include:

1. If one of the microcomputers fails, it will not affect the entire network.
2. Requires the least amount of cable to connect the computers together and
therefore is less expensive than other cabling arrangements.
3. Is easy to extend. Two cables can be easily joined with a
connector, making a longer cable for more computers to join the
network.

Disadvantages of bus network include:

1. Heavy network traffic can slow a bus considerably since any computer can
transmit at any time.
2. Each connection between two cables weakens the electrical signal.

 Ring Network:

A ring network is much like a bus network, except the length of wire, cable, or
optical fiber connects to form a loop. A ring network has a decentralized approach.When
one computer needs data from another computer, the data is passed along the ring.

Advantages of ring network include:

1. Ring networks do not require a central computer to control activity nor does
it need a file server.
2. Each computer connected to the network can communicate directly with
the other computers in the network by using the common communication
channel, and each computer does its own independent applications
processing.
3. Ring networks are easily extendable.
4. Ring networks offer high performance for a small number of workstations

Page | 30
 Disadvantages of ring network are:

1. Relatively expensive and difficult to install.

2. Failure of one computer on the network can affect the whole network.
3. Adding or removing computers can disrupt the network.

 Mesh Network:

In this structure, there is random connection of nodes using communication

links. The reliability is very high as there are always alternate paths available if direct link
between two nodes is down or dysfunctional. Only military installations, which need
high degree of redundancy, may have such networks, that too with a small number of
nodes.

Advantages of mesh network are as under:

1. Yields the greatest amount of redundancy in the event that if one of the
nodes fails, the network traffic can be redirected to another node.
2. Network problems are easier to diagnose.
Disadvantage of mesh network is its high cost of installation and maintenance
(more cable is required than any other configuration).

Network Architectures and Protocols

Network architecture refers to the layout of the network, consisting of the hardware,
software, connectivity, communication protocols and mode of transmission, such as
wired or wireless.

Protocols: A protocol is the formal set of rules for communicating, including rules for timing
of message exchanges, the type of electrical connection used by the communications

Page | 31
devices, error detection techniques, means of gaining access to communications channels,
and so on. The goal of communications network architectures is to create more
standardization and compatibility among communications protocols.

 The OSI Model

The International Standards Organization (ISO) is working on the establishment of a

standard protocol for data transmission. They have developed a seven-layer Open
Systems Interconnection (OSI), which will include:

Layer 7 or Application Layer: The application layer of OSI layer architecture is

closest to the end user, which means that both the OSI application layer and the user
interact directly with the software application. This layer interacts with software
applications and provides user services by file transfer, file sharing, etc.

Layer 6 or Presentation Layer: This layer at times referred as Syntax Layer also, is
usually a part of an operating system, that converts incoming and outgoing data from one
presentation format to another (for example, from a text stream into a popup window with
the newly arrived text). Encryption, data compression can also be undertaken at this layer
level.

Layer 5 or Session Layer: The session layer manages a session by initiating

the opening and closing of sessions between end-user application processes. The
session layer supports full-duplex and half-duplex operations. For example,
sessions are implemented in live television programs in which the audio and video
streams emerging from two different sources are merged together.

Layer 4 or Transport Layer: Transport layer ensures the reliable arrival of

messages and provides error checking mechanisms. Multiplexing and
encryption are undertaken at this layer level. This means that the Transport Layer
can keep track of the segments and retransmit those that fail.

Page | 32
 Layer 3 or Network Layer: The Network Layer provides the functional and
procedural means of transferring variable length data sequences from a source to a
destination via one or more networks, while maintaining the quality of service
requested by the Transport Layer. The Network Layer makes a choice of the
physical route of transmission.

Layer 2 or Data Link Layer: The Data-Link layer ensures that an initial
connection has been set up, divides output data into data frames, and handles
the acknowledgements from a receiver that the data arrived successfully. The Data
Link Layer responds to service requests from the Network Layer and issues service requests
to the Physical Layer. Data Link Layer detects and possibly correct errors that may occur in
the Physical Layer.

Layer 1 or Physical Layer: This includes the layout of pins, voltages, cable
specifications, Hubs, repeaters, network adapters etc. It is the hardware layer which specifies
mechanical features as well as electromagnetic features of the connection between the
devices and the transmission.

The major functions and services performed by the Physical Layer are:

--Participation in the process whereby the communication resources are

effectively shared among multiple users. For example, contention resolution and flow
control.

--Establishment and termination of a connection to a communications medium.

Internet’s TCP/IP

Transmission Control Protocol/Internet Protocol and is known as TCP/IP. TCP/IP is used by

the Internet and by all Intranets and extranets.

Many companies and other organizations are also converting their client/server networks to
TCP/IP

Page | 33
Five levels of TCP/IP include:

1. Application or process layer

2. Host-to-Host Transport layer
3. Internet Protocol (IP)
4. Network Interface
5. Physical layer

Network Risks, Controls and Security

Threats and Vulnerabilities

Threat: A threat is anything that can disrupt the operation, functioning, integrity, or
availability of a network or system. Network security threats can be categorized into four
broad themes:

Unstructured Threats - These originate mostly from inexperienced individuals using

easily available hacking tools from the Internet. Many tools available to anyone on the
Internet can be used to discover weaknesses in a company's network. Most of these
kinds of probes are done more out of curiosity than with a malicious intent in mind.

For example, if a company’s external web site is hacked; the company’s integrity is
damaged. Even if the external web site is separate from the internal information that sits
behind a protective firewall, the public does not know that. All they know is that if the
company’s web site is hacked, then it is an unsafe place to conduct business.

Structured Threats- These originate from individuals who are highly motivated and
technically competent. They can understand as well as create hacking scripts to penetrate
those network systems. Usually, these hackers are hired by industry competitors, or
state-sponsored intelligence organizations.

Page | 34
External Threats - These originate from individuals or organizations working outside an
organization, which does not have authorized access to organization’s computer systems or
network. They usually get access into a network from the Internet or dialup access servers.

Internal Threats - These threats originate from individuals who have authorized access to
the network. These users either have an account on a server or physical access to the
network. An internal threat may come from a discontented former or current employee. It
has been seen that majority of security incidents originate from internal threats.

Vulnerability: Vulnerability is an inherent weakness in the design, configuration,

or implementation of a network or system that renders it susceptible to a threat.

The following facts are responsible for occurrence of vulnerabilities in the software:

Software Bugs: Some bugs might not have serious effects on the
functionality of the program and may remain undetected for a long time. A
program might crash when serious bugs are left unidentified. Another
category of bugs called security bugs may allow a malicious user bypass
access controls and obtain unauthorized privileges.

Timing Windows - This problem may occur when a temporary file is exploited by
an intruder to gain access to the file, overwrite important data, and use the file as a
gateway for advancing further into the system.

Insecure default configurations - Insecure default configurations occur when

vendors use known default passwords to make it as easy as possible for consumers to
set up new systems. Unfortunately, most intruders know these passwords and can
access systems effortlessly.

Trusting Untrustworthy information - This is usually a problem that affects routers,

or those computers that connect one network to another. When routers are not
programmed to verify that they are receiving information from a unique host,
bogus routers can gain access to systems and do damage.

Page | 35
 End users - Generally, users of computer systems are not professionals and are
not always security conscious. For example, when the number of passwords of
an user increases, user may start writing them down, in the worst case to places
from where they are easy to find. In addition to this kind of negligence towards
security procedures users do human errors.

Level of Network Security

Security programs involve the following eight steps –

(i) Preparing project plan for enforcing security: The project plan components
includes the objectives of the review, scope of the review and tasks to be
accomplished, assigning tasks to the project team after organizing it, preparing
resources budget.
(ii) Asset identification: Assets which need to be safeguarded can be identified
and subdivided into Personnel, Hardware, Facilities, Data, Software.
(iii) Asset valuation: This step of valuation of assets can pose a difficulty. The
process of valuation can differ depending on who is asked to render the
valuation, the way in which the asset can be lost and the period for which it is
lost and how old is the asset.
(iv) Threat identification: The source of a threat can be external or internal and the
nature of a threat can be accidental / non-deliberate or deliberate.
(v) Threats probability of occurrence assessment: This step is an assessment of
the probability of occurrence of threats over a given time period.
(vi) Exposure analysis: This step is the Exposures Analysis by first identifying the
controls in the place, secondly assessing the reliability of the existing controls,
thirdly evaluating the probability that a threat can be successful and lastly
assessing the resulting loss if the threat is successful.
(vii) Controls adjustment: The involves the adjustment of controls which means
whether over some time period any control can be designed, implemented and

Page | 36
 operated such that the cost of control is lower than the reduction in the
expected losses.
(viii) Report generation outlining the levels of security to be provided for
individual systems, end user, etc.: This is the last step that involves report
generation documenting, the findings of the review.

Network Security Protocols

Network Security Protocols are primarily designed to prevent any unauthorized

user, application, service or device from accessing network data.

Cryptography: The art of protecting information by transforming it (encrypting it)

into an unreadable format, called cipher text. Only those who possess a
secret key can decipher (or decrypt) the message into plain text. Encrypted
messages can sometimes be broken by cryptanalysis, also called code-breaking,
although modern cryptography techniques are virtually unbreakable.

Encryption: In Cryptography, encryption is the process of encoding

messages (or information) in such a way that hackers cannot read it, but only
authorized parties can.
There are two basic approaches to encryption:
(i) Hardware encryption devices are available at a reasonable cost, and
can support high-speed traffic. If the Internet is being used to exchange
information among branch offices or development collaborators, for
instance, use of such devices can ensure that all traffic between these
offices is secure.
(ii) Software encryption is typically employed in relation with specific
applications. Certain electronic mail packages, for example, provide
encryption and decryption for message security.

Page | 37
Some of the popular network security protocols include:

SSH - Secure Shell is a program to log into another computer over a network, to
execute commands in a remote machine, and to move files from one
machine to another. An attacker cannot hijack the connection when
encryption is enabled. During ssh login, the entire login session,
including transmission of password, is encrypted; therefore it is almost
impossible for an outsider to collect passwords.

SFTP – The SSH File Transfer Protocol (also known as Secure FTP and SFTP) is a
computing network protocol for accessing and managing files on remote file
systems. Unlike standard File Transfer Protocol (FTP), SFTP encrypts commands
and data both, preventing passwords and sensitive information from being
transmitted in the clear over a network.

HTTPS – Hypertext Transfer Protocol Secure (HTTPS) is a

communications protocol for secure communication over a
computer network, with especially wide deployment on the
Internet. The security of HTTPS uses short term session key to encrypt the
data flow between client and server.

For instance, you might log into your bank account on the Web. You
will have to enter in a user name and password, and then after that
you'll see your account info. Pay attention the next time you do this,
and check the address bar at the top of your browser. It should
indicate that you are now in a secure session with the addition of
"https" at the front of the URL.

Page | 38
 Network Security Techniques

1) Firewall: A firewall is a system designed to prevent unauthorized access to or from a

private network. All messages entering or leaving the intranet pass through the firewall,
which examines each message and blocks those that do not meet the
specified security criteria. Firewalls can be either hardware or software. Software
firewalls are installed on your computer (like any software). Hardware firewalls can be
purchased as a stand-alone product but are also typically found in broadband routers.

Message authentication makes sure that a message is really from whom it original sender
and that it has not been tampered with. Regardless of a company’s individual needs,
clearly defined Internet security policies and procedures should always be part of any
corporate Internet security strategy.

Site Blocking is a software-based approach that prohibits access to certain Web sites
that are deemed inappropriate by management. For Example, certain orgnisations blocks
certain social networking sites like Facebook, Twitter etc. companies can also log activities
and determine the amount of time spent on the Internet and identify the sites visited.

IDS Technologies: An Intrusion Detection System (IDS) is a device or software

application that monitors network or system activities for malicious activities. Primary
IDS technologies are defined as follows:

 Network Intrusion Detection (NID): Network Intrusion Detection System is placed

on a network to analyze traffic in search of unwanted or malicious events on the
wire between hosts. Typically referred to as "packet-sniffers", network intrusion
detection devices intercept packets traveling along various communication mediums
 Host-based Intrusion Detection (HID): Host-based Intrusion Detection systems are
designed to monitor, detect, and respond to user and system activity and
attacks on a given host. The difference between host-based and network-based
intrusion detection is that NID deals with data transmitted from host to host while
HID is concerned with what occurs on the hosts themselves.
Page | 39
  Hybrid Intrusion Detection: Hybrid Intrusion Detection systems offer management
of and alert notification from both network and host-based intrusion detection
devices. Hybrid solutions provide the logical complement to NID and HID - central
intrusion detection management.
 Network-Node Intrusion Detection (NNID): Network-Node Intrusion Detection was
developed to work around the inherent flaws in traditional NID. However, this
“micro agent” is only concerned with packets targeted at the network node
on which it resides.
The fact that the NNIDS system is no longer expected to examine every
single packet on the wire, however, means that it can be much faster.
Network node's major disadvantage is that it only evaluates packets addressed to
the host on which it resides.

Network Administration and Management

In computer networks, network management refers to the activities, methods,

procedures, and tools that pertain to the operation, administration, maintenance,
and provisioning of networked systems.

 Operation deals with keeping the network (and the services that the network
provides) up and running smoothly.
 Administration deals with keeping track of resources in the network and how
they are assigned.
 Maintenance is concerned with performing repairs and upgrades—for example,
when equipment must be replaced.
 Provisioning is concerned with configuring resources in the network to support a
given service. For example, this might include setting up the network so that a new
customer can receive voice service.

Page | 40
 Networks and the Internet

Internet Applications
Internet can be used as a very effective media for various applications such as:
 Electronic commerce transactions between businesses and their suppliers
and customers
 The Internet provides electronic discussion forums formed and managed by
thousands of special-interest newsgroups.
 The Internet allows holding real-time conversations with other Internet users.
 The Internet allows gathering information through online services using
web browsers and search engines.

Business Use of the Internet

Business uses of the Internet include:

 Buying and selling products and services

 Generating revenue through electronic commerce applications.
 Developing new information-based products accessible on the Web.
 Attracting new customers with innovative marketing and products.
 Enterprise communications and collaboration

Intranet

An intranet is a network inside an organization that uses Internet technologies such as

web browsers and servers. An Intranet is protected by security measures such as
passwords, encryption, and firewalls, and thus can be accessed by authorized users through
the Internet.

Page | 41
The Business Value of Intranets: Intranet applications support communications and
collaboration, business operations and management. These applications can be
integrated with existing IS resources and Applications, and extended to customers,
suppliers, and business partners.

Communications and Collaboration: Intranets can significantly improve communications and

collaboration within an enterprise. Examples include:

 Using an Intranet browser and workstation to send and receive e-mail, voicemail.
 Using Intranet groupware features to improve team and project collaboration
with services such as discussion groups, chat rooms, and audio and
videoconferencing.

Business Operations and Management: Intranets are being used as the platform for
developing and deploying critical business operations like:

 Company newsletters, technical drawings, and product catalogs can be

published in a variety of ways and also can include web broadcasting.
 Intranet software browsers, servers, and search engines can help to easily
navigate and locate the business information.

Extranets:

An extranet is a private network that uses Internet technology and the public
telecommunication system to securely share part of a business's information or
operations with suppliers, vendors, partners, customers, or other businesses. An
extranet can be viewed as part of a company's intranet that is extended to users outside
the company.

Page | 42
The business value of extranets is derived from several factors:

 The extranets makes customer and supplier access of intranet resources a lot
easier and faster than previous business methods.
 Extranets enable and improve collaboration by a business with its customers and
other business partners.
 Extranets enable a company to offer new kinds of interactive Web-
enabled services to their business partners. Thus, extranets are another
way that a business can build and strengthen strategic relationships with
its customers and suppliers.
 Extranets facilitate an online, interactive product development, marketing, and
customer-focused process that can bring better designed products to market faster.

Five Rules of the Extranet

Be as flexible as the business: An extranet must be driven by the demands of the

market, not the limitations of technology. It must be extremely flexible and allow
companies to immediately deploy extranet services that best fit the business need.

Deploy in "Internet time": To deploy an extranet, companies shouldn't have to roll out a
new infrastructure. Enterprises must be able to deploy their extranet quickly, and
leverage their existing infrastructure to do so.

Protect the interests of the data owner: Extranet services need to be deployed in a fast
and flexible way, but with the complete assurance that only the correct users can access
the right services.

Serve the partner as a customer: An extranet presents a very important and delicate
balance: providing customer service to key partners (who might also be customers).
Partners should never be required to change their security policies, networks,
applications, and firewalls for the "good" of the extranet community.

Drive information to the decision-maker: An extranet must provide a central means to

Page | 43
measure progress, performance, and popularity. Business units deploying applications
need to understand which extranet content and applications are most successful.

Electronic Commerce

Benefits of e-Commerce

 Reduction in costs to buyers from increased competition in procurement as

more suppliers are able to compete in an electronically open marketplace.
 Reduction in time to complete business transactions, particularly from delivery
to payment.
 Creation of new markets through the ability to easily and cheaply reach
potential customers.
 Better quality of goods as specifications are standardized and competition is
increased
 Reduction in inventories and reduction of risk of obsolete inventories as the
demand for goods and services is electronically linked through just-in-time
inventory

Risks involved in e-Commerce

Problem of anonymity: There is need to identify and authenticate users in the virtual
global market where anyone can sell to or buy from anyone, anything from anywhere.

Data Loss or theft or duplication: The data transmitted over the Internet may be lost,
duplicated, tampered with or replayed.

Lack of audit trails: Audit trails in e-Commerce system may be lacking and the logs may be
incomplete, too voluminous or easily tampered with.

Page | 44
Problem of piracy: Intellectual property may not be adequately protected when such
property is transacted through e-Commerce.

Attack from hackers: Web servers used for e-Commerce may be vulnerable to hackers.

Repudiation of contract: There is possibility that the electronic transaction in the form of
contract, sale order or purchase by the trading partner or customer may be denied.

Types of e-Commerce

A. Business-to-Business (B2B) e-Commerce

B2B refers to the exchange of services, information and/or products from one
business to another.
B2B electronic commerce typically takes the form of automated processes between
trading partners and is performed in much higher volumes than Business-to-Consumer
(B2C) applications.

B. Business-to-Consumer (B2C) e-Commerce

It is defined as the exchange of services, information and/or products from a business to

a consumer. Typically, a B2C e-Commerce business has a virtual store front for
consumers to purchase goods and services eliminating the need to physically view or
pick up the merchandise.

The Business-to-Consumer (B2C) model can save time and money by doing business
electronically but customers must be provided with safe and secure as well as easy-to-
use and convenient options when it comes to paying for merchandise.

Advantages of B2C E-Commerce include:

(i) Shopping can be faster and more convenient.
(ii) Offerings and prices can change instantaneously.

Page | 45
 (iii) Call centers can be integrated with the website.
(iv) Broadband telecommunications will enhance the buying experience.

C. Consumer-to-Business (C2B) e-Commerce

In C2B e-Commerce model, consumers directly contact with business vendors by posting
their project work online so that the needy companies review it and contact the
consumer directly with bid. The consumer reviews all the bids and selects the company
for further processing. Some examples are guru.com, freelancer.com.
D. Consumer-to-Consumer (C2C) e-Commerce
C2C e-Commerce is an Internet-facilitated form of commerce that has existed for the
span of history in the form of barter, flea markets, swap meets, yard sales and the like.
C2C e-Commerce sites provide a virtual environment in which consumers can sell to one
another through a third-party intermediary.
E. Business-to-Government (B2G) e-Commerce

B2G e-Commerce, also known as e-Government, refers to the use of information and
communication technologies to build and strengthen relationships between
government and employees, citizens, businesses, non-profit organizations, and other
government agencies.
F. Business-to-Employee (B2E) e-Commerce
B2E e-Commerce, from an intra-organizational perspective, has provided the means for a
business to offer online products and services to its employees.

Key aspects to be considered in implementing e-Commerce

 Performing cost benefit analysis and risk assessment to ensure value delivery
 Implementing the right level of security
 Providing adequate user training

Page | 46
  Implementing appropriate policies, standards and guidelines
 Performing post implementation review

Mobile Commerce

Mobile Commerce or m-Commerce, is about the explosion of applications and services

that are becoming accessible from Internet-enabled mobile devices. M-commerce (mobile
commerce) is the buying and selling of goods and services through wireless handheld
devices such as cellular telephones. Known as next-generation e-commerce, m-commerce
enables users to access the Internet without needing to find a place to plug in.

The industries affected by m-commerce include:

 Financial services, which includes mobile banking (when customers use their
handheld devices to access their accounts and pay their bills).
 Telecommunications, in which service changes, bill payment and account reviews
can all be conducted from the same handheld device.
 Service/retail, as consumers are given the ability to place and pay for orders on-the-
fly.
 Information services, which include the delivery of financial news, sports figures
and traffic updates to a single mobile device.

Electronic Fund Transfer

Electronic Funds Transfer (EFT) represents the way the business can receive direct deposit
of all payments from the financial institution to the company bank account.

These are some examples of EFT systems in operation:

Page | 47
Automated Teller Machines (ATMs): Consumers can do their banking
without the assistance of a teller, or to make deposits, pay bills, or
transfer funds from one account to another electronically. These machines
are used with a debit or EFT card and a code, which is often called a
personal identification number or “PIN.”

Point-of-Sale (PoS) Transactions: Some debit or EFT cards (sometimes

referred to as check cards) can be used when shopping to allow the
transfer of funds from the consumer’s account to the merchant’s. To pay
for a purchase, the consumer presents an EFT card instead of a check or
cash. Money is taken out of the consumer’s account and put into the
merchant’s account electronically.

Preauthorized Transfers: This is a method of automatically depositing to or

withdrawing funds from an individual’s account, when the account holder
authorizes the bank or a third party (such as an employer) to do so. For
example, consumers can authorize direct electronic deposit of wages,
social security, or dividend payments to their accounts. Or they can
authorize financial institutions to make regular, ongoing payments of
insurance, mortgage, utility, or other bills.

Telephone Transfers: Consumers can transfer funds from one account

to another through telephone instructions rather than traditional written
authorization or instrument. The accounts being debited can be checking
or savings, for example—or can order payment of specific bills by phone.

Page | 48
 4. Business Information Systems

Information System: Information System (IS) is a combination of people, hardware,

software, communication devices, network and data resources. The main aim and
purpose of each information system (definition of information system) is to convert the
data into information which is useful and meaningful.

Components of Information System

(i) People, hardware, software, and data are four basic resources of information
systems;

(ii) Human resources consist of end users and IT specialists; hardware involves
machines and media; software resources consist of programs and procedures;
and data resources includes data, model;

(iii) A process is used to convert data into information for end users;

(iv) Information processes consist of input, processing, output,

storage, and control processes.

Who uses Information Systems?

Strategic Level: These are senior managers or Top-level managers that hold the titles such
as Chief Executive Officers, Chief Financial Officers, Chief Operational Officers etc, who
take decisions that will affect the whole organization. Top Managers do not direct the day-
to-day activities of the firm; rather they set goals for the organization and direct the
company to achieve them.

Page | 49
Management Level: These are Middle Managers that are in the levels below top
managers and hold the job titles like General Manager, Regional manager etc. Middle-
level Managers are responsible for carrying out the goals set by Top Management. Because
Middle Managers are more involved in the day-to-day workings of a company, they may
provide valuable information to Top Managers to help improve the performance of an
organization.

Knowledge Level: These include knowledge and data workers who are selected,
recruited and trained in a special manner than the non-knowledge workers. The
knowledge resides in the heads of knowledge workers and these are the most precious
resource an organization possesses.

Operational Level: These include Operational Managers or supervisors that are

responsible for the daily management of the line workers who actually produce the
product or offer the service. These are the mangers that most employees interact with
on a daily basis, and if the managers perform poorly, employees may also perform poorly,
may lack motivation, or may leave the company.

Types of Information Systems

Strategic Level Systems: For strategic managers to track and deal with strategic issues,
assisting long-range planning. A principle area is tracking changes in the external
conditions (market sector, employment levels, share prices, etc.) and matching these with
the internal conditions of the organization.

Management-Level Systems: Used for the monitoring, controlling, decision-making, and

administrative activities of middles management. Some of these systems deal with
predictions or “what if…” type questions. e.g. “What would happen to our profits if the
completion of the new production plant was delayed by 6 months?” Tracking current
progress in accord with plans is another major function of systems at this level.

Page | 50
Knowledge-Level Systems: These systems support discovery, processing and storage of
knowledge and data workers. These further control the flow of paper work and enable
group working.

Operational-Level Systems: Support operational managers tracking elementary

activities. These can include tracking customer orders, invoice tracking, etc. Operational-
level systems ensure that business procedures are followed.

Transaction Processing System (TPS)

A transaction processing system (TPS) is an information system that captures and

processes data generated during an organization’s day-to-day transactions. A
transaction is a business activity such as a deposit, payment, order or reservation.

Most of the Transaction Processing Systems include one or additional of the following
attributes:

Access Control - TPS: Most Transaction Processing Systems come with access control to put
a ceiling on users to only those allowed to accomplish so. Access Control ensures that
people who are not authorized to use the system are not permissible to influence or
modify the transaction process.

Equivalence - TPS: Transactions are processed in the similar format every time to
ensure that full effectiveness is achieved. The TPS Interfaces are designed to get hold of
identical data for each transaction, despite the source.

High Volume Rapid Processing - TPS: In most of the transaction processing, the
foremost issue is momentum. The instant processing of transactions is noteworthy
to the success of certain industry such as banking. TPS is designed to process
transactions in an immediate to make confident that the transaction data is available to
other users or processes that entail it.

Page | 51
Trustworthiness - TPS: A TPS system is designed to be robust and trustworthy. The
system is capable to process transactions very rapidly yet at the same time conduct
several checks to make certain that the data integrity is preserved.

Transactions Processing Qualifiers: In order to qualify as a TPS, transactions

made by the system must pass the ACID Test. The ACID Test refers to the following four
prerequisites as discussed below:

Atomicity: This means that a transaction is either completed in full or not at all. TPS
systems ensure that transactions take place in their entirety. For example, if
funds are transferred from one account to another, this only counts as a bone fide
transaction if both the withdrawal and deposit take place. If one account is debited
and the other is not credited, it does not qualify as a transaction.

Consistency: TPS systems exist within a set of operating rules (or integrity
constraints). If an integrity constraint states that all transactions in a database
must have a positive value, any transaction with a negative value would be
refused.

Isolation: Transactions must appear to take place in seclusion. For example, when a
fund transfer is made between two accounts the debiting of one and the crediting
of another must appear to take place simultaneously. The funds cannot be credited
to an account before they are debited from another.

Durability: Once transactions are completed they cannot be undone. To ensure that
this is the case even if the TPS suffers failure, a log will be created to document all
completed transactions.

Page | 52
 Office Automation Systems (OAS)

The expression Office Automation refers to the use of computer and software
to digitally generate, collect, store, manipulate, and relay office information
needed for accomplishing basic tasks and goals.
The Office Automation Systems (OAS) is amalgamation of hardware, software, and other
resources used to smooth the progress of communications and improve efficiency in an
organization.

An Office Automation Model consists of:

(a) Information and communication

(b) Computer and non-computer applications

(c) "Other problem solvers"
- Internal
- Environmental

Knowledge Management System (KMS)

Knowledge Management Systems (KMS) refer to any kind of IT system that stores and
retrieves knowledge, locates knowledge sources, and uses knowledge in some or other
way to enhance the KM process.

There are two broad types of knowledge—Explicit and Tacit

Explicit knowledge is that which can be created and stored easily and as a consequence is
easily available across the organization. Explicit knowledge is easy to communicate, store,
and distribute and is the knowledge found in books, on the web, and other visual and
oral means. The most common forms of explicit knowledge are manuals, documents,
procedures, and how-to videos. Knowledge also can be audio-visual.

Page | 53
Tacit knowledge, on the other hand, resides in a few or in just one person and hasn’t
been captured by the organization or made available to others. It is the hidden vast
storehouse of knowledge held by practically every normal human being, based on his or
her emotions, experiences, insights, intuition, observations and
internalized information. It is this tacit knowledge that differentiates between
organizations in tough times, and hence provides the strategic edge to any organization.

Importance of Knowledge Management

Knowledge is a sum total of “What everybody knows” about the community world. It is
a gathering of values, wisdom, education, experience, morals. The difference between the
normal and the abnormal handling of any task, process or interaction-between employees,
with the customers or with any other stake holder of the firm, has always been made
possible with the use of knowledge.

Few factors that describe the importance of Knowledge Management are:

Altering Business surroundings: Previously the business environment used to be stable

one, so the people of any organization naturally became knowledgeable over time. They
absorbed and hang out knowledge about company’s product & service, its market,
customers, competitors and suppliers. But now rapid change means speedy knowledge
obsolescence, so need is there to manage it before it disappears without leaving a trace.

Globalization: It’s putting pressure on firms for innovation as markets are at the
present fast changing and competition is stiff. The meaning of goods and services has
changed. Now companies have started selling knowledge in addition. For a research lab or
software firm, not managing knowledge is similar to Wal-Mart not managing inventory.

Page | 54
 Difference between Information and Knowledge

1. Information is “what is” at the same time as knowledge is “what works.”

2. Information is “know what” despite the fact that knowledge is “know-how.”
3. Information that helps achieve an action well again is knowledge. To a doctor, most
of the contents of a daily newspaper is basically information – interesting but not
helpful. Whereas, a piece of writing from a medical periodical that improves her
capability to make a treatment or become aware of a recently exposed disease is
knowledge.

Management Information System (MIS)

We all know that information is a vital factor for our existence. Just as our body needs air,
water and clothes, we are as much dependent upon information.

The term ‘Management Information System’ (MIS) refers to the data, equipment and
computer programs that are used to develop information for managerial use.

As the internet has developed, all of the foremost MIS solutions have now been written
to be accesses via web browsers.

Page | 55
Developing MIS – Dos And Don’ts:

1 Layman Have simpler and Don’t be ambitious

manageable system

2 Bridging Develop common Don’t be unrealistic in

understanding between developing
consultant and the action plan
organization
3 Contribution Involve programmer in Don’t Delay decisions on
in Totality needs assessment hiring application
developers
4 Tailor-made Customize software Depend heavily on the
Consultant
5 Interpretation Have simple software for Don’t Invest heavily in in-
users to handle house application
development

Some Examples of MIS

o Airline reservations (seat, booking, payment, schedules, boarding list,

special needs, etc.)
o Bank operations (deposit, transfer, withdrawal) electronically with a
distinguish payment gateways
o Logistics management application to streamline the
transportation system
o Train reservation with the help of IRCTC

Page | 56
 Decision Support Systems (DSS)

Decision Support Systems (DSS) are a specific class of computerized information

system that supports business and organizational decision-making activities.

DSS can be extremely beneficial to any organization’s overall performance. However, DSS
can also be the cause of great confusion, misperception and even inaccurate analysis –
these systems are not designed to eliminate “bad” decisions.

DSS has four basic components:

(a) The user: The user is usually a manager with a problem to solve and may be at
management - level of an organization.
(b) One or more databases: Databases contain both routine and non-routine data from
both internal and external sources.
(c) Planning languages: Planning languages can either be general-purpose or
special-purpose allowing users to perform routine tasks and specific tasks
respectively.
(d) Model Base: Model base is the brain of the DSS as it performs data manipulations
and computations with the data provided to it by the user and the database. The
planning language in DSS allows the user to maintain a dialogue with the model
base.

Advantages/Need of DSS:

 Create data models and “what if” scenarios

 Time Savings
 Improve Employee Efficiency
 Competitive Advantage
 Increase Organisational Control

Page | 57
 Executive Information Systems (EIS)

Early executive information systems were developed as computer-based programs on

mainframe computers to provide a company’s description, sales performance and/or
market research data for senior executives. However, senior executives were not all
computer literate or confident. Moreover, EIS data was only supporting executive-
level decisions but not necessarily supporting the entire company or enterprise.

Current EIS data is available company- or enterprise-wide, facilitated by personal

computers and workstations on local area networks (LANs). Employees can access
company data to help decision-making in their individual workplaces, departments,
divisions, etc.. This allows employees to provide pertinent information and ideas both
above and below their company level.

The typical information mix presented to the executive may include financial information,
work in process, inventory figures, sales figures, market trends, industry statistics, and
market price of the firm's shares. It may even suggest what needs to be done, but differs
from a Decision Support System (DSS) in that it is targeted at executives and not managers.

Alternative names of EIS are Enterprise Information Systems or Executive Support Systems
(ESS).

Components of an EIS

Hardware: Includes Input data-entry devices, CPU, Data Storage files and Output
Devices.

Software: Includes Text base software, Database, and Graphic types such as time series
charts, scatter diagrams, maps.

Page | 58
User Interface: Several types of interfaces can be available to the EIS structure, such as
scheduled reports, questions/answers, menu driven etc

Telecommunication: Involves transmitting data from one place to another in a reliable

networked system.

Specialized Systems
Enterprise Resource Planning (ERP)

Enterprise Resource Planning (ERP) systems integrate internal and external management
information across an entire organization—taking on finance/accounting, manufacturing,
sales etc. ERP systems automate this activity with an integrated software application.

ERP Stages:-

Stage -1 Inventory Control: It is the supervision of supply, storage of items in order to

make certain a sufficient supply without excessive oversupply.

Stage – 2 ABC Analysis: ABC analysis is that technique of material control in which we
divide our material into three categories and investment is done according to the value
and nature of that category’s materials.

Stage – 3 Economic order Quantity (EoQ): EoQ is used as part of inventory system in
which the level of inventory is scrutinized at all times and is ordered each time the
inventory level reaches a particular reorder point.

Stage – 4 Just-In-Time (JIT): JIT is a philosophy of continuous improvement in which non-

value-adding activities (or wastes) are identified and removed.

Stage – 5 Material Requirement Planning (MRP – I): Material requirements planning

(MRP) is a production planning to ensure that materials are available for production.

Stage-6 Manufacturing Resource Planning - II (MRP – II): It is defined as a method for

Page | 59
 the valuable planning of all resources of a manufacturing company.

Stage – 7 Distribution Resource Planning (DRP): DRP is a method used in business

administration for planning orders within a supply chain. DRP enables the user to set
certain inventory control parameters (like a safety stock).

Stage – 8 Enterprise Resource Planning: ERP takes a customer order and provides a
software road map for fulfilling the order

Stage – 9 Money Resource Planning (MRP-III).: This has more emphasis on planning of
capital or managing the situation when surplus money arises.

Stage – 10 EIS-Web Enabled: Web browser software is the cheapest and simplest client
software for an EIS. Web enabled EIS is a final step in this direction.

Customer Relationship Management (CRM)

A. CRM may be defined as a business process in which client relationships; customer

loyalty and brand value are built through marketing strategies and activities.

Analytical CRM Definition:

CRM Equation Customer Relationship Management = Customer

Understanding + Relationship Management

Customer Analysis of customer data to gain deep

Understanding understanding down to the level of individual
Relationship customer
Interaction with the customer through various
Management channels for various purposes
Analytical CRM Use customer understanding to perform effective
relationship management

Page | 60
Benefits of CRM:

 Generating customer loyalty

 Preserving existing customers
 Gaining competitive advantage

Supply Chain Management (SCM)

In simple terms, SCM is a chain that starts with customers and ends with customers.
Supply Chain Management may be defined as the process of planning, implementing and
controlling the operations of the supply chain with the purpose of satisfying the
customer's requirement as efficiently as possible.

Components of SCM:

Procurement/Purchasing—begins with the purchasing of parts, components, or

services. Procurement must ensure that the right items are delivered in the exact
quantities at the correct location on the specified time schedule at minimal cost.

Operations - The second major element of supply chain management system is

operations. Having received raw materials, parts, components, assemblies, or services from
suppliers, the firm must transform them and produce the products or the services

Distribution - Distribution involves several activities—transportation (logistics),

warehousing, and customer relationship management (CRM).

Integration - The last element of supply chain management is the need for integration. It is
critical that all participants in the service chain recognize the entirety of the service
chain.

Page | 61
Relationship between ERP, CRM and SCM:

CRM and SCM are two categories of enterprise software that are widely implemented
in corporations and non-profit organizations. While the primary goal of ERP is to improve
and streamline internal business processes.

CRM attempts to enhance the relationship with customers and SCM aims to facilitate
the collaboration between the organization, its suppliers, the manufacturers, the
distributors and the partners.

Human Resource Management Systems (HRMS)

People are the most valuable asset of an enterprise. A Human Resources Management
System (HRMS) is a software application that group many human resources functions,
together with benefits administration, payroll, recruiting and training, and performance
analysis and assessment into one parcel.

Key Integration Points:

 Workforce Management: Workforce Management provides powerful tools to

effectively manage labour rules, ensure compliance, and control labour costs and
expenses.
 Time and Attendance Management: The time and attendance module
gathers standardized time and work related efforts.
 Payroll Management: This module of the system is designed to automate manual
Payroll functions and facilitate salary, deductions etc calculations, eliminates errors
 Recruitment Management: This module helps in hiring the right people with the
right target skills. This module includes processes for managing open
positions/requisitions, applicant screening, assessments, selection and hiring etc.

 Training Management: Training programs can be entered with future dates which
allow managers to track progress of employees through these programs

Page | 62
 Core Banking System (CBS)

CORE stands for "Centralized Online Real-time Environment". The various elements of core
banking include:

 Calculating interest
 Managing customer accounts
 Processing cash deposits and withdrawals
 Processing payments and cheques

Core Banking System may be defined as the set of basic software components that
manage the services provided by a bank to its customers.

Normal core banking functions will include deposit accounts, loans, mortgages and
payments. Banks make these services available across multiple channels like ATMs,
Internet banking, and branches.

Examples of major core banking products include Infosys’ Finacle, Nucleus FinnOne and
Oracle's Flexcube application.

(A) Infosys’ Finacle

The key modules of Finacle are:

 Enterprise customer information: This module enables banks to create and

maintain a single source of customer information and files that can be accessed
from multiple systems.
 Consumer banking: Offerings such as savings and checking accounts, and provision
for personal and auto finance are easily supported.
 Corporate banking: This includes commercial lending essentials such as
multicurrency disbursements and repayments, flexible and varied interest rate
setup, commitment fee setup, crystallization, amortization, and debt consolidation.

Page | 63
  Wealth management: This creates new revenue streams by offering high net
worth individuals
 Trade finance: This module presents an end-to-end solution for the trade finance
needs of a bank and is fully integrated with the payment system and exchange
rate setup
 Islamic banking: This module offers a flexible and varied feature repertoire for
banks to design and deploy products for varying market segments, based on
different Islamic concepts.

(B) Nucleus FinnOne: The Nucleus FinnOne banking suite, made and marketed
by India-based Company Nucleus software, comes with a wide variety of
applications that cover different aspects of global web banking. These
applications include:

 A loan origination system that automates and manages the processing of

many types of loans,
 A credit card application system with strong credit and fraud detection
tools and

FinnOne is a web-based global banking product designed to support banks

and financial solution companies in dealing with assets, liabilities, core financial
accounting and customer service.

(C) Oracle's FLEXCUBE: Oracle FLEXCUBE helps banks transform their business model
from disparate operations towards centralization of key functions, such as
accounting, customer information, and management information.

Few special features are:

 Track their pending activities

 Get insights into customer information
 Improved bank staff productivity
 Improved risk management
 Straight-Through-Processing (STP) capabilities.

Page | 64
 Accounting Information System (AIS)

An accounting information systems that combines traditional accounting practices such

as the Generally Accepted Accounting Principles (GAAP), Accounting Standards with
modern information technology resources.

Key components of Accounting Information System:

 People: AIS helps various system users that include accountants,

consultants, business analysts, managers, chief financial officers and auditors
etc. from different departments within a company to work together.
 Procedure and Instructions: These include the methods for collecting, storing,
retrieving and processing data.
 Data: Refers to the information related to the organization such as invoices etc.
 Software: It is the computer program that provide facility to store and access data.
 Internal Controls: These are the security measures such as passwords or as
complex as biometric identification

Benefits of AIS:

 Transforms data into information.

 Trouble free paper-and-pencil system
 Improves employee efficiency.
 Makes sure that entity’s resources are available when needed.

Artificial Intelligence

Artificial intelligence is the branch of computer science concerned with

making computers behave like humans.

Although AI has been studied for more than half a century, we still cannot make a
computer that is as intelligent as a human in all aspects.
Page | 65
 In some cases, the computer outfitted with AI technology can be even more intelligent
than us. The Deep Blue system which defeated the world chess champion is a well-know
example.

Expert systems, Pattern Recognition, Natural language processing, and many others are
some of the various purposes on which AI may be applied

Expert System

A computer application that performs a task that would otherwise be performed by a

human expert. For example, there are expert systems that can diagnose human
illnesses, make financial forecasts, and schedule routes for delivery vehicles.

Components of an Expert System:

a) Knowledge Base: This includes the data, knowledge, relationships, rules of

thumb, and decision trees used by experts to solve a particular problem.
b) Inference Engine: This program contains the logic and reasoning mechanisms
that simulate the expert logic process and deliver advice
c) User Interface: This program allows the user to design, create, update, use
and communicate with the expert system.
d) Explanation facility: This facility provides the user with an explanation of the logic
the ES used to arrive at its conclusion.
e) Database of Facts: This holds the user's input about the current problem.

Types of Expert Systems:

 In Example-based system, developers enter the case facts and results, that is
used to match the case at hand with those previously entered in the knowledge
base.

Page | 66
  Rule-based systems are created by storing data and decision rules as if-then rules.
The system asks the user questions and applied the if-then rules to the answers
to draw conclusions and make recommendations.
 Frame based systems organize all the information (data, description, rules etc.)
about a topic into logical units called frames, which are similar to linked records
in data files.

Business Intelligence

The term business intelligence (BI) represents the tools and systems that play a key role
in the strategic planning process of the corporation. These systems allow a company to
gather, store, access and analyze corporate data to aid in decision-making.

Business Intelligence Tools:

 Simple Reporting and Querying: This involves using the data warehouse to
get response to the query: “Tell me what happened.” The objective of a BI
implementation is to turn operational data into meaningful knowledge.

 Business Analysis: This involves using the data to get response to the query: “Tell
me what happened and why.” Business analysis allows the user to plot data in
row and column coordinates to further understand the intersecting points.

 Dashboards: This involves using the information gathered from the data
warehouse and making it available to users as snapshots

 Scorecards: Scorecards offer a rich, visual measurement to display the

performance of specific initiatives, business units, or the enterprise as a whole
and the individual goals.
 Data Mining or Statistical Analysis: This involves using statistical,
artificial intelligence, and related techniques to mine through large volumes of
data and providing knowledge without users even having to ask specific
questions.

Page | 67
Business Reporting through MIS and IT
Benefits for micro-businesses and small to medium enterprises
 Paperless lodgement - eliminates the hassle of paper work and associated
costs;
 Electronic record keeping – stores the reports securely in
the accounting or bookkeeping system;
 Pre-filled forms - reports are automatically pre-filled with
information existing in the accounting or bookkeeping system.
 Ease of sharing - between client, accountant, tax agent or bookkeeper for
checking;
 Same-time validation - receive a fast response that any lodgement
has been received.

Benefits for large business

 A single reporting language to report to government: eXtensible

Business Reporting Language (XBRL) - an international
standards-based business reporting language developed by
accountants for financial reporting;
 Reduce costs - reduction in the cost of assembling, analyzing, and
providing data to government;
 Streamline the process of aggregating data - Opportunities exist
for streamlining the process of aggregating data across different
internal departments, or business units of a company;
 Same-time validation - rapid response that any lodgement has been received.

Page | 68
 Importance of Access and Privilege Controls

In order to safeguard software systems, procedures are developed and implemented

for protecting them from unauthorized access.

The functions are as follows:

 Identity Management: Identity management consists of one or more processes to

verify the identity of a subject/person attempting to access an object. However, it
does not provide 100 percent assurance of the subject’s identity.
 Authorization: Once a resource or network verifies a subject’s identity, the process
of determining what objects that subject can access begins. Authorization
identifies what systems, network resources, etc. a subject can access.
 Accountability: Each step from identity presentation through authentication
and authorization is logged.

Approaches to Access Control

 Role-based Access Control (RBAC): Each person/subject is given a particular role and
certain rights and permissions. When an employee changes jobs, all previous access
is removed, and the rights and permissions of the new role are assigned.
 Rules-based Access Control (RAC): RAC differs from RBAC methods because it is
largely context-based. RAC places certain rules based on a user’s role. A manager, for
example, has the ability to approve his/her employees’ hours worked.
However, when s/he attempts to approve his/her own hours, a rule built into
the application compares the employee record and the user, sees they are the
same, and temporarily removes approval privilege.

Page | 69
5. Business Process Automation through Application Software
The meaning of Business Application can be best understood by dividing the set of words
into their constituents. Business is defined as a person’s regular occupation or commercial
activity, a person’s concern. Application, in terms of computers, is defined as a computer
program to fulfill a particular purpose.

Types of Business Applications on Logical Basis:

 Nature of processing: This is the way an application updates data, for example
batch-processing, real-time processing.
 Source of application: It tells the source from where application Is bought, for
example purchased (Tally), developed in-house.
 Nature of business: This classification is based on the users for whom the application
has been developed. For example, for large businesses, small businesses etc.
 Functions covered: A business application may be classified based on business
function it covers. For example DSS, MIS, KIS etc

Steps to Develop BPA

Step 1: Define why we plan to implement a BPA?

 Errors in manual processes leading to higher costs.

 Poor debtor management leading to poor cash flow.
 Poor customer service.

(ii) Step 2: Understand the rules / regulation which enterprise needs to comply with?

Page | 70
  This is established by a combination of internal corporate policies, external industry
regulations and local, state, and central laws.

(iii) Step 3: Document the process, we wish to automate:

 What documents need to be captured?

 Can there be a better way to do the same job?

(iv) Step 4: Define the objectives/goals to be achieved by implementing BPA

When determining goals, remember that goals need to be SMART:

 Specific: Clearly defined

 Measurable: Easily quantifiable in monetary terms
 Attainable: Achievable through best efforts
 Relevant: Entity must be in need of these, and
 Timely: Achieved within a given time frame.

(v) Step 5: Engage the business process consultant

 Consultant have experience with entity business process.

 Consultant should be experienced in resolving critical business issues.

(vi) Step 6: Calculate the RoI for project

 Cost Savings, being clearly computed and demonstrated.

 Savings in employee salary

(vii) Step 7: Developing the BPA

 Once the requirements have been document, ROI has been computed and top
management approval to go ahead has been received, BPA is developed.

(viii) Step 8: Testing the BPA

 Once developed, it is important to test the new process to determine how well it
works

Page | 71
Applications that help entity to achieve BPA (2 x 2 Marks):

TALLY:

 It is ERP software, which allows an entity to integrate its business processes.

 ERP stands for Enterprise Resource Planning
 It is an accounting application that helps entity to automate processes relating to
accounting of transactions.
 The latest version has been upgraded to help user achieve TAX compliances also.
 It has features such as Remote Access Capabilities
 This is used by most of the small enterprises across the world

SAP:

 It is ERP software, which allows an entity to integrate its business processes.

 ERP stands for Enterprise Resource Planning
 It has the features such as time management, reporting, budget monitoring etc
 This is used by most of the large enterprises across the world

Attendance Systems:

 Many attendance automation systems are available in the market.

 The application helps entity to automate the process of attendance tracking
 It has features such as supervisor login access, holiday pay settings etc

Vehicle Tracking System:

 A lot of applications have been developed that allow entity to track their goods
while in transit.
 It has features such as GPS based location, GPRS connections.
 Information is also sent through SMS & e-mail notifications
Page | 72
  on-board memory to store location inputs during times when GPRS is not
available or cellular coverage is absent

Automated Toll Collection Systems:

 As India progresses through creation of the golden quadrilateral project, many

toll booths have been built to collect tolls.
 Many toll booths allow users to buy pre-paid cards, where user need not stop in
lane to pay toll charges, but just swipe / wave the card in front of a scanner.
 It has features such as automatic vehicle identification system (based on in-road
sensors), license plate recognition, zoom capability on captured images

Department Stores Systems:

 There has been huge development in the retail sector in India.

 Two critical elements for managing departmental stores have been automated in
India; they include the billing processes and inventory management.

Travel Management Systems:

 Many business processes specific to this industry have been automated, including
ticket booking for air, bus, train, hotel, etc.
 It has features such as, ‘safe return’ process for people tracking, traveler portal
for up to date information, online retrieval of e-tickets, management of entry visas
& medical requirements.

Educational Institute Management Systems:

 India probably produces maximum number of engineers, doctors, MBAs and CAs
across the world.
 A lot of automation has been achieved, including student tracking and record
keeping.
 ICAI, itself is a good example of this automation.

Page | 73
  A student based on his/her registration number can file many documents online
including exam forms.

Delivery Channels
Delivery channels for information include:

 E-mail: The most widely used delivery channel for information today
 Social networking sites, like Facebook, whatsup, etc
 Intranet: Network within the company/enterprise

Information Delivery Channel: How to choose one?

 More than just the intranet: Staff will (and should) use whichever methods are
easiest and most efficient to obtain information.
 Understand staff needs & environment: This includes which systems do staff use,
their level of PC access, their amount of computer knowledge.
 Traditional Channel need to be formalized: Instead of attempting to eliminate
existing information sources in favour of the intranet, it may be more beneficial to
formalize the current practices.

Controls in BPA

Control Objectives:

 Authorization - ensures that all transactions are approved by responsible

personnel.
 Completeness -ensures that no valid transactions have been omitted from
the accounting records.
 Accuracy - ensures that all valid transactions are accurate

Page | 74
  Validity - ensures that all recorded transactions fairly represent the economic events
that actually occurred
 Physical Safeguards and Security - ensures that access to physical assets and
information systems are controlled

Application Controls and their Types:

(i) Boundary Controls: Boundary control techniques include: The major controls of the
boundary system are the access control mechanisms. Boundary control techniques
include:
 Cryptography: There are programs that transform data into codes that
appear meaningless to anyone who does not possess the
authentication/authorization.
 Passwords: User Identification through personal characters like name, birth date
etc.
 Personal Identification Numbers (PIN): The personal identification
number is similar to a password assigned to a user. The application
generates a random number.
 Identification Cards: These cards that are used to identify a user.

(ii) Input Controls: These are responsible for ensuring the accuracy and
completeness of data that are input into the computer. Input control techniques
are:
 Data Coding Controls: These controls are put in place to reduce user
error during data feeding. Few types of error may include:
 Addition: Addition of an extra character in a code. e.g. 12345
coded as 712345;
 Truncation: Omission of characters in the code. e.g. 12345 coded
as 2345;

Page | 75
  Batch Controls: These controls are put in place at locations where
batch processing is being used. Batch processing is where there is a time
gap between occurrence and recording of transactions, that is,
transactions are not recorded at the time of occurrence but are
accumulated and a set (based on number/ time) is processed.
 Validation Controls: hese controls validate the accuracy/correctness of
input data. For example, no pay where there is sick leave, physical
balance can never go below zero, etc.

(iii) Process Controls: Data processing controls perform checks to identify errors
during processing of data.
 Exception Reports: Exception reports are generated to identify
errors in data processed.
 Reasonableness Verification: Two or more fields can be
compared and cross verified to ensure their correctness. For
example, the statutory percentage of provident fund can be
calculated on the gross pay amount to verify if the provident fund
contribution deducted is accurate.

(iv) Output Controls: Output controls ensure that the data delivered to users
correctly.
 Storage and Logging of Sensitive and Critical Forms: Pre-printed
stationery should be stored securely to prevent unauthorized
destruction or removal and usage.
 Controls over Printing: It should be ensured that unauthorized
disclosure of information printed is prevented. must be trained to select
the correct printer

Page | 76
  Retention Controls: Retention controls consider the duration for which
outputs should be retained before being destroyed.
 Existence/Recovery Controls: These controls are needed to recover
output in the event that it is lost or destroyed.

Emerging Technologies
 Grid Computing is a computer network in which each computer's resources are
shared with every other computer in the system.

A grid computing system can be as simple as a collection of similar computers

running on the same operating system.

Why need Grid Computing?

 An insurance company mines data from partner hospitals for fraud detection.
 Large-scale science and engineering are done through the interaction
of people from different geographies.

 Network Virtualization treats all servers and services in the network as a single
pool of resources that can be accessed without regard for
its physical components. The term network virtualization is often used to
describe many things including storage virtualization, and even grid computing.

Page | 77