UNIT I (Questions with Answers)

Q.1. What is ‘Information’? What are the characteristics of good information?

Information is organized or classified data which has some meaningful values for the receiver. Information
is the processed data on which decisions and actions are based.
When using information for business purposes and storing information in an information system it is of vital
importance that the information is good and helps you make the correct business decision. The
characteristics of good information are as follows: valid, reliable, timely, fit-for-purpose, accessible, cost-
effective, sufficiently accurate, relevant, and understandable by the user. These are explained in more detail
below:
Valid: Valid information is information is information that is correct and can be used for the purpose that it
is needed. An example of valid is information that you can trust such as information supplied to you by a
governing body. Valid financial information would be tax rates supplied to companies from the
Governments Tax Office.
Reliable: Reliable information if information that you can rely on as being correct. It will be from a valid
and trusted source. An example of reliable information would be information from your sales department
that is supplied to the financial department on the sales figures for last month. As this comes from an
internal information source it is reliable and can be trusted.
Timely: Timely is another important characteristic of good information. Information should be available
when required. Timely information is information that is from the correct time period. If a company wants to
analyze current profit and loss then they will need to access current sales figures and not the sales figures
from 10 years ago. We can also say that timely information is information that is available as and when
needed. For example, if a Manager needed to check the sales figures for today timely information would be
information that they could print from a cash register immediately at any time during the day.
Fit for Purpose: Information that is fit for purpose means that it is relevant to what you need it for. For
example if you were opening a business in London then it would be advisable to look at the population
within a certain area beside where you wanted to open the business. Looking at information about the
population of Papua New Guinea would not really be fit for purpose in this instance.
Accessible: Accessible information is information that is stored in a way that it can be easily accessed at
any time. If we refer back to the example of looking at sales figures on a cash register at any time of the day
having the feature of printing out current sales from the cash register means that the information is
accessible. If it took one hour to process the sales figures and print them then this information would not be
easily accessible. Accessible is an important characteristic of good information as users need to have
information available to them as and when they need it.
Cost Effective: Cost effective information is information that is worth investing the time and money to get
to help make business decisions. As an example, if you paid a company to do a survey for you and it cost
`1000 and you were then able to use the information supplied to increase your profits by `1500 in the next
month then this could be seen as cost effective information. However, if the survey cost `50000 to complete
and the information only seen a `100 increase in sales in the next month them this information would not be
seen as cost effective. Cost effective information is information that costs a lot less to put together than the
resultant profit from analyzing and using the information to increase profits.
Sufficiently Accurate: Accurate information helps businesses make the correct decisions. If the
speedometer in your car was out by 20 kmph then this information may result in you breaking the law.
Similarly if a sales department sent inaccurate sales figures to the finance department this might result in
incorrect tax calculations for the company that would put them in danger.
Relevant: Relevant information is information that is directly related to your business need. If a business
was looking to cut costs they might look at their electricity bill and try to see where they could save money.
If a bakery was looking at the price of metal then this would not really be relevant information to their
business. Relevant information for a bakery would be looking at the price of ingredients to use in their
products.
Understandable by the user: Information that is used for a business purpose needs to be understandable
by the end user. If a non financial person wanted information about the sales for the last 3 years and you
presented them with a complex set of figures taken from a database with no clear totals then they would not
understand it. However, if you knew exactly what they wanted you might present them with an easy to read
graph with clear instructions on the totals sales for each of the last 3 years.
Q.2. Discuss about Information System (IS) and its importance in an Organization.
Information system has been defined in terms of two perspectives: one relating to its function; the other
relating to its structure. From a functional perspective; an information system is a technologically
implemented medium for the purpose of recording, storing, and disseminating linguistic expressions as
well as for the supporting of inference making. From a structural perspective; an information system
consists of a collection of people, processes, data, models, technology and partly formalized language,
forming a cohesive structure which serves some organizational purpose or function.
The functional definition has its merits in focusing on what actual users -from a conceptual point of view-
do with the information system while using it. They communicate with experts to solve a particular problem.
The structural definition makes clear that IS are socio-technical systems, i.e., systems consisting of humans,
behavior rules, and conceptual and technical artifacts.
An information system can be defined technically as a set of interrelated components that collect (or
retrieve), process, store, and distribute information to support decision making and control in an
organization. In addition to supporting decision making, coordination, and control, information systems
may also help managers and workers analyze problems, visualize complex subjects, and create new
products.
Three activities in an information system produce the information that organizations need to make decisions,
control operations, analyze problems, and create new products or services. These activities are:
1. Input: It captures or collects raw data from within the organization or from its external environment.
2. Processing: It converts this raw input into a more meaningful form.
3. Output: It transfers the processed information to the people who will use it or to the activities for which
it will be used.
Information systems also require feedback, which is output that is returned to appropriate members of the
organization to help them evaluate or correct the input stage.

Components of Information Systems: While information systems may differ in how they are used within an
organization, they typically contain the following components:
▬ Hardware: Computer-based information systems use computer hardware, such as processors, monitors,
keyboard and printers.
▬ Software: These are the programs used to organize process and analyze data.
▬ Databases: Information systems work with data, organized into tables and files.
▬ Network: different elements need to be connected to each other, especially if many different people in an
organization use the same information system.
▬ Procedures: These describe how specific data are processed and analyzed in order to get the answers
for which the information system is designed.

Technology
These three elements – hardware, software, and telecommunication systems – comprise the IT component of
an information system. For example, the technology components of the automated payroll system mentioned
in the first example include:
 Hardware – computers and printers
 Software – the accounting software application designed to keep track of the salaries and the staff
scheduling system designed to keep track of hours worked and how much each employees should be paid
 Telecommunication systems – local and inter-organizational channels of communication and routing
equipment designed to connect the company to the bank for automatic money transfers.
Process
A process is the set of steps employed to carry out a specific business or organizational activity. In other
words, a process maps the set of actions that an individual, a group or an organization must enact in order to
complete an activity.
People
The people component of an information system encompasses all those individuals who are directly
involved with the system. These people include the managers who define the goals of the system, and the
users.
Structure
The structure (or organizational structure) component of information systems refers to the relationship
among the individuals in the people component. Thus, it encompasses hierarchical and reporting structures,
and reward systems. The structure component plays a critical role in an information system, simply because
systems often fail when they are resisted by their intended users.
Importance of Information Systems in an Organization: Information systems gain their importance by
processing the data from company inputs to generate information that is useful for managing your
operations. To increase the information system's effectiveness, you can either add more data to make the
information more accurate or use the information in new ways.
Communication: Part of management is gathering and distributing information, and information systems
can make this process more efficient by allowing managers to communicate rapidly. Email is quick and
effective, but managers can use information systems even more efficiently by storing documents in folders
that they share with the employees who need the information. This type of communication lets employees
collaborate in a systematic way. Each employee can communicate additional information by making
changes that the system tracks. The manager collects the inputs and sends the newly revised document to his
target audience.
Operations: Managing a company's operations depend on the information available with the company.
Information systems can offer more complete and more recent information, allowing you to operate your
company more efficiently. You can use information systems to gain a cost advantage over competitors or to
differentiate yourself by offering better customer service. Sales data give you insights about what customers
are buying and let you stock or produce items that are selling well. With guidance from the information
system, you can streamline your operations.
Decisions: The company information system can help you make better decisions by delivering all the
information you need and by modeling the results of your decisions. A decision involves choosing a course
of action from several alternatives and carrying out the corresponding tasks. When you have accurate, up-
to-date information, you can make the choice with confidence. If more than one choice looks appealing, you
can use the information system to run different scenarios. For each possibility, the system can calculate key
indicators such as sales, costs and profits to help you determine which alternative gives the most beneficial
result.
Records: Your Company needs records of its activities for financial and regulatory purposes as well as for
finding the causes of problems and taking corrective action. The information system stores documents and
revision histories, communication records and operational data. The trick to exploiting this recording
capability is organizing the data and using the system to process and present it as useful historical
information. You can use such information to prepare cost estimates and forecasts and to analyze how your
actions affected the key company indicators.
Q.3. Discuss about the classification of information systems in detail.
Classification of Information Systems
Operations Support System (OSS): Operations support system (OSS) is a software component that
enables a service provider to monitor, control, analyze, and manage the services on its network. These types
of software applications, along with a business support system (BSS), support most customer-facing
activities, including ordering, billing, and support.
The development and implementation of OSS systems often involves information technology (IT) expertise
as well as the help of integrators that can ensure the software works with network infrastructure to pass on
important information about the fulfillment and delivery of services.
The term operations support systems (OSSs) generally refers to the systems that perform management,
inventory, engineering, planning, and repair functions for telecommunications service networks.
An operational support system (OSS) is a group of computer programs or an IT system used by
communications service providers for monitoring, controlling, analyzing and managing a computer or
telephone network system. OSS software is specifically dedicated to telecommunications service providers
and mainly used for supporting network processes to maintain network inventory, configure network
components, provision services and manage faults.
Management Support System (MSS): An MSS is an information system that integrates the functional
capabilities of a decision support system, executive information system, and knowledge-based or expert
system. The term MSS is used here to refer to any computer based system that aims to support a manager or
professional in a decision making environment. It is an extension of the older concept of a DSS to include a
wider range of computer based support systems. MSS has a wider meaning than just the quantitative models
that have traditionally been referred to as DSS. Any decision support system must contribute something
tangible to the decision making process. It must either enable the manager to make the decision more
efficiently, or enable the manager to make a more effective decision. Hence the increasing use of the term
MSS to include any computer based system that supports a decision making process.
Transaction Processing System (TPS): Transaction processing systems are used to record day to day
business transactions of the organization. They are used by users at the operational management level. The
main objective of a transaction processing system is to answer routine questions such as;
 How printers were sold today?
 How much inventory do we have at hand?
 What is the outstanding due for John Doe?
By recording the day to day business transactions, TPS system provides answers to the above questions in a
timely manner. The decisions made by operational managers are routine and highly structured. The
information produced from the transaction processing system is very detailed.
For example, banks that give out loans require that the company that a person works for should have a
Memorandum of Understanding (MoU) with the bank. If a person whose employer has a MoU with the bank
applies for a loan, all that the operational staff has to do is verify the submitted documents. If they meet the
requirements, then the loan application documents are processed. If they do not meet the requirements, then
the client is advised to see tactical management staff to see the possibility of signing a MoU.
Examples of transaction processing systems include;
▬ Point of Sale Systems – records daily sales
▬ Payroll systems – processing employees’ salary, loans management, etc.
▬ Stock Control systems – keeping track of inventory levels
▬ Airline booking systems – flights booking management
Process Control Systems (PCS): A process control system monitors the manufacturing environment and
electronically controls the process or manufacturing flow based on the various set-points given by the user.
In a manufacturing setup, there will be different parameters for critical processes that have to be monitored.
The real time values of these parameters will be fed to a central control system. These values are compared
with the preset set-points through feedback systems and the necessary alerts are output on the display
system, so that corrective action can be taken.
Process control systems are used to monitor and control industrial or physical processes. A process control
system comprises the whole range of equipment, computer programs and operating procedures. For
example: petroleum refining as a petroleum refinery uses electronic sensors linked to computers to monitor
chemical processes continually and make instant (real-time) adjustments that control the refinery process.
Other examples are power generation and steel production systems.
Enterprise Collaboration Systems (ECS): An Enterprise Collaboration System (ECS) is an information
system used to facilitate efficient sharing of documents and knowledge between teams and individuals in an
enterprise. ECS is a combination of groupware, tools, Internet, extranets and other networks needed to
support enterprise-wide communications, such as the sharing of documents and knowledge to specific teams
and individuals within the enterprise. Some examples of enterprise communication tools include e-mail,
videoconferencing, collaborative document sharing, project management tools and others. The objective of
an ECS is to provide each user with the tools for managing communications, documents and other
information that individuals need to manage their own tasks efficiently in their departments.
Enterprise collaboration systems (office automation systems) enhance team and workgroup communications
and productivity. Office automation systems are not specific to any one level in the organization but provide
important support for a broad range of users. Office information systems are designed to support office
tasks with information technology. Voice mail, multimedia system, electronic mail, video conferencing,
file transfer, and even group decisions can be achieved by office information systems.
Management Information System (MIS): Management Information Systems (MIS) are used by tactical
managers to monitor the organization's current performance status. The output from a transaction processing
system is used as input to a management information system. The MIS system analyzes the input with
routine algorithms i.e. aggregate, compare and summarizes the results to produced reports that tactical
managers use to monitor, control and predict future performance.
For example, input from a point of sale system can be used to analyze trends of products that are performing
well and those that are not performing well. This information can be used to make future inventory orders
i.e. increasing orders for well-performing products and reduce the orders of products that are not performing
well.
Examples of management information systems include;
▬ Sales management systems – they get input from the point of sale system
▬ Budgeting systems – gives an overview of how much money is spent within the organization for the
short and long terms.
▬ Human resource management system – overall welfare of the employees, staff turnover, etc.
Tactical managers are responsible for the semi-structured decision. MIS systems provide the information
needed to make the structured decision and based on the experience of the tactical managers, they make
judgment calls i.e. predict how much of goods or inventory should be ordered for the second quarter based
on the sales of the first quarter.
Decision Support System (DSS): Decision support systems are used by senior management to make non-
routine decisions. Decision support systems use input from internal systems (transaction processing systems
and management information systems) and external systems.
The main objective of decision support systems is to provide solutions to problems that are unique and
change frequently. Decision support systems answer questions such as;
 What would be the impact of employees' performance if we double the production lot at the factory?
 What would happen to our sales if a new competitor entered the market?
Decision support systems use sophisticated mathematical models, and statistical techniques (probability,
predictive modeling, etc.) to provide solutions, and they are very interactive.
Examples of decision support systems include;
▬ Financial planning systems – it enables managers to evaluate alternative ways of achieving goals. The
objective is to find the optimal way of achieving the goal. For example, the net profit for a business is
calculated using the formula Total Sales less (Cost of Goods + Expenses). A financial planning system
will enable senior executives to ask what if questions and adjust the values for total sales, the cost of
goods, etc. to see the effect of the decision and on the net profit and find the most optimal way.
▬ Bank loan management systems – it is used to verify the credit of the loan applicant and predict the
likelihood of the loan being recovered.
Executive Information Systems (EIS): The top executives need fast access to up-to-date, concise
information and exception reports with facilities to personalized information and analysis. The information
systems designed to cater to such needs of top executives are called Executive Information Systems (EIS) or
Executive Support Systems.
These systems act as electronic briefing systems and offer tremendous flexibility in use. EIS uses internal as
well as external information and offers an interactive and a user friendly operating environment.
Executive Information Systems have been developed, which provide rapid access to both internal and
external information, often presented in graphical format, but with the ability to present more detailed
underlying data if it is required. Executive information systems provide critical information from a wide
variety of internal and external sources (from MIS, DSS, and other sources tailored to the information needs
of executives) in easy-to-use displays to executives and managers. According to Patterson, an EIS provides
senior managers with a system to assist in taking strategic and tactical decisions. According to Shim, an
executive information system is designed to generate information that is abstract enough to present the
whole company operation in a simplified version to satisfy senior management.
Q.4. Discuss about IT infrastructure and emerging technologies in detail.
IT infrastructure consists of a set of physical devices and software applications that are required to operate the entire
enterprise. But an IT infrastructure is also a set of firm wide services budgeted by management and comprising both
human and technical capabilities. These services include the following:
▫ Computing platforms used to provide computing services that connect employees, customers, and suppliers into a
coherent digital environment, including large mainframes, midrange computers, desktop and laptop computers,
and mobile handheld and remote cloud computing services.
▫ Telecommunications services that provide data, voice, and video connectivity to employees, customers, and
suppliers
▫ Data management services that store and manage corporate data and provide capabilities for analyzing the data
▫ Application software services, including online software services, that provide enterprise-wide capabilities such
as enterprise resource planning, customer relationship management, supply chain management, and knowledge
management systems that are shared by all business units
▫ Physical facilities management services that develop and manage the physical installations required for
computing, telecommunications, and data management services
▫ IT management services that plan and develop the infrastructure, coordinate with the business units for IT
services, manage accounting for the IT expenditure, and provide project management services
▫ IT standards services that provide the firm and its business units with policies that determine which information
technology will be used, when, and how
▫ IT education services that provide training in system use to employees and offer managers training in how to plan
for and manage IT investments
▫ IT research and development services that provide the firm with research on potential future IT projects and
investments that could help the firm differentiate itself in the marketplace

This ―service platform‖ perspective makes it easier to understand the business value provided by infrastructure
investments. For instance, the real business value of a fully loaded personal computer operating at 3 gigahertz that
costs about $1,000 and a high-speed Internet connection is hard to understand without knowing who will use it and
how it will be used. When we look at the services provided by these tools, however, their value becomes more
apparent: The new PC makes it possible for a high-cost employee making $100,000 a year to connect to all the
company’s major systems and the public Internet. The high-speed Internet service saves this employee about one hour
per day in reduced wait time for Internet information. Without this PC and Internet connection, the value of this one
employee to the firm might be cut in half.
Infrastructure Components
IT infrastructure today is composed of seven major components. These components constitute investments that must
be coordinated with one another to provide the firm with a coherent infrastructure.

In the past, technology vendors supplying these components were often in competition with one another, offering
purchasing firms a mixture of incompatible, proprietary, partial solutions. But increasingly the vendor firms have been
forced by large customers to cooperate in strategic partnerships with one another. For instance, a hardware and
services provider such as IBM cooperates with all the major enterprise software providers, has strategic relationships
with system integrators, and promises to work with whichever database products its client firms wish to use (even
though it sells its own database management software called DB2). The components are:
1. Computer Hardware Platforms
2. Operating System Platforms
3. Enterprise Software Applications
4. Data Management and Storage
5. Networking/Telecommunications Platforms
6. Internet Platforms
7. Consulting and System Integration Services
Recent Hardware Platform Trends
The exploding power of computer hardware and networking technology has dramatically changed how businesses
organize their computing power, putting more of this power on networks and mobile handheld devices.
1. The Mobile Digital Platform
Smartphones such as the iPhone, Android, and BlackBerry Smartphones have taken on many functions of PCs,
including transmission of data, surfing the Web, transmitting e-mail and instant messages, displaying digital
content, and exchanging data with internal corporate systems. The new mobile platform also includes small,
lightweight net books optimized for wireless communication and Internet access, tablet computers such as the
iPad, and digital e-book readers such as Amazon’s Kindle with Web access capabilities.
2. Grid Computing
Grid computing involves connecting geographically remote computers into a single network to create a virtual
supercomputer by combining the computational power of all computers on the grid. Grid computing takes
advantage of the fact that most computers in the United States use their central processing units on average only
25 percent of the time for the work they have been assigned, leaving these idle resources available for other
processing tasks. Grid computing was impossible until high-speed Internet connections enabled firms to connect
remote machines economically and move enormous quantities of data. Grid computing requires software
programs to control and allocate resources on the grid.
3. Virtualization
Virtualization is the process of presenting a set of computing resources (such as computing power or data
storage) so that they can all be accessed in ways that are not restricted by physical configuration or geographic
location. Virtualization enables a single physical resource (such as a server or a storage device) to appear, to the
user as multiple logical resources. For example, a server or mainframe can be configured to run many instances
of an operating system so that it acts like many different machines. Virtualization makes it possible for a
company to handle its computer processing and storage using computing resources housed in remote locations.
VMware is the leading virtualization software vendor for Windows and Linux servers.
4. Cloud Computing
Cloud computing is a model of computing in which computer processing, storage, software, and other services
are provided as a pool of virtualized resources over a network, primarily the Internet. These ―clouds‖ of
computing resources can be accessed on an as-needed basis from any connected device and location. A cloud can
be private or public. A public cloud is owned and maintained by a cloud service provider, such as Amazon Web
Services, and made available to the general public or industry group. A private cloud is operated solely for an
organization. It may be managed by the organization or a third party and may exist on premise or off premise.
Like public clouds, private clouds are able to allocate storage, computing power, or other resources seamlessly to
provide computing resources on an as-needed basis.
5. Green Computing
By curbing hardware proliferation and power consumption, virtualization has become one of the principal
technologies for promoting green computing. Green computing or green IT, refers to practices and technologies
for designing, manufacturing, using, and disposing of computers, servers, and associated devices such as
monitors, printers, storage devices, and networking and communications systems to minimize the impact on the
environment.
Recent Software Platform Trends
1. Linux and Open Source Software: Open source software is software produced by a community of several
hundred thousand programmers around the world. According to the leading open source professional association,
OpenSource.org, open source software is free and can be modified by users. Works derived from the original
code must also be free, and the software can be redistributed by the user without additional licensing. Open
source software is by definition not restricted to any specific operating system or hardware technology, although
most open source software is currently based on a Linux or UNIX operating system.
Perhaps the most well-known open source software is Linux, an operating system related to UNIX. Linux was
created by the Finnish programmer Linus Torvalds and first posted on the Internet in August 1991. Linux
applications are embedded in cell phones, Smartphones, net books, and consumer electronics. Linux is available
 in free versions downloadable from the Internet or in low-cost commercial versions that include tools and support
from vendors such as Red Hat.
2. Software for the Web: Java, HTML, and HTML5: Java is an operating system-independent, processor-
independent, object-oriented programming language that has become the leading interactive environment for the
Web. Java was created by James Gosling and the Green Team at Sun Microsystems in 1992. In November 13,
2006, Sun released much of Java as open source software, under the terms of the GNU General Public License
(GPL), completing the process on May 8, 2007. The Java platform has migrated into cell phones, Smartphones,
automobiles, music players, game machines, and finally, into set-top cable television systems serving interactive
content and pay-per-view services.
HTML (Hypertext Markup Language) is a page description language for specifying how text, graphics, video,
and sound are placed on a Web page and for creating dynamic links to other Web pages and objects. Using these
links, a user need only point at a highlighted keyword or graphic, click on it, and immediately be transported to
another document.
HTML was originally designed to create and link static documents composed largely of text. Today, however, the
Web is much more social and interactive, and many Web pages have multimedia elements—images, audio, and
video. Third-party plug-in applications like Flash, Silverlight, and Java have been required to integrate these rich
media with Web pages. However, these add-ons require additional programming and put strains on computer
processing. This is one reason Apple dropped support for Flash on its mobile devices. The next evolution of
HTML, called HTML5, solves this problem by making it possible to embed images, audio, video, and other
elements directly into a document without processor-intensive add-ons. HTML5 will also make it easier for Web
pages to function across different display devices, including mobile devices as well as desktops, and it will
support the storage of data offline for apps that run over the Web.
3. Web Services and Service-Oriented Architecture: Web services refer to a set of loosely coupled software
components that exchange information with each other using universal Web communication standards and
languages. They can exchange information between two different systems regardless of the operating systems or
programming languages on which the systems are based. The collection of Web services that are used to build a
firm’s software systems constitutes what is known as a service-oriented architecture. Service Oriented
Architecture (SOA) is a set of self-contained services that communicate with each other to create a working
software application. Business tasks are accomplished by executing a series of these services.
4. Software Outsourcing and Cloud Services: Today, many business firms continue to operate legacy systems
that continue to meet a business need and would be extremely costly to replace. But they will purchase or rent
most of their new software applications from external sources. There are three external sources for software:
software packages from a commercial software vendor, outsourcing custom application development to an
external vendor, (which may or may not be offshore), and cloud-based software services and tools.
Q.5. What is Information security? Discuss about the importance of securing information.
Information security (InfoSec) is the practice of protecting information while still providing access to those who need
it. Information security (InfoSec) is a set of strategies for managing the processes, tools and policies necessary to
prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include
establishing a set of business processes that will protect information assets regardless of how the information is
formatted or whether it is in transit, is being processed or is at rest in storage.
Infosec programs are built around the core objectives of the CIA triad: maintaining the confidentiality, integrity and
availability of IT systems and business data. These objectives ensure that sensitive information is only disclosed to
authorized parties (confidentiality), prevent unauthorized modification of data (integrity) and guarantee the data can
be accessed by authorized parties when requested (availability).
The CIA Triad
Modern information security professionals often refer to a concept known as the CIA triad. Don't worry; this has
nothing to do with the spy agency. The letters CIA in this context refer to the following:
 Confidentiality
 Integrity
 Availability
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for
information security within an organization. The model is also sometimes referred to as the AIC triad (availability,
integrity and confidentiality) to avoid confusion with the Central Intelligence Agency. The elements of the triad are
considered the three most crucial components of security.
In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the
information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by
authorized people.
Confidentiality: Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality are
designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can
in fact get it: Access must be restricted to those authorized to view the data in question. It is common, as well, for data
to be categorized according to the amount and type of damage that could be done should it fall into unintended hands.
More or less stringent measures can then be implemented according to those categories.
Sometimes safeguarding data confidentiality may involve special training for those privies to such documents. Such
training would typically include security risks that could threaten this information. Training can help familiarize
authorized people with risk factors and how to guard against them. Further aspects of training can include strong
passwords and password-related best practices and information about social engineering methods, to prevent them
from bending data-handling rules with good intentions and potentially disastrous results.
A good example of methods used to ensure confidentiality is an account number or routing number when banking
online. Data encryption is a common method of ensuring confidentiality. User IDs and passwords constitute a
standard procedure; two-factor authentication is becoming the norm. Other options include biometric verification and
security tokens, key fobs or soft tokens. In addition, users can take precautions to minimize the number of places
where the information appears and the number of times it is actually transmitted to complete a required transaction.
Extra measures might be taken in the case of extremely sensitive documents, precautions such as storing only on air
gapped computers, disconnected storage devices or, for highly sensitive information, in hard copy form only.
Integrity: Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life
cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by
unauthorized people (for example, in a breach of confidentiality). These measures include file permissions and user
access controls. Version control maybe used to prevent erroneous changes or accidental deletion by authorized users
becoming a problem. In addition, some means must be in place to detect any changes in data that might occur as a
result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash. Some data might include
checksums, even cryptographic checksums, for verification of integrity. Backups or redundancies must be available to
restore the affected data to its correct state.
Availability: Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs
immediately when needed and maintaining a correctly functioning operating system environment that is free of
software conflicts. It’s also important to keep current with all necessary system upgrades. Providing adequate
communication bandwidth and preventing the occurrence of bottlenecks are equally important. Redundancy, failover,
RAID even high-availability clusters can mitigate serious consequences when hardware issues do occur. Fast and
adaptive disaster recovery is essential for the worst case scenarios; that capacity is reliant on the existence of a
comprehensive disaster recovery plan (DRP). Safeguards against data loss or interruptions in connections must
include unpredictable events such as natural disasters and fire. To prevent data loss from such occurrences, a backup
copy may be stored in a geographically-isolated location, perhaps even in a fireproof, waterproof safe. Extra security
equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data due to
malicious actions such as denial-of-service (DoS) attacks and network intrusions.
Importance of Securing Information
In the age of the Internet, protecting our information has become just as important as protecting our property.
Information security (InfoSec) is the practice of protecting both physical and digital information from destruction or
unauthorized access.
Every day we take steps to protect the things that are important to us. We set the alarm systems on our homes, put our
valuables in safes, and lock our cars. The reasons we do these things are simple -- we don't want people we don't
know or trust to get a hold of our valuables, and we don't want those valuables to come to any harm. Only some
members of the family, you included, have the code to the alarm, the combination to the safe, and the keys to the car.
There are many things that could be considered information that we need to protect. We might have personal medical
or financial records that we want to keep private. We usually don't want everyone in the world reading emails or
social media posts that we send to our friends or family. We also want to keep certain things like our Internet
passwords, credit card numbers, and banking information from getting into the wrong hands.
Information security is not just about keeping secrets. Sometimes we just have records, such as family photographs
and videos or other documents, which we want to, have access to at any time and that we don't want to be destroyed or
erased.
The importance of the security in the physical world can never be exaggerated. Without it, your residence becomes
open to burglars and unwanted visitors. In this modern, technological world, however, there’s a new form of theft or
break-in that’s virtual in nature: illegal data access. We’ve heard of thousands of stories of computers and networks
being hacked, which led to huge amounts of cash getting lost or confidential data dropping in the wrong hands. The
paraphernalia of such illicit acts can cause businesses to terminate operation, relationships to break down, and even
nations to go to war.
The good news is that sensitive and exclusive data can now be safeguarded from theft and misuse via IT security.
Here are some of the most prominent reasons for providing Information Security for businesses.
Protection from internal dangers
Definitely, getting your information and data secured is not only about protecting it from external access. We should
contemplate the possibility of our very own people having access to certain information they’re not supposed to view
or get their hands on. You’ve possibly heard of a former CIA technical assistant who leaked documents from one of
the world’s most famous spy organizations. When setting up your information systems, extra security has to be
installed for information that’s thought to be only for the eyes of handpicked persons.
Security from external risks
Those who pretense a threat to a network’s security can be classified into two: amateurs and professionals. The
previous doesn’t pose much of a threat as they may not be prepared with the knowledge on how to get through erudite
protection safeguards. The professional type, however, recognizes all the tricks and techniques in hacking even the
most profoundly secured virtual systems in the world.
Peace of mind
As your business’s critical processes, data and intellectual property migrate to the internet, it also enhances its
exposure to theft and hacking activities. This involves the setting up of additional and stronger security. Moreover, it’s
also your business’s accountability to your customers or clients that your online system be secure from unauthorized
access, particularly if they have confidential info in your databases. Sleeping at night becomes easier when you know
that you have a firm security system installed to protect not only sensitive data but your very investments.
Securing your information system/s is not only about protecting info and data from theft and misuse; it’s also about
performing risk management and running your operations more responsibly.
Risks to confidentiality, integrity, and availability of organizational information assets are constant, yet progress on a
daily basis. Individuals need to be informed and prepared for the risks directed towards them, their computers, and
eventually their way of life. These threats take on many forms, but they all fit indefinite established and identifiable
categories. An individual’s aptitude to differentiate between benign incidents and an authentic threat or risk rests on
the breadth and depth of security awareness training they have acknowledged.
Proposing that an Information Security Awareness Program be developed for the workforce of your organization to
inform them of the risks they face while utilizing organizational information assets, and by extension, their individual
information is an astute move for IT executives to make. The awareness program can be developed in conjunction
with the execution of an overall IT Governance methodology such as COBIT or as an impartial program depending on
the IT maturity level of your firm.
Firewalls, intrusion detection, and intrusion prevention systems, although a prerequisite for today’s network, cannot
entirely defend an organization from prevailing security threats. Companies need to ensure that their employees,
vendors, partners, and subcontractors will not dispense the organization susceptible to various risks such as
operational disruptions, loss of valued informational assets, public embarrassment, or legal liability due to a privation
of security awareness.
Information Security has become a crucial concern among information technology professionals and that concern
when shared by management, will benefit firms as a whole. Top-down management support is critical for the survival
of the program and its goal of creating a culture of security awareness within the organization. The program would
also be a valuable component of showing that executive management is enacting due diligence in securing
organizational information assets.
 UNIT II (Questions with Answers)
Q.1. What is Management Information System? What are the characteristics of MIS?
Management Information Systems (MIS) are used by tactical managers to monitor the organization's current
performance status. The output from a transaction processing system is used as input to a management
information system. The MIS system analyzes the input with routine algorithms i.e. aggregate, compare and
summarizes the results to produced reports that tactical managers use to monitor, control and predict future
performance.
For example, input from a point of sale system can be used to analyze trends of products that are performing
well and those that are not performing well. This information can be used to make future inventory orders
i.e. increasing orders for well-performing products and reduce the orders of products that are not performing
well.
Examples of management information systems include;
▬ Sales management systems – they get input from the point of sale system
▬ Budgeting systems – gives an overview of how much money is spent within the organization for the
short and long terms.
▬ Human resource management system – overall welfare of the employees, staff turnover, etc.
Tactical managers are responsible for the semi-structured decision. MIS systems provide the information
needed to make the structured decision and based on the experience of the tactical managers, they make
judgment calls i.e. predict how much of goods or inventory should be ordered for the second quarter based
on the sales of the first quarter.
MIS is an information system, which processes data and converts it into information. A management
information system uses TPS for its data inputs. The information generated by the information system may
be used for control of operations, strategic and long range planning; Short range planning, management
control and other managerial problem solving. It encompasses processing in support of a wide range of
organizational functions & management processes.
MIS is capable of providing analysis, planning & decision making support. The functional areas of a
business may be marketing, production, human resource, finance and accounting.
Characteristics of MIS
A management information system has the following characteristics:
System approach: The information system follows a System’s approach. The system’s approach implies a
holistic approach to the study of the system and its performance to achieve the objective for which it has
been formed.
Management oriented: For designing of MIS top-down approach should be followed. Top-down approach
suggests that the system development starts from the determination of the management needs and overall
business objectives. Management oriented characteristic of MIS also implies that the management actively
directs the system development efforts.
Need based: MIS design and development should be as per the information needs of managers at different
levels that are strategic planning level, management control level and operational control level.
Exception based: MIS should be developed on the exception based reporting principle, which means an
abnormal situation, that is, the maximum, minimum or expected values vary beyond the limits. In such cases
there should be exception reporting to the decision-maker at the required level.
Future oriented: Besides exception based reporting, MIS should also look at the future. In other words MIS
should not merely provide past or historical information; rather it should provide information on the basis of
projections based on which actions may be initiated.
Integrated: Integration is significant because of its ability to produce more meaningful information. For
example, in order to develop an effective production scheduling system, it is necessary to balance such
factors as: set-up costs, work force, overtime rates, production capacity, inventory level, capital
requirements and customer services. Integration means taking a comprehensive view of the subsystems that
operate within the company.
Common data flows: Because of the integration concept of MIS, there is an opportunity to avoid
duplication and redundancy in data gathering, storage and dissemination. System designers are aware that a
few key source documents account for much of the information flow. For example, customer’s orders are
the basis for billing the customer for the goods ordered, setting up accounts receivables, initiating
production activity, sales analysis, sales forecasting etc.
Q.2. Describe the objectives of MIS. What is the role of Management Information System?
The three main objectives of an MIS are:
To Provide Managers with Accurate Information: An MIS provides managers within an organization
with access to up-to-date and accurate information on the company's "numbers." These can be anything
from daily sales reports, stock levels or number of clicks on a webpage. Different managers require access
to different kinds of data, and an MIS can provide that specific access, allowing managers to think tangibly
of how to save money, control spending or improve efficiency and productivity.
To Connect Data to Strategy: Outlining an organization's goals and plans for the foreseeable future is an
important part of strategic planning. Most major companies and many smaller businesses use an MIS to help
manage the strategic plan. The MIS prevents the plan from simply sitting on the shelf and collecting dust. It
provides the company's leadership with a way to gather and analyze data that relate to targets. For example,
if a company wants to increase the number of new clients by 20 percent over the next three quarters, it can
use an MIS to constantly monitor progress while providing transparency about the steps employees are
taking to achieve that goal.
To Gain a Competitive Advantage: Having data available through an MIS isn't an automatic advantage to
a company. Barry Beracha, the former CEO of Sara Lee Bakery Group, says managers still need to make
decisions based on that data and properly manage the information to create a competitive advantage over
other businesses in the same market. It has to offer customers better value by lowering prices or providing
more benefits for the same cost.
Role of Management Information System
Management information system (MIS) has become Very Necessary due to Emergence of high complexity
in Business Organization. It is all to know that without information no Organization can take even one step
properly regarding the decision making process. Because it is matter of fact that in an organization decision
plays an essential role for the achievement of its objectives and we know that every decision is based upon
information. If gathered information are irrelevant than decision will also incorrect and Organization may
face big loss & lots of Difficulties in Surviving as well.
Helps in Decision making: Management Information System (MIS) plays a significant Role in Decision
making Process of any Organization. Because in Any organization decision is made on the basis of relevant
Information and relevant information can only be Retrieving from the MSI.
Helps in Coordination among the Department: Management information System is also help in
establishing a sound Relationship among the every persons of department to department through proper
exchanging of Information’s.
Helps in Finding out Problems: As we know that MIS provides relevant information about the every
aspect of activities. Hence, If any mistake is made by the management then Management Information
Systems (MIS) Information helps in Finding out the Solution of that Problem.
Helps in Comparison of Business Performance: MIS store all Past Data and information in its Database.
That why management information system is very useful to compare Business organization Performance.
With the help of Management information system (MIS) Organization can analyze his Performance means
whatever they do last year or Previous Years and whatever business performance in this year and also
measures organization Development and Growth.
Helps in making decision based on Information: When you base your decisions on data available from
management information systems, they reflect information that comes from the operations of your company.
Management information systems take data generated by the working level and organize it into useful
formats. Management information systems typically contain sales figures, expenses, investments and
workforce data. If you need to know how much profit your company has made each year for the past five
years to make a decision, management information systems can provide accurate reports giving you that
information.
Helps in Projections: Any decisions, that you make, result in changes in the projected company results and
may require modifications to your business strategy and overall goals. Management information systems
either have trend analysis built in or can provide information that lets you carry out such an analysis.
Typical business strategies include projections for all fundamental operating results. A trend analysis allows
you to show what these results would be in the current situation and how they will change once you have
implemented the decisions you have taken. The new values form the basis of your strategic approach going
forward.
Helps in Implementation of decisions: While you make your decisions with specific goals in mind and
have the documentation from management information systems and trend analysis to support your
expectations, you have to track company results to make sure they develop as planned. Management
information systems give you the data you need to determine whether your decisions have had the desired
effect, or whether you have to take corrective action to reach your goals. If specific results are not on track,
you can use management information systems to evaluate the situation and decide to take additional
measures if necessary.
Q.3. Discuss about the strategic advantage with Management Information System.
The word “strategy” originates from the Greek word strategos, meaning “general.” In war, a strategy is a plan to gain
an advantage over the enemy. Other disciplines, especially business, have borrowed the term. As you know from
media coverage, corporate executives often discuss actions in ways that make business competition sound like war.
Businesspeople must devise decisive courses of action to win—just as generals do. In business, a strategy is a plan
designed to help an organization outperform its competitors. Unlike battle plans, however, business strategy often
takes the form of creating new opportunities rather than beating rivals.
Although many information systems are built to solve problems, many others are built to seize opportunities. And, as
anyone in business can tell you, identifying a problem is easier than creating an opportunity. Because a problem
already exists; it is an obstacle to a desired mode of operation and, as such, calls attention to itself. An opportunity, on
the other hand, is less tangible. It takes a certain amount of imagination, creativity, and vision to identify an
opportunity, or to create one and seize it. Information systems that help seize opportunities are often called strategic
information systems (SISs). They can be developed from scratch, or they can evolve from an organization’s existing
ISs.
Some ISs have become strategic tools as a result of strategic planning; others have evolved into strategic tools. To
compete in the market, executives need to define strategic goals and determine whether new or improved ISs can
support these goals. Rather than waiting complacently until a problem occurs, businesses actively look for
opportunities to improve their position with information systems. An IS that helps gain strategic advantage is called a
strategic information system (SIS). To assure optimal utilization of IT for competitive advantage, executives must
participate in generating ideas and champion new, innovative uses of information systems. In recent years, many of
these ideas involved using the Internet. A company achieves strategic advantage by using strategy to maximize its
strengths, resulting in a competitive advantage.
In a free-market economy, it is difficult for a business to do well without some strategic planning. Although strategies
vary, they tend to fall into some basic categories, such as developing a new product, identifying an unmet consumer
need, changing a service to entice more customers or retain existing clients, or taking any other action that increases
the organization’s value through improved performance.
Many strategies do not, and cannot, involve information systems. But increasingly, corporations are able to implement
certain strategies—such as maximizing sales and lowering costs - thanks to the innovative use of information systems.
In other words, better information gives corporations a competitive advantage in the marketplace. A company
achieves strategic advantage by using strategy to maximize its strengths, resulting in a competitive advantage. When a
business uses a strategy with the intent to create a market for new products or services, it does not aim to compete
with other organizations, because that market does not yet exist. Therefore, a strategic move is not always a
competitive move. However, in a free-enterprise society, a market rarely remains the domain of one organization for
long; thus, competition ensues almost immediately. So, we often use the terms “competitive advantage” and “strategic
advantage” interchangeably.
Consider competitive advantage in terms of a for-profit company, whose major goal is to maximize profits by
lowering costs and increasing revenue. A for-profit company achieves competitive advantage when its profits increase
significantly, most commonly through increased market share. The figure given below lists eight basic initiatives that
can be used to gain competitive advantage, including offering a product or service that competitors cannot provide or
providing the same product or service more attractively to customers. It is important to understand that the eight listed
are the most common, but not the only, types of business strategy an organization can pursue. It is also important to
understand that strategic moves often consist of a combination of two or more of these initiatives and other steps. The
essence of strategy is innovation, so competitive advantage is often gained when an organization tries a strategy that
no one has tried before.

For example, Dell was the first PC manufacturer to use the Web to take customer orders. Competitors have long
imitated the practice, but Dell, first to gain a Web audience, gained more experience than other PC makers on this e-
commerce vehicle and still sells more computers via the Web than its competitors. Figure 2.2 indicates that a company
can use many strategies together to gain competitive advantage.
Strategic advantage is often achieved by one or a combination of the following initiatives:
Cost reduction enables a business to sell more units of its products or services while maintaining or increasing its
profit margin. Raising barriers to potential entrants to the industry lets an organization maintain a sizable market
share by developing systems that are prohibitively expensive for competitors to emulate. By establishing high
switching costs, a business can make buying from competitors unattractive to clients. Developing totally new
products and services can create an entirely new market for an organization, which can also enjoy the advantage of
being a first mover for that product and market. And if the organization cannot create new products or services, it can
still enjoy competitive advantage by differentiating its products so that customers view them as better than a
competitor’s products. Organizations also attain advantage by enhancing existing products or services. Many new
services are the fruits of alliances between companies: each contributes its own expertise to package services that
entice customers with an overall value greater than that offered by the separate services individually. Locking in
clients or suppliers, i.e., creating conditions that make dealing with competitors infeasible is a powerful strategy to
gain advantage. To maintain a strategic advantage, organizations must develop new features to keep the system on the
leading edge. But they must be mindful of the bleeding edge, the undesirable results (such as huge ongoing costs and
loss of customers) of being the first to use new technology with the hope of establishing a competitive advantage.
Early adopters find themselves on the bleeding edge when the new technology is not yet fully reliable or when
customers are uncomfortable with it.

Reduce Costs
Customers like to pay as little as possible while still receiving the quality of service or product they need. One way to
increase market share is to lower prices, and the best way to lower prices is to reduce costs. For instance, if carried out
successfully, massive automation of any business process gives an organization competitive advantage. The reason is
simple: automation makes an organization more productive, and any cost savings can be transferred to customers
through lower prices. We saw this happen in the auto industry. In the 1970s, Japanese automakers brought robots to
their production and assembly lines and reduced costs—and subsequently prices—quickly and dramatically. The
robots weld, paint, and assemble parts at a far lower cost than manual labor. Until their competitors began to employ
robots, the Japanese had a clear competitive advantage because they were able to sell high-quality cars for less than
their competitors.
Raise Barriers to Market Entrants
The smaller the number of companies competing within an industry, the better off each company is. Therefore, an
organization might gain competitive advantage by making it difficult, or impossible, for other organizations to
produce the product or service it provides. Using expertise or technology that is unavailable to competitors or
prohibitively expensive is one way to bar new entrants.
Establish High Switching Costs
Switching costs are expenses incurred when a customer stops buying a product or service from one business and starts
buying it from another. Switching costs can be explicit (such as charges the seller levies on a customer for switching)
or implicit (such as the indirect costs in time and money spent adjusting to a new product that does the same job as the
old).
Create New Products or Services
Clearly, creating a new and unique product or service that many organizations and individuals need gives an
organization a great competitive advantage. Unfortunately, the advantage lasts only until other organizations in the
industry start offering an identical or similar product or service for a comparable or lower price.
Differentiate Products or Services
A company can achieve a competitive advantage by persuading consumers that its product or service is better than its
competitors’, even if it is not. Called product differentiation, this advantage is usually achieved through advertising.
Brand-name success is a perfect example of product differentiation. Think of Levi’s Jeans, Chanel and Lucky
perfumes, and Gap clothes. The customer buys the brand-name product, perceiving it to be superior to similar
products. In fact, some products are the same, but units sold under a prestigious brand name sell for higher prices.
Enhance Products or Services
Instead of differentiating a product or service, an organization might actually add to the product or service to increase
its value to the consumer; this is called enhancing existing products or services. For example, car manufacturers might
entice customers by offering a longer warranty period for their cars, and real-estate agents might attract more business
by providing useful financing information to potential buyers.
Establish Alliances
Companies can gain competitive advantage by combining services to make them more attractive (and usually less
expensive) than purchasing services separately. These alliances provide two draws for customers: combined service is
cheaper, and one-stop shopping is more convenient. The travel industry is very aggressive in this area. For example,
airlines collaborate with hotel chains and car-rental firms to offer travel and lodging packages and with credit-card
companies that offer discount ticket purchases from particular airlines or the products of particular manufacturers.
Credit-card companies commonly offer frequent flier miles for every dollar spent. In all these cases, alliances create
competitive advantages.
Q.4. Define Business Process Re-engineering (BPR). What are its objectives and characteristics?
The globalization of the economy and the liberalization of the trade markets have formulated new conditions
in the market place which are characterized by instability and intensive competition in the business
environment. Competition is continuously increasing with respect to price, quality and selection, service and
promptness of delivery.
Removal of barriers, international cooperation, technological innovations cause competition to intensify. All
these changes impose the need for organizational transformation, where the entire processes, organization
climate and organization structure are changed. Hammer and Champy provide the following definitions:
 Reengineering is the fundamental rethinking and radical redesign of business processes to achieve
dramatic improvements in critical contemporary measures of performance such as cost, quality, service
and speed.
 Process is a structured, measured set of activities designed to produce a specified output for a particular
customer or market. It implies a strong emphasis on how work is done within an organization."
An example of a business process: Credit card approval in a bank.
An applicant submits an application. The application is reviewed first to make sure that the form has been
completed properly. If not, it is returned for completion. The complete form goes through a verification of
information. This is done by ordering a report from a credit company and calling references. Once the
information is verified, an evaluation is done. Then, a decision (yes or no) is made. If the decision is
negative, an appropriate rejection letter is composed. If the decision is positive, an account is opened, and a
card is issued and mailed to the customer. The process, which may take a few weeks due to workload and
waiting time for the verifications, is usually done by several individuals.
Objectives of BPR
When applying the BPR management technique to a business organization the implementation team effort is
focused on the following objectives:
Customer focus: Customer service oriented processes aiming to eliminate customer complaints.
Speed: Dramatic compression of the time it takes to complete a task for key business processes. For
instance, if process before BPR had an average cycle time 5 hours, after BPR the average cycle time should
be cut down to half an hour.
Compression: Cutting major tasks of cost and capital, throughout the value chain. Organizing the processes
a company develops transparency throughout the operational level reducing cost. For instance the decision
to buy a large amount of raw material at 50% discount is connected to eleven cross checking in the
organizational structure from cash flow, inventory, to production planning and marketing. These checking
become easily implemented within the cross-functional teams, optimizing the decision making and cutting
operational cost.
Flexibility: Adaptive processes and structures to changing conditions and competition. Being closer to the
customer the company can develop the awareness mechanisms to rapidly spot the weak points and adapt to
new requirements of the market.
Quality: Obsession with the superior service and value to the customers. The level of quality is always the
same controlled and monitored by the processes, and does not depend mainly on the person, who servicing
the customer.
Innovation: Leadership through imaginative change providing to organization competitive advantage.
Productivity: Improve drastically effectiveness and efficiency. In order to achieve the above mentioned
adjectives the following BPR project methodology is proposed.
Characteristics of BPR
Business processes are characterized by three elements: the inputs, (data such customer inquiries or
materials), the processing of the data or materials (which usually go through several stages and may
necessary stops that turn out to be time and money consuming), and the outcome (the delivery of the
expected result). The problematic part of the process is processing. Business process reengineering mainly
intervenes in the processing part, which is reengineered in order to become less time and money consuming.
Q.5. How can Business Process Re-engineering be applied to an organization?
“BPR is the fundamental rethinking and radical redesign of business processes to achieve dramatic improvements in
critical contemporary measures of performance, such as cost, quality, service, and speed.” Instead of starting with an
activity flowchart, corporations are advised to start with a clean slate. They are then told to look into why they
perform the tasks the way they do. A Process Engineer will look at the activities to be performed and how they can be
engineered to invest minimum resources and get maximum returns.
Information Availability: To fundamentally redesign a process, one must know the details involved. Details from
internal and external sources must be captured and provided to the relevant people in the required time duration. This
helps them to identify the bottlenecks and work around better ways of reaching the desired end.
Information Sharing: A BPR project is usually facilitated by a cross functional team. Most of the times, teams are
spread across different geographic locations. Information needs to be successfully shared amongst various people to
ensure the reengineering goes as planned and without hiccups.
Technology as the Solution: The new processes that are developed as a result of BPR initiatives deploy the latest
technology to achieve the desired end results. Usually it is e-Commerce, automation or another technology driven
solution that is implemented.
Empowering people: Empowerment means giving people the ability to do their work: the right information, the right
tools, the right training, the right environment, and the authority they need. Information systems help empower people
by providing information, tools and training.
Providing Information: Primary purpose of most information systems is providing information to help people
perform their work, although they provide information in many different ways. Some systems provide information
that is essential in informing a business process, such as the prices used to create a customer’s bill at a restaurant.
Other systems provide information that is potentially useful but can be used in a discretionary manner, such as
medical history information that different doctors might use in different ways.
Providing Tools: Empowering people means giving them the right tools in addition to providing the right
information, Consider the way planning analysts produce consolidated corporate plans based on plans of individual
divisions and departments. If the plans are submitted on paper, it is a major task to add up the numbers to determine
the projected corporate bottom line. When the plan is changed during a negotiation process, the planning analyst has
to recalculate the projected results. With the right tools, the numerical parts of the plans arrive in a consistent,
electronic format permitting consolidation by a computer. This leaves the analyst free to do the more productive work
of analyzing the quality of the plan.
Providing Training: Information systems are often used for training and learning since they are designed to provide
the information needed to support desired work practices. As shown by an expert system and a decision simulator,
they sometimes provide new and unique training methods. IBM developed an expert system for fixing computer disk
drives. The expert system was an organized collection of the best knowledge about fixing these disk drives, and it
fostered rapid and efficient training. Before the system was developed, technicians typically took between 1 and 16
months to become certified, but with the expert system, training time dropped 3 to 5 months.
Eliminating Unproductive Uses of Time: Information systems can reduce the amount of time people waste doing
unproductive work. A study of how professionals and managers at 15 leading U.S. corporations spent their time
concluded that many professionals spent less than half of their work time on activities directly related to their
functions. Better use of information systems could save much of their unproductive time performing chores such as
collecting product or pricing information, determining order status for a customer, resolving invoice discrepancies,
and reporting of time and expenses.
Eliminating Unnecessary Paper: One common way to improve data processing is to eliminate unnecessary paper.
Although paper is familiar and convenient for many purposes, it has major disadvantages. It is bulky, difficult to move
from place to place, and extremely difficult to use for analyzing large amounts of data. Storing data in computerized
form takes much less physical space and destroys fewer forests, but that is only the beginning. It makes data easier to
analyze, easier to copy or transmit, and easier to display in a flexible format. Compare paper telephone bills with
computerized bills for a large company. The paper bills identify calls but are virtually impossible to analyze for
patterns of inefficient or excessive usage.
Eliminating Unnecessary Variations in the Procedures and Systems: In many companies, separate departments
use different systems and procedures to perform similar repetitive processes, such as paying employees, purchasing
supplies, and keeping track of inventories. Although these procedures may seem adequate from a totally local
viewpoint, doing the same work in different ways is often inefficient in a global sense. Whenever the systems must
change with new technology, new regulations, or new business issues, each separate system must be analyzed
separately, often by someone starting from scratch.
Minimizing the Burden of Record Keeping, Data Handling, and General Office Work: Information system
applications is an obvious place to look for improving the way people process data, since processing data is included
in most jobs. Focus on basic data processing tasks: Reducing the burden of record keeping means being more
efficient and effective with the six components of data processing. Those components are capturing, transmitting,
storing, retrieving, manipulating, and displaying data. Capture data automatically when generated: Capturing data
automatically at the time of data generation is especially important in minimizing the burden of record keeping.
In depth, BPR assumes that the current processes in a business are inapplicable and suggest completely new processes
to be implemented by starting over. Such a perspective enables the designers of business processes to disassociate
themselves from today's process, and focus on a new process.